-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(session) bump resty session to 3.1 and other changes (#16)
* chore(session) bump resty.session to 3.1 and rewrite custom storage ### Summary Bumps `lua-resty-session` to `3.1` and rewrite the `kong` session storage adapter to work with `3.1`. * refactor(session) split header_filter to its own file ### Summary Removes `header_filter` code from `handler.lua` and moves it to `header_filter.lua`. * style(*) just some style changes ### Summary Make code use early exists, localize some variables, and adjustments in spacing. * feat(session) add support for `config.cookie_idletime` ### Summary Adds support for idle time configuration option that was released with `lua-resty-session` `3.1`. * feat(session) add support for `SameSite=None` option ### Summary Old browser do default when `SameSite` is not set (`off` in this plugin): - They treat that as `None` Modern browsers in the other hand are switching to treat it as `Lax`. This commit adds support for explicit `None` option (even on modern browsers). * chore(session) move groups loading close to actual use ### Summary Just moves one line of code closer to its actual usage. * chore(session) use kong.client.load_consumer to load consumer ### Summary Uses `kong.client.load_consumer` instead of re-implementing it. * feat(session) make authenticate to set credential identifier ### Summary Makes `authenticate` function to set `credential identifier` if that is available with Kong (or clears it). * fix(session) anonymous header was set even when there was a credential ### Summary Fixes a bug where anonymous header was set to true when there was a `credential`. * chore(session) bump version to 2.3.0 * test(travis) update .travis.yml
- Loading branch information
Showing
9 changed files
with
241 additions
and
255 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
local kong_session = require "kong.plugins.session.session" | ||
|
||
|
||
local ngx = ngx | ||
local kong = kong | ||
local type = type | ||
local assert = assert | ||
|
||
|
||
local function get_authenticated_groups() | ||
local authenticated_groups = ngx.ctx.authenticated_groups | ||
if authenticated_groups == nil then | ||
return nil | ||
end | ||
|
||
assert(type(authenticated_groups) == "table", | ||
"invalid authenticated_groups, a table was expected") | ||
|
||
return authenticated_groups | ||
end | ||
|
||
|
||
local _M = {} | ||
|
||
|
||
function _M.execute(conf) | ||
local credential = kong.client.get_credential() | ||
local consumer = kong.client.get_consumer() | ||
|
||
if not credential then | ||
-- don't open sessions for anonymous users | ||
kong.log.debug("anonymous: no credential.") | ||
return | ||
end | ||
|
||
local credential_id = credential.id | ||
local consumer_id = consumer and consumer.id | ||
|
||
-- if session exists and the data in the session matches the ctx then | ||
-- don't worry about saving the session data or sending cookie | ||
local s = kong.ctx.shared.authenticated_session | ||
if s and s.present then | ||
local cid, cred_id = kong_session.retrieve_session_data(s) | ||
if cred_id == credential_id and cid == consumer_id | ||
then | ||
return | ||
end | ||
end | ||
|
||
-- session is no longer valid | ||
-- create new session and save the data / send the Set-Cookie header | ||
if consumer_id then | ||
local groups = get_authenticated_groups() | ||
s = s or kong_session.open_session(conf) | ||
kong_session.store_session_data(s, | ||
consumer_id, | ||
credential_id or consumer_id, | ||
groups) | ||
s:save() | ||
end | ||
end | ||
|
||
|
||
return _M |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.