From 9b908043f5875f7c1307cf90afb721029bd5e7eb Mon Sep 17 00:00:00 2001 From: Daniel Earl Poirier Date: Sun, 2 May 2010 15:55:58 +0000 Subject: [PATCH] Add an example auth_check hook. Unfortunately without a base64 implementation in Lua, we cannot actually do basic auth in the hook, so just fake it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@940250 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_lua.xml | 39 ++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/docs/manual/mod/mod_lua.xml b/docs/manual/mod/mod_lua.xml index 976309dc39..a0b8deaca7 100644 --- a/docs/manual/mod/mod_lua.xml +++ b/docs/manual/mod/mod_lua.xml @@ -574,7 +574,44 @@ processing directory.htaccess All -

...

 + +

Invoke a lua function in the auth_checker phase of processing +a request. This can be used to implement arbitrary authentication +and authorization checking. A very simple example: +

+
+require 'apache2'
+
+-- fake authcheck hook
+-- If request has no auth info, set the response header and
+-- return a 401 to ask the browser for basic auth info.
+-- If request has auth info, don't actually look at it, just
+-- pretend we got userid 'foo' and validated it.
+-- Then check if the userid is 'foo' and accept the request.
+function authcheck_hook(r)
+
+   -- look for auth info
+   auth = r.headers_in['Authorization']
+   if auth ~= nil then
+     -- fake the user
+     r.user = 'foo'
+   end
+
+   if r.user == nil then
+      r:debug("authcheck: user is nil, returning 401")
+      r.err_headers_out['WWW-Authenticate'] = 'Basic realm="WallyWorld"'
+      return 401
+   elseif r.user == "foo" then
+      r:debug('user foo: OK')
+   else
+      r:debug("authcheck: user='" .. r.user .. "'")
+      r.err_headers_out['WWW-Authenticate'] = 'Basic realm="WallyWorld"'
+      return 401
+   end
+   return apache2.OK
+end
+
 + -- 2.40.0