Annotate

mod_rest/apidemo.lib.lua @ 5458:813fe4f76286

mod_http_oauth2: Do minimal validation of private-use URI schemes Per draft-ietf-oauth-v2-1-08#section-2.3.1 > At a minimum, any private-use URI scheme that doesn't contain a period > character (.) SHOULD be rejected. Since this would rule out the OOB URI, which is useful for CLI tools and such without a built-in http server, it is explicitly allowed.
author Kim Alvefur <zash@zash.se>
date Tue, 16 May 2023 22:18:12 +0200
parent 5220:d03448560acf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local _M = {};
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local api_demo = module:get_option_path("rest_demo_resources", nil);
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local http_files = require "net.http.files";
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"};
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 _M.resources = http_files.serve({
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 path = api_demo;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 mime_map = mime_map;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 });
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local index do
4928
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
14 local f, err = io.open(api_demo.."/index.html");
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
15 if not f then
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
16 module:log("error", "Could not open resource: %s", err);
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
17 module:log("error", "'rest_demo_resources' should point to the 'dist' directory");
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
18 return _M
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
19 end
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 index = f:read("*a");
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 f:close();
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 -- SUCH HACK, VERY GSUB, WOW!
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
4550
0befc680970b mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents: 4528
diff changeset
25 index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 end
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 do
4528
fd15e7f00ff5 mod_rest: Move openapi spec into res/ dir to get it included in rocks
Kim Alvefur <zash@zash.se>
parents: 4498
diff changeset
29 local f = module:load_resource("res/openapi.yaml");
5220
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
30 local openapi = f:read("*a");
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
31 openapi = openapi:gsub("https://example%.com/oauth2", module:http_url("oauth2"));
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 _M.schema = {
4498
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
33 headers = {
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
34 content_type = "text/x-yaml";
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
35 };
5220
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
36 body = openapi;
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 }
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 f:close();
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 _M.redirect = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 status_code = 303;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 headers = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 location = module:http_url().."/demo/";
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 _M.main_page = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 headers = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 content_type = "text/html";
4550
0befc680970b mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents: 4528
diff changeset
51 content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 body = index;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 }
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 return _M