Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bunkerweb 1.4.0

Browse Source
This commit is contained in:
bunkerity
2022-06-03 17:24:14 +02:00
parent 3a078326c5
commit a9f886804a
5245 changed files with 1432051 additions and 27894 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
deps/src/lua-resty-core/.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
*.t linguist-language=Text

27
deps/src/lua-resty-core/.github/ISSUE_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,27 @@
This place is for bug reports and development discussions only. For general questions and
discussions, please join the openresty-en mailing list instead: https://groups.google.com/group/openresty-en.
If you want to use Chinese, please join the openresty (Chinese) mailing list instead: https://groups.google.com/group/openresty.
Do not use Chinese in this place.
Before you open a new issue, please search the internet and make sure it is not duplicate.
Ensure you have provided the following details while reporting a problem:
- [ ] The exact version of the related software, including but not limited to the OpenResty version
(if any), the NGINX core version, the `ngx_lua` module version(via `openresty -V` or `nginx -V`),
and the `lua-resty-core` version(via `resty -e 'print(require("resty.core").version)'`),
and your operating system version(via `uname -a`).
- [ ] **A minimal and standalone test case** that others can easily run on their side and
reproduce the issue you are seeing.
- [ ] Do not simply say "something is broken" or "something does not work". Always provide
as much details as possible. Always describe **the symptoms and your expected results**.
You can (temporarily) enable the nginx debugging logs to see the internal workings
of NGINX in your nginx''s `error.log` file. See http://nginx.org/en/docs/debugging_log.html
The same instructions apply equally well to OpenResty.
If you are seeing crashes, please provide the full backtrace for the crash. See
https://www.nginx.com/resources/wiki/start/topics/tutorials/debugging/#core-dump
for more details.
Thanks for your cooperation.

2
deps/src/lua-resty-core/.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,2 @@
I hereby granted the copyright of the changes in this pull request
to the authors of this lua-resty-core project.

11
deps/src/lua-resty-core/.gitignore vendored Normal file
View File

@@ -0,0 +1,11 @@
*.swp
*.swo
*~
go
t/servroot*
reindex
nginx
ctags
tags
a.lua
mockeagain.so

6
deps/src/lua-resty-core/.luacheckrc vendored Normal file
View File

@@ -0,0 +1,6 @@
std = 'ngx_lua'
globals = { 'ngx', 'ndk' }
unused_args = false
read_globals = {
"coroutine._yield"
}

103
deps/src/lua-resty-core/.travis.yml vendored Normal file
View File

@@ -0,0 +1,103 @@
sudo: required
dist: trusty
os: linux
language: c
compiler:
- gcc
- clang
addons:
apt:
packages:
- cpanminus
- axel
- luarocks
cache:
directories:
- download-cache
env:
global:
- JOBS=2
- NGX_BUILD_JOBS=$JOBS
- LUAJIT_PREFIX=/opt/luajit21
- LUAJIT_LIB=$LUAJIT_PREFIX/lib
- LUAJIT_INC=$LUAJIT_PREFIX/include/luajit-2.1
- LUA_INCLUDE_DIR=$LUAJIT_INC
- LUA_CMODULE_DIR=/lib
- PCRE_VER=8.40
- PCRE_PREFIX=/opt/pcre
- PCRE_LIB=$PCRE_PREFIX/lib
- PCRE_INC=$PCRE_PREFIX/include
- OPENSSL_PREFIX=/opt/ssl
- OPENSSL_LIB=$OPENSSL_PREFIX/lib
- OPENSSL_INC=$OPENSSL_PREFIX/include
- LD_LIBRARY_PATH=$LUAJIT_LIB:$LD_LIBRARY_PATH
- TEST_NGINX_SLEEP=0.005
- TEST_NGINX_RANDOMIZE=1
- LUACHECK_VER=0.21.1
matrix:
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.0.2u OPENSSL_PATCH_VER=1.0.2h
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.1.1g OPENSSL_PATCH_VER=1.1.1f
services:
- memcache
before_install:
- sudo luarocks install luacheck $LUACHECK_VER
- luacheck -q .
- '! grep -n -P ''(?<=.{80}).+'' --color `find . -name ''*.lua''` || (echo "ERROR: Found Lua source lines exceeding 80 columns." > /dev/stderr; exit 1)'
- '! grep -n -P ''\t+'' --color `find . -name ''*.lua''` || (echo "ERROR: Cannot use tabs." > /dev/stderr; exit 1)'
- sudo cpanm --notest Test::Nginx IPC::Run > build.log 2>&1 || (cat build.log && exit 1)
install:
- if [ ! -d download-cache ]; then mkdir download-cache; fi
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- if [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-$PCRE_VER.tar.gz; fi
- git clone https://github.com/openresty/openresty.git ../openresty
- git clone https://github.com/openresty/openresty-devel-utils.git
- git clone https://github.com/simpl/ngx_devel_kit.git ../ndk-nginx-module
- git clone https://github.com/openresty/lua-nginx-module.git ../lua-nginx-module
- git clone https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx
- git clone https://github.com/openresty/echo-nginx-module.git ../echo-nginx-module
- git clone https://github.com/openresty/lua-resty-lrucache.git
- git clone https://github.com/openresty/headers-more-nginx-module.git ../headers-more-nginx-module
- git clone -b v2.1-agentzh https://github.com/openresty/luajit2.git luajit2
- git clone https://github.com/openresty/set-misc-nginx-module.git ../set-misc-nginx-module
- git clone https://github.com/openresty/mockeagain.git
- git clone https://github.com/openresty/test-nginx.git
- git clone https://github.com/openresty/stream-lua-nginx-module.git ../stream-lua-nginx-module
script:
- cd luajit2/
- make -j$JOBS CCDEBUG=-g Q= PREFIX=$LUAJIT_PREFIX CC=$CC XCFLAGS='-DLUA_USE_APICHECK -DLUA_USE_ASSERT -msse4.2' > build.log 2>&1 || (cat build.log && exit 1)
- sudo make install PREFIX=$LUAJIT_PREFIX > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
- cd lua-resty-lrucache && sudo make DESTDIR=$LUAJIT_PREFIX LUA_LIB_DIR=/share/lua/5.1 install && cd ..
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
- cd openssl-$OPENSSL_VER/
- if [ -n "$OPENSSL_PATCH_VER" ]; then patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; fi
- ./config no-threads shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)
- cd ../mockeagain/ && make CC=$CC -j$JOBS && cd ..
- tar zxf download-cache/pcre-$PCRE_VER.tar.gz
- cd pcre-$PCRE_VER/
- ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
- export PATH=$PWD/work/nginx/sbin:$PWD/openresty-devel-utils:$PATH
- export LD_PRELOAD=$PWD/mockeagain/mockeagain.so
- export LD_LIBRARY_PATH=$PWD/mockeagain:$LD_LIBRARY_PATH
- export TEST_NGINX_RESOLVER=8.8.4.4
- export NGX_BUILD_CC=$CC
- ngx-build $NGINX_VERSION --with-ipv6 --with-http_realip_module --with-http_ssl_module --with-pcre-jit --with-cc-opt="-I$OPENSSL_INC -I$PCRE_INC" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB -L$PCRE_LIB -Wl,-rpath,$PCRE_LIB" --add-module=../ndk-nginx-module --add-module=../echo-nginx-module --add-module=../set-misc-nginx-module --add-module=../headers-more-nginx-module --add-module=../lua-nginx-module --with-debug --with-stream_ssl_module --with-stream --with-ipv6 --add-module=../stream-lua-nginx-module > build.log 2>&1 || (cat build.log && exit 1)
- nginx -V
- ldd `which nginx`|grep -E 'luajit|ssl|pcre'
- prove -Itest-nginx/lib -j$JOBS -r t

24
deps/src/lua-resty-core/Makefile vendored Normal file
View File

@@ -0,0 +1,24 @@
OPENRESTY_PREFIX=/usr/local/openresty
#LUA_VERSION := 5.1
PREFIX ?= /usr/local
LUA_INCLUDE_DIR ?= $(PREFIX)/include
LUA_LIB_DIR ?= $(PREFIX)/lib/lua/$(LUA_VERSION)
INSTALL ?= install
.PHONY: all test install
all: ;
install: all
$(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/resty/core/
$(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/ngx/
$(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/ngx/ssl
$(INSTALL) lib/resty/*.lua $(DESTDIR)$(LUA_LIB_DIR)/resty/
$(INSTALL) lib/resty/core/*.lua $(DESTDIR)$(LUA_LIB_DIR)/resty/core/
$(INSTALL) lib/ngx/*.lua $(DESTDIR)$(LUA_LIB_DIR)/ngx/
$(INSTALL) lib/ngx/ssl/*.lua $(DESTDIR)$(LUA_LIB_DIR)/ngx/ssl/
test: all
PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$$PATH prove -I../test-nginx/lib -r t

417
deps/src/lua-resty-core/README.markdown vendored Normal file
View File

@@ -0,0 +1,417 @@
Name
====
lua-resty-core - New FFI-based Lua API for ngx_http_lua_module and/or ngx_stream_lua_module
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Prerequisites](#prerequisites)
* [API Implemented](#api-implemented)
* [resty.core.hash](#restycorehash)
* [resty.core.base64](#restycorebase64)
* [resty.core.uri](#restycoreuri)
* [resty.core.regex](#restycoreregex)
* [resty.core.exit](#restycoreexit)
* [resty.core.shdict](#restycoreshdict)
* [resty.core.var](#restycorevar)
* [resty.core.ctx](#restycorectx)
* [get_ctx_table](#get_ctx_table)
* [resty.core.request](#restycorerequest)
* [resty.core.response](#restycoreresponse)
* [resty.core.misc](#restycoremisc)
* [resty.core.time](#restycoretime)
* [resty.core.worker](#restycoreworker)
* [resty.core.phase](#restycorephase)
* [resty.core.ndk](#restycorendk)
* [resty.core.socket](#restycoresocket)
* [ngx.semaphore](#ngxsemaphore)
* [ngx.balancer](#ngxbalancer)
* [ngx.ssl](#ngxssl)
* [ngx.ssl.session](#ngxsslsession)
* [ngx.re](#ngxre)
* [ngx.resp](#ngxresp)
* [ngx.pipe](#ngxpipe)
* [ngx.process](#ngxprocess)
* [ngx.errlog](#ngxerrlog)
* [ngx.base64](#ngxbase64)
* [Caveat](#caveat)
* [TODO](#todo)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This library is production ready.
Synopsis
========
This library is automatically loaded by default in OpenResty 1.15.8.1. This
behavior can be disabled via the
[lua_load_resty_core](https://github.com/openresty/lua-nginx-module#lua_load_resty_core)
directive, but note that the use of this library is vividly recommended, as its
FFI implementation is both faster, safer, and more complete than the Lua C API
of the ngx_lua module.
If you are using an older version of OpenResty, you must load this library like
so:
```nginx
# nginx.conf
http {
# you do NOT need to configure the following line when you
# are using the OpenResty bundle 1.4.3.9+.
lua_package_path "/path/to/lua-resty-core/lib/?.lua;;";
init_by_lua_block {
require "resty.core"
collectgarbage("collect") -- just to collect any garbage
}
...
}
```
Description
===========
This pure Lua library reimplements part of the [ngx_lua](https://github.com/openresty/lua-nginx-module#readme) module's
[Nginx API for Lua](https://github.com/openresty/lua-nginx-module#nginx-api-for-lua)
with LuaJIT FFI and installs the new FFI-based Lua API into the ngx.* and ndk.* namespaces
used by the ngx_lua module.
In addition, this Lua library implements any significant new Lua APIs of
the [ngx_lua](https://github.com/openresty/lua-nginx-module#readme) module
as proper Lua modules, like [ngx.semaphore](#ngxsemaphore) and [ngx.balancer](#ngxbalancer).
The FFI-based Lua API can work with LuaJIT's JIT compiler. ngx_lua's default API is based on the standard
Lua C API, which will never be JIT compiled and the user Lua code is always interpreted (slowly).
Support for the new [ngx_stream_lua_module](https://github.com/openresty/stream-lua-nginx-module) has also begun.
This library is shipped with the OpenResty bundle by default. So you do not really need to worry about the dependencies
and requirements.
[Back to TOC](#table-of-contents)
Prerequisites
=============
**WARNING** This library is included with every OpenResty release. You should use the bundled version
of this library in the particular OpenResty release you are using. Otherwise you may run
into serious compatibility issues.
* LuaJIT 2.1 (for now, it is the v2.1 git branch in the official luajit-2.0 git repository: http://luajit.org/download.html )
* [ngx_http_lua_module](https://github.com/openresty/lua-nginx-module) v0.10.20.
* [ngx_stream_lua_module](https://github.com/openresty/stream-lua-nginx-module) v0.0.10.
* [lua-resty-lrucache](https://github.com/openresty/lua-resty-lrucache)
[Back to TOC](#table-of-contents)
API Implemented
===============
[Back to TOC](#table-of-contents)
## resty.core.hash
* [ngx.md5](https://github.com/openresty/lua-nginx-module#ngxmd5)
* [ngx.md5_bin](https://github.com/openresty/lua-nginx-module#ngxmd5_bin)
* [ngx.sha1_bin](https://github.com/openresty/lua-nginx-module#ngxsha1_bin)
[Back to TOC](#table-of-contents)
## resty.core.base64
* [ngx.encode_base64](https://github.com/openresty/lua-nginx-module#ngxencode_base64)
* [ngx.decode_base64](https://github.com/openresty/lua-nginx-module#ngxdecode_base64)
[Back to TOC](#table-of-contents)
## resty.core.uri
* [ngx.escape_uri](https://github.com/openresty/lua-nginx-module#ngxescape_uri)
* [ngx.unescape_uri](https://github.com/openresty/lua-nginx-module#ngxunescape_uri)
[Back to TOC](#table-of-contents)
## resty.core.regex
* [ngx.re.match](https://github.com/openresty/lua-nginx-module#ngxrematch)
* [ngx.re.gmatch](https://github.com/openresty/lua-nginx-module#ngxregmatch)
* [ngx.re.find](https://github.com/openresty/lua-nginx-module#ngxrefind)
* [ngx.re.sub](https://github.com/openresty/lua-nginx-module#ngxresub)
* [ngx.re.gsub](https://github.com/openresty/lua-nginx-module#ngxregsub)
[Back to TOC](#table-of-contents)
## resty.core.exit
* [ngx.exit](https://github.com/openresty/lua-nginx-module#ngxexit)
[Back to TOC](#table-of-contents)
## resty.core.shdict
* [ngx.shared.DICT.get](https://github.com/openresty/lua-nginx-module#ngxshareddictget)
* [ngx.shared.DICT.get_stale](https://github.com/openresty/lua-nginx-module#ngxshareddictget_stale)
* [ngx.shared.DICT.incr](https://github.com/openresty/lua-nginx-module#ngxshareddictincr)
* [ngx.shared.DICT.set](https://github.com/openresty/lua-nginx-module#ngxshareddictset)
* [ngx.shared.DICT.safe_set](https://github.com/openresty/lua-nginx-module#ngxshareddictsafe_set)
* [ngx.shared.DICT.add](https://github.com/openresty/lua-nginx-module#ngxshareddictadd)
* [ngx.shared.DICT.safe_add](https://github.com/openresty/lua-nginx-module#ngxshareddictsafe_add)
* [ngx.shared.DICT.replace](https://github.com/openresty/lua-nginx-module#ngxshareddictreplace)
* [ngx.shared.DICT.delete](https://github.com/openresty/lua-nginx-module#ngxshareddictdelete)
* [ngx.shared.DICT.ttl](https://github.com/openresty/lua-nginx-module#ngxshareddictttl)
* [ngx.shared.DICT.expire](https://github.com/openresty/lua-nginx-module#ngxshareddictexpire)
* [ngx.shared.DICT.flush_all](https://github.com/openresty/lua-nginx-module#ngxshareddictflush_all)
* [ngx.shared.DICT.free_space](https://github.com/openresty/lua-nginx-module#ngxshareddictfree_space)
* [ngx.shared.DICT.capacity](https://github.com/openresty/lua-nginx-module#ngxshareddictcapacity)
[Back to TOC](#table-of-contents)
## resty.core.var
* [ngx.var.VARIABLE](https://github.com/openresty/lua-nginx-module#ngxvarvariable)
[Back to TOC](#table-of-contents)
## resty.core.ctx
* [ngx.ctx](https://github.com/openresty/lua-nginx-module#ngxctx)
[Back to TOC](#table-of-contents)
## get_ctx_table
**syntax:** *ctx = resty.core.ctx.get_ctx_table(ctx?)*
Similar to [ngx.ctx](#restycorectx) but it accepts an optional `ctx` argument.
It will use the `ctx` from caller instead of creating a new table
when the `ctx` table does not exist.
Notice: the `ctx` table will be used in the current request's whole life cycle.
Please be very careful when you try to reuse the `ctx` table.
You need to make sure there is no Lua code using or going to use the `ctx` table
in the current request before you reusing the `ctx` table in some other place.
[Back to TOC](#table-of-contents)
## resty.core.request
* [ngx.req.get_headers](https://github.com/openresty/lua-nginx-module#ngxreqget_headers)
* [ngx.req.get_uri_args](https://github.com/openresty/lua-nginx-module#ngxreqget_uri_args)
* [ngx.req.start_time](https://github.com/openresty/lua-nginx-module#ngxreqstart_time)
* [ngx.req.get_method](https://github.com/openresty/lua-nginx-module#ngxreqget_method)
* [ngx.req.set_method](https://github.com/openresty/lua-nginx-module#ngxreqset_method)
* [ngx.req.set_header](https://github.com/openresty/lua-nginx-module#ngxreqset_header)
* [ngx.req.clear_header](https://github.com/openresty/lua-nginx-module#ngxreqclear_header)
[Back to TOC](#table-of-contents)
## resty.core.response
* [ngx.header.HEADER](https://github.com/openresty/lua-nginx-module#ngxheaderheader)
[Back to TOC](#table-of-contents)
## resty.core.misc
* [ngx.status](https://github.com/openresty/lua-nginx-module#ngxstatus)
* [ngx.is_subrequest](https://github.com/openresty/lua-nginx-module#ngxis_subrequest)
* [ngx.headers_sent](https://github.com/openresty/lua-nginx-module#ngxheaders_sent)
[Back to TOC](#table-of-contents)
## resty.core.time
* [ngx.time](https://github.com/openresty/lua-nginx-module#ngxtime)
* [ngx.now](https://github.com/openresty/lua-nginx-module#ngxnow)
* [ngx.update_time](https://github.com/openresty/lua-nginx-module#ngxupdate_time)
* [ngx.localtime](https://github.com/openresty/lua-nginx-module#ngxlocaltime)
* [ngx.utctime](https://github.com/openresty/lua-nginx-module#ngxutctime)
* [ngx.cookie_time](https://github.com/openresty/lua-nginx-module#ngxcookie_time)
* [ngx.http_time](https://github.com/openresty/lua-nginx-module#ngxhttp_time)
* [ngx.parse_http_time](https://github.com/openresty/lua-nginx-module#ngxparse_http_time)
[Back to TOC](#table-of-contents)
## resty.core.worker
* [ngx.worker.exiting](https://github.com/openresty/lua-nginx-module#ngxworkerexiting)
* [ngx.worker.pid](https://github.com/openresty/lua-nginx-module#ngxworkerpid)
* [ngx.worker.id](https://github.com/openresty/lua-nginx-module#ngxworkerid)
* [ngx.worker.count](https://github.com/openresty/lua-nginx-module#ngxworkercount)
[Back to TOC](#table-of-contents)
## resty.core.phase
* [ngx.get_phase](https://github.com/openresty/lua-nginx-module#ngxget_phase)
[Back to TOC](#table-of-contents)
## resty.core.ndk
* [ndk.set_var](https://github.com/openresty/lua-nginx-module#ndkset_vardirective)
[Back to TOC](#table-of-contents)
## resty.core.socket
* [socket.setoption](https://github.com/openresty/lua-nginx-module#tcpsocksetoption)
[Back to TOC](#table-of-contents)
## ngx.semaphore
This Lua module implements a semaphore API for efficient "light thread" synchronization,
which can work across different requests (but not across nginx worker processes).
See the [documentation](./lib/ngx/semaphore.md) for this Lua module for more details.
[Back to TOC](#table-of-contents)
## ngx.balancer
This Lua module implements for defining dynamic upstream balancers in Lua.
See the [documentation](./lib/ngx/balancer.md) for this Lua module for more details.
[Back to TOC](#table-of-contents)
## ngx.ssl
This Lua module provides a Lua API for controlling SSL certificates, private keys,
SSL protocol versions, and etc in NGINX downstream SSL handshakes.
See the [documentation](./lib/ngx/ssl.md) for this Lua module for more details.
[Back to TOC](#table-of-contents)
## ngx.ssl.session
This Lua module provides a Lua API for manipulating SSL session data and IDs
for NGINX downstream SSL connections.
See the [documentation](./lib/ngx/ssl/session.md) for this Lua module for more details.
[Back to TOC](#table-of-contents)
## ngx.re
This Lua module provides a Lua API which implements convenience utilities for
the `ngx.re` API.
See the [documentation](./lib/ngx/re.md) for this Lua module for more details.
[Back to TOC](#table-of-contents)
## ngx.resp
This Lua module provides Lua API which could be used to handle HTTP response.
See the [documentation](./lib/ngx/resp.md) for this Lua module for more details.
[Back to TOC](#table-of-contents)
## ngx.pipe
This module provides a Lua API to spawn processes and communicate with them in
a non-blocking fashion.
See the [documentation](./lib/ngx/pipe.md) for this Lua module for more
details.
This module was first introduced in lua-resty-core v0.1.16.
[Back to TOC](#table-of-contents)
## ngx.process
This Lua module is used to manage the nginx process in Lua.
See the [documentation](./lib/ngx/process.md) for this Lua module for more details.
This module was first introduced in lua-resty-core v0.1.12.
[Back to TOC](#table-of-contents)
## ngx.errlog
This Lua module provides Lua API to capture and manage nginx error log messages.
See the [documentation](./lib/ngx/errlog.md) for this Lua module for more details.
This module was first introduced in lua-resty-core v0.1.12.
[Back to TOC](#table-of-contents)
## ngx.base64
This Lua module provides Lua API to urlsafe base64 encode/decode.
See the [documentation](./lib/ngx/base64.md) for this Lua module for more details.
This module was first introduced in lua-resty-core v0.1.14.
[Back to TOC](#table-of-contents)
Caveat
======
If the user Lua code is not JIT compiled, then use of this library may
lead to performance drop in interpreted mode. You will only observe
speedup when you get a good part of your user Lua code JIT compiled.
[Back to TOC](#table-of-contents)
TODO
====
* Re-implement `ngx_lua`'s cosocket API with FFI.
* Re-implement `ngx_lua`'s `ngx.eof` and `ngx.flush` API functions with FFI.
[Back to TOC](#table-of-contents)
Author
======
Yichun "agentzh" Zhang (章亦春) <agentzh@gmail.com>, OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2013-2019, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the ngx_lua module: https://github.com/openresty/lua-nginx-module#readme
* LuaJIT FFI: http://luajit.org/ext_ffi.html
[Back to TOC](#table-of-contents)

