-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhandler.lua
70 lines (52 loc) · 1.31 KB
/
handler.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
local ACL = require("kong.plugins.base_plugin"):extend()
local cjson = require("cjson")
function ACL:new()
ACL.super.new(self, "acl-keycloak")
end
function ACL:access(plugin_conf)
ACL.super.access(self)
local whitelist = plugin_conf.whitelist
local userroles = get_user_roles()
if has_value(whitelist, userroles) then
return
else
ngx.status = 401
ngx.say("You cannot consume this service")
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
end
function has_value (tab, val)
for _, value in ipairs(tab) do
for _, val_value in ipairs(val) do
if value == val_value then
return true
end
end
end
return false
end
function mysplit(inputstr, sep)
if sep == nil then
sep = "%s"
end
local t={} ;
local i=1
for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
t[i] = str
i = i + 1
end
return t
end
function get_user_roles()
local h = ngx.req.get_headers()
for k, v in pairs(h) do
if k == 'x-userinfo' then
local user = cjson.decode(ngx.decode_base64(v))
local roles = table.concat(user["realm_access"]["roles"],",")
return mysplit(roles, ",")
end
end
return {}
end
ACL.PRIORITY = 950
return ACL