From 84015149b933078496b132474c008692ea3ff30f Mon Sep 17 00:00:00 2001 From: kload Date: Mon, 2 Feb 2015 00:05:09 +0100 Subject: [PATCH] [enh] Separate configuration file loading to a new file and document it --- access.lua | 706 +++---------------------------------------------- config.lua | 99 +++++++ debian/install | 1 + helpers.lua | 1 - init.lua | 14 +- 5 files changed, 143 insertions(+), 678 deletions(-) create mode 100644 config.lua diff --git a/access.lua b/access.lua index 7085c54..a545d27 100644 --- a/access.lua +++ b/access.lua @@ -1,684 +1,33 @@ -- --- Load configuration +-- access.lua -- -cache = ngx.shared.cache -srvkey = cache:get("srvkey") -if not srvkey then - math.randomseed(os.time()) - srvkey = tostring(math.random(1111111, 9999999)) - cache:add("srvkey", srvkey) -end +-- This file is executed at every request on a protected domain or server. +-- You just have to read this file normally to understand how and when the +-- request is handled: redirected, forbidden, bypassed or served. +-- + + +-- Initialize configuration +require "config" + +-- Initialize the non-persistent cookie table cookies = {} -lang = ngx.req.get_headers()["Accept-Language"] -if lang then - lang = string.sub(lang, 1, 2) -end --- Load conf file -local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing") -local conf = json.decode(conf_file:read("*all")) +-- Import helpers +hlp = require "helpers" --- Load additional rules -local persistent_conf_file = io.open(conf_path..".persistent", "r") -if persistent_conf_file ~= nil then - for k, v in pairs(json.decode(persistent_conf_file:read("*all"))) do - -- If key already exists and is a table, merge it - if conf[k] and type(v) == "table" then - for subk, subv in pairs(v) do - if type(subk) == "number" then - table.insert(conf[k], subv) - else - conf[k][subk] = subv - end - end - else - conf[k] = v - end - end -end - --- Default configuration values -default_conf = { - portal_scheme = "https", - portal_path = "/ssowat", - local_portal_domain = "yunohost.local", - domains = { conf["portal_domain"], "yunohost.local" }, - session_timeout = 60 * 60 * 24, -- one day - session_max_timeout = 60 * 60 * 24 * 7, -- one week - login_arg = "sso_login", - ldap_host = "localhost", - ldap_group = "ou=users,dc=yunohost,dc=org", - ldap_identifier = "uid", - ldap_attributes = {"uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"}, - allow_mail_authentication = true, - default_language = "en" -} - -for param, default_value in pairs(default_conf) do - conf[param] = conf[param] or default_value -end - -if ngx.var.host == conf["local_portal_domain"] then - conf["original_portal_domain"] = conf["portal_domain"] - conf["portal_domain"] = conf["local_portal_domain"] -end - -local portal_url = conf["portal_scheme"].."://".. - conf["portal_domain"].. - conf["portal_path"] -table.insert(conf["skipped_urls"], conf["portal_domain"]..conf["portal_path"]) - --- Dummy intructions +-- Just a note for the client to know that he passed through the SSO ngx.header["X-SSO-WAT"] = "You've just been SSOed" -- --- Useful functions +-- 1. LOGIN -- -function read_file(file) - local f = io.open(file, "rb") - if not f then return false end - local content = f:read("*all") - f:close() - return content -end - -function is_in_table (t, v) - for key, value in ipairs(t) do - if value == v then return key end - end -end - -function string.starts (String, Start) - return string.sub(String, 1, string.len(Start)) == Start -end - -function string.ends (String, End) - return End=='' or string.sub(String, -string.len(End)) == End -end - -function t (key) - if lang and i18n[lang] then - return i18n[lang][key] or "" - else - return i18n[conf["default_language"]][key] or "" - end -end - -function cook (cookie_str) - table.insert(cookies, cookie_str) -end - -function flash (wat, message) - if wat == "fail" - or wat == "win" - or wat == "info" - then - flashs[wat] = message - end -end - -function uri_args_string (args) - if not args then - args = ngx.req.get_uri_args() - end - String = "?" - for k,v in pairs(args) do - String = String..tostring(k).."