[GitHub] [apisix] jenskeiner commented on a change in pull request #3263: feat: authz-keycloak plugin - Keycloak Authorization Services endpoint discovery

Wed, 13 Jan 2021 00:23:25 -0800 


jenskeiner commented on a change in pull request #3263:
URL: https://github.com/apache/apisix/pull/3263#discussion_r556338437



##########
File path: apisix/plugins/authz-keycloak.lua
##########
@@ -64,10 +66,164 @@ local _M = {
     schema = schema,
 }
 
+
 function _M.check_schema(conf)
+    if not conf.discovery and not conf.token_endpoint then
+        return false, 'Neither discovery nor token endpoint given.'
+    end
     return core.schema.check(schema, conf)
 end
 
+
+-- Retrieve value from server-wide cache, if available.
+local function authz_keycloak_cache_get(type, key)
+  local dict = ngx.shared[type]
+  local value
+  if dict then
+    value = dict:get(key)
+    if value then log.debug("cache hit: type=", type, " key=", key) end
+  end
+  return value
+end
+
+
+-- Set value in server-wide cache, if available.
+local function authz_keycloak_cache_set(type, key, value, exp)
+  local dict = ngx.shared[type]
+  if dict and (exp > 0) then
+    local success, err, forcible = dict:set(key, value, exp)
+    log.debug("cache set: success=", success, " err=", err, " forcible=", 
forcible)
+  end
+end
+
+
+-- Configure timeouts.
+local function authz_keycloak_configure_timeouts(httpc, timeout)
+  if timeout then
+    if type(timeout) == "table" then
+      httpc:set_timeouts(timeout.connect or 0, timeout.send or 0, timeout.read 
or 0)
+    else
+      httpc:set_timeout(timeout)
+    end
+  end
+end
+
+
+-- Set outgoing proxy options.
+local function authz_keycloak_configure_proxy(httpc, proxy_opts)
+  if httpc and proxy_opts and type(proxy_opts) == "table" then
+    log.debug("authz_keycloak_configure_proxy : use http proxy")
+    httpc:set_proxy_options(proxy_opts)
+  else
+    log.debug("authz_keycloak_configure_proxy : don't use http proxy")
+  end
+end
+
+
+-- Parse the JSON result from a call to the OP.
+local function authz_keycloak_parse_json_response(response, 
ignore_body_on_success)
+  local ignore_body_on_success = ignore_body_on_success or false
+
+  local err
+  local res
+
+  -- Check the response from the OP.
+  if response.status ~= 200 then
+    err = "response indicates failure, status=" .. response.status .. ", 
body=" .. response.body
+  else
+    if ignore_body_on_success then
+      return nil, nil
+    end
+
+    -- Decode the response and extract the JSON object.
+    res = cjson_s.decode(response.body)

Review comment:
       Agreed. Will fix.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to