Gitlab-Migration/demo-websites
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update auth.lua to remove KEYCLOAK_CLIENT_SECRET check and add token expiration validation

Browse Source
This commit is contained in:
Thatsaphorn
2025-06-14 09:02:49 +02:00
parent 0055ab668a
commit cde6f468bc
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
auth.lua
View File

@@ -1,10 +1,6 @@
local openidc = require("resty.openidc") local openidc = require("resty.openidc")
local client_secret = os.getenv("KEYCLOAK_CLIENT_SECRET") local client_secret = os.getenv("KEYCLOAK_CLIENT_SECRET")
if not client_secret then
ngx.log(ngx.ERR, "Missing KEYCLOAK_CLIENT_SECRET env variable")
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
local opts = { local opts = {
redirect_uri_path = "/redirect_uri", redirect_uri_path = "/redirect_uri",
@@ -24,6 +20,15 @@ if err then
ngx.exit(ngx.HTTP_FORBIDDEN) ngx.exit(ngx.HTTP_FORBIDDEN)
end end
-- Check if token has expired
if res.id_token and res.id_token.exp then
local now = ngx.time()
if res.id_token.exp < now then
ngx.log(ngx.ERR, "Token expired")
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
end
ngx.req.set_header("X-User", res.user.preferred_username or "") ngx.req.set_header("X-User", res.user.preferred_username or "")
ngx.req.set_header("X-Email", res.user.email or "") ngx.req.set_header("X-Email", res.user.email or "")
ngx.status = 204 -- empty but valid response to avoid ERR_INVALID_RESPONSE ngx.status = 204