="..tostring(v).."&" - end - return string.sub(String, 1, string.len(String) - 1) -end - -function set_auth_cookie (user, domain) - local maxAge = conf["session_max_timeout"] - local expire = ngx.req.start_time() + maxAge - local session_key = cache:get("session_"..user) - if not session_key then - session_key = tostring(math.random(1111111, 9999999)) - cache:add("session_"..user, session_key, conf["session_max_timeout"]) - end - local hash = ngx.md5(srvkey.. - "|" ..ngx.var.remote_addr.. - "|"..user.. - "|"..expire.. - "|"..session_key) - local cookie_str = "; Domain=."..domain.. - "; Path=/".. - "; Max-Age="..maxAge - cook("SSOwAuthUser="..user..cookie_str) - cook("SSOwAuthHash="..hash..cookie_str) - cook("SSOwAuthExpire="..expire..cookie_str) -end - -function delete_cookie () - expired_time = "Thu, Jan 01 1970 00:00:00 UTC;" - for _, domain in ipairs(conf["domains"]) do - local cookie_str = "; Domain=."..domain.. - "; Path=/".. - "; Max-Age="..expired_time - cook("SSOwAuthUser=;" ..cookie_str) - cook("SSOwAuthHash=;" ..cookie_str) - cook("SSOwAuthExpire=;" ..cookie_str) - end -end - -function delete_redirect_cookie () - expired_time = "Thu, Jan 01 1970 00:00:00 UTC;" - local cookie_str = "; Path="..conf["portal_path"].. - "; Max-Age="..expired_time - cook("SSOwAuthRedirect=;" ..cookie_str) -end - -function is_logged_in () - - -- Check if cookie is set - if ngx.var.cookie_SSOwAuthExpire and ngx.var.cookie_SSOwAuthExpire ~= "" - and ngx.var.cookie_SSOwAuthHash and ngx.var.cookie_SSOwAuthHash ~= "" - and ngx.var.cookie_SSOwAuthUser and ngx.var.cookie_SSOwAuthUser ~= "" - then - -- Check expire time - if (ngx.req.start_time() <= tonumber(ngx.var.cookie_SSOwAuthExpire)) then - -- Check hash - local session_key = cache:get("session_"..ngx.var.cookie_SSOwAuthUser) - if session_key and session_key ~= "" then - -- Check cache - if cache:get(ngx.var.cookie_SSOwAuthUser.."-password") then - local hash = ngx.md5(srvkey.. - "|"..ngx.var.remote_addr.. - "|"..ngx.var.cookie_SSOwAuthUser.. - "|"..ngx.var.cookie_SSOwAuthExpire.. - "|"..session_key) - return hash == ngx.var.cookie_SSOwAuthHash - end - end - end - end - - return false -end - -function has_access (user, url) - user = user or ngx.var.cookie_SSOwAuthUser - url = url or ngx.var.host..ngx.var.uri - if not conf["users"] or not conf["users"][user] then - return true - end - for u, _ in pairs(conf["users"][user]) do - if ngx.var.host == conf["local_portal_domain"] then - u = string.gsub(u, conf["original_portal_domain"], conf["local_portal_domain"]) - end - if string.starts(url, string.sub(u, 1, -2)) then return true end - end - return false -end - -function authenticate (user, password) - if conf["allow_mail_authentication"] and string.find(user, "@") then - ldap = lualdap.open_simple(conf["ldap_host"]) - for dn, attribs in ldap:search { - base = conf["ldap_group"], - scope = "onelevel", - sizelimit = 1, - filter = "(mail="..user..")", - attrs = {conf["ldap_identifier"]} - } do - if attribs[conf["ldap_identifier"]] then - ngx.log(ngx.NOTICE, "Use email: "..user) - user = attribs[conf["ldap_identifier"]] - else - ngx.log(ngx.ERR, "Unknown email: "..user) - return false - end - end - ldap:close() - end - connected = lualdap.open_simple ( - conf["ldap_host"], - conf["ldap_identifier"].."=".. user ..","..conf["ldap_group"], - password - ) - - cache:flush_expired() - if connected then - cache:add(user.."-password", password, conf["session_timeout"]) - ngx.log(ngx.NOTICE, "Connected as: "..user) - return user - else - ngx.log(ngx.ERR, "Connection failed for: "..user) - return false - end -end - -function set_headers (user) - if ngx.var.scheme ~= "https" then - return redirect("https://"..ngx.var.host..ngx.var.uri..uri_args_string()) - end - user = user or ngx.var.cookie_SSOwAuthUser - if not cache:get(user.."-password") then - flash("info", t("please_login")) - local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. uri_args_string() - return redirect(portal_url.."?r="..ngx.encode_base64(back_url)) - end - if not cache:get(user.."