Hello! On Tue, May 09, 2023 at 01:40:18AM +0200, Davood Falahati wrote:
> # HG changeset patch > # User Davood Falahati <0x0dav...@gmail.com> > # Date 1683588448 -7200 > # Tue May 09 01:27:28 2023 +0200 > # Node ID 0977f155bc2d288eedf006033b9a5094d0e8098f > # Parent b71e69247483631bd8fc79a47cc32b762625b1fb > let request_auth_module pass auth body when it is allowed > > diff -r b71e69247483 -r 0977f155bc2d > src/http/modules/ngx_http_auth_request_module.c > --- a/src/http/modules/ngx_http_auth_request_module.c Mon May 01 19:16:05 > 2023 +0400 > +++ b/src/http/modules/ngx_http_auth_request_module.c Tue May 09 01:27:28 > 2023 +0200 > @@ -13,6 +13,7 @@ > typedef struct { > ngx_str_t uri; > ngx_array_t *vars; > + ngx_flag_t enable; > } ngx_http_auth_request_conf_t; > > > @@ -62,6 +63,12 @@ > NGX_HTTP_LOC_CONF_OFFSET, > 0, > NULL }, > + { ngx_string("send_auth_body"), > + NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | > NGX_CONF_TAKE1, > + ngx_conf_set_flag_slot, > + NGX_HTTP_LOC_CONF_OFFSET, > + offsetof(ngx_http_auth_request_conf_t, enable), > + NULL }, > > ngx_null_command > }; > @@ -106,6 +113,9 @@ > ngx_http_post_subrequest_t *ps; > ngx_http_auth_request_ctx_t *ctx; > ngx_http_auth_request_conf_t *arcf; > + ngx_list_t *hs; > + ngx_buf_t *b; > + ngx_chain_t out, *in; > > arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module); > > @@ -141,6 +151,36 @@ > if (ctx->status == NGX_HTTP_UNAUTHORIZED) { > sr = ctx->subrequest; > > + if (arcf->enable) { > + > + r->headers_out.content_type = sr->headers_out.content_type; > + > + hs = &sr->headers_out.headers; > + > + r->headers_out.headers = *hs; > + > + b = ngx_calloc_buf(r->pool); > + if (b == NULL) { > + return NGX_ERROR; > + } > + > + r->headers_out.status = ctx->status; > + > + b->last_buf = 1; > + b->last_in_chain = 1; > + b->memory = 1; > + > + out.buf = b; > + out.next = NULL; > + > + in = ctx->subrequest->out; > + in->next = &out; > + > + ngx_http_send_header(r); > + > + return ngx_http_output_filter(r, in); > + } > + > h = sr->headers_out.www_authenticate; > > if (!h && sr->upstream) { > @@ -323,6 +363,8 @@ > > conf->vars = NGX_CONF_UNSET_PTR; > > + conf->enable = NGX_CONF_UNSET; > + > return conf; > } > > @@ -335,6 +377,7 @@ > > ngx_conf_merge_str_value(conf->uri, prev->uri, ""); > ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL); > + ngx_conf_merge_value(conf->enable, prev->enable, 0); > > return NGX_CONF_OK; > } Thanks for the patch. It is, however, is not going to work for at least two reasons: 1. The ctx->subrequest->out is only available when there is a NGX_HTTP_SUBREQUEST_IN_MEMORY flag (and implies various restrictions). 2. The auth subrequst is created with the sr->header_only flag set, so the will be no response body available in at all. Futher, it might not be a good idea to copy all headers from the subrequest while not providing various links and pointers from the r->headers_out structure. This is going to break various filter modules, such as charset filter (which uses r->headers_out.charset, r->headers_out.override_charset, r->headers_out.content_encoding), sub filter (as testing content type uses r->headers_out.content_type_len), and many more things. Note well that "enable" isn't a good name for a field responsible for an optional feature. Similarly, "send_auth_body" does not look self-explanatory. Overall, please also take a look at http://nginx.org/en/docs/contributing_changes.html for some basic hints on how to submit patches. Most notably, it might be a good idea outline the use case for the feature you are trying to introduce and why existing features are not enough for this use case. The design of the module generally suggests that the custom response body, if needed, can be provided using the error_page directive, much like with other auth modules. Hope this helps. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel