{security|www}/lua-resty-*: add 5 openresty ports

security/lua-resty-hmac HMAC functions for OpenResty / ngx_lua security/lua-resty-jwt JWT for OpenResty / ngx_lua security/lua-resty-openidc OpenID Connect and/or OAuth 2.0 functionality for OpenResty / ngx_lua security/lua-resty-openssl FFI-based OpenSSL binding for OpenResty / ngx_lua www/lua-resty-session Lua session library for OpenResty / ngx_lua
2023-12-11 12:21:05 +01:00 · 2023-12-11 12:21:05 +01:00 · a0f093651f
parent 2a54fc1f33
commit a0f093651f
18 changed files with 380 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -347,6 +347,10 @@
    SUBDIR += logcheck
    SUBDIR += lua-argon2
    SUBDIR += lua-bcrypt
+    SUBDIR += lua-resty-hmac
+    SUBDIR += lua-resty-jwt
+    SUBDIR += lua-resty-openidc
+    SUBDIR += lua-resty-openssl
    SUBDIR += luasec
    SUBDIR += lxqt-openssh-askpass
    SUBDIR += lxqt-sudo
--- a/security/lua-resty-hmac/Makefile
+++ b/security/lua-resty-hmac/Makefile
@ -0,0 +1,39 @@
+PORTNAME=	lua-resty-hmac
+DISTVERSIONSUFFIX=-1
+DISTVERSION=	0.06
+CATEGORIES=	security
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	HMAC functions for OpenResty / ngx_lua
+WWW=		https://github.com/jkeys089/lua-resty-hmac
+
+LICENSE=	BSD2CLAUSE
+
+RUN_DEPENDS=	luajit-openresty>=2.1:lang/luajit-openresty \
+		${LUA_MODSHAREDIR}/resty/string.lua:devel/lua-resty-string
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	jkeys089
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+LUA_MODSHAREDIR=${LOCALBASE}/share/lua/5.1
+
+PLIST_FILES+=	${LUA_MODSHAREDIR}/resty/hmac.lua
+
+PORTDOCS=	README.markdown
+
+DOCSDIR=	${PREFIX}/share/doc/lua${LUA_VER_STR}/${PORTNAME}
+
+OPTIONS_DEFINE=	DOCS
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${LUA_MODSHAREDIR}
+	@(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${LUA_MODSHAREDIR} "-name *\.lua")
+
+do-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/README.markdown ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
--- a/security/lua-resty-hmac/distinfo
+++ b/security/lua-resty-hmac/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1697107138
+SHA256 (jkeys089-lua-resty-hmac-0.06-1_GH0.tar.gz) = 6ae60ef44b5943e45f7f4b16f0d2a931c2165fb9a830eddc76c4bc6e4a84ca91
+SIZE (jkeys089-lua-resty-hmac-0.06-1_GH0.tar.gz) = 7826
--- a/security/lua-resty-hmac/pkg-descr
+++ b/security/lua-resty-hmac/pkg-descr
@ -0,0 +1 @@
+HMAC functions for OpenResty / ngx_lua
--- a/security/lua-resty-jwt/Makefile
+++ b/security/lua-resty-jwt/Makefile
@ -0,0 +1,42 @@
+PORTNAME=	lua-resty-jwt
+DISTVERSIONPREFIX=v
+DISTVERSION=	0.1.11
+CATEGORIES=	security
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	JWT for OpenResty / ngx_lua
+WWW=		https://github.com/SkyLothar/lua-resty-jwt
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	luajit-openresty>=2.1:lang/luajit-openresty \
+		${LUA_MODSHAREDIR}/resty/hmac.lua:security/lua-resty-hmac
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	SkyLothar
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+LUA_MODSHAREDIR=${LOCALBASE}/share/lua/5.1
+
+PLIST_FILES+=	${LUA_MODSHAREDIR}/resty/evp.lua \
+		${LUA_MODSHAREDIR}/resty/jwt-validators.lua \
+		${LUA_MODSHAREDIR}/resty/jwt.lua
+
+PORTDOCS=	README.md
+
+DOCSDIR=	${PREFIX}/share/doc/lua${LUA_VER_STR}/${PORTNAME}
+
+OPTIONS_DEFINE=	DOCS
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${LUA_MODSHAREDIR}
