Build 09

- introduced support for array literals in rulesets
- added array-related functions for use by rulesets
- localized references to transcoding functions
- registered chat command to control login filtering
- included support for disabling login filtering
- added reload function to AuthFilter class
- tweaked lexer to skip comments on ruleset loading
- added search function to AuthDatabase class

README.txt

@@ -1,4 +1,4 @@
-Auth Redux Mod v2.5b
+Auth Redux Mod v2.6b
 By Leslie Krause
 
 Auth Redux is a drop-in replacement for the builtin authentication handler of Minetest.
@@ -61,6 +61,16 @@ Version 2.5b (17-Jul-2018)
   - added some basic functions for use by rulesets
   - fixed validation of dataset names in rulesets
 
+Version 2.6b (19-Jul-2018)
+  - introduced support for array literals in rulesets
+  - added array-related functions for use by rulesets
+  - localized references to transcoding functions
+  - registered chat command to control login filtering
+  - included support for disabling login filtering
+  - added reload function to AuthFilter class
+  - tweaked lexer to skip comments on ruleset loading
+  - added search function to AuthDatabase class
+
 Installation
 ----------------------
 

db.lua

@@ -1,5 +1,5 @@
 --------------------------------------------------------
--- Minetest :: Auth Redux Mod v2.4 (auth_rx)
+-- Minetest :: Auth Redux Mod v2.6 (auth_rx)
 --
 -- See README.txt for licensing and release notes.
 -- Copyright (c) 2017-2018, Leslie E. Krause
@@ -398,5 +398,16 @@ function AuthDatabase( path, name )
 		return data[ username ]
 	end
 
+	self.search = function ( is_online, pattern )
+		local res = { }
+		local src = is_online and users or data
+		for k, v in pairs( src ) do
+			if pattern == nil or string.match( k, pattern ) then
+				table.insert( res, k )
+			end
+		end
+		return res		
+	end
+
 	return self
 end

filter.lua

@@ -1,5 +1,5 @@
 --------------------------------------------------------
--- Minetest :: Auth Redux Mod v2.5 (auth_rx)
+-- Minetest :: Auth Redux Mod v2.6 (auth_rx)
 --
 -- See README.txt for licensing and release notes.
 -- Copyright (c) 2017-2018, Leslie E. Krause
@@ -36,49 +36,30 @@ end
 ----------------------------
 
 function AuthFilter( path, name )
-	local src = { }
+	local src
-	local opt = { is_debug = false, is_strict = true }
+	local opt = { is_debug = false, is_strict = true, is_active = true }
 	local self = { }
 
-	local file = io.open( path .. "/" .. name, "rb" )
-	if not file then
-		error( "The specified ruleset file does not exist." )
-	end
-
-	for line in file:lines( ) do
-		-- encode string and pattern literals and function arguments to simplify parsing
-		line = string.gsub( line, "\"(.-)\"", function ( str )
-			return "\"" .. encode_base64( str ) .. ";"
-		end )
-		line = string.gsub( line, "'(.-)'", function ( str )
-			return "'" .. encode_base64( str ) .. ";"
-		end )
-		line = string.gsub( line, "/(.-)/", function ( str )
-			return "/" .. encode_base64( str ) .. ";"
-		end )
-		line = string.gsub( line, "%b()", function ( str )
-			return "&" .. encode_base64( trim( str ) ) .. ";"
-		end )
-		table.insert( src, line )
-	end
-
-	file:close( file )
-
 	local funcs = {
 		["add"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a + b end },
 		["sub"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a - b end },
 		["mul"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a * b end },
 		["div"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a / b end },
 		["neg"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a ) return -a end },
-		["max"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.max( a, b ) end },
+		["abs"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a ) return math.abs( a ) end },
-		["min"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.min( a, b ) end },
+		["max"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.max( a, b ) end },
+		["min"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.min( a, b ) end },
 		["int"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a ) return a < 0 and math.ceil( a ) or math.floor( a ) end },
+		["num"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_STRING }, def = function ( a ) return tonumber( a ) or 0 end },
 		["len"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_STRING }, def = function ( a ) return string.len( a ) end },
 		["lc"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING }, def = function ( a ) return string.lower( a ) end },
 		["uc"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING }, def = function ( a ) return string.upper( a ) end },
 		["range"] = { type = FILTER_TYPE_BOOLEAN, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b, c ) return a >= b and a <= c end },
 		["trim"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING, FILTER_TYPE_NUMBER }, def = function ( a, b ) return b > 0 and string.sub( a, 1, -b - 1 ) or string.sub( a, -b + 1 ) end },
 		["crop"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING, FILTER_TYPE_NUMBER }, def = function ( a, b ) return b > 0 and string.sub( a, 1, b ) or string.sub( a, b, -1 ) end },
+		["size"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_SERIES }, def = function ( a ) return #a end },
+		["elem"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_SERIES, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a[ b ] or "" end },
+		["split"] = { type = FILTER_TYPE_SERIES, args = { FILTER_TYPE_STRING, FILTER_TYPE_STRING }, def = function ( a, b ) return string.split( a, b, true ) end },
         }
 