-"..conf["ldap_identifier"]) then - ldap = lualdap.open_simple(conf["ldap_host"]) - ngx.log(ngx.NOTICE, "Reloading LDAP values for: "..user) - for dn, attribs in ldap:search { - base = conf["ldap_identifier"].."=".. user ..","..conf["ldap_group"], - scope = "base", - sizelimit = 1, - attrs = conf["ldap_attributes"] - } do - for k,v in pairs(attribs) do - if type(v) == "table" then - for k2,v2 in ipairs(v) do - if k2 == 1 then cache:set(user.."-"..k, v2, conf["session_timeout"]) end - cache:set(user.."-"..k.."|"..k2, v2, conf["session_max_timeout"]) - end - else - cache:set(user.."-"..k, v, conf["session_timeout"]) - end - end - end - else - -- Revalidate session for another day by default - password = cache:get(user.."-password") - cache:set(user.."-password", password, conf["session_timeout"]) - end - - -- Set HTTP Auth header - ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64( - user..":"..cache:get(user.."-password") - )) - - -- Set Additional headers - for k, v in pairs(conf["additional_headers"]) do - ngx.req.set_header(k, cache:get(user.."-"..v)) - end - -end - -function get_mails(user) - local mails = { mail = "", mailalias = {}, maildrop = {} } - -- default mail - mails["mail"] = cache:get(user.."-mail") - - -- mail aliases - if cache:get(user.."-mail|2") then - local i = 2 - while cache:get(user.."-mail|"..i) do - table.insert(mails["mailalias"], cache:get(user.."-mail|"..i)) - i = i + 1 - end - end - - -- mail forward - if cache:get(user.."-maildrop|2") then - local i = 2 - while cache:get(user.."-maildrop|"..i) do - table.insert(mails["maildrop"], cache:get(user.."-maildrop|"..i)) - i = i + 1 - end - end - return mails -end - --- Yo dawg -function serve(uri) - rel_path = string.gsub(uri, conf["portal_path"], "/") - - -- Load login.html as index - if rel_path == "/" then - if is_logged_in() then - rel_path = "/info.html" - else - rel_path = "/login.html" - end - end - - -- Access to directory root: forbidden - if string.ends(rel_path, "/") then - return ngx.exit(ngx.HTTP_FORBIDDEN) - end - - -- Try to get file content - local content = read_file(script_path.."portal"..rel_path) - if not content then - return ngx.exit(ngx.HTTP_NOT_FOUND) - end - - -- Extract file extension - _, file, ext = string.match(rel_path, "(.-)([^\\/]-%.?([^%.\\/]*))$") - - -- Associate to MIME type - mime_types = { - html = "text/html", - ms = "text/html", - js = "text/javascript", - map = "text/javascript", - css = "text/css", - gif = "image/gif", - jpg = "image/jpeg", - png = "image/png", - svg = "image/svg+xml", - ico = "image/vnd.microsoft.icon", - woff = "application/x-font-woff", - json = "application/json" - } - - -- Set Content-Type - if mime_types[ext] then - ngx.header["Content-Type"] = mime_types[ext] - else - ngx.header["Content-Type"] = "text/plain" - end - - -- Render as mustache - if ext == "html" then - local data = get_data_for(file) - local rendered = hige.render(read_file(script_path.."portal/header.ms"), data) - rendered = rendered..hige.render(content, data) - content = rendered..hige.render(read_file(script_path.."portal/footer.ms"), data) - elseif ext == "ms" then - local data = get_data_for(file) - content = hige.render(content, data) - elseif ext == "json" then - local data = get_data_for(file) - content = json.encode(data) - end - - -- Reset flash messages - flashs["fail"] = nil - flashs["win"] = nil - flashs["info"] = nil - - -- Ain't nobody got time for cache - ngx.header["Cache-Control"] = "no-cache" - ngx.say(content) - return ngx.exit(ngx.HTTP_OK) -end - -function get_data_for(view) - local user = ngx.var.cookie_SSOwAuthUser - local data = {} - - if view == "login.html" then - data = { - title = t("login"), - connected = false - } - - elseif view == "info.html" - or view == "edit.html" - or view == "password.html" - or view == "ynhpanel.json" then - set_headers(user) - - local mails = get_mails(user) - data = { - connected = true, - portal_url = portal_url, - uid = user, - cn = cache:get(user.."-cn"), - sn = cache:get(user.."-sn"), - givenName = cache:get(user.."