aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_storage_sql: Use integer config option for cache sizeKim Alvefur2023-07-181-1/+1
| | | | | | | | Missed this one, was probably only looking for get_option_number
* | mod_storage_sql: Use config enum for 'sqlite_tune'Kim Alvefur2023-07-181-1/+1
| |
* | mod_storage_sql: Allow higher precision timestamps in SQLite3Kim Alvefur2023-07-171-1/+5
| | | | | | | | Since it doesn't actually do strict typing :)
* | mod_http: Fix passing minimum limits in wrong argument positionKim Alvefur2023-07-171-2/+2
| |
* | plugins: Use integer config API with interval specification where sensibleKim Alvefur2023-07-1726-47/+48
| | | | | | | | | | | | | | Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff
* | plugins: Switch to :get_option_period() for time range optionsKim Alvefur2023-07-1618-38/+24
| | | | | | | | Improves readability ("1 day" vs 86400) and centralizes validation.
* | plugins: Use get_option_enum where appropriateKim Alvefur2021-01-165-8/+11
| |
* | mod_storage_sql: Remove completed TODO (testing UPSERT on PostgreSQL)Kim Alvefur2023-07-121-1/+0
| |
* | mod_storage_internal: Implement efficient deletion of oldest archive itemsKim Alvefur2023-07-121-0/+22
| | | | | | | | | | | | | | | | Using the new shift function in datamanager, either the oldest items are removed or all the later items are moved into a new file that replaces the old. Hidden behind a feature flag for now.
* | Merge 0.12->trunkKim Alvefur2023-07-101-1/+1
|\|
| * mod_pubsub: Send correct jid attribute in disco#itemsKim Alvefur2023-07-081-1/+1
| | | | | | | | Fixes use in PEP where the JID does not equal the bare domain.
* | mod_http_file_share: Put 'expires' back, thought it was unusedKim Alvefur2023-07-021-0/+1
| | | | | | | | | | | | Removed in 536055476912 because it was not used anywhere else in the file, but per the documentation it is meant to inform external upload services of the expiry time of the upload itself.
* | core, plugins: Split prosody:user role into prosody:{guest,registered,member}Matthew Wild2023-06-297-44/+49
| | | | | | | | | | | | | | This gives us more granular control over different types of user account. Accounts registered by IBR get assigned prosody:registered by default, while accounts provisioned by an admin (e.g. via prosodyctl shell) will receive prosody:member by default.
* | mod_http_file_share: Set slot token TTL so util.jwt validates expiryKim Alvefur2023-06-281-2/+1
| | | | | | | | | | | | Overrides the util.jwt default of 1h with the intended TTL of 10 minutes. Because util.jwt now has its own expiry checks, so the 'expiry' field is no longer used and can thus be removed.
* | renamening: Fix newly added imports to use the new namespaceKim Alvefur2023-06-182-2/+2
| |
* | mod_invites: Refactor argument handling using util.argparseKim Alvefur2022-01-121-63/+59
| | | | | | | | | | | | | | | | | | | | This makes it so that --admin and --role are no longer mutually exclusive, they the former is simply treated as another --role. This was likely a leftover from when only a single role was possible. It does however become unclear which should be the primary, since the order is not preserved by argparse. Bonus: Loading of modules is avoided with only the --help is shown.
* | mod_storage_sql: Fix column name in index check for PostgreSQLKim Alvefur2023-06-171-1/+1
| | | | | | | | Forgot to change the column name in 9a7523ea45cb
* | mod_storage_sql: Adjust indentation to align with surrounding codeKim Alvefur2023-06-171-3/+3
| |
* | mod_storage_sql: Only remove old index if it existsKim Alvefur2023-06-171-9/+11
| | | | | | | | Avoids an error if the upgrade is performed twice..
* | mod_storage_sql: Be more specific when checking for old index in SQLite3Kim Alvefur2023-06-171-1/+1
| | | | | | | | | | Prevents false positives in the odd case where something other than an index with this name might exist.
