chart update, adding hub orgs plugin

charts/hub-gateway/Chart.yaml

@@ -18,13 +18,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.4
+version: 0.1.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.4"
+appVersion: "0.1.5"
 sources:
   - https://github.com/holaplex/helm-charts
 

charts/hub-gateway/plugins/hub-orgs.lua

@@ -0,0 +1,131 @@
+local core   = require("apisix.core")
+local http   = require("resty.http")
+local json   = require("apisix.core.json")
+
+local schema = {
+    type = "object",
+    properties = {
+        host = {type = "string"},
+        ssl_verify = {
+            type = "boolean",
+            default = true,
+        },
+        timeout = {
+            type = "integer",
+            minimum = 1,
+            maximum = 60000,
+            default = 3000,
+            description = "timeout in milliseconds",
+        },
+        keepalive = {type = "boolean", default = true},
+        keepalive_timeout = {type = "integer", minimum = 1000, default = 60000},
+        keepalive_pool = {type = "integer", minimum = 1, default = 5},
+        redirect_unauthorized = {type = "boolean", default = false},
+        redirect_uri = {type = "string"},
+    },
+    required = {"host"}
+}
+
+
+local _M = {
+    version = 0.1,
+    priority = 3000,
+    name = "hub-orgs",
+    schema = schema,
+}
+
+
+function _M.check_schema(conf)
+    return core.schema.check(schema, conf)
+end
+
+local function build_json_error(code, status, reason)
+
+    core.response.set_header("content", "application/json")
+    local res = {
+        error = {
+          code = code,
+          status = status,
+          reason = reason
+        }
+      }
+    return json.encode(res)
+end
+
+function _M.access(conf, ctx)
+    local headers = core.request.headers();
+    local user_id = ctx.var.kratos_user_id
+
+    if not user_id then
+        local res = build_json_error(500, "Internal server error", "Unable to read user-id from kratos plugin")
+        core.log.error("unable to read user-id from kratos plugin")
+        return 500, res
+    end
+    -- Get Org data
+    local params = {
+        method = "GET",
+        headers = {
+            ["X-USER-ID"] = user_id,
+            ["Content-Type"] = "application/json",
+            ["Accept"] = "application/json",
+        },
+        keepalive = conf.keepalive,
+        ssl_verify = conf.ssl_verify
+    }
+
+    -- Get slug from header
+    local org_slug = string.lower(string.match(headers.host, "([^.]+)."))
+
+    -- make the call - get org id
+    local endpoint = conf.host .. "/organizations/" .. org_slug
+    local httpc = http.new()
+    httpc:set_timeout(conf.timeout)
+    local res, err = httpc:request_uri(endpoint, params)
+
+    -- return 503 if error on response or when parsing
+    if not res then
+        local res = build_json_error(500, "Internal server error", "Unable to get organizations")
+        return 500, res
+    end
+
+    local org , err = json.decode(res.body)
+    if not org then
+        local res = build_json_error(404, "Not found", "No organization found with slug: " .. org_slug)
+        core.log.error("Failed to parse organization data. invalid response body: ", res.body, " err: ", err)
+        return 404, res
+    end
+
+    if conf.keepalive then
+        params.keepalive_timeout = conf.keepalive_timeout
+        params.keepalive_pool = conf.keepalive_pool
+    end
+
+
+    -- make the call - get affiliations
+    local endpoint = conf.host .. "/affiliations"
+    local res, err = httpc:request_uri(endpoint, params)
+    -- return 503 if error on response or when parsing
+    if not res then
+        local res = build_json_error(500, "Internal server error", "Unable to get affiliations")
+        core.log.error("Failed to get affiliations. invalid response body: ", res.body, " err: ", err)
+        return 500, res
+    end
+
+    local affiliations, err = json.decode(res.body)
+    if not affiliations then
+        local res = build_json_error(404, "Not found", "No affiliations found for user id: " .. user_id)
+        return res.status, res
+    end
+
+    -- Expose org_id and affiliations on variables: org_id, hub_affiliations
+    core.ctx.register_var("org_id", function(ctx)
+      return org.id
+    end)
+
+    local affiliations = ngx.encode_base64(res.body)
+    core.ctx.register_var("hub_affiliations", function(ctx)
+      return affiliations
+    end)
+end
+
+return _M

charts/hub-gateway/plugins/kratos.lua

@@ -1,3 +1,4 @@
+--
 -- Licensed to the Apache Software Foundation (ASF) under one or more
 -- contributor license agreements.  See the NOTICE file distributed with
 -- this work for additional information regarding copyright ownership.
@@ -48,7 +49,7 @@ local schema = {
 
 local _M = {
     version = 0.1,
-    priority = 2000,
+    priority = 4000,
     name = "kratos",
     schema = schema,
 }
@@ -60,7 +61,7 @@ end
 
 local function build_json_error(code, status, reason)
 
-    core.request.set_header("content", "application/json")
+    core.response.set_header(ctx, "content", "application/json")
     local res = {
         error = {
           code = code,
@@ -121,24 +122,22 @@ function _M.access(conf, ctx)
 
     -- block by default when user is not found
     if not res then
-        core.log.error("failed to get user identity, err: ", err)
-        return 403
+        return 403, res.body
     end
 
     -- parse the user data
     local data, err = json.decode(res.body)
     if not data then
-        core.log.error("invalid response body: ", res.body, " err: ", err)
-        return 503
+        return 503, res.body
     end
 
     -- block if user id is not found
     if not data.id then
      local reason = res.body
      core.log.error(reason)
-      if ret_code == 301 then
-        core.response.set_header("Location", conf.redirect_uri)
-      end
+     if ret_code == 301 then
+       core.response.set_header("Location", conf.redirect_uri)
+     end
 
      return ret_code, reason
     end
@@ -147,7 +146,7 @@ function _M.access(conf, ctx)
     if conf.expose_user_data then
         local user_data = ngx.encode_base64(res.body)
         if not user_data then
-            return  false, 'invalid response'
+            return 503, res.body
         end
         core.ctx.register_var("kratos_user_data", function(ctx)
           return user_data
@@ -156,7 +155,7 @@ function _M.access(conf, ctx)
 
     -- Expose user id on $kratos_user_id variable and X-USER-ID header
     if conf.expose_user_id then
-      core.request.set_header("X-USER-ID", data.identity.id)
+      core.request.set_header(ctx, "X-USER-ID", data.identity.id)
       core.response.set_header("X-USER-ID", data.identity.id)
       core.ctx.register_var("kratos_user_id", function(ctx)
         return data.identity.id

charts/hub-gateway/plugins/opa-mod.lua

@@ -1,3 +1,4 @@
+--
 -- Licensed to the Apache Software Foundation (ASF) under one or more
 -- contributor license agreements.  See the NOTICE file distributed with
 -- this work for additional information regarding copyright ownership.
@@ -124,8 +125,7 @@ function _M.access(conf, ctx)
 
     -- block by default when decision is unavailable
     if not res then
-        core.log.error("failed to process OPA decision, err: ", err)
-        return 403
+        return 403, err
     end
 
     -- parse the results of the decision