aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* mod_pubsub: Normalize 'publisher' JIDKim Alvefur2021-07-251-2/+2
| | | | | | | | | | | | | All the XEP-0060 examples have the publisher attribute set to a bare JID, but the text does allow it to be the full JID. Since mod_pubsub is more likely used for open nodes that anyone can subscribe to it makes sense to not leak the full JIDs. This is also disabled by defaults. In mod_pep on the other hand it might make sense to have the full JID since that data is more likely to be broadcast to contacts which are already somewhat trusted.
* mod_pubsub: Respect 'expose publisher' setting in item retrievalKim Alvefur2021-07-252-1/+9
|
* mod_pubsub: Fix inclusion of publisher (fixes #1399)Kim Alvefur2019-05-011-2/+5
|
* Merge 0.11->trunkKim Alvefur2021-07-231-1/+1
|\
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-221-1/+1
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | MUC: Skip adding to history when it's set to zeroKim Alvefur2021-07-191-0/+4
| | | | | | | | | | Optimizes away all the processing on every message in case the end-result is zero history.
* | mod_s2s: Clone 'extra' data to let resolvers add more to itKim Alvefur2021-07-181-1/+5
| | | | | | | | | | | | | | This way 'extra' is unique for each connect() instance, making it safer to mutate it, while inheriting the global settings. See 926d53af9a7a for some more context.
* | mod_s2s: Handle measurement where the local host is unknownKim Alvefur2021-07-181-1/+1
| | | | | | | | | | This could happen with Dialback-only connections or others that were missing the stream 'to' attribute.
* | mod_s2s: Guard against missing 'to' on incoming streamKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | Given an incoming <stream:stream from="example.com"> this line would have mistakenly reported the 'from' as the local host. Neither are technically required and may be missing, especially on connections used only for Dialback. Outgoing connections initiated by Prosody always have 'from_host' and 'to_host', so it is safer to check it this way.
* | mod_s2s: Don't close connections on reloadKim Alvefur2021-07-141-0/+1
| |
* | mod_s2s: Close connections attached to a host being deactivatedKim Alvefur2021-07-141-0/+8
| | | | | | | | | | | | Couldn't use those with the host being deactivated. Problem: This kicks in on reload, which isn't needed.
* | mod_s2s: Vary log level by remote stream errorKim Alvefur2021-07-141-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | Increases log level for stream conditions that could indicate a problem on our end, especially programming errors like invalid XML, or the remote server saying that our certificate is invalid, since these should be investigated. Non-issues like closing of idle streams are lowered to debug since it's mostly noise. Other issues left at info are mostly about changes to the remote server, e.g. complete or partial shutdown.
* | mod_dialback: Tweak wording in a commentKim Alvefur2021-07-131-1/+1
| |
* | mod_s2s: Remove connection timeout once it's no longer neededKim Alvefur2021-07-131-1/+12
| | | | | | | | | | | | Reduces the number of left-over timers to handle after many s2s connections were started, leaving only the ones related to incomplete connections.
* | mod_s2s: Log debug message on attempted close of an connectionless sessionKim Alvefur2021-07-111-0/+1
| | | | | | | | | | | | This should probably never happen, but probably does anyways. A debug message would show the truth of the matter.
* | mod_s2s: Drop level of indentation by inverting a condition and early returnKim Alvefur2021-07-111-59/+61
| | | | | | | | | | Nicer to get rid of a conditional that covers such a large portion of a pretty big function.
* | mod_s2s: Use module API to fire eventsKim Alvefur2021-07-111-9/+8
| | | | | | | | | | These direct accesses are probably more optimized, but weird when the module API has methods for these things.
* | mod_http_errors: Set status code 200 from root pageKim Alvefur2021-07-091-0/+1
| | | | | | | | It isn't quite an error.
* | mod_http_errors: Add a Prosody logo to root pageKim Alvefur2021-07-091-0/+10
| |
* | mod_http_errors: Allow adding icons on error pagesKim Alvefur2021-07-091-1/+1
| |
* | mod_admin_adhoc: Log who performs administrative actionsKim Alvefur2021-06-271-13/+25
| | | | | | | | Goal is to have some accountability for these privileged actions.
* | mod_admin_adhoc: Delete "Get User Password" commandKim Alvefur2021-06-271-36/+0
| | | | | | | | | | | | | | | | | | This doesn't really make sense today. It doesn't even work with mod_auth_internal_hashed, which should be the default. And even with a supporting authentication module, why would we just hand out the password? One use case may be to recover a forgotten password. While not yet included with Prosody, there are better ways to handle forgotten passwords, usually by resetting them to a new password.
* | mod_pubsub,mod_pep: Support "max" as 'pubsub#max_items'Kim Alvefur2021-06-093-10/+25
| | | | | | | | | | | | Fixes #1643 API change: The argument to archive_itemstore() changes type to integer
* | mod_external_services: Report overall status as a module statusKim Alvefur2021-06-211-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Because during startup, if all items are provided by a different module (e.g. mod_turn_external) then this would log a scary warning even if everything is fine after that other module has been loaded. This way, any persistent problematic state is reported in the console. Errors with individual items should still be reported by prepare(). Now, if you load mod_external_services alone without configuring any services, no error or warning is reported in the log, but maybe that's not so bad with it reported in the console.
