Skip to content

Commit

Permalink
refactor(pdk) convert plugins to using pdk client and router functions
Browse files Browse the repository at this point in the history
  • Loading branch information
Tieske committed Oct 29, 2018
1 parent df8ff9c commit 1d5e213
Show file tree
Hide file tree
Showing 9 changed files with 100 additions and 218 deletions.
18 changes: 2 additions & 16 deletions kong/plugins/acl/groups.lua
Original file line number Diff line number Diff line change
Expand Up @@ -133,22 +133,8 @@ end
-- @return consumer_id (string), or alternatively `nil` if no consumer was
-- authenticated.
local function get_current_consumer_id()
local ctx = kong.ctx.shared
if ctx.authenticated_consumer and ctx.authenticated_consumer.id then
return ctx.authenticated_consumer.id
elseif ctx.authenticated_credential and ctx.authenticated_credential.consumer_id then
return ctx.authenticated_credential.consumer_id
end

-- TODO: only for backward compability (may be removed later)
ctx = ngx.ctx
if ctx.authenticated_consumer and ctx.authenticated_consumer.id then
return ctx.authenticated_consumer.id
elseif ctx.authenticated_credential and ctx.authenticated_credential.consumer_id then
return ctx.authenticated_credential.consumer_id
end

return nil
return (kong.client.get_consumer() or EMPTY).id or
(kong.client.get_credential() or EMPTY).consumer_id
end


Expand Down
27 changes: 5 additions & 22 deletions kong/plugins/basic-auth/access.lua
Original file line number Diff line number Diff line change
Expand Up @@ -120,16 +120,9 @@ local function set_consumer(consumer, credential)
kong.service.request.set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
kong.service.request.set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)

local shared_ctx = kong.ctx.shared
local ngx_ctx = ngx.ctx -- TODO: for bc only

shared_ctx.authenticated_consumer = consumer
ngx_ctx.authenticated_consumer = consumer
kong.client.authenticate(consumer, credential)

if credential then
shared_ctx.authenticated_credential = credential
ngx_ctx.authenticated_credential = credential

kong.service.request.set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username)
kong.service.request.clear_header(constants.HEADERS.ANONYMOUS)

Expand Down Expand Up @@ -183,20 +176,10 @@ end


function _M.execute(conf)
if conf.anonymous then
local shared_ctx = kong.ctx.shared
if shared_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ngx_ctx = ngx.ctx -- TODO: for bc only
if ngx_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end
if conf.anonymous and kong.client.get_credential() then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ok, err = do_authentication(conf)
Expand Down
44 changes: 14 additions & 30 deletions kong/plugins/hmac-auth/access.lua
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
local constants = require "kong.constants"
local sha256 = require "resty.sha256"
local hmac = require "openssl.hmac"
local openssl_hmac = require "openssl.hmac"
local utils = require "kong.tools.utils"


Expand Down Expand Up @@ -31,13 +31,13 @@ local hmac = {
return hmac_sha1(secret, data)
end,
["hmac-sha256"] = function(secret, data)
return hmac.new(secret, "sha256"):final(data)
return openssl_hmac.new(secret, "sha256"):final(data)
end,
["hmac-sha384"] = function(secret, data)
return hmac.new(secret, "sha384"):final(data)
return openssl_hmac.new(secret, "sha384"):final(data)
end,
["hmac-sha512"] = function(secret, data)
return hmac.new(secret, "sha512"):final(data)
return openssl_hmac.new(secret, "sha512"):final(data)
end,
}

Expand Down Expand Up @@ -251,16 +251,9 @@ local function set_consumer(consumer, credential)
kong.service.request.set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
kong.service.request.set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)

local shared_ctx = kong.ctx.shared
local ngx_ctx = ngx.ctx -- TODO: for bc only

shared_ctx.authenticated_consumer = consumer
ngx_ctx.authenticated_consumer = consumer
kong.client.authenticate(consumer, credential)

if credential then
shared_ctx.authenticated_credential = credential
ngx_ctx.authenticated_credential = credential

kong.service.request.set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username)
kong.service.request.clear_header(constants.HEADERS.ANONYMOUS)

Expand Down Expand Up @@ -329,10 +322,11 @@ local function do_authentication(conf)
end

-- Retrieve consumer
local consumer_cache_key = kong.db.consumers:cache_key(credential.consumer.id)
local consumer, err = kong.cache:get(consumer_cache_key, nil,
load_consumer_into_memory,
credential.consumer.id)
local consumer_cache_key, consumer
consumer_cache_key = kong.db.consumers:cache_key(credential.consumer.id)
consumer, err = kong.cache:get(consumer_cache_key, nil,
load_consumer_into_memory,
credential.consumer.id)
if err then
kong.log.err(err)
return kong.response.exit(500, { message = "An unexpected error occurred" })
Expand All @@ -348,20 +342,10 @@ local _M = {}


function _M.execute(conf)
if conf.anonymous then
local shared_ctx = kong.ctx.shared
if shared_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ngx_ctx = ngx.ctx -- TODO: for bc only
if ngx_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end
if conf.anonymous and kong.client.get_credential() then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ok, err = do_authentication(conf)
Expand Down
30 changes: 7 additions & 23 deletions kong/plugins/jwt/handler.lua
Original file line number Diff line number Diff line change
Expand Up @@ -91,17 +91,11 @@ local function set_consumer(consumer, credential, token)
kong.service.request.set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
kong.service.request.set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)

local shared_ctx = kong.ctx.shared
local ngx_ctx = ngx.ctx -- TODO: for bc only

shared_ctx.authenticated_consumer = consumer
ngx_ctx.authenticated_consumer = consumer
kong.client.authenticate(consumer, credential)

if credential then
shared_ctx.authenticated_credential = credential
shared_ctx.authenticated_jwt_token = token
ngx_ctx.authenticated_credential = credential
ngx_ctx.authenticated_jwt_token = token
kong.ctx.shared.authenticated_jwt_token = token -- TODO: wrap in a PDK function?
ngx.ctx.authenticated_jwt_token = token -- backward compatibilty only

if credential.username then
kong.service.request.set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username)
Expand Down Expand Up @@ -231,20 +225,10 @@ function JwtHandler:access(conf)
return
end

if conf.anonymous then
local shared_ctx = kong.ctx.shared
if shared_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ngx_ctx = ngx.ctx -- TODO: for bc only
if ngx_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end
if conf.anonymous and kong.client.get_credential() then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ok, err = do_authentication(conf)
Expand Down
18 changes: 6 additions & 12 deletions kong/plugins/key-auth/handler.lua
Original file line number Diff line number Diff line change
Expand Up @@ -47,12 +47,9 @@ local function set_consumer(consumer, credential)
[const.CONSUMER_USERNAME] = consumer.username,
}

kong.ctx.shared.authenticated_consumer = consumer -- forward compatibility
ngx.ctx.authenticated_consumer = consumer -- backward compatibility
kong.client.authenticate(consumer, credential)

if credential then
kong.ctx.shared.authenticated_credential = credential -- forward compatibility
ngx.ctx.authenticated_credential = credential -- backward compatibility
new_headers[const.CREDENTIAL_USERNAME] = credential.username
kong.service.request.clear_header(const.ANONYMOUS) -- in case of auth plugins concatenation

Expand Down Expand Up @@ -150,10 +147,10 @@ local function do_authentication(conf)
-----------------------------------------

-- retrieve the consumer linked to this API key, to set appropriate headers

local consumer_cache_key = kong.db.consumers:cache_key(credential.consumer.id)
local consumer, err = cache:get(consumer_cache_key, nil, load_consumer,
credential.consumer.id)
local consumer_cache_key, consumer
consumer_cache_key = kong.db.consumers:cache_key(credential.consumer.id)
consumer, err = cache:get(consumer_cache_key, nil, load_consumer,
credential.consumer.id)
if err then
kong.log.err(err)
return nil, { status = 500, message = "An unexpected error occurred" }
Expand All @@ -173,10 +170,7 @@ function KeyAuthHandler:access(conf)
return
end

-- checking both old and new ctx for backward and forward compatibility
local authenticated_credential = kong.ctx.shared.authenticated_credential
or ngx.ctx.authenticated_credential
if authenticated_credential and conf.anonymous then
if conf.anonymous and kong.client.get_credential() then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
Expand Down
33 changes: 7 additions & 26 deletions kong/plugins/ldap-auth/access.lua
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ end

local function ldap_authenticate(given_username, given_password, conf)
local is_authenticated
local err, suppressed_err, ok
local err, suppressed_err, ok, _

local sock = tcp()

Expand All @@ -63,7 +63,7 @@ local function ldap_authenticate(given_username, given_password, conf)
return false, err
end

local _, err = sock:sslhandshake(true, conf.ldap_host, conf.verify_ldap_host)
_, err = sock:sslhandshake(true, conf.ldap_host, conf.verify_ldap_host)
if err ~= nil then
return false, fmt("failed to do SSL handshake with %s:%s: %s",
conf.ldap_host, tostring(conf.ldap_port), err)
Expand Down Expand Up @@ -149,8 +149,7 @@ end


local function set_consumer(consumer, credential)
local shared_ctx = kong.ctx.shared
local ngx_ctx = ngx.ctx -- TODO: for bc only
kong.client.authenticate(consumer, credential)

if consumer then
-- this can only be the Anonymous user in this case
Expand All @@ -159,23 +158,15 @@ local function set_consumer(consumer, credential)
kong.service.request.set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)
kong.service.request.set_header(constants.HEADERS.ANONYMOUS, true)

shared_ctx.authenticated_consumer = consumer
ngx_ctx.authenticated_consumer = consumer -- TODO: for bc only

return
end

if credential then
-- here we have been authenticated by ldap
kong.service.request.set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username)

ngx_ctx.authenticated_credential = credential
end

-- in case of auth plugins concatenation, remove remnants of anonymous
shared_ctx.authenticated_consumer = nil
ngx_ctx.authenticated_consumer = nil -- TODO: for bc only

kong.service.request.clear_header(constants.HEADERS.ANONYMOUS)
kong.service.request.clear_header(constants.HEADERS.CONSUMER_ID)
kong.service.request.clear_header(constants.HEADERS.CONSUMER_CUSTOM_ID)
Expand Down Expand Up @@ -224,20 +215,10 @@ end


function _M.execute(conf)
if conf.anonymous then
local shared_ctx = kong.ctx.shared
if shared_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ngx_ctx = ngx.ctx -- TODO: for bc only
if ngx_ctx.authenticated_credential then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end
if conf.anonymous and kong.client.get_credential() then
-- we're already authenticated, and we're configured for using anonymous,
-- hence we're in a logical OR between auth methods and we're already done.
return
end

local ok, err = do_authentication(conf)
Expand Down
Loading

0 comments on commit 1d5e213

Please sign in to comment.