prosody
7c57fb2ffbb0
util/id.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

util/id.lua @ 13765:7c57fb2ffbb0 13.0

mod_websocket: Merge session close handling changes from mod_c2s (bug fixes) This should bring some fixes and general robustness that mod_websocket had missed out on. The duplicated code here is not at all ideal. To prevent this happening again, we should figure out how to have the common logic in a single place, while still being able to do the websocket-specific parts that we need. The main known bug that this fixes is that it's possible for a session to get into a non-destroyable state. For example, if we try to session:close() a hibernating session, then session.conn is nil and the function will simply return without doing anything. In the mod_c2s code we already handle this, and just destroy the session. But if a hibernating websocket session is never resumed or becomes non-resumable, it will become immortal! By merging the fix from mod_c2s, the session should now be correctly destroyed.
author Matthew Wild <mwild1@gmail.com>
date Tue, 11 Mar 2025 18:44:40 +0000
parent 12975:d10957394a3c
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2017 Matthew Wild
-- Copyright (C) 2008-2017 Waqas Hussain
-- Copyright (C) 2008-2017 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--

local s_gsub = string.gsub;
local random_bytes = require "prosody.util.random".bytes;
local base64_encode = require "prosody.util.encodings".base64.encode;

local b64url = { ["+"] = "-", ["/"] = "_", ["="] = "" };
local function b64url_random(len)
	return (s_gsub(base64_encode(random_bytes(len)), "[+/=]", b64url));
end

return {
	-- sizes divisible by 3 fit nicely into base64 without padding==

	-- for short lived things with low risk of collisions
	tiny = function() return b64url_random(3); end;

	-- close to 8 bytes, should be good enough for relatively short lived or uses
	-- scoped by host or users, half the size of an uuid
	short = function() return b64url_random(9); end;

	-- more entropy than uuid at 2/3 the size
	-- should be okay for globally scoped ids or security token
	medium = function() return b64url_random(18); end;

	-- as long as an uuid but MOAR entropy
	long = function() return b64url_random(27); end;

	-- pick your own adventure
	custom = function (size)
		return function () return b64url_random(size); end;
	end;
}