aboutsummaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* util.paseto: Error early on invalid keysMatthew Wild2022-07-111-0/+2
|
* util.paseto: Fix to decode footer before comparisonMatthew Wild2022-07-111-0/+1
|
* util.jwt: Add new init() convenience method to obtain both signer and verifierMatthew Wild2022-07-111-0/+6
|
* util.jwt: Consolidate payload parsing, ensure it's always a valid objectMatthew Wild2022-07-111-11/+13
|
* util.jwt: Provide built-in token expiry support (defaults to 3600s lifetime)Matthew Wild2022-07-111-3/+28
| | | | | | | | To avoid every user of the library needing to add and verify expiry info, this is now handled by util.jwt itself (if not overridden or disabled). Issuing tokens that are valid forever is bad practice and rarely desired, and the default token lifetime is now 3600s (1 hour).
* util.jwt: All the algorithms (+ all the tests!)Matthew Wild2022-07-021-5/+12
| | | | Except 'none'. Not implementing that one.
* util.crypto: More digests for sign/verify, use macros for clarity/consistencyMatthew Wild2022-07-021-2/+2
|
* util.jwt: Add support for RSA-based algorithms (RS256, PS256)Matthew Wild2022-07-021-14/+35
|
* util.jwt: Add support/tests for ES256 via improved API and using util.cryptoMatthew Wild2022-07-011-19/+121
| | | | | | | | | | | In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility.
* util.paseto: Implementation of PASETO v4.public tokensMatthew Wild2022-06-241-0/+123
| | | | | | | | | | | | PASETO provides an alternative to JWT with the promise of fewer implementation pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified token issuance and validation. In summary, such tokens can be issued by one party and securely verified by any other party independently using the public key of the issuer. This has a number of potential applications in a decentralized network and ecosystem such as XMPP. For example, such tokens could be combined with XEP-0317 to allow hats to be verified even in the context of a third-party MUC service.
* util.stanza: Add add_error() to simplify adding error tags to existing stanzasMatthew Wild2022-08-291-25/+31
| | | | | Some fiddling is required now in error_reply() to ensure the cursor is in the same place as before this change (a lot of code apparently uses that feature).
* util.roles: Add new utility module to consolidate role objects and methodsMatthew Wild2022-07-191-0/+100
|
* util.session: Add role management methodsMatthew Wild2022-06-151-0/+6
|
* util.stanza: Add method for extracting a single attribute valueKim Alvefur2022-08-171-0/+8
| | | | | | | | | Sometimes you only care about a single attribute, but the child tag itself may be optional, leading to needing `tag and tag.attr.foo` or `stanza:find("tag@foo")`. The `:find()` method is fairly complex, so avoiding it for this kind of simpler use case is a win.
* util.datetime: Remove a lineKim Alvefur2022-08-171-2/+1
| | | | | | | | No idea why the locals were declared on a line by itself. Perhaps line length considerations? But saving 6 characters in width by adding a whole line with 47 characters seems excessive. This is still within the 150 character limit set by .luacheckrc
* util.datetime: Add support for sub-second precision timestampsKim Alvefur2022-08-141-7/+19
| | | | | | Lua since 5.3 raises a fuss when time functions are handed a number with a fractional part and the underlying C functions are all based on integer seconds without support for more precision.
* doap: Update XEP versions for which no code changes appear neededKim Alvefur2022-08-081-0/+1
| | | | | | | | | | | | | | | | | | XEP-0004: Partial forms are handled XEP-0045: We're already strict with GC 1.0 XEP-0060: Change in semantics wrt 'pubsub#type', but not in code XEP-0115: No protocol change XEP-0138: Specification moved to Obsolete XEP-0163: Editorial only change XEP-0215: Minor schema change XEP-0280: Editorial change XEP-0297: Had the wrong version number XEP-0106: Note missing piece for version 1.1 XEP-0313: Editorial change XEP-0363: Editorial clarification, no code change required XEP-0380: Registry additions, no code change needed XEP-0384: Not directly supported, only here because people will ask otherwise XEP-0445: Broken out of XEP-0401
* various: Update IETF RFC URLs for tools.ietf.org transitionKim Alvefur2022-08-051-6/+6
| | | | | | See https://www.ietf.org/blog/finalizing-ietf-tools-transition/ Already done in various other places.
* util.sasl.scram: Add 'tls-exporter' as recognised channel binding methodKim Alvefur2022-07-271-1/+1
| | | | | The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not actually advertised.
* compat: Use table.pack (there since Lua 5.2) over our util.tableKim Alvefur2022-07-113-3/+3
| | | | | Added in d278a770eddc avoid having to deal with its absence in Lua 5.1. No longer needed when Lua 5.1 support is dropped.
* compat: Remove handling of Lua 5.1 location of 'unpack' functionKim Alvefur2022-07-117-7/+7
|
* Merge 0.12->trunkKim Alvefur2022-07-082-145/+168
|\
| * util.datamapper: Improve handling of schemas with non-obvious "type"Kim Alvefur2022-07-081-10/+27
| | | | | | | | | | | | | | | | | | | | | | | | The JSON Schema specification says that schemas are objects or booleans, and that the 'type' property is optional and can be an array. This module previously allowed bare type names as schemas and did not really handle booleans. It now handles missing 'type' properties and boolean 'true' as a schema. Objects and arrays are guessed based on the presence of 'properties' or 'items' field.
| * util.jsonschema: Fix validation to not assume presence of "type" fieldKim Alvefur2022-07-081-135/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MattJ reported a curious issue where validation did not work as expected. Primarily that the "type" field was expected to be mandatory, and thus leaving it out would result in no checks being performed. This was likely caused by misreading during initial development. Spent some time testing against https://github.com/json-schema-org/JSON-Schema-Test-Suite.git and discovered a multitude of issues, far too many to bother splitting into separate commits. More than half of them fail. Many because of features not implemented, which have been marked NYI. For example, some require deep comparisons e.g. when objects or arrays are present in enums fields. Some because of quirks with how Lua differs from JavaScript, e.g. no distinct array or object types. Tests involving fractional floating point numbers. We're definitely not going to follow references to remote resources. Or deal with UTF-16 sillyness. One test asserted that 1.0 is an integer, where Lua 5.3+ will disagree.
