Mercurial > hg > nginx
comparison src/http/modules/ngx_http_userid_filter_module.c @ 7717:e3e8b8234f05
Userid: userid_flags directive to set cookie flags.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 28 Sep 2020 17:07:48 +0300 |
parents | ecc97cb0eda4 |
children | c0cacad62cc8 |
comparison
equal
deleted
inserted
replaced
7716:d6a5e14aa3e4 | 7717:e3e8b8234f05 |
---|---|
13 #define NGX_HTTP_USERID_OFF 0 | 13 #define NGX_HTTP_USERID_OFF 0 |
14 #define NGX_HTTP_USERID_LOG 1 | 14 #define NGX_HTTP_USERID_LOG 1 |
15 #define NGX_HTTP_USERID_V1 2 | 15 #define NGX_HTTP_USERID_V1 2 |
16 #define NGX_HTTP_USERID_ON 3 | 16 #define NGX_HTTP_USERID_ON 3 |
17 | 17 |
18 #define NGX_HTTP_USERID_COOKIE_SECURE 0x0001 | |
19 #define NGX_HTTP_USERID_COOKIE_HTTPONLY 0x0002 | |
20 #define NGX_HTTP_USERID_COOKIE_SAMESITE 0x0004 | |
21 #define NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT 0x0008 | |
22 #define NGX_HTTP_USERID_COOKIE_SAMESITE_LAX 0x0010 | |
23 #define NGX_HTTP_USERID_COOKIE_SAMESITE_NONE 0x0020 | |
24 | |
18 /* 31 Dec 2037 23:55:55 GMT */ | 25 /* 31 Dec 2037 23:55:55 GMT */ |
19 #define NGX_HTTP_USERID_MAX_EXPIRES 2145916555 | 26 #define NGX_HTTP_USERID_MAX_EXPIRES 2145916555 |
20 | 27 |
21 | 28 |
22 typedef struct { | 29 typedef struct { |
23 ngx_uint_t enable; | 30 ngx_uint_t enable; |
31 ngx_uint_t flags; | |
24 | 32 |
25 ngx_int_t service; | 33 ngx_int_t service; |
26 | 34 |
27 ngx_str_t name; | 35 ngx_str_t name; |
28 ngx_str_t domain; | 36 ngx_str_t domain; |
86 { ngx_string("on"), NGX_HTTP_USERID_ON }, | 94 { ngx_string("on"), NGX_HTTP_USERID_ON }, |
87 { ngx_null_string, 0 } | 95 { ngx_null_string, 0 } |
88 }; | 96 }; |
89 | 97 |
90 | 98 |
99 static ngx_conf_bitmask_t ngx_http_userid_flags[] = { | |
100 { ngx_string("secure"), NGX_HTTP_USERID_COOKIE_SECURE }, | |
101 { ngx_string("httponly"), NGX_HTTP_USERID_COOKIE_HTTPONLY }, | |
102 { ngx_string("samesite=strict"), | |
103 NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT }, | |
104 { ngx_string("samesite=lax"), | |
105 NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_LAX }, | |
106 { ngx_string("samesite=none"), | |
107 NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_NONE }, | |
108 { ngx_null_string, 0 } | |
109 }; | |
110 | |
111 | |
91 static ngx_conf_post_handler_pt ngx_http_userid_domain_p = | 112 static ngx_conf_post_handler_pt ngx_http_userid_domain_p = |
92 ngx_http_userid_domain; | 113 ngx_http_userid_domain; |
93 static ngx_conf_post_handler_pt ngx_http_userid_path_p = ngx_http_userid_path; | 114 static ngx_conf_post_handler_pt ngx_http_userid_path_p = ngx_http_userid_path; |
94 static ngx_conf_post_handler_pt ngx_http_userid_p3p_p = ngx_http_userid_p3p; | 115 static ngx_conf_post_handler_pt ngx_http_userid_p3p_p = ngx_http_userid_p3p; |
95 | 116 |
135 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 156 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
136 ngx_http_userid_expires, | 157 ngx_http_userid_expires, |
137 NGX_HTTP_LOC_CONF_OFFSET, | 158 NGX_HTTP_LOC_CONF_OFFSET, |
138 0, | 159 0, |
139 NULL }, | 160 NULL }, |
161 | |
162 { ngx_string("userid_flags"), | |
163 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE123, | |
164 ngx_conf_set_bitmask_slot, | |
165 NGX_HTTP_LOC_CONF_OFFSET, | |
166 offsetof(ngx_http_userid_conf_t, flags), | |
167 &ngx_http_userid_flags }, | |
140 | 168 |
141 { ngx_string("userid_p3p"), | 169 { ngx_string("userid_p3p"), |
142 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 170 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
143 ngx_conf_set_str_slot, | 171 ngx_conf_set_str_slot, |
144 NGX_HTTP_LOC_CONF_OFFSET, | 172 NGX_HTTP_LOC_CONF_OFFSET, |
381 | 409 |
