Mercurial > hg > ngx_http_auth_request_module
annotate ngx_http_auth_request_module.c @ 5:cc231fa95159
Auth request: expand example in README.
1. An example how to don't pass to upstream server body (if happend to be
already read from client) and Content-Length header to handle POSTs
correctly.
2. An example how to pass original request URI to backend.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 05 Mar 2010 21:20:32 +0300 |
parents | 35f0ee7a3c28 |
children | fb05a061532c |
rev | line source |
---|---|
0 | 1 |
2 /* | |
3 * Copyright (C) Maxim Dounin | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_http.h> | |
10 | |
11 | |
12 typedef struct { | |
13 ngx_str_t uri; | |
14 } ngx_http_auth_request_conf_t; | |
15 | |
16 typedef struct { | |
17 ngx_uint_t done; | |
18 ngx_uint_t status; | |
19 ngx_http_request_t *subrequest; | |
20 } ngx_http_auth_request_ctx_t; | |
21 | |
22 | |
23 static ngx_int_t ngx_http_auth_request_handler(ngx_http_request_t *r); | |
24 static ngx_int_t ngx_http_auth_request_done(ngx_http_request_t *r, | |
25 void *data, ngx_int_t rc); | |
26 static void *ngx_http_auth_request_create_conf(ngx_conf_t *cf); | |
27 static char *ngx_http_auth_request_merge_conf(ngx_conf_t *cf, | |
28 void *parent, void *child); | |
29 static ngx_int_t ngx_http_auth_request_init(ngx_conf_t *cf); | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
30 static char *ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
31 void *conf); |
0 | 32 |
33 | |
34 static ngx_command_t ngx_http_auth_request_commands[] = { | |
35 | |
36 { ngx_string("auth_request"), | |
37 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
38 ngx_http_auth_request, |
0 | 39 NGX_HTTP_LOC_CONF_OFFSET, |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
40 0, |
0 | 41 NULL }, |
42 | |
43 ngx_null_command | |
44 }; | |
45 | |
46 | |
47 static ngx_http_module_t ngx_http_auth_request_module_ctx = { | |
48 NULL, /* preconfiguration */ | |
49 ngx_http_auth_request_init, /* postconfiguration */ | |
50 | |
51 NULL, /* create main configuration */ | |
52 NULL, /* init main configuration */ | |
53 | |
54 NULL, /* create server configuration */ | |
55 NULL, /* merge server configuration */ | |
56 | |
57 ngx_http_auth_request_create_conf, /* create location configuration */ | |
58 ngx_http_auth_request_merge_conf /* merge location configuration */ | |
59 }; | |
60 | |
61 | |
62 ngx_module_t ngx_http_auth_request_module = { | |
63 NGX_MODULE_V1, | |
64 &ngx_http_auth_request_module_ctx, /* module context */ | |
65 ngx_http_auth_request_commands, /* module directives */ | |
66 NGX_HTTP_MODULE, /* module type */ | |
67 NULL, /* init master */ | |
68 NULL, /* init module */ | |
69 NULL, /* init process */ | |
70 NULL, /* init thread */ | |
71 NULL, /* exit thread */ | |
72 NULL, /* exit process */ | |
73 NULL, /* exit master */ | |
74 NGX_MODULE_V1_PADDING | |
75 }; | |
76 | |
77 | |
78 static ngx_int_t | |
79 ngx_http_auth_request_handler(ngx_http_request_t *r) | |
80 { | |
81 ngx_table_elt_t *h, *ho; | |
82 ngx_http_request_t *sr; | |
83 ngx_http_post_subrequest_t *ps; | |
84 ngx_http_auth_request_ctx_t *ctx; | |
85 ngx_http_auth_request_conf_t *arcf; | |
86 | |
87 arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module); | |
88 | |
89 if (arcf->uri.len == 0) { | |
90 return NGX_DECLINED; | |
91 } | |
92 | |
93 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
94 "auth request handler"); | |
95 | |
96 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_request_module); | |
97 | |
98 if (ctx != NULL) { | |
99 if (!ctx->done) { | |
100 return NGX_AGAIN; | |
101 } | |
102 | |
103 if (ctx->status == NGX_HTTP_FORBIDDEN) { | |
104 return ctx->status; | |
105 } | |
106 | |
107 if (ctx->status == NGX_HTTP_UNAUTHORIZED) { | |
108 sr = ctx->subrequest; | |
109 | |
110 h = sr->headers_out.www_authenticate; | |
111 | |
112 if (!h && sr->upstream) { | |
113 h = sr->upstream->headers_in.www_authenticate; | |
114 } | |
115 | |
116 if (h) { | |
117 ho = ngx_list_push(&r->headers_out.headers); | |
118 if (ho == NULL) { | |
119 return NGX_ERROR; | |
120 } | |
121 | |
122 *ho = *h; | |
123 | |
124 r->headers_out.www_authenticate = ho; | |
125 } | |
126 | |
127 return ctx->status; | |
128 } | |
129 | |
130 if (ctx->status >= NGX_HTTP_OK | |
131 && ctx->status < NGX_HTTP_SPECIAL_RESPONSE) | |
132 { | |
133 return NGX_OK; | |
134 } | |
135 | |
136 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