 	----------------------------
@@ -121,8 +102,8 @@ function AuthFilter( path, name )
 				return nil
 			end
 			local params = { }
-			for i, v in ipairs( args ) do
+			for i, a in ipairs( args ) do
-				local oper = get_operand( v, vars )
+				local oper = get_operand( a, vars )
 				if not oper or oper.type ~= funcs[ name ].args[ i ] then
 					return nil
 				end
@@ -130,6 +111,22 @@ function AuthFilter( path, name )
 			end
 			t = funcs[ name ].type
 			v = funcs[ name ].def( unpack( params ) )
+		elseif find_token( "^&([A-Za-z0-9+/]*);$" ) then
+			t = FILTER_TYPE_SERIES
+			v = { }
+			local suffix = decode_base64( ref[ 1 ] )
+			suffix = string.gsub( suffix, "%b()", function( str )
+				-- encode nested function arguments
+				return "&" .. encode_base64( trim( str ) ) .. ";"
+			end )
+			local elems = string.split( suffix, ",", false )
+			for i, e in ipairs( elems ) do
+				local oper = get_operand( e, vars )
+				if not oper or oper.type ~= FILTER_TYPE_STRING then
+					return nil
+				end
+				table.insert( v, oper.value )
+			end
 		elseif find_token( "^%$([a-zA-Z0-9_]+)$" ) then
 			local name = ref[ 1 ]
 			if not vars[ name ] then
@@ -170,14 +167,14 @@ function AuthFilter( path, name )
 				["&"] = "%a",
 			}
 			t = FILTER_TYPE_PATTERN
-			v = minetest.decode_base64( ref[ 1 ] )
+			v = decode_base64( ref[ 1 ] )
 			v = "^" .. string.gsub( v, ".", sanitizer ) .. "$"
 		elseif find_token( "^'([a-zA-Z0-9+/]*);$" ) then
 			t = FILTER_TYPE_STRING
-			v = minetest.decode_base64( ref[ 1 ] )
+			v = decode_base64( ref[ 1 ] )
 		elseif find_token( "^\"([a-zA-Z0-9+/]*);$" ) then
 			t = FILTER_TYPE_STRING
-			v = minetest.decode_base64( ref[ 1 ] )
+			v = decode_base64( ref[ 1 ] )
 			v = string.gsub( v, "%$([a-zA-Z_]+)", function ( var )
 				return vars[ var ] and tostring( vars[ var ].value ) or "?"
 			end )
@@ -190,7 +187,7 @@ function AuthFilter( path, name )
 		return { type = t, value = v }
 	end
 
-	local evaluate = function ( rule )
+	evaluate = function ( rule )
 		-- short circuit binary logic to simplify evaluation
 		local res = ( rule.bool == FILTER_BOOL_AND )
 		local xor = 0
@@ -213,22 +210,47 @@ function AuthFilter( path, name )
 	-- public methods
 	----------------------------
 
+	self.refresh = function ( )
+		local file = io.open( path .. "/" .. name, "rb" )
+		if not file then
+			error( "The specified ruleset file does not exist." )
+		end
+		src = { }
+		for line in file:lines( ) do
+			-- encode string and pattern literals and function arguments to simplify parsing
+			line = string.gsub( line, "\"(.-)\"", function ( str )
+				return "\"" .. encode_base64( str ) .. ";"
+			end )
+			line = string.gsub( line, "'(.-)'", function ( str )
+				return "'" .. encode_base64( str ) .. ";"
+			end )
+			line = string.gsub( line, "/(.-)/", function ( str )
+				return "/" .. encode_base64( str ) .. ";"
+			end )
+			line = string.gsub( line, "%b()", function ( str )
+				return "&" .. encode_base64( trim( str ) ) .. ";"
+			end )
+			-- skip comments (lines beginning with hash character) and blank lines
+			table.insert( src, string.byte( line ) ~= 35 and line or "" )
+		end
+		file:close( file )
+	end
+
 	self.process = function( vars )
 		local rule
 		local note = "Access denied."
 
