Mercurial > hg > nginx

comparison src/http/modules/ngx_http_userid_filter_module.c @ 7717:e3e8b8234f05

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Userid: userid_flags directive to set cookie flags.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 28 Sep 2020 17:07:48 +0300
parents ecc97cb0eda4
children c0cacad62cc8
comparison
equal deleted inserted replaced
7716:d6a5e14aa3e4 7717:e3e8b8234f05
13 #define NGX_HTTP_USERID_OFF 0 13 #define NGX_HTTP_USERID_OFF 0
14 #define NGX_HTTP_USERID_LOG 1 14 #define NGX_HTTP_USERID_LOG 1
15 #define NGX_HTTP_USERID_V1 2 15 #define NGX_HTTP_USERID_V1 2
16 #define NGX_HTTP_USERID_ON 3 16 #define NGX_HTTP_USERID_ON 3
17 17
18 #define NGX_HTTP_USERID_COOKIE_SECURE 0x0001
19 #define NGX_HTTP_USERID_COOKIE_HTTPONLY 0x0002
20 #define NGX_HTTP_USERID_COOKIE_SAMESITE 0x0004
21 #define NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT 0x0008
22 #define NGX_HTTP_USERID_COOKIE_SAMESITE_LAX 0x0010
23 #define NGX_HTTP_USERID_COOKIE_SAMESITE_NONE 0x0020
24
18 /* 31 Dec 2037 23:55:55 GMT */ 25 /* 31 Dec 2037 23:55:55 GMT */
19 #define NGX_HTTP_USERID_MAX_EXPIRES 2145916555 26 #define NGX_HTTP_USERID_MAX_EXPIRES 2145916555
20 27
21 28
22 typedef struct { 29 typedef struct {
23 ngx_uint_t enable; 30 ngx_uint_t enable;
31 ngx_uint_t flags;
24 32
25 ngx_int_t service; 33 ngx_int_t service;
26 34
27 ngx_str_t name; 35 ngx_str_t name;
28 ngx_str_t domain; 36 ngx_str_t domain;
86 { ngx_string("on"), NGX_HTTP_USERID_ON }, 94 { ngx_string("on"), NGX_HTTP_USERID_ON },
87 { ngx_null_string, 0 } 95 { ngx_null_string, 0 }
88 }; 96 };
89 97
90 98
99 static ngx_conf_bitmask_t ngx_http_userid_flags[] = {
100 { ngx_string("secure"), NGX_HTTP_USERID_COOKIE_SECURE },
101 { ngx_string("httponly"), NGX_HTTP_USERID_COOKIE_HTTPONLY },
102 { ngx_string("samesite=strict"),
103 NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT },
104 { ngx_string("samesite=lax"),
105 NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_LAX },
106 { ngx_string("samesite=none"),
107 NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_NONE },
108 { ngx_null_string, 0 }
109 };
110
111
91 static ngx_conf_post_handler_pt ngx_http_userid_domain_p = 112 static ngx_conf_post_handler_pt ngx_http_userid_domain_p =
92 ngx_http_userid_domain; 113 ngx_http_userid_domain;
93 static ngx_conf_post_handler_pt ngx_http_userid_path_p = ngx_http_userid_path; 114 static ngx_conf_post_handler_pt ngx_http_userid_path_p = ngx_http_userid_path;
94 static ngx_conf_post_handler_pt ngx_http_userid_p3p_p = ngx_http_userid_p3p; 115 static ngx_conf_post_handler_pt ngx_http_userid_p3p_p = ngx_http_userid_p3p;
95 116
135 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 156 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
136 ngx_http_userid_expires, 157 ngx_http_userid_expires,
137 NGX_HTTP_LOC_CONF_OFFSET, 158 NGX_HTTP_LOC_CONF_OFFSET,
138 0, 159 0,
139 NULL }, 160 NULL },
161
162 { ngx_string("userid_flags"),
163 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE123,
164 ngx_conf_set_bitmask_slot,
165 NGX_HTTP_LOC_CONF_OFFSET,
166 offsetof(ngx_http_userid_conf_t, flags),
167 &ngx_http_userid_flags },
140 168
141 { ngx_string("userid_p3p"), 169 { ngx_string("userid_p3p"),
142 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 170 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
143 ngx_conf_set_str_slot, 171 ngx_conf_set_str_slot,
144 NGX_HTTP_LOC_CONF_OFFSET, 172 NGX_HTTP_LOC_CONF_OFFSET,
