Merge pull request #14 from holaplex/espi/gateway-user-id-header

[Hub Gateway] Optional X-User-Id, No opa, More Routes
holaplex · Feb 13, 2023 · d0e2992 · d0e2992
2 parents 5fb4bec + c069148
commit d0e2992
Show file tree

Hide file tree

Showing 11 changed files with 81 additions and 744 deletions.
diff --git a/charts/hub-gateway/Chart.yaml b/charts/hub-gateway/Chart.yaml
@@ -18,13 +18,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.9
+version: "0.2"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.9"
+appVersion: "0.2"
 sources:
   - https://github.com/holaplex/helm-charts
 

diff --git a/charts/hub-gateway/plugins/hub-orgs.lua b/charts/hub-gateway/plugins/hub-orgs.lua
diff --git a/charts/hub-gateway/plugins/kratos.lua b/charts/hub-gateway/plugins/kratos.lua
@@ -14,47 +14,63 @@
 -- See the License for the specific language governing permissions and
 -- limitations under the License.
 --
-
-local core   = require("apisix.core")
-local http   = require("resty.http")
-local json   = require("apisix.core.json")
+local core = require("apisix.core")
+local http = require("resty.http")
+local json = require("apisix.core.json")
 
 local schema = {
     type = "object",
     properties = {
-        host = {type = "string"},
+        host = {
+            type = "string"
+        },
         ssl_verify = {
             type = "boolean",
-            default = true,
+            default = true
         },
         timeout = {
             type = "integer",
             minimum = 1,
             maximum = 60000,
             default = 3000,
-            description = "timeout in milliseconds",
+            description = "timeout in milliseconds"
+        },
+        keepalive = {
+            type = "boolean",
+            default = true
+        },
+        keepalive_timeout = {
+            type = "integer",
+            minimum = 1000,
+            default = 60000
+        },
+        keepalive_pool = {
+            type = "integer",
+            minimum = 1,
+            default = 5
+        },
+        expose_user_data = {
+            type = "boolean",
+            default = false
+        },
+        expose_user_id = {
+            type = "boolean",
+            default = false
+        },
+        session_cookie_name = {
+            type = "string"
         },
-        keepalive = {type = "boolean", default = true},
-        keepalive_timeout = {type = "integer", minimum = 1000, default = 60000},
-        keepalive_pool = {type = "integer", minimum = 1, default = 5},
-        expose_user_data = {type = "boolean", default = false},
-        expose_user_id = {type = "boolean", default = false},
-        session_cookie_name = {type = "string"},
-        redirect_unauthorized = {type = "boolean", default = false},
-        redirect_uri = {type = "string"},
     },
     required = {"host"}
 }
 
-
 local _M = {
     version = 0.1,
     priority = 1030,
     name = "kratos",
-    schema = schema,
+    schema = schema
 }
 
-
 function _M.check_schema(conf)
     return core.schema.check(schema, conf)
 end
@@ -64,46 +80,37 @@ local function build_json_error(code, status, reason)
     core.response.set_header(ctx, "content", "application/json")
     local res = {
         error = {
-          code = code,
-          status = status,
-          reason = reason
+            code = code,
+            status = status,
+            reason = reason
         }
-      }
+    }
     return json.encode(res)
 end
 
 function _M.access(conf, ctx)
     local ret_code
     local headers = core.request.headers()
     local method_name = ngx.req.get_method()
-
-    if method_name == "GET" and conf.redirect_unauthorized then
-      ret_code = 301
-    else
-      ret_code = 401
-    end
 
     local session_cookie_name = string.lower(conf.session_cookie_name or "ory_kratos_session")
     local cookie_header = string.lower("cookie_" .. session_cookie_name)
     local cookie_value = ngx.var[cookie_header]
-    
+
     -- Try to get session token from cookie header and $session_cookie_name 
     local session_token = headers[session_cookie_name] or cookie_value
 
     if not session_token then
-      local res = build_json_error(ret_code, "Unauthorized", "Missing " .. session_cookie_name .. " header or cookie")
-      if ret_code == 301 then
-        core.response.set_header("Location", conf.redirect_uri)
-      end
-      return ret_code, res
+        local res = build_json_error(ret_code, "Unauthorized", "Missing " .. session_cookie_name .. " header or cookie")
+        return
     end
 
-    local kratos_cookie =  session_cookie_name .. "=" .. session_token
-    
+    local kratos_cookie = session_cookie_name .. "=" .. session_token
+
     local params = {
         method = "POST",
         headers = {
-            ["Cookie"] = kratos_cookie,
+            ["Cookie"] = kratos_cookie
         },
         keepalive = conf.keepalive,
         ssl_verify = conf.ssl_verify
@@ -122,44 +129,38 @@ function _M.access(conf, ctx)
 
     -- block by default when user is not found
     if not res then
-        return 403, res.body
+        return
     end
 
     -- parse the user data
     local data, err = json.decode(res.body)
     if not data then
-        return 503, res.body
+        return
     end
 
     -- block if user id is not found
     if not data.id then
-     local reason = res.body
-     core.log.error(reason)
-     if ret_code == 301 then
-       core.response.set_header("Location", conf.redirect_uri)
-     end
-
-     return ret_code, reason
+        return
     end
 
     -- Expose user data response on $kratos_user_data variable
     if conf.expose_user_data then
         local user_data = ngx.encode_base64(res.body)
         if not user_data then
-            return 503, res.body
+            return
         end
         core.ctx.register_var("kratos_user_data", function(ctx)
-          return user_data
+            return user_data
         end)
     end
 
     -- Expose user id on $kratos_user_id variable
     if conf.expose_user_id then
-      core.request.set_header(ctx, "x-user-id", data.identity.id)
-      core.response.set_header("x-user-id", data.identity.id)
-      core.ctx.register_var("kratos_user_id", function(ctx)
-        return data.identity.id
-      end)
+        core.request.set_header(ctx, "x-user-id", data.identity.id)
+        core.response.set_header("x-user-id", data.identity.id)
+        core.ctx.register_var("kratos_user_id", function(ctx)
+            return data.identity.id
+        end)
     end
 end