* | mod_external_services: Validate items as they are addedKim Alvefur2021-06-211-0/+4
| |
* | mod_external_services: Also validate services added by other modulesKim Alvefur2021-06-211-1/+2
| | | | | | | | | | | | | | | | This ensures that problems with entries added other modules, e.g. mod_turn_external, are reported on startup. However, this depends on load order and whether a `module:depends()` call comes before the `module:add_item()` call. A followup commit will do something about that.
* | mod_storage_sql: Fix for move of yes/no function (Thanks Kasim)Kim Alvefur2021-06-211-2/+2
| |
* | mod_s2s: Remove duplicate method call (thanks luacheck)Kim Alvefur2021-06-211-1/+0
| | | | | | | | Should have been removed in the previous commit.
* | mod_s2s: Guard against LuaSec not returning TLS info here tooKim Alvefur2021-06-211-1/+2
| | | | | | | | See previous commit to mod_c2s: a62146353528
* | mod_c2s: Guard against LuaSec not returning TLS info (thanks Martin)Kim Alvefur2021-06-211-4/+4
| | | | | | | | | | | | | | | | | | The :info() method has been observed to return nothing ... sometimes. Unclear what causes it. Perhaps the TLS connection was shut down or hasn't fully settled? The LuaSec code has code paths that return nothing or nil, error, so it is best to guard against it.
* | mod_c2s: Log the same messages for Direct TLS as with starttlsKim Alvefur2021-06-201-1/+6
| | | | | | | | ^C^V
* | mod_c2s: Update a comment to reflect Direct TLSKim Alvefur2021-06-201-1/+1
| |
* | mod_c2s: Add a Direct TLS listenerKim Alvefur2021-06-201-0/+10
| | | | | | | | | | This only differs from 'legacy_ssl' in name, at least on the server side. For clients this is the one that uses SRV records.
* | mod_http_file_share: Update comment about x-frame-optionsKim Alvefur2021-06-201-1/+1
| | | | | | | | | | | | | | | | | | X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)
* | mod_s2s: Bail if connection is destroyed after attempting to open streamKim Alvefur2021-06-161-0/+5
| | | | | | | | | | | | | | | | | | | | Fixes "attempt to compare number with nil" because `session.version` has been cleared by s2smanager.destroy_session. This can happen with the server_epoll setting opportunistic_writes enabled, which means that it can notice that the connection failed at this point, after which it triggers the whole chain of events that leads to session destruction and "cleaning" most of the session fields.
* | mod_c2s,mod_s2s: Collect stats on TLS versions and ciphersKim Alvefur2021-06-162-0/+13
| |
* | mod_admin_shell: module:info: List 'items' that can be formatted easilyKim Alvefur2021-06-121-0/+14
| | | | | | | | | | Some items like HTTP providers would be very verbose, others are tricky to handle.
* | mod_admin_shell: module:info: Show friendlier name for known 'items'Kim Alvefur2021-06-121-1/+9
| |
* | mod_admin_shell: module:info: List provided 'items'Kim Alvefur2021-06-121-0/+6
| |
* | mod_admin_shell: module:info: Use existing host string representationKim Alvefur2021-06-121-8/+2
| | | | | | | | | | | | Hosts have a metatable __tostring method that produces a nice representation such as `VirtualHost "example.com"`, which even includes the component module for internal components.
* | mod_admin_shell: module:info: List dependenciesKim Alvefur2021-06-121-0/+6
| |
* | mod_admin_shell: module:info: Show module statusKim Alvefur2021-06-121-0/+3
| |
* | mod_admin_shell: Add basic command that shows more info about loaded modulesKim Alvefur2021-06-121-0/+29
| | | | | | | | | | To show info about loaded modules. Inspired by the desire to know whether a module was loaded from the core set or 3rd party.
* | mod_turn_external: Simple module to offer TURN(+STUN) via mod_external_servicesKim Alvefur2021-01-211-0/+28
| |
* | mod_http_file_share: Build list of measuring buckets for configured size limitKim Alvefur2021-06-081-1/+7
| | | | | | | | | | Creates buckets up to the configured size limit or 1TB, whichever is smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
* | mod_server_contact_info: Generate properly escaped URIs from 'admins'Kim Alvefur2020-09-111-1/+2
| |
* | mod_server_contact_info: Apply JID normalizationKim Alvefur2020-09-111-1/+2
| |
* | mod_tls: Add "support" for <failure> by closing gracefullyKim Alvefur2021-05-211-0/+6
| | | | | | | | Nicer than the "unsupported stanza type" error we get otherwise.
* | mod_csi_simple: convert to use new metric interface for flush reasonsJonas Schäfer2021-05-201-10/+7
| |
* | mod_http_file_share: Handle out of bounds Range requestKim Alvefur2021-05-171-3/+8
| | | | | | | | | | | | | | Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.