Mercurial > hg > nginx-vendor-1-0
comparison src/http/modules/ngx_http_userid_filter.c @ 0:f0b350454894 NGINX_0_1_0
nginx 0.1.0
*) The first public version.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 04 Oct 2004 00:00:00 +0400 |
parents | |
children | cc9f381affaa |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:f0b350454894 |
---|---|
1 | |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_http.h> | |
10 | |
11 | |
12 #define NGX_HTTP_USERID_OFF 0 | |
13 #define NGX_HTTP_USERID_LOG 1 | |
14 #define NGX_HTTP_USERID_V1 2 | |
15 #define NGX_HTTP_USERID_ON 3 | |
16 | |
17 /* 31 Dec 2037 23:55:55 GMT */ | |
18 #define NGX_HTTP_USERID_MAX_EXPIRES 2145916555 | |
19 | |
20 | |
21 typedef struct { | |
22 ngx_flag_t enable; | |
23 | |
24 ngx_int_t service; | |
25 | |
26 ngx_str_t name; | |
27 ngx_str_t domain; | |
28 ngx_str_t path; | |
29 time_t expires; | |
30 | |
31 ngx_int_t p3p; | |
32 ngx_str_t p3p_string; | |
33 } ngx_http_userid_conf_t; | |
34 | |
35 | |
36 typedef struct { | |
37 uint32_t uid_got[4]; | |
38 uint32_t uid_set[4]; | |
39 } ngx_http_userid_ctx_t; | |
40 | |
41 | |
42 static ngx_int_t ngx_http_userid_get_uid(ngx_http_request_t *r, | |
43 ngx_http_userid_ctx_t *ctx, | |
44 ngx_http_userid_conf_t *conf); | |
45 static ngx_int_t ngx_http_userid_set_uid(ngx_http_request_t *r, | |
46 ngx_http_userid_ctx_t *ctx, | |
47 ngx_http_userid_conf_t *conf); | |
48 | |
49 static u_char *ngx_http_userid_log_uid_got(ngx_http_request_t *r, u_char *buf, | |
50 uintptr_t data); | |
51 static u_char *ngx_http_userid_log_uid_set(ngx_http_request_t *r, u_char *buf, | |
52 uintptr_t data); | |
53 | |
54 static ngx_int_t ngx_http_userid_init(ngx_cycle_t *cycle); | |
55 static ngx_int_t ngx_http_userid_pre_conf(ngx_conf_t *cf); | |
56 static void *ngx_http_userid_create_conf(ngx_conf_t *cf); | |
57 static char *ngx_http_userid_merge_conf(ngx_conf_t *cf, void *parent, | |
58 void *child); | |
59 char *ngx_conf_check_domain(ngx_conf_t *cf, void *post, void *data); | |
60 char *ngx_http_userid_expires(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | |
61 | |
62 | |
63 static uint32_t sequencer_v1 = 1; | |
64 static uint32_t sequencer_v2 = 0x03030302; | |
65 | |
66 | |
67 static u_char expires[] = "; expires=Thu, 31-Dec-37 23:55:55 GMT"; | |
68 | |
69 | |
70 static ngx_http_output_header_filter_pt ngx_http_next_header_filter; | |
71 | |
72 | |
73 static ngx_conf_enum_t ngx_http_userid_state[] = { | |
74 { ngx_string("off"), NGX_HTTP_USERID_OFF }, | |
75 { ngx_string("log"), NGX_HTTP_USERID_LOG }, | |
76 { ngx_string("v1"), NGX_HTTP_USERID_V1 }, | |
77 { ngx_string("on"), NGX_HTTP_USERID_ON }, | |
78 { ngx_null_string, 0 } | |
79 }; | |
80 | |
81 | |
82 static ngx_conf_post_handler_pt ngx_conf_check_domain_p = | |
83 ngx_conf_check_domain; | |
84 | |
85 | |
86 static ngx_command_t ngx_http_userid_commands[] = { | |
87 | |
88 { ngx_string("userid"), | |
89 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
