aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* mod_admin_shell: Add command to show current user rolesKim Alvefur2022-01-231-0/+20
|
* mod_admin_shell: Add help section about rolesKim Alvefur2022-01-231-0/+12
| | | | | | | As in the argument to user:create() and user:roles() Tricky to come up with something sensible to write when Prosody core only knows of the 'prosody:admin' role so far.
* mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tlsKim Alvefur2022-01-212-8/+17
| | | | | | | | | | So that the same TLS context is used for both Direct TLS and starttls, since they are supposed to be functionally identical apart from the few extra round trips. A new event is added because the 's2s-created' event fires much later, after a connection has already been established, where we need the TLS context before that.
* mod_s2s: Enable outgoing Direct TLS connectionsKim Alvefur2022-01-211-2/+9
| | | | | | | | | | Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.
* mod_storage_xep0227: Fix luacheck warningMatthew Wild2022-01-171-1/+1
|
* mod_storage_xep0227: Fix traceback during iteration of driver storesMatthew Wild2022-01-171-1/+1
| | | | :include(other_set), :add(item)
* mod_storage_xep0227: Fix file export (missing parameter) from refactor in ↵Matthew Wild2022-01-171-1/+1
| | | | 270047afa6af
* mod_http: Increase severity of loading unreachable http modulesKim Alvefur2022-01-151-1/+1
| | | | | | | | This is either caused by an earlier failure to bind http/s ports, in which case that should be corrected, or explicitly disbling the http/s ports, in which case ... why enable http modules? Suggested by jonas’
* mod_http: Skip querying portmanager when http_external_url when is setKim Alvefur2021-11-271-8/+17
| | | | | | | | When http_external_url is set then the portmanager usage only really serves as a check of whether any http service is enabled at all. Should allow generating an URL from prosodyctl when http_external_url is set.
* mod_storage_xep0227: treat roster metadata pseudo-entry correctlyJonas Schäfer2022-01-151-1/+1
| | | | | | | | | | The roster version is stored in a pseudo-item which has the key `false`. The if condition in the touched code attempts to guard against this, but it does not take into account that the jid prepping returns nil instead of false. By moving the jid prepping into the if, we can check for the metadata entry safely.
* mod_storage_xep0227: be defensive against empty vCardJonas Schäfer2022-01-151-1/+1
| | | | | An empty vCard store may look like the empty table, which does not have the `attr` key, which would then blow up in util.stanza.deserialize.
* mod_http: Limit unencrypted http port (5280) to loopback by defaultKim Alvefur2022-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve
* mod_cron: Allow for a small amount of timer driftKim Alvefur2022-01-151-1/+1
| | | | | | | | | If the timer activates a bit early then a task might be just a few seconds short of being allowed to run. This would run such a task rather than wait another hour. The value 0.5% chosen so that a weekly task does not run an entire hour earlier than last time.
* mod_storage_xep0227: Fix luacheck warningsMatthew Wild2022-01-141-2/+2
|
* mod_storage_xep0227: Add API to iterate all stores of a userMatthew Wild2022-01-141-7/+23
|
* mod_storage_xep0227: Skip self-contacts on roster importMatthew Wild2022-01-141-11/+15
|
* mod_http_file_share: Always measure total disk usage for statistics!Kim Alvefur2022-01-111-49/+46
| | | | | | | | | | | Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
* mod_bookmarks: Fix traceback on attempt to convert invalid bookmarkKim Alvefur2022-01-111-4/+9
| | | | | | | | Found by accidentally publishing {urn:xmpp:bookmarks:0}conference instead of :1 due to testing this earlier for the blocking. By the principle of garbage in, garbage out, just generate a bookmark from the item id / JID and carry on with a warning.
* mod_bookmarks: Block publishing to older XEP-0402 v0.3.0 nodeKim Alvefur2022-01-101-1/+8
| | | | | | | | Having both the :0 and :1 nodes would be especially awkward, since there is no upgrade path for this case. In theory, these should be rare since no clients should have been doing XEP-0402 unless mod_bookmarks(2) was enabled. This was guesstimated to be rare with most clients doing XEP-0048 with Private XML.
* mod_storage_xep0227: Fix writing non-user dataKim Alvefur2022-01-101-2/+3
| | | | | | | Attempt to concatenate nil 'user' Not much data actually makes sense but the migrator tries to write or clear these.
* mod_storage_xep0227: Ignore luacheck warningMatthew Wild2022-01-101-1/+1
|
* mod_storage_xep0227: Support for exporting nodes with no stored configurationMatthew Wild2022-01-101-0/+3
|
* mod_storage_xep0227: Allow overriding the input/output layer for XEP-0227 dataMatthew Wild2022-01-101-27/+49
| | | | This can (and will) be used to support in-memory import/export functions.