-givenName"), - mail = mails["mail"], - mailalias = mails["mailalias"], - maildrop = mails["maildrop"], - app = {} - } - - for url, name in pairs(conf["users"][user]) do - if ngx.var.host == conf["local_portal_domain"] then - url = string.gsub(url, conf["original_portal_domain"], conf["local_portal_domain"]) - end - table.insert(data["app"], { url = url, name = name }) - end - end - - -- View translation (use "t_key") - if lang and i18n[lang] then - translate_table = i18n[lang] - else - translate_table = i18n[conf["default_language"]] - end - for k, v in pairs(translate_table) do - data["t_"..k] = v - end - - data['flash_fail'] = {flashs["fail"]} - data['flash_win'] = {flashs["win"] } - data['flash_info'] = {flashs["info"]} - return data -end - -function do_edit () - ngx.req.read_body() - local args = ngx.req.get_post_args() - - if is_logged_in() and args - then - ngx.status = ngx.HTTP_CREATED - local user = ngx.var.cookie_SSOwAuthUser - - -- Change password - if string.ends(ngx.var.uri, "password.html") then - if args.currentpassword - and args.currentpassword == cache:get(user.."-password") - then - if args.newpassword == args.confirm then - local dn = conf["ldap_identifier"].."="..user..","..conf["ldap_group"] - local ldap = lualdap.open_simple(conf["ldap_host"], dn, args.currentpassword) - local password = "{SHA}"..ngx.encode_base64(ngx.sha1_bin(args.newpassword)) - if ldap:modify(dn, {'=', userPassword = password }) then - flash("win", t("password_changed")) - cache:set(user.."-password", args.newpassword, conf["session_timeout"]) - return redirect(portal_url.."info.html") - else - flash("fail", t("password_changed_error")) - end - else - flash("fail", t("password_not_match")) - end - else - flash("fail", t("wrong_current_password")) - end - return redirect(portal_url.."password.html") - - -- Edit user information - elseif string.ends(ngx.var.uri, "edit.html") then - if args.givenName and args.sn and args.mail then - - local mailalias = {} - if args["mailalias[]"] then - if type(args["mailalias[]"]) == "string" then - args["mailalias[]"] = {args["mailalias[]"]} - end - mailalias = args["mailalias[]"] - end - - local maildrop = {} - if args["maildrop[]"] then - if type(args["maildrop[]"]) == "string" then - args["maildrop[]"] = {args["maildrop[]"]} - end - maildrop = args["maildrop[]"] - end - - local mail_pattern = "[A-Za-z0-9%.%%%+%-]+@[A-Za-z0-9%.%%%+%-]+%.%w%w%w?%w?" - - -- Limit domains per user - local domains = {} - local ldap = lualdap.open_simple(conf["ldap_host"]) - for dn, attribs in ldap:search { - base = conf["ldap_group"], - scope = "onelevel", - sizelimit = 1, - filter = "(uid="..user..")", - attrs = {"mail"} - } do - for _, domain in ipairs(conf["domains"]) do - for k, mail in ipairs(attribs["mail"]) do - if string.ends(mail, "@"..domain) then - if not is_in_table(domains, domain) then - table.insert(domains, domain) - end - end - end - end - end - ldap:close() - - local mails = {} - local filter = "(|" - table.insert(mailalias, 1, args.mail) - for k, mail in ipairs(mailalias) do - if mail ~= "" then - if not mail:match(mail_pattern) then - flash("fail", t("invalid_mail")..": "..mail) - return redirect(portal_url.."edit.html") - else - local domain_valid = false - for _, domain in ipairs(domains) do - if string.ends(mail, "@"..domain) then - domain_valid = true - break - end - end - if domain_valid then - table.insert(mails, mail) - filter = filter.."(mail="..mail..")" - else - flash("fail", t("invalid_domain").." "..mail) - return redirect(portal_url.."edit.html") - end - end - end - end - filter = filter..")" - - local drops = {} - for k, mail in ipairs(maildrop) do - if mail ~= "" then - if not mail:match(mail_pattern) then - flash("fail", t("invalid_mailforward")..": "..mail) - return redirect(portal_url.."edit.html") - end - table.insert(drops, mail) - end - end - table.insert(drops, 1, user) - - local dn = conf["ldap_identifier"].."="..user..","..conf["ldap_group"] - local ldap = lualdap.open_simple(conf["ldap_host"], dn, cache:get(user.."