90 ngx_conf_set_enum_slot, | |
91 NGX_HTTP_LOC_CONF_OFFSET, | |
92 offsetof(ngx_http_userid_conf_t, enable), | |
93 ngx_http_userid_state }, | |
94 | |
95 { ngx_string("userid_service"), | |
96 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
97 ngx_conf_set_num_slot, | |
98 NGX_HTTP_LOC_CONF_OFFSET, | |
99 offsetof(ngx_http_userid_conf_t, service), | |
100 NULL }, | |
101 | |
102 { ngx_string("userid_name"), | |
103 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
104 ngx_conf_set_str_slot, | |
105 NGX_HTTP_LOC_CONF_OFFSET, | |
106 offsetof(ngx_http_userid_conf_t, name), | |
107 NULL }, | |
108 | |
109 { ngx_string("userid_domain"), | |
110 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
111 ngx_conf_set_str_slot, | |
112 NGX_HTTP_LOC_CONF_OFFSET, | |
113 offsetof(ngx_http_userid_conf_t, domain), | |
114 &ngx_conf_check_domain_p }, | |
115 | |
116 { ngx_string("userid_path"), | |
117 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
118 ngx_conf_set_str_slot, | |
119 NGX_HTTP_LOC_CONF_OFFSET, | |
120 offsetof(ngx_http_userid_conf_t, path), | |
121 NULL }, | |
122 | |
123 { ngx_string("userid_expires"), | |
124 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
125 ngx_http_userid_expires, | |
126 NGX_HTTP_LOC_CONF_OFFSET, | |
127 0, | |
128 NULL }, | |
129 | |
130 ngx_null_command | |
131 }; | |
132 | |
133 | |
134 ngx_http_module_t ngx_http_userid_filter_module_ctx = { | |
135 ngx_http_userid_pre_conf, /* pre conf */ | |
136 | |
137 NULL, /* create main configuration */ | |
138 NULL, /* init main configuration */ | |
139 | |
140 NULL, /* create server configuration */ | |
141 NULL, /* merge server configuration */ | |
142 | |
143 ngx_http_userid_create_conf, /* create location configration */ | |
144 ngx_http_userid_merge_conf /* merge location configration */ | |
145 }; | |
146 | |
147 | |
148 ngx_module_t ngx_http_userid_filter_module = { | |
149 NGX_MODULE, | |
150 &ngx_http_userid_filter_module_ctx, /* module context */ | |
151 ngx_http_userid_commands, /* module directives */ | |
152 NGX_HTTP_MODULE, /* module type */ | |
153 ngx_http_userid_init, /* init module */ | |
154 NULL /* init process */ | |
155 }; | |
156 | |
157 | |
158 static ngx_http_log_op_name_t ngx_http_userid_log_fmt_ops[] = { | |
159 { ngx_string("uid_got"), 0, ngx_http_userid_log_uid_got }, | |
160 { ngx_string("uid_set"), 0, ngx_http_userid_log_uid_set }, | |
161 { ngx_null_string, 0, NULL } | |
162 }; | |
163 | |
164 | |
165 static ngx_int_t ngx_http_userid_filter(ngx_http_request_t *r) | |
166 { | |
167 ngx_int_t rc; | |
168 ngx_http_userid_ctx_t *ctx; | |
169 ngx_http_userid_conf_t *conf; | |
170 | |
171 conf = ngx_http_get_module_loc_conf(r, ngx_http_userid_filter_module); | |
172 | |
173 if (conf->enable == NGX_HTTP_USERID_OFF) { | |
174 return ngx_http_next_header_filter(r); | |
175 } | |
176 | |
177 ngx_http_create_ctx(r, ctx, ngx_http_userid_filter_module, | |
