3 Copyright 2016 2015-2016 OEPN-O. and others. All rights reserved.
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
9 http://www.apache.org/licenses/LICENSE-2.0
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
20 local auth_url = '/openoapi/auth/v1';
21 local auth_token_url = auth_url..'/tokens';
22 local auth_token_key = "X-Auth-Token";
23 local redirect_url = "/openoui/common/login.html"
28 '/openoui/common/css',
30 '/openoui/common/thirdparty',
31 '/openoui/common/i18n',
32 '/openoui/common/image',
33 '/openoui/common/login.html',
34 '/openoui/common/json'
37 local function verify_value(value)
38 if (nil == value or 0 == #value)
46 --[[checks str2 starts with str1]]--
47 local function starts_with(str1, str2)
48 return string.sub(str2, 1, string.len(str1)) == str1;
51 -- Check and ignore the request if it is from auth module.--
52 local function is_white_list(url)
53 for i, value in ipairs(white_list)
55 if (starts_with(value, url))
63 local function set_header(tokens)
64 for key,value in pairs(tokens)
66 ngx.log (ngx.ERR, "Headers: ", key, value);
67 ngx.req.set_header(key, value);
71 --[[ validates the token with auth ]]--
72 local function validate_token(tokens)
73 -- auth expects the token in header.
75 -- call auth token check url to validate.
76 local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD});
77 ngx.log (ngx.ERR, "Auth Result:", res.status);
82 return (ngx.HTTP_OK == res.status);
85 --[[ get auth token from cookies ]]--
86 local function get_cookies()
87 local cookie_name = "cookie_"..auth_token_key;
88 local auth_token = ngx.var[cookie_name];
90 -- verify whether its empty or null.
91 if (verify_value(auth_token))
93 ngx.log(ngx.ERR, "token : ", auth_token );
94 tokens[auth_token_key] = auth_token;
99 local function get_service_url()
101 local host = ngx.var.host;
103 local port = ":"..ngx.var.server_port;
106 if (ngx.var.https == "on")
113 local uri = ngx.var.uri;
114 --form complete service url.
115 --local complete_url = proto..host..port..url
116 local complete_url = uri;
117 local service = "?service="
118 --add arguments if any.
119 if ngx.var.args ~= nil
121 complete_url = complete_url.."?"..ngx.var.args;
123 ngx.log(ngx.ERR, "service url : ", complete_url);
124 return service..ngx.escape_uri(complete_url);
127 local function redirect(url)
128 local service = get_service_url();
129 ngx.log(ngx.ERR, "redirect: ", url..service);
130 ngx.redirect(url..service);
135 ngx.log(ngx.ERR, "==============start check token===============: ");
136 local url = ngx.var.uri;
137 ngx.log(ngx.ERR, "Url : ", url);
139 -- ignore token validation if auth request.
140 if (is_white_list(url))
147 -- get auth token from cookies.
148 local auth_tokens = get_cookies();
150 -- check if auth token is empty,
151 -- redirect it to login page in that case.
152 if (nil == next(auth_tokens))
154 ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url);
155 redirect(redirect_url);
159 -- validate the token with auth module.
160 -- continue if success, else redirect to login page.
161 if(validate_token(auth_tokens))
163 ngx.log(ngx.ERR, "Token Validate.");
166 redirect(redirect_url);
168 ngx.log(ngx.INFO, "running auth plugin")