[nginx] Auth request module import.

Maxim Dounin mdounin at mdounin.ru
Wed Aug 21 15:44:28 UTC 2013


details:   http://hg.nginx.org/nginx/rev/00bdc9f08a16
branches:  
changeset: 5329:00bdc9f08a16
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Wed Aug 21 19:19:47 2013 +0400
description:
Auth request module import.

diffstat:

 auto/modules                                    |    5 +
 auto/options                                    |    3 +
 auto/sources                                    |    4 +
 src/http/modules/ngx_http_auth_request_module.c |  444 ++++++++++++++++++++++++
 4 files changed, 456 insertions(+), 0 deletions(-)

diffs (truncated from 505 to 300 lines):

diff --git a/auto/modules b/auto/modules
--- a/auto/modules
+++ b/auto/modules
@@ -220,6 +220,11 @@ if [ $HTTP_RANDOM_INDEX = YES ]; then
     HTTP_SRCS="$HTTP_SRCS $HTTP_RANDOM_INDEX_SRCS"
 fi
 
+if [ $HTTP_AUTH_REQUEST = YES ]; then
+    HTTP_MODULES="$HTTP_MODULES $HTTP_AUTH_REQUEST_MODULE"
+    HTTP_SRCS="$HTTP_SRCS $HTTP_AUTH_REQUEST_SRCS"
+fi
+
 if [ $HTTP_AUTH_BASIC = YES ]; then
     USE_MD5=YES
     USE_SHA1=YES
diff --git a/auto/options b/auto/options
--- a/auto/options
+++ b/auto/options
@@ -71,6 +71,7 @@ HTTP_ADDITION=NO
 HTTP_DAV=NO
 HTTP_ACCESS=YES
 HTTP_AUTH_BASIC=YES
+HTTP_AUTH_REQUEST=NO
 HTTP_USERID=YES
 HTTP_AUTOINDEX=YES
 HTTP_RANDOM_INDEX=NO
@@ -215,6 +216,7 @@ do
         --with-http_mp4_module)          HTTP_MP4=YES               ;;
         --with-http_gunzip_module)       HTTP_GUNZIP=YES            ;;
         --with-http_gzip_static_module)  HTTP_GZIP_STATIC=YES       ;;
+        --with-http_auth_request_module) HTTP_AUTH_REQUEST=YES      ;;
         --with-http_random_index_module) HTTP_RANDOM_INDEX=YES      ;;
         --with-http_secure_link_module)  HTTP_SECURE_LINK=YES       ;;
         --with-http_degradation_module)  HTTP_DEGRADATION=YES       ;;
@@ -363,6 +365,7 @@ cat << END
   --with-http_mp4_module             enable ngx_http_mp4_module
   --with-http_gunzip_module          enable ngx_http_gunzip_module
   --with-http_gzip_static_module     enable ngx_http_gzip_static_module
+  --with-http_auth_request_module    enable ngx_http_auth_request_module
   --with-http_random_index_module    enable ngx_http_random_index_module
   --with-http_secure_link_module     enable ngx_http_secure_link_module
   --with-http_degradation_module     enable ngx_http_degradation_module
diff --git a/auto/sources b/auto/sources
--- a/auto/sources
+++ b/auto/sources
@@ -386,6 +386,10 @@ HTTP_AUTH_BASIC_MODULE=ngx_http_auth_bas
 HTTP_AUTH_BASIC_SRCS=src/http/modules/ngx_http_auth_basic_module.c
 
 
+HTTP_AUTH_REQUEST_MODULE=ngx_http_auth_request_module
+HTTP_AUTH_REQUEST_SRCS=src/http/modules/ngx_http_auth_request_module.c
+
+
 HTTP_AUTOINDEX_MODULE=ngx_http_autoindex_module
 HTTP_AUTOINDEX_SRCS=src/http/modules/ngx_http_autoindex_module.c
 