10
deps/src/lua-resty-core/dist.ini vendored Normal file
View File

@@ -0,0 +1,10 @@
name=lua-resty-core
abstract=New FFI-based Lua API for the ngx_lua module
author=Yichun "agentzh" Zhang (agentzh)
is_original=yes
license=2bsd
lib_dir=lib
doc_dir=lib
repo_link=https://github.com/openresty/lua-resty-core
main_module=lib/resty/core/base.lua
requires = luajit >= 2.1.0, nginx >= 1.13.6, ngx_http_lua = 0.10.13, openresty/lua-resty-lrucache >= 0.08

234
deps/src/lua-resty-core/lib/ngx/balancer.lua vendored Normal file
View File

@@ -0,0 +1,234 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
local ffi = require "ffi"
local C = ffi.C
local ffi_str = ffi.string
local errmsg = base.get_errmsg_ptr()
local FFI_OK = base.FFI_OK
local FFI_ERROR = base.FFI_ERROR
local int_out = ffi.new("int[1]")
local get_request = base.get_request
local error = error
local type = type
local tonumber = tonumber
local max = math.max
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_balancer_set_current_peer
local ngx_lua_ffi_balancer_set_more_tries
local ngx_lua_ffi_balancer_get_last_failure
local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r,
const unsigned char *addr, size_t addr_len, int port, char **err);
int ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r,
int count, char **err);
int ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r,
int *status, char **err);
int ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r,
long connect_timeout, long send_timeout,
long read_timeout, char **err);
int ngx_http_lua_ffi_balancer_recreate_request(ngx_http_request_t *r,
char **err);
]]
ngx_lua_ffi_balancer_set_current_peer =
C.ngx_http_lua_ffi_balancer_set_current_peer
ngx_lua_ffi_balancer_set_more_tries =
C.ngx_http_lua_ffi_balancer_set_more_tries
ngx_lua_ffi_balancer_get_last_failure =
C.ngx_http_lua_ffi_balancer_get_last_failure
ngx_lua_ffi_balancer_set_timeouts =
C.ngx_http_lua_ffi_balancer_set_timeouts
elseif subsystem == 'stream' then
ffi.cdef[[
int ngx_stream_lua_ffi_balancer_set_current_peer(
ngx_stream_lua_request_t *r,
const unsigned char *addr, size_t addr_len, int port, char **err);
int ngx_stream_lua_ffi_balancer_set_more_tries(ngx_stream_lua_request_t *r,
int count, char **err);
int ngx_stream_lua_ffi_balancer_get_last_failure(
ngx_stream_lua_request_t *r, int *status, char **err);
int ngx_stream_lua_ffi_balancer_set_timeouts(ngx_stream_lua_request_t *r,
long connect_timeout, long timeout, char **err);
]]
ngx_lua_ffi_balancer_set_current_peer =
C.ngx_stream_lua_ffi_balancer_set_current_peer
ngx_lua_ffi_balancer_set_more_tries =
C.ngx_stream_lua_ffi_balancer_set_more_tries
ngx_lua_ffi_balancer_get_last_failure =
C.ngx_stream_lua_ffi_balancer_get_last_failure
local ngx_stream_lua_ffi_balancer_set_timeouts =
C.ngx_stream_lua_ffi_balancer_set_timeouts
ngx_lua_ffi_balancer_set_timeouts =
function(r, connect_timeout, send_timeout, read_timeout, err)
local timeout = max(send_timeout, read_timeout)
return ngx_stream_lua_ffi_balancer_set_timeouts(r, connect_timeout,
timeout, err)
end
else
error("unknown subsystem: " .. subsystem)
end
local peer_state_names = {
[1] = "keepalive",
[2] = "next",
[4] = "failed",
}
local _M = { version = base.version }
function _M.set_current_peer(addr, port)
local r = get_request()
if not r then
error("no request found")
end
if not port then
port = 0
elseif type(port) ~= "number" then
port = tonumber(port)
end
local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr,
port, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
function _M.set_more_tries(count)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_balancer_set_more_tries(r, count, errmsg)
if rc == FFI_OK then
if errmsg[0] == nil then
return true
end
return true, ffi_str(errmsg[0]) -- return the warning
end
return nil, ffi_str(errmsg[0])
end
function _M.get_last_failure()
local r = get_request()
if not r then
error("no request found")
end
local state = ngx_lua_ffi_balancer_get_last_failure(r, int_out, errmsg)
if state == 0 then
return nil
end
if state == FFI_ERROR then
return nil, nil, ffi_str(errmsg[0])
end
return peer_state_names[state] or "unknown", int_out[0]
end
function _M.set_timeouts(connect_timeout, send_timeout, read_timeout)
local r = get_request()
if not r then
error("no request found")
end
if not connect_timeout then
connect_timeout = 0
elseif type(connect_timeout) ~= "number" or connect_timeout <= 0 then
error("bad connect timeout", 2)
else
connect_timeout = connect_timeout * 1000
end
if not send_timeout then
send_timeout = 0
elseif type(send_timeout) ~= "number" or send_timeout <= 0 then
error("bad send timeout", 2)
else
send_timeout = send_timeout * 1000
end
if not read_timeout then
read_timeout = 0
elseif type(read_timeout) ~= "number" or read_timeout <= 0 then
error("bad read timeout", 2)
else
read_timeout = read_timeout * 1000
end
local rc
rc = ngx_lua_ffi_balancer_set_timeouts(r, connect_timeout,
send_timeout, read_timeout,
errmsg)
if rc == FFI_OK then
return true
end
return false, ffi_str(errmsg[0])
end
if subsystem == 'http' then
function _M.recreate_request()
local r = get_request()
if not r then
error("no request found")
end
local rc = C.ngx_http_lua_ffi_balancer_recreate_request(r, errmsg)
if rc == FFI_OK then
return true
end
if errmsg[0] ~= nil then
return nil, ffi_str(errmsg[0])
end
return nil, "failed to recreate the upstream request"
end
end
return _M

335
deps/src/lua-resty-core/lib/ngx/balancer.md vendored Normal file
View File

@@ -0,0 +1,335 @@
Name
====
ngx.balancer - Lua API for defining dynamic upstream balancers in Lua
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [http subsystem](#http-subsystem)
* [stream subsystem](#stream-subsystem)
* [Description](#description)
* [Methods](#methods)
* [set_current_peer](#set_current_peer)
* [set_more_tries](#set_more_tries)
* [get_last_failure](#get_last_failure)
* [set_timeouts](#set_timeouts)
* [recreate_request](#recreate_request)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
Synopsis
========
http subsystem
--------------
```nginx
http {
upstream backend {
server 0.0.0.1; # just an invalid address as a place holder
balancer_by_lua_block {
local balancer = require "ngx.balancer"
-- well, usually we calculate the peer's host and port
-- according to some balancing policies instead of using
-- hard-coded values like below
local host = "127.0.0.2"
local port = 8080
local ok, err = balancer.set_current_peer(host, port)
if not ok then
ngx.log(ngx.ERR, "failed to set the current peer: ", err)
return ngx.exit(500)
end
}
keepalive 10; # connection pool
}
server {
# this is the real entry point
listen 80;
location / {
# make use of the upstream named "backend" defined above:
proxy_pass http://backend/fake;
}
}
server {
# this server is just for mocking up a backend peer here...
listen 127.0.0.2:8080;
location = /fake {
echo "this is the fake backend peer...";
}
}
}
```
[Back to TOC](#table-of-contents)
stream subsystem
----------------
```nginx
stream {
upstream backend {
server 0.0.0.1:1234; # just an invalid address as a place holder
balancer_by_lua_block {
local balancer = require "ngx.balancer"
-- well, usually we calculate the peer's host and port
-- according to some balancing policies instead of using
-- hard-coded values like below
local host = "127.0.0.2"
local port = 8080
local ok, err = balancer.set_current_peer(host, port)
if not ok then
ngx.log(ngx.ERR, "failed to set the current peer: ", err)
return ngx.exit(ngx.ERROR)
end
}
}
server {
# this is the real entry point
listen 10000;
# make use of the upstream named "backend" defined above:
proxy_pass backend;
}
server {
# this server is just for mocking up a backend peer here...
listen 127.0.0.2:8080;
echo "this is the fake backend peer...";
}
}
```
[Back to TOC](#table-of-contents)
Description
===========
This Lua module provides API functions to allow defining highly dynamic NGINX load balancers for
any existing nginx upstream modules like [ngx_http_proxy_module](http://nginx.org/en/docs/http/ngx_http_proxy_module.html),
[ngx_http_fastcgi_module](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html) and
[ngx_stream_proxy_module](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html).
It allows you to dynamically select a backend peer to connect to (or retry) on a per-request
basis from a list of backend peers which may also be dynamic.
[Back to TOC](#table-of-contents)
Methods
=======
All the methods of this module are static (or module-level). That is, you do not need an object (or instance)
to call these methods.
[Back to TOC](#table-of-contents)
set_current_peer
----------------
**syntax:** *ok, err = balancer.set_current_peer(host, port)*
**context:** *balancer_by_lua&#42;*
Sets the peer address (host and port) for the current backend query (which may be a retry).
Domain names in `host` do not make sense. You need to use OpenResty libraries like
[lua-resty-dns](https://github.com/openresty/lua-resty-dns) to obtain IP address(es) from
all the domain names before entering the `balancer_by_lua*` handler (for example,
you can perform DNS lookups in an earlier phase like [access_by_lua*](https://github.com/openresty/lua-nginx-module#access_by_lua)
and pass the results to the `balancer_by_lua*` handler via [ngx.ctx](https://github.com/openresty/lua-nginx-module#ngxctx).
[Back to TOC](#table-of-contents)
set_more_tries
--------------
**syntax:** *ok, err = balancer.set_more_tries(count)*
**context:** *balancer_by_lua&#42;*
Sets the tries performed when the current attempt (which may be a retry) fails (as determined
by directives like [proxy_next_upstream](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream), depending on what
particular nginx uptream module you are currently using). Note that the current attempt is *excluded* in the `count` number set here.
Please note that, the total number of tries in a single downstream request cannot exceed the
hard limit configured by directives like [proxy_next_upstream_tries](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries),
depending on what concrete nginx upstream module you are using. When exceeding this limit,
the `count` value will get reduced to meet the limit and the second return value will be
the string `"reduced tries due to limit"`, which is a warning, while the first return value
is still a `true` value.
[Back to TOC](#table-of-contents)
get_last_failure
----------------
**syntax:** *state_name, status_code = balancer.get_last_failure()*
**context:** *balancer_by_lua&#42;*
Retrieves the failure details about the previous failed attempt (if any) when the `next_upstream` retrying
mechanism is in action. When there was indeed a failed previous attempt, it returned a string describing
that attempt's state name, as well as an integer describing the status code of that attempt.
Possible state names are as follows:
* `"next"`
Failures due to bad status codes sent from the backend server. The origin's response is same though, which means the backend connection
can still be reused for future requests.
* `"failed"`
Fatal errors while communicating to the backend server (like connection timeouts, connection resets, and etc). In this case,
the backend connection must be aborted and cannot get reused.
Possible status codes are those HTTP error status codes like `502` and `504`.
For stream module, `status_code` will always be 0 (ngx.OK) and is provided for compatibility reasons.
When the current attempt is the first attempt for the current downstream request (which means
there is no previous attempts at all), this
method always returns a single `nil` value.
[Back to TOC](#table-of-contents)
set_timeouts
------------
**syntax:** `ok, err = balancer.set_timeouts(connect_timeout, send_timeout, read_timeout)`
**context:** *balancer_by_lua&#42;*
Sets the upstream timeout (connect, send and read) in seconds for the current and any
subsequent backend requests (which might be a retry).
If you want to inherit the timeout value of the global `nginx.conf` configuration (like `proxy_connect_timeout`), then
just specify the `nil` value for the corresponding argument (like the `connect_timeout` argument).
Zero and negative timeout values are not allowed.
You can specify millisecond precision in the timeout values by using floating point numbers like 0.001 (which means 1ms).
**Note:** `send_timeout` and `read_timeout` are controlled by the same config
[`proxy_timeout`](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout)
for `ngx_stream_proxy_module`. To keep API compatibility, this function will use `max(send_timeout, read_timeout)`
as the value for setting `proxy_timeout`.
Returns `true` when the operation is successful; returns `nil` and a string describing the error
otherwise.
This only affects the current downstream request. It is not a global change.
For the best performance, you should use the [OpenResty](https://openresty.org/) bundle.
This function was first added in the `0.1.7` version of this library.
[Back to TOC](#table-of-contents)
recreate_request
----------------
**syntax:** `ok, err = balancer.recreate_request()`
**context:** *balancer_by_lua&#42;*
Recreates the request buffer for sending to the upstream server. This is useful, for example
if you want to change a request header field to the new upstream server on balancer retries.
Normally this does not work because the request buffer is created once during upstream module
initialization and won't be regenerated for subsequent retries. However you can use
`proxy_set_header My-Header $my_header` and set the `ngx.var.my_header` variable inside the
balancer phase. Calling `balancer.recreate_request()` after updating a header field will
cause the request buffer to be re-generated and the `My-Header` header will thus contain
the new value.
**Warning:** because the request buffer has to be recreated and such allocation occurs on the
request memory pool, the old buffer has to be thrown away and will only be freed after the request
finishes. Do not call this function too often or memory leaks may be noticeable. Even so, a call
to this function should be made **only** if you know the request buffer must be regenerated,
instead of unconditionally in each balancer retries.
This function was first added in the `0.1.20` version of this library.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Yichun Zhang &lt;agentzh@gmail.com&gt; (agentzh), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2015-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* the [balancer_by_lua*](https://github.com/openresty/lua-nginx-module#balancer_by_lua_block) directive.
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

89
deps/src/lua-resty-core/lib/ngx/base64.lua vendored Normal file
View File

@@ -0,0 +1,89 @@
-- Copyright (C) by Yichun Zhang (agentzh)
-- Copyright (C) by OpenResty Inc.
local ffi = require("ffi")
local base = require("resty.core.base")
local ffi_str = ffi.string
local type = type
local C = ffi.C
local NGX_ERROR = ngx.ERROR
local _M = { version = base.version }
ffi.cdef[[
typedef intptr_t ngx_int_t;
void ngx_encode_base64url(ngx_str_t *dst, ngx_str_t *src);
ngx_int_t ngx_decode_base64url(ngx_str_t *dst, ngx_str_t *src);
]]
local get_string_buf = base.get_string_buf
local dst_str_t = ffi.new("ngx_str_t[1]")
local src_str_t = ffi.new("ngx_str_t[1]")
local function base64_encoded_length(len)
return ((len + 2) / 3) * 4
end
local function base64_decoded_length(len)
return ((len + 3) / 4) * 3
end
function _M.encode_base64url(s)
if type(s) ~= "string" then
return nil, "must provide a string"
end
local len = #s
local trans_len = base64_encoded_length(len)
local src = src_str_t[0]
local dst = dst_str_t[0]
src.data = s
src.len = len
dst.data = get_string_buf(trans_len)
dst.len = trans_len
C.ngx_encode_base64url(dst_str_t, src_str_t)
return ffi_str(dst.data, dst.len)
end
function _M.decode_base64url(s)
if type(s) ~= "string" then
return nil, "must provide a string"
end
local len = #s
local trans_len = base64_decoded_length(len)
local src = src_str_t[0]
local dst = dst_str_t[0]
src.data = s
src.len = len
dst.data = get_string_buf(trans_len)
dst.len = trans_len
local ret = C.ngx_decode_base64url(dst_str_t, src_str_t)
if ret == NGX_ERROR then
return nil, "invalid input"
end
return ffi_str(dst.data, dst.len)
end
return _M

137
deps/src/lua-resty-core/lib/ngx/base64.md vendored Normal file
View File

@@ -0,0 +1,137 @@
Name
====
`ngx.base64` - urlsafe base64 encode/decode functions OpenResty/ngx\_lua.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Methods](#methods)
* [encode\_base64url](#encode_base64url)
* [decode\_base64url](#decode_base64url)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is production ready.
Synopsis
========
```lua
local b64 = require("ngx.base64")
local res, err
res = b64.encode_base64url("foo")
res, err = b64.decode_base64url(res)
if not res then
-- invalid input
ngx.log(ngx.ERR, err)
end
assert(res == "foo")
```
[Back to TOC](#table-of-contents)
Methods
=======
encode\_base64url
-----------------
**syntax:** *encoded = base64.encode_base64url(input)*
**context:** *any*
Encode `input` using base64url rules. Returns the encoded string.
[Back to TOC](#table-of-contents)
decode\_base64url
-----------------
**syntax:** *decoded, err = base64.decode_base64url(input)*
**context:** *any*
Decode `input` using base64url rules. Returns the decoded string.
If the `input` is not a valid base64url encoded string, `decoded `will be `nil`
and `err` will be a string describing the error.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Datong Sun &lt;datong@openresty.com&gt; (dndx), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

170
deps/src/lua-resty-core/lib/ngx/errlog.lua vendored Normal file
View File

@@ -0,0 +1,170 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
local ffi = require 'ffi'
local ffi_string = ffi.string
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local C = ffi.C
local new_tab = base.new_tab
local ffi_new = ffi.new
local charpp = ffi_new("char *[1]")
local intp = ffi.new("int[1]")
local num_value = ffi_new("double[1]")
local get_request = base.get_request
local tonumber = tonumber
local type = type
local error = error
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_errlog_set_filter_level
local ngx_lua_ffi_errlog_get_msg
local ngx_lua_ffi_errlog_get_sys_filter_level
local ngx_lua_ffi_raw_log
local _M = { version = base.version }
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_errlog_set_filter_level(int level, unsigned char *err,
size_t *errlen);
int ngx_http_lua_ffi_errlog_get_msg(char **log, int *loglevel,
unsigned char *err, size_t *errlen, double *log_time);
int ngx_http_lua_ffi_errlog_get_sys_filter_level(ngx_http_request_t *r);
int ngx_http_lua_ffi_raw_log(ngx_http_request_t *r, int level,
const unsigned char *s, size_t s_len);
]]
ngx_lua_ffi_errlog_set_filter_level =
C.ngx_http_lua_ffi_errlog_set_filter_level
ngx_lua_ffi_errlog_get_msg = C.ngx_http_lua_ffi_errlog_get_msg
ngx_lua_ffi_errlog_get_sys_filter_level =
C.ngx_http_lua_ffi_errlog_get_sys_filter_level
ngx_lua_ffi_raw_log = C.ngx_http_lua_ffi_raw_log
elseif subsystem == 'stream' then
ffi.cdef[[
int ngx_stream_lua_ffi_errlog_set_filter_level(int level, unsigned char *err,
size_t *errlen);
int ngx_stream_lua_ffi_errlog_get_msg(char **log, int *loglevel,
unsigned char *err, size_t *errlen, double *log_time);
int ngx_stream_lua_ffi_errlog_get_sys_filter_level(ngx_stream_lua_request_t *r);
int ngx_stream_lua_ffi_raw_log(ngx_stream_lua_request_t *r, int level,
const unsigned char *s, size_t s_len);
]]
ngx_lua_ffi_errlog_set_filter_level =
C.ngx_stream_lua_ffi_errlog_set_filter_level
ngx_lua_ffi_errlog_get_msg = C.ngx_stream_lua_ffi_errlog_get_msg
ngx_lua_ffi_errlog_get_sys_filter_level =
C.ngx_stream_lua_ffi_errlog_get_sys_filter_level
ngx_lua_ffi_raw_log = C.ngx_stream_lua_ffi_raw_log
end
local ERR_BUF_SIZE = 128
local FFI_ERROR = base.FFI_ERROR
function _M.set_filter_level(level)
if not level then
return nil, [[missing "level" argument]]
end
local err = get_string_buf(ERR_BUF_SIZE)
local errlen = get_size_ptr()
errlen[0] = ERR_BUF_SIZE
local rc = ngx_lua_ffi_errlog_set_filter_level(level, err, errlen)
if rc == FFI_ERROR then
return nil, ffi_string(err, errlen[0])
end
return true
end
function _M.get_logs(max, logs)
local err = get_string_buf(ERR_BUF_SIZE)
local errlen = get_size_ptr()
errlen[0] = ERR_BUF_SIZE
local log = charpp
local loglevel = intp
local log_time = num_value
max = max or 10
if not logs then
logs = new_tab(max * 3 + 1, 0)
end
local count = 0
for i = 1, max do
local loglen = ngx_lua_ffi_errlog_get_msg(log, loglevel, err, errlen,
log_time)
if loglen == FFI_ERROR then
return nil, ffi_string(err, errlen[0])
end
if loglen > 0 then
logs[count + 1] = loglevel[0]
logs[count + 2] = log_time[0]
logs[count + 3] = ffi_string(log[0], loglen)
count = count + 3
end
if loglen < 0 then -- no error log
logs[count + 1] = nil
break
end
if i == max then -- last one
logs[count + 1] = nil
break
end
end
return logs
end
function _M.get_sys_filter_level()
local r = get_request()
return tonumber(ngx_lua_ffi_errlog_get_sys_filter_level(r))
end
function _M.raw_log(level, msg)
if type(level) ~= "number" then
error("bad argument #1 to 'raw_log' (must be a number)", 2)
end
if type(msg) ~= "string" then
error("bad argument #2 to 'raw_log' (must be a string)", 2)
end
local r = get_request()
local rc = ngx_lua_ffi_raw_log(r, level, msg, #msg)
if rc == FFI_ERROR then
error("bad log level", 2)
end
end
return _M

