From 60a4b0bc8860e0a5a431c38ba1dcaaeb1ac507ae Mon Sep 17 00:00:00 2001 From: HuabingZhao Date: Thu, 22 Sep 2016 14:46:00 +0800 Subject: Revert the Auth and Driver Mgr. Plugin to it's first version, please add the logic to access method Issue-Id: OCS-63 Change-Id: I7b594ce066f24ca69d16f9d1a43123ae3f00060d Signed-off-by: HuabingZhao --- .../openresty/nginx/luaext/plugins/auth.lua | 152 ++------------------- .../nginx/luaext/plugins/driver_manager.lua | 100 ++------------ 2 files changed, 17 insertions(+), 235 deletions(-) diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua index 7a86f06..546f1dc 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/auth.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 Huawei Technologies Co., Ltd. + Copyright 2016 2015-2016 OEPN-O. and others. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -13,150 +13,14 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -]] -auth_url = '/openoapi/auth/v1'; -auth_token_url = auth_url..'/tokens'; -auth_token_key = "X-Auth-Token"; -redirect_url = "/openoui/auth/v1/login/html/login.html" - -white_list= { - auth_token_url, - redirect_url, - '/openoui/auth/v1/login/' -}; - -function verify_value(value) - if (nil == value or 0 == #value) - then - return false; - else - return true; - end -end - ---[[checks str2 starts with str1]]-- -function starts_with(str1, str2) - return string.sub(str2, 1, string.len(str1)) == str1; -end - --- Check and ignore the request if it is from auth module.-- -function is_white_list(url) - for i, value in ipairs(white_list) - do - if (starts_with(value, url)) - then - return true; - end - end - return false; -end - --- Check and ignore the request if it is from auth module. --- function is_auth_request(url) - --- return string.sub(url, 1, string.len(auth_url)) == auth_url; --- end - -function set_header(tokens) - for key,value in pairs(tokens) - do - ngx.log (ngx.ERR, "Headers: ", key, value); - ngx.req.set_header(key, value); - end - -end ---[[ validates the token with auth ]]-- -function validate_token(tokens) - -- auth expects the token in header. - set_header(tokens); - -- call auth token check url to validate. - local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD}); - ngx.log (ngx.ERR, "Auth Result:", res.status); - if (nil == res) - then - return false; - end - return (ngx.HTTP_OK == res.status); -end ---[[ get auth token from cookies ]]-- -function get_cookies() - local cookie_name = "cookie_"..auth_token_key; - local auth_token = ngx.var[cookie_name]; - local tokens = {}; - -- verify whether its empty or null. - if (verify_value(auth_token)) - then - ngx.log(ngx.ERR, "token : ", auth_token ); - tokens[auth_token_key] = auth_token; - end - return tokens; -end - -function get_service_url() - -- get host. - local host = ngx.var.host; - --get port - local port = ":"..ngx.var.server_port; - local proto = ""; - --get protocol - if (ngx.var.https == "on") - then - proto = "https://"; - else - proto = "http://"; - end - --get url - local uri = ngx.var.rui; - --form complete service url. - --local complete_url = proto..host..port..url - local complete_url = uri; - local service = "?service=" - --add arguments if any. - if ngx.var.args ~= nil - then - complete_url = complete_url.."?"..ngx.var.args; - end - ngx.log(ngx.ERR, "service url : ", complete_url); - return service..ngx.escape_uri(complete_url); -end - -function redirect(url) - local service = get_service_url(); - ngx.log(ngx.ERR, "redirect: ", url..service); - ngx.redirect(url..service); -end - -ngx.log(ngx.ERR, "==============start check token===============: "); -local url = ngx.var.uri; -ngx.log(ngx.ERR, "Url : ", url); - --- ignore token validation if auth request. -if (is_white_list(url)) -then - return; -end - - - --- get auth token from cookies. -local auth_tokens = get_cookies(); +]] +local _M = {} +_M._VERSION = '1.0.0' --- check if auth token is empty, --- redirect it to login page in that case. -if (nil == next(auth_tokens)) -then - ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url); - redirect(redirect_url); - return; +function _M.access() + --add your own code here + ngx.log(ngx.INFO, "running auth plugin") end --- validate the token with auth module. --- continue if success, else redirect to login page. -if(validate_token(auth_tokens)) -then - ngx.log(ngx.ERR, "Token Validate."); - return; -else - redirect(redirect_url); -end +return _M \ No newline at end of file diff --git a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua index 490bd94..d337a25 100644 --- a/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua +++ b/msb-core/openresty-ext/src/assembly/resources/openresty/nginx/luaext/plugins/driver_manager.lua @@ -1,6 +1,6 @@ --[[ - Copyright 2016 Huawei Technologies Co., Ltd. + Copyright 2016 2015-2016 OPEN-O. and others. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -13,97 +13,15 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -]] -local _HEADER = "X-Driver-Parameter" - ---extract driver header if present in request -function get_driver_header() - local header = "" - local driver_header = ngx.req.get_headers()[_HEADER] - if (driver_header ~= nil) - then - header = driver_header - end - return header -end - --- generate query url -function get_query_url(x_driver_header) - local drivermgr_uri = '/openoapi/drivermgr/v1/drivers' - local url = drivermgr_uri.."?".._HEADER.."="..tostring(ngx.escape_uri(x_driver_header)).."&service_url="..ngx.var.uri - return url -end --- generate driver url -function get_driver_url(driver_header) - local cjson = require "cjson" - local query_url = get_query_url(driver_header) - local res = ngx.location.capture(query_url, { method = ngx.HTTP_GET}) - ngx.log (ngx.ERR, "Driver manager resp url : ", tostring(res.body)) - if (res.status == 200 and res.body ~= nil and res.body ~= '') - then - return tostring(cjson.new().decode(res.body).url) - else - return '' - end -end - --- get headers -function get_headers() - local headers = {} - local h = ngx.req.get_headers() - for k, value in pairs(h) - do - headers[k] = value - end - return headers -end +]] +local _M = {} +_M._VERSION = '1.0.0' -function get_body_params() - ngx.req.read_body() - local actual_body = "" - local body_param = ngx.req.get_body_data() - if(body_param ~= nil) - then - actual_body = tostring(body_param) - end - return actual_body +function _M.access() + ngx.log(ngx.INFO, "running driver_manager plugin") + --add your own code here + --choose the right backend server,and then tell nginx, e.g. ngx.var.backend = XX.XX.XX.XX:8888 end - - -ngx.log(ngx.INFO, "DRIVER MANAGER LUA", "***********************") - --- extract X-Driver-Parameter header param -local driver_header = get_driver_header() -ngx.log(ngx.ERR, "X-Driver-Parameter: ", driver_header) - - --- ignore driver redirection if not driver manager request. -if (driver_header ~= "") -then - - local driver_url = get_driver_url(driver_header) - ngx.log (ngx.ERR, "Driver manager URl:: ", driver_url) - - local http = require "resty.http" - local actual_headers = get_headers() - local actual_body = get_body_params() - - ngx.log(ngx.ERR, "HTTP request to driver... ", " Request to driver manager") - local res, err = http.new():request_uri(driver_url, { - method = ngx.req.get_method(), - body = actual_body, - headers = actual_headers - }) - - if not res then - ngx.say("Request to driver failed : ", err) - return - end - ngx.log(ngx.ERR, "Response from driver : ", tostring(res.body)) - ngx.say(res.body) - -else - ngx.log(ngx.ERR, "X-Driver-Parameter not present", " Redirect to same url") -end \ No newline at end of file +return _M \ No newline at end of file -- cgit 1.2.3-korg