Skip to content
Safe way to public insecure web applications.
Lua
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib/resty
README.md
dist.ini

README.md

lua-resty-access

lua-resty-access - Web application access management module based on passwordless authentication for OpenResty.

Live Demo on https://luarestyaccess.site

Installation

$ opm get supereldar/lua-resty-access

Requirements and Quick Start example

Your nginx configuration should look like this

http {
#REQUIREMENT: module require temporary storage, please setup luarestyaccess dictionary.
  lua_shared_dict luarestyaccess 10m;
  
    server {
    listen 80;
    servername domain.local;
    
      location / {
#REQUIREMENT: resolver and ca certificate directives are needed for external communication.
        resolver 8.8.8.8;
        lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
#REQUIREMENT: Call method Protect of resty.access object using access_by_lua* directive to activate access restriction.
        access_by_lua_block {
          local access = require'resty.access'
          local site = access:new()
          
          #Add users one by one who can access this location. To pass authentication provide "username".
          site:permitUser({username="john", email="john@snow.winter"})
          
          #You can also permit a single email.
          site:permitEmail({email = "john@snow.winter"})
          
          #Or you can permit the whole domain. "*" - works as wildcard here.
          site:permitEmail({email = "*@snow.winter"})
          
          #Launch module
          site:protect()
         }
       proxy_pass http://domain2.local;
     }
   }
}

Optional configuration

If you want to change access time and persistence or cookie name prefix you can use sessionConfig method.

site:sessionConfig({cookie_prefix = "luarestyaccess_", access_persistent = false , access_time = 3600})

If you want to process emails through your own smtp server you can use emailConfig method.

site:emailConfig({
  mode = "smtp", 
  host= "smtp.gmail.com", 
  port = 587, 
  tls = true,
  username = "user@gmail.com",
  password = "qwerty123"  
})
You can’t perform that action at this time.