429
deps/src/lua-resty-core/lib/ngx/errlog.md vendored Normal file
View File

@@ -0,0 +1,429 @@
Name
====
`ngx.errlog` - manage nginx error log data in Lua for OpenResty/ngx_lua.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Capturing nginx error logs with specified log filtering level](#capturing-nginx-error-logs-with-specified-log-filtering-level)
* [Methods](#methods)
* [set_filter_level](#set_filter_level)
* [get_logs](#get_logs)
* [get_sys_filter_level](#get_sys_filter_level)
* [raw_log](#raw_log)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
The API is still in flux and may change in the future without notice.
Synopsis
========
Capturing nginx error logs with specified log filtering level
-------------------------------------------------------------
```nginx
error_log logs/error.log info;
http {
# enable capturing error logs
lua_capture_error_log 32m;
init_by_lua_block {
local errlog = require "ngx.errlog"
local status, err = errlog.set_filter_level(ngx.WARN)
if not status then
ngx.log(ngx.ERR, err)
return
end
ngx.log(ngx.WARN, "set error filter level: WARN")
}
server {
# ...
location = /t {
content_by_lua_block {
local errlog = require "ngx.errlog"
ngx.log(ngx.INFO, "test1")
ngx.log(ngx.WARN, "test2")
ngx.log(ngx.ERR, "test3")
local logs, err = errlog.get_logs(10)
if not logs then
ngx.say("FAILED ", err)
return
end
for i = 1, #logs, 3 do
ngx.say("level: ", logs[i], " time: ", logs[i + 1],
" data: ", logs[i + 2])
end
}
}
}
}
```
The example location above produces a response like this:
```
level: 5 time: 1498546995.304 data: 2017/06/27 15:03:15 [warn] 46877#0:
[lua] init_by_lua:8: set error filter level: WARN
level: 5 time: 1498546999.178 data: 2017/06/27 15:03:19 [warn] 46879#0: *1
[lua] test.lua:5: test2, client: 127.0.0.1, server: localhost, ......
level: 4 time: 1498546999.178 data: 2017/06/27 15:03:19 [error] 46879#0: *1
[lua] test.lua:6: test3, client: 127.0.0.1, server: localhost, ......
```
[Back to TOC](#table-of-contents)
Methods
=======
set_filter_level
-----------------
**syntax:** *status, err = log_module.set_filter_level(log_level)*
**context:** *init_by_lua&#42;*
Specifies the filter log level, only to capture and buffer the error logs with a log level
no lower than the specified level.
If we don't call this API, all of the error logs will be captured by default.
In case of error, `nil` will be returned as well as a string describing the
error.
This API should always work with directive
[lua_capture_error_log](https://github.com/openresty/lua-nginx-module#lua_capture_error_log).
See [Nginx log level constants](https://github.com/openresty/lua-nginx-module#nginx-log-level-constants) for all nginx log levels.
For example,
```lua
init_by_lua_block {
local errlog = require "ngx.errlog"
errlog.set_filter_level(ngx.WARN)
}
```
*NOTE:* The debugging logs since when OpenResty or NGINX is not built with `--with-debug`, all the debug level logs are suppressed regardless.
[Back to TOC](#table-of-contents)
get_logs
--------
**syntax:** *res, err = log_module.get_logs(max?, res?)*
**context:** *any*
Fetches the captured nginx error log messages if any in the global data buffer
specified by `ngx_lua`'s
[lua_capture_error_log](https://github.com/openresty/lua-nginx-module#lua_capture_error_log)
directive. Upon return, this Lua function also *removes* those messages from
that global capturing buffer to make room for future new error log data.
In case of error, `nil` will be returned as well as a string describing the
error.
The optional `max` argument is a number that when specified, will prevent
`errlog.get_logs` from adding more than `max` messages to the `res` array.
```lua
for i = 1, 20 do
ngx.log(ngx.ERR, "test")
end
local errlog = require "ngx.errlog"
local res = errlog.get_logs(10)
-- the number of messages in the `res` table is 10 and the `res` table
-- has 30 elements.
```
The resulting table has the following structure:
```lua
{ level1, time1, msg1, level2, time2, msg2, ... }
```
The `levelX` values are constants defined below:
https://github.com/openresty/lua-nginx-module/#nginx-log-level-constants
The `timeX` values are UNIX timestamps in seconds with millisecond precision. The sub-second part is presented as the decimal part.
The time format is exactly the same as the value returned by [ngx.now](https://github.com/openresty/lua-nginx-module/#ngxnow). It is
also subject to NGINX core's time caching.
The `msgX` values are the error log message texts.
So to traverse this array, the user can use a loop like this:
```lua
for i = 1, #res, 3 do
local level = res[i]
if not level then
break
end
local time = res[i + 1]
local msg = res[i + 2]
-- handle the current message with log level in `level`,
-- log time in `time`, and log message body in `msg`.
end
```
Specifying `max <= 0` disables this behavior, meaning that the number of
results won't be limited.
The optional 2th argument `res` can be a user-supplied Lua table
to hold the result instead of creating a brand new table. This can avoid
unnecessary table dynamic allocations on hot Lua code paths. It is used like this:
```lua
local errlog = require "ngx.errlog"
local new_tab = require "table.new"
local buffer = new_tab(100 * 3, 0) -- for 100 messages
local errlog = require "ngx.errlog"
local res, err = errlog.get_logs(0, buffer)
if res then
-- res is the same table as `buffer`
for i = 1, #res, 3 do
local level = res[i]
if not level then
break
end
local time = res[i + 1]
local msg = res[i + 2]
...
end
end
```
When provided with a `res` table, `errlog.get_logs` won't clear the table
for performance reasons, but will rather insert a trailing `nil` value
after the last table element.
When the trailing `nil` is not enough for your purpose, you should
clear the table yourself before feeding it into the `errlog.get_logs` function.
[Back to TOC](#table-of-contents)
get_sys_filter_level
--------------------
**syntax:** *log_level = log_module.get_sys_filter_level()*
**context:** *any*
Return the nginx core's error log filter level (defined via the [error_log](http://nginx.org/r/error_log)
configuration directive in `nginx.conf`) as an integer value matching the nginx error log level
constants documented below:
https://github.com/openresty/lua-nginx-module/#nginx-log-level-constants
For example:
```lua
local errlog = require "ngx.errlog"
local log_level = errlog.get_sys_filter_level()
-- Now the filter level is always one level higher than system default log level on priority
local status, err = errlog.set_filter_level(log_level - 1)
if not status then
ngx.log(ngx.ERR, err)
return
end
```
[Back to TOC](#table-of-contents)
raw_log
-------
**syntax:** *log_module.raw_log(log_level, msg)*
**context:** *any*
Log `msg` to the error logs with the given logging level.
Just like the [ngx.log](https://github.com/openresty/lua-nginx-module#ngxlog)
API, the `log_level` argument can take constants like `ngx.ERR` and `ngx.WARN`.
Check out [Nginx log level constants for
details.](https://github.com/openresty/lua-nginx-module#nginx-log-level-constants)
However, unlike the `ngx.log` API which accepts variadic arguments, this
function only accepts a single string as its second argument `msg`.
This function differs from `ngx.log` in the way that it will not prefix the
written logs with any sort of debug information (such as the caller's file
and line number).
For example, while `ngx.log` would produce
```
2017/07/09 19:36:25 [notice] 25932#0: *1 [lua] content_by_lua(nginx.conf:51):5: hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
```
from
```lua
ngx.log(ngx.NOTICE, "hello world")
```
the `errlog.raw_log()` call produces
```
2017/07/09 19:36:25 [notice] 25932#0: *1 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
```
from
```lua
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.NOTICE, "hello world")
```
This function is best suited when the format and/or stack level of the debug
information proposed by `ngx.log` is not desired. A good example of this would
be a custom logging function which prefixes each log with a namespace in
an application:
```
1. local function my_log(lvl, ...)
2. ngx.log(lvl, "[prefix] ", ...)
3. end
4.
5. my_log(ngx.ERR, "error")
```
Here, the produced log would indicate that this error was logged at line `2.`,
when in reality, we wish the investigator of that log to realize it was logged
at line `5.` right away.
For such use cases (or other formatting reasons), one may use `raw_log` to
create a logging utility that supports such requirements. Here is a suggested
implementation:
```lua
local errlog = require "ngx.errlog"
local function my_log(lvl, ...)
-- log to error logs with our custom prefix, stack level
-- and separator
local n = select("#", ...)
local t = { ... }
local info = debug.getinfo(2, "Sl")
local prefix = string.format("(%s):%d:", info.short_src, info.currentline)
local buf = { prefix }
for i = 1, n do
buf[i + 1] = tostring(t[i])
end
local msg = table.concat(buf, " ")
errlog.raw_log(lvl, msg) -- line 19.
end
local function my_function()
-- do something and log
my_log(ngx.ERR, "hello from", "raw_log:", true) -- line 25.
end
my_function()
```
This utility function will produce the following log, explicitly stating that
the error was logged on line `25.`:
```
2017/07/09 20:03:07 [error] 26795#0: *2 (/path/to/file.lua):25: hello from raw_log: true, context: ngx.timer
```
As a reminder to the reader, one must be wary of the cost of string
concatenation on the Lua land, and should prefer the combined use of a buffer
table and `table.concat` to avoid unnecessary GC pressure.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Yuansheng Wang &lt;membphis@gmail.com&gt; (membphis), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

150
deps/src/lua-resty-core/lib/ngx/ocsp.lua vendored Normal file
View File

@@ -0,0 +1,150 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
base.allows_subsystem('http')
local ffi = require "ffi"
local C = ffi.C
local ffi_str = ffi.string
local get_request = base.get_request
local error = error
local tonumber = tonumber
local errmsg = base.get_errmsg_ptr()
local get_string_buf = base.get_string_buf
local get_string_buf_size = base.get_string_buf_size
local get_size_ptr = base.get_size_ptr
local FFI_DECLINED = base.FFI_DECLINED
local FFI_OK = base.FFI_OK
local FFI_BUSY = base.FFI_BUSY
ffi.cdef[[
int ngx_http_lua_ffi_ssl_get_ocsp_responder_from_der_chain(
const char *chain_data, size_t chain_len, char *out, size_t *out_size,
char **err);
int ngx_http_lua_ffi_ssl_create_ocsp_request(const char *chain_data,
size_t chain_len, unsigned char *out, size_t *out_size, char **err);
int ngx_http_lua_ffi_ssl_validate_ocsp_response(const unsigned char *resp,
size_t resp_len, const char *chain_data, size_t chain_len,
unsigned char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
const unsigned char *resp, size_t resp_len, char **err);
]]
local _M = { version = base.version }
function _M.get_ocsp_responder_from_der_chain(certs, maxlen)
local buf_size = maxlen
if not buf_size then
buf_size = get_string_buf_size()
end
local buf = get_string_buf(buf_size)
local sizep = get_size_ptr()
sizep[0] = buf_size
local rc = C.ngx_http_lua_ffi_ssl_get_ocsp_responder_from_der_chain(certs,
#certs, buf, sizep, errmsg)
if rc == FFI_DECLINED then
return nil
end
if rc == FFI_OK then
return ffi_str(buf, sizep[0])
end
if rc == FFI_BUSY then
return ffi_str(buf, sizep[0]), "truncated"
end
return nil, ffi_str(errmsg[0])
end
function _M.create_ocsp_request(certs, maxlen)
local buf_size = maxlen
if not buf_size then
buf_size = get_string_buf_size()
end
local buf = get_string_buf(buf_size)
local sizep = get_size_ptr()
sizep[0] = buf_size
local rc = C.ngx_http_lua_ffi_ssl_create_ocsp_request(certs,
#certs, buf, sizep,
errmsg)
if rc == FFI_OK then
return ffi_str(buf, sizep[0])
end
if rc == FFI_BUSY then
return nil, ffi_str(errmsg[0]) .. ": " .. tonumber(sizep[0])
.. " > " .. buf_size
end
return nil, ffi_str(errmsg[0])
end
function _M.validate_ocsp_response(resp, chain, max_errmsg_len)
local errbuf_size = max_errmsg_len
if not errbuf_size then
errbuf_size = get_string_buf_size()
end
local errbuf = get_string_buf(errbuf_size)
local sizep = get_size_ptr()
sizep[0] = errbuf_size
local rc = C.ngx_http_lua_ffi_ssl_validate_ocsp_response(
resp, #resp, chain, #chain, errbuf, sizep)
if rc == FFI_OK then
return true
end
-- rc == FFI_ERROR
return nil, ffi_str(errbuf, sizep[0])
end
function _M.set_ocsp_status_resp(ocsp_resp)
local r = get_request()
if not r then
error("no request found")
end
local rc = C.ngx_http_lua_ffi_ssl_set_ocsp_status_resp(r, ocsp_resp,
#ocsp_resp,
errmsg)
if rc == FFI_DECLINED then
-- no client status req
return true, "no status req"
end
if rc == FFI_OK then
return true
end
-- rc == FFI_ERROR
return nil, ffi_str(errmsg[0])
end
return _M

298
deps/src/lua-resty-core/lib/ngx/ocsp.md vendored Normal file
View File

@@ -0,0 +1,298 @@
Name
====
ngx.ocsp - Lua API for implementing OCSP stapling in ssl_certificate_by_lua*
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [get_ocsp_responder_from_der_chain](#get_ocsp_responder_from_der_chain)
* [create_ocsp_request](#create_ocsp_request)
* [validate_ocsp_response](#validate_ocsp_response)
* [set_ocsp_status_resp](#set_ocsp_status_resp)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
Synopsis
========
```nginx
# Note: you do not need the following line if you are using
# OpenResty 1.9.7.2+.
lua_package_path "/path/to/lua-resty-core/lib/?.lua;;";
server {
listen 443 ssl;
server_name test.com;
# useless placeholders: just to shut up NGINX configuration
# loader errors:
ssl_certificate /path/to/fallback.crt;
ssl_certificate_key /path/to/fallback.key;
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
local ocsp = require "ngx.ocsp"
local http = require "resty.http.simple"
-- assuming the user already defines the my_load_certificate_chain()
-- herself.
local pem_cert_chain = assert(my_load_certificate_chain())
local der_cert_chain, err = ssl.cert_pem_to_der(pem_cert_chain)
if not der_cert_chain then
ngx.log(ngx.ERR, "failed to convert certificate chain ",
"from PEM to DER: ", err)
return ngx.exit(ngx.ERROR)
end
local ocsp_url, err = ocsp.get_ocsp_responder_from_der_chain(der_cert_chain)
if not ocsp_url then
ngx.log(ngx.ERR, "failed to get OCSP responder: ", err)
return ngx.exit(ngx.ERROR)
end
print("ocsp_url: ", ocsp_url)
-- use cosocket-based HTTP client libraries like lua-resty-http-simple
-- to send the request (url + ocsp_req as POST params or URL args) to
-- CA's OCSP server. assuming the server returns the OCSP response
-- in the Lua variable, resp.
local schema, host, port, ocsp_uri, err = parse_url(ocsp_url)
local ocsp_req, err = ocsp.create_ocsp_request(der_cert_chain)
if not ocsp_req then
ngx.log(ngx.ERR, "failed to create OCSP request: ", err)
return ngx.exit(ngx.ERROR)
end
local res, err = http.request(host, port, {
path = ocsp_uri,
headers = { Host = host,
["Content-Type"] = "application/ocsp-request" },
timeout = 10000, -- 10 sec
method = "POST",
body = ocsp_req,
maxsize = 102400, -- 100KB
})
if not res then
ngx.log(ngx.ERR, "OCSP responder query failed: ", err)
return ngx.exit(ngx.ERROR)
end
local http_status = res.status
if http_status ~= 200 then
ngx.log(ngx.ERR, "OCSP responder returns bad HTTP status code ",
http_status)
return ngx.exit(ngx.ERROR)
end
local ocsp_resp = res.body
if ocsp_resp and #ocsp_resp > 0 then
local ok, err = ocsp.validate_ocsp_response(ocsp_resp, der_cert_chain)
if not ok then
ngx.log(ngx.ERR, "failed to validate OCSP response: ", err)
return ngx.exit(ngx.ERROR)
end
-- set the OCSP stapling
ok, err = ocsp.set_ocsp_status_resp(ocsp_resp)
if not ok then
ngx.log(ngx.ERR, "failed to set ocsp status resp: ", err)
return ngx.exit(ngx.ERROR)
end
end
}
location / {
root html;
}
}
```
Description
===========
This Lua module provides API to perform OCSP queries, OCSP response validations, and
OCSP stapling planting.
Usually, this module is used together with the [ngx.ssl](ssl.md) module in the
context of [ssl_certificate_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_certificate_by_lua_block)
(of the [ngx_lua](https://github.com/openresty/lua-nginx-module#readme) module).
To load the `ngx.ocsp` module in Lua, just write
```lua
local ocsp = require "ngx.ocsp"
```
[Back to TOC](#table-of-contents)
Methods
=======
get_ocsp_responder_from_der_chain
---------------------------------
**syntax:** *ocsp_url, err = ocsp.get_ocsp_responder_from_der_chain(der_cert_chain, max_len)*
**context:** *any*
Extracts the OCSP responder URL (like `"http://test.com/ocsp/"`) from the SSL server certificate chain in the DER format.
Usually the SSL server certificate chain is originally formatted in PEM. You can use the Lua API
provided by the [ngx.ssl](ssl.md) module to do the PEM to DER conversion.
The optional `max_len` argument specifies the maximum length of OCSP URL allowed. This determines
the buffer size; so do not specify an unnecessarily large value here. It defaults to the internal
string buffer size used throughout this `lua-resty-core` library (usually default to 4KB).
In case of failures, returns `nil` and a string describing the error.
[Back to TOC](#table-of-contents)
create_ocsp_request
-------------------
**syntax:** *ocsp_req, err = ocsp.create_ocsp_request(der_cert_chain, max_len)*
**context:** *any*
Builds an OCSP request from the SSL server certificate chain in the DER format, which
can be used to send to the OCSP server for validation.
The optional `max_len` argument specifies the maximum length of the OCSP request allowed.
This value determines the size of the internal buffer allocated, so do not specify an
unnecessarily large value here. It defaults to the internal string buffer size used
throughout this `lua-resty-core` library (usually defaults to 4KB).
In case of failures, returns `nil` and a string describing the error.
The raw OCSP response data can be used as the request body directly if the POST method
is used for the OCSP request. But for GET requests, you need to do base64 encoding and
then URL encoding on the data yourself before appending it to the OCSP URL obtained
by the [get_ocsp_responder_from_der_chain](#get_ocsp_responder_from_der_chain) function.
[Back to TOC](#table-of-contents)
validate_ocsp_response
----------------------
**syntax:** *ok, err = ocsp.validate_ocsp_response(ocsp_resp, der_cert_chain, max_err_msg_len)*
**context:** *any*
Validates the raw OCSP response data specified by the `ocsp_resp` argument using the SSL
server certificate chain in DER format as specified in the `der_cert_chain` argument.
Returns true when the validation is successful.
In case of failures, returns `nil` and a string
describing the failure. The maximum
length of the error string is controlled by the optional `max_err_msg` argument (which defaults
to the default internal string buffer size used throughout this `lua-resty-core` library, usually
being 4KB).
[Back to TOC](#table-of-contents)
set_ocsp_status_resp
--------------------
**syntax:** *ok, err = ocsp.set_ocsp_status_resp(ocsp_resp)*
**context:** *ssl_certificate_by_lua&#42;*
Sets the OCSP response as the OCSP stapling for the current SSL connection.
Returns `true` in case of successes. If the SSL client does not send a "status request"
at all, then this method still returns `true` but also with a string as the warning
`"no status req"`.
In case of failures, returns `nil` and a string describing the error.
The OCSP response is returned from CA's OCSP server. See the [create_ocsp_request](#create_ocsp_request)
function for how to create an OCSP request and also [validate_ocsp_response](#validate_ocsp_response)
for how to validate the OCSP response.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Yichun Zhang &lt;agentzh@gmail.com&gt; (agentzh), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2015-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* the [ngx.ssl](ssl.md) module.
* the [ssl_certificate_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_certificate_by_lua_block) directive.
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

