aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* mod_c2s: Close ports in a separate, earlier event from closing sessionsKim Alvefur2022-02-181-0/+2
| | | | | Lets other things step in and do things while c2s ports are closed, e.g. mod_smacks, or other modules with port handlers that forward to c2s.
* mod_s2s: Disable creation of new outgoing connections during shutdownKim Alvefur2022-02-111-0/+7
|
* mod_c2s,mod_s2s: Disable and close port listeners before closing sessionsKim Alvefur2022-02-112-0/+14
| | | | This ensures no new clients can start connecting during shutdown
* mod_posix: Run signal handlers in the startup threadKim Alvefur2021-10-061-7/+13
|
* mod_admin_shell: Squeeze some characters out of the Certificate columnKim Alvefur2022-02-171-2/+2
| | | | The more compact these are, the better
* mod_admin_shell: Fix description of muc:room() (thanks Link Mauve)Kim Alvefur2022-02-151-1/+1
| | | | | But then this is the internal API which is weird and unfriendly to expose externally. Lots of methods to wrap tho ... one day.
* mod_turn_external: Fix type of config option (thanks mirux)Kim Alvefur2022-02-151-1/+1
| | | | | | There was a separate boolean option to enable TLS before, but it was merged with the port number option and it seems the typed API interface got confused.
* mod_invites_register: Load mod_register_ibr in invite only modeKim Alvefur2022-02-101-0/+4
| | | | | This ensures that registration actually works even if allow_registration is not enabled.
* mod_invites_register: Replace COMPAT hackKim Alvefur2022-02-101-1/+1
| | | | | This hack is not needed since a9c975a0f113 so can be removed when included with Prosody.
* mod_turn_external: Add option to enable TURN over TLSKim Alvefur2022-02-101-2/+6
| | | | | | Usually on port 443 to avoid restrictive firewalls. Thanks to Holger for discussion
* mod_turn_external: Simplify configurationKim Alvefur2022-02-101-2/+9
| | | | | Much harder to get boolean options wrong than accidentally adding something unrecognised to a Set.
* mod_admin_shell: Track connected events instead of createdKim Alvefur2022-02-061-3/+3
| | | | | | | | The connection events are more appropriate here, where the s2s-created events happens a bit later or earlier in a sessions lifetime depending on its direction and for outgoing connections isn't actually the creation time (which happens immediately after pressing enter, so not very interesting), but rather closer to the connection time.
* mod_s2s: Add new early s2s-connected eventsKim Alvefur2022-02-061-0/+3
| | | | | Allows doing things based on connections rather than sessions, which may have been created before or after.
* mod_smacks: Tweak resumption age buckets towards multiples of 60Kim Alvefur2022-02-041-1/+1
| | | | | This seems like the thing to do for time, which is usually divided into divisors divisible by 60, or multiplied by multiples of 60
* mod_http: Use interface name as default default global hostnameKim Alvefur2022-02-041-1/+1
| | | | | | | http://[::]:5280/ is as sensible as http://*:5280/ so why not This might be a bit weird when listening no multiple interfaces but not sure we can really do anything sensible then anyway.
* mod_http: Use http_default_host for URLs generated in global contextKim Alvefur2022-02-041-1/+2
| | | | | This might make the global routes less confusing sometimes, or at least valid URLs instead of http://*:5280/ which doesn't make much sense.
* mod_websocket: Only enable host-agnostic HTTP routing when enabled globallyKim Alvefur2022-02-041-1/+3
| | | | | | | This way the host-agnostic http://*:5280/ handler is not enabled, but BOSH can still be used with any local VirtualHost Ref #1712
* mod_bosh: Only enable host-agnostic HTTP routing when enabled globallyKim Alvefur2022-02-041-1/+3
| | | | | | | This way the host-agnostic http://*:5280/ handler is not enabled, but BOSH can still be used with any local VirtualHost Ref #1712
* mod_pep: Fix typo in comment [codespell]Kim Alvefur2022-02-041-1/+1
|
* mod_bookmarks: Fix typos in stanza error messages [codespell]Kim Alvefur2022-02-041-2/+2
|
* mod_admin_shell: Fix typo in comment [codespell]Kim Alvefur2022-02-041-1/+1
|
* mod_pep: Clarify purpose of fallback serviceKim Alvefur2022-02-031-0/+7
| | | | | Extra-extra obvious that no interaction with this should lead to persisted changes
* mod_pep: Correct initialization of fallback serviceKim Alvefur2022-02-031-8/+6
| | | | | I'm not sure what went wrong here, copy-paste mistake? Doesn't matter as long as nobody can create nodes on this service.
* plugins: Update for namespace bump in XEP-0353 v0.4.0Kim Alvefur2022-01-113-3/+3
|
* mod_admin_shell: Add descriptions of each column to 'help columns'Kim Alvefur2022-01-301-5/+35
| | | | Since some of the titles are quite dense
* mod_admin_shell: Use exact match instead of Lua patterns in c2s,s2s:showKim Alvefur2022-01-301-2/+2
| | | | | | It is unexpected that 'example.com' matches 'exampleicom.org' and this use of Lua patterns is undocumented and unlikely to be widely known or used.
