aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_http: Unhook CORS handlers only if active (fixes #1801)Kim Alvefur2023-03-051-3/+7
|
* util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS ↵Kim Alvefur2023-02-221-2/+2
| | | | | | | | settings The cross_domain_* settings were added here prior to http_cors_override being added back in 17d87fb2312a, so for a time there was no replacement, but now there is.
* Added tag 0.12.3 for changeset 0598d822614fMatthew Wild2023-02-210-0/+0
|
* mod_websocket: Fire pre-session-close event (fixes #1800)0.12.3Matthew Wild2023-02-201-0/+3
| | | | | | | | | | | | | | | | This event was added in a7c183bb4e64 and is required to make mod_smacks know that a session was intentionally closed and shouldn't be hibernated (see fcea4d9e7502). Because this was missing from mod_websocket's session.close(), mod_smacks would always attempt to hibernate websocket sessions even if they closed cleanly. That mod_websocket has its own copy of session.close() is something to fix another day (probably not in the stable branch). So for now this commit makes the minimal change to get things working again. Thanks to Damian and the Jitsi team for reporting.
* net.http.parser: Fix off-by-one error in chunk parserMatthew Wild2023-02-172-5/+53
|
* mod_admin_socket: Return error on unhandled input to prevent apparent freezeKim Alvefur2023-02-162-1/+7
| | | | | | When mod_admin_socket is loaded without mod_admin_shell, attempt to use `prosodyctl shell` will appear to freeze after any input, since no response is returned.
* net.http.server: Add new API to get HTTP request from a connectionMatthew Wild2023-02-161-0/+4
| | | | | | | | | | | This information is sometimes necessary in the context where we have a connection that we know (or believe to be) associated with an incoming HTTP request. For example, it can be used to retrieve the IP address of a request (which may differ from the IP address of the connection, due to X-Forwarded-For and co). Thanks to the Jitsi team for highlighting this gap in the API.
* net.http.parser: Improve handling of responses without content-lengthMatthew Wild2023-02-092-9/+14
| | | | | | This ensures that we support responses without a content-length header, and allow streaming them through the streaming handler interface. An example of such a response would be Server-Sent Events streams.
* net.http: Add missing log parameterMatthew Wild2023-02-091-1/+1
|
* sessionmanager: Improve logging around session destructionMatthew Wild2023-02-091-3/+10
|
* core.sessionmanager: Mark session as destroyed to prevent reentryKim Alvefur2023-01-191-0/+1
| | | | | If it reaches this point, then the session will be most definitely be destroyed, so try to prevent destroy_session() from being called again.
* core.sessionmanager: Skip log when (not) destroying destroyed sessionsKim Alvefur2023-01-191-2/+1
| | | | | | | | | On regular disconnects, </stream> is sent, then sessionmanager.destroy_session() is called, then sessionmanager.destroy_session() is called again when the TCP connection is closed, from ondisconnect in mod_c2s. It is a bit annoying and doesn't really tell you much.
* util.startup: Close state on exit to ensure GC finalizers are calledKim Alvefur2023-01-222-5/+5
| | | | | | | | | | | | | Ensures a last round of garbage collection and that finalizers are called. Fixes things like proper closing of SQLite3 state. There are more calls to os.exit() but most of them exit with an error or in a case where a final GC sweep might not matter as much. It would be nice if this was the default. Calling util.statup.exit() everywhere may be sensible, but would be more involved, requiring imports everywhere.
* util.prosodyctl.shell: Close state on exit to fix saving shell historyKim Alvefur2023-01-221-2/+2
| | | | | | | | | | | | | | | | | | This ensures a last round of garbage collection and finalizers, which should include flushing the readline history file. Test procedure: ``` $ ./prosodyctl shell prosody> s2s:show() -- any command that is not the last in history ... output prosody> bye $ ./prosodyctl shell prosody> ^P ``` After this, the shell prompt should contain the last command from before the "bye". Before this patch, recent history is gone most of the time.
* mod_muc_mam: Copy "include total" behavior from mod_mamKim Alvefur2023-01-211-1/+5
| | | | | Not sure why this was missing from MUC MAM, it already had some of the code for dealing with it.
