aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* net.resolvers.basic: Disable DANE for now, completely brokenKim Alvefur2021-03-032-6/+4
| | | | | Turns out 'extra' is, at least for mod_s2s, the same table for *all* connections.
* net.resolvers.basic: Don't enable DANE with zero TLSA recordsKim Alvefur2021-03-031-1/+1
| | | | Turns out it doesn't work with zero.
* mod_s2s: Buffer stream error + stream closing tagKim Alvefur2021-03-031-1/+4
| | | | | In "opportunistic writes" mode, prevents ondisconnect from happening while writing the stream closing tag.
* core.s2smanager: Set "direction" on destroyed sessions (fixes #1641)Kim Alvefur2021-03-031-0/+1
| | | | | | | | Should prevent errors in certain places where it logs session.direction captialized using gsub. Might cause bugs tho, but then the session is destroyed so maybe it doesn't matter?
* mod_s2s: Check direction in bidi-aware styleKim Alvefur2021-03-031-1/+1
| | | | | | Both session.incoming and session.outgoing are truthy here, but session.direction indicates the "real" direction in the way that matters for the order of events when opening or closing streams.
* doap: Add RFC 7673Kim Alvefur2021-03-021-0/+1
| | | | Supported in the DNS layer, this isn't RFC about how to use it in XMPP.
* mod_s2s: Add config setting to enable DANEKim Alvefur2021-03-021-0/+1
|
* net.connect: Add DANE supportKim Alvefur2021-03-022-1/+27
| | | | | | Disabled DANE by default, since it needs extra steps to be useful. The built-in DNS stub resolver does not support DNSSEC so having DANE enabled by default only leads to an extra wasted DNS request.
* net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)Kim Alvefur2019-09-291-0/+14
|
* core.portmanager: Log SNI hosts, services looked forKim Alvefur2021-03-021-0/+1
| | | | To highlight how many these are
* MUC: Add robot face testKim Alvefur2021-03-021-0/+46
| | | | See 6e051bfca12d
* mod_http: Consolidate handling of proxied connection detailsKim Alvefur2021-02-271-9/+9
| | | | | Trying to move everything relating to proxies and X-Forwarded-Foo into a single place.
* net.http.server: Set request.ip so mod_http doesn't have toKim Alvefur2021-02-272-1/+3
| | | | | | | | Because it already sets request.secure, which depends on the connection, just like the IP, so it makes sense to do both in the same place. Dealing with proxies can be left to mod_http for now, but maybe it could move into some util some day?
* Merge 0.11->trunkKim Alvefur2021-02-271-3/+3
|\
| * mod_http: Restore ip field for requests without proxiesKim Alvefur2021-02-271-2/+2
| | | | | | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy.
* | mod_http_file_share: Skip removal of nothingKim Alvefur2021-02-261-5/+9
| | | | | | | | | | In case none of the expired files could be deleted then it's a waste of an API call to try to remove any of the metadata at all.
* | mod_http_file_share: Remove correct entries when not all expired files were ↵Kim Alvefur2021-02-251-10/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
* | mod_http_errors: Add some commentsKim Alvefur2021-02-251-0/+3
| |
* | mod_http_errors: Add some silly variations for the '/' pageKim Alvefur2021-02-251-1/+11
| | | | | | | | | | | | | | | | | | > "You can do anything in XMPP!" > as a reminiscence of zombo.com -- jonas’ > A study in simplicity. Prosody tagline
* | mod_http_file_share: Fix traceback on missing file-typeKim Alvefur2021-02-241-1/+4
| | | | | | | | attempt to index a nil value (local 'filetype') casued by the :gsub call
* | mod_csi_simple: Add command to test importance algorithm on stream of stanzasKim Alvefur2021-02-231-0/+32
| | | | | | | | This won't include behavior provided by extra modules tho.
* | mod_http: Improve message for missing 'route'Kim Alvefur2021-02-231-1/+1
| | | | | | | | | | This was the late night early draft text, thought I had amended this but apparently I forgot.
* | mod_http: Warn if app is missing 'route'Kim Alvefur2021-02-211-1/+7
| | | | | | | | | | | | | | | | | | | | Makes no sense to have a http module with no handlers Would have helped me when I accidentally module:provides("http", { GET = handler; })
* | mod_http_file_share: Allow credentials via CORS (needed for auth token)Kim Alvefur2021-02-231-0/+3
| |
* | mod_http: Allow modifying CORS header list via :provides APIKim Alvefur2019-12-301-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { headers = { Accept = true; Expect = false; }; }; route = { ... }; }); Case might be weird.
