Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5751:d563a6b0dfb7
mod_http_oauth2: Comment on authorization code storage
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Dec 2023 21:35:25 +0100 |
| parents | 426c42c11f89 |
| children | c27eaa7117d6 |
comparison
equal
deleted
inserted
replaced
| 5750:c89077b4f46e | 5751:d563a6b0dfb7 |
|---|---|
| 213 | 213 |
| 214 local function code_expired(code) --> boolean, true: has expired, false: still valid | 214 local function code_expired(code) --> boolean, true: has expired, false: still valid |
| 215 return code_expires_in(code) < 0; | 215 return code_expires_in(code) < 0; |
| 216 end | 216 end |
| 217 | 217 |
| 218 -- LRU cache for short-term storage of authorization codes and device codes | |
| 218 local codes = cache.new(10000, function (_, code) | 219 local codes = cache.new(10000, function (_, code) |
| 220 -- If the cache is full and the oldest item hasn't expired yet then we | |
| 221 -- might be under some kind of DoS attack, so might as well reject further | |
| 222 -- entries for a bit. | |
| 219 return code_expired(code) | 223 return code_expired(code) |
| 220 end); | 224 end); |
| 221 | 225 |
| 222 -- Clear out unredeemed codes so they don't linger in memory. | 226 -- Clear out unredeemed codes so they don't linger in memory. |
| 223 module:daily("Clear expired authorization codes", function() | 227 module:daily("Clear expired authorization codes", function() |
| 228 -- The tail should be the least recently touched item, and most likely to | |
| 229 -- have expired already, so check and remove that one until encountering | |
| 230 -- one that has not expired. | |
| 224 local k, code = codes:tail(); | 231 local k, code = codes:tail(); |
| 225 while code and code_expired(code) do | 232 while code and code_expired(code) do |
| 226 codes:set(k, nil); | 233 codes:set(k, nil); |
| 227 k, code = codes:tail(); | 234 k, code = codes:tail(); |
| 228 end | 235 end |
