Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:
"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"
I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.
On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:
On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev
<man...@bin.bz> wrote:
As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the
proxy_pass directive should not be used in the same location.
Best,
Vladislav
On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa
<lorena...@gmail.com> wrote:
Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx-access.log;
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
proxy_ssl_session_reuse off;
large_client_header_buffers 4 32K;
location / {
root html;
index index.html index.htm;
limit_req zone=one burst=140;
content_by_lua_file /home/vagrant/token.lua;
log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
access_log /var/log/nginx-postdata.log mydata;
proxy_pass https://graph.facebook.com/;
}
}
}
And the content_by_lua_file token.lua looks like this:
local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"
for key, val in pairs(args) do
if key == "access_token" then
local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
args["appsecret_proof"] = digest
end
end
local newdata = json.encode(args)
ngx.req.set_body_data(newdata)
When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.
.