aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_storage_internal: Use a binary search for time based rangesKim Alvefur2021-05-121-8/+55
| | | | | | | | | | | | | | | | | | Iterating over an entire archive to find a few items in the far end from where iteration started is expensive, and probably more expensive with the lazy-loading of items added in the previous commit. Since we can now efficiently read items in random order, we can now use a binary search to find a better starting point for iteration.
* | mod_storage_internal: Lazy-load archive items while iteratingKim Alvefur2021-05-121-59/+57
| | | | | | | | | | | | | | | | | | | | Very large list files previously ran into limits of the Lua parser, or just caused Prosody to freeze while parsing. Using the new index we can parse individual items one at a time. This probably won't reduce overall CPU usage, probably the opposite, but it will reduce the number of items in memory at once and allow collection of items after we iterated past them.
* | util.datamanager: Add O(1) list indexing with on-disk indexKim Alvefur2021-05-111-0/+191
| | | | | | | | | | | | | | | | | | | | | | | | Index file contains offsets and lengths of each item() which allows seeking directly to each item and reading it without parsing the entire file. Also allows tricks like binary search, assuming items have some defined order. We take advantage of the 1-based indexing in tables to store a magic header in the 0 position, so that table index 1 ends up at file index 1.
* | storagemanager tests: Reorder test data in chronological orderKim Alvefur2021-05-111-13/+13
| | | | | | | | | | | | | | Why was the test data not in chronological order? Altho, maybe that was the point? Except for MAM, the data might *not* be in chronological order!
* | mod_admin_shell: Use new serialize preset to simplify default configKim Alvefur2023-06-091-2/+5
| | | | | | | | Two pairs replaced by one. Blame lua-format for the line diff delta.
* | util.serialization: Add a "pretty" presetKim Alvefur2023-06-091-0/+4
| | | | | | | | | | This is the config I want 90% of the time when just showing data in the console or so.
* | doc/hgrc-email: Example config for using 'hg email' to contributeKim Alvefur2023-06-071-0/+16
| | | | | | | | | | | | | | The initial setup can be tricky if you don't know what and were settings should be added. This should maybe also go into site/doc/contributing
* | doc/hgrc: Some useful Mercurial settingsKim Alvefur2023-06-071-0/+43
| | | | | | | | | | Some useful settings that might benefit new contributors and get them up to speed with Modern Mercurialâ„¢ faster :)
* | mod_admin_shell: Warn when (un-)loading module would be undone by restartKim Alvefur2023-06-061-0/+12
| | | | | | | | Reminder to update the configuration if the change is to be permanent.
* | mod_http: Make RFC 7239 Forwarded opt-in for now to be safeKim Alvefur2023-06-032-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | Supporting both methods at the same time may open to spoofing attacks, whereby a client sends a Forwarded header that is not stripped by a reverse proxy, leading Prosody to use that instead of the X-Forwarded-* headers actually sent by the proxy. By only supporting one at a time, it can be configured to match what the proxy uses. Disabled by default since implementations are sparse and X-Forwarded-* are everywhere.
* | mod_http: Use RFC 7239 Forwarded header to find original client IPKim Alvefur2023-06-032-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Prefer over X-Forwarded-* since it has an actual specification. Main practical difference is that Forwarded may carry more properties than only the IP address since it is a structured header. Since we parse it into an array, it is easier to do the logical thing and iterate backwards trough proxies until an untrusted one is encountered. Compare the handling of X-Forwarded-For. The 'secure' field now accounts for the full chain of proxies, which must be secure all the way to be considered secure.
* | mod_http: Handle bracketed IP address format from RFC 7239Kim Alvefur2023-06-031-0/+6
| | | | | | | | | | | | There are hints that this format might be used in X-Forwarded-For as well, so best handle it everywhere. Strips both brackets and optional port number.
* | util.http: Implement parser for RFC 7239 Forwarded headerKim Alvefur2023-06-033-0/+55
| | | | | | | | | | | | | | | | Standardized and structured replacement for the X-Forwarded-For, X-Forwarded-Proto set of headers. Notably, this allows per-hop protocol information, unlike X-Forwarded-Proto which is always a single value for some reason.
