New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(authentication): make cookie name unique between environments #2095
Changes from 8 commits
b839461
7443f7e
c68ebbc
2d2e83f
08b62fd
db7a6be
e7554e4
e358054
8299e7d
dfcf115
6cbfd53
67c042c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -1,8 +1,8 @@ | ||||||
-- * Copyright © 2021 - 2022 Swiss National Data and Service Center for the Humanities and/or DaSCH Service Platform contributors. | ||||||
-- * SPDX-License-Identifier: Apache-2.0 | ||||||
-- Copyright © 2021 - 2022 Swiss National Data and Service Center for the Humanities and/or DaSCH Service Platform contributors. | ||||||
-- SPDX-License-Identifier: Apache-2.0 | ||||||
|
||||||
-- | ||||||
-- configuration file for use with Knora | ||||||
-- ATTENTION: This configuration file should only be used for integration testing. It has additional routes defined!!! | ||||||
-- | ||||||
sipi = { | ||||||
-- | ||||||
|
@@ -22,6 +22,34 @@ sipi = { | |||||
-- | ||||||
port = 1024, | ||||||
|
||||||
-- | ||||||
-- Number of threads to use | ||||||
-- | ||||||
nthreads = 8, | ||||||
|
||||||
-- | ||||||
-- SIPI is using libjpeg to generate the JPEG images. libjpeg requires a quality value which | ||||||
-- corresponds to the compression rate. 100 is (almost) no compression and best quality, 0 | ||||||
-- would be full compression and no quality. Reasonable values are between 30 and 95... | ||||||
-- | ||||||
jpeg_quality = 60, | ||||||
|
||||||
-- | ||||||
-- For scaling images, SIPI offers two methods. The value "high" offers best quality using expensive | ||||||
-- algorithms: bilinear interpolation, if downscaling the image is first scaled up to an integer | ||||||
-- multiple of the requires size, and then downscaled using averaging. This results in the best | ||||||
-- image quality. "medium" uses bilinear interpolation but does not do upscaling before | ||||||
-- downscaling. If scaling quality is set to "low", then just a lookup table and nearest integer | ||||||
-- interpolation is being used to scale the images. | ||||||
-- Recognized values are: "high", "medium", "low". | ||||||
-- | ||||||
scaling_quality = { | ||||||
jpeg = "medium", | ||||||
tiff = "high", | ||||||
png = "high", | ||||||
j2k = "high" | ||||||
}, | ||||||
|
||||||
-- | ||||||
-- Number of seconds a connection (socket) remains open | ||||||
-- | ||||||
|
@@ -30,16 +58,16 @@ sipi = { | |||||
-- | ||||||
-- Maximal size of a post request | ||||||
-- | ||||||
max_post_size = '30M', | ||||||
max_post_size = '250M', | ||||||
|
||||||
-- | ||||||
-- | ||||||
-- indicates the path to the root of the image directory. Depending on the settings of the variable | ||||||
-- "prefix_as_path" the images are search at <imgroot>/<prefix>/<imageid> (prefix_as_path = TRUE) | ||||||
-- or <imgroot>/<imageid> (prefix_as_path = FALSE). Please note that "prefix" and "imageid" are | ||||||
-- expected to be urlencoded. Both will be decoded. That is, "/" will be recoignized and expanded | ||||||
-- in the final path the image file! | ||||||
-- | ||||||
imgroot = './test/_test_data/images', -- directory for Knora Sipi integration testing | ||||||
imgroot = '/sipi/images', -- make sure that this directory exists | ||||||
|
||||||
-- | ||||||
-- If FALSE, the prefix is not used to build the path to the image files | ||||||
|
@@ -68,38 +96,44 @@ sipi = { | |||||
-- | ||||||
-- Lua script which is executed on initialization of the Lua interpreter | ||||||
-- | ||||||
initscript = './scripts/sipi.init-test.lua', | ||||||
initscript = '/sipi/scripts/sipi.init.lua', | ||||||
|
||||||
-- | ||||||
-- path to the caching directory | ||||||
-- | ||||||
cachedir = './cache', | ||||||
cachedir = '/sipi/cache', | ||||||
|
||||||
-- | ||||||
-- maxcimal size of the cache | ||||||
-- maximal size of the cache | ||||||
-- | ||||||
cachesize = '100M', | ||||||
|
||||||
-- | ||||||
-- if the cache becomes full, the given percentage of file space is marked for reuase | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
-- | ||||||
cache_hysteresis = 0.1, | ||||||
cache_hysteresis = 0.15, | ||||||
|
||||||
-- | ||||||
-- Path to the directory where the scripts for the routes defined below are to be found | ||||||
-- | ||||||
scriptdir = './scripts', | ||||||
scriptdir = '/sipi/scripts', | ||||||
