3 Copyright 2016 Huawei Technologies Co., Ltd.
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
9 http://www.apache.org/licenses/LICENSE-2.0
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
17 auth_url = '/openoapi/auth/v1';
18 auth_token_url = auth_url..'/tokens';
19 auth_token_key = "X-Auth-Token";
20 redirect_url = "/openoui/auth/v1/login/html/login.html"
25 '/openoui/auth/v1/login/'
28 function verify_value(value)
29 if (nil == value or 0 == #value)
37 --[[checks str2 starts with str1]]--
38 function starts_with(str1, str2)
39 return string.sub(str2, 1, string.len(str1)) == str1;
42 -- Check and ignore the request if it is from auth module.--
43 function is_white_list(url)
44 for i, value in ipairs(white_list)
46 if (starts_with(value, url))
54 -- Check and ignore the request if it is from auth module.
55 -- function is_auth_request(url)
57 -- return string.sub(url, 1, string.len(auth_url)) == auth_url;
60 function set_header(tokens)
61 for key,value in pairs(tokens)
63 ngx.log (ngx.ERR, "Headers: ", key, value);
64 ngx.req.set_header(key, value);
68 --[[ validates the token with auth ]]--
69 function validate_token(tokens)
70 -- auth expects the token in header.
72 -- call auth token check url to validate.
73 local res = ngx.location.capture(auth_token_url, { method = ngx.HTTP_HEAD});
74 ngx.log (ngx.ERR, "Auth Result:", res.status);
79 return (ngx.HTTP_OK == res.status);
82 --[[ get auth token from cookies ]]--
83 function get_cookies()
84 local cookie_name = "cookie_"..auth_token_key;
85 local auth_token = ngx.var[cookie_name];
87 -- verify whether its empty or null.
88 if (verify_value(auth_token))
90 ngx.log(ngx.ERR, "token : ", auth_token );
91 tokens[auth_token_key] = auth_token;
96 function get_service_url()
98 local host = ngx.var.host;
100 local port = ":"..ngx.var.server_port;
103 if (ngx.var.https == "on")
110 local uri = ngx.var.rui;
111 --form complete service url.
112 --local complete_url = proto..host..port..url
113 local complete_url = uri;
114 local service = "?service="
115 --add arguments if any.
116 if ngx.var.args ~= nil
118 complete_url = complete_url.."?"..ngx.var.args;
120 ngx.log(ngx.ERR, "service url : ", complete_url);
121 return service..ngx.escape_uri(complete_url);
124 function redirect(url)
125 local service = get_service_url();
126 ngx.log(ngx.ERR, "redirect: ", url..service);
127 ngx.redirect(url..service);
130 ngx.log(ngx.ERR, "==============start check token===============: ");
131 local url = ngx.var.uri;
132 ngx.log(ngx.ERR, "Url : ", url);
134 -- ignore token validation if auth request.
135 if (is_white_list(url))
142 -- get auth token from cookies.
143 local auth_tokens = get_cookies();
145 -- check if auth token is empty,
146 -- redirect it to login page in that case.
147 if (nil == next(auth_tokens))
149 ngx.log(ngx.ERR, "Token Invalidate, redirect to ", redirect_url);
150 redirect(redirect_url);
154 -- validate the token with auth module.
155 -- continue if success, else redirect to login page.
156 if(validate_token(auth_tokens))
158 ngx.log(ngx.ERR, "Token Validate.");
161 redirect(redirect_url);