nginx: add nginx_oauth2_check_requirements

zandbelt · zandbelt · commit 8dc682190221 · 2024-06-20T18:28:44.000+02:00
see OpenIDC/ngx_oauth2_module#7; thanks @smanolache and @pladen Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
diff --git a/include/oauth2/nginx.h b/include/oauth2/nginx.h
@@ -179,5 +179,7 @@ ngx_int_t oauth2_nginx_set_target_variables(ngx_module_t module,
 					    oauth2_nginx_request_context_t *ctx,
 					    json_t *json_token);
 char *nginx_oauth2_set_require(ngx_conf_t *cf, ngx_array_t **requirements);
+ngx_int_t nginx_oauth2_check_requirements(oauth2_nginx_request_context_t *ctx,
+					  ngx_array_t *requirements);
 
 #endif /* _OAUTH2_NGINX_H_ */
diff --git a/src/server/nginx.c b/src/server/nginx.c
@@ -608,3 +608,46 @@ char *nginx_oauth2_set_require(ngx_conf_t *cf, ngx_array_t **requirements)
 
 	return NGX_CONF_OK;
 }
+
+static ngx_int_t
+nginx_oauth2_check_requirement(oauth2_nginx_request_context_t *ctx,
+			       ngx_http_complex_value_t *cv)
+{
+	ngx_str_t v;
+	ngx_int_t rc = ngx_http_complex_value(ctx->r, cv, &v);
+	if (rc != NGX_OK) {
+		ngx_log_error(NGX_LOG_ERR, ctx->r->connection->log, 0,
+			      "error %d evaluating expression %*.s", rc,
+			      (int)cv->value.len, cv->value.data);
+		return NGX_ERROR;
+	}
+
+	ngx_log_debug3(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0,
+		       "nginx_oauth2_check_requirement: expression \"%*.s\" "
+		       "evaluated to: %s",
+		       (int)cv->value.len, cv->value.data,
+		       (1 == v.len && '1' == *v.data)
+			   ? "NGX_OK"
+			   : "NGX_HTTP_UNAUTHORIZED");
+
+	return 1 == v.len && '1' == *v.data ? NGX_OK : NGX_HTTP_UNAUTHORIZED;
+}
+ngx_int_t nginx_oauth2_check_requirements(oauth2_nginx_request_context_t *ctx,
+					  ngx_array_t *requirements)
+{
+	int rc = NGX_OK;
+	ngx_uint_t i = 0;
+
+	if (requirements == NULL)
+		return NGX_OK;
+
+	for (i = 0; i < requirements->nelts; ++i) {
+		ngx_http_complex_value_t *cv =
+		    (ngx_http_complex_value_t *)requirements->elts + i;
+		rc = nginx_oauth2_check_requirement(ctx, cv);
+		if (rc != NGX_OK)
+			break;
+	}
+
+	return rc;
+}
diff --git a/test/server_stubs.c b/test/server_stubs.c
@@ -263,4 +263,11 @@ ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv)
 	return 0;
 }
 
+ngx_int_t ngx_http_complex_value(ngx_http_request_t *r,
+				 ngx_http_complex_value_t *val,
+				 ngx_str_t *value)
+{
+	return 0;
+}
+
 #endif