643
deps/src/lua-resty-core/lib/ngx/pipe.lua vendored Normal file
View File

@@ -0,0 +1,643 @@
-- Copyright (C) by OpenResty Inc.
local base = require "resty.core.base"
base.allows_subsystem("http")
require "resty.core.phase" -- for ngx.get_phase
local assert = assert
local error = error
local ipairs = ipairs
local tonumber = tonumber
local tostring = tostring
local type = type
local str_find = string.find
local table_concat = table.concat
local ffi = require "ffi"
local C = ffi.C
local ffi_new = ffi.new
local ffi_str = ffi.string
local ngx_phase = ngx.get_phase
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local get_request = base.get_request
local FFI_AGAIN = base.FFI_AGAIN
local FFI_BAD_CONTEXT = base.FFI_BAD_CONTEXT
local FFI_DECLINED = base.FFI_DECLINED
local FFI_ERROR = base.FFI_ERROR
local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX
local FFI_OK = base.FFI_OK
local co_yield = coroutine._yield
ffi.cdef[[
typedef int ngx_pid_t;
typedef uintptr_t ngx_msec_t;
typedef unsigned char u_char;
typedef struct ngx_http_lua_pipe_s ngx_http_lua_pipe_t;
typedef struct {
ngx_pid_t _pid;
ngx_msec_t write_timeout;
ngx_msec_t stdout_read_timeout;
ngx_msec_t stderr_read_timeout;
ngx_msec_t wait_timeout;
ngx_http_lua_pipe_t *pipe;
} ngx_http_lua_ffi_pipe_proc_t;
int ngx_http_lua_ffi_pipe_spawn(ngx_http_lua_ffi_pipe_proc_t *proc,
const char *file, const char **argv, int merge_stderr, size_t buffer_size,
const char **environ, u_char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_proc_read(ngx_http_request_t *r,
ngx_http_lua_ffi_pipe_proc_t *proc, int from_stderr, int reader_type,
size_t length, u_char **buf, size_t *buf_size, u_char *errbuf,
size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_get_read_result(ngx_http_request_t *r,
ngx_http_lua_ffi_pipe_proc_t *proc, int from_stderr, u_char **buf,
size_t *buf_size, u_char *errbuf, size_t *errbuf_size);
ssize_t ngx_http_lua_ffi_pipe_proc_write(ngx_http_request_t *r,
ngx_http_lua_ffi_pipe_proc_t *proc, const u_char *data, size_t len,
u_char *errbuf, size_t *errbuf_size);
ssize_t ngx_http_lua_ffi_pipe_get_write_result(ngx_http_request_t *r,
ngx_http_lua_ffi_pipe_proc_t *proc, u_char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_proc_shutdown_stdin(
ngx_http_lua_ffi_pipe_proc_t *proc, u_char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_proc_shutdown_stdout(
ngx_http_lua_ffi_pipe_proc_t *proc, u_char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_proc_shutdown_stderr(
ngx_http_lua_ffi_pipe_proc_t *proc, u_char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_proc_wait(ngx_http_request_t *r,
ngx_http_lua_ffi_pipe_proc_t *proc, char **reason, int *status,
u_char *errbuf, size_t *errbuf_size);
int ngx_http_lua_ffi_pipe_proc_kill(ngx_http_lua_ffi_pipe_proc_t *proc,
int signal, u_char *errbuf, size_t *errbuf_size);
void ngx_http_lua_ffi_pipe_proc_destroy(ngx_http_lua_ffi_pipe_proc_t *proc);
]]
if not pcall(function() return C.ngx_http_lua_ffi_pipe_spawn end) then
error("pipe API is not supported due to either a platform issue " ..
"or lack of the HAVE_SOCKET_CLOEXEC_PATCH patch", 2)
end
local _M = { version = base.version }
local ERR_BUF_SIZE = 256
local VALUE_BUF_SIZE = 512
local PIPE_READ_ALL = 0
local PIPE_READ_BYTES = 1
local PIPE_READ_LINE = 2
local PIPE_READ_ANY = 3
local proc_set_timeouts
do
local MAX_TIMEOUT = 0xffffffff
function proc_set_timeouts(proc, write_timeout, stdout_read_timeout,
stderr_read_timeout, wait_timeout)
-- the implementation below is straightforward but could not be JIT
-- compiled by the latest LuaJIT. When called in loops, LuaJIT will try
-- to unroll it, and fall back to interpreter after it reaches the
-- unroll limit.
--[[
local function set_timeout(proc, attr, timeout)
if timeout then
if timeout > MAX_TIMEOUT then
error("bad timeout value", 3)
end
proc[attr] = timeout
end
end
set_timeout(...)
]]
if write_timeout then
if write_timeout < 0 or MAX_TIMEOUT < write_timeout then
error("bad write_timeout option", 3)
end
proc.write_timeout = write_timeout
end
if stdout_read_timeout then
if stdout_read_timeout < 0 or MAX_TIMEOUT < stdout_read_timeout then
error("bad stdout_read_timeout option", 3)
end
proc.stdout_read_timeout = stdout_read_timeout
end
if stderr_read_timeout then
if stderr_read_timeout < 0 or MAX_TIMEOUT < stderr_read_timeout then
error("bad stderr_read_timeout option", 3)
end
proc.stderr_read_timeout = stderr_read_timeout
end
if wait_timeout then
if wait_timeout < 0 or MAX_TIMEOUT < wait_timeout then
error("bad wait_timeout option", 3)
end
proc.wait_timeout = wait_timeout
end
end
end
local function check_proc_instance(proc)
if type(proc) ~= "cdata" then
error("not a process instance", 3)
end
end
local proc_read
do
local value_buf = ffi_new("char[?]", VALUE_BUF_SIZE)
local buf = ffi_new("char *[1]")
local buf_size = ffi_new("size_t[1]")
function proc_read(proc, stderr, reader_type, len)
check_proc_instance(proc)
local r = get_request()
if not r then
error("no request found")
end
buf[0] = value_buf
buf_size[0] = VALUE_BUF_SIZE
local errbuf = get_string_buf(ERR_BUF_SIZE)
local errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_pipe_proc_read(r, proc, stderr,
reader_type, len, buf,
buf_size, errbuf,
errbuf_size)
if rc == FFI_NO_REQ_CTX then
error("no request ctx found")
end
if rc == FFI_BAD_CONTEXT then
error(ffi_str(errbuf, errbuf_size[0]), 2)
end
while true do
if rc == FFI_ERROR then
return nil, ffi_str(errbuf, errbuf_size[0])
end
if rc == FFI_OK then
local p = buf[0]
if p ~= value_buf then
p = ffi_new("char[?]", buf_size[0])
buf[0] = p
C.ngx_http_lua_ffi_pipe_get_read_result(r, proc, stderr,
buf, buf_size,
errbuf, errbuf_size)
assert(p == buf[0])
end
return ffi_str(p, buf_size[0])
end
if rc == FFI_DECLINED then
local err = ffi_str(errbuf, errbuf_size[0])
local p = buf[0]
if p ~= value_buf then
p = ffi_new("char[?]", buf_size[0])
buf[0] = p
C.ngx_http_lua_ffi_pipe_get_read_result(r, proc, stderr,
buf, buf_size,
errbuf, errbuf_size)
assert(p == buf[0])
end
local partial = ffi_str(p, buf_size[0])
return nil, err, partial
end
assert(rc == FFI_AGAIN)
co_yield()
buf[0] = value_buf
buf_size[0] = VALUE_BUF_SIZE
errbuf = get_string_buf(ERR_BUF_SIZE)
errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
rc = C.ngx_http_lua_ffi_pipe_get_read_result(r, proc, stderr, buf,
buf_size, errbuf,
errbuf_size)
end
end
end
local function proc_write(proc, data)
check_proc_instance(proc)
local r = get_request()
if not r then
error("no request found", 2)
end
local data_type = type(data)
if data_type ~= "string" then
if data_type == "table" then
data = table_concat(data, "")
elseif data_type == "number" then
data = tostring(data)
else
error("bad data arg: string, number, or table expected, got "
.. data_type, 2)
end
end
local errbuf = get_string_buf(ERR_BUF_SIZE)
local errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_pipe_proc_write(r, proc, data, #data, errbuf,
errbuf_size)
if rc == FFI_NO_REQ_CTX then
error("no request ctx found", 2)
end
if rc == FFI_BAD_CONTEXT then
error(ffi_str(errbuf, errbuf_size[0]), 2)
end
while true do
if rc == FFI_ERROR then
return nil, ffi_str(errbuf, errbuf_size[0])
end
if rc >= 0 then
-- rc holds the bytes sent
return tonumber(rc)
end
assert(rc == FFI_AGAIN)
co_yield()
errbuf = get_string_buf(ERR_BUF_SIZE)
errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
rc = C.ngx_http_lua_ffi_pipe_get_write_result(r, proc, errbuf,
errbuf_size)
end
end
local function proc_shutdown(proc, direction)
check_proc_instance(proc)
local rc
local errbuf = get_string_buf(ERR_BUF_SIZE)
local errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
if direction == "stdin" then
rc = C.ngx_http_lua_ffi_pipe_proc_shutdown_stdin(proc, errbuf,
errbuf_size)
elseif direction == "stdout" then
rc = C.ngx_http_lua_ffi_pipe_proc_shutdown_stdout(proc, errbuf,
errbuf_size)
elseif direction == "stderr" then
rc = C.ngx_http_lua_ffi_pipe_proc_shutdown_stderr(proc, errbuf,
errbuf_size)
else
error("bad shutdown arg: " .. direction, 2)
end
if rc == FFI_ERROR then
return nil, ffi_str(errbuf, errbuf_size[0])
end
return true
end
local proc_wait
do
local reason = ffi_new("char *[1]")
local status = ffi_new("int[1]")
function proc_wait(proc)
check_proc_instance(proc)
local r = get_request()
if not r then
error("no request found", 2)
end
local errbuf = get_string_buf(ERR_BUF_SIZE)
local errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_pipe_proc_wait(r, proc, reason, status,
errbuf, errbuf_size)
if rc == FFI_NO_REQ_CTX then
error("no request ctx found", 2)
end
if rc == FFI_BAD_CONTEXT then
error(ffi_str(errbuf, errbuf_size[0]), 2)
end
if rc == FFI_ERROR then
return nil, ffi_str(errbuf, errbuf_size[0])
end
if rc == FFI_OK then
return true, ffi_str(reason[0]), tonumber(status[0])
end
if rc == FFI_DECLINED then
return false, ffi_str(reason[0]), tonumber(status[0])
end
local ok, exit_reason, exit_status
ok, exit_reason, exit_status = co_yield()
return ok, exit_reason, exit_status
end
end
local function proc_kill(proc, signal)
check_proc_instance(proc)
if type(signal) ~= "number" then
error("bad signal arg: number expected, got " .. tostring(signal), 2)
end
local errbuf = get_string_buf(ERR_BUF_SIZE)
local errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_pipe_proc_kill(proc, signal, errbuf,
errbuf_size)
if rc == FFI_ERROR then
return nil, ffi_str(errbuf, errbuf_size[0])
end
return true
end
local mt = {
__gc = C.ngx_http_lua_ffi_pipe_proc_destroy,
__index = {
pid = function (proc)
return proc._pid
end,
set_timeouts = function (proc, write_timeout, stdout_read_timeout,
stderr_read_timeout, wait_timeout)
proc_set_timeouts(proc, write_timeout, stdout_read_timeout,
stderr_read_timeout, wait_timeout)
end,
stdout_read_all = function (proc)
local data, err, partial = proc_read(proc, 0, PIPE_READ_ALL, 0)
return data, err, partial
end,
stdout_read_bytes = function (proc, len)
if len <= 0 then
if len < 0 then
error("bad len argument", 2)
end
return ""
end
local data, err, partial = proc_read(proc, 0, PIPE_READ_BYTES, len)
return data, err, partial
end,
stdout_read_line = function (proc)
local data, err, partial = proc_read(proc, 0, PIPE_READ_LINE, 0)
return data, err, partial
end,
stdout_read_any = function (proc, max)
if type(max) ~= "number" then
max = tonumber(max)
end
if not max or max <= 0 then
error("bad max argument", 2)
end
local data, err, partial = proc_read(proc, 0, PIPE_READ_ANY, max)
return data, err, partial
end,
stderr_read_all = function (proc)
local data, err, partial = proc_read(proc, 1, PIPE_READ_ALL, 0)
return data, err, partial
end,
stderr_read_bytes = function (proc, len)
if len <= 0 then
if len < 0 then
error("bad len argument", 2)
end
return ""
end
local data, err, partial = proc_read(proc, 1, PIPE_READ_BYTES, len)
return data, err, partial
end,
stderr_read_line = function (proc)
local data, err, partial = proc_read(proc, 1, PIPE_READ_LINE, 0)
return data, err, partial
end,
stderr_read_any = function (proc, max)
if type(max) ~= "number" then
max = tonumber(max)
end
if not max or max <= 0 then
error("bad max argument", 2)
end
local data, err, partial = proc_read(proc, 1, PIPE_READ_ANY, max)
return data, err, partial
end,
write = proc_write,
shutdown = proc_shutdown,
wait = proc_wait,
kill = proc_kill,
}
}
local Proc = ffi.metatype("ngx_http_lua_ffi_pipe_proc_t", mt)
local pipe_spawn
do
local sh_exe = "/bin/sh"
local opt_c = "-c"
local shell_args = ffi_new("const char* [?]", 4)
shell_args[0] = sh_exe
shell_args[1] = opt_c
shell_args[3] = nil
local write_timeout = 10000
local stdout_read_timeout = 10000
local stderr_read_timeout = 10000
local wait_timeout = 10000
-- reference shell cmd's constant strings here to prevent them from getting
-- collected by the Lua GC.
_M._gc_ref_c_opt = opt_c
function pipe_spawn(args, opts)
if ngx_phase() == "init" then
error("API disabled in the current context", 2)
end
local exe
local proc_args
local proc_envs
local args_type = type(args)
if args_type == "table" then
local nargs = 0
for i, arg in ipairs(args) do
nargs = nargs + 1
if type(arg) ~= "string" then
args[i] = tostring(arg)
end
end
if nargs == 0 then
error("bad args arg: non-empty table expected", 2)
end
exe = args[1]
proc_args = ffi_new("const char* [?]", nargs + 1, args)
proc_args[nargs] = nil
elseif args_type == "string" then
exe = sh_exe
shell_args[2] = args
proc_args = shell_args
else
error("bad args arg: table expected, got " .. args_type, 2)
end
local merge_stderr = 0
local buffer_size = 4096
local proc = Proc()
if opts then
merge_stderr = opts.merge_stderr and 1 or 0
if opts.buffer_size then
buffer_size = tonumber(opts.buffer_size)
if not buffer_size or buffer_size < 1 then
error("bad buffer_size option", 2)
end
end
if opts.environ then
local environ = opts.environ
local environ_type = type(environ)
if environ_type ~= "table" then
error("bad environ option: table expected, got " ..
environ_type, 2)
end
local nenv = 0
for i, env in ipairs(environ) do
nenv = nenv + 1
local env_type = type(env)
if env_type ~= "string" then
error("bad value at index " .. i .. " of environ " ..
"option: string expected, got " .. env_type, 2)
end
if not str_find(env, "=", 2, true) then
error("bad value at index " .. i .. " of environ " ..
"option: 'name=[value]' format expected, got '" ..
env .. "'", 2)
end
end
if nenv > 0 then
proc_envs = ffi_new("const char* [?]", nenv + 1, environ)
proc_envs[nenv] = nil
end
end
proc_set_timeouts(proc,
opts.write_timeout or write_timeout,
opts.stdout_read_timeout or stdout_read_timeout,
opts.stderr_read_timeout or stderr_read_timeout,
opts.wait_timeout or wait_timeout)
else
proc_set_timeouts(proc,
write_timeout,
stdout_read_timeout,
stderr_read_timeout,
wait_timeout)
end
local errbuf = get_string_buf(ERR_BUF_SIZE)
local errbuf_size = get_size_ptr()
errbuf_size[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_pipe_spawn(proc, exe, proc_args,
merge_stderr, buffer_size,
proc_envs, errbuf, errbuf_size)
if rc == FFI_ERROR then
return nil, ffi_str(errbuf, errbuf_size[0])
end
return proc
end
end -- do
_M.spawn = pipe_spawn
return _M

