portal-ng pods run under root user

- switch base image from openresty to nginx-unprivileged - remove custom lua plugin code - dynamically determine dns resolver ip during container startup Issue-ID: PORTALNG-67 Change-Id: I23fb5e684dbb98a326afb00911a1f5ae78e2536d Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
author: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2024-03-01 13:03:12 +0100
committer: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2024-03-01 13:03:12 +0100
commit: 97d7de9af2cb6cc3bbbcae18ada738ace7771903 (patch)
tree: a7c6221348272e82406bba446b6b00b1d1b8e608 /server/resty/session/strategies
parent: bf25efd6d3ed28266ed916c0ebe9dd3a45a4affb (diff)
2 files changed, 0 insertions, 275 deletions
diff --git a/server/resty/session/strategies/default.lua b/server/resty/session/strategies/default.lua
deleted file mode 100644
index a43ef5a..0000000
--- a/server/resty/session/strategies/default.lua
+++ /dev/null
@@ -1,232 +0,0 @@
-local type   = type
-local concat = table.concat
-
-local strategy = {}
-
-function strategy.load(session, cookie, key, keep_lock)
-  local storage    = session.storage
-  local id         = cookie.id
-  local id_encoded = session.encoder.encode(id)
-
-  local data, err, tag
-  if storage.open then
-    data, err = storage:open(id_encoded, keep_lock)
-    if not data then
-      return nil, err or "cookie data was not found"
-    end
-
-  else
-    data = cookie.data
-  end
-
-  local expires   = cookie.expires
-  local usebefore = cookie.usebefore
-  local hash      = cookie.hash
-
-  if not key then
-    key = concat{ id, expires, usebefore }
-  end
-
-  local hkey = session.hmac(session.secret, key)
-
-  data, err, tag = session.cipher:decrypt(data, hkey, id, session.key, hash)
-  if not data then
-    if storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, err or "unable to decrypt data"
-  end
-
-  if tag then
-    if tag ~= hash then
-      if storage.close then
-        storage:close(id_encoded)
-      end
-
-      return nil, "cookie has invalid tag"
-    end
-
-  else
-    local input = concat{ key, data, session.key }
-    if session.hmac(hkey, input) ~= hash then
-      if storage.close then
-        storage:close(id_encoded)
-      end
-
-      return nil, "cookie has invalid signature"
-    end
-  end
-
-  data, err = session.compressor:decompress(data)
-  if not data then
-    if storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, err or "unable to decompress data"
-  end
-
-  data, err = session.serializer.deserialize(data)
-  if not data then
-    if storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, err or "unable to deserialize data"
-  end
-
-  session.id        = id
-  session.expires   = expires
-  session.usebefore = usebefore
-  session.data      = type(data) == "table" and data or {}
-  session.present   = true
-
-  return true
-end
-
-function strategy.open(session, cookie, keep_lock)
-  return strategy.load(session, cookie, nil, keep_lock)
-end
-
-function strategy.start(session)
-  local storage = session.storage
-  if not storage.start then
-    return true
-  end
-
-  local id_encoded = session.encoder.encode(session.id)
-
-  local ok, err = storage:start(id_encoded)
-  if not ok then
-    return nil, err or "unable to start session"
-  end
-
-  return true
-end
-
-function strategy.modify(session, action, close, key)
-  local id         = session.id
-  local id_encoded = session.encoder.encode(id)
-  local storage    = session.storage
-  local expires    = session.expires
-  local usebefore  = session.usebefore
-  local ttl        = expires - session.now
-
-  if ttl <= 0 then
-    if storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, "session is already expired"
-  end
-
-  if not key then
-    key = concat{ id, expires, usebefore }
-  end
-
-  local data, err = session.serializer.serialize(session.data)
-  if not data then
-    if close and storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, err or "unable to serialize data"
