Mercurial > prosody-modules
view misc/systemd/socket-activation.lua @ 5390:f2363e6d9a64
mod_http_oauth2: Advertise the currently supported id_token signing algorithm
This field is REQUIRED. The algorithm RS256 MUST be included, but isn't
because we don't implement it, as that would require implementing a pile
of additional cryptography and JWT stuff. Instead the id_token is
signed using the client secret, which allows verification by the client,
since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under
Symmetric Signatures.
OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that
are not supported here, but that's okay because this is served from the
RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 30 Apr 2023 16:13:40 +0200 |
| parents | 3296a09b4e57 |
| children |
line wrap: on
line source
-- Monkeypatch to support socket activation -- -- Requires LuaSocket after "agnostic" changes merged -- -- To enable: -- RunScript "socket-activation.lua" local socket = require"socket"; local tcp_serv_mt = debug.getregistry()["tcp{server}"]; local socket_bind = socket.bind; local SD_LISTEN_FDS_START = 3; local fds = tonumber(os.getenv"LISTEN_FDS") or 0; if fds < SD_LISTEN_FDS_START then return; end local servs = {}; for i = 1, fds do local serv = socket.tcp(); if serv:getfd() >= 0 then return; -- This won't work, we will leak the old FD end debug.setmetatable(serv, tcp_serv_mt); serv:setfd(SD_LISTEN_FDS_START + i - 1); local ip, port = serv:getsockname(); servs [ ip .. ":" .. port ] = serv; end function socket.bind( ip, port, backlog ) local sock = servs [ ip .. ":" .. port ]; if sock then servs [ ip .. ":" .. port ] = nil; return sock; end if next(servs) == nil then -- my work here is done socket.bind = socket_bind; end return socket_bind( ip, port, backlog ); end