584
deps/src/lua-resty-core/lib/ngx/pipe.md vendored Normal file
View File

@@ -0,0 +1,584 @@
Name
====
`ngx.pipe` - spawn and communicate with OS processes via stdin/stdout/stderr in
a non-blocking fashion.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [spawn](#spawn)
* [set_timeouts](#set_timeouts)
* [wait](#wait)
* [pid](#pid)
* [kill](#kill)
* [shutdown](#shutdown)
* [write](#write)
* [stderr_read_all](#stderr_read_all)
* [stdout_read_all](#stdout_read_all)
* [stderr_read_line](#stderr_read_line)
* [stdout_read_line](#stdout_read_line)
* [stderr_read_bytes](#stderr_read_bytes)
* [stdout_read_bytes](#stdout_read_bytes)
* [stderr_read_any](#stderr_read_any)
* [stdout_read_any](#stdout_read_any)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
Synopsis
========
```nginx
location = /t {
content_by_lua_block {
local ngx_pipe = require "ngx.pipe"
local select = select
local function count_char(...)
local proc = ngx_pipe.spawn({'wc', '-c'})
local n = select('#', ...)
for i = 1, n do
local arg = select(i, ...)
local bytes, err = proc:write(arg)
if not bytes then
ngx.say(err)
return
end
end
local ok, err = proc:shutdown('stdin')
if not ok then
ngx.say(err)
return
end
local data, err = proc:stdout_read_line()
if not data then
ngx.say(err)
return
end
ngx.say(data)
end
count_char(("1234"):rep(2048))
}
}
```
This example counts characters (bytes) directly fed by OpenResty to the UNIX
command `wc`.
You could not do this with either `io.popen` or `os.execute` because `wc` will
not output the result until its stdin is closed.
[Back to TOC](#table-of-contents)
Description
===========
This module does not support non-POSIX operating systems like Windows yet.
If you are not using the Nginx core shipped with OpenResty, you will need to
apply the `socket_cloexec` patch to the standard Nginx core.
Under the hood, this module uses `fork` and `execvp` with the user-specified
command, and communicate with such spawned processes via the POSIX `pipe` API,
which contributes to the name of this module.
A signal handler for `SIGCHLD` is registered so that we can receive a
notification once the spawned processes exited.
We combine the above implementation with Nginx's event mechanism and
OpenResty's Lua coroutine scheduler, in order to ensure communication with the
spawned processes is non-blocking.
The communication APIs do not work in phases which do not support yielding,
such as `init_worker_by_lua*` or `log_by_lua*`, because there is no way to
yield the current light thread to avoid blocking the OS thread when
communicating with processes in those phases.
[Back to TOC](#table-of-contents)
Methods
=======
spawn
-----
**syntax:** *proc, err = pipe_module.spawn(args, opts?)*
**context:** *all phases except init_by_lua&#42;*
Creates and returns a new sub-process instance we can communicate with later.
For example:
```lua
local ngx_pipe = require "ngx.pipe"
local proc, err = ngx_pipe.spawn({"sh", "-c", "sleep 0.1 && exit 2"})
if not proc then
ngx.say(err)
return
end
```
In case of failure, this function returns `nil` and a string describing the
error.
The sub-process will be killed via `SIGKILL` if it is still alive when the
instance is collected by the garbage collector.
Note that `args` should either be a single level array-like Lua table with
string values, or just a single string.
Some more examples:
```lua
local proc, err = ngx_pipe.spawn({"ls", "-l"})
local proc, err = ngx_pipe.spawn({"perl", "-e", "print 'hello, wolrd'"})
```
If `args` is specified as a string, it will be executed by the operating system
shell, just like `os.execute`. The above example could thus be rewritten as:
```lua
local ngx_pipe = require "ngx.pipe"
local proc, err = ngx_pipe.spawn("sleep 0.1 && exit 2")
if not proc then
ngx.say(err)
return
end
```
In the shell mode, you should be very careful about shell injection attacks
when interpolating variables into command string, especially variables from
untrusted sources. Please make sure that you escape those variables while
assembling the command string. For this reason, it is highly recommended to use
the multi-arguments form (`args` as a table) to specify each command-line
argument explicitly.
Since by default, Nginx does not pass along the `PATH` system environment
variable, you will need to configure the `env PATH` directive if you wish for
it to be respected during the searching of sub-processes:
```nginx
env PATH;
...
content_by_lua_block {
local ngx_pipe = require "ngx.pipe"
local proc = ngx_pipe.spawn({'ls'})
}
```
The optional table argument `opts` can be used to control the behavior of
spawned processes. For instance:
```lua
local opts = {
merge_stderr = true,
buffer_size = 256,
environ = {"PATH=/tmp/bin", "CWD=/tmp/work"}
}
local proc, err = ngx_pipe.spawn({"sh", "-c", ">&2 echo data"}, opts)
if not proc then
ngx.say(err)
return
end
```
The following options are supported:
* `merge_stderr`: when set to `true`, the output to stderr will be redirected
to stdout in the spawned process. This is similar to doing `2>&1` in a shell.
* `buffer_size`: specifies the buffer size used by reading operations, in
bytes. The default buffer size is `4096`.
* `environ`: specifies environment variables for the spawned process. The value
must be a single-level, array-like Lua table with string values. If the
current platform does not support this option, `nil` plus a string `"environ
option not supported"` will be returned.
* `write_timeout`: specifies the write timeout threshold, in milliseconds. The
default threshold is `10000`. If the threshold is `0`, the write operation
will never time out.
* `stdout_read_timeout`: specifies the stdout read timeout threshold, in
milliseconds. The default threshold is `10000`. If the threshold is `0`, the
stdout read operation will never time out.
* `stderr_read_timeout`: specifies the stderr read timeout threshold, in
milliseconds. The default threshold is `10000`. If the threshold is `0`, the
stderr read operation will never time out.
* `wait_timeout`: specifies the wait timeout threshold, in milliseconds. The
default threshold is `10000`. If the threshold is `0`, the wait operation
will never time out.
[Back to TOC](#table-of-contents)
set_timeouts
------------
**syntax:** *proc:set_timeouts(write_timeout?, stdout_read_timeout?, stderr_read_timeout?, wait_timeout?)*
Respectively sets: the write timeout threshold, stdout read timeout threshold,
stderr read timeout threshold, and wait timeout threshold. All timeouts are in
milliseconds.
The default threshold for each timeout is 10 seconds.
If the specified timeout argument is `nil`, the corresponding timeout threshold
will not be changed. For example:
```lua
local proc, err = ngx_pipe.spawn({"sleep", "10s"})
-- only change the wait_timeout to 0.1 second.
proc:set_timeouts(nil, nil, nil, 100)
-- only change the send_timeout to 0.1 second.
proc:set_timeouts(100)
```
If the specified timeout argument is `0`, the corresponding operation will
never time out.
[Back to TOC](#table-of-contents)
wait
----
**syntax:** *ok, reason, status = proc:wait()*
**context:** *phases that support yielding*
Waits until the current sub-process exits.
It is possible to control how long to wait via [set_timeouts](#set_timeouts).
The default timeout is 10 seconds.
If process exited with status code zero, the `ok` return value will be `true`.
If process exited abnormally, the `ok` return value will be `false`.
The second return value, `reason`, will be a string. Its values may be:
* `exit`: the process exited by calling `exit(3)`, `_exit(2)`, or by
returning from `main()`. In this case, `status` will be the exit code.
* `signal`: the process was terminated by a signal. In this case, `status` will
be the signal number.
Note that only one light thread can wait on a process at a time. If another
light thread tries to wait on a process, the return values will be `nil` and
the error string `"pipe busy waiting"`.
If a thread tries to wait an exited process, the return values will be `nil`
and the error string `"exited"`.
[Back to TOC](#table-of-contents)
pid
---
**syntax:** *pid = proc:pid()*
Returns the pid number of the sub-process.
[Back to TOC](#table-of-contents)
kill
----
**syntax:** *ok, err = proc:kill(signum)*
Sends a signal to the sub-process.
Note that the `signum` argument should be signal's numerical value. If the
specified `signum` is not a number, an error will be thrown.
You should use [lua-resty-signal's signum()
function](https://github.com/openresty/lua-resty-signal#signum) to convert
signal names to signal numbers in order to ensure portability of your
application.
In case of success, this method returns `true`. Otherwise, it returns `nil` and
a string describing the error.
Killing an exited sub-process will return `nil` and the error string
`"exited"`.
Sending an invalid signal to the process will return `nil` and the error string
`"invalid signal"`.
[Back to TOC](#table-of-contents)
shutdown
--------
**syntax:** *ok, err = proc:shutdown(direction)*
Closes the specified direction of the current sub-process.
The `direction` argument should be one of these three values: `stdin`, `stdout`
and `stderr`.
In case of success, this method returns `true`. Otherwise, it returns `nil` and
a string describing the error.
If the `merge_stderr` option is specified in [spawn](#spawn), closing the
`stderr` direction will return `nil` and the error string `"merged to stdout"`.
Shutting down a direction when a light thread is waiting on it (such as during
reading or writing) will abort the light thread and return `true`.
Shutting down directions of an exited process will return `nil` and the error
string `"closed"`.
It is fine to shut down the same direction of the same stream multiple times;
no side effects are to be expected.
[Back to TOC](#table-of-contents)
write
-----
**syntax:** *nbytes, err = proc:write(data)*
**context:** *phases that support yielding*
Writes data to the current sub-process's stdin stream.
The `data` argument can be a string or a single level array-like Lua table with
string values.
This method is a synchronous and non-blocking operation that will not return
until *all* the data has been flushed to the sub-process's stdin buffer, or
an error occurs.
In case of success, it returns the total number of bytes that have been sent.
Otherwise, it returns `nil` and a string describing the error.
The timeout threshold of this `write` operation can be controlled by the
[set_timeouts](#set_timeouts) method. The default timeout threshold is 10
seconds.
When a timeout occurs, the data may be partially written into the sub-process's
stdin buffer and read by the sub-process.
Only one light thread is allowed to write to the sub-process at a time. If
another light thread tries to write to it, this method will return `nil` and
the error string `"pipe busy writing"`.
If the `write` operation is aborted by the [shutdown](#shutdown) method,
it will return `nil` and the error string `"aborted"`.
Writing to an exited sub-process will return `nil` and the error string
`"closed"`.
[Back to TOC](#table-of-contents)
stderr_read_all
---------------
**syntax:** *data, err, partial = proc:stderr_read_all()*
**context:** *phases that support yielding*
Reads all data from the current sub-process's stderr stream until it is closed.
This method is a synchronous and non-blocking operation, just like the
[write](#write) method.
The timeout threshold of this reading operation can be controlled by
[set_timeouts](#set_timeouts). The default timeout is 10 seconds.
In case of success, it returns the data received. Otherwise, it returns three
values: `nil`, a string describing the error, and, optionally, the partial data
received so far.
When `merge_stderr` is specified in [spawn](#spawn), calling `stderr_read_all`
will return `nil` and the error string `"merged to stdout"`.
Only one light thread is allowed to read from a sub-process's stderr or stdout
stream at a time. If another thread tries to read from the same stream, this
method will return `nil` and the error string `"pipe busy reading"`.
If the reading operation is aborted by the [shutdown](#shutdown) method,
it will return `nil` and the error string `"aborted"`.
Streams for stdout and stderr are separated, so at most two light threads may
be reading from a sub-process at a time (one for each stream).
The same way, a light thread may read from a stream while another light thread
is writing to the sub-process stdin stream.
Reading from an exited process's stream will return `nil` and the error string
`"closed"`.
[Back to TOC](#table-of-contents)
stdout_read_all
---------------
**syntax:** *data, err, partial = proc:stdout_read_all()*
**context:** *phases that support yielding*
Similar to the [stderr_read_all](#stderr_read_all) method, but reading from the
stdout stream of the sub-process.
[Back to TOC](#table-of-contents)
stderr_read_line
----------------
**syntax:** *data, err, partial = proc:stderr_read_line()*
**context:** *phases that support yielding*
Reads from stderr like [stderr_read_all](#stderr_read_all), but only reads a
single line of data.
When `merge_stderr` is specified in [spawn](#spawn), calling `stderr_read_line`
will return `nil` plus the error string `"merged to stdout"`.
When the data stream is truncated without a new-line character, it returns 3
values: `nil`, the error string `"closed"`, and the partial data received so
far.
The line should be terminated by a `Line Feed` (LF) character (ASCII 10),
optionally preceded by a `Carriage Return` (CR) character (ASCII 13). The CR
and LF characters are not included in the returned line data.
[Back to TOC](#table-of-contents)
stdout_read_line
----------------
**syntax:** *data, err, partial = proc:stdout_read_line()*
**context:** *phases that support yielding*
Similar to [stderr_read_line](#stderr_read_line), but reading from the
stdout stream of the sub-process.
[Back to TOC](#table-of-contents)
stderr_read_bytes
-----------------
**syntax:** *data, err, partial = proc:stderr_read_bytes(len)*
**context:** *phases that support yielding*
Reads from stderr like [stderr_read_all](#stderr_read_all), but only reads the
specified number of bytes.
If `merge_stderr` is specified in [spawn](#spawn), calling `stderr_read_bytes`
will return `nil` plus the error string `"merged to stdout"`.
If the data stream is truncated (fewer bytes of data available than requested),
this method returns 3 values: `nil`, the error string `"closed"`, and the
partial data string received so far.
[Back to TOC](#table-of-contents)
stdout_read_bytes
-----------------
**syntax:** *data, err, partial = proc:stdout_read_bytes(len)*
**context:** *phases that support yielding*
Similar to [stderr_read_bytes](#stderr_read_bytes), but reading from the
stdout stream of the sub-process.
[Back to TOC](#table-of-contents)
stderr_read_any
---------------
**syntax:** *data, err = proc:stderr_read_any(max)*
**context:** *phases that support yielding*
Reads from stderr like [stderr_read_all](#stderr_read_all), but returns
immediately when any amount of data is received.
At most `max` bytes are received.
If `merge_stderr` is specified in [spawn](#spawn), calling `stderr_read_any`
will return `nil` plus the error string `"merged to stdout"`.
If the received data is more than `max` bytes, this method will return with
exactly `max` bytes of data. The remaining data in the underlying receive
buffer can be fetched with a subsequent reading operation.
[Back to TOC](#table-of-contents)
stdout_read_any
---------------
**syntax:** *data, err = proc:stdout_read_any(max)*
**context:** *phases that support yielding*
Similar to [stderr_read_any](#stderr_read_any), but reading from the stdout
stream of the sub-process.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list
is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for
Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2018, by OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

106
deps/src/lua-resty-core/lib/ngx/process.lua vendored Normal file
View File

@@ -0,0 +1,106 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
local ffi = require 'ffi'
local errmsg = base.get_errmsg_ptr()
local FFI_ERROR = base.FFI_ERROR
local ffi_str = ffi.string
local tonumber = tonumber
local subsystem = ngx.config.subsystem
if subsystem == 'http' then
require "resty.core.phase" -- for ngx.get_phase
end
local ngx_phase = ngx.get_phase
local process_type_names = {
[0 ] = "single",
[1 ] = "master",
[2 ] = "signaller",
[3 ] = "worker",
[4 ] = "helper",
[99] = "privileged agent",
}
local C = ffi.C
local _M = { version = base.version }
local ngx_lua_ffi_enable_privileged_agent
local ngx_lua_ffi_get_process_type
local ngx_lua_ffi_process_signal_graceful_exit
local ngx_lua_ffi_master_pid
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_enable_privileged_agent(char **err);
int ngx_http_lua_ffi_get_process_type(void);
void ngx_http_lua_ffi_process_signal_graceful_exit(void);
int ngx_http_lua_ffi_master_pid(void);
]]
ngx_lua_ffi_enable_privileged_agent =
C.ngx_http_lua_ffi_enable_privileged_agent
ngx_lua_ffi_get_process_type = C.ngx_http_lua_ffi_get_process_type
ngx_lua_ffi_process_signal_graceful_exit =
C.ngx_http_lua_ffi_process_signal_graceful_exit
ngx_lua_ffi_master_pid = C.ngx_http_lua_ffi_master_pid
else
ffi.cdef[[
int ngx_stream_lua_ffi_enable_privileged_agent(char **err);
int ngx_stream_lua_ffi_get_process_type(void);
void ngx_stream_lua_ffi_process_signal_graceful_exit(void);
int ngx_stream_lua_ffi_master_pid(void);
]]
ngx_lua_ffi_enable_privileged_agent =
C.ngx_stream_lua_ffi_enable_privileged_agent
ngx_lua_ffi_get_process_type = C.ngx_stream_lua_ffi_get_process_type
ngx_lua_ffi_process_signal_graceful_exit =
C.ngx_stream_lua_ffi_process_signal_graceful_exit
ngx_lua_ffi_master_pid = C.ngx_stream_lua_ffi_master_pid
end
function _M.type()
local typ = ngx_lua_ffi_get_process_type()
return process_type_names[tonumber(typ)]
end
function _M.enable_privileged_agent()
if ngx_phase() ~= "init" then
return nil, "API disabled in the current context"
end
local rc = ngx_lua_ffi_enable_privileged_agent(errmsg)
if rc == FFI_ERROR then
return nil, ffi_str(errmsg[0])
end
return true
end
function _M.signal_graceful_exit()
ngx_lua_ffi_process_signal_graceful_exit()
end
function _M.get_master_pid()
local pid = ngx_lua_ffi_master_pid()
if pid == FFI_ERROR then
return nil
end
return tonumber(pid)
end
return _M

230
deps/src/lua-resty-core/lib/ngx/process.md vendored Normal file
View File

@@ -0,0 +1,230 @@
Name
====
`ngx.process` - manage the nginx processes for OpenResty/ngx_lua.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Functions](#functions)
* [type](#type)
* [enable_privileged_agent](#enable_privileged_agent)
* [signal_graceful_exit](#signal_graceful_exit)
* [get_master_pid](#get_master_pid)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
The API is still in flux and may change in the future without notice.
Synopsis
========
Enables privileged agent process, gets process type, and then gets the master process PID:
```nginx
# http config
init_by_lua_block {
local process = require "ngx.process"
-- enables privileged agent process
local ok, err = process.enable_privileged_agent()
if not ok then
ngx.log(ngx.ERR, "enables privileged agent failed error:", err)
end
-- output process type
ngx.log(ngx.INFO, "process type: ", process.type())
}
init_worker_by_lua_block {
local process = require "ngx.process"
ngx.log(ngx.INFO, "process type: ", process.type())
}
server {
# ...
location = /t {
content_by_lua_block {
local process = require "ngx.process"
ngx.say("process type: ", process.type())
ngx.say("master process pid: ", process.get_master_pid() or "-")
}
}
}
```
The example config above produces an output to `error.log` when
server starts:
```
[lua] init_by_lua:11: process type: master
[lua] init_worker_by_lua:3: process type: privileged agent
[lua] init_worker_by_lua:3: process type: worker
```
The example location above produces the following response body:
```
process type: worker
master process pid: 8261
```
[Back to TOC](#table-of-contents)
Functions
=========
type
----
**syntax:** *type_name = process_module.type()*
**context:** *any*
Returns the type of the current Nginx process. Depending on the calling context
and current process, the type can be one of:
* `master`: returned when this function is called from within the master
process
* `worker`: returned when this function is called from within a worker process
* `single`: returned when Nginx is running in the single process mode
* `signaller`: returned when Nginx is running as a signaller process
* `privileged agent`: returned when this funtion is called from within a
privileged agent process
For example:
```lua
local process = require "ngx.process"
ngx.say("process type:", process.type()) -- RESPONSE: worker
```
[Back to TOC](#table-of-contents)
enable_privileged_agent
-----------------------
**syntax:** *ok, err = process_module.enable_privileged_agent()*
**context:** *init_by_lua&#42;*
Enables the privileged agent process in Nginx.
The privileged agent process does not listen on any virtual server ports like those worker processes.
And it uses the same system account as the nginx master process, which is usually a privileged account
like `root`.
The `init_worker_by_lua*` directive handler still runs in the privileged agent process. And one can
use the [type](#type) function provided by this module to check if the current process is a privileged
agent.
In case of failures, returns `nil` and a string describing the error.
[Back to TOC](#table-of-contents)
signal_graceful_exit
--------------------
**syntax:** *process_module.signal_graceful_exit()*
**context:** *any*
Signals the *current* nginx (worker) process to quit gracefully, i.e., after all the timers have expired (in time or expired prematurely).
Note that this API function simply sets the nginx global C variable `ngx_quit` to signal the nginx event
loop directly. No UNIX signals or IPC are involved here.
WARNING: the official NGINX core does not perform the graceful exiting procedure when the [master_process](http://nginx.org/r/master_process)
directive is turned `off`. The OpenResty's NGINX core has a
[custom patch](https://github.com/openresty/openresty/blob/master/patches/nginx-1.11.2-single_process_graceful_exit.patch)
applied, which fixes this issue.
[Back to TOC](#table-of-contents)
get_master_pid
--------------
**syntax:** *pid = process_module.get_master_pid()*
**context:** *any*
Returns a number value for the nginx master process's process ID (or PID).
This function requires NGINX 1.13.8+ cores to work properly. Otherwise it returns `nil`.
This feature first appeared in lua-resty-core v0.1.14.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Yuansheng Wang &lt;membphis@gmail.com&gt; (membphis), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

318
deps/src/lua-resty-core/lib/ngx/re.lua vendored Normal file
View File

@@ -0,0 +1,318 @@
-- I hereby assign copyright in this code to the lua-resty-core project,
-- to be licensed under the same terms as the rest of the code.
local base = require "resty.core.base"
local ffi = require 'ffi'
local bit = require "bit"
local core_regex = require "resty.core.regex"
if core_regex.no_pcre then
error("no support for 'ngx.re' module: OpenResty was " ..
"compiled without PCRE support", 3)
end
local C = ffi.C
local ffi_str = ffi.string
local sub = string.sub
local error = error
local type = type
local band = bit.band
local new_tab = base.new_tab
local tostring = tostring
local math_max = math.max
local math_min = math.min
local is_regex_cache_empty = core_regex.is_regex_cache_empty
local re_match_compile = core_regex.re_match_compile
local destroy_compiled_regex = core_regex.destroy_compiled_regex
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local FFI_OK = base.FFI_OK
local subsystem = ngx.config.subsystem
local MAX_ERR_MSG_LEN = 128
local FLAG_DFA = 0x02
local PCRE_ERROR_NOMATCH = -1
local DEFAULT_SPLIT_RES_SIZE = 4
local split_ctx = new_tab(0, 1)
local ngx_lua_ffi_set_jit_stack_size
local ngx_lua_ffi_exec_regex
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_set_jit_stack_size(int size, unsigned char *errstr,
size_t *errstr_size);
]]
ngx_lua_ffi_exec_regex = C.ngx_http_lua_ffi_exec_regex
ngx_lua_ffi_set_jit_stack_size = C.ngx_http_lua_ffi_set_jit_stack_size
elseif subsystem == 'stream' then
ffi.cdef[[
int ngx_stream_lua_ffi_set_jit_stack_size(int size, unsigned char *errstr,
size_t *errstr_size);
]]
ngx_lua_ffi_exec_regex = C.ngx_stream_lua_ffi_exec_regex
ngx_lua_ffi_set_jit_stack_size = C.ngx_stream_lua_ffi_set_jit_stack_size
end
local _M = { version = base.version }
local function re_split_helper(subj, compiled, compile_once, flags, ctx)
local rc
do
local pos = math_max(ctx.pos, 0)
rc = ngx_lua_ffi_exec_regex(compiled, flags, subj, #subj, pos)
end
if rc == PCRE_ERROR_NOMATCH then
return nil, nil, nil
end
if rc < 0 then
if not compile_once then
destroy_compiled_regex(compiled)
end
return nil, nil, nil, "pcre_exec() failed: " .. rc
end
if rc == 0 then
if band(flags, FLAG_DFA) == 0 then
if not compile_once then
destroy_compiled_regex(compiled)
end
return nil, nil, nil, "capture size too small"
end
rc = 1
end
local caps = compiled.captures
local ncaps = compiled.ncaptures
local from = caps[0]
local to = caps[1]
if from < 0 or to < 0 then
return nil, nil, nil
end
if from == to then
-- empty match, skip to next char
ctx.pos = to + 1
else
ctx.pos = to
end
-- convert to Lua string indexes
from = from + 1
to = to + 1
-- retrieve the first sub-match capture if any
if ncaps > 0 and rc > 1 then
return from, to, sub(subj, caps[2] + 1, caps[3])
end
return from, to
end
function _M.split(subj, regex, opts, ctx, max, res)
-- we need to cast this to strings to avoid exceptions when they are
-- something else.
-- needed because of further calls to string.sub in this function.
subj = tostring(subj)
if not ctx then
ctx = split_ctx
ctx.pos = 1 -- set or reset upvalue field
elseif not ctx.pos then
-- ctx provided by user but missing pos field
ctx.pos = 1
end
max = max or 0
if not res then
-- limit the initial arr_n size of res to a reasonable value
-- 0 < narr <= DEFAULT_SPLIT_RES_SIZE
local narr = DEFAULT_SPLIT_RES_SIZE
if max > 0 then
-- the user specified a valid max limiter if max > 0
narr = math_min(narr, max)
end
res = new_tab(narr, 0)
elseif type(res) ~= "table" then
error("res is not a table", 2)
end
local len = #subj
if ctx.pos > len then
res[1] = nil
return res
end
-- compile regex
local compiled, compile_once, flags = re_match_compile(regex, opts)
if compiled == nil then
-- compiled_once holds the error string
return nil, compile_once
end
local sub_idx = ctx.pos
local res_idx = 0
local last_empty_match
-- update to split_helper PCRE indexes
ctx.pos = sub_idx - 1
-- splitting: with and without a max limiter
if max > 0 then
local count = 1
while count < max do
local from, to, capture, err = re_split_helper(subj, compiled,
compile_once, flags, ctx)
if err then
return nil, err
end
if not from then
break
end
if last_empty_match then
sub_idx = last_empty_match
end
if from == to then
last_empty_match = from
end
if from > sub_idx or not last_empty_match then
count = count + 1
res_idx = res_idx + 1
res[res_idx] = sub(subj, sub_idx, from - 1)
if capture then
res_idx = res_idx + 1
res[res_idx] = capture
end
sub_idx = to
if sub_idx > len then
break
end
end
end
else
while true do
local from, to, capture, err = re_split_helper(subj, compiled,
compile_once, flags, ctx)
if err then
return nil, err
end
if not from then
break
end
if last_empty_match then
sub_idx = last_empty_match
end
if from == to then
last_empty_match = from
end
if from > sub_idx or not last_empty_match then
res_idx = res_idx + 1
res[res_idx] = sub(subj, sub_idx, from - 1)
if capture then
res_idx = res_idx + 1
res[res_idx] = capture
end
sub_idx = to
if sub_idx > len then
break
end
end
end
end
if not compile_once then
destroy_compiled_regex(compiled)
end
-- trailing nil for non-cleared res tables
-- delete empty trailing ones (without max)
if max <= 0 and sub_idx > len then
for ety_idx = res_idx, 1, -1 do
if res[ety_idx] ~= "" then
res_idx = ety_idx
break
end
res[ety_idx] = nil
end
else
res_idx = res_idx + 1
res[res_idx] = sub(subj, sub_idx)
end
res[res_idx + 1] = nil
return res
end
function _M.opt(option, value)
if option == "jit_stack_size" then
if not is_regex_cache_empty() then
error("changing jit stack size is not allowed when some " ..
"regexs have already been compiled and cached", 2)
end
local errbuf = get_string_buf(MAX_ERR_MSG_LEN)
local sizep = get_size_ptr()
sizep[0] = MAX_ERR_MSG_LEN
local rc = ngx_lua_ffi_set_jit_stack_size(value, errbuf, sizep)
if rc == FFI_OK then
return
end
error(ffi_str(errbuf, sizep[0]), 2)
end
error("unrecognized option name", 2)
end
return _M

