aboutsummaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge 0.12->trunkKim Alvefur2023-01-141-4/+8
|\|
| * prosodyctl check dns: Check for Direct TLS SRV records even if not ↵Kim Alvefur2023-01-141-4/+8
| | | | | | | | | | | | | | configured (fix #1793) Existing such records may cause timeouts or errors in clients and servers trying to connect, despite prosodyctl check saying all is well
* | util.paseto: Add support for v3.local tokensMatthew Wild2023-01-131-0/+98
| |
* | util.paseto: Fix omitted parameterMatthew Wild2023-01-131-1/+1
| |
* | util.paseto: Stricter base64 decoding, as per specMatthew Wild2023-01-131-0/+11
| |
* | util.openmetrics: Update tools.ietf.org URL to datatrackerKim Alvefur2022-12-191-1/+1
| | | | | | | | See bd9e006a7a74 for more context
* | Revert unintentionally committed parts of 12bd40b8e105Kim Alvefur2022-12-211-1/+2
| |
* | mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits AdvertisementKim Alvefur2022-10-201-2/+1
| | | | | | | | Thanks MattJ
* | Merge 0.12->trunkKim Alvefur2022-12-1238-797/+729
|\ \ | |/ |/|
| * util.hashring: Support associating arbitrary data with nodesMatthew Wild2022-12-021-9/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this API, a 'node' is always a simple text string. Sometimes the caller may have a more complex structure representing a node, but the hash ring is really only concerned with the node's name. This API change allows :add_nodes() to take a table of `node_name = value` pairs, as well as the simple array of node names previously accepted. The 'value' of the selected node is returned as a new second result from :get_node(). If no value is passed when a node is added, it defaults to `true` (as before, but this was never previously exposed).
| * Merge 0.12->trunkMatthew Wild2022-11-041-5/+14
| |\
| * | util.prosodyctl.cert: Remove Lua 5.1 os.execute() return value compatKim Alvefur2022-10-201-1/+1
| | |
| * | util.prosodyctl: Remove Lua 5.1 os.execute() return value compatKim Alvefur2022-10-201-2/+1
| | |
| * | util.openssl: Remove Lua 5.1 os.execute() return value compatKim Alvefur2022-10-201-2/+1
| | |
| * | util.human.io: Fix handling of os.execute() return values in Lua 5.2+Kim Alvefur2022-10-201-3/+3
| | | | | | | | | | | | Wrong part of Lua 5.1 compat removed in 0f4feaf9ca64
| * | util.mathcompat: Module to ease reuse of math.type()Kim Alvefur2022-10-204-10/+22
| | | | | | | | | | | | | | | Mostly to ensure it is available during tests, as util.startup is not invoked there
| * | util.startup: Provide a common Lua 5.3+ math.type() for Lua 5.2Kim Alvefur2022-10-194-9/+17
| | | | | | | | | | | | Code deduplication
| * | Merge 0.12->trunkKim Alvefur2022-10-201-1/+1
| |\ \
| * | | util.jid: Simplify boolean logic in conditionalsMatthew Wild2022-10-111-3/+3
| | | |
| * | | util.jid: Remove redundant check from split() (micro-optimization?)Matthew Wild2022-10-111-2/+1
| | | |
| * | | util.dbuffer: Add efficient shortcuts for discard() in certain casesMatthew Wild2022-10-111-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | If the buffer is already empty, nothing to do. If we're throwing away the whole buffer, we can just empty it and avoid read_chunk() (which in turn may collapse()). These shortcuts are much more efficient.
| * | | util.dbuffer: Remove redundant code (read_chunk() cannot fail at this point)Matthew Wild2022-10-111-7/+3
| | | |
| * | | Merge 0.12->trunkKim Alvefur2022-10-091-3/+3
| |\ \ \
| * | | | util.promise: Remove line that was supposed to be removed in eb9814372c54Matthew Wild2022-10-071-1/+0
| | | | |
| * | | | util.promise: Remove some redundant checks, add tests confirming redundancyMatthew Wild2022-10-071-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This lines don't appear to do anything useful, and all tests pass when they are removed. Discovered via mutation testing. I added extra tests to exercise this code, because I wasn't certain that there were no side-effects caused by removal. Everything appears to be fine, thanks to the "pending" check at the start of promise_settle().
| * | | | util.roles: Add a :policies() method to iterate through available policiesMatthew Wild2022-10-071-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We don't expose the policies directly, to force people to go through :may(). However, there are times when we really just need to know what policies a role has inside it (e.g. for reporting or debugging purposes).
