From 51fea18a8775891d3bfb9c7eecaba48c1ed2a6ff Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 24 Mar 2023 12:59:47 +0000 Subject: mod_tokenauth: Track last access time (last time a token was used) --- plugins/mod_tokenauth.lua | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 480d6437..86f9a3bd 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -8,6 +8,8 @@ local generate_identifier = require "prosody.util.id".short; local token_store = module:open_store("auth_tokens", "map"); +local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); + local function select_role(username, host, role) if role then return prosody.hosts[host].authz.get_role_by_name(role); @@ -33,12 +35,15 @@ function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_dat local token_id = id.short(); + local now = os.time(); + local token_info = { id = token_id; owner = actor_jid; - created = os.time(); - expires = token_ttl and (os.time() + token_ttl) or nil; + created = now; + expires = token_ttl and (now + token_ttl) or nil; + accessed = now; jid = token_jid; purpose = token_purpose; @@ -92,7 +97,8 @@ local function _get_validated_token_info(token_id, token_user, token_host, token local token_info = token.token_info; - if token_info.expires and token_info.expires < os.time() then + local now = os.time(); + if token_info.expires and token_info.expires < now then token_store:set(token_user, token_id, nil); return nil, "not-authorized"; end @@ -104,6 +110,12 @@ local function _get_validated_token_info(token_id, token_user, token_host, token return nil, "not-authorized"; end + local last_accessed = token_info.accessed; + if not last_accessed or (now - last_accessed) > access_time_granularity then + token_info.accessed = now; + token_store:set(token_user, token_id, token_info); + end + return token_info end -- cgit v1.2.3