Mercurial > prosody-modules
annotate mod_rest/apidemo.lib.lua @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 03 Mar 2023 21:14:19 +0100 |
| parents | d5612dcf6733 |
| children | d03448560acf |
| rev | line source |
|---|---|
|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local _M = {}; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local api_demo = module:get_option_path("rest_demo_resources", nil); |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local http_files = require "net.http.files"; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"}; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 _M.resources = http_files.serve({ |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 path = api_demo; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 mime_map = mime_map; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 }); |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local index do |
|
4929
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
14 local f, err = io.open(api_demo.."/index.html"); |
|
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
15 if not f then |
|
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
16 module:log("error", "Could not open resource: %s", err); |
|
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
17 module:log("error", "'rest_demo_resources' should point to the 'dist' directory"); |
|
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
18 return _M |
|
d5612dcf6733
mod_rest/apidemo: Don't show traceback to users on config/resource problem
Kim Alvefur <zash@zash.se>
parents:
4728
diff
changeset
|
19 end |
|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 index = f:read("*a"); |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 f:close(); |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 -- SUCH HACK, VERY GSUB, WOW! |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1); |
|
4550
0befc680970b
mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents:
4528
diff
changeset
|
25 index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2"); |
|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 end |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 do |
|
4528
fd15e7f00ff5
mod_rest: Move openapi spec into res/ dir to get it included in rocks
Kim Alvefur <zash@zash.se>
parents:
4498
diff
changeset
|
29 local f = module:load_resource("res/openapi.yaml"); |
|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 _M.schema = { |
|
4498
1776831d0fab
mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents:
4488
diff
changeset
|
31 headers = { |
|
1776831d0fab
mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents:
4488
diff
changeset
|
32 content_type = "text/x-yaml"; |
|
1776831d0fab
mod_rest/apidemo: Serve yaml with a (non-standard) content-type
Kim Alvefur <zash@zash.se>
parents:
4488
diff
changeset
|
33 }; |
|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 body = f:read("*a"); |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 } |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 f:close(); |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 _M.redirect = { |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 status_code = 303; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 headers = { |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 location = module:http_url().."/demo/"; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 }; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 }; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 _M.main_page = { |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 headers = { |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 content_type = "text/html"; |
|
4550
0befc680970b
mod_rest/apidemo: Disable validator
Kim Alvefur <zash@zash.se>
parents:
4528
diff
changeset
|
49 content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'"; |
|
4488
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 }; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 body = index; |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 } |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
|
eea62d30ae08
mod_rest: Add option for serving interactive openapi documentation
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 return _M |