diff options
Diffstat (limited to 'msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext')
2 files changed, 247 insertions, 41 deletions
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua index a1fecf2..101679d 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua @@ -1,29 +1,159 @@ ---[[ +-- Copyright 2016 Huawei Technologies Co., Ltd. - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at +-- http://www.apache.org/licenses/LICENSE-2.0 - http://www.apache.org/licenses/LICENSE-2.0 +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +auth_url = '/openoapi/auth/v1'; +auth_token_url = auth_url..'/tokens'; +auth_token_key = "X-Auth-Token"; +redirect_url = "/openoui/auth/v1/login/html/login.html" - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +white_list= { + auth_token_url, + redirect_url, + '/openoui/auth/v1/login/' +}; - Author: Zhaoxing Meng - email: meng.zhaoxing1@zte.com.cn +function verify_value(value) + if (nil == value or 0 == #value) + then + return false; + else + return true; + end +end + +--[[checks str2 starts with str1]]-- +function starts_with(str1, str2) + return string.sub(str2, 1, string.len(str1)) == str1; +end + +-- Check and ignore the request if it is from auth module.-- +function is_white_list(url) + for i, value in ipairs(white_list) + do + if (starts_with(value, url)) + then + return true; + end + end + return false; +end + +-- Check and ignore the request if it is from auth module. +-- function is_auth_request(url) + +-- return string.sub(url, 1, string.len(auth_url)) == auth_url; +-- end + +function set_header(tokens) + for key,value in pairs(tokens) + do + ngx.log (ngx.ERR, "Headers: ", key, value); + ngx.req.set_header(key, value); + end + +end +--[[ validates the token with auth ]]-- +function validate_token(tokens) + -- auth expects the token in header. + set_header(tokens); + -- call auth token check url to validate. + local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD}); + ngx.log (ngx.ERR, "Auth Result:", res.status); + if (nil == res) + then + return false; + end + return (ngx.HTTP_OK == res.status); +end + +--[[ get auth token from cookies ]]-- +function get_cookies() + local cookie_name = "cookie_"..auth_token_key; + local auth_token = ngx.var[cookie_name]; + local tokens = {}; + -- verify whether its empty or null. + if (verify_value(auth_token)) + then + ngx.log(ngx.ERR, "token : ", auth_token ); + tokens[auth_token_key] = auth_token; + end + return tokens; +end + +function get_service_url() + -- get host. + local host = ngx.var.host; + --get port + local port = ":"..ngx.var.server_port; + local proto = ""; + --get protocol + if (ngx.var.https == "on") + then + proto = "https://"; + else + proto = "http://"; + end + --get url + local uri = ngx.var.rui; + --form complete service url. + --local complete_url = proto..host..port..url + local complete_url = uri; + local service = "?service=" + --add arguments if any. + if ngx.var.args ~= nil + then + complete_url = complete_url.."?"..ngx.var.args; + end + ngx.log(ngx.ERR, "service url : ", complete_url); + return service..ngx.escape_uri(complete_url); +end -]] -local _M = {} -_M._VERSION = '1.0.0' +function redirect(url) + local service = get_service_url(); + ngx.log(ngx.ERR, "redirect: ", url..service); + ngx.redirect(url..service); +end + +ngx.log(ngx.ERR, "==============start check token===============: "); +local url = ngx.var.uri; +ngx.log(ngx.ERR, "Url : ", url); -function _M.access() - --add your own code here - ngx.log(ngx.INFO, "running auth plugin") +-- ignore token validation if auth request. +if (is_white_list(url)) +then + return; end -return _M
\ No newline at end of file + + +-- get auth token from cookies. +local auth_tokens = get_cookies(); + +-- check if auth token is empty, +-- redirect it to login page in that case. +if (nil == next(auth_tokens)) +then + ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url); + redirect(redirect_url); + return; +end + +-- validate the token with auth module. +-- continue if success, else redirect to login page. +if(validate_token(auth_tokens)) +then + ngx.log(ngx.ERR, "Token Validate."); + return; +else + redirect(redirect_url); +end diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua index a53ec21..1a30ff6 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua @@ -1,30 +1,106 @@ ---[[ +-- Copyright 2016 Huawei Technologies Co., Ltd. - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at +-- http://www.apache.org/licenses/LICENSE-2.0 - http://www.apache.org/licenses/LICENSE-2.0 +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +local _HEADER = "X-Driver-Parameter" - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +--extract driver header if present in request +function get_driver_header() + local header = "" + local driver_header = ngx.req.get_headers()[_HEADER] + if (driver_header ~= nil) + then + header = driver_header + end + return header +end - Author: Zhaoxing Meng - email: meng.zhaoxing1@zte.com.cn +-- generate query url +function get_query_url(x_driver_header) + local drivermgr_uri = '/openoapi/drivermgr/v1/drivers' + local url = drivermgr_uri.."?".._HEADER.."="..tostring(ngx.escape_uri(x_driver_header)).."&service_url="..ngx.var.uri + return url +end -]] -local _M = {} -_M._VERSION = '1.0.0' +-- generate driver url +function get_driver_url(driver_header) + local cjson = require "cjson" + local query_url = get_query_url(driver_header) + local res = ngx.location.capture(query_url, { method = ngx.HTTP_GET}) + ngx.log (ngx.ERR, "Driver manager resp url : ", tostring(res.body)) + if (res.status == 200 and res.body ~= nil and res.body ~= '') + then + return tostring(cjson.new().decode(res.body).url) + else + return '' + end +end -function _M.access() - ngx.log(ngx.INFO, "running driver_manager plugin") - --add your own code here - --choose the right backend server,and then tell nginx, e.g. ngx.var.backend = XX.XX.XX.XX:8888 +-- get headers +function get_headers() + local headers = {} + local h = ngx.req.get_headers() + for k, value in pairs(h) + do + headers[k] = value + end + return headers end -return _M
\ No newline at end of file +function get_body_params() + ngx.req.read_body() + local actual_body = "" + local body_param = ngx.req.get_body_data() + if(body_param ~= nil) + then + actual_body = tostring(body_param) + end + return actual_body +end + + + +ngx.log(ngx.INFO, "DRIVER MANAGER LUA", "***********************") + +-- extract X-Driver-Parameter header param +local driver_header = get_driver_header() +ngx.log(ngx.ERR, "X-Driver-Parameter: ", driver_header) + + +-- ignore driver redirection if not driver manager request. +if (driver_header ~= "") +then + + local driver_url = get_driver_url(driver_header) + ngx.log (ngx.ERR, "Driver manager URl:: ", driver_url) + + local http = require "resty.http" + local actual_headers = get_headers() + local actual_body = get_body_params() + + ngx.log(ngx.ERR, "HTTP request to driver... ", " Request to driver manager") + local res, err = http.new():request_uri(driver_url, { + method = ngx.req.get_method(), + body = actual_body, + headers = actual_headers + }) + + if not res then + ngx.say("Request to driver failed : ", err) + return + end + ngx.log(ngx.ERR, "Response from driver : ", tostring(res.body)) + ngx.say(res.body) + +else + ngx.log(ngx.ERR, "X-Driver-Parameter not present", " Redirect to same url") +end
\ No newline at end of file |