Query for authorization username
Guillaume Quintard
guillaume.quintard at gmail.com
Mon Oct 25 21:58:27 UTC 2021
I think it's close to optimal, given the current tools. I would probably
try to move away from regsub() and use vmod_str (
https://github.com/varnish/varnish-modules/blob/master/src/vmod_str.vcc#L42),
and maaaaaaybe use multiple assignments rather than on big expressions, but
that's a personal preference at this point.
It would look like something like this in my mind (highly untested, don't
sue me if your computer explodes):
import var;
import str;
import blob;
sub vcl_recv {
if (str.split(req.http.Authorization, 0) == "Basic") {
var.set("b64", str.split(req.http.Authorization, 1));
var.set("decoded", bob.transcode(encoding = BASE64URL, encoded =
var.get("b64")));
set req.http.X-Auth-User = str.split(var.get("decoded"), 0, ":");
}
}
everything in one expression:
set req.http.X-Auth-User = str.split(
blob.transcode(
encoding = BASE64URL,
encoded = str.split(req.http.Authorization,
1))
),
0,
":"
);
You should possibly use blob.transcode() anyway.
--
Guillaume Quintard
On Mon, Oct 25, 2021 at 11:25 AM Justin Lloyd <justinl at arena.net> wrote:
> In my dev environment, I have a few users configured to use Basic
> authorization (configured in the Nginx backend) and I’d like to be able to
> perform VSL queries based on the auth user. This is what I was able to come
> up with, but I’m wondering if there is a simpler way that I’m just not
> seeing.
>
>
>
> require blob;
>
> if (req.http.Authorization) {
>
> set req.http.X-Auth-User = regsub(blob.encode(IDENTITY,
>
> blob=blob.decode(BASE64,
>
>
> encoded=regsub(req.http.Authorization, "^Basic (.*)", "\1"))),
>
> ":.*$", "");
>
> }
>
>
>
> varnishtop -I ReqHeader:X-Auth-User
>
> varnishlog -i ReqURL -q 'ReqHeader:X-Auth-User ~ “someuser”'
>
>
>
> Thanks,
>
> Justin
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20211025/dae4de00/attachment-0001.html>
More information about the varnish-misc
mailing list