File

mod_rest/apidemo.lib.lua @ 5738:8488ebde5739

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.
author Kim Alvefur <zash@zash.se>
date Tue, 14 Nov 2023 23:03:37 +0100
parent 5220:d03448560acf
line wrap: on
line source


local _M = {};

local api_demo = module:get_option_path("rest_demo_resources", nil);
local http_files = require "net.http.files";

local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"};
_M.resources = http_files.serve({
		path = api_demo;
		mime_map = mime_map;
	});

local index do
	local f, err = io.open(api_demo.."/index.html");
	if not f then
		module:log("error", "Could not open resource: %s", err);
		module:log("error", "'rest_demo_resources' should point to the 'dist' directory");
		return _M
	end
	index = f:read("*a");
	f:close();

	-- SUCH HACK, VERY GSUB, WOW!
	index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
	index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
end

do
	local f = module:load_resource("res/openapi.yaml");
	local openapi = f:read("*a");
	openapi = openapi:gsub("https://example%.com/oauth2", module:http_url("oauth2"));
	_M.schema = {
		headers = {
			content_type = "text/x-yaml";
		};
		body = openapi;
	}
	f:close();
end

_M.redirect = {
	status_code = 303;
	headers = {
		location = module:http_url().."/demo/";
	};
};

_M.main_page = {
	headers = {
		content_type = "text/html";
		content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
	};
	body = index;
}

return _M