Kim Alvefur <zash@zash.se> [Sun, 05 Nov 2023 21:03:30 +0100] rev 5694
mod_storage_appendmap: Implement item/user iteration methods
Kim Alvefur <zash@zash.se> [Sun, 05 Nov 2023 19:22:46 +0100] rev 5693
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se> [Fri, 03 Nov 2023 23:26:57 +0100] rev 5692
mod_dnsupdate: Support advertising explicit non-existence of service
Matthew Wild <mwild1@gmail.com> [Thu, 02 Nov 2023 17:00:53 +0000] rev 5691
mod_http_admin_api: Support for adding/removing group MUCs
Matthew Wild <mwild1@gmail.com> [Thu, 02 Nov 2023 17:00:14 +0000] rev 5690
mod_groups_muc_bookmarks: Update bookmarks when a group MUC is added/removed
Matthew Wild <mwild1@gmail.com> [Thu, 02 Nov 2023 16:59:44 +0000] rev 5689
mod_groups_internal: Update to support multiple MUCs per group
This was a feature request for Snikket.
Matthew Wild <mwild1@gmail.com> [Mon, 30 Oct 2023 12:28:12 +0000] rev 5688
mod_storage_ejabberdsql_readonly: Don't use MySQL-specific syntax
util.sql should take care of transformation when MySQL is in use.
Kim Alvefur <zash@zash.se> [Sun, 29 Oct 2023 12:41:56 +0100] rev 5687
mod_client_management: Bail out retrieving tokens for user
Fixes core/usermanager.lua:118: attempt to index a nil value (field '?')
Kim Alvefur <zash@zash.se> [Sun, 29 Oct 2023 11:30:49 +0100] rev 5686
mod_http_oauth2: Limit revocation to clients own tokens in strict mode
RFC 7009 section 2.1 states:
> The authorization server first validates the client credentials (in
> case of a confidential client) and then verifies whether the token was
> issued to the client making the revocation request. If this
> validation fails, the request is refused and the client is informed of
> the error by the authorization server as described below.
The first part was already covered (in strict mode). This adds the later
part using the hash of client_id recorded in 0860497152af
It still seems weird to me that revoking a leaked token should not be
allowed whoever might have discovered it, as that seems the responsible
thing to do.
Kim Alvefur <zash@zash.se> [Sun, 29 Oct 2023 11:20:15 +0100] rev 5685
mod_http_oauth2: Restrict introspection to clients own tokens
The introspection code was added before the client hash was added in
0860497152af which allows connecting tokens to clients.
Kim Alvefur <zash@zash.se> [Thu, 25 May 2023 09:31:21 +0200] rev 5684
mod_http_oauth2: Implement introspection endpoint
"Tell me about this token"
Kim Alvefur <zash@zash.se> [Wed, 25 Oct 2023 17:18:50 +0200] rev 5683
mod_http_status: Add IP allowlisting capabilities
Based on mod_http_openmetrics
Kim Alvefur <zash@zash.se> [Wed, 25 Oct 2023 15:36:20 +0200] rev 5682
mod_rest: Limit payload size (cf stanza size limits)
Otherwise the limit would be defined by the HTTP stack.
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 23:05:59 +0200] rev 5681
mod_storage_s3: Add brief README
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 22:50:29 +0200] rev 5680
mod_storage_s3: Treat 404 to GET as a signal for empty data
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 22:49:57 +0200] rev 5679
mod_storage_s3: Use '@' as placeholder for empty (host) store slots
Used when the server stores things for itself.
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 22:49:12 +0200] rev 5678
mod_storage_s3: Handle archive query without parameters
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 21:44:14 +0200] rev 5677
mod_storage_s3: Implement Archive storage
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 21:41:01 +0200] rev 5676
mod_storage_s3: Implement iteration of keyvalue keys (users usually)
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 21:40:46 +0200] rev 5675
mod_storage_s3: Implement keyvalue deletion
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 21:40:20 +0200] rev 5674
mod_storage_s3: Handle signing of request ?query part
Kim Alvefur <zash@zash.se> [Sat, 14 Oct 2023 17:31:06 +0200] rev 5673
mod_storage_s3: Beginnings of an experimental S3 storage driver
Tested against MinIO
Kim Alvefur <zash@zash.se> [Fri, 06 Oct 2023 18:34:39 +0200] rev 5672
mod_measure_modules: Report module statuses via OpenMetrics
Someone in the chat asked about a health check endpoint, which reminded
me of mod_http_status, which provides access to module statuses with
full details. After that, this idea came about, which seems natural.
