Annotate

mod_rest/apidemo.lib.lua @ 5461:06640647d193

mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs Per draft-ietf-oauth-v2-1-08#section-8.4.2 > The authorization server MUST allow any port to be specified at the > time of the request for loopback IP redirect URIs, to accommodate > clients that obtain an available ephemeral port from the operating > system at the time of the request. Uncertain if it should normalize the host part, but it also seems harmless to treat IPv6 and IPv4 the same here. One thing is that "localhost" is NOT RECOMMENDED because it can sometimes be pointed to non-loopback interfaces via DNS or hosts file.
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 13:51:30 +0200
parent 5220:d03448560acf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local _M = {};
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local api_demo = module:get_option_path("rest_demo_resources", nil);
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local http_files = require "net.http.files";
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"};
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 _M.resources = http_files.serve({
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 path = api_demo;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 mime_map = mime_map;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 });
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local index do
4928
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
14 local f, err = io.open(api_demo.."/index.html");
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
15 if not f then
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
16 module:log("error", "Could not open resource: %s", err);
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
17 module:log("error", "'rest_demo_resources' should point to the 'dist' directory");
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
18 return _M
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
19 end
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 index = f:read("*a");
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 f:close();
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 -- SUCH HACK, VERY GSUB, WOW!
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
4550
0befc680970b mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents: 4528
diff changeset
25 index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 end
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 do
4528
fd15e7f00ff5 mod_rest: Move openapi spec into res/ dir to get it included in rocks
Kim Alvefur <zash@zash.se>
parents: 4498
diff changeset
29 local f = module:load_resource("res/openapi.yaml");
5220
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
30 local openapi = f:read("*a");
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
31 openapi = openapi:gsub("https://example%.com/oauth2", module:http_url("oauth2"));
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 _M.schema = {
4498
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
33 headers = {
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
34 content_type = "text/x-yaml";
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
35 };
5220
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
36 body = openapi;
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 }
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 f:close();
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 _M.redirect = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 status_code = 303;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 headers = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 location = module:http_url().."/demo/";
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 _M.main_page = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 headers = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 content_type = "text/html";
4550
0befc680970b mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents: 4528
diff changeset
51 content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 body = index;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 }
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 return _M