+	@(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${LUA_MODSHAREDIR} "-name *\.lua")
+
+do-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
--- a/security/lua-resty-jwt/distinfo
+++ b/security/lua-resty-jwt/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1697107666
+SHA256 (SkyLothar-lua-resty-jwt-v0.1.11_GH0.tar.gz) = e7c2b0b8edf14eed7569cd5684fc00c6f97a8abf6d6c0e462cd49b4b266e3390
+SIZE (SkyLothar-lua-resty-jwt-v0.1.11_GH0.tar.gz) = 47043
--- a/security/lua-resty-jwt/pkg-descr
+++ b/security/lua-resty-jwt/pkg-descr
@ -0,0 +1 @@
+JWT for OpenResty / ngx_lua
--- a/security/lua-resty-openidc/Makefile
+++ b/security/lua-resty-openidc/Makefile
@ -0,0 +1,43 @@
+PORTNAME=	lua-resty-openidc
+DISTVERSIONPREFIX=v
+DISTVERSION=	1.7.6
+CATEGORIES=	security
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	OpenID Connect and/or OAuth 2.0 functionality for OpenResty / ngx_lua
+WWW=		https://github.com/zmartzone/lua-resty-openidc
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS=	luajit-openresty>=2.1:lang/luajit-openresty \
+		lua51-cjson>0:devel/lua-cjson@lua51 \
+		${LUA_MODSHAREDIR}/resty/http.lua:www/lua-resty-http \
+		${LUA_MODSHAREDIR}/resty/session.lua:www/lua-resty-session \
+		${LUA_MODSHAREDIR}/resty/jwt.lua:security/lua-resty-jwt \
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	zmartzone
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+LUA_MODSHAREDIR=${LOCALBASE}/share/lua/5.1
+
+PLIST_FILES+=	${LUA_MODSHAREDIR}/resty/openidc.lua
+
+PORTDOCS=	README.md
+
+DOCSDIR=	${PREFIX}/share/doc/lua${LUA_VER_STR}/${PORTNAME}
+
+OPTIONS_DEFINE=	DOCS
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${LUA_MODSHAREDIR}
+	@(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${LUA_MODSHAREDIR} "-name *\.lua")
+
+do-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
--- a/security/lua-resty-openidc/distinfo
+++ b/security/lua-resty-openidc/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1697109203
+SHA256 (zmartzone-lua-resty-openidc-v1.7.6_GH0.tar.gz) = f914f1b74b6594be6c2d580a26d1c1eaba5c120f2bebd114ad1983bc58141dc0
+SIZE (zmartzone-lua-resty-openidc-v1.7.6_GH0.tar.gz) = 68949
--- a/security/lua-resty-openidc/pkg-descr
+++ b/security/lua-resty-openidc/pkg-descr
@ -0,0 +1,23 @@
+OpenID Connect Relying Party (RP) and/or the OAuth 2.0 Resource
+Server (RS) functionality for OpenResty / ngx_lua
+
+When used as an OpenID Connect Relying Party it authenticates users
+against an OpenID Connect Provider using OpenID Connect Discovery
+and the Basic Client Profile (i.e. the Authorization Code flow).
+When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0
+Bearer Access Tokens against an Authorization Server or, in case a
+JSON Web Token is used for an Access Token, verification can happen
+against a pre-configured secret/key .
+
+It maintains sessions for authenticated users by leveraging
+lua-resty-session thus offering a configurable choice between storing
+the session state in a client-side browser cookie or use in of the
+server-side storage mechanisms shared-memory|memcache|redis.
+
+It supports server-wide caching of resolved Discovery documents and
+validated Access Tokens.
+
+It can be used as a reverse proxy terminating OAuth/OpenID Connect
+in front of an origin server so that the origin server/services can
+be protected with the relevant standards without implementing those
+on the server itself.
