Skip to content
This repository was archived by the owner on Jan 15, 2025. It is now read-only.

feat: Validate bearer token if provided #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Validate bearer token if provided #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions nginx/conf/sites/proxy.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ server {
}

location / {
if ($http_authorization) {
access_by_lua_file lua/bearer_validation.lua;
}

access_by_lua_file lua/auth.lua;

set $reverse_proxy_host $proxy_host;
Expand Down
20 changes: 20 additions & 0 deletions nginx/lua/bearer_validation.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
local opts = {
discovery = os.getenv("OID_DISCOVERY"),
}

-- call bearer_jwt_verify to validate bearer token from openid connect
local res, err = require("resty.openidc").bearer_jwt_verify(opts)

ngx.log(ngx.INFO, tostring(res))
ngx.log(ngx.INFO, tostring(err))


if err then
ngx.status = 401
ngx.header.content_type = 'text/html';

ngx.say("There was an error while logging in: " .. err)
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end

ngx.log(ngx.INFO, "Authentication successful, setting Auth header...")