Hello!
On Thu, Dec 4, 2014 at 8:17 AM, Martin Gee wrote:
> server {
[...]
> access_by_lua_file conf/authSession.lua;
>
Be careful with access_by_lua_file directly on the server {} (or even
http {}) block level. Because it will get inherited by *all* the
containing locations including those for error_page redirection.
>
> Q) In apache there is a Auth_memCookie module that uses the "require"
> directive. Is there something like that in NGINX / Lua?
Well, you can use Lua for such things, for example,
location /myprotectedurl {
access_by_lua 'require("authsession").require("valid-user")';
}
location /myprotectedurlgroup1 {
access_by_lua 'require("authsession").require("group", "group1")';
}
> Q) I'm pretty the failing if ($Groups) is a phase problem. Which phase
> should the lua code be run?
Avoid the evil if's. Do all the logic in Lua (in your authsession Lua module).
> Q) I'll likely have many location blocks. Is there cleaner approach?
>
See above. We can make things even simpler by defining a global Lua
function named auth_require() in init_by_lua though use of custom Lua
global variables is generally discouraged for (big) Lua apps. For
example,
init_by_lua '
local authsession = require("authsession")
auth_require = authsession.require -- define a Lua global!
';
And then
location /myprotectedurl {
access_by_lua 'auth_require("valid-user")';
}
location /myprotectedurlgroup1 {
access_by_lua 'auth_require("group", "group1")';
}
We can simplify this further if nginx's configuration language
supports macros :)
Regards,
-agentzh