Merge pull request #1601 from SkynetLabs/do-not-restrict-options

never restrict options requests
This commit is contained in:
Ivaylo Novakov 2022-01-27 00:00:49 +01:00 committed by GitHub
commit ec12fc7726
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 7 deletions

View File

@ -82,16 +82,26 @@ function _M.is_subscription_required()
return os.getenv("ACCOUNTS_LIMIT_ACCESS") == "subscription" return os.getenv("ACCOUNTS_LIMIT_ACCESS") == "subscription"
end end
-- check whether access to portal should be restricted to authenticated users only function is_access_always_allowed()
-- based on the configurable environment variable -- options requests do not attach cookies - should always be available
function _M.is_access_unauthorized() -- requests should not be limited based on accounts if accounts are not enabled
return _M.accounts_enabled() and _M.is_auth_required() and not _M.is_authenticated() return ngx.req.get_method() == "OPTIONS" or not _M.accounts_enabled()
end end
-- check whether access to portal should be restricted to users with active subscription -- check whether access is restricted if portal requires authorization
-- based on the configurable environment variable function _M.is_access_unauthorized()
if is_access_always_allowed() then return false end
-- check if authentication is required and request is not authenticated
return _M.is_auth_required() and not _M.is_authenticated()
end
-- check whether user is authenticated but does not have access to given resources
function _M.is_access_forbidden() function _M.is_access_forbidden()
return _M.accounts_enabled() and _M.is_subscription_required() and not _M.is_subscription_account() if is_access_always_allowed() then return false end
-- check if active subscription is required and request is from user without it
return _M.is_subscription_required() and not _M.is_subscription_account()
end end
return _M return _M