prosody
c0eea4f6c739
util/watchdog.lua
Software / code / prosody
File
util/watchdog.lua @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 15 Aug 2022 15:25:07 +0100 |
| parent | 12547:e79c64b2dfed |
| child | 12975:d10957394a3c |
line wrap: on
line source
local timer = require "util.timer"; local setmetatable = setmetatable; local _ENV = nil; -- luacheck: std none local watchdog_methods = {}; local watchdog_mt = { __index = watchdog_methods }; local function new(timeout, callback) local watchdog = setmetatable({ timeout = timeout; callback = callback; timer_id = nil; }, watchdog_mt); watchdog:reset(); -- Kick things off return watchdog; end function watchdog_methods:reset(new_timeout) if new_timeout then self.timeout = new_timeout; end if self.timer_id then timer.reschedule(self.timer_id, self.timeout+1); else self.timer_id = timer.add_task(self.timeout+1, function () return self:callback(); end); end end function watchdog_methods:cancel() if self.timer_id then timer.stop(self.timer_id); self.timer_id = nil; end end return { new = new; };
