diff options
| author |   HuabingZhao <zhao.huabing@zte.com.cn> | 2016-09-22 14:46:00 +0800 |
|---|---|---|
| committer | HuabingZhao <zhao.huabing@zte.com.cn> | 2016-09-22 14:46:22 +0800 |
| commit | 60a4b0bc8860e0a5a431c38ba1dcaaeb1ac507ae (patch) | |
| tree | c9a0678629d3cdb778f87ad32eefd632dbf5d3e9 /msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua | |
| parent | 991441709169b59ca0d42b5fbfece07da8c957a9 (diff) | |
Revert the Auth and Driver Mgr. Plugin to it's first version, please add the logic to access method
Issue-Id: OCS-63
Change-Id: I7b594ce066f24ca69d16f9d1a43123ae3f00060d
Signed-off-by: HuabingZhao <zhao.huabing@zte.com.cn>
Diffstat (limited to 'msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua')
| -rw-r--r-- | msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua | 152 |
1 files changed, 8 insertions, 144 deletions
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua index 7a86f06..546f1dc 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 Huawei Technologies Co., Ltd. + Copyright 2016 2015-2016 OEPN-O. and others. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -13,150 +13,14 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -]] -auth_url = '/openoapi/auth/v1'; -auth_token_url = auth_url..'/tokens'; -auth_token_key = "X-Auth-Token"; -redirect_url = "/openoui/auth/v1/login/html/login.html" - -white_list= { - auth_token_url, - redirect_url, - '/openoui/auth/v1/login/' -}; - -function verify_value(value) - if (nil == value or 0 == #value) - then - return false; - else - return true; - end -end - ---[[checks str2 starts with str1]]-- -function starts_with(str1, str2) - return string.sub(str2, 1, string.len(str1)) == str1; -end - --- Check and ignore the request if it is from auth module.-- -function is_white_list(url) - for i, value in ipairs(white_list) - do - if (starts_with(value, url)) - then - return true; - end - end - return false; -end - --- Check and ignore the request if it is from auth module. --- function is_auth_request(url) - --- return string.sub(url, 1, string.len(auth_url)) == auth_url; --- end - -function set_header(tokens) - for key,value in pairs(tokens) - do - ngx.log (ngx.ERR, "Headers: ", key, value); - ngx.req.set_header(key, value); - end - -end ---[[ validates the token with auth ]]-- -function validate_token(tokens) - -- auth expects the token in header. - set_header(tokens); - -- call auth token check url to validate. - local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD}); - ngx.log (ngx.ERR, "Auth Result:", res.status); - if (nil == res) - then - return false; - end - return (ngx.HTTP_OK == res.status); -end ---[[ get auth token from cookies ]]-- -function get_cookies() - local cookie_name = "cookie_"..auth_token_key; - local auth_token = ngx.var[cookie_name]; - local tokens = {}; - -- verify whether its empty or null. - if (verify_value(auth_token)) - then - ngx.log(ngx.ERR, "token : ", auth_token ); - tokens[auth_token_key] = auth_token; - end - return tokens; -end - -function get_service_url() - -- get host. - local host = ngx.var.host; - --get port - local port = ":"..ngx.var.server_port; - local proto = ""; - --get protocol - if (ngx.var.https == "on") - then - proto = "https://"; - else - proto = "http://"; - end - --get url - local uri = ngx.var.rui; - --form complete service url. - --local complete_url = proto..host..port..url - local complete_url = uri; - local service = "?service=" - --add arguments if any. - if ngx.var.args ~= nil - then - complete_url = complete_url.."?"..ngx.var.args; - end - ngx.log(ngx.ERR, "service url : ", complete_url); - return service..ngx.escape_uri(complete_url); -end - -function redirect(url) - local service = get_service_url(); - ngx.log(ngx.ERR, "redirect: ", url..service); - ngx.redirect(url..service); -end - -ngx.log(ngx.ERR, "==============start check token===============: "); -local url = ngx.var.uri; -ngx.log(ngx.ERR, "Url : ", url); - --- ignore token validation if auth request. -if (is_white_list(url)) -then - return; -end - - - --- get auth token from cookies. -local auth_tokens = get_cookies(); +]] +local _M = {} +_M._VERSION = '1.0.0' --- check if auth token is empty, --- redirect it to login page in that case. -if (nil == next(auth_tokens)) -then - ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url); - redirect(redirect_url); - return; +function _M.access() + --add your own code here + ngx.log(ngx.INFO, "running auth plugin") end --- validate the token with auth module. --- continue if success, else redirect to login page. -if(validate_token(auth_tokens)) -then - ngx.log(ngx.ERR, "Token Validate."); - return; -else - redirect(redirect_url); -end +return _M
\ No newline at end of file |