aboutsummaryrefslogtreecommitdiffstats
path: root/msb-core/openresty-ext/src/assembly/resources/openresty/nginx
diff options
context:
space:
mode:
Diffstat (limited to 'msb-core/openresty-ext/src/assembly/resources/openresty/nginx')
-rw-r--r--msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua170
-rw-r--r--msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua118
2 files changed, 247 insertions, 41 deletions
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
index a1fecf2..101679d 100644
--- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
+++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua
@@ -1,29 +1,159 @@
---[[
+-- Copyright 2016 Huawei Technologies Co., Ltd.
- Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved.
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+-- http://www.apache.org/licenses/LICENSE-2.0
- http://www.apache.org/licenses/LICENSE-2.0
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+auth_url = '/openoapi/auth/v1';
+auth_token_url = auth_url..'/tokens';
+auth_token_key = "X-Auth-Token";
+redirect_url = "/openoui/auth/v1/login/html/login.html"
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+white_list= {
+ auth_token_url,
+ redirect_url,
+ '/openoui/auth/v1/login/'
+};
- Author: Zhaoxing Meng
- email: meng.zhaoxing1@zte.com.cn
+function verify_value(value)
+ if (nil == value or 0 == #value)
+ then
+ return false;
+ else
+ return true;
+ end
+end
+
+--[[checks str2 starts with str1]]--
+function starts_with(str1, str2)
+ return string.sub(str2, 1, string.len(str1)) == str1;
+end
+
+-- Check and ignore the request if it is from auth module.--
+function is_white_list(url)
+ for i, value in ipairs(white_list)
+ do
+ if (starts_with(value, url))
+ then
+ return true;
+ end
+ end
+ return false;
+end
+
+-- Check and ignore the request if it is from auth module.
+-- function is_auth_request(url)
+
+-- return string.sub(url, 1, string.len(auth_url)) == auth_url;
+-- end
+
+function set_header(tokens)
+ for key,value in pairs(tokens)
+ do
+ ngx.log (ngx.ERR, "Headers: ", key, value);
+ ngx.req.set_header(key, value);
+ end
+
+end
+--[[ validates the token with auth ]]--
+function validate_token(tokens)
+ -- auth expects the token in header.
+ set_header(tokens);
+ -- call auth token check url to validate.
+ local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD});
+ ngx.log (ngx.ERR, "Auth Result:", res.status);
+ if (nil == res)
+ then
+ return false;
+ end
+ return (ngx.HTTP_OK == res.status);
+end
+
+--[[ get auth token from cookies ]]--
+function get_cookies()
+ local cookie_name = "cookie_"..auth_token_key;
+ local auth_token = ngx.var[cookie_name];
+ local tokens = {};
+ -- verify whether its empty or null.
+ if (verify_value(auth_token))
+ then
+ ngx.log(ngx.ERR, "token : ", auth_token );
+ tokens[auth_token_key] = auth_token;
+ end
+ return tokens;
+end
+
+function get_service_url()
+ -- get host.
+ local host = ngx.var.host;
+ --get port
+ local port = ":"..ngx.var.server_port;
+ local proto = "";
+ --get protocol
+ if (ngx.var.https == "on")
+ then
+ proto = "https://";
+ else
+ proto = "http://";
+ end
+ --get url
+ local uri = ngx.var.rui;
+ --form complete service url.
+ --local complete_url = proto..host..port..url
+ local complete_url = uri;
+ local service = "?service="
+ --add arguments if any.
+ if ngx.var.args ~= nil
+ then
+ complete_url = complete_url.."?"..ngx.var.args;
+ end
+ ngx.log(ngx.ERR, "service url : ", complete_url);
+ return service..ngx.escape_uri(complete_url);
+end
-]]
-local _M = {}
-_M._VERSION = '1.0.0'
+function redirect(url)
+ local service = get_service_url();
+ ngx.log(ngx.ERR, "redirect: ", url..service);
+ ngx.redirect(url..service);
+end
+
+ngx.log(ngx.ERR, "==============start check token===============: ");
+local url = ngx.var.uri;
+ngx.log(ngx.ERR, "Url : ", url);
-function _M.access()
- --add your own code here
- ngx.log(ngx.INFO, "running auth plugin")
+-- ignore token validation if auth request.
