diff options
author | Kim Alvefur <zash@zash.se> | 2020-07-25 12:09:19 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2020-07-25 12:09:19 +0200 |
commit | 5c4fb96e17c1d0ab96f565344799b0fb85a5e35b (patch) | |
tree | 2116e67d815879b7cb744bce43242fe2227dc295 /plugins/mod_external_services.lua | |
parent | dfe8d1428412e32ab7f275adc1a6f458952e8596 (diff) | |
download | prosody-5c4fb96e17c1d0ab96f565344799b0fb85a5e35b.tar.gz prosody-5c4fb96e17c1d0ab96f565344799b0fb85a5e35b.zip |
mod_external_services: Prepare to allow more credential algorithms
Not sure what algorithms might fit here. Separation makes some sense.
This is also a preparation for having a callback. (See next commit)
Diffstat (limited to 'plugins/mod_external_services.lua')
-rw-r--r-- | plugins/mod_external_services.lua | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua index c4762e65..e1c72387 100644 --- a/plugins/mod_external_services.lua +++ b/plugins/mod_external_services.lua @@ -14,6 +14,27 @@ local configured_services = module:get_option_array("external_services", {}); local access = module:get_option_set("external_service_access", {}); +-- https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 +local function behave_turn_rest_credentials(srv, item, secret) + local ttl = default_ttl; + if type(item.ttl) == "number" then + ttl = item.ttl; + end + local expires = srv.expires or os.time() + ttl; + local username; + if type(item.username) == "string" then + username = string.format("%d:%s", expires, item.username); + else + username = string.format("%d", expires); + end + srv.username = username; + srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); +end + +local algorithms = { + turn = behave_turn_rest_credentials; +} + -- filter config into well-defined service records local function prepare(item) if type(item) ~= "table" then @@ -63,24 +84,15 @@ local function prepare(item) srv.expires = os.time() + item.ttl; end if (item.secret == true and default_secret) or type(item.secret) == "string" then - local ttl = default_ttl; - if type(item.ttl) == "number" then - ttl = item.ttl; - end - local expires = os.time() + ttl; + local secret_cb = algorithms[item.algorithm] or algorithms[srv.type]; local secret = item.secret; if secret == true then secret = default_secret; end - local username; - if type(item.username) == "string" then - username = string.format("%d:%s", expires, item.username); - else - username = string.format("%d", expires); + if secret_cb then + secret_cb(srv, item, secret); + srv.restricted = true; end - srv.username = username; - srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); - srv.restricted = true; end return srv; end |