dovecot/rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl

45 lines
1.5 KiB
Cheetah

local rapidjson = require('rapidjson')
local clientId = "{{ getenv "CLIENT_ID" }}"
local clientSecret = "{{ getenv "CLIENT_SECRET" }}"
local username = "{{ getenv "OAUTH_ADMIN_USER" }}"
local password = "{{ getenv "OAUTH_ADMIN_PASSWORD" }}"
local tokenUrl = "{{ getenv "GRANT_URL" }}"
local userUrl = "{{ getenv "USER_URL" }}"
function os.capture(cmd, raw)
local f = assert(io.popen(cmd, 'r'))
local s = assert(f:read('*a'))
f:close()
return s
end
function auth_userdb_lookup(req)
local tokenCmd = "curl -L --silent -X POST -d \"grant_type=password\""
tokenCmd = tokenCmd .. " -d \"client_id=" .. clientId .. "\""
tokenCmd = tokenCmd .. " -d \"client_secret=" .. clientSecret .. "\""
tokenCmd = tokenCmd .. " -d \"username=" .. username .. "\""
tokenCmd = tokenCmd .. " -d \"password=" .. password .. "\""
tokenCmd = tokenCmd .. " \"" .. tokenUrl .. "\""
local tokenRaw = os.capture(tokenCmd)
local tokenJson = rapidjson.decode(tokenRaw)
local accessToken = tokenJson.access_token
local userCmd = "curl -L --silent -H \"Authorization: Bearer " .. accessToken .. "\" \"" .. userUrl .. req.username .. "\""
local userRaw = os.capture(userCmd)
local userJson = rapidjson.decode(userRaw)
if #userJson == 0 then
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
end
if userJson[1].username == req.username then
return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n"
end
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
end