* | util.set: Remove duplicate __freeze metamethodKim Alvefur2023-06-011-9/+0
| | | | | | | | Backs out 895a82c5d8d4 beacuse __freeze already added in a96a2fbcc6c0
* | Merge 0.12->trunkKim Alvefur2023-05-311-4/+5
|\|
| * util.prosodyctl.check: Fix error where hostname can't be turned into A labelKim Alvefur2023-05-311-4/+5
| | | | | | | | | | | | | | | | | | Where gethostname or tohostname returns an invalid name, e.g. containing underscores or something, to_ascii would reject this and return nil, which triggers an error in the dns lookup. Reported by prova2 in the chat, for whom tohostname returned a long name containing underscores.
* | util.startup: Record current version in a metricKim Alvefur2023-05-311-1/+1
| | | | | | | | | | Useful to have this info available when juggling metrics, e.g. to see if things changed between versions.
* | util.startup: Remove componentmanager backwards compatibilityKim Alvefur2023-05-311-5/+0
| | | | | | | | Module was removed in 0.8.0 in c52b06de9b27
* | net.http.server: Return request ID in header to aid debuggingKim Alvefur2023-05-291-1/+1
| | | | | | | | Eases locating the request in logs
* | mod_admin_shell: Show internal URL where different from externalKim Alvefur2023-05-281-4/+8
| |
* | net.tls_luasec: Expose method for loading a certificateKim Alvefur2023-05-272-2/+2
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | net.certmanager: Move LuaSec feature detection to net.tls_luasecKim Alvefur2023-05-272-35/+36
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | util.dependencies: Print tables itself to reduce number of importsKim Alvefur2023-05-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rationale: See diffstat When this module is imported, it ends up calling stty via term_width() in util.human.io.table(). When this happens outside of a terminal, the following message is sent to stdout: stty: 'standard input': Inappropriate ioctl for device Not importing this module avoids that. Furthermore three is value in this module having minimal dependencies as they might not be available when it does the checks. Ref a1fed82c44b9
* | util.sasl: Add basic tests for OAUTHBEARERKim Alvefur2023-05-261-0/+32
| |
* | util.sasl.oauthbearer: Tighter parsing of SASL messageKim Alvefur2023-05-261-1/+3
| | | | | | | | | | Previously the kvsep before and after the kvpairs would have been included in kvpairs, which is incorrect but should be harmless.
* | Merge 0.12->trunkKim Alvefur2023-05-242-0/+6
|\|
| * mod_s2s: Add event where resolver for s2sout can be tweakedKim Alvefur2022-08-182-0/+6
| | | | | | | | | | | | | | | | Could be used to implement custom connection methods (c.f. mod_onions) without needing to duplicate the rest of route_to_new_session(). Adds a feature to enable detection since it can be difficult to detect support for an event otherwise.
* | teal: Describe http_url methodKim Alvefur2023-05-241-0/+3
| | | | | | | | | | It is not part of the "real" module API, but used in various places. Extending the API seems hard to describe in a type-safe way.
* | mod_admin_shell: Show internal URL in addition to external in http:listKim Alvefur2023-05-241-5/+8
| | | | | | | | To help with configuring reverse proxies.
* | mod_http: Add way to retrieve internal URL instead of externalKim Alvefur2023-05-241-2/+2
| | | | | | | | | | | | | | | | This could be of help when configuring reverse proxies, as it is the internal URL the proxy must point at. Argument treated as an enum "internal" "external"(default) to allow for future extensibility.
* | util.jsonschema: Update test suite ignore rulesKim Alvefur2023-05-201-5/+6
| | | | | | | | A test case was added in the middle, so all these need to be reordered.
