Software / code / prosody
Changeset
10669:bf81523e2ff4
mod_authtokens: Rename to mod_tokenauth for consistency with mod_saslauth
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 26 Feb 2020 22:46:15 +0000 |
| parents | 10668:25c84c0a66fd |
| children | 10671:5e1384298e97 |
| files | plugins/mod_authtokens.lua plugins/mod_tokenauth.lua |
| diffstat | 2 files changed, 81 insertions(+), 81 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_authtokens.lua Wed Feb 26 17:56:23 2020 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,81 +0,0 @@ -local id = require "util.id"; -local jid = require "util.jid"; -local base64 = require "util.encodings".base64; - -local token_store = module:open_store("auth_tokens", "map"); - -function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) - token_jid = jid.prep(token_jid); - if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then - return nil, "not-authorized"; - end - - local token_username, token_host, token_resource = jid.split(token_jid); - - if token_host ~= module.host then - return nil, "invalid-host"; - end - - local token_info = { - owner = actor_jid; - expires = token_ttl and (os.time() + token_ttl) or nil; - jid = token_jid; - session = { - username = token_username; - host = token_host; - resource = token_resource; - - auth_scope = token_scope; - }; - }; - - local token_id = id.long(); - local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); - token_store:set(token_username, token_id, token_info); - - return token, token_info; -end - -local function parse_token(encoded_token) - local token = base64.decode(encoded_token); - if not token then return nil; end - local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); - if not token_jid then return nil; end - local token_user, token_host = jid.split(token_jid); - return token_id, token_user, token_host; -end - -function get_token_info(token) - local token_id, token_user, token_host = parse_token(token); - if not token_id then - return nil, "invalid-token-format"; - end - if token_host ~= module.host then - return nil, "invalid-host"; - end - - local token_info, err = token_store:get(token_user, token_id); - if not token_info then - if err then - return nil, "internal-error"; - end - return nil, "not-authorized"; - end - - if token_info.expires and token_info.expires < os.time() then - return nil, "not-authorized"; - end - - return token_info -end - -function revoke_token(token) - local token_id, token_user, token_host = parse_token(token); - if not token_id then - return nil, "invalid-token-format"; - end - if token_host ~= module.host then - return nil, "invalid-host"; - end - return token_store:set(token_user, token_id, nil); -end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/mod_tokenauth.lua Wed Feb 26 22:46:15 2020 +0000 @@ -0,0 +1,81 @@ +local id = require "util.id"; +local jid = require "util.jid"; +local base64 = require "util.encodings".base64; + +local token_store = module:open_store("auth_tokens", "map"); + +function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) + token_jid = jid.prep(token_jid); + if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then + return nil, "not-authorized"; + end + + local token_username, token_host, token_resource = jid.split(token_jid); + + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info = { + owner = actor_jid; + expires = token_ttl and (os.time() + token_ttl) or nil; + jid = token_jid; + session = { + username = token_username; + host = token_host; + resource = token_resource; + + auth_scope = token_scope; + }; + }; + + local token_id = id.long(); + local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); + token_store:set(token_username, token_id, token_info); + + return token, token_info; +end + +local function parse_token(encoded_token) + local token = base64.decode(encoded_token); + if not token then return nil; end + local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); + if not token_jid then return nil; end + local token_user, token_host = jid.split(token_jid); + return token_id, token_user, token_host; +end + +function get_token_info(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info, err = token_store:get(token_user, token_id); + if not token_info then + if err then + return nil, "internal-error"; + end + return nil, "not-authorized"; + end + + if token_info.expires and token_info.expires < os.time() then + return nil, "not-authorized"; + end + + return token_info +end + +function revoke_token(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + return token_store:set(token_user, token_id, nil); +end
