I'm extremely new to Lua as well as nginx.we're trying to set up authentication.
I'm trying to write a script that could be injected in my NGINX which would actually listen to a an endpoint.
My api would give give me a token. I would receive this token and check if it exists in my YAML file or probably JSON file .
based on the privilege mentioned in the file, I would like to redirect it the respective url with necessary permissions.
Any help would be highly appreciated.
First of all, nginx on its own has no Lua integration whatsoever; so if you just have an nginx server, you can't script it in Lua at all.
What you probably mean is openresty, aka. the lua-nginx-module, which lets you run Lua code in nginx to handle requests programatically.
Assuming that you have a working nginx + lua-nginx-module installed and running, what you're looking for is the rewrite_by_lua directive, which lets you redirect the client to a different address based on their request.
(Realistically, you'd likely want to use rewrite_by_lua_block or rewrite_by_lua_file instead)
Within the Lua block, you can make API calls, execute some logic, etc. and then redirect to some URI internally with ngx.exec or send an actual redirect to the client with ngx.redirect.
If you want to read in a JSON or YAML file, you should do so in the init_by_lua so the file gets loaded only once and then stays in memory. The lua-cjson module comes with nginx, so you can just use that to parse your json data into a Lua table.
Related
I am trying to intercept each and every request using python CGI handler to particular path in Apache 2.4 server and modify the original as required. (This is to validate JWT token stored in cookie)
I am referring the below documentation (http://httpd.apache.org/docs/2.2/handler.html)
Modifying static content using a CGI script The following directives
will cause requests for files with the html extension to trigger the
launch of the footer.pl CGI script.
Action add-footer /cgi-bin/footer.pl
AddHandler add-footer .html
Then the CGI script is responsible for sending the originally
requested document (pointed to by the PATH_TRANSLATED environment
variable) and making whatever modifications or additions are desired.
I am able to reach the handler and validate the JWT token in it.
But, the issue is I don't find a way to sent the original document when the token is valid.
You really should not be using a handler for this task. If you must write your extension in an interpreted language, look at a RewriteMap prg: extension point. Otheriwse, you can write code in a hook meant for access control.
But in the example you show, the injected handler would only work for a static file request. It's just going to something akin to cat'ing the file passes as an argument then writing its own trailing data.
I want to create easily and very quickly a mock rest server. So I decided to try Apache web server. In Apache, each requested URL must be linked to a file in the corresponding folder:
http://host:port/folder1/folder2 -> /var/tmp/folder1/folder2/file.data
I managed to create an alias to bind an URL with a specified file, but
how to create a generic rule to avoid creating one for each URL, and then process POST request? Is it possible to rewrite a POST request into a GET?
I've been looking at backends and APIs for a while now. It seems that sometimes devs will build a regular backend (in say a language like PHP) that handles all the backend matters and sometimes devs will instead choose to build out their backend through an API and then use their own (and possibly other) sites to pull data from this API.
I was wondering this:
Say I want to build a regular backend using a server-scripting language like PHP, which I will use to not only render my main website, but will also allow me to do other server-side scripting etc. Then say I want to use this data from the current site and make it accessible to another site of mine through API calls. Will it be possible to build an API on top of a regular backend?
If the answer yes, how complex can it get to achieve something like this?
What tools or design strategies (if any) would you have or have used for achieving this?
This is an old question, but since I'm here, I may as well provide an answer for anyone wondering. Joe is asking about server-side web APIs versus regular server-side code.
Yes, you can have a "regular" backend and an API backend exist at the same time. If your backend is in PHP, you can refactor and extend your code to handle API requests.
Like Patrick Evans said, an API is the backend. If your backend PHP code communicates with a database to manipulate or retrieve data, then you can consider this an API transaction. Whenever your backend receives a request, evaluates/actions that request, and returns a response, it is essentially acting like an API.
Let's say you own example.com, with an index.php file in the root directory - so when a user requests example.com in their browser, this index.php file is processed and served to them. Now, you can set up this index.php file to handle both regular page requests (i.e. the php script returns an html template that is rendered by the browser) and API calls. This can be as complex or as simple as you want it to be.
The best way to handle this would be to assign different routes for rendering your main webpages and API calls. You can set up routes in the following way...
example.com/index.php?route=api&data=users can be handled by your 'API code' in index.php to return a JSON response containing a list of all the users in your database, while example.com/index.php?route=home will just return your website's home page.
I have a pure CherryPy server which has been running for a few years already. I decided recently to add SSL support. In this case it was enough to provide the certificate and key files and to assign correct values to the variables cherrypy.server.ssl_certificate and cherrypy.server.ssl_private_key.
I would like to give a warning about this change whenever somebody tries to access a page using "http://..." instead of "https://...". Is there a simple way of achieving this without many changes in my system? Another option would be to redirect the HTTP access to HTTPS—can that be done easily?
I would create a custom handler to achieve what you're after. This automatically redirects to HTTPS.
class Functions():
def check_ssl(self=None):
# check if url is in https and redirect if http
if cherrypy.request.scheme == "http":
cherrypy.HTTPRedirect(Referer.replace("http:", "https:"))
cherrypy.tools.Functions = cherrypy.Tool('before_handler', check_ssl)
We have Apache on top of JBoss serving either web or mobile app.
We are currently using Apache mod-rewrite to decide where to forward the user to web or mobile (and mod-jk to mount to JBoss), based on regular expressions matching of user-agent, but that is imprecise and error prone.
We want to use a servlet or jsp on JBoss as part of deciding whether to serve the web or mobile app (the servlet checks the user-agent in WURFL to see if this is a mobile device or a web browser).
How can I make a rewrite-condition dependent on the result of a servlet/jsp ?
(I already thought about redirecting the jsp back to two possible URLs and continue the rewrite-rule logic from there, but this gets complicated with passing URL parameters back and forth)
One conceptually simple way is to use a program-type rewritemap to call your EE-based service to check a U-A, assuming the program couldn't just perform the check itself (if you've only got some canned java interface into that DB)