[RFC] auth_request: Add auth_request_intercept_errors (on by default)

Sat Oct 25 16:19:02 UTC 2014

# HG changeset patch
# User W. Trevor King <wking at tremily.us>
# Date 1414251802 25200
#      Sat Oct 25 08:43:22 2014 -0700
# Node ID cffff97c4b7ce07175cf6ac1ac0c8b814d86d468
# Parent  973fded4f461f3a397779b3a1dc80881b1b34974
auth_request: Add auth_request_intercept_errors (on by default).

This allows you (with 'auth_request_intercept_errors off') to pass
through errors >= 400 from the auth_request endpoint.  You might want
to do this if you want to return more explicit information about what
went wrong (e.g., returning a 504 if the auth_request endpoint times
out).

diff -r 973fded4f461 -r cffff97c4b7c src/http/modules/ngx_http_auth_request_module.c

--- a/src/http/modules/ngx_http_auth_request_module.c	Wed Oct 15 22:57:23 2014 +0400
+++ b/src/http/modules/ngx_http_auth_request_module.c	Sat Oct 25 08:43:22 2014 -0700
@@ -12,6 +12,7 @@
 
 typedef struct {
     ngx_str_t                 uri;
+    ngx_flag_t                intercept_errors;
     ngx_array_t              *vars;
 } ngx_http_auth_request_conf_t;
 
@@ -63,6 +64,13 @@
       0,
       NULL },
 
+    { ngx_string("auth_request_intercept_errors"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_auth_request_conf_t, intercept_errors),
+      NULL },
+
       ngx_null_command
 };
 
@@ -167,6 +175,11 @@
             return NGX_OK;
         }
 
+        if (ctx->status >= NGX_HTTP_BAD_REQUEST
+            && !arcf->intercept_errors) {
+            return ctx->status;
+        }
+
         ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                       "auth request unexpected status: %d", ctx->status);
 
@@ -315,6 +328,7 @@
      *     conf->uri = { 0, NULL };
      */
 
+    conf->intercept_errors = NGX_CONF_UNSET;
     conf->vars = NGX_CONF_UNSET_PTR;
 
     return conf;
@@ -328,6 +342,7 @@
     ngx_http_auth_request_conf_t *conf = child;
 
     ngx_conf_merge_str_value(conf->uri, prev->uri, "");
+    ngx_conf_merge_value(conf->intercept_errors, prev->intercept_errors, 1);
     ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL);
 
     return NGX_CONF_OK;

