Query for authorization username

Guillaume Quintard guillaume.quintard at gmail.com
Mon Oct 25 21:58:27 UTC 2021 

I think it's close to optimal, given the current tools. I would probably
try to move away from regsub() and use vmod_str (
https://github.com/varnish/varnish-modules/blob/master/src/vmod_str.vcc#L42),
and maaaaaaybe use multiple assignments rather than on big expressions, but
that's a personal preference at this point.

It would look like something like this in my mind (highly untested, don't
sue me if your computer explodes):

import var;
import str;
import blob;

sub vcl_recv {
    if (str.split(req.http.Authorization, 0) == "Basic") {
        var.set("b64", str.split(req.http.Authorization, 1));
        var.set("decoded", bob.transcode(encoding = BASE64URL, encoded =
var.get("b64")));
        set req.http.X-Auth-User = str.split(var.get("decoded"), 0, ":");
    }
}


everything in one expression:

set req.http.X-Auth-User = str.split(
                               blob.transcode(
                                   encoding = BASE64URL,
                                   encoded = str.split(req.http.Authorization,
1))
                               ),
                               0,
                               ":"
                           );


You should possibly use blob.transcode() anyway.

--
Guillaume Quintard


On Mon, Oct 25, 2021 at 11:25 AM Justin Lloyd <justinl at arena.net> wrote:

> In my dev environment, I have a few users configured to use Basic
> authorization (configured in the Nginx backend) and I’d like to be able to
> perform VSL queries based on the auth user. This is what I was able to come
> up with, but I’m wondering if there is a simpler way that I’m just not
> seeing.
>
>
>
> require blob;
>
> if (req.http.Authorization) {
>
>     set req.http.X-Auth-User = regsub(blob.encode(IDENTITY,
>
>                                                   blob=blob.decode(BASE64,
>
>
> encoded=regsub(req.http.Authorization, "^Basic (.*)", "\1"))),
>
>                                       ":.*$", "");
>
> }
>
>
>
> varnishtop -I ReqHeader:X-Auth-User
>
> varnishlog -i ReqURL -q 'ReqHeader:X-Auth-User ~ “someuser”'
>
>
>
> Thanks,
>
> Justin
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20211025/dae4de00/attachment-0001.html>

More information about the varnish-misc mailing list