aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
| * mod_dialback: Use correct host for certificate check (fixes #1381)Kim Alvefur2019-06-231-2/+1
| |
| * mod_dialback: Use constant-time comparison with hmacMatthew Wild2021-05-121-1/+2
| |
| * mod_proxy65: Restrict access to local c2s connections by defaultMatthew Wild2021-05-121-4/+12
| | | | | | | | | | Previously no 'proxy65_acl' option would allow unrestricted access by local or remote JIDs.
| * mod_limits: Use default limits if none configuredMatthew Wild2021-05-111-1/+10
| |
| * mod_limits: Don't emit error when no burst period is configuredMatthew Wild2021-05-111-1/+1
| |
| * MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#infoMatthew Wild2021-05-101-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | The de-facto interpretation of this (undocumented) option is to indicate to the client whether it is allowed to invite other users to the MUC. This is differs from the existing option in our config form, which only controls the behaviour of sending of invites in a members-only MUC (we always allow invites in open rooms). Conversations is one client known to use this disco#info item to determine whether it may send invites.
| * mod_auth_internal_{plain,hashed}: Use constant-time string comparison for ↵Matthew Wild2021-05-102-3/+5
| | | | | | | | secrets
| * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default ↵Matthew Wild2021-05-075-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.
* | mod_tls: Fix order of debug messages and tls context creationKim Alvefur2021-05-051-2/+2
| | | | | | | | | | Originally added in 5b048ccd106f Merged wrong in ca01c449357f
* | s2s et al.: Add counters for connection state transitionsJonas Schäfer2021-04-213-11/+50
| |
* | mod_s2s: Port to new OpenMetrics APIJonas Schäfer2021-04-181-10/+26
| |
* | mod_c2s: Port to new OpenMetrics APIJonas Schäfer2021-04-181-10/+16
| |
* | Statistics: Rewrite statistics backends to use OpenMetricsJonas Schäfer2021-04-181-235/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The metric subsystem of Prosody has had some shortcomings from the perspective of the current state-of-the-art in metric observability. The OpenMetrics standard [0] is a formalization of the data model (and serialization format) of the well-known and widely-used Prometheus [1] software stack. The previous stats subsystem of Prosody did not map well to that format (see e.g. [2] and [3]); the key reason is that it was trying to do too much math on its own ([2]) while lacking first-class support for "families" of metrics ([3]) and structured metric metadata (despite the `extra` argument to metrics, there was no standard way of representing common things like "tags" or "labels"). Even though OpenMetrics has grown from the Prometheus world of monitoring, it maps well to other popular monitoring stacks such as: - InfluxDB (labels can be mapped to tags and fields as necessary) - Carbon/Graphite (labels can be attached to the metric name with dot-separation) - StatsD (see graphite when assuming that graphite is used as backend, which is the default) The util.statsd module has been ported to use the OpenMetrics model as a proof of concept. An implementation which exposes the util.statistics backend data as Prometheus metrics is ready for publishing in prosody-modules (most likely as mod_openmetrics_prometheus to avoid breaking existing 0.11 deployments). At the same time, the previous measure()-based API had one major advantage: It is really simple and easy to use without requiring lots of knowledge about OpenMetrics or similar concepts. For that reason as well as compatibility with existing code, it is preserved and may even be extended in the future. However, code relying on the `stats-updated` event as well as `get_stats` from `statsmanager` will break because the data model has changed completely; in case of `stats-updated`, the code will simply not run (as the event was renamed in order to avoid conflicts); the `get_stats` function has been removed completely (so it will cause a traceback when it is attempted to be used). Note that the measure_*_event methods have been removed from the module API. I was unable to find any uses or documentation and thus deemed they should not be ported. Re-implementation is possible when necessary. [0]: https://openmetrics.io/ [1]: https://prometheus.io/ [2]: #959 [3]: #960
* | mod_tls: Bail out if session got destroyed while sending <proceed/>Kim Alvefur2021-04-151-0/+1
| | | | | | | | | | | | | | Can happen in case opportunistic_writes is enabled and the session got destroyed while writing that tag. Thanks Ge0rG
* | mod_c2s: Fix traceback if session was destroyed while opening stream (thanks ↵Kim Alvefur2021-04-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | Ge0rG) Could happen with the 'opportunistic_writes' setting, since then the stream opening is written directly to the socket, which can in turn trigger session destruction if the socket somehow got closed just after the other sent their stream header. Error happens later when it tries to `hosts[session.host == nil].events`
* | Merge 0.11->trunkKim Alvefur2021-04-102-4/+15
|\|
| * mod_saslauth: Use a defined SASL errorKim Alvefur2021-03-181-1/+1
| |
| * mod_saslauth: Improve code styleKim Alvefur2021-03-181-1/+3
| | | | | | | | | | | | This many returns deserve their own line. `session["sasl_handler"]` style isn't used anywhere else.
| * mod_c2s: Log about missing conn on async state changesKim Alvefur2021-03-181-0/+4
| |
| * mod_c2s: Improve code styleKim Alvefur2021-03-181-2/+6
| | | | | | | | | | We don't use the quoted table indexing style that often, it's not needed here and it's enough to check for falsyness rather than `nil`.
| * mod_c2s: Fix traceback in session close when conn is nilKim Alvefur2021-03-171-2/+2
| | | | | | | | Unclear how this happens.
| * mod_saslauth: Don't throw errors in async code when connections are gonetmolitor2021-03-181-0/+1
| | | | | | | | Fixes #1515
| * mod_c2s: Don't throw errors in async code when connections are gonetmolitor2021-03-181-2/+2
| | | | | | | | Fixes #1507
* | mod_admin_shell: Remove obsolete checks related to s2sout.libKim Alvefur2021-04-061-14/+1
| | | | | | | | | | s2sout.lib was removed in 756b8821007a along with srv_hosts and srv_choice
* | mod_http_file_share: Include expiry time of the upload itself in tokenKim Alvefur2021-04-051-0/+1
| | | | | | | | | | | | Lets an external upload service know this so it can do expiry itself. Could possibly have been calculated based on the token expiry or issuance time, explicit > implicit.
