nginx: add nginx_oauth2_set_require to be used with OAuth2Require etc.

see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen

Signed-off-by: Hans Zandbelt <[email protected]>

Author: zandbelt

ChangeLog

@@ -1,6 +1,10 @@
+06/20/2024
+- nginx: add nginx_oauth2_set_require to be used with OAuth2Require etc.
+  see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen
+
 06/19/2024
 - add NGINX macros/functions for setting claim variables in the request context
-  see OpenIDC/ngx_oauth2_module#7; thanks @@smanolache and @pladen
+  see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen
 - allow NGINX primitives in an if block within a location block in the http block
 - bump to 1.6.3dev
 .

include/oauth2/nginx.h

@@ -63,6 +63,12 @@
 	return rv ? NGX_CONF_ERROR : NGX_CONF_OK;                              \
 	}
 
+#define OAUTH2_NGINX_CFG_FUNC_RET1(module, type, primitive, func, member)      \
+	OAUTH2_NGINX_CFG_FUNC_START(module, type, primitive)                   \
+	(void)value;                                                           \
+	rv = func(cf, &cfg->member);                                           \
+	OAUTH2_NGINX_CFG_FUNC_END(cf, rv)
+
 #define OAUTH2_NGINX_CFG_FUNC_ARGS1(module, type, primitive, func, member)     \
 	OAUTH2_NGINX_CFG_FUNC_START(module, type, primitive)                   \
 	char *v1 = cf->args->nelts > 1                                         \
@@ -113,7 +119,8 @@
 #define OAUTH2_NGINX_CMD(take, module, directive, primitive)                   \
 	{                                                                      \
 		ngx_string(directive),                                         \
-		    NGX_HTTP_LOC_CONF | NGX_HTTP_LIF_CONF | NGX_CONF_TAKE##take,                   \
+		    NGX_HTTP_LOC_CONF | NGX_HTTP_LIF_CONF |                    \
+			NGX_CONF_TAKE##take,                                   \
 		    ngx_##module##_set_##primitive, NGX_HTTP_LOC_CONF_OFFSET,  \
 		    0, NULL                                                    \
 	}
@@ -168,9 +175,9 @@ ngx_int_t oauth2_nginx_claim_variable(ngx_module_t module,
 char *oauth2_nginx_set_claim(ngx_module_t module,
 			     ngx_http_get_variable_pt handler, ngx_conf_t *cf,
 			     ngx_command_t *cmd, void *conf);
-
 ngx_int_t oauth2_nginx_set_target_variables(ngx_module_t module,
 					    oauth2_nginx_request_context_t *ctx,
 					    json_t *json_token);
+char *nginx_oauth2_set_require(ngx_conf_t *cf, ngx_array_t **requirements);
 
 #endif /* _OAUTH2_NGINX_H_ */

src/server/nginx.c

@@ -410,14 +410,14 @@ ngx_int_t oauth2_nginx_claim_variable(ngx_module_t module,
 	return NGX_OK;
 }
 
-static const size_t MAX_BUF = 128;
+static const size_t OAUTH2_NGINX_MAX_BUF = 128;
 
 char *oauth2_nginx_set_claim(ngx_module_t module,
 			     ngx_http_get_variable_pt handler, ngx_conf_t *cf,
 			     ngx_command_t *cmd, void *conf)
 {
 	ngx_http_variable_t *v;
-	char buf[MAX_BUF];
+	char buf[OAUTH2_NGINX_MAX_BUF];
 	int n = 0;
 	char *s = NULL;
 	ngx_str_t *value = cf->args->elts;
@@ -558,3 +558,53 @@ ngx_int_t oauth2_nginx_set_target_variables(ngx_module_t module,
 
 	return NGX_OK;
 }
+
+char *nginx_oauth2_set_require(ngx_conf_t *cf, ngx_array_t **requirements)
+{
+	ngx_http_complex_value_t *val = NULL;
+	ngx_http_compile_complex_value_t ccv;
+	ngx_str_t *var = NULL;
+	int rc = NGX_OK;
+	char *s = NULL;
+	char buf[OAUTH2_NGINX_MAX_BUF];
+
+	if (cf->args == NULL)
+		return NGX_CONF_ERROR;
+
+	if (*requirements == NULL) {
+		*requirements =
+		    ngx_array_create(cf->pool, cf->args->nelts,
+				     sizeof(ngx_http_complex_value_t));
+		if (*requirements == NULL) {
+			ngx_str_t msg = ngx_string("Out of memory");
+			s = oauth2_nginx_str2chr(cf->pool, &msg);
+			return s ? s : NGX_CONF_ERROR;
+		}
+	}
+
+	for (unsigned int i = 1; i < cf->args->nelts; ++i) {
+
+		var = (ngx_str_t *)cf->args->elts + i;
+		/* no allocation here because we've already dimensioned the
+		 * array upon its creation */
+		val = (ngx_http_complex_value_t *)ngx_array_push(*requirements);
+
+		ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+		ccv.cf = cf;
+		ccv.value = var;
+		ccv.complex_value = val;
+
+		rc = ngx_http_compile_complex_value(&ccv);
+		if (rc != NGX_OK) {
+			int n = snprintf(buf, sizeof(buf),
+					 "Error %d compiling "
+					 "expression %.*s",
+					 rc, (int)var->len, var->data);
+			ngx_str_t msg = {n, (u_char *)&buf[0]};
+			s = oauth2_nginx_str2chr(cf->pool, &msg);
+			return s ? s : NGX_CONF_ERROR;
+		}
+	}
+
+	return NGX_CONF_OK;
+}

test/server_stubs.c

@@ -248,4 +248,19 @@ ngx_http_variable_t *ngx_http_add_variable(ngx_conf_t *cf, ngx_str_t *name,
 	return NULL;
 }
 
+ngx_array_t *ngx_array_create(ngx_pool_t *p, ngx_uint_t n, size_t size)
+{
+	return NULL;
+}
+
+void *ngx_array_push(ngx_array_t *a)
+{
+	return NULL;
+}
+
+ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv)
+{
+	return 0;
+}
+
 #endif