From 37ead486462ffcc7cb6481867a557c42d9cd6dff Mon Sep 17 00:00:00 2001 From: Cristian Constantin Date: Wed, 24 Aug 2016 23:33:52 +0300 Subject: [PATCH] Implemented an OO solution for customizing the default config --- src/lua/api-gateway/validation/factory.lua | 6 +-- .../validation/oauth2/oauthTokenValidator.lua | 53 +++++++++---------- 2 files changed, 28 insertions(+), 31 deletions(-) diff --git a/src/lua/api-gateway/validation/factory.lua b/src/lua/api-gateway/validation/factory.lua index baf65b3..06d9458 100644 --- a/src/lua/api-gateway/validation/factory.lua +++ b/src/lua/api-gateway/validation/factory.lua @@ -101,9 +101,9 @@ local function _generateHmacSignature() return hmacSignatureValidator:generateSignature() end -local function _validateOAuthToken(obj) - local oauthTokenValidator = OAuthTokenValidator:new() - return oauthTokenValidator:validateRequest(obj) +local function _validateOAuthToken(config) + local oauthTokenValidator = OAuthTokenValidator:new(config) + return oauthTokenValidator:validateRequest() end local function _validateUserProfile() diff --git a/src/lua/api-gateway/validation/oauth2/oauthTokenValidator.lua b/src/lua/api-gateway/validation/oauth2/oauthTokenValidator.lua index 737865b..36f19cf 100644 --- a/src/lua/api-gateway/validation/oauth2/oauthTokenValidator.lua +++ b/src/lua/api-gateway/validation/oauth2/oauthTokenValidator.lua @@ -41,24 +41,24 @@ local BaseValidator = require "api-gateway.validation.validator" local cjson = require "cjson" -local _M = BaseValidator:new() - -local RESPONSES = { - MISSING_TOKEN = { error_code = "403010", message = "Oauth token is missing" }, - INVALID_TOKEN = { error_code = "401013", message = "Oauth token is not valid" }, - -- TOKEN_MISSMATCH is reserved for classes overwriting the isTokenValid method - TOKEN_MISSMATCH = { error_code = "401014", message = "Token not allowed in the current context" }, - SCOPE_MISMATCH = { error_code = "401015", message = "Scope mismatch" }, - UNKNOWN_ERROR = { error_code = "503010", message = "Could not validate the oauth token" } -} +local _M = BaseValidator:new({ + RESPONSES = { + MISSING_TOKEN = { error_code = "403010", message = "Oauth token is missing" }, + INVALID_TOKEN = { error_code = "401013", message = "Oauth token is not valid" }, + -- TOKEN_MISSMATCH is reserved for classes overwriting the isTokenValid method + TOKEN_MISSMATCH = { error_code = "401014", message = "Token not allowed in the current context" }, + SCOPE_MISMATCH = { error_code = "401015", message = "Scope mismatch" }, + UNKNOWN_ERROR = { error_code = "503010", message = "Could not validate the oauth token" } + } +}) --- -- Maximum time in seconds specifying how long to cache a valid token in GW's memory local LOCAL_CACHE_TTL = 60 -- Hook to override the logic verifying if a token is valid -function _M:isTokenValid(json, validation_config) - return json.valid or false, validation_config.RESPONSES.INVALID_TOKEN +function _M:isTokenValid(json) + return json.valid or false, self.RESPONSES.INVALID_TOKEN end -- override this if other checks need to be in place @@ -129,11 +129,11 @@ end -- TODO: cache invalid tokens too for a short while -- Check in the response if the token is valid -- -function _M:checkResponseFromAuth(res, cacheLookupKey, validation_config) +function _M:checkResponseFromAuth(res, cacheLookupKey) local json = cjson.decode(res.body) if json ~= nil then - local tokenValidity, error = self:isTokenValid(json, validation_config) + local tokenValidity, error = self:isTokenValid(json) if not tokenValidity and error ~= nil then return tokenValidity, error end @@ -166,16 +166,13 @@ function _M:getTokenFromCache(cacheLookupKey) return nil; end -function _M:validateOAuthToken(validation_config) - - validation_config = validation_config or {} - validation_config.RESPONSES = validation_config.RESPONSES or RESPONSES; +function _M:validateOAuthToken() local oauth_host = ngx.var.oauth_host - local oauth_token = validation_config.authtoken or ngx.var.authtoken + local oauth_token = self.authtoken or ngx.var.authtoken if oauth_token == nil or oauth_token == "" then - return validation_config.RESPONSES.MISSING_TOKEN.error_code, cjson.encode(validation_config.RESPONSES.MISSING_TOKEN) + return self.RESPONSES.MISSING_TOKEN.error_code, cjson.encode(self.RESPONSES.MISSING_TOKEN) end --1. try to get token info from the cache first ( local or redis cache ) @@ -197,9 +194,9 @@ function _M:validateOAuthToken(validation_config) -- at this point the cached token is not valid ngx.log(ngx.WARN, "Invalid OAuth Token found in cache. OAuth host=" .. tostring(oauth_host)) if (error == nil) then - error = validation_config.RESPONSES.INVALID_TOKEN + error = self.RESPONSES.INVALID_TOKEN end - error.error_code = error.error_code or validation_config.RESPONSES.INVALID_TOKEN.error_code + error.error_code = error.error_code or self.RESPONSES.INVALID_TOKEN.error_code return error.error_code, cjson.encode(error) end @@ -209,23 +206,23 @@ function _M:validateOAuthToken(validation_config) args = { authtoken = oauth_token} }) if res.status == ngx.HTTP_OK then - local tokenValidity, error = self:checkResponseFromAuth(res, cacheLookupKey, validation_config) + local tokenValidity, error = self:checkResponseFromAuth(res, cacheLookupKey) if (tokenValidity == true) then return ngx.HTTP_OK end -- at this point the token is not valid ngx.log(ngx.WARN, "Invalid OAuth Token returned. OAuth host=" .. tostring(oauth_host)) if (error == nil) then - error = validation_config.RESPONSES.INVALID_TOKEN + error = self.RESPONSES.INVALID_TOKEN end - error.error_code = error.error_code or validation_config.RESPONSES.INVALID_TOKEN.error_code + error.error_code = error.error_code or self.RESPONSES.INVALID_TOKEN.error_code return error.error_code, cjson.encode(error) end - return res.status, cjson.encode(validation_config.RESPONSES.UNKNOWN_ERROR); + return res.status, cjson.encode(self.RESPONSES.UNKNOWN_ERROR); end -function _M:validateRequest(validation_config) - return self:exitFn(self:validateOAuthToken(validation_config)) +function _M:validateRequest() + return self:exitFn(self:validateOAuthToken()) end