diff options
author | Kim Alvefur <zash@zash.se> | 2020-11-05 22:31:25 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2020-11-05 22:31:25 +0100 |
commit | 238b2bfc1cdb65ae7d051c2f29c1427149317795 (patch) | |
tree | 58547de6e7795740633c1b93e67c217eb621fe8f /plugins/mod_tokenauth.lua | |
parent | ce3e3808f5359f481f3ea063220ba71428b26ad5 (diff) | |
parent | 48521ba1538f797f5bef64f5fe5f3a9fb6e68f7f (diff) | |
download | prosody-238b2bfc1cdb65ae7d051c2f29c1427149317795.tar.gz prosody-238b2bfc1cdb65ae7d051c2f29c1427149317795.zip |
Merge 0.11->trunk
Diffstat (limited to 'plugins/mod_tokenauth.lua')
-rw-r--r-- | plugins/mod_tokenauth.lua | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua new file mode 100644 index 00000000..c04a1aa4 --- /dev/null +++ b/plugins/mod_tokenauth.lua @@ -0,0 +1,82 @@ +local id = require "util.id"; +local jid = require "util.jid"; +local base64 = require "util.encodings".base64; + +local token_store = module:open_store("auth_tokens", "map"); + +function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) + token_jid = jid.prep(token_jid); + if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then + return nil, "not-authorized"; + end + + local token_username, token_host, token_resource = jid.split(token_jid); + + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info = { + owner = actor_jid; + created = os.time(); + expires = token_ttl and (os.time() + token_ttl) or nil; + jid = token_jid; + session = { + username = token_username; + host = token_host; + resource = token_resource; + + auth_scope = token_scope; + }; + }; + + local token_id = id.long(); + local token = base64.encode("1;"..jid.join(token_username, token_host)..";"..token_id); + token_store:set(token_username, token_id, token_info); + + return token, token_info; +end + +local function parse_token(encoded_token) + local token = base64.decode(encoded_token); + if not token then return nil; end + local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); + if not token_jid then return nil; end + local token_user, token_host = jid.split(token_jid); + return token_id, token_user, token_host; +end + +function get_token_info(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info, err = token_store:get(token_user, token_id); + if not token_info then + if err then + return nil, "internal-error"; + end + return nil, "not-authorized"; + end + + if token_info.expires and token_info.expires < os.time() then + return nil, "not-authorized"; + end + + return token_info +end + +function revoke_token(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + return token_store:set(token_user, token_id, nil); +end |