using content_by_lua_file & proxy_pass together to write parameter to request body not working

lorena.n.mesa · 2014-07-17T22:55:25+00:00

Hello! On Sat, Jul 19, 2014 at 5:56 AM, sadmedved wrote: > I've already incorporated the last version of ngx_http_lua_headers.c to my > production sy...

using content_by_lua_file & proxy_pass together to write parameter to request body not working

lorena.n.mesa

Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx-access.log;

    server {
        listen       443;
        server_name  localhost;

        ssl             on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        proxy_ssl_session_reuse off;
        large_client_header_buffers 4 32K;

        location / {
            root   html;
            index  index.html index.htm;
            limit_req   zone=one burst=140;

            content_by_lua_file /home/vagrant/token.lua;
            log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
            access_log  /var/log/nginx-postdata.log  mydata;
            proxy_pass https://graph.facebook.com/;

         }
      }
   }

And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"

for key, val in pairs(args) do
    if key == "access_token" then
        local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
        args["appsecret_proof"] = digest
    end
end

local newdata = json.encode(args)
ngx.req.set_body_data(newdata)
When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

manchev

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:


http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx-access.log;

    server {
        listen       443;
        server_name  localhost;

        ssl             on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        proxy_ssl_session_reuse off;
        large_client_header_buffers 4 32K;

        location / {
            root   html;
            index  index.html index.htm;
            limit_req   zone=one burst=140;

            content_by_lua_file /home/vagrant/token.lua;
            log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
            access_log  /var/log/nginx-postdata.log  mydata;
            proxy_pass https://graph.facebook.com/;

         }
      }
   }

And the content_by_lua_file token.lua looks like this:


local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"

for key, val in pairs(args) do
    if key == "access_token" then
        local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
        args["appsecret_proof"] = digest
    end
end

local newdata = json.encode(args)
ngx.req.set_body_data(newdata)

When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

manchev

On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:


http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx-access.log;

    server {
        listen       443;
        server_name  localhost;

        ssl             on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        proxy_ssl_session_reuse off;
        large_client_header_buffers 4 32K;

        location / {
            root   html;
            index  index.html index.htm;
            limit_req   zone=one burst=140;

            content_by_lua_file /home/vagrant/token.lua;
            log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
            access_log  /var/log/nginx-postdata.log  mydata;
            proxy_pass https://graph.facebook.com/;

         }
      }
   }

And the content_by_lua_file token.lua looks like this:


local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"

for key, val in pairs(args) do
    if key == "access_token" then
        local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
        args["appsecret_proof"] = digest
    end
end

local newdata = json.encode(args)
ngx.req.set_body_data(newdata)


When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

lorena.n.mesa

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx-access.log;

    server {
        listen       443;
        server_name  localhost;

        ssl             on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        proxy_ssl_session_reuse off;
        large_client_header_buffers 4 32K;

        location / {
            root   html;
            index  index.html index.htm;
            limit_req   zone=one burst=140;

            content_by_lua_file /home/vagrant/token.lua;
            log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
            access_log  /var/log/nginx-postdata.log  mydata;
            proxy_pass https://graph.facebook.com/;

         }
      }
   }

And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"

for key, val in pairs(args) do
    if key == "access_token" then
        local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
        args["appsecret_proof"] = digest
    end
end

local newdata = json.encode(args)
ngx.req.set_body_data(newdata)


When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

lorena.n.mesa

Nevermind - I finally got it ! Thanks team openresty-en!!!!

On Thursday, July 17, 2014 11:32:08 AM UTC-5, Lorena Mesa wrote:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx-access.log;

    server {
        listen       443;
        server_name  localhost;

        ssl             on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        proxy_ssl_session_reuse off;
        large_client_header_buffers 4 32K;

        location / {
            root   html;
            index  index.html index.htm;
            limit_req   zone=one burst=140;

            content_by_lua_file /home/vagrant/token.lua;
            log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
            access_log  /var/log/nginx-postdata.log  mydata;
            proxy_pass https://graph.facebook.com/;

         }
      }
   }

And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"

for key, val in pairs(args) do
    if key == "access_token" then
        local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
        args["appsecret_proof"] = digest
    end
end

local newdata = json.encode(args)
ngx.req.set_body_data(newdata)


When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

manchev

Not sure what problems you could have with dependencies since both modules are included in the default OpenResy distribution.

You will definitely get a performance boost when using them.

Also, I think it would be better if you used cjson instead of JSON4Lua - it's a lot faster.

Otherwise, the error you're getting is most certainly a problem in your code, maybe if you share it we can help.