As noted in the README, it could be used to monitor that critical
modules are in fact loaded correctly.
As more modules use the status API, the more useful this module and
mod_http_status becomes.
Kim Alvefur <zash@zash.se> [Fri, 06 Oct 2023 16:49:57 +0200] rev 5671
mod_http_health: Provide a health check HTTP endpoint
Someone in the chat asked about a health check endpoint, which reminded
me of mod_http_status, which was simplified to produce this module.
Kim Alvefur <zash@zash.se> [Sun, 01 Oct 2023 16:39:48 +0200] rev 5670
mod_rest/rest.sh: Restore default read-only behavior and the -rw flag
Kim Alvefur <zash@zash.se> [Thu, 28 Sep 2023 16:38:29 +0200] rev 5669
mod_http_oauth2: Include 'amr' claim in ID Token
This essentially just says "password authentication was used". This
field could later be used to indicate whether e.g. MFA was used.
Stephen Paul Weber <singpolyma@singpolyma.net> [Thu, 21 Sep 2023 18:47:27 -0500] rev 5668
mod_push2: restore offline message hook
Filtering is mostly handled in handle_notify_request now
Stephen Paul Weber <singpolyma@singpolyma.net> [Wed, 20 Sep 2023 23:05:29 -0500] rev 5667
mod_push2: Need to include the public key with the JWT
Stephen Paul Weber <singpolyma@singpolyma.net> [Tue, 19 Sep 2023 21:39:14 -0500] rev 5666
mod_push2: Add note about luaossl patch
Stephen Paul Weber <singpolyma@singpolyma.net> [Tue, 19 Sep 2023 21:36:13 -0500] rev 5665
mod_push2: Fix unbalanced quote in readme
Stephen Paul Weber <singpolyma@singpolyma.net> [Tue, 19 Sep 2023 21:33:40 -0500] rev 5664
mod_push2: Add back body truncation logic
Stephen Paul Weber <singpolyma@singpolyma.net> [Tue, 19 Sep 2023 21:21:17 -0500] rev 5663
Initial work on Push 2.0
Kim Alvefur <zash@zash.se> [Tue, 19 Sep 2023 15:03:01 +0200] rev 5662
mod_muc_adhoc_bots: Fix unbalanced quote in metadata section
Kim Alvefur <zash@zash.se> [Tue, 19 Sep 2023 14:55:56 +0200] rev 5661
mod_muc_members_json: Fix potential error when removing old affiliations
Found this uncommitted change on a production server...
The affiliation data may been `nil` at some point, triggering an error?
Kim Alvefur <zash@zash.se> [Tue, 19 Sep 2023 13:22:00 +0200] rev 5660
mod_http_muc_log: Correctly handle changed or retracted reactions
Since per XEP-0444 each reaction should overwrite all previous reactions
on a particular message from a particular occupant.
Previously repeated reactions would be counted again and retractions
were not handled.
Kim Alvefur <zash@zash.se> [Mon, 18 Sep 2023 18:34:55 +0200] rev 5659
mod_muc_members_json: Demonstrate support for more than one JID per list
Kim Alvefur <zash@zash.se> [Mon, 18 Sep 2023 18:33:01 +0200] rev 5658
mod_muc_members_json: Fix invalid JSON in README
Stephen Paul Weber <singpolyma@singpolyma.net> [Mon, 18 Sep 2023 08:24:19 -0500] rev 5657
Merge
Stephen Paul Weber <singpolyma@singpolyma.net> [Mon, 18 Sep 2023 08:22:07 -0500] rev 5656
mod_muc_adhoc_bots: add module
Stephen Paul Weber <singpolyma@singpolyma.net> [Sat, 06 May 2023 19:42:08 -0500] rev 5655
mod_pubsub_subscription: support subscribing from a bare JID
Allow subscribing from a bare JID on the component instead of only the component
host, useful for subscribing to whitelist access model nodes that want to see
a particular JID in the from.
Stephen Paul Weber <singpolyma@singpolyma.net> [Sat, 06 May 2023 19:40:23 -0500] rev 5654
merge
Stephen Paul Weber <singpolyma@singpolyma.net> [Wed, 22 Feb 2023 22:47:45 -0500] rev 5653
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Kim Alvefur <zash@zash.se> [Sun, 17 Sep 2023 13:36:30 +0200] rev 5652
misc/mtail: Start of an mtail config
Stashing it here in case anyone wants to continue working on it.
Currently it's only counting log messages by level.
Due to the permissions set by systemd on Prosody logs, mtail never
managed to start correctly until permissions were manually relaxed.
