aboutsummaryrefslogtreecommitdiffstats
path: root/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
diff options
context:
space:
mode:
Diffstat (limited to 'msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua')
-rw-r--r--msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua171
1 files changed, 0 insertions, 171 deletions
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
deleted file mode 100644
index 1572060..0000000
--- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
+++ /dev/null
@@ -1,171 +0,0 @@
---[[
-
- Copyright 2016 2015-2016 OEPN-O. and others. All rights reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-]]
-local _M = {}
-_M._VERSION = '1.0.0'
-local auth_url = '/openoapi/auth/v1';
-local auth_token_url = auth_url..'/tokens';
-local auth_token_key = "X-Auth-Token";
-local redirect_url = "/openoui/common/login.html"
-
-local white_list= {
- auth_token_url,
- redirect_url,
- '/openoui/common/css',
- '/openoui/common/js',
- '/openoui/common/thirdparty',
- '/openoui/common/i18n',
- '/openoui/common/image',
- '/openoui/common/login.html',
- '/openoui/common/json'
-};
-
-local function verify_value(value)
- if (nil == value or 0 == #value)
- then
- return false;
- else
- return true;
- end
-end
-
---[[checks str2 starts with str1]]--
-local function starts_with(str1, str2)
- return string.sub(str2, 1, string.len(str1)) == str1;
-end
-
--- Check and ignore the request if it is from auth module.--
-local function is_white_list(url)
- for i, value in ipairs(white_list)
- do
- if (starts_with(value, url))
- then
- return true;
- end
- end
- return false;
-end
-
-local function set_header(tokens)
- for key,value in pairs(tokens)
- do
- ngx.log (ngx.ERR, "Headers: ", key, value);
- ngx.req.set_header(key, value);
- end
-
-end
---[[ validates the token with auth ]]--
-local function validate_token(tokens)
- -- auth expects the token in header.
- set_header(tokens);
- -- call auth token check url to validate.
- local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD});
- ngx.log (ngx.ERR, "Auth Result:", res.status);
- if (nil == res)
- then
- return false;
- end
- return (ngx.HTTP_OK == res.status);
-end
-
---[[ get auth token from cookies ]]--
-local function get_cookies()
- local cookie_name = "cookie_"..auth_token_key;
- local auth_token = ngx.var[cookie_name];
- local tokens = {};
- -- verify whether its empty or null.
- if (verify_value(auth_token))
- then
- ngx.log(ngx.ERR, "token : ", auth_token );
- tokens[auth_token_key] = auth_token;
- end
- return tokens;
-end
-
-local function get_service_url()
- -- get host.
- local host = ngx.var.host;
- --get port
- local port = ":"..ngx.var.server_port;
- local proto = "";
- --get protocol
- if (ngx.var.https == "on")
- then
- proto = "https://";
- else
- proto = "http://";
- end
- --get url
- local uri = ngx.var.uri;
- --form complete service url.
- --local complete_url = proto..host..port..url
- local complete_url = uri;
- local service = "?service="
- --add arguments if any.
- if ngx.var.args ~= nil
- then
- complete_url = complete_url.."?"..ngx.var.args;
- end
- ngx.log(ngx.ERR, "service url : ", complete_url);
- return service..ngx.escape_uri(complete_url);
-end
-
-local function redirect(url)
- local service = get_service_url();
- ngx.log(ngx.ERR, "redirect: ", url..service);
- ngx.redirect(url..service);
-end
-
-function _M.access()
-
- ngx.log(ngx.ERR, "==============start check token===============: ");
- local url = ngx.var.uri;
- ngx.log(ngx.ERR, "Url : ", url);
-
- -- ignore token validation if auth request.
- if (is_white_list(url))
- then
- return;
- end
-
-
-
- -- get auth token from cookies.
- local auth_tokens = get_cookies();
-
- -- check if auth token is empty,
- -- redirect it to login page in that case.
- if (nil == next(auth_tokens))
- then
- ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url);
- redirect(redirect_url);
- return;
- end
-
- -- validate the token with auth module.
- -- continue if success, else redirect to login page.
- if(validate_token(auth_tokens))
- then
- ngx.log(ngx.ERR, "Token Validate.");
- return;
- else
- redirect(redirect_url);
- end
- ngx.log(ngx.INFO, "running auth plugin")
- end
-
-return _M \ No newline at end of file