178 sizeof(ngx_http_userid_ctx_t), NGX_ERROR); | |
179 | |
180 rc = ngx_http_userid_get_uid(r, ctx, conf); | |
181 | |
182 if (rc != NGX_OK) { | |
183 return rc; | |
184 } | |
185 | |
186 if (conf->enable == NGX_HTTP_USERID_LOG || ctx->uid_got[3] != 0) { | |
187 return ngx_http_next_header_filter(r); | |
188 } | |
189 | |
190 rc = ngx_http_userid_set_uid(r, ctx, conf); | |
191 | |
192 if (rc != NGX_OK) { | |
193 return rc; | |
194 } | |
195 | |
196 return ngx_http_next_header_filter(r); | |
197 } | |
198 | |
199 | |
200 static ngx_int_t ngx_http_userid_get_uid(ngx_http_request_t *r, | |
201 ngx_http_userid_ctx_t *ctx, | |
202 ngx_http_userid_conf_t *conf) | |
203 { | |
204 u_char *start, *last, *end; | |
205 ngx_uint_t i; | |
206 ngx_str_t src, dst; | |
207 ngx_table_elt_t **cookies; | |
208 | |
209 cookies = r->headers_in.cookies.elts; | |
210 | |
211 for (i = 0; i < r->headers_in.cookies.nelts; i++) { | |
212 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
213 "cookie: \"%s\"", cookies[i]->value.data); | |
214 | |
215 end = cookies[i]->value.data + cookies[i]->value.len; | |
216 | |
217 for (start = cookies[i]->value.data; start < end; /* void */) { | |
218 | |
219 if (conf->name.len >= cookies[i]->value.len | |
220 || ngx_strncmp(start, conf->name.data, conf->name.len) != 0) | |
221 { | |
222 start += conf->name.len; | |
223 while (start < end && *start++ != ';') { /* void */ } | |
224 | |
225 for (/* void */; start < end && *start == ' '; start++) { /**/ } | |
226 | |
227 continue; | |
228 } | |
229 | |
230 for (start += conf->name.len; start < end && *start == ' '; start++) | |
231 { | |
232 /* void */ | |
233 } | |
234 | |
235 if (*start != '=') { | |
236 break; | |
237 } | |
238 | |
239 for (start++; start < end && *start == ' '; start++) { /* void */ } | |
240 | |
241 for (last = start; last < end && *last != ';'; last++) { /**/ } | |
242 | |
243 if (last - start < 22) { | |
244 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
245 "client sent too short userid cookie \"%s\"", | |
246 cookies[i]->value.data); | |
247 break; | |
248 } | |
249 | |
250 /* | |
251 * we have to limit encoded string to 22 characters | |
252 * because there are already the millions cookies with a garbage | |
253 * instead of the correct base64 trail "==" | |
254 */ | |
255 | |
256 src.len = 22; | |
257 src.data = start; | |
258 dst.data = (u_char *) ctx->uid_got; | |
259 | |
260 if (ngx_decode_base64(&src, &dst) == NGX_ERROR) { | |
261 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
262 "client sent invalid userid cookie \"%s\"", | |
263 cookies[i]->value.data); | |
264 break; | |
265 } | |
266 | |
267 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
268 "uid: %08X%08X%08X%08X", | |
269 ctx->uid_got[0], ctx->uid_got[1], | |
270 ctx->uid_got[2], ctx->uid_got[3]); | |
271 | |
272 return NGX_OK; | |
273 } | |
274 } | |
275 | |
276 return NGX_OK; | |
277 } | |
278 | |
279 | |