Kim Alvefur <zash@zash.se> [Mon, 11 Sep 2023 18:03:18 +0200] rev 5651
mod_muc_moderation: Mention that it works with mod_storage_xmlarchive (thanks Menel)
Kim Alvefur <zash@zash.se> [Mon, 11 Sep 2023 10:48:31 +0200] rev 5650
mod_http_oauth2: Apply refresh token ttl to refresh token instead of grant
The intent in 59d5fc50f602 was for refresh tokens to extend the lifetime
of the grant, but the refresh token ttl was applied to the grant and
mod_tokenauth does not change it, leading to the grant expiring
regardless of refresh token usage.
This makes grant lifetimes unlimited, which seems to be standard
practice in the wild.
Kim Alvefur <zash@zash.se> [Mon, 11 Sep 2023 10:19:38 +0200] rev 5649
mod_client_management: Show grant expiry in shell command
I want to know when my OAuth2 grant expires and that it really is
extended by refreshing.
Kim Alvefur <zash@zash.se> [Sat, 09 Sep 2023 22:51:25 +0200] rev 5648
mod_http_oauth2: Tweak wording in README to point out that this is an AS
Kim Alvefur <zash@zash.se> [Sat, 09 Sep 2023 21:42:24 +0200] rev 5647
mod_http_oauth2: Allow 'login_hint' as a substitute for OIDC 'select_account' prompt
If the OIDC 'prompt' parameter does not contain the 'select_account'
then it wants us to skip account selection, which means we have to
figure which account to authenticate somehow. One way could be have
this stored in a cookie from a previous successful login. Another way
would be to have the account passed as a hint, which is what we add
here.
Kim Alvefur <zash@zash.se> [Sun, 27 Aug 2023 09:49:35 +0200] rev 5646
mod_http_oauth2: Remove broken in-CSS templating
Because util.interpolation with a "%b{}" pattern only matches the outer
brackets, so variables inside them would not work unless the pattern is
changed (also considered).
Kim Alvefur <zash@zash.se> [Sun, 27 Aug 2023 15:33:14 +0200] rev 5645
mod_bidi: Really extra finally fix auto-linking to mod_s2s_bidi
Kim Alvefur <zash@zash.se> [Sun, 27 Aug 2023 15:31:46 +0200] rev 5644
mod_bidi: Fix README again
Kim Alvefur <zash@zash.se> [Sun, 27 Aug 2023 15:30:00 +0200] rev 5643
mod_bidi: Fix autolink syntax
Thanks pandoc ... not
Kim Alvefur <zash@zash.se> [Sun, 27 Aug 2023 15:28:53 +0200] rev 5642
mod_bidi: Add warning about use with 0.12
Kim Alvefur <zash@zash.se> [Sat, 26 Aug 2023 14:49:45 +0200] rev 5641
mod_rest/rest.sh: Silence shellcheck SC1091
Stops it from trying and failing to read the config file, since the path
uses variables.
Kim Alvefur <zash@zash.se> [Sat, 26 Aug 2023 14:37:04 +0200] rev 5640
mod_rest/rest.sh: Update to use httpie-oauth2 plugin
This bash implementation of OAuth2/OIDC was growing to the point where
it needed a massive refactor, which made me look into alternatives where
I finally settled on implementing oauth2 in a plugin for HTTPie.
Kim Alvefur <zash@zash.se> [Sat, 26 Aug 2023 01:40:23 +0200] rev 5639
mod_http_oauth2: Specify language in templates
Might be used as hint to translation systems.
Maybe one day we'll have i18n built in, but this is not that day!
Kim Alvefur <zash@zash.se> [Thu, 17 Aug 2023 08:34:17 +0200] rev 5638
mod_http_oauth2: Remove duplicated word in README introduced in 734788d8bfc3
Kim Alvefur <zash@zash.se> [Wed, 16 Aug 2023 23:56:40 +0200] rev 5637
mod_http_oauth2: Allow omitting application type for native apps
This derives "application_type":"native" from the first redirect URI
when registering a client, so that it can be omitted without the default
value of "web" causing the very same redirect URIs to be rejected.
Kim Alvefur <zash@zash.se> [Wed, 16 Aug 2023 11:17:28 +0200] rev 5636
mod_client_management: Show timestamp of first client appearance
Kim Alvefur <zash@zash.se> [Tue, 08 Aug 2023 17:04:50 +0200] rev 5635
mod_http_oauth2: Improve templates
XML-ness by avoiding value-less attributes or whatever they're called
Plus some Aria label tweaks