http {
    lua_package_path "/usr/local/openresty/site/lualib/lua-resty-feishu-auth/lib/?.lua;/usr/local/openresty/site/lualib/lua-resty-jwt/lib/?.lua;/usr/local/openresty/site/lualib/lua-resty-jwt/vendor/?.lua;/usr/local/openresty/site/lualib/lua-resty-http/lib/?.lua;;";
}

server {
    listen 443 ssl;
    server_name feishu-auth.example.com;
    resolver 8.8.8.8;
    
    ssl_certificate /usr/local/openresty/cert/feishu-auth.example.com.crt;
    ssl_certificate_key /usr/local/openresty/cert/feishu-auth.example.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    lua_ssl_verify_depth 2;
    lua_ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt;
    if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
        set $year $1;
        set $month $2;
        set $day $3;
    }
    access_log logs/feishu-auth.example.com_access_$year$month$day.log main;
    error_log logs/feishu-auth.example.com_error_$year$month$day.log;

    access_by_lua_block {
        local feishu_auth = require "resty.feishu_auth"
        feishu_auth.app_id = ""
        feishu_auth.app_secret = ""
        feishu_auth.callback_uri = "/feishu_auth_callback"
        feishu_auth.logout_uri = "/feishu_auth_logout"
        feishu_auth.app_domain = "feishu-auth.example.com"

        feishu_auth.jwt_secret = "thisisjwtsecret"

        feishu_auth.ip_blacklist = {"47.1.2.3"}
        feishu_auth.uri_whitelist = {"/"}
        feishu_auth.department_whitelist = {"0"}

        feishu_auth:auth()
    }
}

server {
    listen 80;
    server_name feishu-auth.example.com;

    location / {
        rewrite ^/(.*) https://$server_name/$1 redirect;
    }
}