mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Move cache to Nginx shared dict
This commit is contained in:
Kload
parent
f9547b6dc8
commit
3d966ce49a
2 changed files with 39 additions and 38 deletions
76
access.lua
76
access.lua
|
|
@ -1,6 +1,8 @@
|
||||||
--
|
--
|
||||||
-- Load configuration
|
-- Load configuration
|
||||||
--
|
--
|
||||||
|
cache = ngx.shared.cache
|
||||||
|
oneweek = 60 * 60 * 24 * 7
|
||||||
cookies = {}
|
cookies = {}
|
||||||
local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing")
|
local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing")
|
||||||
local conf = json.decode(conf_file:read("*all"))
|
local conf = json.decode(conf_file:read("*all"))
|
||||||
|
|
@ -52,7 +54,7 @@ function flash (wat, message)
|
||||||
end
|
end
|
||||||
|
|
||||||
function set_auth_cookie (user, domain)
|
function set_auth_cookie (user, domain)
|
||||||
local maxAge = 60 * 60 * 24 * 7 -- 1 week
|
local maxAge = oneweek
|
||||||
local expire = ngx.req.start_time() + maxAge
|
local expire = ngx.req.start_time() + maxAge
|
||||||
local hash = ngx.md5(srvkey..
|
local hash = ngx.md5(srvkey..
|
||||||
"|" ..ngx.var.remote_addr..
|
"|" ..ngx.var.remote_addr..
|
||||||
|
|
@ -121,8 +123,9 @@ function authenticate (user, password)
|
||||||
password
|
password
|
||||||
)
|
)
|
||||||
|
|
||||||
if connected and not cache[user] then
|
cache:flush_expired()
|
||||||
cache[user] = { password=password }
|
if connected then
|
||||||
|
cache:add(user.."-password", password, oneweek)
|
||||||
end
|
end
|
||||||
|
|
||||||
return connected
|
return connected
|
||||||
|
|
@ -130,10 +133,12 @@ end
|
||||||
|
|
||||||
function set_headers (user)
|
function set_headers (user)
|
||||||
user = user or ngx.var.cookie_SSOwAuthUser
|
user = user or ngx.var.cookie_SSOwAuthUser
|
||||||
if not cache[user] then
|
if not cache:get(user.."-password") then
|
||||||
cache[user] = {}
|
flash("info", "Please log in to access to this content")
|
||||||
|
local back_url = ngx.var.scheme .. "://" .. ngx.var.http_host .. ngx.var.uri
|
||||||
|
return redirect(portal_url.."?r="..ngx.encode_base64(back_url))
|
||||||
end
|
end
|
||||||
if not cache[user]["mail"] then
|
if not cache:get(user.."-uid") then
|
||||||
ldap = lualdap.open_simple("localhost")
|
ldap = lualdap.open_simple("localhost")
|
||||||
for dn, attribs in ldap:search {
|
for dn, attribs in ldap:search {
|
||||||
base = "uid=".. user ..",ou=users,dc=yunohost,dc=org",
|
base = "uid=".. user ..",ou=users,dc=yunohost,dc=org",
|
||||||
|
|
@ -142,51 +147,48 @@ function set_headers (user)
|
||||||
attrs = {"uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"}
|
attrs = {"uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"}
|
||||||
} do
|
} do
|
||||||
for k,v in pairs(attribs) do
|
for k,v in pairs(attribs) do
|
||||||
cache[user][k] = v
|
if type(v) == "table" then
|
||||||
|
for k2,v2 in ipairs(v) do
|
||||||
|
if k2 == 1 then cache:set(user.."-"..k, v2, oneweek) end
|
||||||
|
cache:set(user.."-"..k.."|"..k2, v2, oneweek)
|
||||||
|
end
|
||||||
|
else
|
||||||
|
cache:set(user.."-"..k, v, oneweek)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
-- Set HTTP Auth header
|
-- Set HTTP Auth header
|
||||||
ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
|
ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
|
||||||
cache[user]["uid"]..":"..cache[user]["password"]
|
user..":"..cache:get(user.."-password")
|
||||||
))
|
))
|
||||||
|
|
||||||
-- Set Additional headers
|
-- Set Additional headers
|
||||||
for k, v in pairs(conf["additional_headers"]) do
|
for k, v in pairs(conf["additional_headers"]) do
|
||||||
ngx.req.set_header(k, cache[user][v])
|
ngx.req.set_header(k, cache:get(user.."-"..v))
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
function get_mails(user)
|
function get_mails(user)
|
||||||
local mails = { mail = "", mailalias = {}, maildrop = {} }
|
local mails = { mail = "", mailalias = {}, maildrop = {} }
|
||||||
if type(cache[user]["mail"]) == "table" then
|
if cache:get(user.."-mail|2") then
|
||||||
mails["mail"] = cache[user]["mail"][1]
|
for _, v in ipairs({2, 3, 4, 5, 6, 7, 8, 9, 10}) do
|
||||||
for k, mail in ipairs(cache[user]["mail"]) do
|
table.insert(mails["mailalias"], cache:get(user.."-mail|"..v))
|
||||||
if k ~= 1 then table.insert(mails["mailalias"], mail) end
|
|
||||||
end
|
end
|
||||||
else
|
|
||||||
mails["mail"] = cache[user]["mail"]
|
|
||||||
end
|
end
|
||||||
if type(cache[user]["maildrop"]) == "table" then
|
mails["mail"] = cache:get(user.."-mail")
|
||||||
for k, mail in ipairs(cache[user]["maildrop"]) do
|
if cache:get(user.."-maildrop|2") then
|
||||||
if k ~= 1 then table.insert(mails["maildrop"], mail) end
|
for _, v in ipairs({2, 3, 4, 5, 6, 7, 8, 9, 10}) do
|
||||||
|
table.insert(mails["maildrop"], cache:get(user.."-maildrop|"..v))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
return mails
|
return mails
|
||||||
end
|
end
|
||||||
|
|
||||||
function get_domains()
|
function get_domains()
|
||||||
local domains = {}
|
local domains = conf["domains"]
|
||||||
ldap = lualdap.open_simple("localhost")
|
|
||||||
for dn, attribs in ldap:search {
|
|
||||||
base = "ou=domains,dc=yunohost,dc=org",
|
|
||||||
scope = "onelevel",
|
|
||||||
attrs = {"virtualdomain"}
|
|
||||||
} do
|
|
||||||
table.insert(domains, attribs["virtualdomain"])
|
|
||||||
end
|
|
||||||
return domains
|
return domains
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -271,10 +273,10 @@ function get_data_for(view)
|
||||||
|
|
||||||
local mails = get_mails(user)
|
local mails = get_mails(user)
|
||||||
data = {
|
data = {
|
||||||
title = cache[user]["uid"].." <small>"..cache[user]["cn"].."</small>",
|
title = user.." <small>"..cache:get(user.."-cn").."</small>",
|
||||||
connected = true,
|
connected = true,
|
||||||
uid = cache[user]["uid"],
|
uid = user,
|
||||||
cn = cache[user]["cn"],
|
cn = cache:get(user.."-cn"),
|
||||||
mail = mails["mail"],
|
mail = mails["mail"],
|
||||||
mailalias = mails["mailalias"],
|
mailalias = mails["mailalias"],
|
||||||
maildrop = mails["maildrop"]
|
maildrop = mails["maildrop"]
|
||||||
|
|
@ -294,9 +296,9 @@ function get_data_for(view)
|
||||||
data = {
|
data = {
|
||||||
title = "Edit "..user,
|
title = "Edit "..user,
|
||||||
connected = true,
|
connected = true,
|
||||||
uid = cache[user]["uid"],
|
uid = user,
|
||||||
sn = cache[user]["sn"],
|
sn = cache:get(user.."-sn"),
|
||||||
givenName = cache[user]["givenName"],