* mod_muc_mam: Add mam#extended form fields #1796 (Thanks Rain)Kim Alvefur2023-01-211-0/+10
| | | | Oversight in cabb022f31c0
* mod_mam,mod_muc_mam: Minimize differences (reorder, copy some comments)Kim Alvefur2023-01-212-8/+11
| | | | | Should have no functional difference, but makes it easier keeping mod_mam and mod_muc_mam in sync.
* mod_smacks: Log something when hibernation startsKim Alvefur2023-01-191-0/+1
| | | | | Will hopefully save future confusion about sessions being destroyed when they are in fact not.
* prosodyctl check dns: Check for Direct TLS SRV records even if not ↵Kim Alvefur2023-01-141-4/+8
| | | | | | | configured (fix #1793) Existing such records may cause timeouts or errors in clients and servers trying to connect, despite prosodyctl check saying all is well
* mod_invites: Prefer landing page over xmpp URI in shell commandKim Alvefur2023-01-101-2/+2
| | | | To mirror behavior of prosodyctl invocation
* net.http.server: Fix #1789Kim Alvefur2023-01-081-1/+1
| | | | | | | | | Unregistering the response before sending the trailer of the chunked transfer encoding prevents opportunistic writes from being invoked and running this code again when, which may cause an error when closing the file handle a second time. Normally the file size is known, so no chuck headers are sent.
* mod_storage_sql: Fix #1639Kim Alvefur2023-01-011-14/+12
| | | | Patch by Peter Kieser
* configure: Fix quoting of $LUA_SUFFIX (thanks shellcheck/Zash)Matthew Wild2022-12-291-1/+1
| | | | Transplanted 6b43bf85032b from trunk
* mod_storage_sql: Don't avoid initialization under prosodyctl (fix #1787)Kim Alvefur2022-12-291-1/+0
| | | | | | | | | Fixes `prosodyctl adduser` etc. Prior to d580e6a57cbb the line did nothing. Sometimes storage in the prosodyctl context does cause weirdness, as it is not in a host context, but rather a variant of global.
* Tag 0.12.2Kim Alvefur2022-12-120-0/+0
|
* Merge 0.11->0.120.12.2Kim Alvefur2022-12-121-1/+5
|\
| * Tag 0.11.14Kim Alvefur2022-12-120-0/+0
| |
| * util.stanza: Allow U+7F0.11.14Kim Alvefur2022-11-221-1/+5
| | | | | | | | | | | | | | | | Allowed by XML despite arguably being a control character. Drops the part of the range meant to rule out octets invalid in UTF-8 (\247 starts a 4-byte sequence), since UTF-8 correctness is validated by util.encodings.utf8.valid().
| * Added tag 0.11.13 for changeset ebeb4d959fb3Matthew Wild2022-01-240-0/+0
| |
* | mod_smacks: Disable resumption behavior on s2sKim Alvefur2022-11-131-1/+2
| | | | | | | | | | | | | | Since resumption is not supported on s2s currently, there is no point in allocating resumption tokens. The code that removes entries from session_registry is only invoked for c2s sessions, thus enabling resumable smacks on s2s adds an entry that never goes away.
* | util.json: Accept empty arrays with whitespace (fixes #1782)Matthew Wild2022-11-042-5/+22
| |
* | mod_http: Allow disabling CORS in the http_cors_override option and by defaultMatthew Wild2022-10-311-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #1779. Due to an oversight in the logic, if the user set 'enabled' to false in an override, it would disable the item's requested CORS settings, but still apply Prosody's default CORS policy. This change ensures that 'enabled = false' will now disable CORS entirely for the requested item. Due to the new structure of the code, it was necessary to have a flag to say whether CORS is to be applied at all. Rather than hard-coding 'true' here, I chose to add a new option: 'http_default_cors_enabled'. This is a boolean that allows the operator to disable Prosody's default CORS policy entirely (the one that is used when a module or config does not override it). This makes it easier to disable CORS and then selectively enable it only on services you want it on.
