forked from nokia/kong-oidc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhandler.lua
79 lines (66 loc) · 2.26 KB
/
handler.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
local BasePlugin = require "kong.plugins.base_plugin"
local OidcHandler = BasePlugin:extend()
local utils = require("kong.plugins.oidc.utils")
local filter = require("kong.plugins.oidc.filter")
local session = require("kong.plugins.oidc.session")
local cjson = require("cjson")
OidcHandler.PRIORITY = 1000
function OidcHandler:new()
OidcHandler.super.new(self, "oidc")
end
function OidcHandler:access(config)
OidcHandler.super.access(self)
local oidcConfig = utils.get_options(config, ngx)
if filter.shouldProcessRequest(oidcConfig) then
session.configure(config)
handle(oidcConfig)
else
ngx.log(ngx.DEBUG, "OidcHandler ignoring request, path: " .. ngx.var.request_uri)
end
ngx.log(ngx.DEBUG, "OidcHandler done")
end
function handle(oidcConfig)
local response
ngx.log(ngx.DEBUG, "oidcConfig: " .. oidcConfig)
if oidcConfig.introspection_endpoint then
response = introspect(oidcConfig)
if response then
utils.injectUser(response)
end
end
if response == nil then
response = make_oidc(oidcConfig)
if response and response.user then
utils.injectUser(response.user)
ngx.req.set_header("X-Userinfo", cjson.encode(response.user))
end
end
end
function make_oidc(oidcConfig)
ngx.log(ngx.DEBUG, "OidcHandler calling authenticate, requested path: " .. ngx.var.request_uri)
local res, err = require("resty.openidc").authenticate(oidcConfig)
if err then
if oidcConfig.recovery_page_path then
ngx.log(ngx.DEBUG, "Entering recovery page: " .. oidcConfig.recovery_page_path)
ngx.redirect(oidcConfig.recovery_page_path)
end
utils.exit(500, err, ngx.HTTP_INTERNAL_SERVER_ERROR)
end
return res
end
function introspect(oidcConfig)
if utils.has_bearer_access_token() or oidcConfig.bearer_only == "yes" then
local res, err = require("resty.openidc").introspect(oidcConfig)
if err then
if oidcConfig.bearer_only == "yes" then
ngx.header["WWW-Authenticate"] = 'Bearer realm="' .. oidcConfig.realm .. '",error="' .. err .. '"'
utils.exit(ngx.HTTP_UNAUTHORIZED, err, ngx.HTTP_UNAUTHORIZED)
end
return nil
end
ngx.log(ngx.DEBUG, "OidcHandler introspect succeeded, requested path: " .. ngx.var.request_uri)
return res
end
return nil
end
return OidcHandler