Best,

Vladislav

On Thu, Jul 17, 2014 at 7:32 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"
I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:
On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav
On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:
Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav
On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:
Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:
http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx-access.log;

    server {
        listen       443;
        server_name  localhost;

        ssl             on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        proxy_ssl_session_reuse off;
        large_client_header_buffers 4 32K;

        location / {
            root   html;
            index  index.html index.htm;
            limit_req   zone=one burst=140;

            content_by_lua_file /home/vagrant/token.lua;
            log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body';
            access_log  /var/log/nginx-postdata.log  mydata;
            proxy_pass https://graph.facebook.com/;

         }
      }
   }
And the content_by_lua_file token.lua looks like this:
local data = ngx.req.read_body()
local args = ngx.req.get_post_args()
local crypto = require "crypto"
local json = require "json"

for key, val in pairs(args) do
    if key == "access_token" then
        local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false)
        args["appsecret_proof"] = digest
    end
end

local newdata = json.encode(args)
ngx.req.set_body_data(newdata)




When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first. 
.
me

I've resolved the issue with how to return data but I can definitely trouble shoot my dependency errors with you! Performance is something I would always love to boost. Be back soon with fun errors.

On Thu, Jul 17, 2014 at 12:11 PM, Vladislav Manchev <man...@bin.bz> wrote:

Not sure what problems you could have with dependencies since both modules are included in the default OpenResy distribution.

You will definitely get a performance boost when using them.

Also, I think it would be better if you used cjson instead of JSON4Lua - it's a lot faster.

Otherwise, the error you're getting is most certainly a problem in your code, maybe if you share it we can help.

Best,
Vladislav

On Thu, Jul 17, 2014 at 7:32 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:

On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:

http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx-access.log; server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_ssl_session_reuse off; large_client_header_buffers 4 32K; location / { root html; index index.html index.htm; limit_req zone=one burst=140; content_by_lua_file /home/vagrant/token.lua; log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body'; access_log /var/log/nginx-postdata.log mydata; proxy_pass https://graph.facebook.com/; } } }
And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body() local args = ngx.req.get_post_args() local crypto = require "crypto" local json = require "json" for key, val in pairs(args) do if key == "access_token" then local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false) args["appsecret_proof"] = digest end end local newdata = json.encode(args) ngx.req.set_body_data(newdata)

When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

.

--
___________________________________________________________________________________

Lorena Mesa
www.lorenamesa.com

"If you wish to make apple pie from scratch, you must first invent the universe," - Carl Sagan

Please stop
before printing this email unnecessarily, think green!!!

lorena.n.mesa

OK - so only by building a string with the post params in 'application/x-www-form-urlencoded' format does posting back to Facebook work. Again, the data is the exact same just formatted in another way. This results in successful posting.

The only thing I see in the documentation about this format of data being used is the ngx.req.get_post_args documentation but that specifies only that the data is returned in this format.

Thoughts?

On Thursday, July 17, 2014 12:14:03 PM UTC-5, Lorena Mesa wrote:
I've resolved the issue with how to return data but I can definitely trouble shoot my dependency errors with you! Performance is something I would always love to boost. Be back soon with fun errors.

On Thu, Jul 17, 2014 at 12:11 PM, Vladislav Manchev <man...@bin.bz> wrote:

Not sure what problems you could have with dependencies since both modules are included in the default OpenResy distribution.

You will definitely get a performance boost when using them.

Also, I think it would be better if you used cjson instead of JSON4Lua - it's a lot faster.

Otherwise, the error you're getting is most certainly a problem in your code, maybe if you share it we can help.

Best,
Vladislav

On Thu, Jul 17, 2014 at 7:32 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:

On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:

http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx-access.log; server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_ssl_session_reuse off; large_client_header_buffers 4 32K; location / { root html; index index.html index.htm; limit_req zone=one burst=140; content_by_lua_file /home/vagrant/token.lua; log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body'; access_log /var/log/nginx-postdata.log mydata; proxy_pass https://graph.facebook.com/; } } }
And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body() local args = ngx.req.get_post_args() local crypto = require "crypto" local json = require "json" for key, val in pairs(args) do if key == "access_token" then local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false) args["appsecret_proof"] = digest end end local newdata = json.encode(args) ngx.req.set_body_data(newdata)

When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

.

--
___________________________________________________________________________________

Lorena Mesa
www.lorenamesa.com

"If you wish to make apple pie from scratch, you must first invent the universe," - Carl Sagan

Please stop
before printing this email unnecessarily, think green!!!

manchev

application/x-www-form-urlencoded means that the body of the HTTP message is essentially just a query string; name/value pairs are separated by (&), and names are separated from values by (=):

_one_=1&two=2

Take a look at [1] for further information on the subject.

So, having a table with the params you can encode them with ngx.encode_args for example [2] and put the resulting string in the body.

