From 04bced818f8bae8632951e6900d61f0af6be66e0 Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Wed, 26 Jan 2022 23:46:52 +0100 Subject: [PATCH] never restrict options requests --- docker/nginx/libs/skynet/account.lua | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/docker/nginx/libs/skynet/account.lua b/docker/nginx/libs/skynet/account.lua index 2e5c62e6..83ea3ba7 100644 --- a/docker/nginx/libs/skynet/account.lua +++ b/docker/nginx/libs/skynet/account.lua @@ -82,16 +82,26 @@ function _M.is_subscription_required() return os.getenv("ACCOUNTS_LIMIT_ACCESS") == "subscription" end --- check whether access to portal should be restricted to authenticated users only --- based on the configurable environment variable -function _M.is_access_unauthorized() - return _M.accounts_enabled() and _M.is_auth_required() and not _M.is_authenticated() +function is_access_always_allowed() + -- options requests do not attach cookies - should always be available + -- requests should not be limited based on accounts if accounts are not enabled + return ngx.req.get_method() == "OPTIONS" or not _M.accounts_enabled() end --- check whether access to portal should be restricted to users with active subscription --- based on the configurable environment variable +-- check whether access is restricted if portal requires authorization +function _M.is_access_unauthorized() + if is_access_always_allowed() then return false end + + -- check if authentication is required and request is not authenticated + return _M.is_auth_required() and not _M.is_authenticated() +end + +-- check whether user is authenticated but does not have access to given resources function _M.is_access_forbidden() - return _M.accounts_enabled() and _M.is_subscription_required() and not _M.is_subscription_account() + if is_access_always_allowed() then return false end + + -- check if active subscription is required and request is from user without it + return _M.is_subscription_required() and not _M.is_subscription_account() end return _M