apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
IMPORTANT: due to a drive failure, as of 13-Mar-2021, the Mercurial repository had to be re-mirrored, which changed every commit SHA. The old SHAs and trees are backed up in the vault branches. Please migrate to the new branches as soon as you can.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11204 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: 020cd46f03
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '020cd46f03'
${ noResults }
prosody/plugins/mod_tokenauth.lua

83 lines
2.1 KiB
Raw Normal View History Unescape

mod_authtokens: New module for managing auth tokens
6 years ago
local id = require "util.id";
local jid = require "util.jid";
local base64 = require "util.encodings".base64;
local token_store = module:open_store("auth_tokens", "map");
function create_jid_token(actor_jid, token_jid, token_scope, token_ttl)
token_jid = jid.prep(token_jid);
if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then
return nil, "not-authorized";
end
local token_username, token_host, token_resource = jid.split(token_jid);
if token_host ~= module.host then
return nil, "invalid-host";
end
local token_info = {
owner = actor_jid;
mod_tokenauth: Track creation time of tokens
6 years ago
created = os.time();
mod_authtokens: New module for managing auth tokens
6 years ago
expires = token_ttl and (os.time() + token_ttl) or nil;
jid = token_jid;
session = {
username = token_username;
host = token_host;
resource = token_resource;
auth_scope = token_scope;
};
};
local token_id = id.long();
mod_tokenauth: Handle tokens issued to bare hosts (eg components)
6 years ago
local token = base64.encode("1;"..jid.join(token_username, token_host)..";"..token_id);
mod_authtokens: New module for managing auth tokens
6 years ago
token_store:set(token_username, token_id, token_info);
return token, token_info;
end
local function parse_token(encoded_token)
local token = base64.decode(encoded_token);
if not token then return nil; end
local token_jid, token_id = token:match("^1;([^;]+);(.+)$");
if not token_jid then return nil; end
local token_user, token_host = jid.split(token_jid);
return token_id, token_user, token_host;
end
function get_token_info(token)
local token_id, token_user, token_host = parse_token(token);
if not token_id then
return nil, "invalid-token-format";
end
if token_host ~= module.host then
return nil, "invalid-host";
end
local token_info, err = token_store:get(token_user, token_id);
if not token_info then
if err then
return nil, "internal-error";
end
return nil, "not-authorized";
end
if token_info.expires and token_info.expires < os.time() then
return nil, "not-authorized";
end
return token_info
end
function revoke_token(token)
local token_id, token_user, token_host = parse_token(token);
if not token_id then
return nil, "invalid-token-format";
end
if token_host ~= module.host then
return nil, "invalid-host";
end
return token_store:set(token_user, token_id, nil);
end