aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_register_limits.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_register_limits.lua')
-rw-r--r--plugins/mod_register_limits.lua59
1 files changed, 43 insertions, 16 deletions
diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua
index 736282a5..cb430f7f 100644
--- a/plugins/mod_register_limits.lua
+++ b/plugins/mod_register_limits.lua
@@ -13,21 +13,24 @@ local ip_util = require "util.ip";
local new_ip = ip_util.new_ip;
local match_ip = ip_util.match;
local parse_cidr = ip_util.parse_cidr;
+local errors = require "util.error";
+-- COMPAT drop old option names
local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations");
-local whitelist_only = module:get_option_boolean("whitelist_registration_only");
-local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1", "::1" })._items;
-local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items;
+local allowlist_only = module:get_option_boolean("allowlist_registration_only", module:get_option_boolean("whitelist_registration_only"));
+local allowlisted_ips = module:get_option_set("registration_allowlist", module:get_option("registration_whitelist", { "127.0.0.1", "::1" }))._items;
+local blocklisted_ips = module:get_option_set("registration_blocklist", module:get_option_set("registration_blacklist", {}))._items;
local throttle_max = module:get_option_number("registration_throttle_max", min_seconds_between_registrations and 1);
local throttle_period = module:get_option_number("registration_throttle_period", min_seconds_between_registrations);
local throttle_cache_size = module:get_option_number("registration_throttle_cache_size", 100);
-local blacklist_overflow = module:get_option_boolean("blacklist_on_registration_throttle_overload", false);
+local blocklist_overflow = module:get_option_boolean("blocklist_on_registration_throttle_overload",
+ module:get_option_boolean("blacklist_on_registration_throttle_overload", false));
-local throttle_cache = new_cache(throttle_cache_size, blacklist_overflow and function (ip, throttle)
+local throttle_cache = new_cache(throttle_cache_size, blocklist_overflow and function (ip, throttle)
if not throttle:peek() then
- module:log("info", "Adding ip %s to registration blacklist", ip);
- blacklisted_ips[ip] = true;
+ module:log("info", "Adding ip %s to registration blocklist", ip);
+ blocklisted_ips[ip] = true;
end
end or nil);
@@ -54,25 +57,49 @@ local function ip_in_set(set, ip)
return false;
end
+local err_registry = {
+ blocklisted = {
+ text = "Your IP address is blocklisted";
+ type = "auth";
+ condition = "forbidden";
+ };
+ not_allowlisted = {
+ text = "Your IP address is not allowlisted";
+ type = "auth";
+ condition = "forbidden";
+ };
+ throttled = {
+ text = "Too many registrations from this IP address recently";
+ type = "wait";
+ condition = "policy-violation";
+ };
+}
+
module:hook("user-registering", function (event)
local session = event.session;
local ip = event.ip or session and session.ip;
local log = session and session.log or module._log;
if not ip then
- log("warn", "IP not known; can't apply blacklist/whitelist");
- elseif ip_in_set(blacklisted_ips, ip) then
- log("debug", "Registration disallowed by blacklist");
+ log("warn", "IP not known; can't apply blocklist/allowlist");
+ elseif ip_in_set(blocklisted_ips, ip) then
+ log("debug", "Registration disallowed by blocklist");
event.allowed = false;
- event.reason = "Your IP address is blacklisted";
- elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then
- log("debug", "Registration disallowed by whitelist");
+ event.error = errors.new("blocklisted", event, err_registry);
+ elseif (allowlist_only and not ip_in_set(allowlisted_ips, ip)) then
+ log("debug", "Registration disallowed by allowlist");
event.allowed = false;
- event.reason = "Your IP address is not whitelisted";
- elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then
+ event.error = errors.new("not_allowlisted", event, err_registry);
+ elseif throttle_max and not ip_in_set(allowlisted_ips, ip) then
if not check_throttle(ip) then
log("debug", "Registrations over limit for ip %s", ip or "?");
event.allowed = false;
- event.reason = "Too many registrations from this IP address recently";
+ event.error = errors.new("throttled", event, err_registry);
end
end
+ if event.error then
+ -- COMPAT pre-util.error
+ event.reason = event.error.text;
+ event.error_type = event.error.type;
+ event.error_condition = event.error.condition;
+ end
end);