aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* usermanager, mod_auth_internal_hashed: Support metadata when disabling a userMatthew Wild2023-11-301-1/+2
| | | | | This allows us to store a time, actor, comment and/or reason why an account was disabled, which seems a generally useful thing to support.
* mod_mam: Use for loop in metadata queryKim Alvefur2023-11-261-4/+2
| | | | | | Some storage drivers will perform cleanup after the last iteration, but if only one step is taken this might be delayed until the garbage collector gets to it.
* mod_tokenauth: Ignore invalid grants in storage that have no idMatthew Wild2023-11-291-1/+1
|
* mod_invites: Fix linter issuesMatthew Wild2023-11-291-4/+4
|
* mod_admin_shell: Fix linter issuesMatthew Wild2023-11-291-24/+26
|
* mod_invites: Use new shell-command APIMatthew Wild2023-11-291-22/+25
|
* mod_admin_shell: Remove verbose loggingMatthew Wild2023-11-291-4/+0
|
* mod_admin_shell: Remove timer:info() (it's been debug:timers() for some time)Matthew Wild2023-11-291-3/+0
|
* mod_admin_shell: Support for 'shell-command' items (global and per-host)Matthew Wild2023-11-291-0/+169
| | | | | | This should simplify adding shell commands from other modules, which will reduce the growth of mod_admin_shell and make it easier for community modules to expose commands too.
* mod_admin_shell: Refactor help to data structures for extensibilityMatthew Wild2023-11-291-157/+239
| | | | | This makes it easier for commands added by other modules to add to the help output, for example.
* mod_storage_internal: Clear archive item count cache after experimental trimKim Alvefur2023-11-261-1/+3
| | | | | | | The previous count would be invalid at this point. Should be possible to math out how many items are left, but this is left as future work.
* mod_blocklist: Remove weak cache (and increase default LRU cache size)Kim Alvefur2023-11-261-18/+10
| | | | | | | Weak tables are said to have suboptimal performance, so we might as well get replace it with an increased default LRU cache size. Sorry about the 'and'
* mod_storage_internal: Close lazy-loading list abstraction after trimKim Alvefur2023-11-261-0/+6
| | | | Should be done here too.
* mod_storage_internal: Only close lazy-loading list store abstractionsKim Alvefur2023-11-261-1/+3
| | | | | Since datamanager can fall back to the old method of loading the whole list, which wouldn't come with a :close method.
* mod_storage_internal: Close archive list after completion of iterationKim Alvefur2023-11-231-0/+1
| | | | | This closes the two FDs that the random access list abstraction uses, otherwise they are left to the garbage collector.
* mod_pubsub: Provide some node properties in summary template #1809Kim Alvefur2023-11-221-1/+11
| | | | | | Gives some access to node details which are otherwise hard to determine if you only see the plain text summary, since it is shared based on the pubsub#type setting (or payload xmlns).
* mod_admin_shell: Fix lint [luacheck]Kim Alvefur2023-11-211-10/+8
|
* mod_admin_shell: Add debug:async() command to show blocked async runnersMatthew Wild2023-11-211-0/+65
|
* mod_s2s_auth_dane_in: Bail out on explicit service denialKim Alvefur2023-11-121-0/+1
|
* mod_tokenauth: Include more details in debug logsKim Alvefur2023-11-121-5/+5
| | | | | Had a hard time following what was happening when it did not specify which grant or token was being removed.
* mod_storage_sql: Use UUIDv7 as keysKim Alvefur2023-07-171-1/+1
| | | | | Potentially allows sorting on those directly as they will be in increasing order.
* mod_muc: Switch to module:could() for some implicit access control checksMatthew Wild2023-11-071-2/+2
|
* mod_muc: Allow guest users to list rooms by defaultMatthew Wild2023-11-071-0/+3
|
* mod_muc: Add :list-rooms permissionMatthew Wild2023-11-071-1/+5
|
* mod_tokenauth: Fix saving grants after clearing expired tokensKim Alvefur2023-11-051-4/+4
| | | | | Previously the whole grant was deleted if it found one expired toke, which was not indented.
* mod_s2s_auth_certs: Remove LuaSec compat that moved to net.serverKim Alvefur2023-11-041-6/+1
|
* muc.register: Clarify what's going on when enforcing nicknamesKim Alvefur2023-11-031-0/+2
| | | | Does this make it clearer what is going on?
* mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabledKim Alvefur2023-11-021-0/+6
| | | | Simplifies configuration, only one already existing boolean to flip.
