-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorized_callback.lua
69 lines (59 loc) · 2.63 KB
/
authorized_callback.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
-- authorized_callback.lua
-- Once the client has been authorized by the API provider in their
-- login, the provider is supposed to send the client (via redirect)
-- to this endpoint, with the same status code that we sent him at the
-- moment of the first redirect
local cjson = require 'cjson'
local ts = require 'threescale_utils'
local redis = require 'resty.redis'
local red = redis:new()
local ok, err
local params = ngx.req.get_uri_args()
if ts.required_params_present({'state', 'response_type'}, params) then
ts.connect_redis(red)
local tmp_data = ngx.var.service_id .. "#state:".. params.state
ok , err = red:exists(tmp_data)
if 0 == ok then
-- TODO: Redirect? to the initial state?
ts.missing_args("state does not exist. Probably expired")
end
ok, err = red:hgetall(tmp_data)
if not ok then
ts.error("no values for tmp_data hash: ".. ts.dump(err))
end
local client_data = red:array_to_hash(ok) -- restoring client data
local response
-- Delete the tmp_data:
red:del(tmp_data)
if params.response_type == 'code' then
local code = ts.sha1_digest(ngx.time() .. "#code:" .. client_data.client_id)
ok, err = red:hmset("c:".. client_data.client_id, {client_id = client_data.client_id,
client_secret = client_data.secret_id,
redirect_uri = client_data.redirect_uri,
access_token = client_data.access_token,
code = code,
user_id = params.username })
ok, err = red:expire("c:".. client_data.client_id, 60 * 10) -- code expires in 10 mins
response = "?code="..code .. "&state=" .. (params.state or "")
if not ok then
ngx.say("failed to hmset: ", err)
ngx.exit(ngx.HTTP_OK)
end
elseif params.response_type == 'token' then
local access_token = client_data.access_token
-- call endpoint to store token
local stored = ngx.location.capture("/_oauth/token", {method = ngx.HTTP_POST, body = "provider_key=" ..ngx.var.provider_key ..
"&app_id=".. client_data.client_id ..
"&token=".. access_token..
(params.username and "&username="..params.username or "")})
if stored.status ~= 200 then
ngx.say("Error. Unable to store access_token in 3scale")
ngx.exit(ngx.HTTP_OK)
end
response = "?access_token="..access_token
end
ngx.req.set_header("Content-Type", "application/x-www-form-urlencoded")
return ngx.redirect(client_data.redirect_uri .. response)
else
ts.missing_args("{ 'error': '".. "invalid_client_data from login form" .. "'}")
end