[1]: http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4
[2]: http://wiki.nginx.org/HttpLuaModule#ngx.encode_args

Best,
Vladislav

On Thu, Jul 17, 2014 at 9:38 PM, Lorena Mesa <lorena...@gmail.com> wrote:

OK - so only by building a string with the post params in 'application/x-www-form-urlencoded' format does posting back to Facebook work. Again, the data is the exact same just formatted in another way. This results in successful posting.

The only thing I see in the documentation about this format of data being used is the ngx.req.get_post_args documentation but that specifies only that the data is returned in this format.

Thoughts?

On Thursday, July 17, 2014 12:14:03 PM UTC-5, Lorena Mesa wrote:

I've resolved the issue with how to return data but I can definitely trouble shoot my dependency errors with you! Performance is something I would always love to boost. Be back soon with fun errors.

On Thu, Jul 17, 2014 at 12:11 PM, Vladislav Manchev <man...@bin.bz> wrote:

Not sure what problems you could have with dependencies since both modules are included in the default OpenResy distribution.

You will definitely get a performance boost when using them.

Also, I think it would be better if you used cjson instead of JSON4Lua - it's a lot faster.

Otherwise, the error you're getting is most certainly a problem in your code, maybe if you share it we can help.

Best,
Vladislav

On Thu, Jul 17, 2014 at 7:32 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:

On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:

http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx-access.log; server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_ssl_session_reuse off; large_client_header_buffers 4 32K; location / { root html; index index.html index.htm; limit_req zone=one burst=140; content_by_lua_file /home/vagrant/token.lua; log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body'; access_log /var/log/nginx-postdata.log mydata; proxy_pass https://graph.facebook.com/; } } }
And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body() local args = ngx.req.get_post_args() local crypto = require "crypto" local json = require "json" for key, val in pairs(args) do if key == "access_token" then local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false) args["appsecret_proof"] = digest end end local newdata = json.encode(args) ngx.req.set_body_data(newdata)

When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

.

lorena.n.mesa

Thanks Vladislav, I was building the query string manually since the JSON4Lua encode method wasn't setting the data correctly onto the post body. Using the ngx.encode_args seems to do it, at least everything is logging beautifully. :-)

On Thursday, July 17, 2014 2:13:39 PM UTC-5, Vladislav Manchev wrote:
application/x-www-form-urlencoded means that the body of the HTTP message is essentially just a query string; name/value pairs are separated by (&), and names are separated from values by (=):

_one_=1&two=2

Take a look at [1] for further information on the subject.

So, having a table with the params you can encode them with ngx.encode_args for example [2] and put the resulting string in the body.

[1]: http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4
[2]: http://wiki.nginx.org/HttpLuaModule#ngx.encode_args

Best,
Vladislav

On Thu, Jul 17, 2014 at 9:38 PM, Lorena Mesa <lorena...@gmail.com> wrote:

OK - so only by building a string with the post params in 'application/x-www-form-urlencoded' format does posting back to Facebook work. Again, the data is the exact same just formatted in another way. This results in successful posting.

The only thing I see in the documentation about this format of data being used is the ngx.req.get_post_args documentation but that specifies only that the data is returned in this format.

Thoughts?

On Thursday, July 17, 2014 12:14:03 PM UTC-5, Lorena Mesa wrote:

I've resolved the issue with how to return data but I can definitely trouble shoot my dependency errors with you! Performance is something I would always love to boost. Be back soon with fun errors.

On Thu, Jul 17, 2014 at 12:11 PM, Vladislav Manchev <man...@bin.bz> wrote:

Not sure what problems you could have with dependencies since both modules are included in the default OpenResy distribution.

You will definitely get a performance boost when using them.

Also, I think it would be better if you used cjson instead of JSON4Lua - it's a lot faster.

Otherwise, the error you're getting is most certainly a problem in your code, maybe if you share it we can help.

Best,
Vladislav

On Thu, Jul 17, 2014 at 7:32 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:

On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:

http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx-access.log; server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_ssl_session_reuse off; large_client_header_buffers 4 32K; location / { root html; index index.html index.htm; limit_req zone=one burst=140; content_by_lua_file /home/vagrant/token.lua; log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body'; access_log /var/log/nginx-postdata.log mydata; proxy_pass https://graph.facebook.com/; } } }
And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body() local args = ngx.req.get_post_args() local crypto = require "crypto" local json = require "json" for key, val in pairs(args) do if key == "access_token" then local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false) args["appsecret_proof"] = digest end end local newdata = json.encode(args) ngx.req.set_body_data(newdata)

When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

.

lorena

Thanks Vladislav, I was building the query string manually since the JSON4Lua encode method wasn't setting the data correctly onto the post body. Using the ngx.encode_args seems to do it, at least everything is logging beautifully. :-)

On Thursday, July 17, 2014 2:13:39 PM UTC-5, Vladislav Manchev wrote:
application/x-www-form-urlencoded means that the body of the HTTP message is essentially just a query string; name/value pairs are separated by (&), and names are separated from values by (=):

_one_=1&two=2

Take a look at [1] for further information on the subject.

