Mercurial > prosody-modules
view mod_audit_auth/mod_audit_auth.lua @ 6167:886c985ece61
mod_lastlog2: Skip initializing internal API (and storage) in prosodyctl
Initializing storage in the global context under prosodyctl causes the
module.command to fail to execute because the storage module has already
been loaded.
Introduced in 7b722955c59b
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 08 Feb 2025 14:12:18 +0100 |
| parents | cc30c4b5f006 |
| children |
line wrap: on
line source
local cache = require "util.cache"; local jid = require "util.jid"; local st = require "util.stanza"; module:depends("audit"); -- luacheck: read globals module.audit local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true); local cache_size = module:get_option_number("audit_auth_cache_size", 128); local repeat_failure_timeout = module:get_option_number("audit_auth_repeat_failure_timeout"); local repeat_success_timeout = module:get_option_number("audit_auth_repeat_success_timeout"); local failure_cache = cache.new(cache_size); module:hook("authentication-failure", function(event) local session = event.session; local username = session.sasl_handler.username; if repeat_failure_timeout then local cache_key = ("%s\0%s"):format(username, session.ip); local last_failure = failure_cache:get(cache_key); local now = os.time(); if last_failure and (now - last_failure) > repeat_failure_timeout then return; end failure_cache:set(cache_key, now); end module:audit(jid.join(username, module.host), "authentication-failure", { session = session; }); end) local success_cache = cache.new(cache_size); module:hook("authentication-success", function(event) local session = event.session; if only_passwords and session.sasl_handler.fast then return; end local username = session.sasl_handler.username; if repeat_success_timeout then local cache_key = ("%s\0%s"):format(username, session.ip); local last_success = success_cache:get(cache_key); local now = os.time(); if last_success and (now - last_success) > repeat_success_timeout then return; end success_cache:set(cache_key, now); end module:audit(jid.join(username, module.host), "authentication-success", { session = session; }); end) module:hook("client_management/new-client", function (event) local session, client = event.session, event.client; local client_info = st.stanza("client", { id = client.id }); if client.user_agent then local user_agent = st.stanza("user-agent", { xmlns = "urn:xmpp:sasl:2" }) if client.user_agent.software then user_agent:text_tag("software", client.user_agent.software, { id = client.user_agent.software_id; version = client.user_agent.software_version }); end if client.user_agent.device then user_agent:text_tag("device", client.user_agent.device); end if client.user_agent.uri then user_agent:text_tag("uri", client.user_agent.uri); end client_info:add_child(user_agent); end if client.legacy then client_info:text_tag("legacy"); end module:audit(jid.join(session.username, module.host), "new-client", { session = session; custom = { }; }); end);
