mod_audit: Replace argument parsing debug print() with debug logging prosodyctl -v to view

mod_audit_register: Include hostpart with audit events here too mod_audit seems to expect this to be JIDs, not bare usernames.

mod_audit_auth: Include hostpart with audit events mod_audit seems to expect this to be JIDs, not bare usernames.

mod_audit: Fix storing IP prefixes Was essentially calling new_ip(new_ip())

mod_audit: Fix showing session details in module command The namespaced session element was not accounted for.

mod_audit: Also record human-readable name of country Nicer to show in graphs but less machine-usable Throw in continent in case that turns out to be useful one day

mod_audit: Fix recording location info The method :query_by_addr only works for IPv4, even if you open the IPv6 database, which is an odd API. It also returns a table, not a string.

mod_audit: Parse IP into util.ip object once and reuse Mostly for my own sanity

mod_audit: Pass IP address in string form Passing an util.ip object to :text_tag() would be an error.

mod_audit: Fix use of util.ip Yes, weirdly named 'new' function

mod_firewall: Add FROM COUNTRY condition based on GeoIP DB

mod_firewall: Tweak page outline Having 'Sender/recipient matching' under 'Stanza matching' makes more sense to me than the former being a top level item.

mod_aws_profile: Fix use of timer API

mod_auth_oauth_external: Enable experimental http connection pooling Connection pooling may provide a performance boost since it does a few requests per authentication.

mod_storage_s3: Enable connection pooling added in latest trunk Speed boost, something like a 30% improvement with http://localhost Small risk of failed requests due to limits on number of requests per connection or timeouts.

mod_storage_s3: Fix logging Seems request and response loggers is only a thing on http requests and responses from net.http.server, not net.http requests.

mod_storage_s3: Sort imports For pedantic reasons

mod_storage_s3: Implement archive store deletion Not the most efficient way but should work.

mod_storage_s3: Skip archive items matching on date but not full datetime Since it only encodes dates in paths, it would have returned items from outside the specified start..end range if they were from earlier or later in the same (UTC) day.

mod_storage_s3: Move request signing into a net.http hook

mod_client_management: Report on longest lived token when grant does not expire E.g. for mod_http_oauth2 where by default the grant itself is unlimited, while refresh tokens are issued with one week lifetime, but are renewed with each use.

mod_muc_members_json: Fix typo in example and set correct syntax highlighter

mod_muc_members_json: Expand example config and docs for clarity

mod_storage_appendmap: Include timestamps when appending data Meant to give some sense of when each piece of data was added, to aid in debugging changes or manual rollbacks.

mod_storage_appendmap: Implement item/user iteration methods

mod_http_health: Copypaste IP access control code

mod_dnsupdate: Support advertising explicit non-existence of service

mod_http_admin_api: Support for adding/removing group MUCs

mod_groups_muc_bookmarks: Update bookmarks when a group MUC is added/removed

mod_groups_internal: Update to support multiple MUCs per group This was a feature request for Snikket.

mod_storage_ejabberdsql_readonly: Don't use MySQL-specific syntax util.sql should take care of transformation when MySQL is in use.

mod_client_management: Bail out retrieving tokens for user Fixes core/usermanager.lua:118: attempt to index a nil value (field '?')

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.

mod_http_oauth2: Restrict introspection to clients own tokens The introspection code was added before the client hash was added in 0860497152af which allows connecting tokens to clients.

mod_http_oauth2: Implement introspection endpoint "Tell me about this token"

mod_http_status: Add IP allowlisting capabilities Based on mod_http_openmetrics

mod_rest: Limit payload size (cf stanza size limits) Otherwise the limit would be defined by the HTTP stack.

mod_storage_s3: Add brief README

mod_storage_s3: Treat 404 to GET as a signal for empty data

mod_storage_s3: Use '@' as placeholder for empty (host) store slots Used when the server stores things for itself.

mod_storage_s3: Handle archive query without parameters

mod_storage_s3: Implement Archive storage

mod_storage_s3: Implement iteration of keyvalue keys (users usually)

mod_storage_s3: Implement keyvalue deletion

mod_storage_s3: Handle signing of request ?query part

mod_storage_s3: Beginnings of an experimental S3 storage driver Tested against MinIO

mod_measure_modules: Report module statuses via OpenMetrics Someone in the chat asked about a health check endpoint, which reminded me of mod_http_status, which provides access to module statuses with full details. After that, this idea came about, which seems natural. As noted in the README, it could be used to monitor that critical modules are in fact loaded correctly. As more modules use the status API, the more useful this module and mod_http_status becomes.

mod_http_health: Provide a health check HTTP endpoint Someone in the chat asked about a health check endpoint, which reminded me of mod_http_status, which was simplified to produce this module.

mod_rest/rest.sh: Restore default read-only behavior and the -rw flag

mod_http_oauth2: Include 'amr' claim in ID Token This essentially just says "password authentication was used". This field could later be used to indicate whether e.g. MFA was used.

mod_push2: restore offline message hook Filtering is mostly handled in handle_notify_request now

mod_push2: Need to include the public key with the JWT

mod_push2: Add note about luaossl patch

mod_push2: Fix unbalanced quote in readme

mod_push2: Add back body truncation logic

Initial work on Push 2.0

mod_muc_adhoc_bots: Fix unbalanced quote in metadata section

mod_muc_members_json: Fix potential error when removing old affiliations Found this uncommitted change on a production server... The affiliation data may been `nil` at some point, triggering an error?

mod_http_muc_log: Correctly handle changed or retracted reactions Since per XEP-0444 each reaction should overwrite all previous reactions on a particular message from a particular occupant. Previously repeated reactions would be counted again and retractions were not handled.

mod_muc_members_json: Demonstrate support for more than one JID per list