view mod_rest/apidemo.lib.lua @ 5406:b86d80e21c60

mod_http_oauth2: Validate consistency of response and grant types Ensure that these correlated fields make sense per RFC 7591 ยง 2.1, even though we currently only check the response type during authorization. This could probably all be deleted if (when!) we remove the implicit grant, since then these things don't make any sense anymore.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:34:31 +0200
parents d03448560acf
children
line wrap: on
line source


local _M = {};

local api_demo = module:get_option_path("rest_demo_resources", nil);
local http_files = require "net.http.files";

local mime_map = module:shared("/*/http_files/mime").types or {css = "text/css"; js = "application/javascript"};
_M.resources = http_files.serve({
		path = api_demo;
		mime_map = mime_map;
	});

local index do
	local f, err = io.open(api_demo.."/index.html");
	if not f then
		module:log("error", "Could not open resource: %s", err);
		module:log("error", "'rest_demo_resources' should point to the 'dist' directory");
		return _M
	end
	index = f:read("*a");
	f:close();

	-- SUCH HACK, VERY GSUB, WOW!
	index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
	index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
end

do
	local f = module:load_resource("res/openapi.yaml");
	local openapi = f:read("*a");
	openapi = openapi:gsub("https://example%.com/oauth2", module:http_url("oauth2"));
	_M.schema = {
		headers = {
			content_type = "text/x-yaml";
		};
		body = openapi;
	}
	f:close();
end

_M.redirect = {
	status_code = 303;
	headers = {
		location = module:http_url().."/demo/";
	};
};

_M.main_page = {
	headers = {
		content_type = "text/html";
		content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
	};
	body = index;
}

return _M