+		if not opt.is_active then return end
+
 		vars[ "true" ] = { type = FILTER_TYPE_BOOLEAN, value = true }
 		vars[ "false" ] = { type = FILTER_TYPE_BOOLEAN, value = false }
 		vars[ "time" ] = { type = FILTER_TYPE_NUMBER, value = os.time( ) }
 
 		for num, line in ipairs( src ) do
-
-			-- FIXME: ignore extraneous whitespace, even at beginning of line
 			local stmt = string.split( line, " ", false )
 
-			if string.byte( line ) == 35 or #stmt == 0 then
+			if #stmt == 0 then
-				-- skip comments (lines beginning with hash character) and empty lines
+				-- skip no-op statements
-				-- TODO: these should be stripped on file import
 
 			elseif stmt[ 1 ] == "continue" then
 				if #stmt ~= 1 then return trace( "Invalid 'continue' statement in ruleset", num ) end
@@ -358,7 +380,6 @@ function AuthFilter( path, name )
 
 				-- TODO: immediately evaluating each expression (thus avoiding a list) would be optimal,
 				-- but probably requires state table; efficiency vs complexity scenario
-
 			else
 				return trace( "Invalid statement in ruleset", num )
 			end
@@ -366,5 +387,19 @@ function AuthFilter( path, name )
 		return trace( "Unexpected end-of-file in ruleset", 0 )
 	end
 
+	self.enable = function ( )
+		opt.is_active = true
+	end
+
+	self.disable = function ( )
+		opt.is_active = false
+	end
+
+	self.is_active = function ( )
+		return opt.is_active
+	end
+
+	self.refresh( )
+
 	return self
 end

init.lua

@@ -1,5 +1,5 @@
 --------------------------------------------------------
--- Minetest :: Auth Redux Mod v2.4 (auth_rx)
+-- Minetest :: Auth Redux Mod v2.6 (auth_rx)
 --
 -- See README.txt for licensing and release notes.
 -- Copyright (c) 2017-2018, Leslie E. Krause
@@ -66,13 +66,14 @@ minetest.register_on_prejoinplayer( function ( player_name, player_ip )
 	        name = { type = FILTER_TYPE_STRING, value = player_name },
 		addr = { type = FILTER_TYPE_STRING, value = player_ip },
 		is_new = { type = FILTER_TYPE_BOOLEAN, value = rec == nil },
-		priv_list = { type = FILTER_TYPE_SERIES, value = rec and rec.assigned_privs or { } },
+		privs_list = { type = FILTER_TYPE_SERIES, value = rec and rec.assigned_privs or { } },
-		addr_list = { type = FILTER_TYPE_SERIES, value = rec and rec.approved_addrs or { } },
+		users_list = { type = FILTER_TYPE_SERIES, value = auth_db.search( true ) },
-		cur_users = { type = FILTER_TYPE_NUMBER, value = #minetest.get_connected_players( ) },
+		cur_users = { type = FILTER_TYPE_NUMBER, value = #auth_db.search( true ) },
 		max_users = { type = FILTER_TYPE_NUMBER, value = get_minetest_config( "max_users" ) },
-		lifetime = { type = FILTER_TYPE_NUMBER, value = rec and rec.lifetime or 0 },
+		sessions = { type = FILTER_TYPE_NUMBER, value = rec and rec.total_sessions or 0 },
 		failures = { type = FILTER_TYPE_NUMBER, value = rec and rec.total_failures or 0 },
 		attempts = { type = FILTER_TYPE_NUMBER, value = rec and rec.total_attempts or 0 },
+		owner = { type = FILTER_TYPE_STRING, value = get_minetest_config( "name" ) },
 	} )
 
 	return filter_err 
@@ -141,4 +142,27 @@ minetest.register_authentication_handler( {
 	iterate = auth_db.records
 } )
 
+minetest.register_chatcommand( "filter", {
+        description = "Enable or disable ruleset-based login filtering, or reload a ruleset definition.",
+        privs = { server = true },
+        func = function( name, param )
+                if param == "" then
+                        return true, "Login filtering is currently " .. ( auth_filter.is_active( ) and "enabled" or "disabled" ) .. "."
+                elseif param == "disable" then
+			auth_filter.disable( )
+			minetest.log( "action", "Login filtering disabled by " .. name .. "." )
+			return true, "Login filtering is disabled."
+                elseif param == "enable" then
+			auth_filter.enable( )
+			minetest.log( "action", "Login filtering enabled by " .. name .. "." )
+			return true, "Login filtering is enabled."
+                elseif param == "reload" then
+			auth_filter.refresh( )
+			return true, "Ruleset definition was loaded successfully."
+		else
+			return false, "Unknown parameter specified."
+		end
+        end
+} )
+
 auth_db.connect( )