From e1ddb3c3dc525e9bf46a0f297654e5a9ece06ee5 Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Mon, 28 Feb 2022 14:15:42 +0100 Subject: [PATCH 1/3] include subscription info in internal accounts endpoint --- docker/nginx/conf.d/server/server.api | 12 +++++++++--- docker/nginx/libs/skynet/account.lua | 20 ++++++++++++-------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index 58648a9b..7e2489fa 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -393,14 +393,20 @@ location /__internal/do/not/use/accounts { content_by_lua_block { local json = require('cjson') - local accounts_enabled = require("skynet.account").accounts_enabled() - local is_auth_required = require("skynet.account").is_auth_required() - local is_authenticated = accounts_enabled and require("skynet.account").is_authenticated() + local skynet_account = require("skynet.account") + + local accounts_enabled = skynet_account.accounts_enabled() + local is_auth_required = skynet_account.is_auth_required() + local is_subscription_required = skynet_account.is_subscription_required() + local is_authenticated = skynet_account.is_authenticated() + local has_subscription = skynet_account.has_subscription() ngx.say(json.encode{ enabled = accounts_enabled, auth_required = is_auth_required, + subscription_required = is_subscription_required, authenticated = is_authenticated, + subscription = has_subscription, }) return ngx.exit(ngx.HTTP_OK) } diff --git a/docker/nginx/libs/skynet/account.lua b/docker/nginx/libs/skynet/account.lua index 83ea3ba7..48490dc2 100644 --- a/docker/nginx/libs/skynet/account.lua +++ b/docker/nginx/libs/skynet/account.lua @@ -1,13 +1,15 @@ local _M = {} -- fallback - remember to keep those updated -local anon_limits = { ["tierName"] = "anonymous", ["upload"] = 655360, ["download"] = 655360, ["maxUploadSize"] = 1073741824, ["registry"] = 250 } +local anon_limits = { ["tierID"] = 0, ["tierName"] = "anonymous", ["upload"] = 655360, ["download"] = 655360, ["maxUploadSize"] = 1073741824, ["registry"] = 250 } -- no limits applied -local no_limits = { ["tierName"] = "internal", ["upload"] = 0, ["download"] = 0, ["maxUploadSize"] = 0, ["registry"] = 0 } +local no_limits = { ["tierID"] = -1, ["tierName"] = "internal", ["upload"] = 0, ["download"] = 0, ["maxUploadSize"] = 0, ["registry"] = 0 } --- free tier name -local free_tier = "free" +-- constant tier ids +local tier_id_internal = -1 +local tier_id_anonymous = 0 +local tier_id_free = 1 -- handle request exit when access to portal should be restricted to authenticated users only function _M.exit_access_unauthorized(message) @@ -62,16 +64,18 @@ end -- detect whether current user is authenticated function _M.is_authenticated() + if not _M.accounts_enabled() then return false end + local limits = _M.get_account_limits() - return limits.tierName ~= anon_limits.tierName + return limits.tierID > tier_id_anonymous end -- detect whether current user has active subscription -function _M.is_subscription_account() +function _M.has_subscription() local limits = _M.get_account_limits() - return limits.tierName ~= anon_limits.tierName and limits.tierName ~= free_tier + return limits.tierID > tier_id_free end function _M.is_auth_required() @@ -101,7 +105,7 @@ function _M.is_access_forbidden() if is_access_always_allowed() then return false end -- check if active subscription is required and request is from user without it - return _M.is_subscription_required() and not _M.is_subscription_account() + return _M.is_subscription_required() and not _M.has_subscription() end return _M From 30e8c886b93313ad0d205b0bed25682e98f8d2e0 Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Thu, 3 Mar 2022 19:13:38 +0100 Subject: [PATCH 2/3] use constants in tier defaults --- docker/nginx/libs/skynet/account.lua | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/docker/nginx/libs/skynet/account.lua b/docker/nginx/libs/skynet/account.lua index 48490dc2..692d77d5 100644 --- a/docker/nginx/libs/skynet/account.lua +++ b/docker/nginx/libs/skynet/account.lua @@ -1,16 +1,30 @@ local _M = {} --- fallback - remember to keep those updated -local anon_limits = { ["tierID"] = 0, ["tierName"] = "anonymous", ["upload"] = 655360, ["download"] = 655360, ["maxUploadSize"] = 1073741824, ["registry"] = 250 } - --- no limits applied -local no_limits = { ["tierID"] = -1, ["tierName"] = "internal", ["upload"] = 0, ["download"] = 0, ["maxUploadSize"] = 0, ["registry"] = 0 } - -- constant tier ids local tier_id_internal = -1 local tier_id_anonymous = 0 local tier_id_free = 1 +-- fallback - remember to keep those updated +local anon_limits = { + ["tierID"] = tier_id_anonymous, + ["tierName"] = "anonymous", + ["upload"] = 655360, + ["download"] = 655360, + ["maxUploadSize"] = 1073741824, + ["registry"] = 250 +} + +-- no limits applied +local no_limits = { + ["tierID"] = tier_id_internal, + ["tierName"] = "internal", + ["upload"] = 0, + ["download"] = 0, + ["maxUploadSize"] = 0, + ["registry"] = 0 +} + -- handle request exit when access to portal should be restricted to authenticated users only function _M.exit_access_unauthorized(message) ngx.status = ngx.HTTP_UNAUTHORIZED From 4dff19c6c74582b2f4abef195797ea3e61eb695c Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Tue, 8 Mar 2022 04:02:01 +0100 Subject: [PATCH 3/3] remove internal tier --- .../nginx/conf.d/include/init-optional-variables | 3 --- docker/nginx/libs/skynet/account.lua | 15 --------------- 2 files changed, 18 deletions(-) diff --git a/docker/nginx/conf.d/include/init-optional-variables b/docker/nginx/conf.d/include/init-optional-variables index e072c6e6..406dfe98 100644 --- a/docker/nginx/conf.d/include/init-optional-variables +++ b/docker/nginx/conf.d/include/init-optional-variables @@ -13,6 +13,3 @@ set $skylink ""; # cached account limits (json string) - applies only if accounts are enabled set $account_limits ""; - -# set this internal flag to true if current request should not be limited in any way -set $internal_no_limits "false"; diff --git a/docker/nginx/libs/skynet/account.lua b/docker/nginx/libs/skynet/account.lua index 692d77d5..7be6013f 100644 --- a/docker/nginx/libs/skynet/account.lua +++ b/docker/nginx/libs/skynet/account.lua @@ -1,7 +1,6 @@ local _M = {} -- constant tier ids -local tier_id_internal = -1 local tier_id_anonymous = 0 local tier_id_free = 1 @@ -15,16 +14,6 @@ local anon_limits = { ["registry"] = 250 } --- no limits applied -local no_limits = { - ["tierID"] = tier_id_internal, - ["tierName"] = "internal", - ["upload"] = 0, - ["download"] = 0, - ["maxUploadSize"] = 0, - ["registry"] = 0 -} - -- handle request exit when access to portal should be restricted to authenticated users only function _M.exit_access_unauthorized(message) ngx.status = ngx.HTTP_UNAUTHORIZED @@ -48,10 +37,6 @@ end function _M.get_account_limits() local cjson = require('cjson') - if ngx.var.internal_no_limits == "true" then - return no_limits - end - if ngx.var.skynet_jwt == "" then return anon_limits end