* | mod_storage_sql: Improve check for old table index on PostgreSQLKim Alvefur2023-06-161-1/+1
| | | | | | | | The "pg_indexes" view is much simpler to inspect than "pg_class"
* | mod_storage_sql: Enable UPSERT with PostgreSQLKim Alvefur2023-06-161-1/+1
| | | | | | | | Tested. Works.
* | mod_storage_sql: Add some TODO comments for future UPSERT workKim Alvefur2023-06-111-0/+2
| |
* | mod_storage_sql: Do not keep track of quota when no quota is setKim Alvefur2023-06-111-20/+29
| | | | | | | | | | | | | | | | | | No point in doing this expensive O(n) query if the result is not used for anything. Will still cache the total item count if an explicit query for this is performed, then try to keep it updated with new items added. Will likely forget eventually tho.
* | mod_storage_sql: Add setting to tune SQLite3 performance vs safetyKim Alvefur2023-06-111-0/+38
| | | | | | | | | | Notably the default journal_mode of DELETE is somewhat slow, some users might want to catch up to the amazing performance of internal storage.
* | mod_storage_sql: Record all SQLite3 compile options for potential useKim Alvefur2023-06-101-4/+6
| | | | | | | | | | Knowing what features are available could be useful for future experiments. For example, with the JSON module or full text search.
* | mod_storage_sql: Compose a keyval+ store out of keyval and map store methodsKim Alvefur2023-06-101-0/+17
| | | | | | | | | | | | | | Removes the need for the shim in storagemanager. The methods only really access the 'store' property of the first (self) argument, so this is safe.
* | mod_storage_sql: Add UPSERT supportKim Alvefur2023-06-101-7/+41
| | | | | | | | | | | | | | Currently limited to SQLite3 for lack of testing on other databases. Adds a migration to replace the non-UNIQUE prosody_index, renaming it prosody_unique_index since ALTER INDEX does not seem to be portable.
* | Merge 0.12->trunkKim Alvefur2023-06-101-1/+1
|\|
| * mod_http: Fix error if 'access_control_allow_origins' is setKim Alvefur2023-06-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | Because it changes the type of the 'opt_origins' variable from util.set to the internal _items table so next time an http app is added an error "attempt to call a nil value (method 'empty')" is triggered. The value is not used anywhere else. Noticed when reviewing uses of the '_items' set property. Not reported by any users, implying this setting is rarely used.
* | mod_http: Simplify conversion of Set to ArrayKim Alvefur2023-06-101-1/+1
| | | | | | | | | | Avoids the _items semi-private value, that is used everywhere for some reason.
* | mod_storage_internal: Use a binary search for time based rangesKim Alvefur2021-05-121-8/+55
| | | | | | | | | | | | | | | | | | Iterating over an entire archive to find a few items in the far end from where iteration started is expensive, and probably more expensive with the lazy-loading of items added in the previous commit. Since we can now efficiently read items in random order, we can now use a binary search to find a better starting point for iteration.
* | mod_storage_internal: Lazy-load archive items while iteratingKim Alvefur2021-05-121-59/+57
| | | | | | | | | | | | | | | | | | | | Very large list files previously ran into limits of the Lua parser, or just caused Prosody to freeze while parsing. Using the new index we can parse individual items one at a time. This probably won't reduce overall CPU usage, probably the opposite, but it will reduce the number of items in memory at once and allow collection of items after we iterated past them.
* | mod_admin_shell: Use new serialize preset to simplify default configKim Alvefur2023-06-091-2/+5
| | | | | | | | Two pairs replaced by one. Blame lua-format for the line diff delta.
* | mod_admin_shell: Warn when (un-)loading module would be undone by restartKim Alvefur2023-06-061-0/+12
| | | | | | | | Reminder to update the configuration if the change is to be permanent.
