diff options
| author | mia <mia@mia.jetzt> | 2024-06-08 22:56:05 -0700 |
|---|---|---|
| committer | mia <mia@mia.jetzt> | 2024-06-08 22:56:05 -0700 |
| commit | 8cf813ff033bbc98a7dd40db6ac11e2e35c7e997 (patch) | |
| tree | a451059194cbd4ba90993ebdaced4749448ec4df /nginx/nginx.js | |
| download | asylum-8cf813ff033bbc98a7dd40db6ac11e2e35c7e997.tar.gz asylum-8cf813ff033bbc98a7dd40db6ac11e2e35c7e997.zip | |
initial commit
Diffstat (limited to 'nginx/nginx.js')
| -rw-r--r-- | nginx/nginx.js | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/nginx/nginx.js b/nginx/nginx.js new file mode 100644 index 0000000..03b2dae --- /dev/null +++ b/nginx/nginx.js @@ -0,0 +1,49 @@ +/** @type {import('./nginx.d.ts')} */ + +/** @param {NginxHTTPRequest} request */ +async function validate(request) { + if (request.status !== 0) return; + + const token = request.variables.cookie___proxy_token; + + if (token == undefined) { + // missing token + request.return(401); + return; + } + + const cache = ngx.shared.auth_token_cache; + if (cache === undefined) throw "missing shared js cache"; + + const requiredScope = request.variables.required_scope; + if (requiredScope === undefined) throw "missing required scope variable"; + + let scopes = cache.get(token); + + if (scopes === undefined) { + const subrequest = await request.subrequest(`/.nginx/scopes`, { + args: `token=${token}` + }); + + if (subrequest.status !== 200) { + // invalid token + return request.return(401); + } + + scopes = subrequest.responseText.split("\n"); + + cache.set(token, scopes.join(",")); + } else { + scopes = scopes.split(","); + } + + if (scopes.indexOf(requiredScope) === -1) { + return request.return(403); + } + + return request.return(200); +} + +export default { + validate, +} |