* mod_http_file_share: Use alternate syntax for filename in Content-DispositionKim Alvefur2022-01-291-1/+2
| | | | | | | | | | | | | | The Lua string.format %q doesn't behave correctly for all characters that should be escaped in a quoted-string. And who knows what effects higher Unicode might have here. Applying percent-encoding of filenames seems like the safest way to deal with filenames, as well as being easier than implementing the actual quoted-string transform, which seems complicated and I'm not even sure it covers every possible character. Filenames can safely be assumed to be UTF-8 since they are passed in an attribute in the query without any escaping.
* mod_admin_shell: Fix traceback on rendering graph of stats without extra labelsKim Alvefur2022-01-291-1/+1
| | | | | | Stops an error when extra_labels is nil since it attempts to index it Unsure about correctness
* mod_admin_shell: Add help section about statsKim Alvefur2022-01-291-1/+4
|
* mod_admin_shell: Add help section about customizing table columnsKim Alvefur2022-01-281-1/+17
|
* mod_pubsub: Allow configuring summary templatesKim Alvefur2022-01-241-6/+11
| | | | | Enables generation of summaries for more than Atom without additional modules.
* mod_pubsub: Use the util.xtemplate to render Atom summaryKim Alvefur2022-01-241-9/+3
|
* mod_pubsub: Use the 'pubsub#type' setting to pick summary generatorKim Alvefur2022-01-241-1/+2
| | | | | | Allows using different ones even if multiple semantically different formats share the same root element xmlns, e.g. generic Atom and XEP-0277 entries.
* mod_tls: Set ALPN on outgoing connectionsKim Alvefur2022-01-251-1/+2
| | | | | | | | | Relevant and sometimes needed for Direct TLS which mod_s2s uses this context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN based dispatch is used. All these contexts should likely move away from mod_tls and into either mod_s2s or portmanager. The later already duplicates some of this work.
* mod_admin_shell: Add command to show current user rolesKim Alvefur2022-01-231-0/+20
|
* mod_admin_shell: Add help section about rolesKim Alvefur2022-01-231-0/+12
| | | | | | | As in the argument to user:create() and user:roles() Tricky to come up with something sensible to write when Prosody core only knows of the 'prosody:admin' role so far.
* mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tlsKim Alvefur2022-01-212-8/+17
| | | | | | | | | | So that the same TLS context is used for both Direct TLS and starttls, since they are supposed to be functionally identical apart from the few extra round trips. A new event is added because the 's2s-created' event fires much later, after a connection has already been established, where we need the TLS context before that.
* mod_s2s: Enable outgoing Direct TLS connectionsKim Alvefur2022-01-211-2/+9
| | | | | | | | | | Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.
* mod_storage_xep0227: Fix luacheck warningMatthew Wild2022-01-171-1/+1
|
* mod_storage_xep0227: Fix traceback during iteration of driver storesMatthew Wild2022-01-171-1/+1
| | | | :include(other_set), :add(item)
* mod_storage_xep0227: Fix file export (missing parameter) from refactor in ↵Matthew Wild2022-01-171-1/+1
| | | | 270047afa6af
* mod_http: Increase severity of loading unreachable http modulesKim Alvefur2022-01-151-1/+1
| | | | | | | | This is either caused by an earlier failure to bind http/s ports, in which case that should be corrected, or explicitly disbling the http/s ports, in which case ... why enable http modules? Suggested by jonas’
* mod_http: Skip querying portmanager when http_external_url when is setKim Alvefur2021-11-271-8/+17
| | | | | | | | When http_external_url is set then the portmanager usage only really serves as a check of whether any http service is enabled at all. Should allow generating an URL from prosodyctl when http_external_url is set.
* mod_storage_xep0227: treat roster metadata pseudo-entry correctlyJonas Schäfer2022-01-151-1/+1
| | | | | | | | | | The roster version is stored in a pseudo-item which has the key `false`. The if condition in the touched code attempts to guard against this, but it does not take into account that the jid prepping returns nil instead of false. By moving the jid prepping into the if, we can check for the metadata entry safely.
* mod_storage_xep0227: be defensive against empty vCardJonas Schäfer2022-01-151-1/+1
| | | | | An empty vCard store may look like the empty table, which does not have the `attr` key, which would then blow up in util.stanza.deserialize.
* mod_http: Limit unencrypted http port (5280) to loopback by defaultKim Alvefur2022-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve
* mod_cron: Allow for a small amount of timer driftKim Alvefur2022-01-151-1/+1
| | | | | | | | | If the timer activates a bit early then a task might be just a few seconds short of being allowed to run. This would run such a task rather than wait another hour. The value 0.5% chosen so that a weekly task does not run an entire hour earlier than last time.
* mod_storage_xep0227: Fix luacheck warningsMatthew Wild2022-01-141-2/+2
|
* mod_storage_xep0227: Add API to iterate all stores of a userMatthew Wild2022-01-141-7/+23
|
* mod_storage_xep0227: Skip self-contacts on roster importMatthew Wild2022-01-141-11/+15
|