Mercurial > prosody-modules
view mod_audit_auth/mod_audit_auth.lua @ 6411:b00638d74f46
mod_unified_push: Allow additional CORS headers for unified push (fixes #1985)
- Request header "TTL" is mandated by the HTTP Push specification
RFC 8030: https://datatracker.ietf.org/doc/html/rfc8030#section-5
- Firefox sends "Content-Encoding" with a HTTP form submission,
so it is required when using the Unified Push testing tool
at https://unifiedpush.org/test_wp.html
(with the full URL being delivered by the UP-Example Android app)
Adding both headers makes the Unified Push testing tool work from
the browser.
Resolves: https://issues.prosody.im/1985
| author | Christian Weiske <cweiske@cweiske.de> |
|---|---|
| date | Sat, 21 Feb 2026 19:13:08 +0100 |
| parents | cc30c4b5f006 |
| children |
line wrap: on
line source
local cache = require "util.cache"; local jid = require "util.jid"; local st = require "util.stanza"; module:depends("audit"); -- luacheck: read globals module.audit local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true); local cache_size = module:get_option_number("audit_auth_cache_size", 128); local repeat_failure_timeout = module:get_option_number("audit_auth_repeat_failure_timeout"); local repeat_success_timeout = module:get_option_number("audit_auth_repeat_success_timeout"); local failure_cache = cache.new(cache_size); module:hook("authentication-failure", function(event) local session = event.session; local username = session.sasl_handler.username; if repeat_failure_timeout then local cache_key = ("%s\0%s"):format(username, session.ip); local last_failure = failure_cache:get(cache_key); local now = os.time(); if last_failure and (now - last_failure) > repeat_failure_timeout then return; end failure_cache:set(cache_key, now); end module:audit(jid.join(username, module.host), "authentication-failure", { session = session; }); end) local success_cache = cache.new(cache_size); module:hook("authentication-success", function(event) local session = event.session; if only_passwords and session.sasl_handler.fast then return; end local username = session.sasl_handler.username; if repeat_success_timeout then local cache_key = ("%s\0%s"):format(username, session.ip); local last_success = success_cache:get(cache_key); local now = os.time(); if last_success and (now - last_success) > repeat_success_timeout then return; end success_cache:set(cache_key, now); end module:audit(jid.join(username, module.host), "authentication-success", { session = session; }); end) module:hook("client_management/new-client", function (event) local session, client = event.session, event.client; local client_info = st.stanza("client", { id = client.id }); if client.user_agent then local user_agent = st.stanza("user-agent", { xmlns = "urn:xmpp:sasl:2" }) if client.user_agent.software then user_agent:text_tag("software", client.user_agent.software, { id = client.user_agent.software_id; version = client.user_agent.software_version }); end if client.user_agent.device then user_agent:text_tag("device", client.user_agent.device); end if client.user_agent.uri then user_agent:text_tag("uri", client.user_agent.uri); end client_info:add_child(user_agent); end if client.legacy then client_info:text_tag("legacy"); end module:audit(jid.join(session.username, module.host), "new-client", { session = session; custom = { }; }); end);
