author | Matthew Wild <mwild1@gmail.com> |
Wed, 13 Jul 2022 11:15:43 +0100 | |
changeset 5000 | 031e0dd90f4b |
parent 3446 | 05725785e3a6 |
permissions | -rw-r--r-- |
2341
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
1 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
2 |
module:set_global(); |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
3 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
4 |
local b64_decode = require "util.encodings".base64.decode; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
5 |
local server = require "net.http.server"; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
6 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
7 |
local credentials = module:get_option_string("http_credentials", "username:secretpassword"); |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
8 |
local unauthed_endpoints = module:get_option_set("unauthenticated_http_endpoints", { "/http-bind", "/http-bind/" })._items; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
9 |
|
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
10 |
module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
11 |
local request = event_data.request; |
3446
05725785e3a6
mod_http_authentication: Allow HTTP error events to pass through (fixes #1293)
Kim Alvefur <zash@zash.se>
parents:
2341
diff
changeset
|
12 |
if event_name ~= "http-error" and request and not unauthed_endpoints[request.path] then |
2341
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
13 |
local response = event_data.response; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
14 |
local headers = request.headers; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
15 |
if not headers.authorization then |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
16 |
response.headers.www_authenticate = ("Basic realm=%q"):format(module.host.."/"..module.name); |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
17 |
return 401; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
18 |
end |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
19 |
local user_password = b64_decode(headers.authorization:match("%s(%S*)$")); |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
20 |
if user_password ~= credentials then |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
21 |
return 401; |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
22 |
end |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
23 |
end |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
24 |
return handlers(event_name, event_data); |
c6e86b74f62e
Add mod_http_authentication.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff
changeset
|
25 |
end); |