Skip to content

Commit 29b18d2

Browse files
author
Maurits van der Schee
committed
Updated documentation as requested.
1 parent b51046b commit 29b18d2

File tree

2 files changed

+154
-0
lines changed

2 files changed

+154
-0
lines changed

README.markdown

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ Table of Contents
2929
* [set_decode_base32](#set_decode_base32)
3030
* [set_encode_base64](#set_encode_base64)
3131
* [set_decode_base64](#set_decode_base64)
32+
* [set_encode_base64url](#set_encode_base64url)
33+
* [set_decode_base64url](#set_decode_base64url)
3234
* [set_encode_hex](#set_encode_hex)
3335
* [set_decode_hex](#set_decode_hex)
3436
* [set_sha1](#set_sha1)
@@ -38,6 +40,7 @@ Table of Contents
3840
* [set_secure_random_alphanum](#set_secure_random_alphanum)
3941
* [set_secure_random_lcalpha](#set_secure_random_lcalpha)
4042
* [set_rotate](#set_rotate)
43+
* [set_expired](#set_expired)
4144
* [set_local_today](#set_local_today)
4245
* [set_formatted_gmt_time](#set_formatted_gmt_time)
4346
* [set_formatted_local_time](#set_formatted_local_time)
@@ -136,6 +139,15 @@ location /base64 {
136139
# $b == 'abcde'
137140
}
138141
142+
location /base64url {
143+
set $a 'abcde';
144+
set_encode_base64url $a;
145+
set_decode_base64url $b $a;
146+
147+
# now $a == 'YWJjZGU' and
148+
# $b == 'abcde'
149+
}
150+
139151
location /hex {
140152
set $a 'abcde';
141153
set_encode_hex $a;
@@ -177,6 +189,24 @@ location /signature {
177189
echo $signature;
178190
}
179191
192+
# GET /secure?e=1394493753&s=HkADYytcoQQzqbjQX33k_ZBB_DQ
193+
# returns 403 when signature on expire time is not correct OR
194+
# when expire time is passed. See: HttpSecureLinkModule.
195+
# This example has a valid signed expiry at 2030-01-01. Output:
196+
# "OK"
197+
location /secure {
198+
set_hmac_sha1 $signature 'secret-key' $arg_e;
199+
set_encode_base64url $signature;
200+
if ($signature != $arg_s) {
201+
return 403;
202+
}
203+
set_expired $expired $arg_e;
204+
if ($expired) {
205+
return 403;
206+
}
207+
echo "OK";
208+
}
209+
180210
location = /rand {
181211
set $from 3;
182212
set $to 15;
@@ -627,6 +657,42 @@ Similar to the [set_encode_base64](#set_encode_base64) directive, but does exact
627657

628658
[Back to TOC](#table-of-contents)
629659

660+
set_encode_base64url
661+
--------------------
662+
**syntax:** *set_encode_base64url $dst <src>*
663+
664+
**syntax:** *set_encode_base64url $dst*
665+
666+
**default:** *no*
667+
668+
**context:** *location, location if*
669+
670+
**phase:** *rewrite*
671+
672+
**category:** *ndk_set_var_value*
673+
674+
Similar to the [set_encode_base64](#set_encode_base64) directive, but uses URL safe base64 variant, '+' becomes '-', '/' becomes '_' and there is no padding with '=' characters.
675+
676+
[Back to TOC](#table-of-contents)
677+
678+
set_decode_base64url
679+
--------------------
680+
**syntax:** *set_decode_base64url $dst <src>*
681+
682+
**syntax:** *set_decode_base64url $dst*
683+
684+
**default:** *no*
685+
686+
**context:** *location, location if*
687+
688+
**phase:** *rewrite*
689+
690+
**category:** *ndk_set_var_value*
691+
692+
Similar to the [set_encode_base64url](#set_encode_base64url) directive, but does exactly the the opposite operation, .i.e, decoding a base64url digest into its original form.
693+
694+
[Back to TOC](#table-of-contents)
695+
630696
set_encode_hex
631697
--------------
632698
**syntax:** *set_encode_hex $dst <src>*
@@ -1010,6 +1076,23 @@ This directive was first introduced in the `v0.22rc7` release.
10101076