382 if (conf->domain.len) { | 410 if (conf->domain.len) { |
383 len += conf->domain.len; | 411 len += conf->domain.len; |
384 } | 412 } |
385 | 413 |
414 if (conf->flags & NGX_HTTP_USERID_COOKIE_SECURE) { | |
415 len += sizeof("; secure") - 1; | |
416 } | |
417 | |
418 if (conf->flags & NGX_HTTP_USERID_COOKIE_HTTPONLY) { | |
419 len += sizeof("; httponly") - 1; | |
420 } | |
421 | |
422 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT) { | |
423 len += sizeof("; samesite=strict") - 1; | |
424 } | |
425 | |
426 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_LAX) { | |
427 len += sizeof("; samesite=lax") - 1; | |
428 } | |
429 | |
430 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_NONE) { | |
431 len += sizeof("; samesite=none") - 1; | |
432 } | |
433 | |
386 cookie = ngx_pnalloc(r->pool, len); | 434 cookie = ngx_pnalloc(r->pool, len); |
387 if (cookie == NULL) { | 435 if (cookie == NULL) { |
388 return NGX_ERROR; | 436 return NGX_ERROR; |
389 } | 437 } |
390 | 438 |
419 } | 467 } |
420 | 468 |
421 p = ngx_copy(p, conf->domain.data, conf->domain.len); | 469 p = ngx_copy(p, conf->domain.data, conf->domain.len); |
422 | 470 |
423 p = ngx_copy(p, conf->path.data, conf->path.len); | 471 p = ngx_copy(p, conf->path.data, conf->path.len); |
472 | |
473 if (conf->flags & NGX_HTTP_USERID_COOKIE_SECURE) { | |
474 p = ngx_cpymem(p, "; secure", sizeof("; secure") - 1); | |
475 } | |
476 | |
477 if (conf->flags & NGX_HTTP_USERID_COOKIE_HTTPONLY) { | |
478 p = ngx_cpymem(p, "; httponly", sizeof("; httponly") - 1); | |
479 } | |
480 | |
481 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT) { | |
482 p = ngx_cpymem(p, "; samesite=strict", sizeof("; samesite=strict") - 1); | |
483 } | |
484 | |
485 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_LAX) { | |
486 p = ngx_cpymem(p, "; samesite=lax", sizeof("; samesite=lax") - 1); | |
487 } | |
488 | |
489 if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_NONE) { | |
490 p = ngx_cpymem(p, "; samesite=none", sizeof("; samesite=none") - 1); | |
491 } | |
424 | 492 |
425 set_cookie = ngx_list_push(&r->headers_out.headers); | 493 set_cookie = ngx_list_push(&r->headers_out.headers); |
426 if (set_cookie == NULL) { | 494 if (set_cookie == NULL) { |
427 return NGX_ERROR; | 495 return NGX_ERROR; |
428 } | 496 } |
656 } | 724 } |
657 | 725 |
658 /* | 726 /* |
659 * set by ngx_pcalloc(): | 727 * set by ngx_pcalloc(): |
660 * | 728 * |
729 * conf->flags = 0; | |
661 * conf->name = { 0, NULL }; | 730 * conf->name = { 0, NULL }; |
662 * conf->domain = { 0, NULL }; | 731 * conf->domain = { 0, NULL }; |
663 * conf->path = { 0, NULL }; | 732 * conf->path = { 0, NULL }; |
664 * conf->p3p = { 0, NULL }; | 733 * conf->p3p = { 0, NULL }; |
665 */ | 734 */ |
679 ngx_http_userid_conf_t *prev = parent; | 748 ngx_http_userid_conf_t *prev = parent; |
680 ngx_http_userid_conf_t *conf = child; | 749 ngx_http_userid_conf_t *conf = child; |
681 | 750 |
682 ngx_conf_merge_uint_value(conf->enable, prev->enable, | 751 ngx_conf_merge_uint_value(conf->enable, prev->enable, |
683 NGX_HTTP_USERID_OFF); | 752 NGX_HTTP_USERID_OFF); |
753 | |
754 ngx_conf_merge_bitmask_value(conf->flags, prev->flags, | |
755 NGX_CONF_BITMASK_SET); | |
684 | 756 |
685 ngx_conf_merge_str_value(conf->name, prev->name, "uid"); | 757 ngx_conf_merge_str_value(conf->name, prev->name, "uid"); |
686 ngx_conf_merge_str_value(conf->domain, prev->domain, ""); | 758 ngx_conf_merge_str_value(conf->domain, prev->domain, ""); |
687 ngx_conf_merge_str_value(conf->path, prev->path, "; path=/"); | 759 ngx_conf_merge_str_value(conf->path, prev->path, "; path=/"); |
688 ngx_conf_merge_str_value(conf->p3p, prev->p3p, ""); | 760 ngx_conf_merge_str_value(conf->p3p, prev->p3p, ""); |