52 lines
1.3 KiB
Lua
52 lines
1.3 KiB
Lua
-- Load this file in `nginx.conf`:
|
|
--
|
|
-- ```
|
|
-- server {
|
|
-- access_by_lua_file /path/to/do_access.lua;
|
|
-- …
|
|
-- }
|
|
-- ```
|
|
|
|
local nginx = require("ssso_nginx")
|
|
|
|
local req_data = nginx.class__request:current()
|
|
|
|
if req_data:is("/.well-known/webfinger")
|
|
and req_data:has_param("rel", "http://openid.net/specs/connect/1.0/issuer")
|
|
and req_data:has_param("resource")
|
|
then
|
|
-- https://openid.net/specs/openid-connect-discovery-1_0.html
|
|
local oauth2 = require("ssso_oauth2")
|
|
return oauth2.answer_oidc_webfinger(req_data)
|
|
end
|
|
|
|
local conf = require("ssso_config")
|
|
local sess = require("ssso_sessions")
|
|
local sites = require("ssso_sites")
|
|
|
|
local sso_prefix = conf.get_sso_prefix()
|
|
local auth, status = sess.get_session()
|
|
|
|
if req_data:starts_with(sso_prefix) then
|
|
|
|
-- SSO-specific URL
|
|
|
|
if req_data:starts_with(sso_prefix .. "/login") then
|
|
local login = require("ssso_login")
|
|
return login.answer_request(req_data)
|
|
elseif req_data:starts_with(sso_prefix .. "/oauth2") then
|
|
local oauth2 = require("ssso_oauth2")
|
|
return oauth2.answer_request(req_data, auth)
|
|
elseif auth then
|
|
local portal = require("ssso_portal")
|
|
return portal.answer_request(req_data, auth)
|
|
else
|
|
return nginx.redirect_to_login(req_data, status)
|
|
end
|
|
else
|
|
|
|
-- application URL
|
|
|
|
return sites.handle_request(req_data, auth)
|
|
end
|