* mod_s2s_auth_dane_in: DANE support for s2sinKim Alvefur2023-11-011-0/+114
| | | | | Complements the DANE support for outgoing connections included in net.connect
* mod_bosh: Include stream attributes in stream-features eventMatthew Wild2023-10-281-1/+1
| | | | | This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when used with BOSH (that module tries to use event.stream.from).
* mod_saslauth: Clear 'auto' from endpoint hash var, it's not a real hash ↵Matthew Wild2023-10-261-0/+1
| | | | (thanks tmolitor)
* mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by defaultMatthew Wild2023-10-262-14/+23
| | | | | | | | | | | | | | | | | | | | | | This channel binding method is now enabled when a hash is manually set in the config, or it attempts to discover the hash automatically if the value is the special string "auto". A related change to mod_c2s prevents complicated certificate lookups in the client connection hot path - this work now happens only when this channel binding method is used. I'm not aware of anything else that uses ssl_cfg (vs ssl_ctx). Rationale for disabling by default: - Minor performance impact in automatic cert detection - This method is weak against a leaked/stolen private key (other methods such as 'tls-exporter' would not be compromised in such a case) Rationale for keeping the implementation: - For some deployments, this may be the only method available (e.g. due to TLS offloading in another process/server).
* mod_saslauth: Fix traceback in tls-server-end-point channel bindingMatthew Wild2023-10-261-3/+8
|
* mod_admin_shell: Make 'Role' column dynamically sizedKim Alvefur2023-10-261-1/+1
| | | | | | | Some of the new roles don't quite fit nicely into 4 characters (excluding ellipsis). Given the ability to dynamically add additional roles from the config and possibly from modules, it seems better to just make it a relative size since we can't know how long they will be.
* mod_saslauth: Actively close cert file after readingMatthew Wild2023-10-241-0/+1
| | | | Explicit > implicit
* mod_saslauth: Fix read format string (thanks tmolitor)Matthew Wild2023-10-241-1/+1
|
* mod_cron: Make task frequencies configurable in overly generic mannerKim Alvefur2023-10-221-5/+4
| | | | Requested feature for many modules, notably MAM and file sharing.
* mod_saslauth: Get correct 'tls-server-end-point' with new LuaSec APIKim Alvefur2022-10-231-12/+15
| | | | | | MattJ contributed new APIs for retrieving the actually used certificate and chain to LuaSec, which are not in a release at the time of this commit.
* mod_c2s: Add session.ssl_cfg/ssl_ctx for direct TLS connectionsMatthew Wild2022-09-071-0/+8
|
* mod_saslauth: Derive hash from certificate per tls-server-end-pointKim Alvefur2021-06-291-0/+34
| | | | | | | | | | | This originally used a WIP implementation of cert:sigalg(), a method to retrieve certificate signature algorithm, but it was never submitted upstream. https://github.com/Zash/luasec/tree/zash/sigalg cert:getsignaturename() was merged in https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049 XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
* mod_saslauth: Support tls-server-end-point via manually specified hashKim Alvefur2020-12-071-0/+13
| | | | | | | | Since this channel binding method is said to enable TLS offloading then you need tell Prosody the hash (or the full cert), so this seems like a good start. Support is RECOMMENDED in XEP-0440 version 0.2
* mod_tokenauth: Set name/description on cleanup jobKim Alvefur2023-10-211-1/+1
|
* mod_tokenauth: Save grant after removing expired tokensKim Alvefur2023-10-211-0/+5
| | | | Ensures the periodic cleanup really does remove expired tokens.
* mod_tokenauth: Periodically clear out expired tokens and grantsKim Alvefur2023-10-091-0/+6
| | | | This should ensure expired grants eventually disappear.
* mod_tokenauth: Delete grants without tokens after periodKim Alvefur2023-10-161-0/+8
| | | | | | | | | | Generally it is expected that a grant would have at least one token as long as the grant is in active use. Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by default, so the idea here is that if that refresh token expired and another week goes by without the grant being used, then the whole grant can be removed.
* mod_tokenauth: Clear expired tokens on grant retrievalKim Alvefur2023-10-091-1/+8
|
* mod_tokenauth: Delete grants in the wrong formats on retrievalKim Alvefur2023-10-091-0/+5
|
* mod_cron: Remove unused import [luacheck]Kim Alvefur2023-10-151-1/+0
| | | | Use of datetime was removed in 6ac5ad578565
* Merge 0.12->trunkKim Alvefur2023-10-151-1/+1
|\
| * mod_muc_mam: Improve wording of enable settingKim Alvefur2023-10-151-1/+1
| | | | | | | | | | | | | | | | Suggested by jstein in the chat This option label is used by XMPP clients to explain what the option does. a) The user should know where the data is archived. b) The user needs a statement that can be enabled/disabled by the variable. A question would have the wrong logic here.