Annotate

mod_rest/apidemo.lib.lua @ 5264:d3ebaef1ea7a

mod_http_oauth2: Correctly verify OAuth client credentials on revocation Makes no sense to validate against username and password here, or using a token to revoke another token, or itself? In fact, upon further discussion, why do you need credentials to revoke a token? If you are not supposed to have the token, revoking it seems the most responsible thing to do with it, so it should be allowed, while if you are supposed to have it, you should be allowed to revoke it.
author Kim Alvefur <zash@zash.se>
date Tue, 21 Mar 2023 21:57:18 +0100
parent 5220:d03448560acf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local _M = {};
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local api_demo = module:get_option_path("rest_demo_resources", nil);
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local http_files = require "net.http.files";
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"};
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 _M.resources = http_files.serve({
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 path = api_demo;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 mime_map = mime_map;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 });
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local index do
4928
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
14 local f, err = io.open(api_demo.."/index.html");
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
15 if not f then
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
16 module:log("error", "Could not open resource: %s", err);
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
17 module:log("error", "'rest_demo_resources' should point to the 'dist' directory");
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
18 return _M
d5612dcf6733 mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents: 4728
diff changeset
19 end
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 index = f:read("*a");
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 f:close();
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 -- SUCH HACK, VERY GSUB, WOW!
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
4550
0befc680970b mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents: 4528
diff changeset
25 index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 end
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 do
4528
fd15e7f00ff5 mod_rest: Move openapi spec into res/ dir to get it included in rocks
Kim Alvefur <zash@zash.se>
parents: 4498
diff changeset
29 local f = module:load_resource("res/openapi.yaml");
5220
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
30 local openapi = f:read("*a");
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
31 openapi = openapi:gsub("https://example%.com/oauth2", module:http_url("oauth2"));
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 _M.schema = {
4498
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
33 headers = {
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
34 content_type = "text/x-yaml";
1776831d0fab mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents: 4488
diff changeset
35 };
5220
d03448560acf mod_rest: Point URLs to mod_http_oauth2 in demo mode
Kim Alvefur <zash@zash.se>
parents: 4928
diff changeset
36 body = openapi;
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 }
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 f:close();
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 _M.redirect = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 status_code = 303;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 headers = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 location = module:http_url().."/demo/";
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 _M.main_page = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 headers = {
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 content_type = "text/html";
4550
0befc680970b mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents: 4528
diff changeset
51 content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
4488
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 };
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 body = index;
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 }
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
eea62d30ae08 mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 return _M