view mod_register_dnsbl_warn/mod_register_dnsbl_warn.lua @ 5448:9d542e86e19a

mod_http_oauth2: Allow requesting a subset of scopes on token refresh This enables clients to request access tokens with fewer permissions than the grant they were given, reducing impact of token leak. Clients could e.g. request access tokens with some privileges and immediately revoke them after use, or other strategies.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 21:40:09 +0200
parents 76036fa34055
children
line wrap: on
line source

local adns = require "net.adns";
local rbl = module:get_option_string("registration_rbl");

local function reverse(ip, suffix)
	if ip:sub(1,7):lower() == "::ffff:" then
		ip = ip:sub(8);
	end
	local a,b,c,d = ip:match("^(%d+).(%d+).(%d+).(%d+)$");
	if not a then return end
	return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix);
end

-- TODO async
-- module:hook("user-registering", function (event) end);

module:hook("user-registered", function (event)
	local session = event.session;
	local ip = session and session.ip;
	local rbl_ip = ip and reverse(ip, rbl);
	if rbl_ip then
		local log = session.log;
		adns.lookup(function (reply)
			if reply and reply[1] then
				log("warn", "Account %s@%s registered from IP %s found in RBL (%s)", event.username, event.host or module.host, ip, reply[1].a);
			end
		end, rbl_ip);
	end
end);