diff --git a/docker/nginx/conf.d/include/init-optional-variables b/docker/nginx/conf.d/include/init-optional-variables index e072c6e6..406dfe98 100644 --- a/docker/nginx/conf.d/include/init-optional-variables +++ b/docker/nginx/conf.d/include/init-optional-variables @@ -13,6 +13,3 @@ set $skylink ""; # cached account limits (json string) - applies only if accounts are enabled set $account_limits ""; - -# set this internal flag to true if current request should not be limited in any way -set $internal_no_limits "false"; diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index a3a8b796..4f8f2512 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -402,14 +402,20 @@ location /__internal/do/not/use/accounts { content_by_lua_block { local json = require('cjson') - local accounts_enabled = require("skynet.account").accounts_enabled() - local is_auth_required = require("skynet.account").is_auth_required() - local is_authenticated = accounts_enabled and require("skynet.account").is_authenticated() + local skynet_account = require("skynet.account") + + local accounts_enabled = skynet_account.accounts_enabled() + local is_auth_required = skynet_account.is_auth_required() + local is_subscription_required = skynet_account.is_subscription_required() + local is_authenticated = skynet_account.is_authenticated() + local has_subscription = skynet_account.has_subscription() ngx.say(json.encode{ enabled = accounts_enabled, auth_required = is_auth_required, + subscription_required = is_subscription_required, authenticated = is_authenticated, + subscription = has_subscription, }) return ngx.exit(ngx.HTTP_OK) } diff --git a/docker/nginx/libs/skynet/account.lua b/docker/nginx/libs/skynet/account.lua index 83ea3ba7..7be6013f 100644 --- a/docker/nginx/libs/skynet/account.lua +++ b/docker/nginx/libs/skynet/account.lua @@ -1,13 +1,18 @@ local _M = {} +-- constant tier ids +local tier_id_anonymous = 0 +local tier_id_free = 1 + -- fallback - remember to keep those updated -local anon_limits = { ["tierName"] = "anonymous", ["upload"] = 655360, ["download"] = 655360, ["maxUploadSize"] = 1073741824, ["registry"] = 250 } - --- no limits applied -local no_limits = { ["tierName"] = "internal", ["upload"] = 0, ["download"] = 0, ["maxUploadSize"] = 0, ["registry"] = 0 } - --- free tier name -local free_tier = "free" +local anon_limits = { + ["tierID"] = tier_id_anonymous, + ["tierName"] = "anonymous", + ["upload"] = 655360, + ["download"] = 655360, + ["maxUploadSize"] = 1073741824, + ["registry"] = 250 +} -- handle request exit when access to portal should be restricted to authenticated users only function _M.exit_access_unauthorized(message) @@ -32,10 +37,6 @@ end function _M.get_account_limits() local cjson = require('cjson') - if ngx.var.internal_no_limits == "true" then - return no_limits - end - if ngx.var.skynet_jwt == "" then return anon_limits end @@ -62,16 +63,18 @@ end -- detect whether current user is authenticated function _M.is_authenticated() + if not _M.accounts_enabled() then return false end + local limits = _M.get_account_limits() - return limits.tierName ~= anon_limits.tierName + return limits.tierID > tier_id_anonymous end -- detect whether current user has active subscription -function _M.is_subscription_account() +function _M.has_subscription() local limits = _M.get_account_limits() - return limits.tierName ~= anon_limits.tierName and limits.tierName ~= free_tier + return limits.tierID > tier_id_free end function _M.is_auth_required() @@ -101,7 +104,7 @@ function _M.is_access_forbidden() if is_access_always_allowed() then return false end -- check if active subscription is required and request is from user without it - return _M.is_subscription_required() and not _M.is_subscription_account() + return _M.is_subscription_required() and not _M.has_subscription() end return _M