# HG changeset patch # User Matthew Wild # Date 1679662787 0 # Node ID 6ebad8e16b3bec6e99d4d20ef2c12f8c7589d025 # Parent fbbf4f0db8f02cfb7b12a1b3f0506a31ad3a50df mod_tokenauth: Track last access time (last time a token was used) diff -r fbbf4f0db8f0 -r 6ebad8e16b3b plugins/mod_tokenauth.lua --- a/plugins/mod_tokenauth.lua Thu Mar 23 13:36:52 2023 +0100 +++ b/plugins/mod_tokenauth.lua Fri Mar 24 12:59:47 2023 +0000 @@ -8,6 +8,8 @@ local token_store = module:open_store("auth_tokens", "map"); +local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); + local function select_role(username, host, role) if role then return prosody.hosts[host].authz.get_role_by_name(role); @@ -33,12 +35,15 @@ local token_id = id.short(); + local now = os.time(); + local token_info = { id = token_id; owner = actor_jid; - created = os.time(); - expires = token_ttl and (os.time() + token_ttl) or nil; + created = now; + expires = token_ttl and (now + token_ttl) or nil; + accessed = now; jid = token_jid; purpose = token_purpose; @@ -92,7 +97,8 @@ local token_info = token.token_info; - if token_info.expires and token_info.expires < os.time() then + local now = os.time(); + if token_info.expires and token_info.expires < now then token_store:set(token_user, token_id, nil); return nil, "not-authorized"; end @@ -104,6 +110,12 @@ return nil, "not-authorized"; end + local last_accessed = token_info.accessed; + if not last_accessed or (now - last_accessed) > access_time_granularity then + token_info.accessed = now; + token_store:set(token_user, token_id, token_info); + end + return token_info end