Mercurial > prosody-modules
comparison mod_register_json/mod_register_json.lua @ 723:c26652d055b5
mod_register_json: moved throttling logic so that if there's a failure during nick registration the user can retry and referenced usermanager from prosody's _G instead of req. it.
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Mon, 25 Jun 2012 22:20:27 +0000 |
| parents | 9080b0898b6f |
| children | 836e4e110c71 |
comparison
equal
deleted
inserted
replaced
| 722:5c7175be532b | 723:c26652d055b5 |
|---|---|
| 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur | 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur |
| 5 -- aka Zash. | 5 -- aka Zash. |
| 6 | 6 |
| 7 local jid_prep = require "util.jid".prep | 7 local jid_prep = require "util.jid".prep |
| 8 local jid_split = require "util.jid".split | 8 local jid_split = require "util.jid".split |
| 9 local usermanager = require "core.usermanager" | 9 local usermanager = usermanager |
| 10 local b64_decode = require "util.encodings".base64.decode | 10 local b64_decode = require "util.encodings".base64.decode |
| 11 local json_decode = require "util.json".decode | 11 local json_decode = require "util.json".decode |
| 12 local os_time = os.time | 12 local os_time = os.time |
| 13 local nodeprep = require "util.encodings".stringprep.nodeprep | 13 local nodeprep = require "util.encodings".stringprep.nodeprep |
| 14 | 14 |
| 76 -- Check if user is an admin of said host | 76 -- Check if user is an admin of said host |
| 77 if not usermanager.is_admin(user, req_body["host"]) then | 77 if not usermanager.is_admin(user, req_body["host"]) then |
| 78 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) | 78 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) |
| 79 return http_response(event, 401, "I obey only to my masters... Have a nice day.") | 79 return http_response(event, 401, "I obey only to my masters... Have a nice day.") |
| 80 else | 80 else |
| 81 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) | 81 -- Blacklist can be checked here. |
| 82 if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end | 82 if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end |
| 83 if throttle_time and not whitelist:contains(req_body["ip"]) then | |
| 84 if not recent_ips[req_body["ip"]] then | |
| 85 recent_ips[req_body["ip"]] = os_time() | |
| 86 else | |
| 87 if os_time() - recent_ips[req_body["ip"]] < throttle_time then | |
| 88 recent_ips[req_body["ip"]] = os_time() | |
| 89 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) | |
| 90 return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") | |
| 91 end | |
| 92 recent_ips[req_body["ip"]] = os_time() | |
| 93 end | |
| 94 end | |
| 95 | 83 |
| 96 -- We first check if the supplied username for registration is already there. | 84 -- We first check if the supplied username for registration is already there. |
| 97 -- And nodeprep the username | 85 -- And nodeprep the username |
| 98 local username = nodeprep(req_body["username"]) | 86 local username = nodeprep(req_body["username"]) |
| 99 if not username then | 87 if not username then |
| 100 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) | 88 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) |
| 101 return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.") | 89 return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.") |
| 102 else | 90 else |
| 103 if not usermanager.user_exists(username, req_body["host"]) then | 91 if not usermanager.user_exists(username, req_body["host"]) then |
| 92 -- if username fails to register successive requests shouldn't be throttled until one is successful. | |
| 93 if throttle_time and not whitelist:contains(req_body["ip"]) then | |
| 94 if not recent_ips[req_body["ip"]] then | |
| 95 recent_ips[req_body["ip"]] = os_time() | |
| 96 else | |
| 97 if os_time() - recent_ips[req_body["ip"]] < throttle_time then | |
| 98 recent_ips[req_body["ip"]] = os_time() | |
| 99 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) | |
| 100 return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") | |
| 101 end | |
| 102 recent_ips[req_body["ip"]] = os_time() | |
| 103 end | |
| 104 end | |
| 105 | |
| 104 local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"]) | 106 local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"]) |
| 105 if ok then | 107 if ok then |
| 106 hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } }) | 108 hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } }) |
| 107 module:log("debug", "%s registration data submission for %s@%s is successful", user, username, req_body["host"]) | 109 module:log("debug", "%s registration data submission for %s@%s is successful", user, username, req_body["host"]) |
| 108 return http_response(event, 200, "Done.") | 110 return http_response(event, 200, "Done.") |
