mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Merge branch 'logging' into logging-reloaded
This commit is contained in:
commit
7cb61f1619
3 changed files with 122 additions and 2 deletions
|
@ -416,6 +416,11 @@ if auth_header then
|
||||||
_, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
|
_, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
|
||||||
user = hlp.authenticate(user, password)
|
user = hlp.authenticate(user, password)
|
||||||
if user then
|
if user then
|
||||||
|
-- If user has no access to this URL, redirect him to the portal
|
||||||
|
if not hlp.has_access(user) then
|
||||||
|
return hlp.redirect(conf.portal_url)
|
||||||
|
end
|
||||||
|
|
||||||
hlp.set_headers(user)
|
hlp.set_headers(user)
|
||||||
|
|
||||||
-- If user has no access to this URL, redirect him to the portal
|
-- If user has no access to this URL, redirect him to the portal
|
||||||
|
|
28
helpers.lua
28
helpers.lua
|
@ -9,6 +9,12 @@ module('helpers', package.seeall)
|
||||||
|
|
||||||
local cache = ngx.shared.cache
|
local cache = ngx.shared.cache
|
||||||
local conf = config.get_config()
|
local conf = config.get_config()
|
||||||
|
local logger = require("log")
|
||||||
|
logger.outfile = "/var/log/nginx/ssowat.log"
|
||||||
|
|
||||||
|
function log(...)
|
||||||
|
logger.info(...)
|
||||||
|
end
|
||||||
|
|
||||||
-- Read a FS stored file
|
-- Read a FS stored file
|
||||||
function read_file(file)
|
function read_file(file)
|
||||||
|
@ -158,6 +164,7 @@ function set_auth_cookie(user, domain)
|
||||||
"SSOwAuthHash="..hash..cookie_str,
|
"SSOwAuthHash="..hash..cookie_str,
|
||||||
"SSOwAuthExpire="..expire..cookie_str
|
"SSOwAuthExpire="..expire..cookie_str
|
||||||
}
|
}
|
||||||
|
log("Hash "..hash.." generated for "..user.."@"..ngx.var.remote_addr)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
@ -220,6 +227,9 @@ function is_logged_in()
|
||||||
authUser..
|
authUser..
|
||||||
"|"..expireTime..
|
"|"..expireTime..
|
||||||
"|"..session_key)
|
"|"..session_key)
|
||||||
|
if hash ~= authHash then
|
||||||
|
log("Hash "..authHash.." rejected for "..user.."@"..ngx.var.remote_addr)
|
||||||
|
end
|
||||||
return hash == authHash
|
return hash == authHash
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -229,6 +239,15 @@ function is_logged_in()
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function log_access(user, app)
|
||||||
|
local key = "ACC|"..user.."|"..app
|
||||||
|
local block = cache:get(key)
|
||||||
|
if block == nil then
|
||||||
|
logger.info("ACC "..app.." by "..user.."@"..ngx.var.remote_addr)
|
||||||
|
cache:set(key, "block", 60)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
-- Check whether a user is allowed to access a URL using the `users` directive
|
-- Check whether a user is allowed to access a URL using the `users` directive
|
||||||
-- of the configuration file
|
-- of the configuration file
|
||||||
|
@ -247,7 +266,7 @@ function has_access(user, url)
|
||||||
end
|
end
|
||||||
|
|
||||||
-- Loop through user's ACLs and return if the URL is authorized.
|
-- Loop through user's ACLs and return if the URL is authorized.
|
||||||
for u, _ in pairs(conf["users"][user]) do
|
for u, app in pairs(conf["users"][user]) do
|
||||||
|
|
||||||
-- Replace the original domain by a local one if you are connected from
|
-- Replace the original domain by a local one if you are connected from
|
||||||
-- a non-global domain name.
|
-- a non-global domain name.
