prosody-modules
ed6fa901cf94
mod_rest/mod_rest.lua
Software / code / prosody-modules
Comparison
mod_rest/mod_rest.lua @ 6272:ed6fa901cf94
mod_rest: Enable HTTP Basic authentication for Components
Not sure if mod_http_oauth2 still works for components
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 31 May 2025 16:59:35 +0200 |
| parent | 6244:c71d8bc77c95 |
comparison
equal
deleted
inserted
replaced
| 6271:b63202d66238 | 6272:ed6fa901cf94 |
|---|---|
| 62 auth_type = auth_type and auth_type:lower(); | 62 auth_type = auth_type and auth_type:lower(); |
| 63 if not (auth_type and auth_data) or not auth_mechanisms:contains(auth_type) then | 63 if not (auth_type and auth_data) or not auth_mechanisms:contains(auth_type) then |
| 64 return nil, post_errors.new("noauthz", { request = request }); | 64 return nil, post_errors.new("noauthz", { request = request }); |
| 65 end | 65 end |
| 66 | 66 |
| 67 if auth_type == "basic" then | 67 if auth_type == "basic" and module:get_host_type() == "local" then |
| 68 local creds = base64.decode(auth_data); | 68 local creds = base64.decode(auth_data); |
| 69 if not creds then | 69 if not creds then |
| 70 return nil, post_errors.new("malformauthz", { request = request }); | 70 return nil, post_errors.new("malformauthz", { request = request }); |
| 71 end | 71 end |
| 72 local username, password = string.match(creds, "^([^:]+):(.*)$"); | 72 local username, password = string.match(creds, "^([^:]+):(.*)$"); |
| 79 end | 79 end |
| 80 if not um.test_password(username, module.host, password) then | 80 if not um.test_password(username, module.host, password) then |
| 81 return false, post_errors.new("unauthz", { request = request }); | 81 return false, post_errors.new("unauthz", { request = request }); |
| 82 end | 82 end |
| 83 return { username = username; host = module.host }; | 83 return { username = username; host = module.host }; |
| 84 elseif auth_type == "basic" and module:get_host_type() == "component" then | |
| 85 local component_secret = module:get_option_string("component_secret"); | |
| 86 local creds = base64.decode(auth_data); | |
| 87 if creds ~= module.host .. ":" .. component_secret then | |
| 88 return nil, post_errors.new("malformauthz", { request = request }); | |
| 89 end | |
| 90 return { host = module.host }; | |
| 84 elseif auth_type == "bearer" then | 91 elseif auth_type == "bearer" then |
| 85 if tokens.get_token_session then | 92 if tokens.get_token_session then |
| 86 local token_session, err = tokens.get_token_session(auth_data); | 93 local token_session, err = tokens.get_token_session(auth_data); |
| 87 if not token_session then | 94 if not token_session then |
| 88 return false, token_session_errors.new(err or "not-authorized", { request = request }); | 95 return false, token_session_errors.new(err or "not-authorized", { request = request }); |
