aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_admin_adhoc: Log who performs administrative actionsKim Alvefur2021-06-271-13/+25
| | | | | | | | Goal is to have some accountability for these privileged actions.
* | mod_admin_adhoc: Delete "Get User Password" commandKim Alvefur2021-06-271-36/+0
| | | | | | | | | | | | | | | | | | This doesn't really make sense today. It doesn't even work with mod_auth_internal_hashed, which should be the default. And even with a supporting authentication module, why would we just hand out the password? One use case may be to recover a forgotten password. While not yet included with Prosody, there are better ways to handle forgotten passwords, usually by resetting them to a new password.
* | mod_pubsub,mod_pep: Support "max" as 'pubsub#max_items'Kim Alvefur2021-06-093-10/+25
| | | | | | | | | | | | Fixes #1643 API change: The argument to archive_itemstore() changes type to integer
* | mod_external_services: Report overall status as a module statusKim Alvefur2021-06-211-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Because during startup, if all items are provided by a different module (e.g. mod_turn_external) then this would log a scary warning even if everything is fine after that other module has been loaded. This way, any persistent problematic state is reported in the console. Errors with individual items should still be reported by prepare(). Now, if you load mod_external_services alone without configuring any services, no error or warning is reported in the log, but maybe that's not so bad with it reported in the console.
* | mod_external_services: Validate items as they are addedKim Alvefur2021-06-211-0/+4
| |
* | mod_external_services: Also validate services added by other modulesKim Alvefur2021-06-211-1/+2
| | | | | | | | | | | | | | | | This ensures that problems with entries added other modules, e.g. mod_turn_external, are reported on startup. However, this depends on load order and whether a `module:depends()` call comes before the `module:add_item()` call. A followup commit will do something about that.
* | mod_storage_sql: Fix for move of yes/no function (Thanks Kasim)Kim Alvefur2021-06-211-2/+2
| |
* | mod_s2s: Remove duplicate method call (thanks luacheck)Kim Alvefur2021-06-211-1/+0
| | | | | | | | Should have been removed in the previous commit.
* | mod_s2s: Guard against LuaSec not returning TLS info here tooKim Alvefur2021-06-211-1/+2
| | | | | | | | See previous commit to mod_c2s: a62146353528
* | mod_c2s: Guard against LuaSec not returning TLS info (thanks Martin)Kim Alvefur2021-06-211-4/+4
| | | | | | | | | | | | | | | | | | The :info() method has been observed to return nothing ... sometimes. Unclear what causes it. Perhaps the TLS connection was shut down or hasn't fully settled? The LuaSec code has code paths that return nothing or nil, error, so it is best to guard against it.
* | mod_c2s: Log the same messages for Direct TLS as with starttlsKim Alvefur2021-06-201-1/+6
| | | | | | | | ^C^V
* | mod_c2s: Update a comment to reflect Direct TLSKim Alvefur2021-06-201-1/+1
| |
* | mod_c2s: Add a Direct TLS listenerKim Alvefur2021-06-201-0/+10
| | | | | | | | | | This only differs from 'legacy_ssl' in name, at least on the server side. For clients this is the one that uses SRV records.
* | mod_http_file_share: Update comment about x-frame-optionsKim Alvefur2021-06-201-1/+1
| | | | | | | | | | | | | | | | | | X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)
* | mod_s2s: Bail if connection is destroyed after attempting to open streamKim Alvefur2021-06-161-0/+5
| | | | | | | | | | | | | | | | | | | | Fixes "attempt to compare number with nil" because `session.version` has been cleared by s2smanager.destroy_session. This can happen with the server_epoll setting opportunistic_writes enabled, which means that it can notice that the connection failed at this point, after which it triggers the whole chain of events that leads to session destruction and "cleaning" most of the session fields.