-  end
-
-  data, err = session.compressor:compress(data)
-  if not data then
-    if close and storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, err or "unable to compress data"
-  end
-
-  local hkey = session.hmac(session.secret, key)
-
-  local encrypted_data, tag
-  encrypted_data, err, tag = session.cipher:encrypt(data, hkey, id, session.key)
-  if not encrypted_data then
-    if close and storage.close then
-      storage:close(id_encoded)
-    end
-
-    return nil, err
-  end
-
-  local hash
-  if tag then
-    hash = tag
-  else
-    -- it would be better to calculate signature from encrypted_data,
-    -- but this is kept for backward compatibility
-    hash = session.hmac(hkey, concat{ key, data, session.key })
-  end
-
-  if action == "save" and storage.save then
-    local ok
-    ok, err = storage:save(id_encoded, ttl, encrypted_data, close)
-    if not ok then
-      return nil, err
-    end
-  elseif close and storage.close then
-    local ok
-    ok, err = storage:close(id_encoded)
-    if not ok then
-      return nil, err
-    end
-  end
-
-  if usebefore then
-    expires = expires .. ":" .. usebefore
-  end
-
-  hash = session.encoder.encode(hash)
-
-  local cookie
-  if storage.save then
-    cookie = concat({ id_encoded, expires, hash }, "|")
-  else
-    local encoded_data = session.encoder.encode(encrypted_data)
-    cookie = concat({ id_encoded, expires, encoded_data, hash }, "|")
-  end
-
-  return cookie
-end
-
-function strategy.touch(session, close)
-  return strategy.modify(session, "touch", close)
-end
-
-function strategy.save(session, close)
-  return strategy.modify(session, "save", close)
-end
-
-function strategy.destroy(session)
-  local id = session.id
-  if id then
-    local storage = session.storage
-    if storage.destroy then
-      return storage:destroy(session.encoder.encode(id))
-    elseif storage.close then
-      return storage:close(session.encoder.encode(id))
-    end
-  end
-
-  return true
-end
-
-function strategy.close(session)
-  local id = session.id
-  if id then
-    local storage = session.storage
-    if storage.close then
-      return storage:close(session.encoder.encode(id))
-    end
-  end
-
-  return true
-end
-
-return strategy
diff --git a/server/resty/session/strategies/regenerate.lua b/server/resty/session/strategies/regenerate.lua
deleted file mode 100644
index f2a97dd..0000000
--- a/server/resty/session/strategies/regenerate.lua
+++ /dev/null
@@ -1,43 +0,0 @@
-local default = require "resty.session.strategies.default"
-
-local concat  = table.concat
-
-local strategy = {
-  regenerate = true,
-  start      = default.start,
-  destroy    = default.destroy,
-  close      = default.close,
-}
-
-local function key(source)
-  if source.usebefore then
-    return concat{ source.id, source.usebefore }
-  end
-
-  return source.id
-end
-
-function strategy.open(session, cookie, keep_lock)
-  return default.load(session, cookie, key(cookie), keep_lock)
-end
-
-function strategy.touch(session, close)
-  return default.modify(session, "touch", close, key(session))
-end
-
-function strategy.save(session, close)
-  if session.present then
-    local storage = session.storage
-    if storage.ttl then
-      storage:ttl(session.encoder.encode(session.id), session.cookie.discard, true)
-    elseif storage.close then
-      storage:close(session.encoder.encode(session.id))
-    end
-
-    session.id = session:identifier()
-  end
-
-  return default.modify(session, "save", close, key(session))
-end
-
-return strategy
author	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2024-03-01 13:03:12 +0100
committer	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2024-03-01 13:03:12 +0100
commit	97d7de9af2cb6cc3bbbcae18ada738ace7771903 (patch)
tree	a7c6221348272e82406bba446b6b00b1d1b8e608 /server/resty/session/strategies
parent	bf25efd6d3ed28266ed916c0ebe9dd3a45a4affb (diff)