-password")) - local cn = args.givenName.." "..args.sn - for dn, attribs in ldap:search { - base = conf["ldap_group"], - scope = "onelevel", - filter = filter, - attrs = {conf["ldap_identifier"], "mail"} - } do - ngx.log(4, filter) - ngx.log(4, attribs[conf["ldap_identifier"]]) - if attribs[conf["ldap_identifier"]] and attribs[conf["ldap_identifier"]] ~= user then - if type(attribs["mail"]) == "string" then - attribs["mail"] = {attribs["mail"]} - end - for _, mail in ipairs(attribs["mail"]) do - if is_in_table(mails, mail) then - flash("fail", t("mail_already_used").." "..mail) - end - end - return redirect(portal_url.."edit.html") - end - end - if ldap:modify(dn, {'=', cn = cn, - givenName = args.givenName, - sn = args.sn, - mail = mails, - maildrop = drops }) - then - cache:delete(user.."-"..conf["ldap_identifier"]) - local i = 2 - while cache:get(user.."-mail|"..i) do - cache:delete(user.."-mail|"..i) - i = i + 1 - end - local i = 2 - while cache:get(user.."-maildrop|"..i) do - cache:delete(user.."-maildrop|"..i) - i = i + 1 - end - set_headers(user) -- Ugly trick to reload cache - flash("win", t("information_updated")) - return redirect(portal_url.."info.html") - else - flash("fail", t("user_saving_fail")) - end - else - flash("fail", t("missing_required_fields")) - end - return redirect(portal_url.."edit.html") - end - end -end - -function do_login () - ngx.req.read_body() - local args = ngx.req.get_post_args() - local uri_args = ngx.req.get_uri_args() - - user = authenticate(args.user, args.password) - if user then - ngx.status = ngx.HTTP_CREATED - set_auth_cookie(user, ngx.var.host) - if uri_args.r then - return redirect(portal_url.."?r="..uri_args.r) - else - return redirect(portal_url) - end - else - ngx.status = ngx.HTTP_UNAUTHORIZED - flash("fail", t("wrong_username_password")) - return redirect(portal_url) - end -end - -function do_logout() - local args = ngx.req.get_uri_args() - if is_logged_in() then - cache:delete("session_"..ngx.var.cookie_SSOwAuthUser) - cache:delete(ngx.var.cookie_SSOwAuthUser.."-"..conf["ldap_identifier"]) -- Ugly trick to reload cache - flash("info", t("logged_out")) - return redirect(portal_url) - end -end - -function redirect (url) - ngx.header["Set-Cookie"] = cookies - ngx.log(ngx.INFO, "Redirect to: "..url) - return ngx.redirect(url) -end - -function pass () - delete_redirect_cookie() - ngx.req.set_header("Set-Cookie", cookies) - if string.ends(ngx.var.uri, "/") - or string.ends(ngx.var.uri, ".html") - or string.ends(ngx.var.uri, ".htm") - then - ngx.header["Content-Type"] = "text/html" - end - return -end - - --------------------------------------------------- --- Routing +-- example: https://mydomain.org/?sso_login=a6e5320f +-- +-- If the `sso_login` URI argument is set, try a cross-domain authentication +-- with the token passed as argument -- - --- Logging in --- i.e. http://mydomain.org/?sso_login=a6e5320f - if ngx.var.host ~= conf["portal_domain"] and ngx.var.request_method == "GET" then uri_args = ngx.req.get_uri_args() if uri_args[conf.login_arg] then @@ -694,9 +43,14 @@ if ngx.var.host ~= conf["portal_domain"] and ngx.var.request_method == "GET" the end --- Portal --- i.e. http://mydomain.org/ssowat/* - +-- +-- 2. PORTAL +-- +-- example: https://mydomain.org/ssowat* +-- +-- If the URL matches the portal URL, serve a portal file or proceed to a +-- portal operations +-- if ngx.var.host == conf["portal_domain"] and string.starts(ngx.var.uri, string.sub(conf["portal_path"], 1, -2)) then @@ -707,7 +61,7 @@ then return redirect(portal_url) end - -- http://mydomain.org/ssowat + -- Add a trailing `/` if not present if ngx.var.uri.."/" == conf["portal_path"] then return redirect(portal_url) end @@ -754,9 +108,9 @@ then if string.ends(ngx.var.uri, conf["portal_path"].."password.html") or string.ends(ngx.var.uri, conf["portal_path"].."edit.html") then - return do_edit() + return post_edit() else - return do_login() + return post_login() end else -- Redirect to portal diff --git a/config.lua b/config.lua new file mode 100644 index 0000000..dd210ca --- /dev/null +++ b/config.lua @@ -0,0 +1,99 @@ +-- +-- config.lua +-- +-- This file loads the configuration from config files or default values. +-- + + +-- Get the `cache` persistent shared table +cache = ngx.shared.cache + + +-- Generate a unique token if it has not been generated yet +srvkey = cache:get("srvkey") +if not srvkey then + math.randomseed(os.time()) + srvkey = tostring(math.random(1111111, 9999999)) + cache:add("srvkey", srvkey) +end + + +-- Set the prefered language from the `Accept-Language` header +lang = ngx.req.get_headers()["Accept-Language"] + +if lang then + lang = string.sub(lang, 1, 2) +end + + +-- Load the configuration file +local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing") +local conf = json.decode(conf_file:read("*all")) + + +-- Load additional rules from the `.persistent` configuration file. +-- The `.persistent` file contains rules that will overwrite previous rules. +-- It typically enables you to set custom rules. +local persistent_conf_file = io.open(conf_path..".persistent", "r") +if persistent_conf_file ~= nil then + for k, v in pairs(json.decode(persistent_conf_file:read("*all"))) do + + -- If the configuration key already exists and is a table, merge it + if conf[k] and type(v) == "table" then + for subk, subv in pairs(v) do + if type(subk) == "number" then + table.insert(conf[k], subv) + else + conf[k][subk] = subv + end + end + + -- Else just take the persistent rule's value + else + conf[k] = v + end + end +end + + +-- Default configuration values +default_conf = { + portal_scheme = "https", + portal_path = "/ssowat", + local_portal_domain = "yunohost.local", + domains = { conf["portal_domain"], "yunohost.local" }, + session_timeout = 60 * 60 * 24, -- one day + session_max_timeout = 60 * 60 * 24 * 7, -- one week + login_arg = "sso_login", + ldap_host = "localhost", + ldap_group = "ou=users,dc=yunohost,dc=org", + ldap_identifier = "uid", + ldap_attributes = {"uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"}, + allow_mail_authentication = true, + default_language = "en" +} + + +-- Load default values unless they are set in the configuration file. +for param, default_value in pairs(default_conf) do + conf[param] = conf[param] or default_value +end + + + +-- If you access the SSO by a local domain, change the portal domain to +-- avoid unwanted redirections. +if ngx.var.host == conf["local_portal_domain"] then + conf["original_portal_domain"] = conf["portal_domain"] + conf["portal_domain"] = conf["local_portal_domain"] +end + + +-- Build portal full URL out of the configuration values +local portal_url = conf["portal_scheme"].."://".. + conf["portal_domain"].. + conf["portal_path"] + + +-- Always skip the portal to avoid redirection looping. +table.insert(conf["skipped_urls"], conf["portal_domain"]..conf["portal_path"]) diff --git a/debian/install b/debian/install index 8ecd952..d40d25b 100644 --- a/debian/install +++ b/debian/install @@ -1,6 +1,7 @@ init.lua /usr/share/ssowat access.lua /usr/share/ssowat helpers.lua /usr/share/ssowat +config.lua /usr/share/ssowat hige.lua /usr/share/ssowat portal /usr/share/ssowat conf.json /etc/ssowat diff --git a/helpers.lua b/helpers.lua index 7a00259..34f922f 100644 --- a/helpers.lua +++ b/helpers.lua @@ -782,4 +782,3 @@ function pass () return end - diff --git a/init.lua b/init.lua index ad14a16..3462448 100644 --- a/init.lua +++ b/init.lua @@ -1,3 +1,13 @@ +-- +-- init.lua +-- +-- This is the initialization file of SSOwat. It is called once at the Nginx +-- server's start. +-- Consequently, all the variables declared (along with libraries and +-- translations) in this file will be *persistent* from one HTTP request to +-- another. +-- + -- Remove prepending '@' & trailing 'init.lua' script_path = string.sub(debug.getinfo(1).source, 2, -9) @@ -11,12 +21,13 @@ math = require "math" hige = require "hige" lfs = require "lfs" --- Shared table +-- Persistent shared table flashs = {} login = {} logout = {} i18n = {} +-- Load translations in the "i18n" above table local locale_dir = script_path.."portal/locales/" for file in lfs.dir(locale_dir) do if string.sub(file, -4) == "json" then @@ -29,4 +40,5 @@ end -- Path of the configuration conf_path = "/etc/ssowat/conf.json" +-- You should see that in your Nginx error logs by default ngx.log(ngx.INFO, "SSOwat ready")