|
||||||
|
@ -255,7 +274,10 @@ function has_access(user, url)
|
||||||
u = string.gsub(u, conf["original_portal_domain"], conf["local_portal_domain"])
|
u = string.gsub(u, conf["original_portal_domain"], conf["local_portal_domain"])
|
||||||
end
|
end
|
||||||
|
|
||||||
if string.starts(url, string.sub(u, 1, -2)) then return true end
|
if string.starts(url, string.sub(u, 1, -2)) then
|
||||||
|
log_access(user, app)
|
||||||
|
return true
|
||||||
|
end
|
||||||
end
|
end
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
@ -307,11 +329,13 @@ function authenticate(user, password)
|
||||||
end
|
end
|
||||||
cache:add(user.."-password", password, conf["session_timeout"])
|
cache:add(user.."-password", password, conf["session_timeout"])
|
||||||
ngx.log(ngx.NOTICE, "Connected as: "..user)
|
ngx.log(ngx.NOTICE, "Connected as: "..user)
|
||||||
|
logger.info("AUTHSUCC "..user.."@"..ngx.var.remote_addr)
|
||||||
return user
|
return user
|
||||||
|
|
||||||
-- Else, the username/email or the password is wrong
|
-- Else, the username/email or the password is wrong
|
||||||
else
|
else
|
||||||
ngx.log(ngx.ERR, "Connection failed for: "..user)
|
ngx.log(ngx.ERR, "Connection failed for: "..user)
|
||||||
|
logger.info("AUTHFAIL "..user.."@"..ngx.var.remote_addr)
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
91
log.lua
Normal file
91
log.lua
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
--
|
||||||
|
-- log.lua
|
||||||
|
--
|
||||||
|
-- Copyright (c) 2016 rxi
|
||||||
|
--
|
||||||
|
-- This library is free software; you can redistribute it and/or modify it
|
||||||
|
-- under the terms of the MIT license. See LICENSE for details.
|
||||||
|
--
|
||||||
|
|
||||||
|
local log = { _version = "0.1.0" }
|
||||||
|
|
||||||
|
log.usecolor = true
|
||||||
|
log.outfile = nil
|
||||||
|
log.level = "trace"
|
||||||
|
|
||||||
|
|
||||||
|
local modes = {
|
||||||
|
{ name = "trace", color = "\27[34m", },
|
||||||
|
{ name = "debug", color = "\27[36m", },
|
||||||
|
{ name = "info", color = "\27[32m", },
|
||||||
|
{ name = "warn", color = "\27[33m", },
|
||||||
|
{ name = "error", color = "\27[31m", },
|
||||||
|
{ name = "fatal", color = "\27[35m", },
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
local levels = {}
|
||||||
|
for i, v in ipairs(modes) do
|
||||||
|
levels[v.name] = i
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
local round = function(x, increment)
|
||||||
|
increment = increment or 1
|
||||||
|
x = x / increment
|
||||||
|
return (x > 0 and math.floor(x + .5) or math.ceil(x - .5)) * increment
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
local _tostring = tostring
|
||||||
|
|
||||||
|
local tostring = function(...)
|
||||||
|
local t = {}
|
||||||
|
for i = 1, select('#', ...) do
|
||||||
|
local x = select(i, ...)
|
||||||
|
if type(x) == "number" then
|
||||||
|
x = round(x, .01)
|
||||||
|
end
|
||||||
|
t[#t + 1] = _tostring(x)
|
||||||
|
end
|
||||||
|
return table.concat(t, " ")
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
for i, x in ipairs(modes) do
|
||||||
|
local nameupper = x.name:upper()
|
||||||
|
log[x.name] = function(...)
|
||||||
|
|
||||||
|
-- Return early if we're below the log level
|
||||||
|
if i < levels[log.level] then
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
local msg = tostring(...)
|
||||||
|
local info = debug.getinfo(2, "Sl")
|
||||||
|
-- local lineinfo = info.short_src .. ":" .. info.currentline
|
||||||
|
local lineinfo = ""
|
||||||
|
|
||||||
|
-- Output to console
|
||||||
|
print(string.format("%s[%-6s%s]%s %s: %s",
|
||||||
|
log.usecolor and x.color or "",
|
||||||
|
nameupper,
|
||||||
|
os.date("%H:%M:%S"),
|
||||||
|
log.usecolor and "\27[0m" or "",
|
||||||
|
lineinfo,
|
||||||
|
msg))
|
||||||
|
|
||||||
|
-- Output to log file
|
||||||
|
if log.outfile then
|
||||||
|
local fp = io.open(log.outfile, "a")
|
||||||
|
local str = string.format("[%-6s%s] %s: %s\n",
|
||||||
|
nameupper, os.date(), lineinfo, msg)
|
||||||
|
fp:write(str)
|
||||||
|
fp:close()
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
return log
|
Loading…
Reference in a new issue