aboutsummaryrefslogtreecommitdiffstats
path: root/core
Commit message (Collapse)AuthorAgeFilesLines
* core.loggingmanager: Bump expected util.pposix versionKim Alvefur8 days1-1/+1
| | | | Otherwise no syslog or console detection
* Merge 0.12->trunkKim Alvefur2024-08-181-0/+1
|\
| * core.moduleapi: Default labels to empty list to fix error if omittedKim Alvefur2024-08-181-0/+1
| | | | | | | | | | In a host-scoped module in the `if is_scoped` clause the resulting `array:append(nil)` call throws.
* | core.certmanager: Include ffdhe2048 from RFC 7919 as default DH paramKim Alvefur2024-07-121-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | This removes one manual (yet undocumented) step that was supposed to be done to get a complete 'intermediate' configuration. This file can be found on the Internet by searching for "ffdhe2048" and can be verified by comparing the hexadecimal representation of p from the RFC with the output of `openssl asn1parse`. Given the preference and prevalence of ECDHE, it seems likely that few would have noticed this.
* | core.features: Advertise that events are fired for SIGUSR1/2Kim Alvefur2024-03-021-0/+3
| | | | | | | | Moved here from mod_posix since these events no longer originate there
* | features: Add mod_server_infoMatthew Wild2024-02-231-0/+2
| |
* | features: Add module-ready (for commit e20949a10118)Matthew Wild2024-02-221-0/+3
| |
* | configmanager: Fix linter issuesMatthew Wild2023-12-081-2/+10
| |
* | configmanager: Support for appending to existing config optionsMatthew Wild2023-12-081-3/+56
| | | | | | | | ...and some other useful operations
* | configmanager: Make _G accessible via `Lua` variable, deprecate direct accessMatthew Wild2023-12-081-1/+12
| |
* | configmanager: Allow referencing previously-set options in the config fileMatthew Wild2023-12-081-0/+14
| |
* | moduleapi: Log error message when ambiguous period spec is found in configMatthew Wild2023-11-301-1/+9
| |
* | modulemanager: Allow modules to expose module.ready - to be called after initMatthew Wild2023-11-301-0/+4
| | | | | | | | | | | | | | | | This is a shortcut for module:on_ready() which exposes the functionality in an idiomatic way consistent with module.load, module.unload, etc. module.ready runs when the module is loaded and the server has finished starting up.
* | moduleapi: Rename :once() to :on_ready() for clarityMatthew Wild2023-11-301-1/+7
| | | | | | | | | | | | | | 'Once' is ambiguous - once per what? on_ready() executes its parameter when the module is loaded *and* the server has finished starting.
* | usermanager, mod_auth_internal_hashed: Support metadata when disabling a userMatthew Wild2023-11-301-3/+3
| | | | | | | | | | This allows us to store a time, actor, comment and/or reason why an account was disabled, which seems a generally useful thing to support.
* | moduleapi: may(): Support explicit actor_jid in context objectMatthew Wild2023-11-071-18/+24
| |
* | core.certmanager: Handle dane context setting same way on reload as on ↵Kim Alvefur2023-11-041-1/+7
| | | | | | | | initialization
* | core.certmanager: Tweak log level of message about SNI being requiredKim Alvefur2023-10-291-1/+1
| | | | | | | | Everything supports SNI today, so this is not useful information.
* | Merge 0.12->trunkKim Alvefur2023-10-271-1/+4
|\|
| * core.certmanager: Validate that 'tls_profile' is one of the valid valuesKim Alvefur2023-10-271-1/+4
| | | | | | | | A typo should not result in ending up with "legacy"
* | portmanager: Expose API to get at SSL/TLS config for a given interface/portMatthew Wild2022-09-071-0/+8
| |
* | core.storagemanager: Remove 0.10 era sql2 driver COMPATKim Alvefur2023-09-041-18/+2
| | | | | | | | | | | | | | | | Unlikely that anyone has had sql2 in their configs for a long time, so this serves little purpose. Leaving the indirection function in case some similar compat code is needed in the future.
* | core.portmanager: Join strings broken into multiple linesKim Alvefur2023-07-291-6/+3
| | | | | | | | | | | | | | Improves readability. Reduces line count. What's not to like? The code style and luacheck rules allows longer lines, and these strings aren't long enough to need breaking into multiple lines like this.
* | core.portmanager: Hint at HTTP servers for conflicts over port 443Kim Alvefur2023-07-291-1/+1
| | | | | | | | | | | | Since 443 is just as much a web port as port 80 these days, if not more. What's with port 81 here?
* | core.moduleapi: Parse period min/max argumentsKim Alvefur2023-07-221-0/+6
| | | | | | | | | | Allows specifying them the same way as the default and in the config, for consistency
* | core.moduleapi: Fix min/maxinteger fallback for Lua 5.2Kim Alvefur2023-07-171-1/+1
| | | | | | | | Maybe these should live in util.mathcompat?
* | core.moduleapi: Add min/max range support to :get_option_periodKim Alvefur2023-07-171-11/+27
| | | | | | | | | | | | To match :get_option_number etc, specifying the allowed interval. Default is essentially (0, inf].
* | moduleapi: Add :get_option_integer()Kim Alvefur2023-07-172-0/+15
| | | | | | | | | | | | | | Many options in Prosody that are treated as numbers don't make sense as floats, e.g. sizes and limits measured in bytes. Simplified implementation based on an earlier attempt dating back to 2020
* | core.moduleapi: Accept boolean false to disable period settingKim Alvefur2023-07-161-1/+1
| |
* | core.moduleapi: Log error for unexpected types (booleans?) set as periodsKim Alvefur2023-07-161-0/+2
| |
* | core.moduleapi: Turn negative periods or "never" into infinityKim Alvefur2023-07-161-0/+7
| | | | | | | | | | As a way to signal that the periodic thing should be disabled, matching existing mod_mam usage
* | core.moduleapi: Improve handling of different types in :get_option_periodKim Alvefur2023-07-161-8/+8
| | | | | | | | | | Pass positive numbers trough unharmed, parse strings as periods, discard anything else.
* | core.moduleapi: Add :get_option_period for parsing time intervalsKim Alvefur2023-07-162-0/+16
| | | | | | | | | | E.g. for use in mod_mam and others that take an amount of time before some (usually cleanup) action is taken.
* | core.moduleapi: Allow specifying an acceptable range for number optionsKim Alvefur2021-10-052-2/+15
| |
* | moduleapi: Add enum config option methodKim Alvefur2021-01-162-0/+12
| | | | | | | | For when a setting has a few fixed values it can take
* | Merge 0.12->trunkKim Alvefur2023-07-101-1/+2
|\|
| * core.certmanager: Update Mozilla TLS config to version 5.7Kim Alvefur2023-07-091-1/+2
| | | | | | | | Ref https://github.com/mozilla/server-side-tls/issues/285
* | core, plugins: Split prosody:user role into prosody:{guest,registered,member}Matthew Wild2023-06-291-0/+3
| | | | | | | | | | | | | | This gives us more granular control over different types of user account. Accounts registered by IBR get assigned prosody:registered by default, while accounts provisioned by an admin (e.g. via prosodyctl shell) will receive prosody:member by default.
* | usermanager: Add create_user_with_role() method to atomically set initial roleMatthew Wild2023-06-291-0/+26
| |
* | net.tls_luasec: Expose method for loading a certificateKim Alvefur2023-05-271-2/+1
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | net.certmanager: Move LuaSec feature detection to net.tls_luasecKim Alvefur2023-05-271-35/+12
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | Merge 0.12->trunkKim Alvefur2023-05-241-0/+2
|\|
| * mod_s2s: Add event where resolver for s2sout can be tweakedKim Alvefur2022-08-181-0/+2
| | | | | | | | | | | | | | | | Could be used to implement custom connection methods (c.f. mod_onions) without needing to duplicate the rest of route_to_new_session(). Adds a feature to enable detection since it can be difficult to detect support for an event otherwise.
* | core.sessionmanager: Delay closing a replaced connection after replacementKim Alvefur2023-05-071-2/+1
| | | | | | | | | | | | | | | | | | | | Closing the session invokes ondisconnect and session close logic, including mod_smacks hibernation and the timer that destroys the session after a timeout. By closing the connection after it has been detached from the sessions table it will no longer invoke the ondetach handler, which should prevent the above problem.
* | moduleapi: Add luacheck annotation to suppress warning about unused selfMatthew Wild2023-04-011-1/+1
| | | | | | | | | | This is a convenience function, and there is currently no module-specific code required to implement it. Not using 'self' is to be expected.
* | moduleapi: Add module:once() to execute a function after module load/startupMatthew Wild2023-04-011-0/+5
| | | | | | | | | | | | | | | | | | | | It is a common pattern for modules to do something like check for prosody.start_time, and execute code immediately if it is present, or wait for the server-started event if it isn't yet. For example, this allows you to run code after all other modules/hosts have been loaded, that are going to be loaded. Such code can now be replaced with a simple call to this method.
* | sessionmanager: Preserve 'since' property of original session after resumptionMatthew Wild2023-03-291-0/+1
| |
* | moduleapi: Add 'peek' to :may() and new :could() helper to suppress loggingMatthew Wild2023-03-261-7/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | The current method logs scary "access denied" messages on failure - this is generally very useful when debugging access control stuff, but in some cases the call is simply a check to see if someone *could* perform an action, even if they haven't requested it yet. One example is determining whether to show the user as an admin in disco. The 'peek' parameter, if true, will suppress such logging. The :could() method is just a simple helper that can make the calling code a bit more readable (suggested by Zash).
* | moduleapi: may: Fail early if a local session has no role assignedMatthew Wild2023-03-251-3/+8
| | | | | | | | | | | | | | We expect every session to explicitly have a role assigned. Falling back to any kind of "default" role (even the user's default role) in the absence of an explicit role could open up the possibility of accidental privilege escalation.
* | core.usermanager: Correct formatting of not implemented errorKim Alvefur2023-03-261-4/+4
| | | | | | | | Spaces, no hyphen, apparently.