280 static ngx_int_t ngx_http_userid_set_uid(ngx_http_request_t *r, | |
281 ngx_http_userid_ctx_t *ctx, | |
282 ngx_http_userid_conf_t *conf) | |
283 | |
284 { | |
285 u_char *cookie, *p; | |
286 size_t len; | |
287 socklen_t slen; | |
288 struct sockaddr_in addr_in; | |
289 ngx_str_t src, dst; | |
290 ngx_table_elt_t *set_cookie; | |
291 | |
292 /* TODO: mutex for sequencers */ | |
293 | |
294 if (conf->enable == NGX_HTTP_USERID_V1) { | |
295 if (conf->service == NGX_CONF_UNSET) { | |
296 ctx->uid_set[0] = 0; | |
297 } else { | |
298 ctx->uid_set[0] = htonl(conf->service); | |
299 } | |
300 | |
301 ctx->uid_set[1] = ngx_time(); | |
302 ctx->uid_set[2] = ngx_pid; | |
303 ctx->uid_set[3] = sequencer_v1; | |
304 sequencer_v1 += 0x100; | |
305 | |
306 } else { | |
307 if (conf->service == NGX_CONF_UNSET) { | |
308 if (r->in_addr == 0) { | |
309 slen = sizeof(struct sockaddr_in); | |
310 if (getsockname(r->connection->fd, | |
311 (struct sockaddr *) &addr_in, &slen) == -1) | |
312 { | |
313 ngx_log_error(NGX_LOG_CRIT, r->connection->log, | |
314 ngx_socket_errno, | |
315 "getsockname() failed"); | |
316 } | |
317 | |
318 r->in_addr = addr_in.sin_addr.s_addr; | |
319 } | |
320 | |
321 ctx->uid_set[0] = htonl(r->in_addr); | |
322 | |
323 } else { | |
324 ctx->uid_set[0] = htonl(conf->service); | |
325 } | |
326 | |
327 ctx->uid_set[1] = htonl(ngx_time()); | |
328 ctx->uid_set[2] = htonl(ngx_pid); | |
329 ctx->uid_set[3] = htonl(sequencer_v2); | |
330 sequencer_v2 += 0x100; | |
331 if (sequencer_v2 < 0x03030302) { | |
332 sequencer_v2 = 0x03030302; | |
333 } | |
334 } | |
335 | |
336 len = conf->name.len + 1 + ngx_base64_encoded_length(16) + 1; | |
337 | |
338 if (conf->expires) { | |
339 len += sizeof(expires) - 1 + 2; | |
340 } | |
341 | |
342 if (conf->domain.len > 1) { | |
343 len += sizeof("; domain=") - 1 + conf->domain.len; | |
344 } | |
345 | |
346 if (conf->path.len) { | |
347 len += sizeof("; path=") - 1 + conf->path.len; | |
348 } | |
349 | |
350 if (!(cookie = ngx_palloc(r->pool, len))) { | |
351 return NGX_ERROR; | |
352 } | |
353 | |
354 p = ngx_cpymem(cookie, conf->name.data, conf->name.len); | |
355 *p++ = '='; | |
356 | |
357 src.len = 16; | |
358 src.data = (u_char *) ctx->uid_set; | |
359 dst.data = p; | |
360 | |
361 ngx_encode_base64(&src, &dst); | |
362 | |
363 p += dst.len; | |
364 | |
365 if (conf->expires == NGX_HTTP_USERID_MAX_EXPIRES) { | |
366 p = ngx_cpymem(p, expires, sizeof(expires) - 1); | |
367 | |
368 } else if (conf->expires) { | |
369 p = ngx_cpymem(p, expires, sizeof("; expires=") - 1); | |
370 p += ngx_http_cookie_time(p, ngx_time() + conf->expires); | |
371 } | |
372 | |
373 if (conf->domain.len > 1) { | |
374 p = ngx_cpymem(p, "; domain=", sizeof("; domain=") - 1); | |
375 p = ngx_cpymem(p, conf->domain.data, conf->domain.len); | |
376 } | |
377 | |
378 if (conf->path.len) { | |
379 p = ngx_cpymem(p, "; path=", sizeof("; path=") - 1); | |
