diff options
Diffstat (limited to 'msb-core/openresty-ext/src/assembly/resources/openresty/nginx')
12 files changed, 273 insertions, 15 deletions
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf index c5dc770..1ac9aff 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf @@ -55,7 +55,7 @@ http { access_log off; # Lua settings - lua_package_path "$prefix/../lualib/?.lua;;"; + lua_package_path "$prefix/../lualib/?.lua;$prefix/luaext/?.lua;;"; lua_shared_dict ceryx 10M; lua_code_cache on; diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/customrouter.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/customrouter.lua index d1f476a..46d0b8a 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/customrouter.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/customrouter.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. + Copyright 2016 ZTE Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -82,22 +82,17 @@ local function query_allkeys_updatecache(red) ngx.log(ngx.ERR,err) return "" end - --把所有键值处理后放到集合中,去除重复 local key_set={} for key, value in ipairs(allkeys) do name = string.gsub(string.gsub(string.gsub(value,"msb:routing:custom:",""),":info",""),":lb:server1","") key_set[name]=true end - --取出所有的�?放到table中准备排�? local key_table = {} local index = 1 for key,_ in pairs(key_set) do - --为了避免效率问题,暂时不用table.insert() - --table.insert(key_table,key) key_table[index] = key index = index + 1 end - --对所有键进行倒序排序,用于实现最长前缀匹配 table.sort(key_table, function (a, b) return a > b end) @@ -154,11 +149,9 @@ local function query_router_info() end local delimiter = "<>" - -- '.-' 表示最短匹�? for key in string.gmatch(servicenames,"(.-)"..delimiter) do ngx.log(ngx.WARN, "==key_table key:", key) local from, to, err = ngx.re.find(uri, "^"..key.."(/(.*))?$", "jo") - --判断key是否为输入uri�?前缀" if from then ngx.log(ngx.WARN,"Matched! start-end:",from,"-",to) local result = query_ipurl_updatecache(red,key) diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/execute_auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/execute_auth.lua new file mode 100644 index 0000000..946f561 --- /dev/null +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/execute_auth.lua @@ -0,0 +1,25 @@ +--[[ + + Copyright 2016 ZTE Corporation. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Author: Zhaoxing Meng + email: meng.zhaoxing1@zte.com.cn + +]] +local auth_plugin = require('plugins.auth') +local msbconf = require('msbconf') +if(msbconf.auth_plugin_status == "on") then + auth_plugin.access() +end
\ No newline at end of file diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/msbconf.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/msbconf.lua new file mode 100644 index 0000000..48b04c7 --- /dev/null +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/msbconf.lua @@ -0,0 +1,26 @@ +--[[ + + Copyright 2016 ZTE Corporation. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Author: Zhaoxing Meng + email: meng.zhaoxing1@zte.com.cn + +]] +local _M = {} +_M._VERSION = '1.0.0' + +return { + auth_plugin_status = "off" +}
\ No newline at end of file diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoadminrouter.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoadminrouter.lua index d2f0895..938a017 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoadminrouter.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoadminrouter.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. + Copyright 2016 ZTE Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapijsonrouter.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapijsonrouter.lua index 1a061f0..9255a65 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapijsonrouter.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapijsonrouter.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. + Copyright 2016 ZTE Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapirouter.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapirouter.lua index 9dec2a9..717bd1a 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapirouter.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openoapirouter.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. + Copyright 2016 ZTE Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openouirouter.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openouirouter.lua index 736aacd..c36057e 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openouirouter.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/openouirouter.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. + Copyright 2016 ZTE Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua new file mode 100644 index 0000000..0bec85c --- /dev/null +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua @@ -0,0 +1,165 @@ +--[[ + + Copyright 2016 2015-2016 OEPN-O. and others. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +]] +local _M = {} +_M._VERSION = '1.0.0' +local auth_url = '/openoapi/auth/v1'; +local auth_token_url = auth_url..'/tokens'; +local auth_token_key = "X-Auth-Token"; +local redirect_url = "/openoui/auth/v1/login/html/login.html" + +local white_list= { + auth_token_url, + redirect_url, + '/openoui/auth/v1/login/' +}; + +local function verify_value(value) + if (nil == value or 0 == #value) + then + return false; + else + return true; + end +end + +--[[checks str2 starts with str1]]-- +local function starts_with(str1, str2) + return string.sub(str2, 1, string.len(str1)) == str1; +end + +-- Check and ignore the request if it is from auth module.