enable request_auth module to send auth service error message body when it is allowed

Davood Falahati 0x0davood at gmail.com
Mon May 8 23:40:18 UTC 2023


# HG changeset patch
# User Davood Falahati <0x0davood at gmail.com>
# Date 1683588448 -7200
#      Tue May 09 01:27:28 2023 +0200
# Node ID 0977f155bc2d288eedf006033b9a5094d0e8098f
# Parent  b71e69247483631bd8fc79a47cc32b762625b1fb
let request_auth_module pass auth body when it is allowed

diff -r b71e69247483 -r 0977f155bc2d
src/http/modules/ngx_http_auth_request_module.c
--- a/src/http/modules/ngx_http_auth_request_module.c Mon May 01 19:16:05
2023 +0400
+++ b/src/http/modules/ngx_http_auth_request_module.c Tue May 09 01:27:28
2023 +0200
@@ -13,6 +13,7 @@
 typedef struct {
     ngx_str_t                 uri;
     ngx_array_t              *vars;
+    ngx_flag_t                enable;
 } ngx_http_auth_request_conf_t;


@@ -62,6 +63,12 @@
       NGX_HTTP_LOC_CONF_OFFSET,
       0,
       NULL },
+    { ngx_string("send_auth_body"),
+      NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF |
NGX_CONF_TAKE1,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_auth_request_conf_t, enable),
+      NULL },

       ngx_null_command
 };
@@ -106,6 +113,9 @@
     ngx_http_post_subrequest_t    *ps;
     ngx_http_auth_request_ctx_t   *ctx;
     ngx_http_auth_request_conf_t  *arcf;
+    ngx_list_t *hs;
+    ngx_buf_t *b;
+    ngx_chain_t out, *in;

     arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module);

@@ -141,6 +151,36 @@
         if (ctx->status == NGX_HTTP_UNAUTHORIZED) {
             sr = ctx->subrequest;

+            if (arcf->enable) {
+
+                r->headers_out.content_type = sr->headers_out.content_type;
+
+                hs = &sr->headers_out.headers;
+
+                r->headers_out.headers = *hs;
+
+                b = ngx_calloc_buf(r->pool);
+                if (b == NULL) {
+                   return NGX_ERROR;
+                }
+
+                r->headers_out.status = ctx->status;
+
+                b->last_buf = 1;
+                b->last_in_chain = 1;
+                b->memory = 1;
+
+                out.buf = b;
+                out.next = NULL;
+
+                in = ctx->subrequest->out;
+                in->next = &out;
+
+                ngx_http_send_header(r);
+
+                return ngx_http_output_filter(r, in);
+            }
+
             h = sr->headers_out.www_authenticate;

             if (!h && sr->upstream) {
@@ -323,6 +363,8 @@

     conf->vars = NGX_CONF_UNSET_PTR;

+    conf->enable = NGX_CONF_UNSET;
+
     return conf;
 }

@@ -335,6 +377,7 @@

     ngx_conf_merge_str_value(conf->uri, prev->uri, "");
     ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL);
+    ngx_conf_merge_value(conf->enable, prev->enable, 0);

     return NGX_CONF_OK;
 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20230509/fe569e17/attachment-0001.htm>


More information about the nginx-devel mailing list