--- a/security/lua-resty-openssl/Makefile
+++ b/security/lua-resty-openssl/Makefile
@ -0,0 +1,43 @@
+PORTNAME=	lua-resty-openssl
+DISTVERSION=	1.0.2
+CATEGORIES=	security
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	FFI-based OpenSSL binding for OpenResty / ngx_lua
+WWW=		https://github.com/fffonion/lua-resty-openssl
+
+LICENSE=	BSD2CLAUSE
+
+RUN_DEPENDS=	luajit-openresty>=2.1:lang/luajit-openresty
+
+USES=		ssl
+USE_GITHUB=	yes
+GH_ACCOUNT=	fffonion
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+LUA_MODSHAREDIR=${LOCALBASE}/share/lua/5.1
+
+PORTDOCS=	README.md
+
+DOCSDIR=	${PREFIX}/share/doc/lua${LUA_VER_STR}/${PORTNAME}
+
+OPTIONS_DEFINE=	DOCS
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${LUA_MODSHAREDIR}
+	@(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${LUA_MODSHAREDIR} "-name *\.lua")
+
+do-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
+
+gen-plist:
+	@${FIND} ${WRKSRC}/lib -type f | ${SED} -e 's:${WRKSRC}/lib:share/lua/5.1:g' \
+	    | ${SORT} > pkg-plist.new
+	@${FIND} ${WRKSRC}/lib/resty/openssl -type d | ${SED} -e 's:${WRKSRC}/lib:@dir share/lua/5.1:g' \
+	    | ${SORT} -r >> pkg-plist.new
+	
+
+.include <bsd.port.mk>
--- a/security/lua-resty-openssl/distinfo
+++ b/security/lua-resty-openssl/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1702293007
+SHA256 (fffonion-lua-resty-openssl-1.0.2_GH0.tar.gz) = a08910049de7ce4872afdd0f70b3d0052be8a04e881d1a31fc3bcc881a1931cf
+SIZE (fffonion-lua-resty-openssl-1.0.2_GH0.tar.gz) = 193627
--- a/security/lua-resty-openssl/pkg-descr
+++ b/security/lua-resty-openssl/pkg-descr
@ -0,0 +1 @@
+HMAC functions for OpenResty / ngx_lua
--- a/security/lua-resty-openssl/pkg-plist
+++ b/security/lua-resty-openssl/pkg-plist
@ -0,0 +1,84 @@
+share/lua/5.1/resty/openssl.lua
+share/lua/5.1/resty/openssl/asn1.lua
+share/lua/5.1/resty/openssl/auxiliary/bio.lua
+share/lua/5.1/resty/openssl/auxiliary/ctypes.lua
+share/lua/5.1/resty/openssl/auxiliary/ecdsa.lua
+share/lua/5.1/resty/openssl/auxiliary/jwk.lua
+share/lua/5.1/resty/openssl/auxiliary/nginx.lua
+share/lua/5.1/resty/openssl/auxiliary/nginx_c.lua
+share/lua/5.1/resty/openssl/bn.lua
+share/lua/5.1/resty/openssl/cipher.lua
+share/lua/5.1/resty/openssl/ctx.lua
+share/lua/5.1/resty/openssl/dh.lua
+share/lua/5.1/resty/openssl/digest.lua
+share/lua/5.1/resty/openssl/ec.lua
+share/lua/5.1/resty/openssl/ecx.lua
+share/lua/5.1/resty/openssl/err.lua
+share/lua/5.1/resty/openssl/hmac.lua
+share/lua/5.1/resty/openssl/include/asn1.lua
+share/lua/5.1/resty/openssl/include/bio.lua
+share/lua/5.1/resty/openssl/include/bn.lua
+share/lua/5.1/resty/openssl/include/conf.lua
+share/lua/5.1/resty/openssl/include/crypto.lua
+share/lua/5.1/resty/openssl/include/dh.lua
+share/lua/5.1/resty/openssl/include/ec.lua
+share/lua/5.1/resty/openssl/include/ecdsa.lua
+share/lua/5.1/resty/openssl/include/err.lua
+share/lua/5.1/resty/openssl/include/evp.lua
+share/lua/5.1/resty/openssl/include/evp/cipher.lua
+share/lua/5.1/resty/openssl/include/evp/kdf.lua
+share/lua/5.1/resty/openssl/include/evp/mac.lua
+share/lua/5.1/resty/openssl/include/evp/md.lua
