Mercurial > prosody-modules
view mod_http_authentication/mod_http_authentication.lua @ 5468:14b5446e22e1
mod_http_oauth2: Fix returning errors from response handlers
This would either redirect the user back to the client along with the
error code, or show the error HTML template.
Previously this would just show some JSON to the user.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 18 May 2023 12:57:23 +0200 |
parents | 05725785e3a6 |
children |
line wrap: on
line source
module:set_global(); local b64_decode = require "util.encodings".base64.decode; local server = require "net.http.server"; local credentials = module:get_option_string("http_credentials", "username:secretpassword"); local unauthed_endpoints = module:get_option_set("unauthenticated_http_endpoints", { "/http-bind", "/http-bind/" })._items; module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) local request = event_data.request; if event_name ~= "http-error" and request and not unauthed_endpoints[request.path] then local response = event_data.response; local headers = request.headers; if not headers.authorization then response.headers.www_authenticate = ("Basic realm=%q"):format(module.host.."/"..module.name); return 401; end local user_password = b64_decode(headers.authorization:match("%s(%S*)$")); if user_password ~= credentials then return 401; end end return handlers(event_name, event_data); end);