380 p = ngx_cpymem(p, conf->path.data, conf->path.len); | |
381 } | |
382 | |
383 *p = '\0'; | |
384 | |
385 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
386 "uid cookie: \"%s\"", cookie); | |
387 | |
388 if (!(set_cookie = ngx_list_push(&r->headers_out.headers))) { | |
389 return NGX_ERROR; | |
390 } | |
391 | |
392 set_cookie->key.len = sizeof("Set-Cookie") - 1; | |
393 set_cookie->key.data = (u_char *) "Set-Cookie"; | |
394 set_cookie->value.len = p - cookie; | |
395 set_cookie->value.data = cookie; | |
396 | |
397 return NGX_OK; | |
398 } | |
399 | |
400 | |
401 static u_char *ngx_http_userid_log_uid_got(ngx_http_request_t *r, u_char *buf, | |
402 uintptr_t data) | |
403 { | |
404 ngx_http_userid_ctx_t *ctx; | |
405 ngx_http_userid_conf_t *conf; | |
406 | |
407 ctx = ngx_http_get_module_ctx(r, ngx_http_userid_filter_module); | |
408 | |
409 if (ctx == NULL || ctx->uid_got[3] == 0) { | |
410 if (buf == NULL) { | |
411 return (u_char *) 1; | |
412 } | |
413 | |
414 *buf = '-'; | |
415 return buf + 1; | |
416 } | |
417 | |
418 conf = ngx_http_get_module_loc_conf(r, ngx_http_userid_filter_module); | |
419 | |
420 if (buf == NULL) { | |
421 return (u_char *) (conf->name.len + 1 + 32); | |
422 } | |
423 | |
424 buf = ngx_cpymem(buf, conf->name.data, conf->name.len); | |
425 | |
426 *buf++ = '='; | |
427 | |
428 return buf + ngx_snprintf((char *) buf, 33, "%08X%08X%08X%08X", | |
429 ctx->uid_got[0], ctx->uid_got[1], | |
430 ctx->uid_got[2], ctx->uid_got[3]); | |
431 } | |
432 | |
433 | |
434 static u_char *ngx_http_userid_log_uid_set(ngx_http_request_t *r, u_char *buf, | |
435 uintptr_t data) | |
436 { | |
437 ngx_http_userid_ctx_t *ctx; | |
438 ngx_http_userid_conf_t *conf; | |
439 | |
440 ctx = ngx_http_get_module_ctx(r, ngx_http_userid_filter_module); | |
441 | |
442 if (ctx == NULL || ctx->uid_set[3] == 0) { | |
443 if (buf == NULL) { | |
444 return (u_char *) 1; | |
445 } | |
446 | |
447 *buf = '-'; | |
448 return buf + 1; | |
449 } | |
450 | |
451 conf = ngx_http_get_module_loc_conf(r, ngx_http_userid_filter_module); | |
452 | |
453 if (buf == NULL) { | |
454 return (u_char *) (conf->name.len + 1 + 32); | |
455 } | |
456 | |
457 buf = ngx_cpymem(buf, conf->name.data, conf->name.len); | |
458 | |
459 *buf++ = '='; | |
460 | |
461 return buf + ngx_snprintf((char *) buf, 33, "%08X%08X%08X%08X", | |
462 ctx->uid_set[0], ctx->uid_set[1], | |
463 ctx->uid_set[2], ctx->uid_set[3]); | |
464 } | |
465 | |
466 | |
467 static ngx_int_t ngx_http_userid_init(ngx_cycle_t *cycle) | |
468 { | |
469 ngx_http_next_header_filter = ngx_http_top_header_filter; | |
470 ngx_http_top_header_filter = ngx_http_userid_filter; | |
471 | |
472 return NGX_OK; | |
473 } | |
474 | |
475 | |
476 static ngx_int_t ngx_http_userid_pre_conf(ngx_conf_t *cf) | |
477 { | |
478 ngx_http_log_op_name_t *op; | |
479 | |
480 for (op = ngx_http_userid_log_fmt_ops; op->name.len; op++) { /* void */ } | |
481 op->op = NULL; | |
482 | |