* | mod_http_file_share: Include time of issuance in auth tokenKim Alvefur2021-04-051-1/+3
| | | | | | | | | | In case an external upload service wants to have the original creation time, or calculate the token expiry itself.
* | mod_http_file_share: Group related properties for readabilityKim Alvefur2021-04-051-2/+6
| |
* | mod_http_file_share: Log error opening file for writingKim Alvefur2021-04-051-2/+3
| | | | | | | | util.error.coerce() doesn't work well with iolib
* | mod_http_file_share: Fix logging of error opening fileKim Alvefur2021-04-051-1/+1
| | | | | | | | It's annoying that Lua interpolates the filename into the error message.
* | MUC: Allow overriding occupant object from groupchat message eventKim Alvefur2021-03-251-4/+9
| | | | | | | | | | | | | | Use case: Enable module that provides a virtual occupant object for bots Before, if there is no occupant then either some other part of MUC would reject the message or `occupant.nick` would have caused an error.
* | mod_http_file_share: Include storage in prune time measurementKim Alvefur2021-03-311-1/+1
| | | | | | | | Maybe the original idea was that you would measure storage separately?
* | mod_http_file_share: Add internal command to check files consistencyKim Alvefur2021-03-281-0/+18
| | | | | | | | | | | | Background: Found a few files in my store that did not match the size recorded in the slot, so I needed a way to check which which those were. As it was a bit too much to type into the shell I added it here instead.
* | mod_http_file_share: Fix reporting of missing filesKim Alvefur2021-03-281-2/+5
| | | | | | | | | | | | | | This just gave an unhelpful 500 error. It would be nice to have some wrapper code that could untangle the embedded filename in the io libs errors.
* | MUC: Report number of live rooms to statsmanagerKim Alvefur2021-03-281-0/+5
| | | | | | | | Should help inform on whether the cache size should be increased.
* | mod_http_file_share: Report number of items in caches to statsmanagerKim Alvefur2021-03-281-0/+8
| | | | | | | | | | | | This is neat, O(1) reporting, why don't we do this everywhere? Gives you an idea of how much stuff is in the caches, which may help inform decisions on whether the size is appropriate.
* | mod_message: Stop advertising offline message support (mod_offline does that)Kim Alvefur2021-03-241-2/+0
| | | | | | | | mod_offline also already advertises this feature, so it's added twice.
* | mod_admin_shell: Sort timers by time in debug:timers()Kim Alvefur2021-03-231-1/+6
| | | | | | | | | | Easier to see which timers are happening soon vs further in the future if they are in some sensible order.
* | mod_c2s: Log a debug message before closing due to c2s_timeoutKim Alvefur2021-03-231-0/+1
| | | | | | | | | | | | | | It was confusing that the connection would just close without much explanation. Wanted this while investigating https://github.com/conversejs/converse.js/issues/2438
* | mod_authz_internal: Ignore unused argument for now [luachec]Kim Alvefur2021-03-221-1/+1
| |
* | mod_authz_internal: add support for setting roles of a local userJonas Schäfer2021-03-221-1/+8
| |
* | mod_pubsub: Include <pubsub> with unsubscribe replyKim Alvefur2021-03-151-1/+7
| | | | | | | | | | | | | | | | | | XEP-0060 6.2.2 This is a MAY but it makes it nice and symmetric with the subscription response. Reduces the need to remember which node you unsubscribed from. Explicit > implicit etc.
* | mod_csi_simple: s/algoritm/algorithm/ [codespell]Kim Alvefur2021-03-051-1/+1
| |
* | mod_s2s: Buffer stream error + stream closing tagKim Alvefur2021-03-031-1/+4
| | | | | | | | | | In "opportunistic writes" mode, prevents ondisconnect from happening while writing the stream closing tag.
* | mod_s2s: Check direction in bidi-aware styleKim Alvefur2021-03-031-1/+1
| | | | | | | | | | | | Both session.incoming and session.outgoing are truthy here, but session.direction indicates the "real" direction in the way that matters for the order of events when opening or closing streams.
* | mod_s2s: Add config setting to enable DANEKim Alvefur2021-03-021-0/+1
| |
* | mod_http: Consolidate handling of proxied connection detailsKim Alvefur2021-02-271-9/+9
| | | | | | | | | | Trying to move everything relating to proxies and X-Forwarded-Foo into a single place.
* | net.http.server: Set request.ip so mod_http doesn't have toKim Alvefur2021-02-271-1/+1
| | | | | | | | | | | | | | | | Because it already sets request.secure, which depends on the connection, just like the IP, so it makes sense to do both in the same place. Dealing with proxies can be left to mod_http for now, but maybe it could move into some util some day?
* | Merge 0.11->trunkKim Alvefur2021-02-271-3/+3
|\|
| * mod_http: Restore ip field for requests without proxiesKim Alvefur2021-02-271-2/+2
| | | | | | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy.
| * mod_http: Fix trusted proxies check (thanks buildbot)Kim Alvefur2021-02-181-1/+1
| | | | | | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 02:20:34 +0000