+share/lua/5.1/resty/openssl/include/evp/pkey.lua
+share/lua/5.1/resty/openssl/include/hmac.lua
+share/lua/5.1/resty/openssl/include/objects.lua
+share/lua/5.1/resty/openssl/include/ossl_typ.lua
+share/lua/5.1/resty/openssl/include/param.lua
+share/lua/5.1/resty/openssl/include/pem.lua
+share/lua/5.1/resty/openssl/include/pkcs12.lua
+share/lua/5.1/resty/openssl/include/provider.lua
+share/lua/5.1/resty/openssl/include/rand.lua
+share/lua/5.1/resty/openssl/include/rsa.lua
+share/lua/5.1/resty/openssl/include/ssl.lua
+share/lua/5.1/resty/openssl/include/stack.lua
+share/lua/5.1/resty/openssl/include/x509/altname.lua
+share/lua/5.1/resty/openssl/include/x509/crl.lua
+share/lua/5.1/resty/openssl/include/x509/csr.lua
+share/lua/5.1/resty/openssl/include/x509/extension.lua
+share/lua/5.1/resty/openssl/include/x509/init.lua
+share/lua/5.1/resty/openssl/include/x509/name.lua
+share/lua/5.1/resty/openssl/include/x509/revoked.lua
+share/lua/5.1/resty/openssl/include/x509_vfy.lua
+share/lua/5.1/resty/openssl/include/x509v3.lua
+share/lua/5.1/resty/openssl/kdf.lua
+share/lua/5.1/resty/openssl/mac.lua
+share/lua/5.1/resty/openssl/objects.lua
+share/lua/5.1/resty/openssl/param.lua
+share/lua/5.1/resty/openssl/pkcs12.lua
+share/lua/5.1/resty/openssl/pkey.lua
+share/lua/5.1/resty/openssl/provider.lua
+share/lua/5.1/resty/openssl/rand.lua
+share/lua/5.1/resty/openssl/rsa.lua
+share/lua/5.1/resty/openssl/ssl.lua
+share/lua/5.1/resty/openssl/ssl_ctx.lua
+share/lua/5.1/resty/openssl/stack.lua
+share/lua/5.1/resty/openssl/version.lua
+share/lua/5.1/resty/openssl/x509/altname.lua
+share/lua/5.1/resty/openssl/x509/chain.lua
+share/lua/5.1/resty/openssl/x509/crl.lua
+share/lua/5.1/resty/openssl/x509/csr.lua
+share/lua/5.1/resty/openssl/x509/extension.lua
+share/lua/5.1/resty/openssl/x509/extension/dist_points.lua
+share/lua/5.1/resty/openssl/x509/extension/info_access.lua
+share/lua/5.1/resty/openssl/x509/extensions.lua
+share/lua/5.1/resty/openssl/x509/init.lua
+share/lua/5.1/resty/openssl/x509/name.lua
+share/lua/5.1/resty/openssl/x509/revoked.lua
+share/lua/5.1/resty/openssl/x509/store.lua
+@dir share/lua/5.1/resty/openssl/x509/extension
+@dir share/lua/5.1/resty/openssl/x509
+@dir share/lua/5.1/resty/openssl/include/x509
+@dir share/lua/5.1/resty/openssl/include/evp
+@dir share/lua/5.1/resty/openssl/include
+@dir share/lua/5.1/resty/openssl/auxiliary
+@dir share/lua/5.1/resty/openssl
--- a/www/Makefile
+++ b/www/Makefile
@ -332,6 +332,7 @@
    SUBDIR += lua-resty-core
    SUBDIR += lua-resty-http
    SUBDIR += lua-resty-lrucache
+    SUBDIR += lua-resty-session
    SUBDIR += luakit
    SUBDIR += luakit-devel
    SUBDIR += lux
--- a/www/lua-resty-session/Makefile
+++ b/www/lua-resty-session/Makefile
@ -0,0 +1,75 @@
+PORTNAME=	lua-resty-session
+DISTVERSIONPREFIX=v
+DISTVERSION=	4.0.5
+CATEGORIES=	www
+
+MAINTAINER=	netchild@FreeBSD.org
+COMMENT=	Lua session library for OpenResty / ngx_lua
+WWW=		https://github.com/bungle/lua-resty-session
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	luajit-openresty>=2.1:lang/luajit-openresty