483 op = ngx_http_log_fmt_ops; | |
484 | |
485 for (op = ngx_http_log_fmt_ops; op->op; op++) { | |
486 if (op->name.len == 0) { | |
487 op = (ngx_http_log_op_name_t *) op->op; | |
488 } | |
489 } | |
490 | |
491 op->op = (ngx_http_log_op_pt) ngx_http_userid_log_fmt_ops; | |
492 | |
493 return NGX_OK; | |
494 } | |
495 | |
496 | |
497 static void *ngx_http_userid_create_conf(ngx_conf_t *cf) | |
498 { | |
499 ngx_http_userid_conf_t *conf; | |
500 | |
501 if (!(conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_userid_conf_t)))) { | |
502 return NGX_CONF_ERROR; | |
503 } | |
504 | |
505 /* set by ngx_pcalloc(): | |
506 | |
507 conf->name.len = 0; | |
508 conf->name.date = NULL; | |
509 conf->domain.len = 0; | |
510 conf->domain.date = NULL; | |
511 conf->path.len = 0; | |
512 conf->path.date = NULL; | |
513 | |
514 */ | |
515 | |
516 conf->enable = NGX_CONF_UNSET; | |
517 conf->service = NGX_CONF_UNSET; | |
518 conf->expires = NGX_CONF_UNSET; | |
519 | |
520 return conf; | |
521 } | |
522 | |
523 | |
524 static char *ngx_http_userid_merge_conf(ngx_conf_t *cf, void *parent, | |
525 void *child) | |
526 { | |
527 ngx_http_userid_conf_t *prev = parent; | |
528 ngx_http_userid_conf_t *conf = child; | |
529 | |
530 ngx_conf_merge_value(conf->enable, prev->enable, NGX_HTTP_USERID_OFF); | |
531 | |
532 ngx_conf_merge_str_value(conf->name, prev->name, "uid"); | |
533 ngx_conf_merge_str_value(conf->domain, prev->domain, "."); | |
534 ngx_conf_merge_str_value(conf->path, prev->path, "/"); | |
535 | |
536 ngx_conf_merge_value(conf->service, prev->service, NGX_CONF_UNSET); | |
537 ngx_conf_merge_sec_value(conf->expires, prev->expires, 0); | |
538 | |
539 return NGX_CONF_OK; | |
540 } | |
541 | |
542 | |
543 char *ngx_conf_check_domain(ngx_conf_t *cf, void *post, void *data) | |
544 { | |
545 ngx_str_t *domain = data; | |
546 | |
547 if (domain->len == 4 && ngx_strcmp(domain->data, "none") == 0) { | |
548 domain->len = 1; | |
549 domain->data = (u_char *) "."; | |
550 } | |
551 | |
552 return NGX_CONF_OK; | |
553 } | |
554 | |
555 | |
556 char *ngx_http_userid_expires(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
557 { | |
558 ngx_http_userid_conf_t *ucf = conf; | |
559 | |
560 ngx_str_t *value; | |
561 | |
562 if (ucf->expires != NGX_CONF_UNSET) { | |
563 return "is duplicate"; | |
564 } | |
565 | |
566 value = cf->args->elts; | |
567 | |
568 if (ngx_strcmp(value[1].data, "max") == 0) { | |
569 ucf->expires = NGX_HTTP_USERID_MAX_EXPIRES; | |
570 return NGX_CONF_OK; | |
571 } | |
572 | |
573 if (ngx_strcmp(value[1].data, "off") == 0) { | |
574 ucf->expires = 0; | |
575 return NGX_CONF_OK; | |
576 } | |
577 | |
578 ucf->expires = ngx_parse_time(&value[1], 1); | |
579 if (ucf->expires == NGX_ERROR) { | |
580 return "invalid value"; | |
581 } | |
582 | |
583 if (ucf->expires == NGX_PARSE_LARGE_TIME) { | |
584 return "value must be less than 68 years"; | |
585 } | |
586 | |
587 return NGX_CONF_OK; | |
588 } |