template lua script
This commit is contained in:
parent
1293be36bb
commit
23f857e62a
3
rootfs/etc/confd/conf.d/oauth2-userdb.lua.toml
Normal file
3
rootfs/etc/confd/conf.d/oauth2-userdb.lua.toml
Normal file
@ -0,0 +1,3 @@
|
||||
[template]
|
||||
src = "oauth2-userdb.lua.tmpl"
|
||||
dest = "/etc/dovecot/oauth2-userdb.lua"
|
44
rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl
Normal file
44
rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl
Normal file
@ -0,0 +1,44 @@
|
||||
local rapidjson = require('rapidjson')
|
||||
|
||||
local clientId = {{ getenv "CLIENT_ID" }}
|
||||
local clientSecret = {{ getenv "CLIENT_SECRET" }}
|
||||
local username = {{ getenv "OAUTH_ADMIN_USER" }}
|
||||
local password = {{ getenv "OAUTH_ADMIN_PASSWORD" }}
|
||||
local tokenUrl = {{ getenv "GRANT_URL" }}
|
||||
local userUrl = {{ "USER_URL" }}
|
||||
|
||||
function os.capture(cmd, raw)
|
||||
local f = assert(io.popen(cmd, 'r'))
|
||||
local s = assert(f:read('*a'))
|
||||
f:close()
|
||||
|
||||
return s
|
||||
end
|
||||
|
||||
function auth_userdb_lookup(req)
|
||||
local tokenCmd = "curl -L --silent -X POST -d \"grant_type=password\""
|
||||
tokenCmd = tokenCmd .. " -d \"client_id=" .. clientId .. "\""
|
||||
tokenCmd = tokenCmd .. " -d \"client_secret=" .. clientSecret .. "\""
|
||||
tokenCmd = tokenCmd .. " -d \"username=" .. username .. "\""
|
||||
tokenCmd = tokenCmd .. " -d \"password=" .. password .. "\""
|
||||
tokenCmd = tokenCmd .. " \"" .. tokenUrl .. "\""
|
||||
|
||||
local tokenRaw = os.capture(tokenCmd)
|
||||
local tokenJson = rapidjson.decode(tokenRaw)
|
||||
local accessToken = tokenJson.access_token
|
||||
|
||||
local userCmd = "curl -L --silent -H \"Authorization: Bearer " .. accessToken .. "\" \"" .. userUrl .. req.username .. "\""
|
||||
local userRaw = os.capture(userCmd)
|
||||
local userJson = rapidjson.decode(userRaw)
|
||||
|
||||
if #userJson == 0 then
|
||||
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
|
||||
end
|
||||
|
||||
if userJson[1].username == req.username then
|
||||
return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n"
|
||||
end
|
||||
|
||||
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user