* | mod_http: Make RFC 7239 Forwarded opt-in for now to be safeKim Alvefur2023-06-031-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Supporting both methods at the same time may open to spoofing attacks, whereby a client sends a Forwarded header that is not stripped by a reverse proxy, leading Prosody to use that instead of the X-Forwarded-* headers actually sent by the proxy. By only supporting one at a time, it can be configured to match what the proxy uses. Disabled by default since implementations are sparse and X-Forwarded-* are everywhere.
* | mod_http: Use RFC 7239 Forwarded header to find original client IPKim Alvefur2023-06-031-1/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Prefer over X-Forwarded-* since it has an actual specification. Main practical difference is that Forwarded may carry more properties than only the IP address since it is a structured header. Since we parse it into an array, it is easier to do the logical thing and iterate backwards trough proxies until an untrusted one is encountered. Compare the handling of X-Forwarded-For. The 'secure' field now accounts for the full chain of proxies, which must be secure all the way to be considered secure.
* | mod_http: Handle bracketed IP address format from RFC 7239Kim Alvefur2023-06-031-0/+6
| | | | | | | | | | | | There are hints that this format might be used in X-Forwarded-For as well, so best handle it everywhere. Strips both brackets and optional port number.
* | mod_admin_shell: Show internal URL where different from externalKim Alvefur2023-05-281-4/+8
| |
* | Merge 0.12->trunkKim Alvefur2023-05-241-0/+4
|\|
| * mod_s2s: Add event where resolver for s2sout can be tweakedKim Alvefur2022-08-181-0/+4
| | | | | | | | | | | | | | | | Could be used to implement custom connection methods (c.f. mod_onions) without needing to duplicate the rest of route_to_new_session(). Adds a feature to enable detection since it can be difficult to detect support for an event otherwise.
* | mod_admin_shell: Show internal URL in addition to external in http:listKim Alvefur2023-05-241-5/+8
| | | | | | | | To help with configuring reverse proxies.
* | mod_http: Add way to retrieve internal URL instead of externalKim Alvefur2023-05-241-2/+2
| | | | | | | | | | | | | | | | This could be of help when configuring reverse proxies, as it is the internal URL the proxy must point at. Argument treated as an enum "internal" "external"(default) to allow for future extensibility.
* | mod_admin_shell: Allow logging HTTP events with debug:logevents("http")Kim Alvefur2023-05-141-0/+3
| | | | | | | | | | Mirroring debug:events("http"), and to replace the "Firing event: GET /" log lines in net.http.server
* | mod_admin_shell: Allow logging global events with debug:logevents("*")Kim Alvefur2023-05-141-1/+5
| | | | | | | | Missing feature. It should behave like debug:events()
* | mod_tokenauth: Support selection of _no_ role at allKim Alvefur2023-05-071-5/+6
| | | | | | | | | | | | If a grant does not have a role, we should not go and make one up. While not very useful for XMPP if you can't even login, it may be useful for OAuth2/OIDC.
* | mod_tokenauth: Return error instead of session for token without roleKim Alvefur2023-05-071-1/+3
| | | | | | | | | | Such a session triggers errors in module:may or other places since it is generally expected that a session must have a role.
* | mod_adhoc: Silence permission errors when listing commandsKim Alvefur2023-05-071-3/+3
| | | | | | | | | | | | | | | | | | Since throwing a pile of 'access denied', even at debug level, seems akin to calling wolf :) Cutting down on debug noise is also good. Passing a flag instead of using module:could seemed easier here.
* | mod_invites: Fix password reset invitesKim Alvefur2023-05-071-1/+1
| | | | | | | | Caused by roles changing from table|nil to always table in c2616274bef7
* | core.sessionmanager: Delay closing a replaced connection after replacementKim Alvefur2023-05-071-0/+1
| | | | | | | | | | | | | | | | | | | | Closing the session invokes ondisconnect and session close logic, including mod_smacks hibernation and the timer that destroys the session after a timeout. By closing the connection after it has been detached from the sessions table it will no longer invoke the ondetach handler, which should prevent the above problem.