249
deps/src/lua-resty-core/lib/ngx/re.md vendored Normal file
View File

@@ -0,0 +1,249 @@
Name
====
ngx.re - Lua API for convenience utilities for `ngx.re`.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [split](#split)
* [opt](#opt)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
Synopsis
========
```lua
local ngx_re = require "ngx.re"
-- split
local res, err = ngx_re.split("a,b,c,d", ",")
--> res is now {"a", "b", "c", "d"}
-- opt
ngx_re.opt("jit_stack_size", 128 * 1024)
--> the PCRE jit stack can now handle more complex regular expressions
```
[Back to TOC](#table-of-contents)
Description
===========
This Lua module provides a Lua API which implements convenience utilities for
the `ngx.re` API.
[Back to TOC](#table-of-contents)
Methods
=======
All the methods of this module are static (or module-level). That is, you do
not need an object (or instance) to call these methods.
[Back to TOC](#table-of-contents)
split
-----
**syntax:** *res, err = ngx_re.split(subject, regex, options?, ctx?, max?, res?)*
Splits the `subject` string using the Perl compatible regular expression
`regex` with the optional `options`.
This function returns a Lua (array) table (with integer keys) containing the
split values.
In case of error, `nil` will be returned as well as a string describing the
error.
When `regex` contains a sub-match capturing group, and when such a match is
found, the first submatch capture will be inserted in between each split
value, like so:
```lua
local ngx_re = require "ngx.re"
local res, err = ngx_re.split("a,b,c,d", "(,)")
-- res is now {"a", ",", "b", ",", "c", ",", "d"}
```
When `regex` is empty string `""`, the `subject` will be split into chars,
like so:
```lua
local ngx_re = require "ngx.re"
local res, err = ngx_re.split("abcd", "")
-- res is now {"a", "b", "c", "d"}
```
The optional `ctx` table argument can be a Lua table holding an optional `pos`
field. When the `pos` field in the `ctx` table argument is specified,
`ngx_re.split` will start splitting the `subject` from that index:
```lua
local ngx_re = require "ngx.re"
local res, err = ngx_re.split("a,b,c,d", ",", nil, {pos = 5})
-- res is now {"c", "d"}
```
The optional `max` argument is a number that when specified, will prevent
`ngx_re.split` from adding more than `max` matches to the `res` array:
```lua
local ngx_re = require "ngx.re"
local res, err = ngx_re.split("a,b,c,d", ",", nil, nil, 3)
-- res is now {"a", "b", "c,d"}
```
Specifying `max <= 0` disables this behavior, meaning that the number of
results won't be limited.
The optional 6th argument `res` can be a table that `ngx_re.split` will re-use
to hold the results instead of creating a new one, which can improve
performance in hot code paths. It is used like so:
```lua
local ngx_re = require "ngx.re"
local my_table = {"hello world"}
local res, err = ngx_re.split("a,b,c,d", ",", nil, nil, nil, my_table)
-- res/my_table is now {"a", "b", "c", "d"}
```
When provided with a `res` table, `ngx_re.split` won't clear the table
for performance reasons, but will rather insert a trailing `nil` value
when the split is completed:
```lua
local ngx_re = require "ngx.re"
local my_table = {"W", "X", "Y", "Z"}
local res, err = ngx_re.split("a,b", ",", nil, nil, nil, my_table)
-- res/my_table is now {"a", "b", nil, "Z"}
```
When the trailing `nil` is not enough for your purpose, you should
clear the table yourself before feeding it into the `split` function.
[Back to TOC](#table-of-contents)
opt
-----
**syntax:** *ngx_re.opt(option, value)*
Allows changing of regex settings. Currently, it can only change the
`jit_stack_size` of the PCRE engine, like so:
```nginx
init_by_lua_block { require "ngx.re".opt("jit_stack_size", 200 * 1024) }
server {
location /re {
content_by_lua_block {
-- full regex and string are taken from https://github.com/JuliaLang/julia/issues/8278
local very_long_string = [[71.163.72.113 - - [30/Jul/2014:16:40:55 -0700] ...]]
local very_complicated_regex = [[([\d\.]+) ([\w.-]+) ([\w.-]+) (\[.+\]) ...]]
local from, to, err = ngx.re.find(very_long_string, very_complicated_regex, "jo")
-- with the regular jit_stack_size, we would get the error 'pcre_exec() failed: -27'
-- instead, we get a match
ngx.print(from .. "-" .. to) -- prints '1-1563'
}
}
}
```
The `jit_stack_size` cannot be set to a value lower than PCRE's default of 32K.
This method requires the PCRE library enabled in Nginx.
This feature was first introduced in the `v0.1.12` release.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list
is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for
Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Thibault Charbonnier - ([@thibaultcha](https://github.com/thibaultcha))
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2016-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

20
deps/src/lua-resty-core/lib/ngx/req.lua vendored Normal file
View File

@@ -0,0 +1,20 @@
-- Copyright (C) by OpenResty Inc.
local base = require "resty.core.base"
base.allows_subsystem("http")
local core_request = require "resty.core.request"
local set_req_header = core_request.set_req_header
local _M = { version = base.version }
function _M.add_header(key, value)
set_req_header(key, value, false)
end
return _M

139
deps/src/lua-resty-core/lib/ngx/req.md vendored Normal file
View File

@@ -0,0 +1,139 @@
Name
====
ngx.req - Lua API for HTTP request handling.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [add_header](#add_header)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
Synopsis
========
```lua
local ngx_req = require "ngx.req"
-- add_header
ngx_req.add_header("Foo", "bar")
ngx_req.add_header("Foo", "baz")
--> there will be two new headers in the HTTP request:
--> Foo: bar and Foo: baz
```
[Back to TOC](#table-of-contents)
Description
===========
This module provides a Lua API to handle HTTP requests.
[Back to TOC](#table-of-contents)
Methods
=======
All methods provided by this module are static (or module-level). That is, you
do not need an object (or instance) to call these methods.
[Back to TOC](#table-of-contents)
add_header
----------
**syntax:** *ngx_req.add_header(header_name, header_value)*
**context:** *set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;*
This method adds the specified header and its value to the current
request. It works similarly as
[ngx.req.set_header](https://github.com/openresty/lua-nginx-module#ngxreqset_header),
with the exception that when the header already exists, the specified value(s)
will be appended instead of overriden.
The first argument `header_name` must be a non-empty string.
When the specified `header_name` is a builtin header (e.g. `User-Agent`), this
method will override its values.
The `header_value` argument can either be a string or a non-empty, array-like
table. A `nil` or empty table value will cause this function to throw an error.
This feature was first introduced in the `v0.1.18` release.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list
is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for
Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2016-2019, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* library [lua-resty-core](https://github.com/openresty/lua-resty-core)
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

18
deps/src/lua-resty-core/lib/ngx/resp.lua vendored Normal file
View File

@@ -0,0 +1,18 @@
-- Copyright (C) Yichun Zhang. All rights reserved.
local base = require "resty.core.base"
base.allows_subsystem('http')
local core_response = require "resty.core.response"
local set_resp_header = core_response.set_resp_header
local _M = { version = base.version }
function _M.add_header(key, value)
set_resp_header(nil, key, value, true)
end
return _M

133
deps/src/lua-resty-core/lib/ngx/resp.md vendored Normal file
View File

@@ -0,0 +1,133 @@
Name
====
ngx.resp - Lua API for HTTP response handling.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [add_header](#add_header)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is currently considered experimental.
Synopsis
========
```lua
local ngx_resp = require "ngx.resp"
-- add_header
ngx_resp.add_header("Foo", "bar")
ngx_resp.add_header("Foo", "baz")
--> there will be two new headers in HTTP response:
--> Foo: bar and Foo: baz
```
[Back to TOC](#table-of-contents)
Description
===========
This Lua module provides Lua API which could be used to handle HTTP response.
[Back to TOC](#table-of-contents)
Methods
=======
All the methods of this module are static (or module-level). That is, you do
not need an object (or instance) to call these methods.
[Back to TOC](#table-of-contents)
add_header
----------
**syntax:** *ngx_resp.add_header(header_name, header_value)*
This function adds specified header with corresponding value to the response of
current request. The `header_value` could be either a string or a table.
The `ngx.resp.add_header` works mostly like:
* [ngx.header.HEADER](https://github.com/openresty/lua-nginx-module#ngxheaderheader)
* Nginx's [add_header](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) directive.
However, unlike `ngx.header.HEADER`, this method appends new header to the old
one instead of overriding it.
Unlike `add_header` directive, this method will override the builtin header
instead of appending it.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list
is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for
Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2018, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

193
deps/src/lua-resty-core/lib/ngx/semaphore.lua vendored Normal file
View File

@@ -0,0 +1,193 @@
-- Copyright (C) Yichun Zhang (agentzh)
-- Copyright (C) cuiweixie
-- I hereby assign copyright in this code to the lua-resty-core project,
-- to be licensed under the same terms as the rest of the code.
local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
local ffi = require 'ffi'
local FFI_OK = base.FFI_OK
local FFI_ERROR = base.FFI_ERROR
local FFI_DECLINED = base.FFI_DECLINED
local ffi_new = ffi.new
local ffi_str = ffi.string
local ffi_gc = ffi.gc
local C = ffi.C
local type = type
local error = error
local tonumber = tonumber
local get_request = base.get_request
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local setmetatable = setmetatable
local co_yield = coroutine._yield
local ERR_BUF_SIZE = 128
local subsystem = ngx.config.subsystem
local errmsg = base.get_errmsg_ptr()
local psem
local ngx_lua_ffi_sema_new
local ngx_lua_ffi_sema_post
local ngx_lua_ffi_sema_count
local ngx_lua_ffi_sema_wait
local ngx_lua_ffi_sema_gc
if subsystem == 'http' then
ffi.cdef[[
struct ngx_http_lua_sema_s;
typedef struct ngx_http_lua_sema_s ngx_http_lua_sema_t;
int ngx_http_lua_ffi_sema_new(ngx_http_lua_sema_t **psem,
int n, char **errmsg);
int ngx_http_lua_ffi_sema_post(ngx_http_lua_sema_t *sem, int n);
int ngx_http_lua_ffi_sema_count(ngx_http_lua_sema_t *sem);
int ngx_http_lua_ffi_sema_wait(ngx_http_request_t *r,
ngx_http_lua_sema_t *sem, int wait_ms,
unsigned char *errstr, size_t *errlen);
void ngx_http_lua_ffi_sema_gc(ngx_http_lua_sema_t *sem);
]]
psem = ffi_new("ngx_http_lua_sema_t *[1]")
ngx_lua_ffi_sema_new = C.ngx_http_lua_ffi_sema_new
ngx_lua_ffi_sema_post = C.ngx_http_lua_ffi_sema_post
ngx_lua_ffi_sema_count = C.ngx_http_lua_ffi_sema_count
ngx_lua_ffi_sema_wait = C.ngx_http_lua_ffi_sema_wait
ngx_lua_ffi_sema_gc = C.ngx_http_lua_ffi_sema_gc
elseif subsystem == 'stream' then
ffi.cdef[[
struct ngx_stream_lua_sema_s;
typedef struct ngx_stream_lua_sema_s ngx_stream_lua_sema_t;
int ngx_stream_lua_ffi_sema_new(ngx_stream_lua_sema_t **psem,
int n, char **errmsg);
int ngx_stream_lua_ffi_sema_post(ngx_stream_lua_sema_t *sem, int n);
int ngx_stream_lua_ffi_sema_count(ngx_stream_lua_sema_t *sem);
int ngx_stream_lua_ffi_sema_wait(ngx_stream_lua_request_t *r,
ngx_stream_lua_sema_t *sem, int wait_ms,
unsigned char *errstr, size_t *errlen);
void ngx_stream_lua_ffi_sema_gc(ngx_stream_lua_sema_t *sem);
]]
psem = ffi_new("ngx_stream_lua_sema_t *[1]")
ngx_lua_ffi_sema_new = C.ngx_stream_lua_ffi_sema_new
ngx_lua_ffi_sema_post = C.ngx_stream_lua_ffi_sema_post
ngx_lua_ffi_sema_count = C.ngx_stream_lua_ffi_sema_count
ngx_lua_ffi_sema_wait = C.ngx_stream_lua_ffi_sema_wait
ngx_lua_ffi_sema_gc = C.ngx_stream_lua_ffi_sema_gc
end
local _M = { version = base.version }
local mt = { __index = _M }
function _M.new(n)
n = tonumber(n) or 0
if n < 0 then
error("no negative number", 2)
end
local ret = ngx_lua_ffi_sema_new(psem, n, errmsg)
if ret == FFI_ERROR then
return nil, ffi_str(errmsg[0])
end
local sem = psem[0]
ffi_gc(sem, ngx_lua_ffi_sema_gc)
return setmetatable({ sem = sem }, mt)
end
function _M.wait(self, seconds)
if type(self) ~= "table" or type(self.sem) ~= "cdata" then
error("not a semaphore instance", 2)
end
local r = get_request()
if not r then
error("no request found")
end
local milliseconds = tonumber(seconds) * 1000
if milliseconds < 0 then
error("no negative number", 2)
end
local cdata_sem = self.sem
local err = get_string_buf(ERR_BUF_SIZE)
local errlen = get_size_ptr()
errlen[0] = ERR_BUF_SIZE
local ret = ngx_lua_ffi_sema_wait(r, cdata_sem,
milliseconds, err, errlen)
if ret == FFI_ERROR then
return nil, ffi_str(err, errlen[0])
end
if ret == FFI_OK then
return true
end
if ret == FFI_DECLINED then
return nil, "timeout"
end
-- Note: we cannot use the tail-call form here since we
-- might need the current function call's activation
-- record to hold the reference to our semaphore object
-- to prevent it from getting GC'd prematurely.
local ok
ok, err = co_yield()
return ok, err
end
function _M.post(self, n)
if type(self) ~= "table" or type(self.sem) ~= "cdata" then
error("not a semaphore instance", 2)
end
local cdata_sem = self.sem
local num = n and tonumber(n) or 1
if num < 1 then
error("positive number required", 2)
end
-- always return NGX_OK
ngx_lua_ffi_sema_post(cdata_sem, num)
return true
end
function _M.count(self)
if type(self) ~= "table" or type(self.sem) ~= "cdata" then
error("not a semaphore instance", 2)
end
return ngx_lua_ffi_sema_count(self.sem)
end
return _M

356
deps/src/lua-resty-core/lib/ngx/semaphore.md vendored Normal file
View File

@@ -0,0 +1,356 @@
Name
====
ngx.semaphore - light thread semaphore for OpenResty/ngx_lua.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Synchronizing threads in the same context](#synchronizing-threads-in-the-same-context)
* [Synchronizing threads in different contexts](#synchronizing-threads-in-different-contexts)
* [Description](#description)
* [Methods](#methods)
* [new](#new)
* [post](#post)
* [wait](#wait)
* [count](#count)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is production ready.
Synopsis
========
Synchronizing threads in the same context
-----------------------------------------
```nginx
location = /t {
content_by_lua_block {
local semaphore = require "ngx.semaphore"
local sema = semaphore.new()
local function handler()
ngx.say("sub thread: waiting on sema...")
local ok, err = sema:wait(1) -- wait for a second at most
if not ok then
ngx.say("sub thread: failed to wait on sema: ", err)
else
ngx.say("sub thread: waited successfully.")
end
end
local co = ngx.thread.spawn(handler)
ngx.say("main thread: sleeping for a little while...")
ngx.sleep(0.1) -- wait a bit
ngx.say("main thread: posting to sema...")
sema:post(1)
ngx.say("main thread: end.")
}
}
```
The example location above produces a response output like this:
```
sub thread: waiting on sema...
main thread: sleeping for a little while...
main thread: posting to sema...
main thread: end.
sub thread: waited successfully.
```
[Back to TOC](#table-of-contents)
Synchronizing threads in different contexts
-------------------------------------------
```nginx
location = /t {
content_by_lua_block {
local semaphore = require "ngx.semaphore"
local sema = semaphore.new()
local outputs = {}
local i = 1
local function out(s)
outputs[i] = s
i = i + 1
end
local function handler()
out("timer thread: sleeping for a little while...")
ngx.sleep(0.1) -- wait a bit
out("timer thread: posting on sema...")
sema:post(1)
end
assert(ngx.timer.at(0, handler))
out("main thread: waiting on sema...")
local ok, err = sema:wait(1) -- wait for a second at most
if not ok then
out("main thread: failed to wait on sema: ", err)
else
out("main thread: waited successfully.")
end
out("main thread: end.")
ngx.say(table.concat(outputs, "\n"))
}
}
```
The example location above produces a response body like this
```
main thread: waiting on sema...
timer thread: sleeping for a little while...
timer thread: posting on sema...
main thread: waited successfully.
main thread: end.
```
The same applies to different request contexts as long as these requests are served
by the same nginx worker process.
[Back to TOC](#table-of-contents)
Description
===========
This module provides an efficient semaphore API for the OpenResty/ngx_lua module. With
semaphores, "light threads" (created by [ngx.thread.spawn](https://github.com/openresty/lua-nginx-module#ngxthreadspawn),
[ngx.timer.at](https://github.com/openresty/lua-nginx-module#ngxtimerat), and etc.) can
synchronize among each other very efficiently without constant polling and sleeping.
"Light threads" in different contexts (like in different requests) can share the same
semaphore instance as long as these "light threads" reside in the same NGINX worker
process and the [lua_code_cache](https://github.com/openresty/lua-nginx-module#lua_code_cache)
directive is turned on (which is the default). For inter-process "light thread" synchronization,
it is recommended to use the [lua-resty-lock](https://github.com/openresty/lua-resty-lock) library instead
(which is a bit less efficient than this semaphore API though).
This semaphore API has a pure userland implementation which does not involve any system calls nor
block any operating system threads. It works closely with the event model of NGINX without
introducing any extra delay.
Like other APIs provided by this `lua-resty-core` library, the LuaJIT FFI feature is required.
[Back to TOC](#table-of-contents)
Methods
=======
[Back to TOC](#table-of-contents)
new
---
**syntax:** *sema, err = semaphore_module.new(n?)*
**context:** *init_by_lua&#42;, init_worker_by_lua&#42;, set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;*
Creates and returns a new semaphore instance that has `n` (default to `0`) resources.
For example,
```lua
local semaphore = require "ngx.semaphore"
local sema, err = semaphore.new()
if not sema then
ngx.say("create semaphore failed: ", err)
end
```
Often the semaphore object created is shared on the NGINX worker process by mounting in a custom Lua module, as
documented below:
https://github.com/openresty/lua-nginx-module#data-sharing-within-an-nginx-worker
[Back to TOC](#table-of-contents)
post
--------
**syntax:** *sema:post(n?)*
**context:** *init_by_lua&#42;, init_worker_by_lua&#42;, set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;*
Releases `n` (default to `1`) "resources" to the semaphore instance.
This will not yield the current running "light thread".
At most `n` "light threads" will be waken up when the current running "light thread" later yields (or terminates).
```lua
-- typically, we get the semaphore instance from upvalue or globally shared data
-- See https://github.com/openresty/lua-nginx-module#data-sharing-within-an-nginx-worker
local semaphore = require "ngx.semaphore"
local sema = semaphore.new()
sema:post(2) -- releases 2 resources
```
[Back to TOC](#table-of-contents)
wait
----
**syntax:** *ok, err = sema:wait(timeout)*
**context:** *rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, ngx.timer.&#42;*
Requests a resource from the semaphore instance.
Returns `true` immediately when there is resources available for the current running "light thread".
Otherwise the current "light thread" will enter the waiting queue and yield execution.
The current "light thread" will be automatically waken up and the `wait` function call
will return `true` when there is resources available for it, or return `nil` and a string describing
the error in case of failure (like `"timeout"`).
The `timeout` argument specifies the maximum time this function call should wait for (in seconds).
When the `timeout` argument is 0, it means "no wait", that is, when there is no readily available
"resources" for the current running "light thread", this `wait` function call returns immediately
`nil` and the error string `"timeout"`.
You can specify millisecond precision in the timeout value by using floating point numbers like 0.001 (which means 1ms).
"Light threads" created by different contexts (like request handlers) can wait on the
same semaphore instance without problem.
See [Synopsis](#synopsis) for code examples.
[Back to TOC](#table-of-contents)
count
--------
**syntax:** *count = sema:count()*
**context:** *init_by_lua&#42;, init_worker_by_lua&#42;, set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;,
content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;*
Returns the number of resources readily available in the `sema` semaphore instance (if any).
When the returned number is negative, it means the number of "light threads" waiting on
this semaphore.
Consider the following example,
```lua
local semaphore = require "ngx.semaphore"
local sema = semaphore.new(0)
ngx.say("count: ", sema:count()) -- count: 0
local function handler(id)
local ok, err = sema:wait(1)
if not ok then
ngx.say("err: ", err)
else
ngx.say("wait success")
end
end
local co1 = ngx.thread.spawn(handler)
local co2 = ngx.thread.spawn(handler)
ngx.say("count: ", sema:count()) -- count: -2
sema:post(1)
ngx.say("count: ", sema:count()) -- count: -1
sema:post(2)
ngx.say("count: ", sema:count()) -- count: 1
```
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Weixie Cui, Kugou Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2015-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