| * | | | util.roles: Return nil if the role has no explicit policy (fixes inheritance)Matthew Wild2022-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if the first inherited role had no opinion, it returned false and prevented further consultation of other inherited roles. This bug was found thanks to the implementation of missing test cases identified through mutation testing.
| * | | | util.iterators: join: Work even with only a single iterator in the chainMatthew Wild2022-10-061-1/+2
| | | | |
| * | | | prosodyctl: check turn: More clearly indicate the error is from TURN serverMatthew Wild2022-10-061-1/+1
| | | | |
| * | | | util.jwt: More robust ECDSA signature parsing, fail early on unexpected lengthMatthew Wild2022-09-301-1/+5
| | | | |
| * | | | util.jwt: Add support for ES512 (+ tests)Matthew Wild2022-09-291-0/+1
| | | | |
| * | | | util.crypto, util.jwt: Generate consistent signature sizes (via padding)Matthew Wild2022-09-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the signature parsing and building to work correctly. Sometimes a signature was one or two bytes too short, and needed to be padded. OpenSSL can do this for us.
| * | | | Merge 0.12->trunkKim Alvefur2022-09-151-0/+5
| |\ \ \ \
| * | | | | util.paseto: Do strict type check in pae() functionKim Alvefur2022-07-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a test failure on Lua 5.4 where ipairs("") does not produce an error.
| * | | | | util.paseto: Drop custom wrappers around key objectsMatthew Wild2022-07-111-46/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PASETO spec recommends - no, *requires* - that implementations enforce type safety for keys, and e.g. do not pass them around as arbitrary byte strings. Typed wrapper objects are recommended. I originally followed this advice when starting the lib. However, key wrapping and type safety is now also a feature of util.crypto. All we're doing is duplicating it unnecessarily with this additional wrapper code.
| * | | | | util.paseto: Export similar API to new util.jwt for ease and consistencyMatthew Wild2022-07-111-0/+21
| | | | | |
| * | | | | util.paseto: Error early on invalid keysMatthew Wild2022-07-111-0/+2
| | | | | |
| * | | | | util.paseto: Fix to decode footer before comparisonMatthew Wild2022-07-111-0/+1
| | | | | |
| * | | | | util.jwt: Add new init() convenience method to obtain both signer and verifierMatthew Wild2022-07-111-0/+6
| | | | | |
| * | | | | util.jwt: Consolidate payload parsing, ensure it's always a valid objectMatthew Wild2022-07-111-11/+13
| | | | | |
| * | | | | util.jwt: Provide built-in token expiry support (defaults to 3600s lifetime)Matthew Wild2022-07-111-3/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid every user of the library needing to add and verify expiry info, this is now handled by util.jwt itself (if not overridden or disabled). Issuing tokens that are valid forever is bad practice and rarely desired, and the default token lifetime is now 3600s (1 hour).
| * | | | | util.jwt: All the algorithms (+ all the tests!)Matthew Wild2022-07-021-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | Except 'none'. Not implementing that one.
| * | | | | util.crypto: More digests for sign/verify, use macros for clarity/consistencyMatthew Wild2022-07-021-2/+2
| | | | | |
| * | | | | util.jwt: Add support for RSA-based algorithms (RS256, PS256)Matthew Wild2022-07-021-14/+35
| | | | | |
| * | | | | util.jwt: Add support/tests for ES256 via improved API and using util.cryptoMatthew Wild2022-07-011-19/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility.
| * | | | | util.paseto: Implementation of PASETO v4.public tokensMatthew Wild2022-06-241-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PASETO provides an alternative to JWT with the promise of fewer implementation pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified token issuance and validation. In summary, such tokens can be issued by one party and securely verified by any other party independently using the public key of the issuer. This has a number of potential applications in a decentralized network and ecosystem such as XMPP. For example, such tokens could be combined with XEP-0317 to allow hats to be verified even in the context of a third-party MUC service.
| * | | | | util.stanza: Add add_error() to simplify adding error tags to existing stanzasMatthew Wild2022-08-291-25/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some fiddling is required now in error_reply() to ensure the cursor is in the same place as before this change (a lot of code apparently uses that feature).
| * | | | | util.roles: Add new utility module to consolidate role objects and methodsMatthew Wild2022-07-191-0/+100
| | | | | |
| * | | | | util.session: Add role management methodsMatthew Wild2022-06-151-0/+6
| | | | | |
| * | | | | util.stanza: Add method for extracting a single attribute valueKim Alvefur2022-08-171-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes you only care about a single attribute, but the child tag itself may be optional, leading to needing `tag and tag.attr.foo` or `stanza:find("tag@foo")`. The `:find()` method is fairly complex, so avoiding it for this kind of simpler use case is a win.