* | util.envload: Remove Lua 5.1 methodKim Alvefur2022-07-051-29/+10
| | | | | | | | | | | | Part of #1600 Is this module even needed anymore?
* | util: Remove various Lua 5.1 compatibility hacksKim Alvefur2022-07-025-31/+2
| | | | | | | | Part of #1600
* | util.dependencies: Reject Lua 5.1, Lua 5.2 or later is now required (see #1600)Kim Alvefur2022-07-021-2/+2
| |
* | util.dependencies: Deprecate support for Lua 5.1, this is your final warningKim Alvefur2022-06-301-1/+1
| |
* | util.hashes: Bind BLAKE2 algoritms supported by OpenSSLKim Alvefur2020-09-101-0/+2
| |
* | util.hashes: Expose sha224 and sha384 HMAC functionsKim Alvefur2020-11-291-0/+2
| | | | | | | | For completeness and consistency with set of plain hash functions
* | Merge 0.12->trunkKim Alvefur2022-06-141-1/+5
|\|
| * util.startup: Fix async waiting for last shutdown stepsKim Alvefur2022-06-141-1/+5
| | | | | | | | | | | | | | | | | | | | | | Observed problem: When shutting down prosody would immediately exit after waiting for s2s connections to close, skipping the last cleanup events and reporting the exit reason and code. This happens because prosody.main_thread is in a waiting state and queuing startup.shutdown is dispatched trough the main loop via nexttick, but since the main loop was no longer running at that point it proceeded to the end of the prosody script and exited there.
* | util.watchdog: Allow passing a new timeout to :reset()Matthew Wild2022-06-111-1/+4
| |
* | util.watchdog: Allow :reset() to restart a cancelled watchdogMatthew Wild2022-06-111-5/+6
| |
* | util.watchdog: Update to use "new" util.timer APIMatthew Wild2022-06-111-13/+16
| | | | | | | | | | | | | | | | | | | | | | | | When this module was written, it wasn't possible to cancel or reschedule a timer. Times have changed, and we should take advantage of those new methods. This module becomes a very thin wrapper around util.timer now, but I'd argue it's still a very common and useful concept/abstraction to have around. Possible API change: this removes the 'last_reset' field of the watchdog. This was never really intended as a public thing, and I can't find any code that uses it, so I consider removal to be safe.
* | util.prosodyctl.shell: Print errors in red to highlight themKim Alvefur2022-06-011-1/+8
| |
* | util.openmetrics: Set __name field on metatables to improve error messagesKim Alvefur2022-05-301-0/+3
| | | | | | | | Don't think we cause any such errors right now, but you never know!
* | util.openmetrics: Set (previously unused, empty) metatableKim Alvefur2022-05-301-2/+2
| | | | | | | | Silences luacheck warning about the metatable being unused.
* | util.vcard: Delete since nothing uses itKim Alvefur2022-05-301-574/+0
| |
* | prosodyctl shell: Communicate width of terminal to mod_admin_shellKim Alvefur2022-05-301-1/+1
| | | | | | | | This lets it adjust the width of tables to the actual terminal width.
* | Merge 0.12->trunkKim Alvefur2022-05-261-4/+0
|\|
| * util.prosodyctl.check: Remove now redundant unbound config tweakKim Alvefur2022-05-261-4/+0
| | | | | | | | | | | | | | This is now done in net.unbound itself Turning it back on in the config may still cause the problem of entries there masking the DNS values.
* | Merge 0.12->trunkKim Alvefur2022-05-092-2/+9
|\|
| * util.jsonschema: Lua <5.3 compat here tooKim Alvefur2022-05-091-1/+4
| |
| * util.jsonpointer: Fix Lua <5.3 compatKim Alvefur2022-05-091-1/+5
| |
* | Merge 0.12->trunkKim Alvefur2022-05-081-1/+1
|\|
| * util.jsonpointer: Fix off-by-one in array resolutionKim Alvefur2022-05-081-1/+1
| | | | | | | | | | | | Fixes #1753 Not known to be used anywhere
* | Merge 0.12->trunkKim Alvefur2022-05-051-0/+1
|\|
| * util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749Kim Alvefur2022-05-031-0/+1
| | | | | | | | | | Rationale: It seems unlikely that someone who has not configured any TURN service runs 'prosodyctl check turn' expecting this to be okay.
* | net: refactor sslconfig to not depend on LuaSecJonas Schäfer2022-04-021-16/+25
| | | | | | | | | | | | | | | | | | | | | | This now requires that the network backend exposes a tls_builder function, which essentially wraps the former util.sslconfig.new() function, passing a factory to create the eventual SSL context. That allows a net.server backend to pick whatever it likes as SSL context factory, as long as it understands the config table passed by the SSL config builder. Heck, a backend could even mock and replace the entire SSL config builder API.