lua-resty-access

Passwordless authentication for OpenResty - Flexible and Secure

Account

supereldar

Repo

https://github.com/supereldar/lua-resty-access

$ opm get supereldar/lua-resty-access

lua-resty-access

lua-resty-access - Web application access management module based on passwordless authentication for OpenResty.

Live Demo on https://luarestyaccess.site

Installation

    $ opm get supereldar/lua-resty-access

Requirements and Quick Start example

Your nginx configuration should look like this

    http {
    #REQUIREMENT: module require temporary storage, please setup luarestyaccess dictionary.
      lua_shared_dict luarestyaccess 10m;
      
        server {
        listen 80;
        servername domain.local;
        
          location / {
    #REQUIREMENT: resolver and ca certificate directives are needed for external communication.
            resolver 8.8.8.8;
            lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
    #REQUIREMENT: Call method Protect of resty.access object using access_by_lua* directive to activate access restriction.
            access_by_lua_block {
              local access = require'resty.access'
              local site = access:new()
              
              #Add users one by one who can access this location. To pass authentication provide "username".
              site:permitUser({username="john", email="john@snow.winter"})
              
              #You can also permit a single email.
              site:permitEmail({email = "john@snow.winter"})
              
              #Or you can permit the whole domain. "*" - works as wildcard here.
              site:permitEmail({email = "*@snow.winter"})
              
              #Launch module
              site:protect()
             }
           proxy_pass http://app1.domain.local;
         }
       }
    }

Optional configuration

If you want to change access time and persistence or cookie name prefix you can use sessionConfig method.

    site:sessionConfig({cookie_prefix = "luarestyaccess_", access_persistent = false , access_time = 3600})

If you want to keep users authenticated after configuration reload, specify static secret using access_secret key.

    site:sessionConfig({access_secret = 623q4hR325t36VsCD3g567922IC0073T})

If you want grant access to the whole domain specify it's name using cookie_domain key.

    site:sessionConfig({cookie_domain = "domain.local"})

If you want to process emails through your own smtp server you can use emailConfig method.

    site:emailConfig({
      mode = "smtp", 
      host= "smtp.gmail.com", 
      port = 587, 
      tls = true,
      username = "user@gmail.com",
      password = "qwerty123"  
    })

Authors

Eldar Beibutov (@supereldar)

License

2bsd

Dependencies

ledgetech/lua-resty-http, GUI/lua-resty-mail, bungle/lua-resty-session, openresty

Versions

supereldar/lua-resty-access 1.042 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2020-03-19 20:04:34
supereldar/lua-resty-access 1.041 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2020-03-19 19:29:32
supereldar/lua-resty-access 1.040 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2020-03-19 19:16:10
supereldar/lua-resty-access 1.036 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2020-03-16 15:53:46
supereldar/lua-resty-access 1.035 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-10-21 16:57:42
supereldar/lua-resty-access 1.034 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-10-21 13:42:06
supereldar/lua-resty-access 1.033 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-10-01 09:19:53
supereldar/lua-resty-access 1.032 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-10-01 08:32:37
supereldar/lua-resty-access 1.031 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-10-01 06:50:55
supereldar/lua-resty-access 1.030 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-25 20:40:20
supereldar/lua-resty-access 1.028 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-25 12:22:21
supereldar/lua-resty-access 1.027 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-23 15:52:39
supereldar/lua-resty-access 1.011 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 19:53:15
supereldar/lua-resty-access 1.010 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 19:28:34
supereldar/lua-resty-access 1.009 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 16:43:24
supereldar/lua-resty-access 1.008 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 16:10:54
supereldar/lua-resty-access 1.007 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 16:06:54
supereldar/lua-resty-access 1.006 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 12:29:15
supereldar/lua-resty-access 1.005 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-16 10:21:50
supereldar/lua-resty-access 1.004 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-15 18:09:05
supereldar/lua-resty-access 1.003 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-15 12:19:40
supereldar/lua-resty-access 1.002 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-15 12:17:48
supereldar/lua-resty-access 1.001 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-15 12:17:05
supereldar/lua-resty-access 1.0 by supereldar

Passwordless authentication for OpenResty - Flexible and Secure 2019-09-15 10:39:03