+if (is_white_list(url))
+then
+ return;
end
-return _M \ No newline at end of file
+
+
+-- get auth token from cookies.
+local auth_tokens = get_cookies();
+
+-- check if auth token is empty,
+-- redirect it to login page in that case.
+if (nil == next(auth_tokens))
+then
+ ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url);
+ redirect(redirect_url);
+ return;
+end
+
+-- validate the token with auth module.
+-- continue if success, else redirect to login page.
+if(validate_token(auth_tokens))
+then
+ ngx.log(ngx.ERR, "Token Validate.");
+ return;
+else
+ redirect(redirect_url);
+end
diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua
index a53ec21..1a30ff6 100644
--- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua
+++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua
@@ -1,30 +1,106 @@
---[[
+-- Copyright 2016 Huawei Technologies Co., Ltd.
- Copyright 2016 2015-2016 ZTE, Inc. and others. All rights reserved.
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+-- http://www.apache.org/licenses/LICENSE-2.0
- http://www.apache.org/licenses/LICENSE-2.0
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+local _HEADER = "X-Driver-Parameter"
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+--extract driver header if present in request
+function get_driver_header()
+ local header = ""
+ local driver_header = ngx.req.get_headers()[_HEADER]
+ if (driver_header ~= nil)
+ then
+ header = driver_header
+ end
+ return header
+end
- Author: Zhaoxing Meng
- email: meng.zhaoxing1@zte.com.cn
+-- generate query url
+function get_query_url(x_driver_header)
+ local drivermgr_uri = '/openoapi/drivermgr/v1/drivers'
+ local url = drivermgr_uri.."?".._HEADER.."="..tostring(ngx.escape_uri(x_driver_header)).."&service_url="..ngx.var.uri
+ return url
+end
-]]
-local _M = {}
-_M._VERSION = '1.0.0'
+-- generate driver url
+function get_driver_url(driver_header)
+ local cjson = require "cjson"
+ local query_url = get_query_url(driver_header)
+ local res = ngx.location.capture(query_url, { method = ngx.HTTP_GET})
+ ngx.log (ngx.ERR, "Driver manager resp url : ", tostring(res.body))
+ if (res.status == 200 and res.body ~= nil and res.body ~= '')
+ then
+ return tostring(cjson.new().decode(res.body).url)
+ else
+ return ''
+ end
+end
-function _M.access()
- ngx.log(ngx.INFO, "running driver_manager plugin")
- --add your own code here
- --choose the right backend server,and then tell nginx, e.g. ngx.var.backend = XX.XX.XX.XX:8888
+-- get headers
+function get_headers()
+ local headers = {}
+ local h = ngx.req.get_headers()
+ for k, value in pairs(h)
+ do
+ headers[k] = value
+ end
+ return headers
end
-return _M \ No newline at end of file
+function get_body_params()
+ ngx.req.read_body()
+ local actual_body = ""
+ local body_param = ngx.req.get_body_data()
+ if(body_param ~= nil)
+ then
+ actual_body = tostring(body_param)
+ end
+ return actual_body
+end
+
+
+
+ngx.log(ngx.INFO, "DRIVER MANAGER LUA", "***********************")
+
+-- extract X-Driver-Parameter header param
+local driver_header = get_driver_header()
+ngx.log(ngx.ERR, "X-Driver-Parameter: ", driver_header)
+
+
+-- ignore driver redirection if not driver manager request.
+if (driver_header ~= "")
+then
+
+ local driver_url = get_driver_url(driver_header)
+ ngx.log (ngx.ERR, "Driver manager URl:: ", driver_url)
+
+ local http = require "resty.http"
+ local actual_headers = get_headers()
+ local actual_body = get_body_params()
+
+ ngx.log(ngx.ERR, "HTTP request to driver... ", " Request to driver manager")
+ local res, err = http.new():request_uri(driver_url, {
+ method = ngx.req.get_method(),
+ body = actual_body,
+ headers = actual_headers
+ })
+
+ if not res then
+ ngx.say("Request to driver failed : ", err)
+ return
+ end
+ ngx.log(ngx.ERR, "Response from driver : ", tostring(res.body))
+ ngx.say(res.body)
+
+else
+ ngx.log(ngx.ERR, "X-Driver-Parameter not present", " Redirect to same url")
+end \ No newline at end of file