381 409
382 if (conf->domain.len) { 410 if (conf->domain.len) {
383 len += conf->domain.len; 411 len += conf->domain.len;
384 } 412 }
385 413
414 if (conf->flags & NGX_HTTP_USERID_COOKIE_SECURE) {
415 len += sizeof("; secure") - 1;
416 }
417
418 if (conf->flags & NGX_HTTP_USERID_COOKIE_HTTPONLY) {
419 len += sizeof("; httponly") - 1;
420 }
421
422 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT) {
423 len += sizeof("; samesite=strict") - 1;
424 }
425
426 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_LAX) {
427 len += sizeof("; samesite=lax") - 1;
428 }
429
430 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_NONE) {
431 len += sizeof("; samesite=none") - 1;
432 }
433
386 cookie = ngx_pnalloc(r->pool, len); 434 cookie = ngx_pnalloc(r->pool, len);
387 if (cookie == NULL) { 435 if (cookie == NULL) {
388 return NGX_ERROR; 436 return NGX_ERROR;
389 } 437 }
390 438
419 } 467 }
420 468
421 p = ngx_copy(p, conf->domain.data, conf->domain.len); 469 p = ngx_copy(p, conf->domain.data, conf->domain.len);
422 470
423 p = ngx_copy(p, conf->path.data, conf->path.len); 471 p = ngx_copy(p, conf->path.data, conf->path.len);
472
473 if (conf->flags & NGX_HTTP_USERID_COOKIE_SECURE) {
474 p = ngx_cpymem(p, "; secure", sizeof("; secure") - 1);
475 }
476
477 if (conf->flags & NGX_HTTP_USERID_COOKIE_HTTPONLY) {
478 p = ngx_cpymem(p, "; httponly", sizeof("; httponly") - 1);
479 }
480
481 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT) {
482 p = ngx_cpymem(p, "; samesite=strict", sizeof("; samesite=strict") - 1);
483 }
484
485 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_LAX) {
486 p = ngx_cpymem(p, "; samesite=lax", sizeof("; samesite=lax") - 1);
487 }
488
489 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_NONE) {
490 p = ngx_cpymem(p, "; samesite=none", sizeof("; samesite=none") - 1);
491 }
424 492
425 set_cookie = ngx_list_push(&r->headers_out.headers); 493 set_cookie = ngx_list_push(&r->headers_out.headers);
426 if (set_cookie == NULL) { 494 if (set_cookie == NULL) {
427 return NGX_ERROR; 495 return NGX_ERROR;
428 } 496 }
656 } 724 }
657 725
658 /* 726 /*
659 * set by ngx_pcalloc(): 727 * set by ngx_pcalloc():
660 * 728 *
729 * conf->flags = 0;
661 * conf->name = { 0, NULL }; 730 * conf->name = { 0, NULL };
662 * conf->domain = { 0, NULL }; 731 * conf->domain = { 0, NULL };
663 * conf->path = { 0, NULL }; 732 * conf->path = { 0, NULL };
664 * conf->p3p = { 0, NULL }; 733 * conf->p3p = { 0, NULL };
665 */ 734 */
679 ngx_http_userid_conf_t *prev = parent; 748 ngx_http_userid_conf_t *prev = parent;
680 ngx_http_userid_conf_t *conf = child; 749 ngx_http_userid_conf_t *conf = child;
681 750
682 ngx_conf_merge_uint_value(conf->enable, prev->enable, 751 ngx_conf_merge_uint_value(conf->enable, prev->enable,
683 NGX_HTTP_USERID_OFF); 752 NGX_HTTP_USERID_OFF);
753
754 ngx_conf_merge_bitmask_value(conf->flags, prev->flags,
755 NGX_CONF_BITMASK_SET);
684 756
685 ngx_conf_merge_str_value(conf->name, prev->name, "uid"); 757 ngx_conf_merge_str_value(conf->name, prev->name, "uid");
686 ngx_conf_merge_str_value(conf->domain, prev->domain, ""); 758 ngx_conf_merge_str_value(conf->domain, prev->domain, "");
687 ngx_conf_merge_str_value(conf->path, prev->path, "; path=/"); 759 ngx_conf_merge_str_value(conf->path, prev->path, "; path=/");
688 ngx_conf_merge_str_value(conf->p3p, prev->p3p, ""); 760 ngx_conf_merge_str_value(conf->p3p, prev->p3p, "");