aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | mod_http_file_share: Measure current total usageKim Alvefur2021-09-121-0/+7
| | | | | | | | | | | | | | | In order to allow monitoring. Especially as there's not much in the way of hard numbers on how much space gets used.
* | | net.server_epoll: Try to make port number related methods saneKim Alvefur2021-09-121-7/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously it was unclear whether "client port" was the port that the client connected to, or from. I hereby declare that the client port is the source port and the server port is the destination port. Incoming and outgoing connections can be distinguished by looking at the_server reference, which only incoming connections have.
* | | doap: Remove entry that confused XEP-0277 with XEP-0227Kim Alvefur2021-09-121-7/+0
| | |
* | | doap: Mention mod_storage_xep0227Kim Alvefur2021-09-121-1/+1
| | |
* | | doap: Specify version of XEP-0227 usedKim Alvefur2021-09-121-0/+1
| | |
* | | mod_storage_xep0227: Update for XEP-0227 r1.1: Support for SCRAM, MAM, PEPMatthew Wild2021-09-121-23/+495
| | |
* | | util.set: Add :contains_set() methodMatthew Wild2021-09-121-0/+9
| | |
* | | util.array: Add :slice() method + testsMatthew Wild2021-09-122-0/+53
| | | | | | | | | | | | Behaviour follows the same logic as string.sub (so yes, 1-indexed).
* | | util.stanza: Add :get_child_with_attr() + testsMatthew Wild2021-09-122-0/+28
| | |
* | | mod_pubsub/pubsub.lib: Export config forms for use by other modulesMatthew Wild2021-09-111-0/+3
| | | | | | | | | | | | In this case I need them for 227 import/export.
* | | mod_http_file_share: Fix traceback in global quota debug logging (thanks Martin)Kim Alvefur2021-09-121-2/+4
| | | | | | | | | | | | | | | Error in util.human.units.format because of B(nil) when the global quota is unset.
* | | util.prosodyctl.check: Remove stray debug print()Kim Alvefur2021-09-121-1/+0
| | |
* | | util.prosodyctl.check: Ignore unused "ok" variable [luacheck]Kim Alvefur2021-09-121-1/+1
| | |
* | | mod_http_file_share: Add optional global quota on total storage usageKim Alvefur2021-09-121-3/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
* | | util.prosodyctl.check: Refuse to do ojn test unless prosody is runningKim Alvefur2021-09-111-0/+9
| | | | | | | | | | | | | | | Other tests don't require a running prosody and I forgot to start it when testing.
* | | prosodyctl: Add external connectivity check based on observe.jabber.networkJonas Schäfer2020-05-062-9/+88
| | | | | | | | | | | | | | | | | | | | | This uses the (experimental) observe.jabber.network API to perform external connectivity checks. The idea is to complement the checks prosodyctl can already do with a (nearly) complete s2s/c2s handshake from a remote party to test the entire stack.
* | | mod_c2s: Rename Direct TLS listener 'c2s_direct_tls' for clarityKim Alvefur2021-09-093-3/+3
| | | | | | | | | | | | And to follow existing naming practices better than 'legacy_ssl' did.
* | | util.prosodyctl.check: Add TODO about replacements for deprecated settingsKim Alvefur2021-09-091-0/+1
| | |
* | | util.prosodyctl.check: Check for server-to-server Direct TLS recordsKim Alvefur2021-09-091-1/+24
| | |
* | | mod_s2s: Rename Direct TLS listener 's2s_direct_tls'Kim Alvefur2021-09-091-1/+1
| | | | | | | | | | | | | | | Following the style of other options like (c2s|s2s)_require_encryption, s2s_secure_auth etc.
* | | mod_s2s: Add a Direct TLS listenerKim Alvefur2021-08-103-2/+16
| | | | | | | | | | | | | | | | | | Mirroring the c2s 'direct_tls'. Naming things is hard. direct_tls_s2s_ports = { 5269+1 }
* | | mod_s2s: Handle connections having TLS from the startKim Alvefur2021-08-101-0/+4
| | | | | | | | | | | | | | | This could be done with multiplexing, or a future additional port definition.
* | | mod_s2s: Factor out procedure for newly encrypted sessionsKim Alvefur2021-08-101-12/+16
| | | | | | | | | | | | | | | Goal is to call this if the connection is using Direct TLS, either via multiplexing or a future Direct TLS S2S port.
* | | mod_bosh,mod_websocket: Make into global-shared modules (...again)Kim Alvefur2021-06-212-22/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Global modules aren't quite considered loaded onto hosts, which causes confusion in some cases. They are also reported in the log as being served on http://*:5280/foo which is also a bit confusing, and can't be clicked. Global modules also have to have their paths configured in the global section, which could be confusing and unexpected. This global+shared method should be the best of both worlds.
* | | mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 ↵Kim Alvefur2021-09-063-2/+17
| | | | | | | | | | | | (thanks mjk)
* | | mod_pubsub: Move reversal of item order in <items>Kim Alvefur2021-09-051-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Examples in XEP-0060 suggest that items should be listed in chronological order, but we get them from the archive in reverse order. However when requesting specific items by id the results keep that order and we don't want to flip it again. At some point it would likely be best to use the archive API directly instead of this util.cache-compatible wrapper.
* | | mod_pubsub: Add support for limiting result size #1608Kim Alvefur2021-09-052-1/+201
| | |
* | | util.pubsub: Add support for limiting number of items to retrieveKim Alvefur2021-09-052-1/+63
| | | | | | | | | | | | | | | Hopefully this will eventually be upgraded to RSM, which is why the argument is called 'resultspec' and is a table.
* | | mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connectionsKim Alvefur2021-09-011-0/+8
| | | | | | | | | | | | As suggested by RFC 7590
* | | mod_storage_internal: Stop storing XEP-0091 timestampKim Alvefur2021-09-041-2/+1
| | | | | | | | | | | | | | | | | | | | | Should no longer be used by anything since the conversion of mod_offline to the archive API in 0.10.0, which was 4 years ago. The line clearing the property is left for a bit longer in case someone has very old offline messages or archived data.
* | | net.server_select: Deprecate and warn about itKim Alvefur2021-09-032-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | To be removed in the future, but not right now. Give the log warning a chance to prod anyone who might have network_backend="select" in their config first. There's also things built on Verse which uses server_select.lua, which will need to be updated somehow.
* | | net.server: Pikc server_epoll as unconditional defaultKim Alvefur2021-09-031-2/+1
| | | | | | | | | | | | | | | | | | | | | Previously it would have gone for server_select if util.poll was for some reason not available, which should be never these days. And even if it was, best to flush it out by throwing loud errors so users notice. Then they can work around it by using select until we delete that one.
* | | net.server: Fall back to default backend from libevent instead of always selectKim Alvefur2021-09-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Fixes that selecting libevent when unavaibalbe would fall back to select instead of epoll, even if that's available. This way, we only have to update it in once place when choosing a new default.
* | | net.server_epoll: Prevent removed timers from being readdedKim Alvefur2021-08-311-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | In a case like this the timer would not be readded: addtimer(1, function(t, id) stop(id) return 1 end);
* | | mod_mam: Suppress offline message broadcast for MAM clientsKim Alvefur2021-08-312-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | MattJ on 09:34:24 > Zash: I think as a first step, offline messages should not be sent to > clients that request MAM https://chat.modernxmpp.org/log/modernxmpp/2021-08-31#2021-08-31-8518a542bd283686
* | | mod_mam: Only check for locally generated stanza-idsKim Alvefur2021-08-311-2/+5
| | | | | | | | | | | | | | | | | | Otherwise a message archived by a remote server would be incorrectly silently discarded. This should be safe from spoofing thanks to strip_stanza_id earlier in the event chain.
* | | mod_mam: Explain behavior with absent mod_offline in a commentKim Alvefur2021-08-311-0/+4
| | |
* | | mod_mam: "Handle" messages that have been archived in the absense of mod_offlineKim Alvefur2020-06-251-0/+7
| | |
* | | mod_external_services: Factor out public function for converting to XMLKim Alvefur2021-08-301-28/+21
| | | | | | | | | | | | | | | | | | | | | | | | Along with the previous commit, allows building the XML thing yourself, should you wish to send it yourself or use it in a different context than an iq reply. API change: The 'reply' is removed from the event.
* | | mod_external_services: Factor out public function returning current servicesKim Alvefur2021-08-301-8/+11
| | | | | | | | | | | | | | | This way you get the _prepared_ services and don't have to do that mapping yourself.
* | | mod_external_services: Filter services by requested credentials using a SetKim Alvefur2021-08-301-23/+21
| | | | | | | | | | | | Please don't be accidentally quadratic.
* | | mod_external_services: Validate required attributes on credentials requestsKim Alvefur2021-08-292-1/+20
| | |
* | | Merge 0.11->trunkKim Alvefur2021-08-311-29/+29
|\| |
| * | net.server_epoll: Fix to preserve ids of readded timersKim Alvefur2021-08-311-2/+2
| | | | | | | | | | | | | | | | | | | | | Likely affected rescheduling but have no reports of this. After readding a timer, it would have been issued a new id. Rescheduling would use the previous id, thus not working.
* | | Merge 0.11->trunkKim Alvefur2021-08-301-9/+9
|\| |
| * | makefile: fix prosody.version targetLucas2021-08-151-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | POSIX is quite explicit regarding the precedence of AND-OR lists [0]: > The operators "&&" and "||" shall have equal precedence and shall be > evaluated with left associativity. For example, both of the following > commands write solely `bar` to standard output: > false && echo foo || echo bar > true || echo foo && echo bar Given that, `prosody.version` target behaves as ((((((test -f prosody.release && cp ...) || test -f ...) && sed ...) || test -f ...) && hexdump ...) || echo unknown > $@) In the case of release tarballs, `prosody.release` does exist, so the first AND pair is executed. Given that it's successful, then the first `test -f` in the OR pair is ignored, and instead the `sed` in the AND pair is executed. `sed` success, as `.hg_archival.txt` exists, making the second `test -f` in the OR pair ignored, and `hexdump` in the AND pair is executed. Now, given that `.hg` doesn't exist, it fails, so the last `echo` is run, overwriting `prosody.version` with `unknown`. This can be worked around placing `()` around the AND pairs. Decided to use conditionals instead, as I think they better communicate the intention of the block. [0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_03
* | | net.http: fail open if surrounding code does not configure TLSJonas Schäfer2021-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.
* | | Merge 0.11->trunkMatthew Wild2021-08-260-0/+0
|\| |
| * | mod_c2s: Indicate stream secure state in error text when no stream features ↵Matthew Wild2021-07-061-1/+4
| |/ | | | | | | to offer
* | usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given roleMatthew Wild2021-08-262-3/+57
| |