* | mod_c2s,mod_s2s: Collect stats on TLS versions and ciphersKim Alvefur2021-06-162-0/+13
| |
* | mod_admin_shell: module:info: List 'items' that can be formatted easilyKim Alvefur2021-06-121-0/+14
| | | | | | | | | | Some items like HTTP providers would be very verbose, others are tricky to handle.
* | mod_admin_shell: module:info: Show friendlier name for known 'items'Kim Alvefur2021-06-121-1/+9
| |
* | mod_admin_shell: module:info: List provided 'items'Kim Alvefur2021-06-121-0/+6
| |
* | mod_admin_shell: module:info: Use existing host string representationKim Alvefur2021-06-121-8/+2
| | | | | | | | | | | | Hosts have a metatable __tostring method that produces a nice representation such as `VirtualHost "example.com"`, which even includes the component module for internal components.
* | mod_admin_shell: module:info: List dependenciesKim Alvefur2021-06-121-0/+6
| |
* | mod_admin_shell: module:info: Show module statusKim Alvefur2021-06-121-0/+3
| |
* | mod_admin_shell: Add basic command that shows more info about loaded modulesKim Alvefur2021-06-121-0/+29
| | | | | | | | | | To show info about loaded modules. Inspired by the desire to know whether a module was loaded from the core set or 3rd party.
* | mod_turn_external: Simple module to offer TURN(+STUN) via mod_external_servicesKim Alvefur2021-01-211-0/+28
| |
* | mod_http_file_share: Build list of measuring buckets for configured size limitKim Alvefur2021-06-081-1/+7
| | | | | | | | | | Creates buckets up to the configured size limit or 1TB, whichever is smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
* | mod_server_contact_info: Generate properly escaped URIs from 'admins'Kim Alvefur2020-09-111-1/+2
| |
* | mod_server_contact_info: Apply JID normalizationKim Alvefur2020-09-111-1/+2
| |
* | mod_tls: Add "support" for <failure> by closing gracefullyKim Alvefur2021-05-211-0/+6
| | | | | | | | Nicer than the "unsupported stanza type" error we get otherwise.
* | mod_csi_simple: convert to use new metric interface for flush reasonsJonas Schäfer2021-05-201-10/+7
| |
* | mod_http_file_share: Handle out of bounds Range requestKim Alvefur2021-05-171-3/+8
| | | | | | | | | | | | | | Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.
* | Merge 0.11->trunkKim Alvefur2021-05-161-12/+0
|\|
| * mod_pep: Remove obsolete node restoration code (now done by util.pubsub)Kim Alvefur2021-05-161-12/+0
| | | | | | | | | | | | | | | | | | | | | | | | Originally added in 202b9951b037 but util.pubsub gained a better method in 6c2c2fc4b8dd since then, which mod_pep uses since 9194431b6447 which should have deleted this. All these :create calls would have failed with a 'conflict' error, since the nodes had already been created. This was never noticed because of missing error handling. Also note that this code did not restore node configuration.
* | mod_http_file_share: Support download resumption via Range requestsKim Alvefur2021-05-161-0/+20
| | | | | | | | | | | | | | | | Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
* | Merge 0.11->trunkMatthew Wild2021-05-1311-41/+48
|\|
| * mod_dialback: Remove d-w-d feature0.11.9Kim Alvefur2021-05-122-23/+1
| | | | | | | | | | | | | | Backs out 1d0862814bfc and 2fdd71b08126 Largely unused, undocumented and did not have enough tests to provide confidence in its correct operation.
| * mod_dialback: Use correct host for certificate check (fixes #1381)Kim Alvefur2019-06-231-2/+1
| |
| * mod_dialback: Use constant-time comparison with hmacMatthew Wild2021-05-121-1/+2
| |
| * mod_proxy65: Restrict access to local c2s connections by defaultMatthew Wild2021-05-121-4/+12
| | | | | | | | | | Previously no 'proxy65_acl' option would allow unrestricted access by local or remote JIDs.
