summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSukesh Aray <sukeshac@huawei.com>2016-09-26 10:51:17 +0000
committerGerrit Code Review <gerrit@open-o.org>2016-09-26 10:51:17 +0000
commitbd4751aea932056959c5ea8fcb6a57f5df85070d (patch)
treedeb054807eead17b976dfb46e4c879292c4c2113
parentf37c3cb8dd8329ae0aa9d7cc358f85718041d707 (diff)
parent7d1e06231a3155db31cc0c21ba52dce558444f1e (diff)
Merge "add the auth lua plugin"
-rw-r--r--msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua145
1 files changed, 142 insertions, 3 deletions
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
index 546f1dc..0bec85c 100644
--- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
+++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
@@ -17,10 +17,149 @@
]]
local _M = {}
_M._VERSION = '1.0.0'
+local auth_url = '/openoapi/auth/v1';
+local auth_token_url = auth_url..'/tokens';
+local auth_token_key = "X-Auth-Token";
+local redirect_url = "/openoui/auth/v1/login/html/login.html"
-function _M.access()
- --add your own code here
- ngx.log(ngx.INFO, "running auth plugin")
+local white_list= {
+ auth_token_url,
+ redirect_url,
+ '/openoui/auth/v1/login/'
+};
+
+local function verify_value(value)
+ if (nil == value or 0 == #value)
+ then
+ return false;
+ else
+ return true;
+ end
+end
+
+--[[checks str2 starts with str1]]--
+local function starts_with(str1, str2)
+ return string.sub(str2, 1, string.len(str1)) == str1;
end
+-- Check and ignore the request if it is from auth module.--
+local function is_white_list(url)
+ for i, value in ipairs(white_list)
+ do
+ if (starts_with(value, url))
+ then
+ return true;
+ end
+ end
+ return false;
+end
+
+local function set_header(tokens)
+ for key,value in pairs(tokens)
+ do
+ ngx.log (ngx.ERR, "Headers: ", key, value);
+ ngx.req.set_header(key, value);
+ end
+
+end
+--[[ validates the token with auth ]]--
+local function validate_token(tokens)
+ -- auth expects the token in header.
+ set_header(tokens);
+ -- call auth token check url to validate.
+ local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD});
+ ngx.log (ngx.ERR, "Auth Result:", res.status);
+ if (nil == res)
+ then
+ return false;
+ end
+ return (ngx.HTTP_OK == res.status);
+end
+
+--[[ get auth token from cookies ]]--
+local function get_cookies()
+ local cookie_name = "cookie_"..auth_token_key;
+ local auth_token = ngx.var[cookie_name];
+ local tokens = {};
+ -- verify whether its empty or null.
+ if (verify_value(auth_token))
+ then
+ ngx.log(ngx.ERR, "token : ", auth_token );
+ tokens[auth_token_key] = auth_token;
+ end
+ return tokens;
+end
+
+local function get_service_url()
+ -- get host.
+ local host = ngx.var.host;
+ --get port
+ local port = ":"..ngx.var.server_port;
+ local proto = "";
+ --get protocol
+ if (ngx.var.https == "on")
+ then
+ proto = "https://";
+ else
+ proto = "http://";
+ end
+ --get url
+ local uri = ngx.var.rui;
+ --form complete service url.
+ --local complete_url = proto..host..port..url
+ local complete_url = uri;
+ local service = "?service="
+ --add arguments if any.
+ if ngx.var.args ~= nil
+ then
+ complete_url = complete_url.."?"..ngx.var.args;
+ end
+ ngx.log(ngx.ERR, "service url : ", complete_url);
+ return service..ngx.escape_uri(complete_url);
+end
+
+local function redirect(url)
+ local service = get_service_url();
+ ngx.log(ngx.ERR, "redirect: ", url..service);
+ ngx.redirect(url..service);
+end
+
+function _M.access()
+
+ ngx.log(ngx.ERR, "==============start check token===============: ");
+ local url = ngx.var.uri;
+ ngx.log(ngx.ERR, "Url : ", url);
+
+ -- ignore token validation if auth request.
+ if (is_white_list(url))
+ then
+ return;
+ end
+
+
+
+ -- get auth token from cookies.
+ local auth_tokens = get_cookies();
+
+ -- check if auth token is empty,
+ -- redirect it to login page in that case.
+ if (nil == next(auth_tokens))
+ then
+ ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url);
+ redirect(redirect_url);
+ return;
+ end
+
+ -- validate the token with auth module.
+ -- continue if success, else redirect to login page.
+ if(validate_token(auth_tokens))
+ then
+ ngx.log(ngx.ERR, "Token Validate.");
+ return;
+ else
+ redirect(redirect_url);
+ end
+ ngx.log(ngx.INFO, "running auth plugin")
+ end
+
return _M \ No newline at end of file