Mercurial > prosody-hg
comparison plugins/mod_tokenauth.lua @ 12980:6ebad8e16b3b
mod_tokenauth: Track last access time (last time a token was used)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 24 Mar 2023 12:59:47 +0000 |
| parents | 74b9e05af71e |
| children | e8716515405e |
comparison
equal
deleted
inserted
replaced
| 12979:fbbf4f0db8f0 | 12980:6ebad8e16b3b |
|---|---|
| 5 local random = require "prosody.util.random"; | 5 local random = require "prosody.util.random"; |
| 6 local usermanager = require "prosody.core.usermanager"; | 6 local usermanager = require "prosody.core.usermanager"; |
| 7 local generate_identifier = require "prosody.util.id".short; | 7 local generate_identifier = require "prosody.util.id".short; |
| 8 | 8 |
| 9 local token_store = module:open_store("auth_tokens", "map"); | 9 local token_store = module:open_store("auth_tokens", "map"); |
| 10 | |
| 11 local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); | |
| 10 | 12 |
| 11 local function select_role(username, host, role) | 13 local function select_role(username, host, role) |
| 12 if role then | 14 if role then |
| 13 return prosody.hosts[host].authz.get_role_by_name(role); | 15 return prosody.hosts[host].authz.get_role_by_name(role); |
| 14 end | 16 end |
| 31 return nil, "bad-request"; | 33 return nil, "bad-request"; |
| 32 end | 34 end |
| 33 | 35 |
| 34 local token_id = id.short(); | 36 local token_id = id.short(); |
| 35 | 37 |
| 38 local now = os.time(); | |
| 39 | |
| 36 local token_info = { | 40 local token_info = { |
| 37 id = token_id; | 41 id = token_id; |
| 38 | 42 |
| 39 owner = actor_jid; | 43 owner = actor_jid; |
| 40 created = os.time(); | 44 created = now; |
| 41 expires = token_ttl and (os.time() + token_ttl) or nil; | 45 expires = token_ttl and (now + token_ttl) or nil; |
| 46 accessed = now; | |
| 42 jid = token_jid; | 47 jid = token_jid; |
| 43 purpose = token_purpose; | 48 purpose = token_purpose; |
| 44 | 49 |
| 45 resource = token_resource; | 50 resource = token_resource; |
| 46 role = token_role; | 51 role = token_role; |
| 90 return nil, "not-authorized"; | 95 return nil, "not-authorized"; |
| 91 end | 96 end |
| 92 | 97 |
| 93 local token_info = token.token_info; | 98 local token_info = token.token_info; |
| 94 | 99 |
| 95 if token_info.expires and token_info.expires < os.time() then | 100 local now = os.time(); |
| 101 if token_info.expires and token_info.expires < now then | |
| 96 token_store:set(token_user, token_id, nil); | 102 token_store:set(token_user, token_id, nil); |
| 97 return nil, "not-authorized"; | 103 return nil, "not-authorized"; |
| 98 end | 104 end |
| 99 | 105 |
| 100 local account_info = usermanager.get_account_info(token_user, module.host); | 106 local account_info = usermanager.get_account_info(token_user, module.host); |
| 101 local password_updated_at = account_info and account_info.password_updated; | 107 local password_updated_at = account_info and account_info.password_updated; |
| 102 if password_updated_at and password_updated_at > token_info.created then | 108 if password_updated_at and password_updated_at > token_info.created then |
| 103 token_store:set(token_user, token_id, nil); | 109 token_store:set(token_user, token_id, nil); |
| 104 return nil, "not-authorized"; | 110 return nil, "not-authorized"; |
| 111 end | |
| 112 | |
| 113 local last_accessed = token_info.accessed; | |
| 114 if not last_accessed or (now - last_accessed) > access_time_granularity then | |
| 115 token_info.accessed = now; | |
| 116 token_store:set(token_user, token_id, token_info); | |
| 105 end | 117 end |
| 106 | 118 |
| 107 return token_info | 119 return token_info |
| 108 end | 120 end |
| 109 | 121 |