diff --git a/src/http/modules/ngx_http_auth_request_module.c b/src/http/modules/ngx_http_auth_request_module.c
new file mode 100644
--- /dev/null
+++ b/src/http/modules/ngx_http_auth_request_module.c
@@ -0,0 +1,444 @@
+
+/*
+ * Copyright (C) Maxim Dounin
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+    ngx_str_t                 uri;
+    ngx_array_t              *vars;
+} ngx_http_auth_request_conf_t;
+
+
+typedef struct {
+    ngx_uint_t                done;
+    ngx_uint_t                status;
+    ngx_http_request_t       *subrequest;
+} ngx_http_auth_request_ctx_t;
+
+
+typedef struct {
+    ngx_int_t                 index;
+    ngx_http_complex_value_t  value;
+    ngx_http_set_variable_pt  set_handler;
+} ngx_http_auth_request_variable_t;
+
+
+static ngx_int_t ngx_http_auth_request_handler(ngx_http_request_t *r);
+static ngx_int_t ngx_http_auth_request_done(ngx_http_request_t *r,
+    void *data, ngx_int_t rc);
+static ngx_int_t ngx_http_auth_request_set_variables(ngx_http_request_t *r,
+    ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx);
+static ngx_int_t ngx_http_auth_request_variable(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data);
+static void *ngx_http_auth_request_create_conf(ngx_conf_t *cf);
+static char *ngx_http_auth_request_merge_conf(ngx_conf_t *cf,
+    void *parent, void *child);
+static ngx_int_t ngx_http_auth_request_init(ngx_conf_t *cf);
+static char *ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+static char *ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+
+
+static ngx_command_t  ngx_http_auth_request_commands[] = {
+
+    { ngx_string("auth_request"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_http_auth_request,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL },
+
+    { ngx_string("auth_request_set"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
+      ngx_http_auth_request_set,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL },
+
+      ngx_null_command
+};
+
+
+static ngx_http_module_t  ngx_http_auth_request_module_ctx = {
+    NULL,                                  /* preconfiguration */
+    ngx_http_auth_request_init,            /* postconfiguration */
+
+    NULL,                                  /* create main configuration */
+    NULL,                                  /* init main configuration */
+
+    NULL,                                  /* create server configuration */
+    NULL,                                  /* merge server configuration */
+
+    ngx_http_auth_request_create_conf,     /* create location configuration */
+    ngx_http_auth_request_merge_conf       /* merge location configuration */
+};
+
+
+ngx_module_t  ngx_http_auth_request_module = {
+    NGX_MODULE_V1,
+    &ngx_http_auth_request_module_ctx,     /* module context */
+    ngx_http_auth_request_commands,        /* module directives */
+    NGX_HTTP_MODULE,                       /* module type */
+    NULL,                                  /* init master */
+    NULL,                                  /* init module */
+    NULL,                                  /* init process */
+    NULL,                                  /* init thread */
+    NULL,                                  /* exit thread */
+    NULL,                                  /* exit process */
+    NULL,                                  /* exit master */
+    NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_http_auth_request_handler(ngx_http_request_t *r)
+{
+    ngx_table_elt_t               *h, *ho;
+    ngx_http_request_t            *sr;
+    ngx_http_post_subrequest_t    *ps;
+    ngx_http_auth_request_ctx_t   *ctx;
+    ngx_http_auth_request_conf_t  *arcf;
+
+    arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module);
+
+    if (arcf->uri.len == 0) {
+        return NGX_DECLINED;
+    }
+
+    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "auth request handler");
+
+    ctx = ngx_http_get_module_ctx(r, ngx_http_auth_request_module);
+
+    if (ctx != NULL) {
+        if (!ctx->done) {
+            return NGX_AGAIN;
+        }
+
+        /*
+         * as soon as we are done - explicitly set variables to make
+         * sure they will be available after internal redirects
+         */
+
+        if (ngx_http_auth_request_set_variables(r, arcf, ctx) != NGX_OK) {
+            return NGX_ERROR;
+        }
+
+        /* return appropriate status */
+
+        if (ctx->status == NGX_HTTP_FORBIDDEN) {
+            return ctx->status;
+        }
+
+        if (ctx->status == NGX_HTTP_UNAUTHORIZED) {
+            sr = ctx->subrequest;
+
+            h = sr->headers_out.www_authenticate;
+
+            if (!h && sr->upstream) {
+                h = sr->upstream->headers_in.www_authenticate;
+            }
+
+            if (h) {
+                ho = ngx_list_push(&r->headers_out.headers);
+                if (ho == NULL) {
+                    return NGX_ERROR;
+                }
+
+                *ho = *h;
+
+                r->headers_out.www_authenticate = ho;
+            }
+
+            return ctx->status;
+        }
+
+        if (ctx->status >= NGX_HTTP_OK
+            && ctx->status < NGX_HTTP_SPECIAL_RESPONSE)
+        {
+            return NGX_OK;
+        }
+
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "auth request unexpected status: %d", ctx->status);
+
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    }
+
+    ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_auth_request_ctx_t));
+    if (ctx == NULL) {
+        return NGX_ERROR;
+    }
+
+    ps = ngx_palloc(r->pool, sizeof(ngx_http_post_subrequest_t));
+    if (ps == NULL) {
+        return NGX_ERROR;
+    }
+
+    ps->handler = ngx_http_auth_request_done;
+    ps->data = ctx;
+
+    if (ngx_http_subrequest(r, &arcf->uri, NULL, &sr, ps,
+                            NGX_HTTP_SUBREQUEST_WAITED)
+        != NGX_OK)
+    {
+        return NGX_ERROR;
+    }
+
+    /*
+     * allocate fake request body to avoid attempts to read it and to make
+     * sure real body file (if already read) won't be closed by upstream
+     */
+
+    sr->request_body = ngx_pcalloc(r->pool, sizeof(ngx_http_request_body_t));
+    if (sr->request_body == NULL) {
+        return NGX_ERROR;
+    }
+
+    sr->header_only = 1;
+
+    ctx->subrequest = sr;
+
+    ngx_http_set_ctx(r, ctx, ngx_http_auth_request_module);
+
+    return NGX_AGAIN;
+}
+
+
+static ngx_int_t
+ngx_http_auth_request_done(ngx_http_request_t *r, void *data, ngx_int_t rc)
+{
+    ngx_http_auth_request_ctx_t   *ctx = data;
+
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "auth request done s:%d", r->headers_out.status);
+
+    ctx->done = 1;
+    ctx->status = r->headers_out.status;
+
+    return rc;
+}
+
+
+static ngx_int_t
+ngx_http_auth_request_set_variables(ngx_http_request_t *r,
+    ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx)
+{
+    ngx_str_t                          val;
+    ngx_http_variable_t               *v;
+    ngx_http_variable_value_t         *vv;
+    ngx_http_auth_request_variable_t  *av, *last;
+    ngx_http_core_main_conf_t         *cmcf;



More information about the nginx-devel mailing list