apisix/plugins/multi-auth.lua - apisix - Git at Google

 --
 -- Licensed to the Apache Software Foundation (ASF) under one or more
 -- contributor license agreements.  See the NOTICE file distributed with
 -- this work for additional information regarding copyright ownership.
 -- The ASF licenses this file to You under the Apache License, Version 2.0
 -- (the "License"); you may not use this file except in compliance with
 -- the License.  You may obtain a copy of the License at
 --
 --     http://www.apache.org/licenses/LICENSE-2.0
 --
 -- Unless required by applicable law or agreed to in writing, software
 -- distributed under the License is distributed on an "AS IS" BASIS,
 -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 -- See the License for the specific language governing permissions and
 -- limitations under the License.
 --
 local core = require("apisix.core")
 local require = require
 local pairs = pairs

 local schema = {
     type = "object",
     title = "work with route or service object",
     properties = {
         auth_plugins = { type = "array", minItems = 2 }
     },
     required = { "auth_plugins" },
 }


 local plugin_name = "multi-auth"

 local _M = {
     version = 0.1,
     priority = 2600,
     type = 'auth',
     name = plugin_name,
     schema = schema
 }

 function _M.check_schema(conf)
     local ok, err = core.schema.check(schema, conf)
     if not ok then
         return false, err
     end

     local auth_plugins = conf.auth_plugins
     for k, auth_plugin in pairs(auth_plugins) do
         for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
             local auth = require("apisix.plugins." .. auth_plugin_name)
             if auth == nil then
                 return false, auth_plugin_name .. " plugin did not found"
                 else
                 if auth.type ~= 'auth' then
                     return false, auth_plugin_name .. " plugin is not supported"
                 end
                 local ok, err = auth.check_schema(auth_plugin_conf, auth.schema)
                 if not ok then
                     return false, "plugin " .. auth_plugin_name .. " check schema failed: " .. err
                 end
             end
         end
     end

     return true
 end

 function _M.rewrite(conf, ctx)
     local auth_plugins = conf.auth_plugins
     local status_code
     for k, auth_plugin in pairs(auth_plugins) do
         for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
             local auth = require("apisix.plugins." .. auth_plugin_name)
             -- returns 401 HTTP status code if authentication failed, otherwise returns nothing.
             local auth_code = auth.rewrite(auth_plugin_conf, ctx)
             status_code = auth_code
             if auth_code == nil then
                 core.log.debug(auth_plugin_name .. " succeed to authenticate the request")
                 goto authenticated
             else
                 core.log.debug(auth_plugin_name .. " failed to authenticate the request, code: "
                         .. auth_code)
             end
         end
     end

     :: authenticated ::
     if status_code ~= nil then
         return 401, { message = "Authorization Failed" }
     end
 end

 return _M
	--
	-- Licensed to the Apache Software Foundation (ASF) under one or more
	-- contributor license agreements. See the NOTICE file distributed with
	-- this work for additional information regarding copyright ownership.
	-- The ASF licenses this file to You under the Apache License, Version 2.0
	-- (the "License"); you may not use this file except in compliance with
	-- the License. You may obtain a copy of the License at
	--
	-- http://www.apache.org/licenses/LICENSE-2.0
	--
	-- Unless required by applicable law or agreed to in writing, software
	-- distributed under the License is distributed on an "AS IS" BASIS,
	-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	-- See the License for the specific language governing permissions and
	-- limitations under the License.
	--
	local core = require("apisix.core")
	local require = require
	local pairs = pairs

	local schema = {
	type = "object",
	title = "work with route or service object",
	properties = {
	auth_plugins = { type = "array", minItems = 2 }
	},
	required = { "auth_plugins" },
	}


	local plugin_name = "multi-auth"

	local _M = {
	version = 0.1,
	priority = 2600,
	type = 'auth',
	name = plugin_name,
	schema = schema
	}

	function _M.check_schema(conf)
	local ok, err = core.schema.check(schema, conf)
	if not ok then
	return false, err
	end

	local auth_plugins = conf.auth_plugins
	for k, auth_plugin in pairs(auth_plugins) do
	for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
	local auth = require("apisix.plugins." .. auth_plugin_name)
	if auth == nil then
	return false, auth_plugin_name .. " plugin did not found"
	else
	if auth.type ~= 'auth' then
	return false, auth_plugin_name .. " plugin is not supported"
	end
	local ok, err = auth.check_schema(auth_plugin_conf, auth.schema)
	if not ok then
	return false, "plugin " .. auth_plugin_name .. " check schema failed: " .. err
	end
	end
	end
	end

	return true
	end

	function _M.rewrite(conf, ctx)
	local auth_plugins = conf.auth_plugins
	local status_code
	for k, auth_plugin in pairs(auth_plugins) do
	for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
	local auth = require("apisix.plugins." .. auth_plugin_name)
	-- returns 401 HTTP status code if authentication failed, otherwise returns nothing.
	local auth_code = auth.rewrite(auth_plugin_conf, ctx)
	status_code = auth_code
	if auth_code == nil then
	core.log.debug(auth_plugin_name .. " succeed to authenticate the request")
	goto authenticated
	else
	core.log.debug(auth_plugin_name .. " failed to authenticate the request, code: "
	.. auth_code)
	end
	end
	end

	:: authenticated ::
	if status_code ~= nil then
	return 401, { message = "Authorization Failed" }
	end
	end

	return _M