forked from Taytay/api-proxy-3scale-heroku
-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorized_callback.lua
53 lines (43 loc) · 1.85 KB
/
authorized_callback.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
-- authorized_callback.lua
-- Once the client has been authorized by the API provider in their
-- login, the provider is supposed to send the client (via redirect)
-- to this endpoint, with the same status code that we sent him at the
-- moment of the first redirect
local cjson = require 'cjson'
local ts = require 'threescale_utils'
local redis = require 'resty.redis'
local red = redis:new()
local ok, err
local params = ngx.req.get_uri_args()
if ts.required_params_present({'state'}, params) then
ts.connect_redis(red)
local tmp_data = ngx.var.service_id .. "#tmp_data:".. params.state
ok , err = red:exists(tmp_data)
if 0 == ok then
-- TODO: Redirect? to the initial state?
ts.missing_args("state does not exist. Probably expired")
end
ok, err = red:hgetall(tmp_data)
if not ok then
ts.error("no values for tmp_data hash: ".. ts.dump(err))
end
local client_data = red:array_to_hash(ok) -- restoring client data
-- Delete the tmp_data:
red:del(tmp_data)
local code = ts.sha1_digest(ngx.time() .. "#code:" .. client_data.client_id)
ok, err = red:hmset("c:".. client_data.client_id, {client_id = client_data.client_id,
client_secret = client_data.secret_id,
redirect_uri = client_data.redirect_uri,
pre_access_token = client_data.pre_access_token,
code = code,
user_id = params.username })
ok, err = red:expire("c:".. client_data.client_id, 60 * 10) -- code expires in 10 mins
if not ok then
ngx.say("failed to hmset: ", err)
ngx.exit(ngx.HTTP_OK)
end
ngx.req.set_header("Content-Type", "application/x-www-form-urlencoded")
return ngx.redirect(client_data.redirect_uri .. "?code="..code .. "&state=" .. (client_data.state or ""))
else
ts.missing_args("{ 'error': '".. "invalid_client_data from login form" .. "'}")
end