* | mod_http: Allow setting the CORS credentials flag via :provides APIKim Alvefur2019-12-301-1/+9
| | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { credentials = true; }; route = { ... }; });
* | mod_http_errors: Style tweakKim Alvefur2021-02-211-3/+3
| | | | | | | | | | Weird to have the background all the way to the edge of the viewport. Would be nice if this could be done without the extra span.
* | mod_http_file_share: Return a message from the base URLKim Alvefur2021-02-211-0/+9
| |
* | mod_websocket: Use mod_http_errors html template #1172Kim Alvefur2021-02-211-4/+12
| | | | | | | | Same as the prior commit to mod_bosh
* | mod_bosh: Include warning if endpoint accessed insecurely (#1172)Kim Alvefur2021-02-211-0/+1
| | | | | | | | | | | | | | This is to make it obvious if a misconfigured a proxy or the request really is insecure. Perhaps it should also check c2s_require_encryption?
* | mod_bosh: Use message template from mod_http_errorKim Alvefur2021-02-211-11/+9
| | | | | | | | | | | | Looking Good! And most importantly, consistent.
* | mod_http_errors: Add a highlighted warning to templateKim Alvefur2021-02-211-0/+3
| | | | | | | | | | | | | | It looks sooooo good! Meant to be used by e.g. mod_bosh to warn in case the request is considered insecure.
* | mod_http_errors: Add way to reuse the error page templateKim Alvefur2021-02-211-0/+7
| | | | | | | | | | | | | | | | | | | | module:fire_event("http-message", {title = "hello"; message = "world"}) Goal is to enable consistent messages from Prosody. Not necessarily error messages, but warnings or just notices. This does cause some drift in the purpose of mod_http_errors, but that's okay.
* | mod_http_errors: Minify CSSKim Alvefur2021-02-181-25/+6
| | | | | | | | Because It looks too big in view source!
* | Merge 0.11->trunkKim Alvefur2021-02-180-0/+0
|\|
| * mod_http: Fix trusted proxies check (thanks buildbot)Kim Alvefur2021-02-181-1/+1
| | | | | | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk.
* | mod_http: Optimize proxy IP checkKim Alvefur2021-02-181-0/+3
| | | | | | | | | | No need to do a subnet match comparison to see if two IP addresses match exactly.
* | mod_websocket: Inherit security status from http requestKim Alvefur2021-02-181-1/+1
| | | | | | | | | | | | | | Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too.
* | mod_http: Consider x-forwarded-proto from trusted proxiesKim Alvefur2021-02-181-0/+4
| | | | | | | | | | | | | | Should be better than setting consider_{bosh,websocket}_secure as that may end up causing actually insecure requests to be considered secure. Doing it here, as with IP, should make this apply to all HTTP modules.
* | Merge 0.11->trunkKim Alvefur2021-02-181-1/+1
|\|
| * mod_http: Skip IP resolution in non-proxied caseKim Alvefur2021-02-181-1/+1
| | | | | | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason.
* | mod_csi_simple: Fire event when flushing queueKim Alvefur2021-02-161-0/+1
| | | | | | | | | | To let other plugins know and take some action, e.g. flushing other buffers or whatnot.
* | mod_csi_simple: Set session state to 'flushing' while doing soKim Alvefur2021-02-161-1/+3
| | | | | | | | May be useful for 3rd party modules.
* | Merge 0.11->trunkKim Alvefur2021-02-151-0/+1
|\|
| * Tag 0.11.8Kim Alvefur2021-02-150-0/+0
| |
| * mod_pep: Advertise base pubsub feature (fixes #1632)0.11.8Kim Alvefur2021-02-151-0/+1
| | | | | | | | | | Noticed while discussing feature discovery in Gajim Thanks lovetox
* | mod_http_file_share: Prevent attempt to upload again after completionKim Alvefur2021-02-131-0/+9
| |
* | mod_http_file_share: Support sending 100 ContinueKim Alvefur2021-02-131-0/+3
| | | | | | | | | | E.g. curl will ask for this when sending large uploads. Removes a delay while it waits for an error or go-agead.
* | net.http.server: Don't pause early streaming uploadsKim Alvefur2021-02-131-1/+10
| | | | | | | | | | | | | | Fixes that otherwise it would wait for the request to be done after receiving the head of the request, when it's meant to select a target for where to store the data, instead of waiting after receiving the request for when the request has been handled.
* | net.http.server: Allow storing more than the parser in the sessionKim Alvefur2021-02-121-10/+11
| | | | | | | | Storing the async thread on the connection was weird.