10111077
[Back to TOC](#table-of-contents)
10121078

1079+
set_expired
1080+
-----------
1081+
**syntax:** *set_expired $dst <timestamp>*
1082+
1083+
**default:** *no*
1084+
1085+
**context:** *location, location if*
1086+
1087+
**phase:** *rewrite*
1088+
1089+
Sets `$dst` to either `1` or `0`, dependent on whether or not the
1090+
timestamp as defined in `timestamp` (seconds since 1970-01-01 00:00:00) is or is not in the past.
1091+
1092+
Behind the scene, this directive utilizes the `ngx_time` API in the Nginx core, so usually no syscall is involved due to the time caching mechanism in the Nginx core.
1093+
1094+
[Back to TOC](#table-of-contents)
1095+
10131096
set_local_today
10141097
---------------
10151098
**syntax:** *set_local_today $dst*

doc/HttpSetMiscModule.wiki

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,15 @@ This document describes ngx_set_misc [https://github.com/agentzh/set-misc-nginx-
8484
# $b == 'abcde'
8585
}
8686
87+
location /base64url {
88+
set $a 'abcde';
89+
set_encode_base64url $a;
90+
set_decode_base64url $b $a;
91+
92+
# now $a == 'YWJjZGU' and
93+
# $b == 'abcde'
94+
}
95+
8796
location /hex {
8897
set $a 'abcde';
8998
set_encode_hex $a;
@@ -125,6 +134,24 @@ This document describes ngx_set_misc [https://github.com/agentzh/set-misc-nginx-
125134
echo $signature;
126135
}
127136
137+
# GET /secure?e=1394493753&s=HkADYytcoQQzqbjQX33k_ZBB_DQ
138+
# returns 403 when signature on expire time is not correct OR
139+
# when expire time is passed. See: HttpSecureLinkModule.
140+
# This example has a valid signed expiry at 2030-01-01. Output:
141+
# "OK"
142+
location /secure {
143+
set_hmac_sha1 $signature 'secret-key' $arg_e;
144+
set_encode_base64url $signature;
145+
if ($signature != $arg_s) {
146+
return 403;
147+
}
148+
set_expired $expired $arg_e;
149+
if ($expired) {
150+
return 403;
151+
}
152+
echo "OK";
153+
}
154+
128155
location = /rand {
129156
set $from 3;
130157
set $to 15;
@@ -518,6 +545,36 @@ This directive can be invoked by [[HttpLuaModule]]'s [[HttpLuaModule#ndk.set_var
518545
519546
Similar to the [[#set_encode_base64|set_encode_base64]] directive, but does exactly the the opposite operation, .i.e, decoding a base64 digest into its original form.
520547
548+
== set_encode_base64url ==
549+
'''syntax:''' ''set_encode_base64url $dst <src>''
550+
551+
'''syntax:''' ''set_encode_base64url $dst''
552+
553+
'''default:''' ''no''
554+
555+
'''context:''' ''location, location if''
556+
557+
'''phase:''' ''rewrite''
558+
559+
'''category:''' ''ndk_set_var_value''
560+
561+
Similar to the [[#set_encode_base64|set_encode_base64]] directive, but uses URL safe base64 variant, '+' becomes '-', '/' becomes '_' and there is no padding with '=' characters.
562+
563+
== set_decode_base64url ==
564+
'''syntax:''' ''set_decode_base64url $dst <src>''
565+
566+
'''syntax:''' ''set_decode_base64url $dst''
567+
568+
'''default:''' ''no''
569+
570+
'''context:''' ''location, location if''
571+
572+
'''phase:''' ''rewrite''
573+
574+
'''category:''' ''ndk_set_var_value''
575+
576+
Similar to the [[#set_encode_base64url|set_encode_base64url]] directive, but does exactly the the opposite operation, .i.e, decoding a base64url digest into its original form.
577+
521578
== set_encode_hex ==
522579
'''syntax:''' ''set_encode_hex $dst <src>''
523580
@@ -862,6 +919,20 @@ And accessing <code>/rotate</code> will also output integer sequence 0, 1, 2, 3,
862919
863920
This directive was first introduced in the <code>v0.22rc7</code> release.
864921
922+
== set_expired ==
923+
'''syntax:''' ''set_expired $dst <timestamp>''
924+
925+
'''default:''' ''no''
926+
927+
'''context:''' ''location, location if''
928+
929+
'''phase:''' ''rewrite''
930+
931+
Sets <code>$dst</code> to either <code>1</code> or <code>0</code>, dependent on whether or not the
932+
timestamp as defined in <code>timestamp</code> (seconds since 1970-01-01 00:00:00) is or is not in the past.
933+
934+
Behind the scene, this directive utilizes the <code>ngx_time</code> API in the Nginx core, so usually no syscall is involved due to the time caching mechanism in the Nginx core.
935+
865936
== set_local_today ==
866937
'''syntax:''' ''set_local_today $dst''
867938

0 commit comments

Comments
 (0)