keep response body of the subrequest inside the memory and use it if send_auth_body is set
Davood Falahati
0x0davood at gmail.com
Tue May 9 00:45:36 UTC 2023
# HG changeset patch
# User Davood Falahati <0x0davood at gmail.com>
# Date 1683593026 -7200
# Tue May 09 02:43:46 2023 +0200
# Node ID 1053357966cda6a0902b748a9b4b8a214b36ccd4
# Parent b71e69247483631bd8fc79a47cc32b762625b1fb
keep response body of the subrequest inside the memory and use it if
send_auth_body is set
diff -r b71e69247483 -r 1053357966cd
src/http/modules/ngx_http_auth_request_module.c
--- a/src/http/modules/ngx_http_auth_request_module.c Mon May 01 19:16:05
2023 +0400
+++ b/src/http/modules/ngx_http_auth_request_module.c Tue May 09 02:43:46
2023 +0200
@@ -13,6 +13,7 @@
typedef struct {
ngx_str_t uri;
ngx_array_t *vars;
+ ngx_flag_t enable;
} ngx_http_auth_request_conf_t;
@@ -62,6 +63,12 @@
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
+ { ngx_string("send_auth_body"),
+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF |
NGX_CONF_TAKE1,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_auth_request_conf_t, enable),
+ NULL },
ngx_null_command
};
@@ -106,6 +113,9 @@
ngx_http_post_subrequest_t *ps;
ngx_http_auth_request_ctx_t *ctx;
ngx_http_auth_request_conf_t *arcf;
+ ngx_list_t *hs;
+ ngx_buf_t *b;
+ ngx_chain_t out, *in;
arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module);
@@ -141,6 +151,36 @@
if (ctx->status == NGX_HTTP_UNAUTHORIZED) {
sr = ctx->subrequest;
+ if (arcf->enable) {
+
+ r->headers_out.content_type = sr->headers_out.content_type;
+
+ hs = &sr->headers_out.headers;
+
+ r->headers_out.headers = *hs;
+
+ b = ngx_calloc_buf(r->pool);
+ if (b == NULL) {
+ return NGX_ERROR;
+ }
+
+ r->headers_out.status = ctx->status;
+
+ b->last_buf = 1;
+ b->last_in_chain = 1;
+ b->memory = 1;
+
+ out.buf = b;
+ out.next = NULL;
+
+ in = sr->out;
+ in->next = &out;
+
+ ngx_http_send_header(r);
+
+ return ngx_http_output_filter(r, in);
+ }
+
h = sr->headers_out.www_authenticate;
if (!h && sr->upstream) {
@@ -191,9 +231,12 @@
ps->handler = ngx_http_auth_request_done;
ps->data = ctx;
-
+ /*
+ * response body is being kept in memory and client won't receive it
+ * use subrequest->out to access the chain buffer
+ */
if (ngx_http_subrequest(r, &arcf->uri, NULL, &sr, ps,
- NGX_HTTP_SUBREQUEST_WAITED)
+ NGX_HTTP_SUBREQUEST_IN_MEMORY)
!= NGX_OK)
{
return NGX_ERROR;
@@ -209,8 +252,6 @@
return NGX_ERROR;
}
- sr->header_only = 1;
-
ctx->subrequest = sr;
ngx_http_set_ctx(r, ctx, ngx_http_auth_request_module);
@@ -323,6 +364,8 @@
conf->vars = NGX_CONF_UNSET_PTR;
+ conf->enable = NGX_CONF_UNSET;
+
return conf;
}
@@ -335,6 +378,7 @@
ngx_conf_merge_str_value(conf->uri, prev->uri, "");
ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL);
+ ngx_conf_merge_value(conf->enable, prev->enable, 0);
return NGX_CONF_OK;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20230509/ea8a5325/attachment.htm>
More information about the nginx-devel
mailing list