|
givenName = cache:get(user.."-givenName"),
|
||||||
mail = mails["mail"],
|
mail = mails["mail"],
|
||||||
mailalias = mails["mailalias"],
|
mailalias = mails["mailalias"],
|
||||||
maildrop = mails["maildrop"]
|
maildrop = mails["maildrop"]
|
||||||
|
|
@ -321,7 +323,7 @@ function do_edit ()
|
||||||
-- Change password
|
-- Change password
|
||||||
if string.ends(ngx.var.uri, "password.html") then
|
if string.ends(ngx.var.uri, "password.html") then
|
||||||
if args.currentpassword
|
if args.currentpassword
|
||||||
and args.currentpassword == cache[user]["password"]
|
and args.currentpassword == cache:get(user.."-password")
|
||||||
then
|
then
|
||||||
if args.newpassword == args.confirm then
|
if args.newpassword == args.confirm then
|
||||||
local dn = "uid="..user..",ou=users,dc=yunohost,dc=org"
|
local dn = "uid="..user..",ou=users,dc=yunohost,dc=org"
|
||||||
|
|
@ -329,7 +331,7 @@ function do_edit ()
|
||||||
local password = "{SHA}"..ngx.encode_base64(ngx.sha1_bin(args.newpassword))
|
local password = "{SHA}"..ngx.encode_base64(ngx.sha1_bin(args.newpassword))
|
||||||
if ldap:modify(dn, {'=', userPassword = password }) then
|
if ldap:modify(dn, {'=', userPassword = password }) then
|
||||||
flash("win", "Password successfully changed")
|
flash("win", "Password successfully changed")
|
||||||
cache[user]["password"] = args.newpassword
|
cache:set(user.."-password", args.newpassword, oneweek)
|
||||||
return redirect(portal_url.."info.html")
|
return redirect(portal_url.."info.html")
|
||||||
else
|
else
|
||||||
flash("fail", "An error occured on password changing")
|
flash("fail", "An error occured on password changing")
|
||||||
|
|
@ -392,7 +394,7 @@ function do_edit ()
|
||||||
table.insert(maildrop, 1, user)
|
table.insert(maildrop, 1, user)
|
||||||
|
|
||||||
local dn = "uid="..user..",ou=users,dc=yunohost,dc=org"
|
local dn = "uid="..user..",ou=users,dc=yunohost,dc=org"
|
||||||
local ldap = lualdap.open_simple("localhost", dn, cache[user]["password"])
|
local ldap = lualdap.open_simple("localhost", dn, cache:get(user.."-password"))
|
||||||
local cn = args.givenName.." "..args.sn
|
local cn = args.givenName.." "..args.sn
|
||||||
if ldap:modify(dn, {'=', cn = cn,
|
if ldap:modify(dn, {'=', cn = cn,
|
||||||
gecos = cn,
|
gecos = cn,
|
||||||
|
|
@ -401,7 +403,7 @@ function do_edit ()
|
||||||
mail = mailalias,
|
mail = mailalias,
|
||||||
maildrop = maildrop })
|
maildrop = maildrop })
|
||||||
then
|
then
|
||||||
cache[user]["mail"] = nil
|
cache:delete(user.."-uid")
|
||||||
set_headers(user) -- Ugly trick to reload cache
|
set_headers(user) -- Ugly trick to reload cache
|
||||||
flash("win", "Informations updated")
|
flash("win", "Informations updated")
|
||||||
return redirect(portal_url.."info.html")
|
return redirect(portal_url.."info.html")
|
||||||
|
|
|
||||||
1
init.lua
1
init.lua
|
|
@ -15,7 +15,6 @@ math.randomseed(os.time())
|
||||||
srvkey = math.random(1111111, 9999999)
|
srvkey = math.random(1111111, 9999999)
|
||||||
|
|
||||||
-- Shared table
|
-- Shared table
|
||||||
cache = {}
|
|
||||||
flashs = {}
|
flashs = {}
|
||||||
login = {}
|
login = {}
|
||||||
logout = {}
|
logout = {}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue