OAuth 2.0 implementation

.travis.yml

@@ -22,4 +22,4 @@ script:
   - "busted -o spec/busted-print.lua --coverage spec/"
   - "make lint"
 
-after_success: "luacov-coveralls -i kong"
+after_success: "luacov-coveralls -i kong"

database/migrations/cassandra/2015-06-09-170921_0.3.3.lua

@@ -0,0 +1,62 @@
+local Migration = {
+  name = "2015-06-09-170921_0.3.3",
+
+  up = function(options)
+    return [[
+      CREATE TABLE IF NOT EXISTS oauth2_credentials(
+        id uuid,
+        name text,
+        consumer_id uuid,
+        client_id text,
+        client_secret text,
+        redirect_uri text,
+        created_at timestamp,
+        PRIMARY KEY (id)
+      );
+
+      CREATE INDEX IF NOT EXISTS ON oauth2_credentials(consumer_id);
+      CREATE INDEX IF NOT EXISTS ON oauth2_credentials(client_id);
+      CREATE INDEX IF NOT EXISTS ON oauth2_credentials(client_secret);
+
+      CREATE TABLE IF NOT EXISTS oauth2_authorization_codes(
+        id uuid,
+        code text,
+        authenticated_username text,
+        authenticated_userid text,
+        scope text,
+        created_at timestamp,
+        PRIMARY KEY (id)
+      ) WITH default_time_to_live = 300;
+
+      CREATE INDEX IF NOT EXISTS ON oauth2_authorization_codes(code);
+
+      CREATE TABLE IF NOT EXISTS oauth2_tokens(
+        id uuid,
+        credential_id uuid,
+        access_token text,
+        token_type text,
+        refresh_token text,
+        expires_in int,
+        authenticated_username text,
+        authenticated_userid text,
+        scope text,
+        created_at timestamp,
+        PRIMARY KEY (id)
+      );
+
+      CREATE INDEX IF NOT EXISTS ON oauth2_tokens(access_token);
+      CREATE INDEX IF NOT EXISTS ON oauth2_tokens(refresh_token);
+
+    ]]
+  end,
+
+  down = function(options)
+    return [[
+      DROP TABLE oauth2_credentials;
+      DROP TABLE oauth2_authorization_codes;
+      DROP TABLE oauth2_tokens;
+    ]]
+  end
+}
+
+return Migration

kong-0.3.2-1.rockspec → kong-0.3.3-1.rockspec

@@ -1,9 +1,9 @@
 package = "kong"
-version = "0.3.2-1"
+version = "0.3.3-1"
 supported_platforms = {"linux", "macosx"}
 source = {
   url = "git://github.com/Mashape/kong",
-  tag = "0.3.2"
+  tag = "0.3.3"
 }
 description = {
   summary = "Kong is a scalable and customizable API Management Layer built on top of Nginx.",
@@ -101,6 +101,12 @@ build = {
     ["kong.plugins.keyauth.api"] = "kong/plugins/keyauth/api.lua",
     ["kong.plugins.keyauth.daos"] = "kong/plugins/keyauth/daos.lua",
 
+    ["kong.plugins.oauth2.handler"] = "kong/plugins/oauth2/handler.lua",
+    ["kong.plugins.oauth2.access"] = "kong/plugins/oauth2/access.lua",
+    ["kong.plugins.oauth2.schema"] = "kong/plugins/oauth2/schema.lua",
+    ["kong.plugins.oauth2.daos"] = "kong/plugins/oauth2/daos.lua",
+    ["kong.plugins.oauth2.api"] = "kong/plugins/oauth2/api.lua",
+
     ["kong.plugins.tcplog.handler"] = "kong/plugins/tcplog/handler.lua",
     ["kong.plugins.tcplog.log"] = "kong/plugins/tcplog/log.lua",
     ["kong.plugins.tcplog.schema"] = "kong/plugins/tcplog/schema.lua",

kong.yml

@@ -3,6 +3,7 @@ plugins_available:
   - ssl
   - keyauth
   - basicauth
+  - oauth2
   - ratelimiting
   - tcplog
   - udplog

kong/constants.lua

@@ -1,4 +1,4 @@
-local VERSION = "0.3.2"
+local VERSION = "0.3.3"
 
 return {
   NAME = "kong",

kong/dao/schemas_validation.lua

@@ -9,12 +9,19 @@ local POSSIBLE_TYPES = {
   string = true,
   number = true,
   boolean = true,
+  url = true,
   timestamp = true
 }
 
 local types_validation = {
   [constants.DATABASE_TYPES.ID] = function(v) return type(v) == "string" end,
   [constants.DATABASE_TYPES.TIMESTAMP] = function(v) return type(v) == "number" end,
+  ["url"] = function(v)
+    if v and type(v) == "string" then
+      local parsed_url = require("socket.url").parse(v)
+      return parsed_url and parsed_url.path and parsed_url.host and parsed_url.scheme
+    end
+  end,
   ["array"] = function(v) return utils.is_array(v) end
 }
 
@@ -151,7 +158,7 @@ function _M.validate(t, schema, is_update)
 
     -- [FUNC] Check field against a custom function only if there is no error on that field already
     if v.func and type(v.func) == "function" and (errors == nil or errors[column] == nil) then
-      local ok, err, new_fields = v.func(t[column], t)
+      local ok, err, new_fields = v.func(t[column], t, column)
       if not ok and err then
         errors = utils.add_error(errors, column, err)
       elseif new_fields then

kong/kong.lua

@@ -86,7 +86,7 @@ local function init_plugins()
   for _, v in ipairs(configuration.plugins_available) do
     local loaded, plugin_handler_mod = utils.load_module_if_exists("kong.plugins."..v..".handler")
     if not loaded then
-      error("The following plugin has been enabled in the configuration but is not installed on the system: "..v)
+      error("The following plugin has been enabled in the configuration but it is not installed on the system: "..v)
     else
       print("Loading plugin: "..v)
       table.insert(loaded_plugins, {

kong/plugins/base_plugin.lua

@@ -6,7 +6,7 @@ function BasePlugin:new(name)
 end
 
 function BasePlugin:init_worker()
-  --ngx.log(ngx.DEBUG, " executing plugin \""..self._name.."\": init_worker")
+  ngx.log(ngx.DEBUG, " executing plugin \""..self._name.."\": init_worker")
 end
 
 function BasePlugin:certificate()

kong/plugins/httplog/schema.lua

@@ -1,5 +1,5 @@
 return {
-  http_endpoint = { required = true, type = "string" },
+  http_endpoint = { required = true, type = "url" },
   method = { default = "POST", enum = { "POST", "PUT", "PATCH" } },
   timeout = { default = 10000, type = "number" },
   keepalive = { default = 60000, type = "number" }