Skip to content

Commit

Permalink
nginx: add nginx_oauth2_check_requirements
Browse files Browse the repository at this point in the history 
see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen

Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
@zandbelt
zandbelt committed Jun 20, 2024
1 parent c2a7db2 commit 8dc6821
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 0 deletions.
2 changes: 2 additions & 0 deletions include/oauth2/nginx.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,5 +179,7 @@ ngx_int_t oauth2_nginx_set_target_variables(ngx_module_t module,
oauth2_nginx_request_context_t *ctx,
json_t *json_token);
char *nginx_oauth2_set_require(ngx_conf_t *cf, ngx_array_t **requirements);
ngx_int_t nginx_oauth2_check_requirements(oauth2_nginx_request_context_t *ctx,
ngx_array_t *requirements);

#endif /* _OAUTH2_NGINX_H_ */
43 changes: 43 additions & 0 deletions src/server/nginx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -608,3 +608,46 @@ char *nginx_oauth2_set_require(ngx_conf_t *cf, ngx_array_t **requirements)

return NGX_CONF_OK;
}

static ngx_int_t
nginx_oauth2_check_requirement(oauth2_nginx_request_context_t *ctx,
ngx_http_complex_value_t *cv)
{
ngx_str_t v;
ngx_int_t rc = ngx_http_complex_value(ctx->r, cv, &v);
if (rc != NGX_OK) {
ngx_log_error(NGX_LOG_ERR, ctx->r->connection->log, 0,
"error %d evaluating expression %*.s", rc,
(int)cv->value.len, cv->value.data);
return NGX_ERROR;
}

ngx_log_debug3(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0,
"nginx_oauth2_check_requirement: expression \"%*.s\" "
"evaluated to: %s",
(int)cv->value.len, cv->value.data,
(1 == v.len && '1' == *v.data)
? "NGX_OK"
: "NGX_HTTP_UNAUTHORIZED");

return 1 == v.len && '1' == *v.data ? NGX_OK : NGX_HTTP_UNAUTHORIZED;
}
ngx_int_t nginx_oauth2_check_requirements(oauth2_nginx_request_context_t *ctx,
ngx_array_t *requirements)
{
int rc = NGX_OK;
ngx_uint_t i = 0;

if (requirements == NULL)
return NGX_OK;

for (i = 0; i < requirements->nelts; ++i) {
ngx_http_complex_value_t *cv =
(ngx_http_complex_value_t *)requirements->elts + i;
rc = nginx_oauth2_check_requirement(ctx, cv);
if (rc != NGX_OK)
break;
}

return rc;
}
7 changes: 7 additions & 0 deletions test/server_stubs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,4 +263,11 @@ ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv)
return 0;
}

ngx_int_t ngx_http_complex_value(ngx_http_request_t *r,
ngx_http_complex_value_t *val,
ngx_str_t *value)
{
return 0;
}

#endif

0 comments on commit 8dc6821

Please sign in to comment.