-- +local function is_white_list(url) + for i, value in ipairs(white_list) + do + if (starts_with(value, url)) + then + return true; + end + end + return false; +end + +local function set_header(tokens) + for key,value in pairs(tokens) + do + ngx.log (ngx.ERR, "Headers: ", key, value); + ngx.req.set_header(key, value); + end + +end +--[[ validates the token with auth ]]-- +local function validate_token(tokens) + -- auth expects the token in header. + set_header(tokens); + -- call auth token check url to validate. + local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD}); + ngx.log (ngx.ERR, "Auth Result:", res.status); + if (nil == res) + then + return false; + end + return (ngx.HTTP_OK == res.status); +end + +--[[ get auth token from cookies ]]-- +local function get_cookies() + local cookie_name = "cookie_"..auth_token_key; + local auth_token = ngx.var[cookie_name]; + local tokens = {}; + -- verify whether its empty or null. + if (verify_value(auth_token)) + then + ngx.log(ngx.ERR, "token : ", auth_token ); + tokens[auth_token_key] = auth_token; + end + return tokens; +end + +local function get_service_url() + -- get host. + local host = ngx.var.host; + --get port + local port = ":"..ngx.var.server_port; + local proto = ""; + --get protocol + if (ngx.var.https == "on") + then + proto = "https://"; + else + proto = "http://"; + end + --get url + local uri = ngx.var.rui; + --form complete service url. + --local complete_url = proto..host..port..url + local complete_url = uri; + local service = "?service=" + --add arguments if any. + if ngx.var.args ~= nil + then + complete_url = complete_url.."?"..ngx.var.args; + end + ngx.log(ngx.ERR, "service url : ", complete_url); + return service..ngx.escape_uri(complete_url); +end + +local function redirect(url) + local service = get_service_url(); + ngx.log(ngx.ERR, "redirect: ", url..service); + ngx.redirect(url..service); +end + +function _M.access() + + ngx.log(ngx.ERR, "==============start check token===============: "); + local url = ngx.var.uri; + ngx.log(ngx.ERR, "Url : ", url); + + -- ignore token validation if auth request. + if (is_white_list(url)) + then + return; + end + + + + -- get auth token from cookies. + local auth_tokens = get_cookies(); + + -- check if auth token is empty, + -- redirect it to login page in that case. + if (nil == next(auth_tokens)) + then + ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url); + redirect(redirect_url); + return; + end + + -- validate the token with auth module. + -- continue if success, else redirect to login page. + if(validate_token(auth_tokens)) + then + ngx.log(ngx.ERR, "Token Validate."); + return; + else + redirect(redirect_url); + end + ngx.log(ngx.INFO, "running auth plugin") + end + +return _M
\ No newline at end of file diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua new file mode 100644 index 0000000..d337a25 --- /dev/null +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua @@ -0,0 +1,27 @@ +--[[ + + Copyright 2016 2015-2016 OPEN-O. and others. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +]] +local _M = {} +_M._VERSION = '1.0.0' + +function _M.access() + ngx.log(ngx.INFO, "running driver_manager plugin") + --add your own code here + --choose the right backend server,and then tell nginx, e.g. ngx.var.backend = XX.XX.XX.XX:8888 +end + +return _M
\ No newline at end of file diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/setnocacheflag.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/setnocacheflag.lua index e8c75cd..8b57660 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/setnocacheflag.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/setnocacheflag.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved. + Copyright 2016 ZTE Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/sites-enabled/openomsb.conf b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/sites-enabled/openomsb.conf index b529d94..0b9ddda 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/sites-enabled/openomsb.conf +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/sites-enabled/openomsb.conf @@ -21,7 +21,11 @@ server { listen 80; default_type text/html; add_header X-Cache-Status $upstream_cache_status; - + + location = / { + rewrite ^ /openoui/microservices/index.html redirect; + } + location = /openoui/microservices { rewrite /openoui/microservices /openoui/microservices/index.html redirect; } @@ -33,6 +37,7 @@ server { # Lua files rewrite_by_lua_file luaext/customrouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_pass http://$server; } @@ -42,6 +47,16 @@ server { location ~ ^/iui/(.*) { rewrite ^/iui/(.*) /openoui/$1 last; } + + location ^~ /openoapi/driver_ { + set $backend ""; + # Lua files + access_by_lua_block { + local driver_manager = require('plugins.driver_manager') + driver_manager.access() + } + proxy_pass http://$backend; + } location ~ ^/openoapi/([^/]+)(/[Vv][^/]*)?(.*) { set $apiname $1; set $apiversion $2; @@ -50,6 +65,7 @@ server { # Lua files rewrite_by_lua_file luaext/openoapirouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_pass http://$apiserver; } @@ -63,6 +79,7 @@ server { # Lua files rewrite_by_lua_file luaext/openouirouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_cache nginx_cache; proxy_cache_key $host$uri$is_args$args; @@ -80,6 +97,7 @@ server { # Lua files rewrite_by_lua_file luaext/openouirouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_pass http://$iuiserver; } @@ -92,6 +110,7 @@ server { # Lua files rewrite_by_lua_file luaext/openoadminrouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_pass http://$apiserver; } @@ -105,6 +124,7 @@ server { # Lua files rewrite_by_lua_file luaext/openoapijsonrouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_cache nginx_cache; proxy_cache_key $host$uri$is_args$args; @@ -122,6 +142,7 @@ server { # Lua files rewrite_by_lua_file luaext/openoapijsonrouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_pass http://$apiserver; } @@ -133,6 +154,7 @@ server { # Lua files rewrite_by_lua_file luaext/customrouter.lua; + access_by_lua_file luaext/execute_auth.lua; proxy_cache nginx_cache; proxy_cache_key $host$uri$is_args$args; |