So, having a table with the params you can encode them with ngx.encode_args for example [2] and put the resulting string in the body.

[1]: http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4
[2]: http://wiki.nginx.org/HttpLuaModule#ngx.encode_args

Best,
Vladislav

On Thu, Jul 17, 2014 at 9:38 PM, Lorena Mesa <lorena...@gmail.com> wrote:

OK - so only by building a string with the post params in 'application/x-www-form-urlencoded' format does posting back to Facebook work. Again, the data is the exact same just formatted in another way. This results in successful posting.

The only thing I see in the documentation about this format of data being used is the ngx.req.get_post_args documentation but that specifies only that the data is returned in this format.

Thoughts?

On Thursday, July 17, 2014 12:14:03 PM UTC-5, Lorena Mesa wrote:

I've resolved the issue with how to return data but I can definitely trouble shoot my dependency errors with you! Performance is something I would always love to boost. Be back soon with fun errors.

On Thu, Jul 17, 2014 at 12:11 PM, Vladislav Manchev <man...@bin.bz> wrote:

Not sure what problems you could have with dependencies since both modules are included in the default OpenResy distribution.

You will definitely get a performance boost when using them.

Also, I think it would be better if you used cjson instead of JSON4Lua - it's a lot faster.

Otherwise, the error you're getting is most certainly a problem in your code, maybe if you share it we can help.

Best,
Vladislav

On Thu, Jul 17, 2014 at 7:32 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Thanks for pointing out using lua-nginx-module and lua-resty-string but I was having a few errors with the dependencies and LuaCrypto has been working smoothly. That being said, the access_lua_file does maintain the appsecret_proof parameter in the body but when I write the data back to the request_body Facebook's API is blowing up at me saying:

"'{"error":{"message":"(#200) This API call requires a valid app_id.","type":"OAuthException","code":200}}'"

I've tripled checked the app token on Facebook's Graph Explorer - it is indeed valid - I presume now that I'm incorrectly writing the data back to the response body? As it stands I taking the args table and using JSON4Lua to encode it to a Json string and write it to the request body.

On Thursday, July 17, 2014 10:44:28 AM UTC-5, Vladislav Manchev wrote:

On a side note - you should be using lua-nginx-module [1] or lua-resty-string [2] to compute digests instead of LuaCrypto.

[1]: https://github.com/openresty/lua-nginx-module
[2]: https://github.com/openresty/lua-resty-string

Best,
Vladislav

On Thu, Jul 17, 2014 at 6:38 PM, Vladislav Manchev <man...@bin.bz> wrote:

Hi Lorena,

You should rather use access_by_lua_file instead of content_by_lua_file as the content handler is running after proxy_pass.

You can read more on the following links:

http://wiki.nginx.org/Phases
http://wiki.nginx.org/HttpLuaModule#content_by_lua

As you can see there's a note in the second link saying:
Do not use this directive and other content handler directives in the same location. For example, this directive and the proxy_pass directive should not be used in the same location.

Best,
Vladislav

On Thu, Jul 17, 2014 at 5:55 PM, Lorena Mesa <lorena...@gmail.com> wrote:

Hello -- I've been attempting to use content_by_lua_file to read the request body and use one of the parameters to create another parameter to be added to the request body and finally sent along to Facebook. The config looks like this:

http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx-access.log; server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_ssl_session_reuse off; large_client_header_buffers 4 32K; location / { root html; index index.html index.htm; limit_req zone=one burst=140; content_by_lua_file /home/vagrant/token.lua; log_format mydata '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" request body $request_body'; access_log /var/log/nginx-postdata.log mydata; proxy_pass https://graph.facebook.com/; } } }
And the content_by_lua_file token.lua looks like this:

local data = ngx.req.read_body() local args = ngx.req.get_post_args() local crypto = require "crypto" local json = require "json" for key, val in pairs(args) do if key == "access_token" then local digest = crypto.hmac.digest("sha256", val, APPSECRETID, false) args["appsecret_proof"] = digest end end local newdata = json.encode(args) ngx.req.set_body_data(newdata)

When I log the $request_body and **don't proxy_pass** the new parameter is present but if I proxy_pass to Facebook the introduced parameter, appsecret_token, is not present. What am I missing? Or better, am I using the incorrect combination of HTTP Lua Module methods? Content_by_lua and rewrite_by_lua can access the $request_body so long as you read_body() first.

.