From 2d1a8bfeb4a4b070da5c4e844f8a080949bbc551 Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Fri, 18 Dec 2020 18:30:00 +0100 Subject: [PATCH] add jwt cookie --- docker/kratos/oathkeeper/access-rules.yml | 2 +- docker/nginx/conf.d/secure.conf | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/docker/kratos/oathkeeper/access-rules.yml b/docker/kratos/oathkeeper/access-rules.yml index e7abc6a5..5e0e03fe 100644 --- a/docker/kratos/oathkeeper/access-rules.yml +++ b/docker/kratos/oathkeeper/access-rules.yml @@ -57,7 +57,7 @@ preserve_host: true url: "http://accounts:3000" match: - url: "http://oathkeeper:4455/<{user,user/**}>" + url: "http://oathkeeper<{,:4455}>/<{user,user/**}>" methods: - GET authenticators: diff --git a/docker/nginx/conf.d/secure.conf b/docker/nginx/conf.d/secure.conf index 4656e91e..d8e996ef 100644 --- a/docker/nginx/conf.d/secure.conf +++ b/docker/nginx/conf.d/secure.conf @@ -7,4 +7,27 @@ server { proxy_redirect http://127.0.0.1/ https://$host/; proxy_pass http://oathkeeper:4455; } + + location /.ory/kratos/public/self-service/login/methods/password { + proxy_redirect http://127.0.0.1/ https://$host/; + proxy_pass http://oathkeeper:4455; + + header_filter_by_lua_block { + if ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_BAD_REQUEST then + local http = require("socket.http") + local sessionCookie = "" + local responseCookies = {} + for k, cookie in ipairs(ngx.header["set-cookie"]) do + local sessionCookieMatch = string.match(cookie, "(ory_kratos_session=[^;]+);") + if sessionCookieMatch then sessionCookie = sessionCookieMatch end + table.insert(responseCookies, cookie) + end + local ok, status, headers = http.request { url = "http://oathkeeper:4455/user", headers = { Cookie = sessionCookie } } + if headers["set-cookie"] then + table.insert(responseCookies, headers["set-cookie"]) + ngx.header["set-cookie"] = responseCookies + end + end + } + } }