/** @type {import('./nginx.d.ts')} */ /** @param {NginxHTTPRequest} request */ async function validate(request) { if (request.status !== 0) return; const token = request.variables.cookie___proxy_token; if (token == undefined) { // missing token request.return(401); return; } const cache = ngx.shared.auth_token_cache; if (cache === undefined) throw "missing shared js cache"; const requiredScope = request.variables.required_scope; if (requiredScope === undefined) throw "missing required scope variable"; let scopes = cache.get(token); if (scopes === undefined) { const subrequest = await request.subrequest(`/.nginx/scopes`, { args: `token=${token}` }); if (subrequest.status !== 200) { // invalid token return request.return(401); } scopes = subrequest.responseText.split("\n"); cache.set(token, scopes.join(",")); } else { scopes = scopes.split(","); } if (scopes.indexOf(requiredScope) === -1) { return request.return(403); } return request.return(200); } export default { validate, }