467
deps/src/lua-resty-core/lib/ngx/ssl.lua vendored Normal file
View File

@@ -0,0 +1,467 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
local ffi = require "ffi"
local C = ffi.C
local ffi_str = ffi.string
local ffi_gc = ffi.gc
local get_request = base.get_request
local error = error
local tonumber = tonumber
local errmsg = base.get_errmsg_ptr()
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local FFI_DECLINED = base.FFI_DECLINED
local FFI_OK = base.FFI_OK
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_ssl_set_der_certificate
local ngx_lua_ffi_ssl_clear_certs
local ngx_lua_ffi_ssl_set_der_private_key
local ngx_lua_ffi_ssl_raw_server_addr
local ngx_lua_ffi_ssl_server_port
local ngx_lua_ffi_ssl_server_name
local ngx_lua_ffi_ssl_raw_client_addr
local ngx_lua_ffi_cert_pem_to_der
local ngx_lua_ffi_priv_key_pem_to_der
local ngx_lua_ffi_ssl_get_tls1_version
local ngx_lua_ffi_parse_pem_cert
local ngx_lua_ffi_parse_pem_priv_key
local ngx_lua_ffi_set_cert
local ngx_lua_ffi_set_priv_key
local ngx_lua_ffi_free_cert
local ngx_lua_ffi_free_priv_key
local ngx_lua_ffi_ssl_verify_client
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_ssl_set_der_certificate(ngx_http_request_t *r,
const char *data, size_t len, char **err);
int ngx_http_lua_ffi_ssl_clear_certs(ngx_http_request_t *r, char **err);
int ngx_http_lua_ffi_ssl_set_der_private_key(ngx_http_request_t *r,
const char *data, size_t len, char **err);
int ngx_http_lua_ffi_ssl_raw_server_addr(ngx_http_request_t *r, char **addr,
size_t *addrlen, int *addrtype, char **err);
int ngx_http_lua_ffi_ssl_server_port(ngx_http_request_t *r,
unsigned short *server_port, char **err);
int ngx_http_lua_ffi_ssl_server_name(ngx_http_request_t *r, char **name,
size_t *namelen, char **err);
int ngx_http_lua_ffi_ssl_raw_client_addr(ngx_http_request_t *r, char **addr,
size_t *addrlen, int *addrtype, char **err);
int ngx_http_lua_ffi_cert_pem_to_der(const unsigned char *pem,
size_t pem_len, unsigned char *der, char **err);
int ngx_http_lua_ffi_priv_key_pem_to_der(const unsigned char *pem,
size_t pem_len, unsigned char *der, char **err);
int ngx_http_lua_ffi_ssl_get_tls1_version(ngx_http_request_t *r,
char **err);
void *ngx_http_lua_ffi_parse_pem_cert(const unsigned char *pem,
size_t pem_len, char **err);
void *ngx_http_lua_ffi_parse_pem_priv_key(const unsigned char *pem,
size_t pem_len, char **err);
int ngx_http_lua_ffi_set_cert(void *r, void *cdata, char **err);
int ngx_http_lua_ffi_set_priv_key(void *r, void *cdata, char **err);
void ngx_http_lua_ffi_free_cert(void *cdata);
void ngx_http_lua_ffi_free_priv_key(void *cdata);
int ngx_http_lua_ffi_ssl_verify_client(void *r,
void *cdata, int depth, char **err);
]]
ngx_lua_ffi_ssl_set_der_certificate =
C.ngx_http_lua_ffi_ssl_set_der_certificate
ngx_lua_ffi_ssl_clear_certs = C.ngx_http_lua_ffi_ssl_clear_certs
ngx_lua_ffi_ssl_set_der_private_key =
C.ngx_http_lua_ffi_ssl_set_der_private_key
ngx_lua_ffi_ssl_raw_server_addr = C.ngx_http_lua_ffi_ssl_raw_server_addr
ngx_lua_ffi_ssl_server_port = C.ngx_http_lua_ffi_ssl_server_port
ngx_lua_ffi_ssl_server_name = C.ngx_http_lua_ffi_ssl_server_name
ngx_lua_ffi_ssl_raw_client_addr = C.ngx_http_lua_ffi_ssl_raw_client_addr
ngx_lua_ffi_cert_pem_to_der = C.ngx_http_lua_ffi_cert_pem_to_der
ngx_lua_ffi_priv_key_pem_to_der = C.ngx_http_lua_ffi_priv_key_pem_to_der
ngx_lua_ffi_ssl_get_tls1_version = C.ngx_http_lua_ffi_ssl_get_tls1_version
ngx_lua_ffi_parse_pem_cert = C.ngx_http_lua_ffi_parse_pem_cert
ngx_lua_ffi_parse_pem_priv_key = C.ngx_http_lua_ffi_parse_pem_priv_key
ngx_lua_ffi_set_cert = C.ngx_http_lua_ffi_set_cert
ngx_lua_ffi_set_priv_key = C.ngx_http_lua_ffi_set_priv_key
ngx_lua_ffi_free_cert = C.ngx_http_lua_ffi_free_cert
ngx_lua_ffi_free_priv_key = C.ngx_http_lua_ffi_free_priv_key
ngx_lua_ffi_ssl_verify_client = C.ngx_http_lua_ffi_ssl_verify_client
elseif subsystem == 'stream' then
ffi.cdef[[
int ngx_stream_lua_ffi_ssl_set_der_certificate(ngx_stream_lua_request_t *r,
const char *data, size_t len, char **err);
int ngx_stream_lua_ffi_ssl_clear_certs(ngx_stream_lua_request_t *r,
char **err);
int ngx_stream_lua_ffi_ssl_set_der_private_key(ngx_stream_lua_request_t *r,
const char *data, size_t len, char **err);
int ngx_stream_lua_ffi_ssl_raw_server_addr(ngx_stream_lua_request_t *r,
char **addr, size_t *addrlen, int *addrtype, char **err);
int ngx_stream_lua_ffi_ssl_server_port(ngx_stream_lua_request_t *r,
unsigned short *server_port, char **err);
int ngx_stream_lua_ffi_ssl_server_name(ngx_stream_lua_request_t *r,
char **name, size_t *namelen, char **err);
int ngx_stream_lua_ffi_ssl_raw_client_addr(ngx_stream_lua_request_t *r,
char **addr, size_t *addrlen, int *addrtype, char **err);
int ngx_stream_lua_ffi_cert_pem_to_der(const unsigned char *pem,
size_t pem_len, unsigned char *der, char **err);
int ngx_stream_lua_ffi_priv_key_pem_to_der(const unsigned char *pem,
size_t pem_len, unsigned char *der, char **err);
int ngx_stream_lua_ffi_ssl_get_tls1_version(ngx_stream_lua_request_t *r,
char **err);
void *ngx_stream_lua_ffi_parse_pem_cert(const unsigned char *pem,
size_t pem_len, char **err);
void *ngx_stream_lua_ffi_parse_pem_priv_key(const unsigned char *pem,
size_t pem_len, char **err);
int ngx_stream_lua_ffi_set_cert(void *r, void *cdata, char **err);
int ngx_stream_lua_ffi_set_priv_key(void *r, void *cdata, char **err);
void ngx_stream_lua_ffi_free_cert(void *cdata);
void ngx_stream_lua_ffi_free_priv_key(void *cdata);
int ngx_stream_lua_ffi_ssl_verify_client(void *r,
void *cdata, int depth, char **err);
]]
ngx_lua_ffi_ssl_set_der_certificate =
C.ngx_stream_lua_ffi_ssl_set_der_certificate
ngx_lua_ffi_ssl_clear_certs = C.ngx_stream_lua_ffi_ssl_clear_certs
ngx_lua_ffi_ssl_set_der_private_key =
C.ngx_stream_lua_ffi_ssl_set_der_private_key
ngx_lua_ffi_ssl_raw_server_addr = C.ngx_stream_lua_ffi_ssl_raw_server_addr
ngx_lua_ffi_ssl_server_port = C.ngx_stream_lua_ffi_ssl_server_port
ngx_lua_ffi_ssl_server_name = C.ngx_stream_lua_ffi_ssl_server_name
ngx_lua_ffi_ssl_raw_client_addr = C.ngx_stream_lua_ffi_ssl_raw_client_addr
ngx_lua_ffi_cert_pem_to_der = C.ngx_stream_lua_ffi_cert_pem_to_der
ngx_lua_ffi_priv_key_pem_to_der = C.ngx_stream_lua_ffi_priv_key_pem_to_der
ngx_lua_ffi_ssl_get_tls1_version = C.ngx_stream_lua_ffi_ssl_get_tls1_version
ngx_lua_ffi_parse_pem_cert = C.ngx_stream_lua_ffi_parse_pem_cert
ngx_lua_ffi_parse_pem_priv_key = C.ngx_stream_lua_ffi_parse_pem_priv_key
ngx_lua_ffi_set_cert = C.ngx_stream_lua_ffi_set_cert
ngx_lua_ffi_set_priv_key = C.ngx_stream_lua_ffi_set_priv_key
ngx_lua_ffi_free_cert = C.ngx_stream_lua_ffi_free_cert
ngx_lua_ffi_free_priv_key = C.ngx_stream_lua_ffi_free_priv_key
ngx_lua_ffi_ssl_verify_client = C.ngx_stream_lua_ffi_ssl_verify_client
end
local _M = { version = base.version }
local charpp = ffi.new("char*[1]")
local intp = ffi.new("int[1]")
local ushortp = ffi.new("unsigned short[1]")
function _M.clear_certs()
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_ssl_clear_certs(r, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
function _M.set_der_cert(data)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_ssl_set_der_certificate(r, data, #data, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
function _M.set_der_priv_key(data)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_ssl_set_der_private_key(r, data, #data, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
local addr_types = {
[0] = "unix",
[1] = "inet",
[2] = "inet6",
}
function _M.raw_server_addr()
local r = get_request()
if not r then
error("no request found")
end
local sizep = get_size_ptr()
local rc = ngx_lua_ffi_ssl_raw_server_addr(r, charpp, sizep, intp, errmsg)
if rc == FFI_OK then
local typ = addr_types[intp[0]]
if not typ then
return nil, nil, "unknown address type: " .. intp[0]
end
return ffi_str(charpp[0], sizep[0]), typ
end
return nil, nil, ffi_str(errmsg[0])
end
function _M.server_port()
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_ssl_server_port(r, ushortp, errmsg)
if rc == FFI_OK then
return ushortp[0]
end
return nil, ffi_str(errmsg[0])
end
function _M.server_name()
local r = get_request()
if not r then
error("no request found")
end
local sizep = get_size_ptr()
local rc = ngx_lua_ffi_ssl_server_name(r, charpp, sizep, errmsg)
if rc == FFI_OK then
return ffi_str(charpp[0], sizep[0])
end
if rc == FFI_DECLINED then
return nil
end
return nil, ffi_str(errmsg[0])
end
function _M.raw_client_addr()
local r = get_request()
if not r then
error("no request found")
end
local sizep = get_size_ptr()
local rc = ngx_lua_ffi_ssl_raw_client_addr(r, charpp, sizep, intp, errmsg)
if rc == FFI_OK then
local typ = addr_types[intp[0]]
if not typ then
return nil, nil, "unknown address type: " .. intp[0]
end
return ffi_str(charpp[0], sizep[0]), typ
end
return nil, nil, ffi_str(errmsg[0])
end
function _M.cert_pem_to_der(pem)
local outbuf = get_string_buf(#pem)
local sz = ngx_lua_ffi_cert_pem_to_der(pem, #pem, outbuf, errmsg)
if sz > 0 then
return ffi_str(outbuf, sz)
end
return nil, ffi_str(errmsg[0])
end
function _M.priv_key_pem_to_der(pem)
local outbuf = get_string_buf(#pem)
local sz = ngx_lua_ffi_priv_key_pem_to_der(pem, #pem, outbuf, errmsg)
if sz > 0 then
return ffi_str(outbuf, sz)
end
return nil, ffi_str(errmsg[0])
end
local function get_tls1_version()
local r = get_request()
if not r then
error("no request found")
end
local ver = ngx_lua_ffi_ssl_get_tls1_version(r, errmsg)
ver = tonumber(ver)
if ver >= 0 then
return ver
end
-- rc == FFI_ERROR
return nil, ffi_str(errmsg[0])
end
_M.get_tls1_version = get_tls1_version
function _M.parse_pem_cert(pem)
local cert = ngx_lua_ffi_parse_pem_cert(pem, #pem, errmsg)
if cert ~= nil then
return ffi_gc(cert, ngx_lua_ffi_free_cert)
end
return nil, ffi_str(errmsg[0])
end
function _M.parse_pem_priv_key(pem)
local pkey = ngx_lua_ffi_parse_pem_priv_key(pem, #pem, errmsg)
if pkey ~= nil then
return ffi_gc(pkey, ngx_lua_ffi_free_priv_key)
end
return nil, ffi_str(errmsg[0])
end
function _M.set_cert(cert)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_set_cert(r, cert, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
function _M.set_priv_key(priv_key)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_set_priv_key(r, priv_key, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
function _M.verify_client(ca_certs, depth)
local r = get_request()
if not r then
error("no request found")
end
if not depth then
depth = -1
end
local rc = ngx_lua_ffi_ssl_verify_client(r, ca_certs, depth, errmsg)
if rc == FFI_OK then
return true
end
return nil, ffi_str(errmsg[0])
end
do
_M.SSL3_VERSION = 0x0300
_M.TLS1_VERSION = 0x0301
_M.TLS1_1_VERSION = 0x0302
_M.TLS1_2_VERSION = 0x0303
_M.TLS1_3_VERSION = 0x0304
local map = {
[_M.SSL3_VERSION] = "SSLv3",
[_M.TLS1_VERSION] = "TLSv1",
[_M.TLS1_1_VERSION] = "TLSv1.1",
[_M.TLS1_2_VERSION] = "TLSv1.2",
[_M.TLS1_3_VERSION] = "TLSv1.3",
}
function _M.get_tls1_version_str()
local ver, err = get_tls1_version()
if not ver then
return nil, err
end
local ver_str = map[ver]
if not ver_str then
return nil, "unknown version"
end
return ver_str
end
end
return _M

583
deps/src/lua-resty-core/lib/ngx/ssl.md vendored Normal file
View File

@@ -0,0 +1,583 @@
Name
====
ngx.ssl - Lua API for controlling NGINX downstream SSL handshakes
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [clear_certs](#clear_certs)
* [cert_pem_to_der](#cert_pem_to_der)
* [set_der_cert](#set_der_cert)
* [priv_key_pem_to_der](#priv_key_pem_to_der)
* [set_der_priv_key](#set_der_priv_key)
* [server_name](#server_name)
* [server_port](#server_port)
* [raw_server_addr](#raw_server_addr)
* [raw_client_addr](#raw_client_addr)
* [get_tls1_version](#get_tls1_version)
* [get_tls1_version_str](#get_tls1_version_str)
* [parse_pem_cert](#parse_pem_cert)
* [parse_pem_priv_key](#parse_pem_priv_key)
* [set_cert](#set_cert)
* [set_priv_key](#set_priv_key)
* [verify_client](#verify_client)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is production ready.
Synopsis
========
```nginx
# Note: you do not need the following line if you are using
# OpenResty 1.9.7.2+.
lua_package_path "/path/to/lua-resty-core/lib/?.lua;;";
server {
listen 443 ssl;
server_name test.com;
# useless placeholders: just to shut up NGINX configuration
# loader errors:
ssl_certificate /path/to/fallback.crt;
ssl_certificate_key /path/to/fallback.key;
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
-- clear the fallback certificates and private keys
-- set by the ssl_certificate and ssl_certificate_key
-- directives above:
local ok, err = ssl.clear_certs()
if not ok then
ngx.log(ngx.ERR, "failed to clear existing (fallback) certificates")
return ngx.exit(ngx.ERROR)
end
-- assuming the user already defines the my_load_certificate_chain()
-- herself.
local pem_cert_chain = assert(my_load_certificate_chain())
local der_cert_chain, err = ssl.cert_pem_to_der(pem_cert_chain)
if not der_cert_chain then
ngx.log(ngx.ERR, "failed to convert certificate chain ",
"from PEM to DER: ", err)
return ngx.exit(ngx.ERROR)
end
local ok, err = ssl.set_der_cert(der_cert_chain)
if not ok then
ngx.log(ngx.ERR, "failed to set DER cert: ", err)
return ngx.exit(ngx.ERROR)
end
-- assuming the user already defines the my_load_private_key()
-- function herself.
local pem_pkey = assert(my_load_private_key())
local der_pkey, err = ssl.priv_key_pem_to_der(pem_pkey)
if not der_pkey then
ngx.log(ngx.ERR, "failed to convert private key ",
"from PEM to DER: ", err)
return ngx.exit(ngx.ERROR)
end
local ok, err = ssl.set_der_priv_key(der_pkey)
if not ok then
ngx.log(ngx.ERR, "failed to set DER private key: ", err)
return ngx.exit(ngx.ERROR)
end
}
location / {
root html;
}
}
```
Description
===========
This Lua module provides API functions to control the SSL handshake process in contexts like
[ssl_certificate_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_certificate_by_lua_block)
(of the [ngx_lua](https://github.com/openresty/lua-nginx-module#readme) module).
For web servers serving many (like millions of) https sites, it is often desired to lazily
load and cache the SSL certificate chain and private key data for the https sites actually
being served by a particular server. This Lua module provides API to support such use cases
in the context of the [ssl_certificate_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_certificate_by_lua_block)
directive.
To load the `ngx.ssl` module in Lua, just write
```lua
local ssl = require "ngx.ssl"
```
[Back to TOC](#table-of-contents)
Methods
=======
clear_certs
-----------
**syntax:** *ok, err = ssl.clear_certs()*
**context:** *ssl_certificate_by_lua&#42;*
Clears any existing SSL certificates and/or private keys set on the current SSL connection.
Returns `true` on success, or a `nil` value and a string describing the error otherwise.
[Back to TOC](#table-of-contents)
cert_pem_to_der
---------------
**syntax:** *der_cert_chain, err = ssl.cert_pem_to_der(pem_cert_chain)*
**context:** *any*
Converts the PEM-formatted SSL certificate chain data into the DER format (for later uses
in the [set_der_cert](#set_der_cert)
function, for example).
In case of failures, returns `nil` and a string describing the error.
It is known that the `openssl` command-line utility may not convert the whole SSL
certificate chain from PEM to DER correctly. So always use this Lua function to do
the conversion. You can always use libraries like [lua-resty-lrucache](https://github.com/openresty/lua-resty-lrucache#readme)
and/or ngx_lua APIs like [lua_shared_dict](https://github.com/openresty/lua-nginx-module#lua_shared_dict)
to do the caching of the DER-formatted results, for example.
This function can be called in any context.
[Back to TOC](#table-of-contents)
set_der_cert
------------
**syntax:** *ok, err = ssl.set_der_cert(der_cert_chain)*
**context:** *ssl_certificate_by_lua&#42;*
Sets the DER-formatted SSL certificate chain data for the current SSL connection. Note that
the DER data is
directly in the Lua string argument. *No* external file names are supported here.
Returns `true` on success, or a `nil` value and a string describing the error otherwise.
Note that, the SSL certificate chain is usually encoded in the PEM format. So you need
to use the [cert_pem_to_der](#cert_pem_to_der)
function to do the conversion first.
[Back to TOC](#table-of-contents)
priv_key_pem_to_der
-------------------
**syntax:** *der_priv_key, err = ssl.priv_key_pem_to_der(pem_priv_key)*
**context:** *any*
Converts the PEM-formatted SSL private key data into the DER format (for later uses
in the [set_der_priv_key](#set_der_priv_key)
function, for example).
In case of failures, returns `nil` and a string describing the error.
Alternatively, you can do the PEM to DER conversion *offline* with the `openssl` command-line utility, like below
```bash
openssl rsa -in key.pem -outform DER -out key.der
```
This function can be called in any context.
[Back to TOC](#table-of-contents)
set_der_priv_key
----------------
**syntax:** *ok, err = ssl.set_der_priv_key(der_priv_key)*
**context:** *ssl_certificate_by_lua&#42;*
Sets the DER-formatted prviate key for the current SSL connection.
Returns `true` on success, or a `nil` value and a string describing the error otherwise.
Usually, the private keys are encoded in the PEM format. You can either use the
[priv_key_pem_to_der](#priv_key_pem_to_der) function
to do the PEM to DER conversion or just use
the `openssl` command-line utility offline, like below
```bash
openssl rsa -in key.pem -outform DER -out key.der
```
[Back to TOC](#table-of-contents)
server_name
-----------
**syntax:** *name, err = ssl.server_name()*
**context:** *any*
Returns the TLS SNI (Server Name Indication) name set by the client. Returns `nil`
when the client does not set it.
In case of failures, it returns `nil` *and* a string describing the error.
Usually we use this SNI name as the domain name (like `www.openresty.org`) to
identify the current web site while loading the corresponding SSL certificate
chain and private key for the site.
Please note that not all https clients set the SNI name, so when the SNI name is
missing from the client handshake request, we use the server IP address accessed
by the client to identify the site. See the [raw_server_addr](#raw_server_addr) method
for more details.
This function can be called in any context where downstream https is used.
[Back to TOC](#table-of-contents)
server_port
-----------
**syntax:** port, err = ssl.server_port()
**context:** *any*
Returns the server port. Returns `nil`
when server dont have a port.
In case of failures, it returns `nil` *and* a string describing the error.
This function can be called in any context where downstream https is used.
[Back to TOC](#table-of-contents)
raw_server_addr
---------------
**syntax:** *addr_data, addr_type, err = ssl.raw_server_addr()*
**context:** *any*
Returns the raw server address actually accessed by the client in the current SSL connection.
The first two return values are strings representing the address data and the address type, respectively.
The address values are interpreted differently according to the address type values:
* `unix`
: The address data is a file path for the UNIX domain socket.
* `inet`
: The address data is a binary IPv4 address of 4 bytes long.
* `inet6`
: The address data is a binary IPv6 address of 16 bytes long.
Returns two `nil` values and a Lua string describing the error.
The following code snippet shows how to print out the UNIX domain socket address and
the IPv4 address as human-readable strings:
```lua
local ssl = require "ngx.ssl"
local byte = string.byte
local addr, addrtyp, err = ssl.raw_server_addr()
if not addr then
ngx.log(ngx.ERR, "failed to fetch raw server addr: ", err)
return
end
if addrtyp == "inet" then -- IPv4
ip = string.format("%d.%d.%d.%d", byte(addr, 1), byte(addr, 2),
byte(addr, 3), byte(addr, 4))
print("Using IPv4 address: ", ip)
elseif addrtyp == "unix" then -- UNIX
print("Using unix socket file ", addr)
else -- IPv6
-- leave as an exercise for the readers
end
```
This function can be called in any context where downstream https is used.
[Back to TOC](#table-of-contents)
raw_client_addr
---------------
**syntax:** *addr_data, addr_type, err = ssl.raw_client_addr()*
**context:** *any*
Returns the raw client address of the current SSL connection.
The first two return values are strings representing the address data and the address type, respectively.
The address values are interpreted differently according to the address type values:
* `unix`
: The address data is a file path for the UNIX domain socket.
* `inet`
: The address data is a binary IPv4 address of 4 bytes long.
* `inet6`
: The address data is a binary IPv6 address of 16 bytes long.
Returns two `nil` values and a Lua string describing the error.
The following code snippet shows how to print out the UNIX domain socket address and
the IPv4 address as human-readable strings:
```lua
local ssl = require "ngx.ssl"
local byte = string.byte
local addr, addrtyp, err = ssl.raw_client_addr()
if not addr then
ngx.log(ngx.ERR, "failed to fetch raw client addr: ", err)
return
end
if addrtyp == "inet" then -- IPv4
ip = string.format("%d.%d.%d.%d", byte(addr, 1), byte(addr, 2),
byte(addr, 3), byte(addr, 4))
print("Client IPv4 address: ", ip)
elseif addrtyp == "unix" then -- UNIX
print("Client unix socket file ", addr)
else -- IPv6
-- leave as an exercise for the readers
end
```
This function can be called in any context where downstream https is used.
This function was first introduced in lua-resty-core 0.1.14.
[Back to TOC](#table-of-contents)
get_tls1_version
----------------
**syntax:** *ver, err = ssl.get_tls1_version()*
**context:** *any*
Returns the TLS 1.x version number used by the current SSL connection. Returns `nil` and
a string describing the error otherwise.
Typical return values are:
* `0x0300`(SSLv3)
* `0x0301`(TLSv1)
* `0x0302`(TLSv1.1)
* `0x0303`(TLSv1.2)
* `0x0304`(TLSv1.3)
This function can be called in any context where downstream https is used.
[Back to TOC](#table-of-contents)
get_tls1_version_str
--------------------
**syntax:** *ver, err = ssl.get_tls1_version_str()*
**context:** *any*
Returns the TLS 1.x version string used by the current SSL connection. Returns `nil` and
a string describing the error otherwise.
If the TLS 1.x version number used by the current SSL connection is not
recognized, the return values will be `nil` and the string "unknown version".
Typical return values are:
* `SSLv3`
* `TLSv1`
* `TLSv1.1`
* `TLSv1.2`
* `TLSv1.3`
This function can be called in any context where downstream https is used.
[Back to TOC](#table-of-contents)
parse_pem_cert
--------------
**syntax:** *cert_chain, err = ssl.parse_pem_cert(pem_cert_chain)*
**context:** *any*
Converts the PEM-formated SSL certificate chain data into an opaque cdata pointer (for later uses
in the [set_cert](#set_cert)
function, for example).
In case of failures, returns `nil` and a string describing the error.
You can always use libraries like [lua-resty-lrucache](https://github.com/openresty/lua-resty-lrucache#readme)
to cache the cdata result.
This function can be called in any context.
This function was first added in version `0.1.7`.
[Back to TOC](#table-of-contents)
parse_pem_priv_key
------------------
**syntax:** *priv_key, err = ssl.parse_pem_priv_key(pem_priv_key)*
**context:** *any*
Converts the PEM-formatted SSL private key data into an opaque cdata pointer (for later uses
in the [set_priv_key](#set_priv_key)
function, for example).
In case of failures, returns `nil` and a string describing the error.
This function can be called in any context.
This function was first added in version `0.1.7`.
[Back to TOC](#table-of-contents)
set_cert
--------
**syntax:** *ok, err = ssl.set_cert(cert_chain)*
**context:** *ssl_certificate_by_lua&#42;*
Sets the SSL certificate chain opaque pointer returned by the
[parse_pem_cert](#parse_pem_cert) function for the current SSL connection.
Returns `true` on success, or a `nil` value and a string describing the error otherwise.
Note that this `set_cert` function will run slightly faster, in terms of CPU cycles wasted, than the
[set_der_cert](#set_der_cert) variant, since the first function uses opaque cdata pointers
which do not require any additional conversion needed to be performed by the SSL library during the SSL handshake.
This function was first added in version `0.1.7`.
[Back to TOC](#table-of-contents)
set_priv_key
------------
**syntax:** *ok, err = ssl.set_priv_key(priv_key)*
**context:** *ssl_certificate_by_lua&#42;*
Sets the SSL private key opaque pointer returned by the
[parse_pem_priv_key](#parse_pem_priv_key) function for the current SSL connection.
Returns `true` on success, or a `nil` value and a string describing the error otherwise.
Note that this `set_priv_key` function will run slightly faster, in terms of CPU cycles wasted, than the
[set_der_priv_key](#set_der_priv_key) variant, since the first function uses opaque cdata pointers
which do not require any additional conversion needed to be performed by the SSL library during the SSL handshake.
This function was first added in version `0.1.7`.
[Back to TOC](#table-of-contents)
verify_client
-------------
**syntax:** *ok, err = ssl.verify_client(ca_certs?, depth?)*
**context:** *ssl_certificate_by_lua&#42;*
Requires a client certificate during TLS handshake.
The `ca_certs` is the CA certificate chain opaque pointer returned by the
[parse_pem_cert](#parse_pem_cert) function for the current SSL connection.
The list of certificates will be sent to clients. Also, they will be added to trusted store.
If omitted, will not send any CA certificate to clients.
The `depth` is the verification depth in the client certificates chain.
If omitted, will use the value specified by `ssl_verify_depth`.
Returns `true` on success, or a `nil` value and a string describing the error otherwise.
Note that TLS is not terminated when verification fails. You need to examine Nginx variable `$ssl_client_verify`
later to determine next steps.
This function was first added in version `0.1.20`.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Yichun Zhang &lt;agentzh@gmail.com&gt; (agentzh), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2015-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* the [ngx.ocsp](ocsp.md) module.
* the [ssl_certificate_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_certificate_by_lua_block) directive.
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

