-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathKnownUserNginxHandler.lua
115 lines (92 loc) · 3.34 KB
/
KnownUserNginxHandler.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
local iHelpers = require("KnownUserImplementationHelpers")
local knownUser = require("KnownUser")
local utils = require("Utils")
iHelpers.system.getConnectorName = function()
return "nginx-" .. ngx.config.nginx_version
end
iHelpers.json.parse = function(jsonStr)
local json = require("json")
return json.parse(jsonStr)
end
iHelpers.hash.hmac_sha256_encode = function(message, key)
local sha2 = require("sha2")
return sha2.hmac(sha2.sha256, key, message)
end
iHelpers.request.getHeader = function(name)
return ngx.req.get_headers()[name]
end
iHelpers.request.getBody = function()
ngx.req.read_body()
return ngx.req.get_body_data()
end
iHelpers.request.getUnescapedCookieValue = function(name)
local key = "cookie_" .. name
local value = ngx.var[key]
if (value ~= nil) then
return utils.urlDecode(value)
end
return value
end
iHelpers.request.getUserHostAddress = function()
return ngx.var.remote_addr
end
iHelpers.response.setCookie = function(name, value, expire, domain, isHttpOnly, isSecure)
-- lua_mod only supports 1 Set-Cookie header (because 'header' is a table).
-- So calling this method (setCookie) multiple times will not work as expected.
-- In this case final call will apply.
if (domain == nil) then
domain = ""
end
if (value == nil) then
value = ""
end
value = utils.urlEncode(value)
local expire_text = ''
if expire ~= nil and type(expire) == "number" and expire > 0 then
expire_text = '; Expires=' .. os.date("!%a, %d %b %Y %H:%M:%S GMT", expire)
end
ngx.header["Set-Cookie"] = name .. '=' .. value
.. expire_text
.. (domain ~= "" and '; Domain=' .. domain or '')
.. (isHttpOnly and '; HttpOnly' or '')
.. (isSecure and '; Secure' or '')
.. '; Path=/;'
end
iHelpers.request.getAbsoluteUri = function()
return ngx.var.scheme .. "://" .. ngx.var.http_host .. ngx.var.request_uri
end
local aHandler = {}
aHandler.handleByIntegrationConfig = function(customerId, secretKey, integrationConfigJson)
local queueitToken = ''
if (ngx.var.arg_queueittoken ~= nil) then
queueitToken = ngx.var.arg_queueittoken
end
local fullUrl = iHelpers.request.getAbsoluteUri()
local currentUrlWithoutQueueitToken = fullUrl:gsub("([\\%?%&])(" .. knownUser.QUEUEIT_TOKEN_KEY .. "=[^&]*)", "")
local validationResult = knownUser.validateRequestByIntegrationConfig(
currentUrlWithoutQueueitToken, queueitToken, integrationConfigJson, customerId, secretKey)
if (validationResult:doRedirect()) then
-- Adding no cache headers to prevent browsers to cache requests
ngx.header["Cache-Control"] = "no-cache, no-store, must-revalidate, max-age=0"
ngx.header["Pragma"] = "no-cache"
ngx.header["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
-- end
if (validationResult.isAjaxResult) then
local headerName = validationResult.getAjaxQueueRedirectHeaderKey()
ngx.header[headerName] = validationResult:getAjaxRedirectUrl()
ngx.header['Access-Control-Expose-Headers'] = headerName
else
ngx.redirect(validationResult.redirectUrl)
ngx.exit(ngx.HTTP_MOVED_TEMPORARILY)
end
else
-- Request can continue
-- - we remove queueittoken form querystring parameter to avoid sharing of user specific token
if (fullUrl ~= currentUrlWithoutQueueitToken and validationResult.actionType == "Queue") then
ngx.redirect(currentUrlWithoutQueueitToken)
ngx.exit(ngx.HTTP_MOVED_TEMPORARILY)
end
end
ngx.exit(ngx.OK)
end
return aHandler