add draft codes
This commit is contained in:
parent
1bd95f289d
commit
766b1d2aff
|
@ -0,0 +1,11 @@
|
|||
version: "3.9"
|
||||
services:
|
||||
resty:
|
||||
image: openresty/openresty:1.21.4.1-4-alpine
|
||||
ports:
|
||||
- "8696:80"
|
||||
environment:
|
||||
- 'LUA_PATH=/?.lua;/aproxy/?.lua'
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- .:/aproxy:ro
|
|
@ -0,0 +1,44 @@
|
|||
local CONFIG_PATH = ".;/etc/aproxy"
|
||||
|
||||
-- function loadConfig()
|
||||
-- -- TODO load config_path
|
||||
-- return require("./config.lua")
|
||||
-- end
|
||||
--
|
||||
-- local config = loadConfig()
|
||||
|
||||
function log(msg)
|
||||
ngx.log(ngx.STDERR, tostring(msg))
|
||||
end
|
||||
|
||||
local WANTED_SCRIPTS = {
|
||||
'scripts.webfinger_allowlist'
|
||||
}
|
||||
|
||||
local compiled_chain = {}
|
||||
|
||||
for _, module_name in pairs(WANTED_SCRIPTS) do
|
||||
log('load module', module_name)
|
||||
mod = require(module_name)
|
||||
log('load module', mod)
|
||||
table.insert(compiled_chain, mod)
|
||||
end
|
||||
|
||||
local function onRequest()
|
||||
log('AWOOOOGA')
|
||||
|
||||
for _,mod in ipairs(compiled_chain) do
|
||||
log(mod)
|
||||
local mod_config = {accounts = {"a@a.com"}}
|
||||
local result, body = mod.callback(mod_config)
|
||||
log(result)
|
||||
log(body)
|
||||
if not result then
|
||||
ngx.status = 400
|
||||
ngx.say(body or "request denied")
|
||||
ngx.exit(400)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
return onRequest
|
|
@ -0,0 +1,15 @@
|
|||
server {
|
||||
listen 80;
|
||||
lua_code_cache off;
|
||||
|
||||
location / {
|
||||
default_type text/html;
|
||||
|
||||
# must happen before proxy_pass
|
||||
access_by_lua_block {
|
||||
require("aproxy.main")()
|
||||
}
|
||||
|
||||
proxy_pass http://localhost:9999;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
function webfingerCallback(cfg)
|
||||
local args, err = ngx.req.get_uri_args()
|
||||
if err == "truncated" then
|
||||
return false, 'uri args too long'
|
||||
end
|
||||
|
||||
local resource = args['resource']
|
||||
if resource ~= nil then
|
||||
for _, account in ipairs(cfg.accounts) do
|
||||
if resource == account then
|
||||
return true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
return false
|
||||
end
|
||||
|
||||
return {
|
||||
name='WebfingerAllowlist',
|
||||
author='luna@l4.pm',
|
||||
title='Webfinger Allowlist',
|
||||
description=[[
|
||||
Prevent unecessary DB load by discarding requests to users that we know
|
||||
won't exist.
|
||||
|
||||
Useful for small instances.
|
||||
]],
|
||||
apiVersion=1,
|
||||
callback=webfingerCallback,
|
||||
callbacks = {
|
||||
['/.well-known/webfinger'] = webfingerCallback
|
||||
},
|
||||
config={
|
||||
['accounts'] = {
|
||||
type='table',
|
||||
value={
|
||||
type='string',
|
||||
description='ap id'
|
||||
},
|
||||
description = 'list of account ids (in email@domain form) to pass through to AP'
|
||||
}
|
||||
},
|
||||
}
|
Loading…
Reference in New Issue