From 53219c43ad8665b555b6fcace38d99b3f7e70fcb Mon Sep 17 00:00:00 2001 From: Cezar Sa Espinola Date: Thu, 10 Jan 2019 11:12:37 -0200 Subject: [PATCH] Add cookie domain and ignore uri configs --- README.md | 4 ++++ access.lua | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/README.md b/README.md index 82efaed..ec08924 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,10 @@ variables are: returned from Google (portion left of '@' in email). - **$ngo_email_as_user** If set and `$ngo_user` is defined, username returned will be full email address. +- **$ngo_cookie_domain** If defined, the chosen domain will be added to the + cookies, this can be useful for granting access to multiple subdomains. +- **$ngo_ignore_uri** If defined, URIs containing this prefix will bypass + authentication. ## Available endpoints diff --git a/access.lua b/access.lua index 0452e85..3ce0d97 100644 --- a/access.lua +++ b/access.lua @@ -25,6 +25,8 @@ local secure_cookies = ngx.var.ngo_secure_cookies == "true" or false local http_only_cookies = ngx.var.ngo_http_only_cookies == "true" or false local set_user = ngx.var.ngo_user or false local email_as_user = ngx.var.ngo_email_as_user == "true" or false +local cookie_domain = ngx.var.ngo_cookie_domain or "" +local ignore_uri = ngx.var.ngo_ignore_uri or "" if whitelist:len() == 0 then whitelist = nil @@ -157,6 +159,10 @@ local function request_profile(token) end local function is_authorized() + if uri:sub(1, #ignore_uri) == ignore_uri then + return true + end + local headers = ngx.req.get_headers() local expires = tonumber(ngx.var.cookie_OauthExpires) or 0 @@ -227,6 +233,9 @@ local function authorize() if http_only_cookies then cookie_tail = cookie_tail .. ";httponly" end + if cookie_domain ~= "" then + cookie_tail = cookie_tail .. ";Domain=" .. cookie_domain + end local email = profile["email"] local user_token = ngx.encode_base64(ngx.hmac_sha1(token_secret, cb_server_name .. email .. expires))