Mercurial > prosody-modules
view mod_limit_auth/mod_limit_auth.lua @ 4515:2e33eeafe962
mod_muc_markers: Prevent any markers from reaching the archive, even if untracked
Original intention was to leave alone things that this module isn't
handling. However markers in archives are just problematic without
more advanced logic about what is markable and what is not. It also
requires a more advanced query in mod_muc_rai to determine the latest
markable message instead of the latest archived message.
I'd rather keep the "is archivable" and "is markable" definition the
same for simplicity. I don't want to introduce yet another set of rules
for no reason.
No markers in MAM.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 22 Mar 2021 15:55:02 +0000 |
| parents | 2a5a44d5b935 |
| children |
line wrap: on
line source
-- mod_limit_auth local st = require"util.stanza"; local new_throttle = require "util.throttle".create; local period = math.max(module:get_option_number(module.name.."_period", 30), 0); local max = math.max(module:get_option_number(module.name.."_max", 5), 1); local tarpit_delay = module:get_option_number(module.name.."_tarpit_delay", nil); if tarpit_delay then local waiter = require "util.async".waiter; local delay = tarpit_delay; function tarpit_delay() local wait, done = waiter(); module:add_timer(delay, done); wait(); end else function tarpit_delay() end end local throttles = module:shared"throttles"; local reply = st.stanza("failure", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):tag("temporary-auth-failure"); local function get_throttle(ip) local throttle = throttles[ip]; if not throttle then throttle = new_throttle(max, period); throttles[ip] = throttle; end return throttle; end module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event) local origin = event.origin; if origin.type ~= "c2s_unauthed" then return end if not get_throttle(origin.ip):peek(1) then origin.log("warn", "Too many authentication attepmts for ip %s", origin.ip); tarpit_delay(); origin.send(reply); return true; end end, 10); module:hook("authentication-failure", function (event) get_throttle(event.session.ip):poll(1); end); module:add_timer(14400, function (now) local old = now - 86400; for ip, throttle in pairs(throttles) do if throttle.t < old then throttles[ip] = nil; end end end);