+# XXX: deps for filesystem, postgres, redis backends missing
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	bungle
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
+LUA_MODSHAREDIR=${LOCALBASE}/share/lua/5.1
+
+PLIST_FILES+=	${LUA_MODSHAREDIR}/resty/session/dshm.lua \
+		${LUA_MODSHAREDIR}/resty/session/file.lua \
+		${LUA_MODSHAREDIR}/resty/session/file/thread.lua \
+		${LUA_MODSHAREDIR}/resty/session/file/utils.lua \
+		${LUA_MODSHAREDIR}/resty/session/memcached.lua \
+		${LUA_MODSHAREDIR}/resty/session/mysql.lua \
+		${LUA_MODSHAREDIR}/resty/session/postgres.lua \
+		${LUA_MODSHAREDIR}/resty/session/redis.lua \
+		${LUA_MODSHAREDIR}/resty/session/redis/cluster.lua \
+		${LUA_MODSHAREDIR}/resty/session/redis/common.lua \
+		${LUA_MODSHAREDIR}/resty/session/redis/sentinel.lua \
+		${LUA_MODSHAREDIR}/resty/session/shm.lua \
+		${LUA_MODSHAREDIR}/resty/session/utils.lua \
+		${LUA_MODSHAREDIR}/resty/session.lua
+
+PORTDOCS=	classes/resty.session.html \
+		classes/session.html \
+		index.html \
+		ldoc.css \
+		modules/resty.session.dshm.html \
+		modules/resty.session.file-thread.html \
+		modules/resty.session.file.html \
+		modules/resty.session.file.thread.html \
+		modules/resty.session.file.utils.html \
+		modules/resty.session.html \
+		modules/resty.session.memcached.html \
+		modules/resty.session.mysql.html \
+		modules/resty.session.postgres.html \
+		modules/resty.session.redis-cluster.html \
+		modules/resty.session.redis-sentinel.html \
+		modules/resty.session.redis.cluster.html \
+		modules/resty.session.redis.common.html \
+		modules/resty.session.redis.html \
+		modules/resty.session.redis.sentinel.html \
+		modules/resty.session.shm.html \
+		modules/resty.session.utils.html \
+		README.md
+
+DOCSDIR=	${PREFIX}/share/doc/lua${LUA_VER_STR}/${PORTNAME}
+
+OPTIONS_DEFINE=	DOCS
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${LUA_MODSHAREDIR}
+	@(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${LUA_MODSHAREDIR} "-name *\.lua")
+
+do-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
+	@(cd ${WRKSRC}/docs && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR} "-type f")
+
+.include <bsd.port.mk>
--- a/www/lua-resty-session/distinfo
+++ b/www/lua-resty-session/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1697101679
+SHA256 (bungle-lua-resty-session-v4.0.5_GH0.tar.gz) = 741b1b25257d3819d7b67feaea3391e3e4d8aec777cdcb12f142ccf742df4d4c
+SIZE (bungle-lua-resty-session-v4.0.5_GH0.tar.gz) = 85789
--- a/www/lua-resty-session/pkg-descr
+++ b/www/lua-resty-session/pkg-descr
@ -0,0 +1,8 @@
+Lua session library for OpenResty / ngx_lua
+
+Features:
+ - Sessions are immutable (each save generates a new session), and lockless.
+ - Session data is AES-256-GCM encrypted with a key derived using HKDF-SHA256.
+ - Session has a fixed size header that is protected with HMAC-SHA256 MAC with a key derived using HKDF-SHA256.
+ - Session data can be stored in a stateless cookie or in various backend storages.
+ - A single session cookie can maintain multiple sessions across different audiences.