92 lines
3.0 KiB
Lua
92 lines
3.0 KiB
Lua
local json = require("json")
|
|
local sessionid = require("sessionid")
|
|
|
|
-------------------------------------------
|
|
-- Make the call to the Account Service
|
|
-------------------------------------------
|
|
|
|
local session_id = ngx.var.cookie_border_session
|
|
|
|
-- require session because the only valid scenario for arriving here is via redirect, which should have already set
|
|
-- session
|
|
if not session_id then
|
|
ngx.log(ngx.INFO, "==== access denied: no session_id")
|
|
ngx.exit(ngx.HTTP_UNAUTHORIZED)
|
|
end
|
|
ngx.log(ngx.DEBUG, "==== session_id: " .. session_id)
|
|
|
|
if not sessionid.is_valid(session_id) then
|
|
ngx.log(ngx.INFO, "==== access denied: session id invalid " .. session_id)
|
|
ngx.exit(ngx.HTTP_UNAUTHORIZED)
|
|
end
|
|
|
|
-- Retrieve original target url and derive service
|
|
local res = ngx.location.capture('/session?id=BP_URL_SID_' .. session_id)
|
|
|
|
ngx.log(ngx.DEBUG, "==== GET /session?id=BP_URL_SID_" .. session_id .. " " .. res.status)
|
|
|
|
-- Get original downstream url they were going to before being redirected
|
|
original_url = res.body
|
|
|
|
-- get service name from first part of original uri
|
|
local service_uri = string.match(original_url, "^/([^/]+)")
|
|
local service = nil
|
|
if service_uri then
|
|
ngx.log(ngx.DEBUG, "==== service uri is: " .. service_uri)
|
|
service = service_mappings[service_uri]
|
|
end
|
|
|
|
-- check service
|
|
if not service then
|
|
if not service_uri then
|
|
ngx.log(ngx.DEBUG, "==== no valid service uri provided")
|
|
else
|
|
ngx.log(ngx.DEBUG, "==== service not set for service uri: " .. service_uri)
|
|
end
|
|
ngx.redirect('/account/password')
|
|
end
|
|
|
|
ngx.req.read_body()
|
|
local args = ngx.req.get_post_args()
|
|
|
|
-- the account service expects 'e=user@example.com&p=password&t=3&s=servicename'
|
|
args['service'] = service
|
|
res = ngx.location.capture('/account', { method = ngx.HTTP_POST, body = ngx.encode_args(args) })
|
|
|
|
ngx.log(ngx.DEBUG, "==== POST /account " .. res.status .. " " .. res.body)
|
|
|
|
-- assume any 2xx is success
|
|
-- On failure, redirect to login
|
|
if res.status >= ngx.HTTP_SPECIAL_RESPONSE then
|
|
ngx.log(ngx.DEBUG, "==== Authorization against Account Service failed: " .. res.body)
|
|
ngx.redirect('/account')
|
|
end
|
|
|
|
-- parse the response body
|
|
local all_tokens_json = res.body
|
|
local all_tokens = json.decode(all_tokens_json)
|
|
|
|
-- looking for auth tokens
|
|
if not all_tokens then
|
|
ngx.log(ngx.DEBUG, "==== no tokens found, redirecting to /account")
|
|
ngx.redirect('/account')
|
|
end
|
|
|
|
-- looking for service token
|
|
if not all_tokens["service_tokens"][service] then
|
|
ngx.log(ngx.DEBUG, "==== parse failure, or service token not found, redirecting to /account")
|
|
ngx.redirect('/account')
|
|
end
|
|
|
|
-- Extract token for specific service
|
|
local auth_token = all_tokens["service_tokens"][service]
|
|
|
|
-- store all tokens in memcache via internal subrequest
|
|
local res = ngx.location.capture('/session?id=BPSID_' .. session_id ..
|
|
'&arg_exptime=' .. sessionid.EXPTIME, { body = all_tokens_json, method = ngx.HTTP_PUT })
|
|
|
|
ngx.log(ngx.DEBUG, "==== PUT /session?id=BPSID_" .. session_id ..
|
|
'&arg_exptime=' .. sessionid.EXPTIME .. " " .. res.status)
|
|
|
|
ngx.redirect(original_url)
|