* mod_bookmarks: Skip migration of legacy data when emptyKim Alvefur2022-01-101-1/+1
| | | | Should save some cycles and not log the debug message on every login.
* mod_bookmarks: Make sure legacy bookmarks node exists to hold access modelKim Alvefur2022-01-101-19/+28
|
* mod_bookmarks: Broadcast notifications per XEP-0048 and XEP-0411Kim Alvefur2022-01-091-0/+34
| | | | For compatibility with clients relying on the notifications
* mod_bookmarks: Add option for disabling upgrade of legacy bookmarksKim Alvefur2022-01-081-1/+3
| | | | | Might be nice to reduce amount of things happening on connect once all users has upgraded
* mod_bookmarks: Unhook PEP service objects on removal from cacheKim Alvefur2022-01-081-1/+4
| | | | See 1dc00ca6ee9d
* util.pubsub: Fix item store resize to "max"Kim Alvefur2022-01-062-0/+2
| | | | | Previously this would end up passing the "max" directly to the underlying storage.
* mod_bookmarks: Override the node configuration if it was wrongEmmanuel Gil Peyrot2022-01-061-0/+20
|
* mod_invites: Comment on module loading for HTTP invite URLsKim Alvefur2022-01-051-0/+1
|
* mod_bookmarks: Remove compatibility with 0.11Emmanuel Gil Peyrot2022-01-041-6/+0
|
* mod_bookmarks: Import mod_bookmarks2 from prosody-modules @ ad7767a9f3eaEmmanuel Gil Peyrot2022-01-041-0/+407
|
* mod_invites_adhoc: Import from prosody-modules@5001104f0275Kim Alvefur2022-01-051-0/+126
|
* mod_invites_register: Import from prosody-modules@797b51043767Kim Alvefur2021-12-291-0/+160
|
* mod_invites: Silence luacheck warningKim Alvefur2022-01-051-1/+1
|
* mod_invites: Import from prosdy-modules@5fc306239db3Kim Alvefur2021-12-271-0/+339
|
* mod_smacks: Log error to silence luacheckKim Alvefur2021-12-311-0/+2
|
* mod_smacks: Limit "old" session resumption countersKim Alvefur2021-12-311-0/+19
| | | | | | Doing this when creating a whole new session seems reasonable because it is already expensive and this is when it may be adding to the old session store, while a successful resumption should be plus-minus zero.
* mod_smacks: Record timestamp with persisted countersKim Alvefur2021-12-311-2/+4
| | | | | For future cleanup routine when people inevitably complain about this data being stored there forever
* mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438Kim Alvefur2021-12-261-1/+1
| | | | | | | | More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.
* mod_auth_internal_hashed: Make SCRAM iteration count configurableKim Alvefur2021-12-261-1/+1
|
* mod_admin_shell: Log creation of incoming s2s connections during pingKim Alvefur2021-12-271-0/+2
| | | | | The 's2s-created' fires just after accepting the TCP connection, before the addresses are known, so this can have some false positives.
* mod_smacks: sprinkle some metrics on itJonas Schäfer2021-12-271-2/+45
|
* mod_admin_shell: Print s2s related events while waiting for pingKim Alvefur2021-12-261-1/+28
| | | | Gives a better idea of what's taking time.
* mod_tombstones: Add some future TODOsKim Alvefur2021-12-231-0/+4
|
* mod_tombstones: Remember deleted accounts #1307Kim Alvefur2021-12-231-0/+75
| | | | | | | | | Presence subscriptions are normally revoked on account deletion, which informs the contact. Sometimes this notification gets lost e.g. due to s2s problems. The accounts JID may also be present e.g. in MUC affiliations, chat group member lists, pubsub subscriptions or other systems. These may grant privileges which would fall to someone who creates the same account again, which this module is meant to prevent.
* mod_smacks: Compact code using new stanza APIKim Alvefur2021-12-221-9/+2
|
* mod_http: Clean up redirects handlers for wildcard on http module unloadKim Alvefur2021-12-221-0/+7
| | | | | These would previously be left behind. Probably mostly harmless except for clogging up the `debug:events()` listing in the console.
* mod_smacks: Use more compact resumption tokensKim Alvefur2021-12-221-2/+2
| | | | | | UUID seems like insane overkill for something user-scoped and not security-sensitive. All that is needed is to avoid conflicts among what should be relatively long-lived sessions.