| * mod_limits: Use default limits if none configuredMatthew Wild2021-05-111-1/+10
| |
| * mod_limits: Don't emit error when no burst period is configuredMatthew Wild2021-05-111-1/+1
| |
| * MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#infoMatthew Wild2021-05-101-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | The de-facto interpretation of this (undocumented) option is to indicate to the client whether it is allowed to invite other users to the MUC. This is differs from the existing option in our config form, which only controls the behaviour of sending of invites in a members-only MUC (we always allow invites in open rooms). Conversations is one client known to use this disco#info item to determine whether it may send invites.
| * mod_auth_internal_{plain,hashed}: Use constant-time string comparison for ↵Matthew Wild2021-05-102-3/+5
| | | | | | | | secrets
| * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default ↵Matthew Wild2021-05-075-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.
* | mod_tls: Fix order of debug messages and tls context creationKim Alvefur2021-05-051-2/+2
| | | | | | | | | | Originally added in 5b048ccd106f Merged wrong in ca01c449357f
* | s2s et al.: Add counters for connection state transitionsJonas Schäfer2021-04-213-11/+50
| |
* | mod_s2s: Port to new OpenMetrics APIJonas Schäfer2021-04-181-10/+26
| |
* | mod_c2s: Port to new OpenMetrics APIJonas Schäfer2021-04-181-10/+16
| |
* | Statistics: Rewrite statistics backends to use OpenMetricsJonas Schäfer2021-04-181-235/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The metric subsystem of Prosody has had some shortcomings from the perspective of the current state-of-the-art in metric observability. The OpenMetrics standard [0] is a formalization of the data model (and serialization format) of the well-known and widely-used Prometheus [1] software stack. The previous stats subsystem of Prosody did not map well to that format (see e.g. [2] and [3]); the key reason is that it was trying to do too much math on its own ([2]) while lacking first-class support for "families" of metrics ([3]) and structured metric metadata (despite the `extra` argument to metrics, there was no standard way of representing common things like "tags" or "labels"). Even though OpenMetrics has grown from the Prometheus world of monitoring, it maps well to other popular monitoring stacks such as: - InfluxDB (labels can be mapped to tags and fields as necessary) - Carbon/Graphite (labels can be attached to the metric name with dot-separation) - StatsD (see graphite when assuming that graphite is used as backend, which is the default) The util.statsd module has been ported to use the OpenMetrics model as a proof of concept. An implementation which exposes the util.statistics backend data as Prometheus metrics is ready for publishing in prosody-modules (most likely as mod_openmetrics_prometheus to avoid breaking existing 0.11 deployments). At the same time, the previous measure()-based API had one major advantage: It is really simple and easy to use without requiring lots of knowledge about OpenMetrics or similar concepts. For that reason as well as compatibility with existing code, it is preserved and may even be extended in the future. However, code relying on the `stats-updated` event as well as `get_stats` from `statsmanager` will break because the data model has changed completely; in case of `stats-updated`, the code will simply not run (as the event was renamed in order to avoid conflicts); the `get_stats` function has been removed completely (so it will cause a traceback when it is attempted to be used). Note that the measure_*_event methods have been removed from the module API. I was unable to find any uses or documentation and thus deemed they should not be ported. Re-implementation is possible when necessary. [0]: https://openmetrics.io/ [1]: https://prometheus.io/ [2]: #959 [3]: #960
* | mod_tls: Bail out if session got destroyed while sending <proceed/>Kim Alvefur2021-04-151-0/+1
| | | | | | | | | | | | | | Can happen in case opportunistic_writes is enabled and the session got destroyed while writing that tag. Thanks Ge0rG
* | mod_c2s: Fix traceback if session was destroyed while opening stream (thanks ↵Kim Alvefur2021-04-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | Ge0rG) Could happen with the 'opportunistic_writes' setting, since then the stream opening is written directly to the socket, which can in turn trigger session destruction if the socket somehow got closed just after the other sent their stream header. Error happens later when it tries to `hosts[session.host == nil].events`