137 "auth request unexpected status: %d", ctx->status); | |
138 | |
139 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
140 } | |
141 | |
142 ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_auth_request_ctx_t)); | |
143 if (ctx == NULL) { | |
144 return NGX_ERROR; | |
145 } | |
146 | |
147 ps = ngx_palloc(r->pool, sizeof(ngx_http_post_subrequest_t)); | |
148 if (ps == NULL) { | |
149 return NGX_ERROR; | |
150 } | |
151 | |
152 ps->handler = ngx_http_auth_request_done; | |
153 ps->data = ctx; | |
154 | |
155 if (ngx_http_subrequest(r, &arcf->uri, NULL, &sr, ps, | |
156 NGX_HTTP_SUBREQUEST_WAITED) | |
157 != NGX_OK) | |
158 { | |
159 return NGX_ERROR; | |
160 } | |
161 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
162 sr->discard_body = 1; |
0 | 163 sr->header_only = 1; |
164 | |
165 ctx->subrequest = sr; | |
166 | |
167 ngx_http_set_ctx(r, ctx, ngx_http_auth_request_module); | |
168 | |
169 return NGX_AGAIN; | |
170 } | |
171 | |
172 | |
173 static ngx_int_t | |
174 ngx_http_auth_request_done(ngx_http_request_t *r, void *data, ngx_int_t rc) | |
175 { | |
176 ngx_http_auth_request_ctx_t *ctx = data; | |
177 | |
178 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
179 "auth request done s:%d", r->headers_out.status); | |
180 | |
181 ctx->done = 1; | |
182 ctx->status = r->headers_out.status; | |
183 | |
184 return rc; | |
185 } | |
186 | |
187 | |
188 static void * | |
189 ngx_http_auth_request_create_conf(ngx_conf_t *cf) | |
190 { | |
191 ngx_http_auth_request_conf_t *conf; | |
192 | |
193 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_request_conf_t)); | |
194 if (conf == NULL) { | |
195 return NULL; | |
196 } | |
197 | |
198 /* | |
199 * set by ngx_pcalloc(): | |
200 * | |
201 * conf->uri.len = { 0, NULL }; | |
202 */ | |
203 | |
204 return conf; | |
205 } | |
206 | |
207 | |
208 static char * | |
209 ngx_http_auth_request_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
210 { | |
211 ngx_http_auth_request_conf_t *prev = parent; | |
212 ngx_http_auth_request_conf_t *conf = child; | |
213 | |
214 ngx_conf_merge_str_value(conf->uri, prev->uri, ""); | |
215 | |
216 return NGX_CONF_OK; | |
217 } | |
218 | |
219 | |
220 static ngx_int_t | |
221 ngx_http_auth_request_init(ngx_conf_t *cf) | |
222 { | |
223 ngx_http_handler_pt *h; | |
224 ngx_http_core_main_conf_t *cmcf; | |
225 | |
226 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); | |
227 | |
228 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); | |
229 if (h == NULL) { | |
230 return NGX_ERROR; | |
231 } | |
232 | |
233 *h = ngx_http_auth_request_handler; | |
234 | |
235 return NGX_OK; | |
236 } | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
237 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
238 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
239 static char * |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
240 ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
241 { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
242 ngx_http_auth_request_conf_t *arcf = conf; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
243 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
244 ngx_str_t *value; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
245 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
246 if (arcf->uri.data != NULL) { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
247 return "is duplicate"; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
248 } |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
249 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
250 value = cf->args->elts; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
251 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
252 if (ngx_strcmp(value[1].data, "off") == 0) { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
253 arcf->uri.len = 0; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
254 arcf->uri.data = (u_char *) ""; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
255 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
256 return NGX_CONF_OK; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
257 } |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
258 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
259 arcf->uri = value[1]; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
260 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
261 return NGX_CONF_OK; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
262 } |