tzssangglass commented on a change in pull request #6382: URL: https://github.com/apache/apisix/pull/6382#discussion_r813547721
########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } Review comment: `test` is not in `Attributes` of plugin docs ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() Review comment: what this for? ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" Review comment: ```suggestion url = get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" ``` ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil +end + +function _M.check_schema(conf) + local ok,err=core.schema.check(schema, conf) + if ok then + --check whether contains extra ? or / + if string.find(conf.callback_url,"?",1) then Review comment: use `ngx.re.find` is better? ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil +end + +function _M.check_schema(conf) + local ok,err=core.schema.check(schema, conf) + if ok then + --check whether contains extra ? or / + if string.find(conf.callback_url,"?",1) then + return false,"callback_url should not contain get parameters or end up with /" + else + return true,nil + end + else + return false,err + end +end + +function _M.access(conf, ctx) + log.info("hit auth-casdoor access") + local current_uri = ctx.var.uri + local session_obj_read = session.open() + -- step 1: check whether hits the callback + if get_path(current_uri) == get_path(conf.callback_url) then + local access_token,err = fetch_access_token(conf) + if access_token then + local original_url = session_obj_read.data.original_uri + if not original_url then + return 503,"no original_url found in session" + end + + local session_obj_write = session.start() + session_obj_write.data.access_token = access_token + session_obj_write:save() + ngx.redirect(original_url, 302) + return Review comment: It seems a bit strange that here return does not reverse anything, but just exits the current function? ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil +end + +function _M.check_schema(conf) + local ok,err=core.schema.check(schema, conf) + if ok then + --check whether contains extra ? or / + if string.find(conf.callback_url,"?",1) then + return false,"callback_url should not contain get parameters or end up with /" + else + return true,nil + end + else + return false,err + end +end + +function _M.access(conf, ctx) + log.info("hit auth-casdoor access") Review comment: This line looks like it's only for debugging? ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then Review comment: it's better to determine if `args` is empty ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil +end + +function _M.check_schema(conf) + local ok,err=core.schema.check(schema, conf) + if ok then + --check whether contains extra ? or / + if string.find(conf.callback_url,"?",1) then + return false,"callback_url should not contain get parameters or end up with /" + else + return true,nil + end + else + return false,err + end Review comment: ```suggestion if not ok then return false, err end --check whether contains extra ? or / local has_extra = string.find(conf.callback_url,"?",1) if has_extra then return false, "callback_url should not contain get parameters or end up with /" end return true, nil ``` is better? ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil +end + +function _M.check_schema(conf) + local ok,err=core.schema.check(schema, conf) Review comment: ```suggestion local ok, err = core.schema.check(schema, conf) ``` ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) Review comment: ```suggestion local res, err = client:request_uri( url, { method = "POST", query = { code = args.code, grant_type = "authorization_code", client_id = conf.client_id, client_secret = conf.client_secret } } ) ``` ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() Review comment: ```suggestion local args = core.request.get_uri_args(ctx) ``` and should pass `ctx` to this function ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" Review comment: ```suggestion local url = get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" ``` ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil +end + +function _M.check_schema(conf) + local ok,err=core.schema.check(schema, conf) + if ok then + --check whether contains extra ? or / + if string.find(conf.callback_url,"?",1) then + return false,"callback_url should not contain get parameters or end up with /" + else + return true,nil + end + else + return false,err + end +end + +function _M.access(conf, ctx) + log.info("hit auth-casdoor access") + local current_uri = ctx.var.uri + local session_obj_read = session.open() + -- step 1: check whether hits the callback + if get_path(current_uri) == get_path(conf.callback_url) then + local access_token,err = fetch_access_token(conf) + if access_token then + local original_url = session_obj_read.data.original_uri + if not original_url then + return 503,"no original_url found in session" Review comment: ```suggestion return 503, "no original_url found in session" ``` ########## File path: apisix/plugins/auth-casdoor.lua ########## @@ -0,0 +1,146 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local cjson = require("cjson") +local http = require("resty.http") +local session = require("resty.session") +local log = core.log +local ngx = ngx + +local plugin_name = "auth-casdoor" +local schema = { + type = "object", + properties = { + casdoor_endpoint = { type = "string" }, + client_id = { type = "string" }, + client_secret = { type = "string" }, + callback_url = { type = "string" }, + test = { type= "boolean", default = false } + }, + required = { + "callback_url", + "casdoor_endpoint", + "client_id", + "client_secret" + } +} + +local _M = { + version = 0.1, + priority = 2559, + name = plugin_name, + schema = schema, +} + +local function get_path(uri) + local without_query = uri:match("(.-)%?") or uri + return without_query:match(".-//[^/]+(/.*)") or without_query +end + +local function fetch_access_token(conf) + local args = core.request.get_uri_args() + if not args.code or not args.state then + log.err() + return nil,"failed when accessing token. Invalid code or state" + end + local client = http.new() + local url=get_path(conf.casdoor_endpoint) .. "/api/login/oauth/access_token" + + if conf.test then + url=get_path(conf.casdoor_endpoint) .. "/casdoor_fake_access_token_api" + end + + local res, err = client:request_uri( + url, + { + method = "POST", + query = { + code = args.code, + grant_type = "authorization_code", + client_id = conf.client_id, + client_secret = conf.client_secret + } + } + ) + if not res then + return nil,err + end + local data = cjson.decode(res.body) + if not data or not data.access_token then + return nil,"failed when accessing token: no access_token contained" + end + return data.access_token,nil Review comment: ```suggestion return data.access_token, nil ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
