enable request_auth module to send auth service error message body when it is allowed
Davood Falahati
0x0davood at gmail.com
Mon May 8 23:40:18 UTC 2023
# HG changeset patch
# User Davood Falahati <0x0davood at gmail.com>
# Date 1683588448 -7200
# Tue May 09 01:27:28 2023 +0200
# Node ID 0977f155bc2d288eedf006033b9a5094d0e8098f
# Parent b71e69247483631bd8fc79a47cc32b762625b1fb
let request_auth_module pass auth body when it is allowed
diff -r b71e69247483 -r 0977f155bc2d
src/http/modules/ngx_http_auth_request_module.c
--- a/src/http/modules/ngx_http_auth_request_module.c Mon May 01 19:16:05
2023 +0400
+++ b/src/http/modules/ngx_http_auth_request_module.c Tue May 09 01:27:28
2023 +0200
@@ -13,6 +13,7 @@
typedef struct {
ngx_str_t uri;
ngx_array_t *vars;
+ ngx_flag_t enable;
} ngx_http_auth_request_conf_t;
@@ -62,6 +63,12 @@
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
+ { ngx_string("send_auth_body"),
+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF |
NGX_CONF_TAKE1,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_auth_request_conf_t, enable),
+ NULL },
ngx_null_command
};
@@ -106,6 +113,9 @@
ngx_http_post_subrequest_t *ps;
ngx_http_auth_request_ctx_t *ctx;
ngx_http_auth_request_conf_t *arcf;
+ ngx_list_t *hs;
+ ngx_buf_t *b;
+ ngx_chain_t out, *in;
arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module);
@@ -141,6 +151,36 @@
if (ctx->status == NGX_HTTP_UNAUTHORIZED) {
sr = ctx->subrequest;
+ if (arcf->enable) {
+
+ r->headers_out.content_type = sr->headers_out.content_type;
+
+ hs = &sr->headers_out.headers;
+
+ r->headers_out.headers = *hs;
+
+ b = ngx_calloc_buf(r->pool);
+ if (b == NULL) {
+ return NGX_ERROR;
+ }
+
+ r->headers_out.status = ctx->status;
+
+ b->last_buf = 1;
+ b->last_in_chain = 1;
+ b->memory = 1;
+
+ out.buf = b;
+ out.next = NULL;
+
+ in = ctx->subrequest->out;
+ in->next = &out;
+
+ ngx_http_send_header(r);
+
+ return ngx_http_output_filter(r, in);
+ }
+
h = sr->headers_out.www_authenticate;
if (!h && sr->upstream) {
@@ -323,6 +363,8 @@
conf->vars = NGX_CONF_UNSET_PTR;
+ conf->enable = NGX_CONF_UNSET;
+
return conf;
}
@@ -335,6 +377,7 @@
ngx_conf_merge_str_value(conf->uri, prev->uri, "");
ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL);
+ ngx_conf_merge_value(conf->enable, prev->enable, 0);
return NGX_CONF_OK;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20230509/fe569e17/attachment-0001.htm>
More information about the nginx-devel
mailing list