in apisix/plugins/authz-casdoor.lua [94:174]
function _M.access(conf, ctx)
local current_uri = ctx.var.uri
local session_obj_read, session_present = session.open()
local m, err = ngx.re.match(conf.callback_url, ".+//[^/]+(/.*)", "jo")
if err or not m then
core.log.error(err)
return 503
end
local real_callback_url = m[1]
if current_uri == real_callback_url then
if not session_present then
err = "no session found"
core.log.error(err)
return 503
end
local state_in_session = session_obj_read.data.state
if not state_in_session then
err = "no state found in session"
core.log.error(err)
return 503
end
local args = core.request.get_uri_args(ctx)
if not args or not args.code or not args.state then
err = "failed when accessing token. Invalid code or state"
core.log.error(err)
return 400, err
end
if args.state ~= tostring(state_in_session) then
err = "invalid state"
core.log.error(err)
return 400, err
end
if not args.code then
err = "invalid code"
core.log.error(err)
return 400, err
end
local access_token, lifetime, err =
fetch_access_token(args.code, conf)
if not access_token then
core.log.error(err)
return 503
end
local original_url = session_obj_read.data.original_uri
if not original_url then
err = "no original_url found in session"
core.log.error(err)
return 503
end
local session_obj_write = session.new {
cookie = {lifetime = lifetime}
}
session_obj_write:start()
session_obj_write.data.access_token = access_token
session_obj_write:save()
core.response.set_header("Location", original_url)
return 302
end
if not (session_present and session_obj_read.data.access_token) then
local state = rand(0x7fffffff)
local session_obj_write = session.start()
session_obj_write.data.original_uri = current_uri
session_obj_write.data.state = state
session_obj_write:save()
local redirect_url = conf.endpoint_addr .. "/login/oauth/authorize?" .. ngx.encode_args({
response_type = "code",
scope = "read",
state = state,
client_id = conf.client_id,
redirect_uri = conf.callback_url
})
core.response.set_header("Location", redirect_url)
return 302
end
end