Software /
code /
prosody-modules
Annotate
mod_rest/apidemo.lib.lua @ 5461:06640647d193
mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs
Per draft-ietf-oauth-v2-1-08#section-8.4.2
> The authorization server MUST allow any port to be specified at the
> time of the request for loopback IP redirect URIs, to accommodate
> clients that obtain an available ephemeral port from the operating
> system at the time of the request.
Uncertain if it should normalize the host part, but it also seems
harmless to treat IPv6 and IPv4 the same here.
One thing is that "localhost" is NOT RECOMMENDED because it can
sometimes be pointed to non-loopback interfaces via DNS or hosts file.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 17 May 2023 13:51:30 +0200 |
parent | 5220:d03448560acf |
rev | line source |
---|---|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local _M = {}; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local api_demo = module:get_option_path("rest_demo_resources", nil); |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local http_files = require "net.http.files"; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"}; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 _M.resources = http_files.serve({ |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 path = api_demo; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 mime_map = mime_map; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 }); |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local index do |
4928
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
14 local f, err = io.open(api_demo.."/index.html"); |
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
15 if not f then |
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
16 module:log("error", "Could not open resource: %s", err); |
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
17 module:log("error", "'rest_demo_resources' should point to the 'dist' directory"); |
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
18 return _M |
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
19 end |
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 index = f:read("*a"); |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 f:close(); |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 -- SUCH HACK, VERY GSUB, WOW! |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1); |
4550
0befc680970b
mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents:
4528
diff
changeset
|
25 index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2"); |
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 end |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 do |
4528
fd15e7f00ff5
mod_rest: Move openapi spec into res/ dir to get it included in rocks
Kim Alvefur <zash@zash.se>
parents:
4498
diff
changeset
|
29 local f = module:load_resource("res/openapi.yaml"); |
5220
d03448560acf
mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents:
4928
diff
changeset
|
30 local openapi = f:read("*a"); |
d03448560acf
mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents:
4928
diff
changeset
|
31 openapi = openapi:gsub("https://example%.com/oauth2", module:http_url("oauth2")); |
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 _M.schema = { |
4498
1776831d0fab
mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents:
4488
diff
changeset
|
33 headers = { |
1776831d0fab
mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents:
4488
diff
changeset
|
34 content_type = "text/x-yaml"; |
1776831d0fab
mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents:
4488
diff
changeset
|
35 }; |
5220
d03448560acf
mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents:
4928
diff
changeset
|
36 body = openapi; |
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 } |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 f:close(); |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 _M.redirect = { |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 status_code = 303; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 headers = { |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 location = module:http_url().."/demo/"; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 }; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 }; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 _M.main_page = { |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 headers = { |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 content_type = "text/html"; |
4550
0befc680970b
mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents:
4528
diff
changeset
|
51 content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'"; |
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 }; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 body = index; |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 } |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 return _M |