* | mod_admin_shell: Allow logging HTTP events with debug:logevents("http")Kim Alvefur2023-05-141-0/+3
| | | | | | | | | | Mirroring debug:events("http"), and to replace the "Firing event: GET /" log lines in net.http.server
* | mod_admin_shell: Allow logging global events with debug:logevents("*")Kim Alvefur2023-05-141-1/+5
| | | | | | | | Missing feature. It should behave like debug:events()
* | net.http.server: Remove "Firing event" logs, use event logging insteadKim Alvefur2023-05-141-4/+0
| | | | | | | | | | | | | | | | Since these are noisy and we have the thing in util.helpers to log events fired. The new status line events are meant to replace these as they include more useful info.
* | net.http.server: Log request and response status linesKim Alvefur2023-05-141-0/+3
| | | | | | | | Points out the beginning and end of a request.
* | net.http.server: Assign each request its own log sourceKim Alvefur2023-05-141-5/+8
| |
* | net.http.server: Assign an ID to each request, shared with responseKim Alvefur2023-05-141-0/+3
| | | | | | | | | | Goal is improve tracking of individual HTTP requests throughout its life-cycle. Having a single ID to use in logging should help here.
* | mod_tokenauth: Support selection of _no_ role at allKim Alvefur2023-05-071-5/+6
| | | | | | | | | | | | If a grant does not have a role, we should not go and make one up. While not very useful for XMPP if you can't even login, it may be useful for OAuth2/OIDC.
* | mod_tokenauth: Return error instead of session for token without roleKim Alvefur2023-05-071-1/+3
| | | | | | | | | | Such a session triggers errors in module:may or other places since it is generally expected that a session must have a role.
* | mod_adhoc: Silence permission errors when listing commandsKim Alvefur2023-05-071-3/+3
| | | | | | | | | | | | | | | | | | Since throwing a pile of 'access denied', even at debug level, seems akin to calling wolf :) Cutting down on debug noise is also good. Passing a flag instead of using module:could seemed easier here.
* | mod_invites: Fix password reset invitesKim Alvefur2023-05-071-1/+1
| | | | | | | | Caused by roles changing from table|nil to always table in c2616274bef7
* | core.sessionmanager: Delay closing a replaced connection after replacementKim Alvefur2023-05-072-2/+2
| | | | | | | | | | | | | | | | | | | | Closing the session invokes ondisconnect and session close logic, including mod_smacks hibernation and the timer that destroys the session after a timeout. By closing the connection after it has been detached from the sessions table it will no longer invoke the ondetach handler, which should prevent the above problem.
* | doap: Update reference for publishing of XEP-0478: Stream Limits AdvertisementKim Alvefur2023-05-041-1/+2
| |
* | mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk)Kim Alvefur2023-05-032-5/+5
| | | | | | | | | | | | | | The (still not published) XEP-xxxx: Stream Limits Advertisement uses the element <max-bytes/> to advertise the maximum octet size of top level stream elements. "size" was probably a leftover of an even earlier version of the (Proto)XEP.
* | Merge 0.12->trunkKim Alvefur2023-05-011-0/+8
|\|
| * mod_csi_simple: Disable revert-to-inactive timer when going to active modeKim Alvefur2023-05-011-0/+4
| | | | | | | | This timer shouldn't kick in in the middle of active mode.
| * mod_csi_simple: Clear delayed active mode timer on disableKim Alvefur2023-05-011-0/+4
| | | | | | | | | | | | It should not be there afterwards. Noticed that it seems to fire some time after resumption claiming that the queue size is nil, implying that it may hold a reference to an expired session somehow.
* | mod_admin_shell: Refactor 'cert' columnKim Alvefur2023-04-301-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removes some dead code and hopefully simplifies a bit. There's a tree of possibilities with the two tri-state status properties, something like chain: * nil -- cert validation disabled? * invalid -- something wrong with the chain (including ee cert) * valid -- chain ok cert: * nil -- incomplete validation?? * invalid -- mismatched names or such * valid -- all good!
* | util.jsonschema: Fix UTF-8ness of 'minLength' and 'maxLength'Kim Alvefur2023-04-233-6/+17
| |
* | util.jsonschema: Implement 'minContains' and 'maxContains'Kim Alvefur2023-04-233-12/+8
| |