Files
kong--kong/kong/plugins/session/access.lua
T
2026-07-13 12:32:21 +08:00

138 lines
3.3 KiB
Lua

local constants = require "kong.constants"
local kong_session = require "kong.plugins.session.session"
local ngx = ngx
local kong = kong
local concat = table.concat
local _M = {}
local function authenticate(consumer, credential_id, groups)
local set_header = kong.service.request.set_header
local clear_header = kong.service.request.clear_header
if consumer.id then
set_header(constants.HEADERS.CONSUMER_ID, consumer.id)
else
clear_header(constants.HEADERS.CONSUMER_ID)
end
if consumer.custom_id then
set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
else
clear_header(constants.HEADERS.CONSUMER_CUSTOM_ID)
end
if consumer.username then
set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)
else
clear_header(constants.HEADERS.CONSUMER_USERNAME)
end
if groups then
set_header(constants.HEADERS.AUTHENTICATED_GROUPS, concat(groups, ", "))
ngx.ctx.authenticated_groups = groups
else
clear_header(constants.HEADERS.AUTHENTICATED_GROUPS)
end
local credential
if credential_id then
credential = {
id = credential_id,
consumer_id = consumer.id,
}
clear_header(constants.HEADERS.ANONYMOUS)
if constants.HEADERS.CREDENTIAL_IDENTIFIER then
set_header(constants.HEADERS.CREDENTIAL_IDENTIFIER, credential.id)
end
else
set_header(constants.HEADERS.ANONYMOUS, true)
if constants.HEADERS.CREDENTIAL_IDENTIFIER then
clear_header(constants.HEADERS.CREDENTIAL_IDENTIFIER)
end
end
kong.client.authenticate(consumer, credential)
end
function _M.execute(conf)
-- check if session exists
local session, err, exists = kong_session.open_session(conf)
if not exists then
if err then
kong.log.debug("session not present (", err, ")")
else
kong.log.debug("session not present")
end
return
end
-- check if incoming request is trying to logout
if kong_session.logout(conf) then
kong.log.debug("session logging out")
local ok, err = session:logout()
if not ok then
if err then
kong.log.warn("session logout failed (", err, ")")
else
kong.log.warn("session logout failed")
end
end
return kong.response.exit(200)
end
local consumer_id, credential_id, groups = kong_session.get_session_data(session)
local consumer_cache_key = kong.db.consumers:cache_key(consumer_id)
local consumer, err = kong.cache:get(consumer_cache_key, nil,
kong.client.load_consumer, consumer_id)
if err then
kong.log.err("could not load consumer: ", err)
return
end
-- destroy sessions with invalid consumer_id
if not consumer then
kong.log.debug("failed to find consumer, destroying session")
local ok, err = session:logout()
if not ok then
if err then
kong.log.warn("session logout failed (", err, ")")
else
kong.log.warn("session logout failed")
end
end
return
end
local ok, err = session:refresh()
if not ok then
if err then
kong.log.warn("session refresh failed (", err, ")")
else
kong.log.warn("session refresh failed")
end
end
session:set_headers()
kong.ctx.shared.authenticated_session = session
authenticate(consumer, credential_id, groups)
end
return _M