Update

.drone.yml

@@ -1,36 +0,0 @@
-kind: pipeline
-type: docker
-name: default
-
-steps:
-- name: publish_image
-  image: plugins/docker
-  environment:
-    DOCKER_USERNAME:
-      from_secret: registry_username
-    DOCKER_PASSWORD:
-      from_secret: registry_password
-  commands:
-  - sleep 5
-  - ./deploy/image-build.sh
-  - ./deploy/image-push.sh
-  volumes:
-  - name: docker-sock
-    path: /var/run
-  when:
-    branch:
-      - main
-  
-services:
-- name: docker
-  image: docker:dind
-  privileged: true
-  volumes:
-  - name: docker-sock
-    path: /var/run
-
-volumes:
-- name: gopath
-  temp: {}
-- name: docker-sock
-  temp: {}

Dockerfile

@@ -1,4 +1,30 @@
-FROM 1.28.0-alpine3.21
+FROM openresty/openresty:alpine AS builder
+
+RUN apk add --no-cache lua5.4 lua5.4-dev luajit luarocks build-base openssl-dev \
+    pcre-dev zlib-dev git && \
+    luarocks-5.4 install lua-resty-core && \
+    luarocks-5.4 install lua-resty-jwt && \
+    luarocks-5.4 install lua-resty-http && \
+    luarocks-5.4 install lua-cjson
+
+RUN git clone https://github.com/facebook/luaffifb && \
+    cd luaffifb && \
+    luarocks-5.4 make
+
+RUN mkdir -p /lua_modules/cjson && mkdir -p /lua_modules/resty && \
+    cp -r /usr/local/share/lua/5.4/resty/* /lua_modules/resty && \
+    # cp /usr/local/share/lua/5.4/resty/evp.lua /lua_modules/resty/ && \
+    # cp /usr/local/share/lua/5.4/resty/evp.lua /lua_modules/resty.evp.lua && \
+    cp -r /usr/local/share/lua/5.4/cjson/* /lua_modules/cjson && \
+    cp -r /usr/local/lib/lua/5.4/* /lua_modules/ && \
+    # cp -r /usr/local/share/lua/5.4/resty/* /lua_modules/ && \
+    ls -lah /lua_modules
+
+# RUN ls -lah /usr/local/share/lua/5.4/cjson
+# RUN ls -lah /usr/local/share/lua/5.4/resty
+# RUN ls -lah /usr/local/lib/lua/5.4/
+
+FROM haproxytech/kubernetes-ingress:latest
 
 ARG BUILD_TIME
 
@@ -8,9 +34,11 @@ LABEL dev.egommerce.image.service="api-gateway"
 LABEL dev.egommerce.image.version="1.0"
 LABEL dev.egommerce.image.build_time=${BUILD_TIME}
 
-# COPY ./api-gateway/etc /etc/traefik
+# COPY --from=builder /usr/local/lib/lua/5.4/cjson.so /usr/local/lib/lua/5.4/cjson.so
+COPY --from=builder /lua_modules /usr/local/lib/lua/5.4/
 
-# ENTRYPOINT ["/entrypoint.sh"]
-# CMD ["traefik"]
+COPY ./api-gateway/etc/haproxy-aux.cfg /usr/local/etc/haproxy/haproxy-aux.cfg
+COPY ./api-gateway/*.lua /usr/local/etc/haproxy/lua/
+# COPY ./api-gateway/jwt_auth.lua /usr/local/etc/haproxy/lua/jwt_auth.lua
 
-EXPOSE 443
+EXPOSE 8443

api-gateway/etc/haproxy-aux.cfg

@@ -0,0 +1,40 @@
+# errorfile 400 /etc/haproxy/errors/400.html
+# errorfile 401 /etc/haproxy/errors/401.html
+# errorfile 403 /etc/haproxy/errors/403.html
+# errorfile 404 /etc/haproxy/errors/404.html
+# errorfile 408 /etc/haproxy/errors/408.html
+# errorfile 429 /etc/haproxy/errors/429.html
+# errorfile 500 /etc/haproxy/errors/500.html
+# errorfile 502 /etc/haproxy/errors/502.html
+# errorfile 503 /etc/haproxy/errors/503.html
+# errorfile 504 /etc/haproxy/errors/504.html
+
+global
+    daemon
+    maxconn 256
+
+    log 127.0.0.1 local0 debug
+
+    # lua-load /etc/haproxy/lua/jwt_auth.lua
+
+defaults
+    mode http
+    log     global
+    option  httplog
+    timeout connect 5s
+    timeout client  50s
+    timeout server  50s
+
+# frontend http-in
+    # bind *:8443
+    # mode http
+
+    # http-response set-header X-Custom-HAProxy-Header "rojter"
+    # http-request lua.jwt_auth if { path_beg /api }
+    # option httplog
+
+    # default_backend local
+
+# backend local
+#     mode http
+#     server server 127.0.0.1:8080

api-gateway/jwt_auth.lua

@@ -0,0 +1,136 @@
+-- package.path = "/usr/local/lib/lua/5.4/?.lua;" .. package.path
+
+local jwt = require "resty/jwt"
+
+function jwt_auth_req(txn)
+    -- print_r(txn.http:req_get_headers()["Authorization"])
+
+    -- local auth_header = txn.http:req_get_headers()["authorization"]
+    -- if not auth_header then
+    --     txn.http:respond(401, "Unauthorized")
+    --     return false
+    -- end
+
+    -- local token = auth_header:match("Bearer%s+(.+)")
+    -- if not token then
+    --     txn.http:respond(401, "Unauthorized")
+    --     return false
+    -- end
+
+    -- -- Replace with your secret or public key
+    -- local secret = "your-secret-key"
+
+    -- local jwt_obj = jwt:verify(secret, token)
+    -- if not jwt_obj.verified then
+    --     txn.http:respond(401, "Unauthorized")
+    --     return false
+    -- end
+
+    -- -- Optionally, check claims, expiration, etc.
+    -- return true
+end
+
+function jwt_auth_res(txn)
+    -- txn.http:res_add_header("Some-Header", "haproxy lua header")
+    -- print_r(txn.http:res_get_headers())
+end
+
+core.register_action("jwt_auth", { "http-req" }, jwt_auth_req, 0)
+core.register_action("jwt_auth", { "http-res" }, jwt_auth_res, 0)
+
+-- Copyright 2016 Thierry Fournier
+
+-- function color(index, str)
+-- 	return "\x1b[" .. index .. "m" .. str .. "\x1b[00m"
+-- end
+
+-- function nocolor(index, str)
+-- 	return str
+-- end
+
+-- function sp(count)
+-- 	local spaces = ""
+-- 	while count > 0 do
+-- 		spaces = spaces .. "    "
+-- 		count = count - 1
+-- 	end
+-- 	return spaces
+-- end
+
+-- function escape(str)
+-- 	local s = ""
+-- 	for i = 1, #str do
+-- 		local c = str:sub(i,i)
+-- 		ascii = string.byte(c, 1)
+-- 		if ascii > 126 or ascii < 20 then
+-- 			s = s .. string.format("\\x%02x", ascii)
+-- 		else
+-- 			s = s .. c
+-- 		end
+-- 	end
+-- 	return s
+-- end
+
+-- function print_rr(p, indent, c, wr, hist)
+-- 	local i = 0
+-- 	local nl = ""
+
+-- 	if type(p) == "table" then
+-- 		wr(c("33", "(table)") .. " " .. c("36", tostring(p)) .. " [")
+
+-- 		for idx, value in ipairs(hist) do
+-- 			if value == p then
+-- 				wr(" " .. c("35", "/* recursion */") .. " ]")
+-- 				return
+-- 			end
+-- 		end
+-- 		hist[indent + 1] = p
+
+-- 		mt = getmetatable(p)
+-- 		if mt ~= nil then
+-- 			wr("\n" .. sp(indent+1) .. c("31", "METATABLE") .. ": ")
+-- 			print_rr(mt, indent+1, c, wr, hist)
+-- 		end
+
+-- 		for k,v in pairs(p) do
+-- 			if i > 0 then
+-- 				nl = "\n"
+-- 			else
+-- 				wr("\n")
+-- 			end
+-- 			wr(nl .. sp(indent+1))
+-- 			if type(k) == "number" then
+-- 				wr(c("32", tostring(k)))
+-- 			else
+-- 				wr("\"" .. c("32", escape(tostring(k))) .. "\"")
+-- 			end
+-- 			wr(": ")
+-- 			print_rr(v, indent+1, c, wr, hist)
+-- 			i = i + 1
+-- 		end
+-- 		if i == 0 then
+-- 			wr(" " .. c("35", "/* empty */") .. " ]")
+-- 		else
+-- 			wr("\n" .. sp(indent) .. "]")
+-- 		end
+
+-- 		hist[indent + 1] = nil
+
+-- 	elseif type(p) == "string" then
+-- 		wr(c("33", "(string)") .. " \"" .. c("36", escape(p)) .. "\"")
+-- 	else
+-- 		wr(c("33", "(" .. type(p) .. ")") .. " " .. c("36", tostring(p)))
+-- 	end
+-- end
+
+-- function print_r(p, col, wr)
+-- 	if col == nil then col = true end
+-- 	if wr == nil then wr = function(msg) io.stdout:write(msg) end end
+-- 	local hist = {}
+-- 	if col == true then
+-- 		print_rr(p, 0, color, wr, hist)
+-- 	else
+-- 		print_rr(p, 0, nocolor, wr, hist)
+-- 	end
+-- 	wr("\n")
+-- end