* | mod_admin_shell: Ensure available connection for column 'secure'Kim Alvefur2022-10-231-1/+1
| | | | | | | | Similar to #1777
* | mod_admin_shell: Ensure connection exists to get port from (fixes #1777)Kim Alvefur2022-10-231-1/+5
| |
* | util.startup: Ensure import() is available in prosodyctl (thanks keyzer)Kim Alvefur2022-10-201-1/+1
| | | | | | | | | | Fixes error in mod_authz_internal due to import() being unavailable as it was only loaded in Prosody proper
* | util.jsonschema: Use same integer/float logic on Lua 5.2 and 5.3Kim Alvefur2022-10-091-2/+2
| | | | | | | | | | Fixes test case type.json:0:1 covering treatment of 1.0 as an integer according to the JSON definition
* | util.jsonschema: Fix Lua 5.2 integer compatKim Alvefur2022-10-091-1/+1
| | | | | | | | | | math.type() is unavailable before Lua 5.3 so this should use the compat function added at the top
* | util.jsonschema: Ignore test case for JavaScript specific detailKim Alvefur2022-10-091-0/+1
| | | | | | | | Also touching on how arrays are indistinguishable from tables in Lua
* | util.jsonschema: Ignore some further test cases for URI referencesKim Alvefur2022-10-091-0/+5
| | | | | | | | Full-URI references are not implemented
* | util.jsonschema: Sort test cases to skipKim Alvefur2022-10-091-7/+7
| | | | | | | | Piped trough `sort -g`
* | util.stanza: Return nil instead of nothing (fix test with luassert >=1.9)Kim Alvefur2022-09-151-0/+5
| | | | | | | | | | Due to a change in luassert, a dependency luassert of the Busted test framework, returning nothing is no longer treated as not falsy.
* | mod_s2s: Fix firing buffer drain eventsKim Alvefur2022-08-261-2/+2
| | | | | | | | | | Fixes the same kind of issue as in 65563530375b but once and for all, while improving similarity between incoming and outgoing connections.
* | mod_admin_shell: Switch names for user role management commandsKim Alvefur2022-08-151-4/+8
| | | | | | | | | | | | | | user:roles() does not convey that this is the mutating command, it should have been called setroles from the start but wasn't due to lack of foresight. This has to accidentally removing roles when wanting to show them.
* | mod_storage_sql: Fix summary API with Postgres (fixes #1766)Kim Alvefur2022-07-221-4/+2
| | | | | | | | | | | | | | The ORDER BY and LIMIT clauses are not needed and don't even make much sense. This part was most likely a leftover from the :find method. Tested with sqlite and postgres 14
* | storage tests: Add test for the archive:summary APIKim Alvefur2022-07-221-0/+17
| | | | | | | | | | Passes with memory, internal, sqlite Fails with postgres as in #1766
* | mod_http_files: Log warning about legacy modules using mod_http_filesKim Alvefur2022-07-171-2/+1
| | | | | | | | | | | | | | | | | | It is time. Most community modules should have been adjusted to work with the new (net.http.files) way. At some point this usage should be prevented. Related to #1765
* | mod_bookmarks: Reduce error about not having bookmarks to debug (thanks tom)Kim Alvefur2022-07-262-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is happens if the account is new and doesn't have any bookmarks yet, which is not a problem. Rarely seen since most clients currently use the older version of XEP-0084 stored in XEP-0049 rather than in PEP, but at least one (Converse.js )does. One scenario in which this would show up often is with Converse.js as a guest chat using anonymous authentication, where all "accounts" would always be new and not have any bookmarks. This scenario probably does not need to have mod_bookmarks at all, but if enabled globally it would likely become loaded onto the VirtualHost unless explicitly disabled.
* | mod_storage_sql: Fix bypass of load procedure under prosodyctlKim Alvefur2022-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | There's no 'prosody.prosodyctl' property other than this one, introduced in 6216743c188c in 2015. Guessing that the intent was to skip this when running as a prosodyctl command. The module.command code does its own version of this initialization, so this seems likely. Thanks raja for noticing
* | core.s2smanager: Don't remove unrelated session on close of bidi sessionKim Alvefur2022-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally with bidi, any outgoing connection should be the same as the incoming, hence when closing a bidi connection it should be removed as a route to the remote server. However it is not guaranteed, a remote bidi-capable server might have decided to open a new connection for some reason. This can lead to a situation where there are two bidi connections, and the s2sout route is a locally initiated s2sout connection. In this case, such a s2sout connection should be kept. Noticed in a rare case where bidi has just been enabled on a running server, and something establishes new connections immediately when a connection is closed.
* | luacheck: Shut up (backports 3caff1f93520, ignores module deleted in trunk)Kim Alvefur2022-05-302-2/+4
| |