Hi Guillaume,
Thanks for the feedback! I’m hesitant about adding the external modules just
due to the additional complexity of building and maintaining them via my
configuration management system (SaltStack) right now.
Here’s what works for me by changing to blob.transcode() while still using
regsub():
set req.http.X-Auth-User = regsub(blob.transcode(
encoding=IDENTITY,
decoding=BASE64,
encoded=regsub(req.http.Authorization,
"^Basic (.*)", "\1")),
":.*$",
""
);
Best,
Justin
From: Guillaume Quintard <guillaume.quint...@gmail.com>
Sent: Monday, October 25, 2021 2:58 PM
To: Justin Lloyd <just...@arena.net>
Cc: varnish-misc@varnish-cache.org
Subject: Re: Query for authorization username
I think it's close to optimal, given the current tools. I would probably try to
move away from regsub() and use vmod_str
(https://github.com/varnish/varnish-modules/blob/master/src/vmod_str.vcc#L42),
and maaaaaaybe use multiple assignments rather than on big expressions, but
that's a personal preference at this point.
It would look like something like this in my mind (highly untested, don't sue
me if your computer explodes):
import var;
import str;
import blob;
sub vcl_recv {
if (str.split(req.http.Authorization, 0) == "Basic") {
var.set("b64", str.split(req.http.Authorization, 1));
var.set("decoded", bob.transcode(encoding = BASE64URL, encoded =
var.get("b64")));
set req.http.X-Auth-User = str.split(var.get("decoded"), 0, ":");
}
}
everything in one expression:
set req.http.X-Auth-User = str.split(
blob.transcode(
encoding = BASE64URL,
encoded = str.split(req.http.Authorization,
1))
),
0,
":"
);
You should possibly use blob.transcode() anyway.
--
Guillaume Quintard
On Mon, Oct 25, 2021 at 11:25 AM Justin Lloyd
<just...@arena.net<mailto:just...@arena.net>> wrote:
In my dev environment, I have a few users configured to use Basic authorization
(configured in the Nginx backend) and I’d like to be able to perform VSL
queries based on the auth user. This is what I was able to come up with, but
I’m wondering if there is a simpler way that I’m just not seeing.
require blob;
if (req.http.Authorization) {
set req.http.X-Auth-User = regsub(blob.encode(IDENTITY,
blob=blob.decode(BASE64,
encoded=regsub(req.http.Authorization, "^Basic (.*)", "\1"))),
":.*$", "");
}
varnishtop -I ReqHeader:X-Auth-User
varnishlog -i ReqURL -q 'ReqHeader:X-Auth-User ~ “someuser”'
Thanks,
Justin
_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org<mailto:varnish-misc@varnish-cache.org>
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
