--require router and set locals for necessary request info local router = require("router").new() --lapis for config local config = require("lapis.config").get() --json local cjson = require("cjson") --other locals local resty_random = require "resty.random" local resty_str = require "resty.string" local uri_args = ngx.req.get_uri_args() --crypto local aes = require "resty.aes" local base64 = require "base64" --temporary dict for valid bundle identifiers and corresponding secret keys --dict: { --[ --bundle_id: SECRET_KEY --] --} local valid_ids = { ['com.venuenextinc.AppLink'] = "78d2e80f4f98a8e9d50a894df8f9a90b" } --temporary dict for generated AppLink access tokens local valid_tokens = { ['com.venuenextinc.AppLink'] = 'a5e01e3cde65d4d85340ef6e653561db' } -- GET: APP LINK TOKEN router:get("/venuenext/austin/token/app_link_token.json.enc", function(params) ngx.header.etag = etag local bundle_id = uri_args['bundleid'] if bundle_id == nil then local response_json = cjson.encode({ error_message = 'No bundle identifier provided.' }) ngx.status = 400 return ngx.print(response_json) else local check_bundle_id = valid_ids[bundle_id] if check_bundle_id == nil then local response_json = cjson.encode({ error_message = 'Bundle identifier provided is invalid.' }) ngx.status = 400 return ngx.print(response_json) end end local access_token = valid_tokens[bundle_id] if access_token == nil then local response_json = cjson.encode({ error_message = 'Cannot create access token' }) ngx.status = 401 return ngx.print(response_json) end response_json = cjson.encode({applink_token = access_token}) -- get secret key local secret_key = valid_ids[bundle_id] -- aes128 cbc md5 encrypt no IV, no salt local aes_128_cbc_md5 = aes:new(secret_key) local encrypted = aes_128_cbc_md5:encrypt(response_json) -- base64 encode then ship off local base64_encoded = base64.encode(encrypted) ngx.status = 200 return ngx.print(cjson.encode({base64_encoded})) end) -- GET: VERIFY APP LINK TOKEN router:get("/venuenext/austin/token/verify", function(params) ngx.header.etag = etag local bundle_id = uri_args['bundleid'] local enc_app_token = uri_args['applinktoken'] -- Check bundle id if bundle_id == nil then local response_json = cjson.encode({ error_message = 'No bundle identifier provided.', errors = cjson.encode({ bundle_id = 'Bundle identifier needs to be provided to Venue Next for valid partner apps.', enc_app_token = 'AppLink token to be provided from Venue Next app Deep Link and signed with your app\'s SECRET_KEY' }) }) ngx.status = 400 return ngx.print(response_json) end -- Check app token if enc_app_token == nil then local response_json = cjson.encode({ error_message = 'No signed AppLink token provided.', errors = cjson.encode({ bundle_id = 'Bundle identifier needs to be provided to Venue Next for valid partner apps.', enc_app_token = 'AppLink token to be provided from Venue Next app Deep Link and signed with your app\'s SECRET_KEY' }) }) ngx.status = 400 return ngx.print(response_json) end return ngx.print(cjson.encode({enc_app_token})) -- Check Bundle Identifier is valid and participating local check_bundle_id = valid_ids[bundle_id] local check_token = valid_tokens[bundle_id] if check_bundle_id == nil then local response_json = cjson.encode({ error_message = 'Bundle identifier provided is invalid.' }) ngx.status = 400 return ngx.print(response_json) else -- base64 decode token local base64_decoded = base64.decode(enc_app_token) -- aes128 cbc md5 decrypt local aes_128_cbc_md5 = aes:new(secret_key) local decrypted = aes_128_cbc_md5:decrypt(base64_decoded) if check_token == decrypted then ngx.status = 200 return else local response_json = cjson.encode({ error_message = 'Token is not valid for bundle identifier provided.', errors = cjson.encode({ bundle_id = 'Bundle identifier provided is valid.', enc_app_token = 'Token is not valid for bundle identifier provided.' }) }) ngx.status = 401 return ngx.print(response_json) end end end) -- sends the request parts to be routed local ok, errmsg = router:execute(ngx.var.request_method, ngx.var.uri, ngx.req.get_uri_args()) if not ok then ngx.status = 404 ngx.log(ngx.STDERR, errmsg) end