Software /
code /
prosody
Diff
plugins/mod_tokenauth.lua @ 12980:6ebad8e16b3b
mod_tokenauth: Track last access time (last time a token was used)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 24 Mar 2023 12:59:47 +0000 |
parent | 12977:74b9e05af71e |
child | 12996:e8716515405e |
line wrap: on
line diff
--- a/plugins/mod_tokenauth.lua Thu Mar 23 13:36:52 2023 +0100 +++ b/plugins/mod_tokenauth.lua Fri Mar 24 12:59:47 2023 +0000 @@ -8,6 +8,8 @@ local token_store = module:open_store("auth_tokens", "map"); +local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); + local function select_role(username, host, role) if role then return prosody.hosts[host].authz.get_role_by_name(role); @@ -33,12 +35,15 @@ local token_id = id.short(); + local now = os.time(); + local token_info = { id = token_id; owner = actor_jid; - created = os.time(); - expires = token_ttl and (os.time() + token_ttl) or nil; + created = now; + expires = token_ttl and (now + token_ttl) or nil; + accessed = now; jid = token_jid; purpose = token_purpose; @@ -92,7 +97,8 @@ local token_info = token.token_info; - if token_info.expires and token_info.expires < os.time() then + local now = os.time(); + if token_info.expires and token_info.expires < now then token_store:set(token_user, token_id, nil); return nil, "not-authorized"; end @@ -104,6 +110,12 @@ return nil, "not-authorized"; end + local last_accessed = token_info.accessed; + if not last_accessed or (now - last_accessed) > access_time_granularity then + token_info.accessed = now; + token_store:set(token_user, token_id, token_info); + end + return token_info end