|
||||||
--- | ||||||
--- Size of the thumbnails | ||||||
--- Size of the thumbnails (to be used within Lua) | ||||||
--- | ||||||
thumb_size = 'pct:4', | ||||||
thumb_size = '!128,128', | ||||||
|
||||||
-- | ||||||
-- Path to the temporary directory | ||||||
-- | ||||||
tmpdir = '/tmp', | ||||||
|
||||||
-- | ||||||
-- Maximum age of temporary files, in seconds (requires Knora's upload.lua). | ||||||
-- Defaults to 86400 seconds (1 day). | ||||||
-- | ||||||
max_temp_file_age = 86400, | ||||||
|
||||||
-- | ||||||
-- Path to Knora Application | ||||||
-- | ||||||
|
@@ -110,26 +144,6 @@ sipi = { | |||||
-- | ||||||
knora_port = '3333', | ||||||
|
||||||
-- | ||||||
-- If compiled with SSL support, the port the server is listening for secure connections | ||||||
-- | ||||||
-- ssl_port = 1025, | ||||||
|
||||||
-- | ||||||
-- If compiled with SSL support, the path to the certificate (must be .pem file) | ||||||
-- The follow commands can be used to generate a self-signed certificate | ||||||
-- # openssl genrsa -out key.pem 2048 | ||||||
-- # openssl req -new -key key.pem -out csr.pem | ||||||
-- #openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem | ||||||
-- | ||||||
-- ssl_certificate = './certificate/certificate.pem', | ||||||
|
||||||
-- | ||||||
-- If compiled with SSL support, the path to the key file (see above to create) | ||||||
-- | ||||||
-- ssl_key = './certificate/key.pem', | ||||||
|
||||||
|
||||||
-- | ||||||
-- The secret for generating JWT's (JSON Web Tokens) (42 characters) | ||||||
-- | ||||||
|
@@ -139,20 +153,23 @@ sipi = { | |||||
-- | ||||||
-- Name of the logfile (a ".txt" is added...) | ||||||
-- | ||||||
logfile = "sipi.log", | ||||||
-- logfile = "sipi.log", | ||||||
|
||||||
|
||||||
-- | ||||||
-- loglevel, one of "DEBUG", "INFO", "NOTICE", "WARNING", "ERR", | ||||||
-- "CRIT", "ALERT", "EMERG" | ||||||
-- | ||||||
loglevel = "DEBUG" | ||||||
|
||||||
} | ||||||
|
||||||
|
||||||
fileserver = { | ||||||
-- | ||||||
-- directory where the documents for the normal webserver are located | ||||||
-- | ||||||
docroot = './server', | ||||||
docroot = '/sipi/server', | ||||||
|
||||||
-- | ||||||
-- route under which the normal webserver shouöd respond to requests | ||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,17 +42,18 @@ function pre_flight(prefix, identifier, cookie) | |
|
||
if cookie ~='' then | ||
|
||
-- tries to extract the Knora session id from the cookie: | ||
-- tries to extract the Knora session name and id from the cookie: | ||
-- gets the digits between "sid=" and the closing ";" (only given in case of several key value pairs) | ||
-- returns nil if it cannot find it | ||
session_id = get_session_id(cookie) | ||
session = get_session_id(cookie) | ||
|
||
if session_id == nil then | ||
-- no session_id could be extracted | ||
if session == nil then | ||
-- no session could be extracted | ||
print("cookie key is invalid: " .. cookie) | ||
server.log("cookie key is invalid: " .. cookie, server.loglevel.LOG_ERR) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we need both? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nope, removed the print |
||
else | ||
knora_cookie_header = { Cookie = "KnoraAuthentication=" .. session_id } | ||
knora_cookie_header = { Cookie = session["name"] .. "=" .. session["id"] } | ||
server.log("pre_flight - knora_cookie_header: " .. knora_cookie_header["Cookie"], server.loglevel.LOG_DEBUG) | ||
end | ||
end | ||
|
||
|
@@ -78,7 +79,6 @@ function pre_flight(prefix, identifier, cookie) | |
|
||
-- print("knora_url: " .. knora_url) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can be removed? |
||
server.log("pre_flight - knora_url: " .. knora_url, server.loglevel.LOG_DEBUG) | ||
server.log("pre_flight - knora_cookie_header: " .. tostring(knora_cookie_header), server.loglevel.LOG_DEBUG) | ||
|
||
success, result = server.http("GET", knora_url, knora_cookie_header, 5000) | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we still need the commented out command? As far as I understand, for tests we need the
sipi.docker-test-config.lua
. On test/staging/prod/project servers there is another lua config anyway, right?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch. no, it is only needed for some manual testing. I reverted the change