I need to make a external security request before any request on my Kong Gateway.
To do that, I used the plugin Kong Functions (Pre-Plugins), which allows me to execute lua scripts before any request.
Script:
local http = require "resty.http"
-- Pega o valor do header 'token' da requisição
local token = kong.request.get_header("token")
-- Verifica se o header 'token' foi encontrado
if not token then
ngx.log(ngx.ERR, "token not found in request headers")
ngx.exit(ngx.HTTP_BAD_REQUEST)
end
-- Configuração da requisição HTTP
local httpc = http.new()
local res, err = httpc:request_uri("my_request_url", {
method = "GET",
headers = {
["token"] = token
},
ssl_verify = false
})
-- Verifica se houve algum erro na requisição
if not res then
ngx.log(ngx.ERR, "failed to request token validation: ", err)
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
-- Verifica se a validação do token falhou
if res.status ~= 200 then
ngx.log(ngx.ERR, "token validation failed with status code: ", res.status)
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
But I´m receiving this error:
init.lua:386 [pre-function] /usr/local/share/lua/5.1/kong/tools/kong-lua-sandbox.lua:171: /usr/local/share/lua/5.1/kong/tools/sandbox.lua:88: require 'resty.http' not allowed within sandbox,
I tried to add an env on my container:
- name: KONG_LUA_SANDBOX_GLOBALS
value: "package.loaded['resty.http'] = require 'resty.http'"
But I keep receiving the same error, even after restarting the container, I really don't know what to do next.