109
deps/src/lua-resty-core/lib/ngx/ssl/session.lua vendored Normal file
View File

@@ -0,0 +1,109 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
base.allows_subsystem('http')
local ffi = require "ffi"
local C = ffi.C
local ffi_str = ffi.string
local get_request = base.get_request
local error = error
local errmsg = base.get_errmsg_ptr()
local get_string_buf = base.get_string_buf
local FFI_ERROR = base.FFI_ERROR
ffi.cdef[[
int ngx_http_lua_ffi_ssl_set_serialized_session(ngx_http_request_t *r,
const unsigned char *buf, int len, char **err);
int ngx_http_lua_ffi_ssl_get_serialized_session(ngx_http_request_t *r,
char *buf, char **err);
int ngx_http_lua_ffi_ssl_get_session_id(ngx_http_request_t *r,
char *buf, char **err);
int ngx_http_lua_ffi_ssl_get_serialized_session_size(ngx_http_request_t *r,
char **err);
int ngx_http_lua_ffi_ssl_get_session_id_size(ngx_http_request_t *r,
char **err);
]]
local _M = { version = base.version }
-- return session, err
function _M.get_serialized_session()
local r = get_request()
if not r then
error("no request found")
end
local len = C.ngx_http_lua_ffi_ssl_get_serialized_session_size(r, errmsg)
if len < 0 then
return nil, ffi_str(errmsg[0])
end
if len > 4096 then
return nil, "session too big to serialize"
end
local buf = get_string_buf(len)
local rc = C.ngx_http_lua_ffi_ssl_get_serialized_session(r, buf, errmsg)
if rc == FFI_ERROR then
return nil, ffi_str(errmsg[0])
end
return ffi_str(buf, len)
end
-- return session_id, err
function _M.get_session_id()
local r = get_request()
if not r then
error("no request found")
end
local len = C.ngx_http_lua_ffi_ssl_get_session_id_size(r, errmsg)
if len < 0 then
return nil, ffi_str(errmsg[0])
end
local buf = get_string_buf(len)
local rc = C.ngx_http_lua_ffi_ssl_get_session_id(r, buf, errmsg)
if rc == FFI_ERROR then
return nil, ffi_str(errmsg[0])
end
return ffi_str(buf, len)
end
-- return ok, err
function _M.set_serialized_session(sess)
local r = get_request()
if not r then
error("no request found")
end
local rc = C.ngx_http_lua_ffi_ssl_set_serialized_session(r, sess, #sess,
errmsg)
if rc == FFI_ERROR then
return nil, ffi_str(errmsg[0])
end
return true
end
return _M

277
deps/src/lua-resty-core/lib/ngx/ssl/session.md vendored Normal file
View File

@@ -0,0 +1,277 @@
Name
====
ngx.ssl.session - Lua API for manipulating SSL session data and IDs for NGINX downstream SSL connections.
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Synopsis](#synopsis)
* [Description](#description)
* [Methods](#methods)
* [get_session_id](#get_session_id)
* [get_serialized_session](#get_serialized_session)
* [set_serialized_session](#set_serialized_session)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
* [Bugs and Patches](#bugs-and-patches)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This Lua module is production ready.
Synopsis
========
```nginx
# nginx.conf
# Note: you do not need the following line if you are using
# OpenResty 1.11.2.1+.
lua_package_path "/path/to/lua-resty-core/lib/?.lua;;";
ssl_session_fetch_by_lua_block {
local ssl_sess = require "ngx.ssl.session"
local sess_id, err = ssl_sess.get_session_id()
if not sess_id then
ngx.log(ngx.ERR, "failed to get session ID: ", err)
-- considered a cache miss, and just return...
return
end
-- the user is supposed to implement the my_lookup_ssl_session_by_id
-- Lua function used below. She can look up an external memcached
-- or redis cluster, for example. And she can also introduce a local
-- cache layer at the same time...
local sess, err = my_lookup_ssl_session_by_id(sess_id)
if not sess then
if err then
ngx.log(ngx.ERR, "failed to look up the session by ID ",
sess_id, ": ", err)
return
end
-- cache miss...just return
return
end
local ok, err = ssl_sess.set_serialized_session(sess)
if not ok then
ngx.log(ngx.ERR, "failed to set SSL session for ID ", sess_id,
": ", err)
-- consider it as a cache miss...
return
end
-- done here, SSL session successfully set and should resume accordingly...
}
ssl_session_store_by_lua_block {
local ssl_sess = require "ngx.ssl.session"
local sess_id, err = ssl_sess.get_session_id()
if not sess_id then
ngx.log(ngx.ERR, "failed to get session ID: ", err)
-- just give up
return
end
local sess, err = ssl_sess.get_serialized_session()
if not sess then
ngx.log(ngx.ERR, "failed to get SSL session from the ",
"current connection: ", err)
-- just give up
return
end
-- for the best performance, we should avoid creating a closure
-- dynamically here on the hot code path. Instead, we should
-- put this function in one of our own Lua module files. this
-- example is just for demonstration purposes...
local function save_it(premature, sess_id, sess)
-- the user is supposed to implement the
-- my_save_ssl_session_by_id Lua function used below.
-- She can save to an external memcached
-- or redis cluster, for example. And she can also introduce
-- a local cache layer at the same time...
local sess, err = my_save_ssl_session_by_id(sess_id, sess)
if not sess then
if err then
ngx.log(ngx.ERR, "failed to save the session by ID ",
sess_id, ": ", err)
return ngx.exit(ngx.ERROR)
end
-- cache miss...just return
return
end
end
-- create a 0-delay timer here...
local ok, err = ngx.timer.at(0, save_it, sess_id, sess)
if not ok then
ngx.log(ngx.ERR, "failed to create a 0-delay timer: ", err)
return
end
}
server {
listen 443 ssl;
server_name test.com;
# well, we could configure ssl_certificate_by_lua* here as well...
ssl_certificate /path/to/server-cert.pem;
ssl_certificate_key /path/to/server-priv-key.pem;
}
```
Description
===========
This Lua module provides API functions for manipulating SSL session data and IDs for NGINX
downstream connections. It is mostly for the contexts [ssl_session_fetch_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_session_fetch_by_lua_block)
and [ssl_session_store_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_session_store_by_lua_block).
This Lua API can be used to implement distributed SSL session caching for downstream SSL connections, thus saving a lot of full SSL handshakes which are very expensive.
To load the `ngx.ssl.session` module in Lua, just write
```lua
local ssl_sess = require "ngx.ssl.session"
```
[Back to TOC](#table-of-contents)
Methods
=======
get_session_id
--------------
**syntax:** *id, err = ssl_sess.get_session_id()*
**context:** *ssl_session_fetch_by_lua&#42;, ssl_session_store_by_lua&#42;*
Fetches the SSL session ID associated with the current downstream SSL connection.
The ID is returned as a Lua string.
In case of errors, it returns `nil` and a string describing the error.
This API function is usually called in the contexts of
[ssl_session_store_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_session_store_by_lua_block)
and [ssl_session_fetch_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_session_fetch_by_lua_block).
[Back to TOC](#table-of-contents)
get_serialized_session
----------------------
**syntax:** *session, err = ssl_sess.get_serialized_session()*
**context:** *ssl_session_store_by_lua&#42;*
Returns the serialized form of the SSL session data of the current SSL connection, in a Lua string.
This session can be cached in [lua-resty-lrucache](https://github.com/openresty/lua-resty-lrucache), [lua_shared_dict](https://github.com/openresty/lua-nginx-module#lua_shared_dict),
and/or external data storage services like `memcached` and `redis`. The SSL session ID returned
by the [get_session_id](#get_session_id) function is usually used as the cache key.
The returned SSL session data can later be loaded into other SSL connections using the same
session ID via the [set_serialized_session](#set_serialized_session) function.
In case of errors, it returns `nil` and a string describing the error.
This API function is usually called in the context of
[ssl_session_store_by_lua*](https://github.com/openresty/lua-nginx-module#ssl_session_store_by_lua_block)
where the SSL handshake has just completed.
[Back to TOC](#table-of-contents)
set_serialized_session
----------------------
**syntax:** *ok, err = ssl_sess.set_serialized_session(session)*
**context:** *ssl_session_fetch_by_lua&#42;*
Sets the serialized SSL session provided as the argument to the current SSL connection.
If the SSL session is successfully set, the current SSL connection can resume the session
directly without going through the full SSL handshake process (which is very expensive in terms of CPU time).
This API is usually used in the context of [ssl_session_fetch_by_lua*](https://github.com/openresty/lua-nginx-module#ssl_session_fetch_by_lua_block)
when a cache hit is found with the current SSL session ID.
The serialized SSL session used as the argument should be originally returned by the
[get_serialized_session](#get_serialized_session) function.
[Back to TOC](#table-of-contents)
Community
=========
[Back to TOC](#table-of-contents)
English Mailing List
--------------------
The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
[Back to TOC](#table-of-contents)
Chinese Mailing List
--------------------
The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
[Back to TOC](#table-of-contents)
Bugs and Patches
================
Please report bugs or submit patches by
1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-resty-core/issues),
1. or posting to the [OpenResty community](#community).
[Back to TOC](#table-of-contents)
Author
======
Yichun Zhang &lt;agentzh@gmail.com&gt; (agentzh), OpenResty Inc.
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2016-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the ngx_lua module: https://github.com/openresty/lua-nginx-module
* the [ssl_session_fetch_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_session_fetch_by_lua_block) directive.
* the [ssl_session_store_by_lua*](https://github.com/openresty/lua-nginx-module/#ssl_session_store_by_lua_block) directive.
* the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
* OpenResty: https://openresty.org
[Back to TOC](#table-of-contents)

35
deps/src/lua-resty-core/lib/resty/core.lua vendored Normal file
View File

@@ -0,0 +1,35 @@
-- Copyright (C) Yichun Zhang (agentzh)
local subsystem = ngx.config.subsystem
require "resty.core.var"
require "resty.core.worker"
require "resty.core.regex"
require "resty.core.shdict"
require "resty.core.time"
require "resty.core.hash"
require "resty.core.uri"
require "resty.core.exit"
require "resty.core.base64"
require "resty.core.request"
if subsystem == 'http' then
require "resty.core.response"
require "resty.core.phase"
require "resty.core.ndk"
require "resty.core.socket"
end
require "resty.core.misc"
require "resty.core.ctx"
local base = require "resty.core.base"
return {
version = base.version
}

259
deps/src/lua-resty-core/lib/resty/core/base.lua vendored Normal file
View File

@@ -0,0 +1,259 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require 'ffi'
local ffi_new = ffi.new
local error = error
local select = select
local ceil = math.ceil
local subsystem = ngx.config.subsystem
local str_buf_size = 4096
local str_buf
local size_ptr
local FREE_LIST_REF = 0
if subsystem == 'http' then
local ngx_lua_v = ngx.config.ngx_lua_version
if not ngx.config
or not ngx.config.ngx_lua_version
or (ngx_lua_v ~= 10019 and ngx_lua_v ~= 10020)
then
error("ngx_http_lua_module 0.10.19 or 0.10.20 required")
end
elseif subsystem == 'stream' then
if not ngx.config
or not ngx.config.ngx_lua_version
or ngx.config.ngx_lua_version ~= 10
then
error("ngx_stream_lua_module 0.0.10 required")
end
else
error("ngx_http_lua_module 0.10.20 or "
.. "ngx_stream_lua_module 0.0.10 required")
end
if string.find(jit.version, " 2.0", 1, true) then
ngx.log(ngx.ALERT, "use of lua-resty-core with LuaJIT 2.0 is ",
"not recommended; use LuaJIT 2.1+ instead")
end
local ok, new_tab = pcall(require, "table.new")
if not ok then
new_tab = function (narr, nrec) return {} end
end
local clear_tab
ok, clear_tab = pcall(require, "table.clear")
if not ok then
local pairs = pairs
clear_tab = function (tab)
for k, _ in pairs(tab) do
tab[k] = nil
end
end
end
-- XXX for now LuaJIT 2.1 cannot compile require()
-- so we make the fast code path Lua only in our own
-- wrapper so that most of the require() calls in hot
-- Lua code paths can be JIT compiled.
do
local orig_require = require
local pkg_loaded = package.loaded
local function my_require(name)
local mod = pkg_loaded[name]
if mod then
return mod
end
return orig_require(name)
end
getfenv(0).require = my_require
end
if not pcall(ffi.typeof, "ngx_str_t") then
ffi.cdef[[
typedef struct {
size_t len;
const unsigned char *data;
} ngx_str_t;
]]
end
if subsystem == 'http' then
if not pcall(ffi.typeof, "ngx_http_request_t") then
ffi.cdef[[
typedef struct ngx_http_request_s ngx_http_request_t;
]]
end
if not pcall(ffi.typeof, "ngx_http_lua_ffi_str_t") then
ffi.cdef[[
typedef struct {
int len;
const unsigned char *data;
} ngx_http_lua_ffi_str_t;
]]
end
elseif subsystem == 'stream' then
if not pcall(ffi.typeof, "ngx_stream_lua_request_t") then
ffi.cdef[[
typedef struct ngx_stream_lua_request_s ngx_stream_lua_request_t;
]]
end
if not pcall(ffi.typeof, "ngx_stream_lua_ffi_str_t") then
ffi.cdef[[
typedef struct {
int len;
const unsigned char *data;
} ngx_stream_lua_ffi_str_t;
]]
end
else
error("unknown subsystem: " .. subsystem)
end
local c_buf_type = ffi.typeof("char[?]")
local _M = new_tab(0, 18)
_M.version = "0.1.22"
_M.new_tab = new_tab
_M.clear_tab = clear_tab
local errmsg
function _M.get_errmsg_ptr()
if not errmsg then
errmsg = ffi_new("char *[1]")
end
return errmsg
end
if not ngx then
error("no existing ngx. table found")
end
function _M.set_string_buf_size(size)
if size <= 0 then
return
end
if str_buf then
str_buf = nil
end
str_buf_size = ceil(size)
end
function _M.get_string_buf_size()
return str_buf_size
end
function _M.get_size_ptr()
if not size_ptr then
size_ptr = ffi_new("size_t[1]")
end
return size_ptr
end
function _M.get_string_buf(size, must_alloc)
-- ngx.log(ngx.ERR, "str buf size: ", str_buf_size)
if size > str_buf_size or must_alloc then
return ffi_new(c_buf_type, size)
end
if not str_buf then
str_buf = ffi_new(c_buf_type, str_buf_size)
end
return str_buf
end
function _M.ref_in_table(tb, key)
if key == nil then
return -1
end
local ref = tb[FREE_LIST_REF]
if ref and ref ~= 0 then
tb[FREE_LIST_REF] = tb[ref]
else
ref = #tb + 1
end
tb[ref] = key
-- print("ref key_id returned ", ref)
return ref
end
function _M.allows_subsystem(...)
local total = select("#", ...)
for i = 1, total do
if select(i, ...) == subsystem then
return
end
end
error("unsupported subsystem: " .. subsystem, 2)
end
_M.FFI_OK = 0
_M.FFI_NO_REQ_CTX = -100
_M.FFI_BAD_CONTEXT = -101
_M.FFI_ERROR = -1
_M.FFI_AGAIN = -2
_M.FFI_BUSY = -3
_M.FFI_DONE = -4
_M.FFI_DECLINED = -5
do
local exdata
ok, exdata = pcall(require, "thread.exdata")
if ok and exdata then
function _M.get_request()
local r = exdata()
if r ~= nil then
return r
end
end
else
local getfenv = getfenv
function _M.get_request()
return getfenv(0).__ngx_req
end
end
end
return _M

115
deps/src/lua-resty-core/lib/resty/core/base64.lua vendored Normal file
View File

@@ -0,0 +1,115 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local ffi_string = ffi.string
local ngx = ngx
local type = type
local error = error
local floor = math.floor
local tostring = tostring
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_encode_base64
local ngx_lua_ffi_decode_base64
if subsystem == "http" then
ffi.cdef[[
size_t ngx_http_lua_ffi_encode_base64(const unsigned char *src,
size_t len, unsigned char *dst,
int no_padding);
int ngx_http_lua_ffi_decode_base64(const unsigned char *src,
size_t len, unsigned char *dst,
size_t *dlen);
]]
ngx_lua_ffi_encode_base64 = C.ngx_http_lua_ffi_encode_base64
ngx_lua_ffi_decode_base64 = C.ngx_http_lua_ffi_decode_base64
elseif subsystem == "stream" then
ffi.cdef[[
size_t ngx_stream_lua_ffi_encode_base64(const unsigned char *src,
size_t len, unsigned char *dst,
int no_padding);
int ngx_stream_lua_ffi_decode_base64(const unsigned char *src,
size_t len, unsigned char *dst,
size_t *dlen);
]]
ngx_lua_ffi_encode_base64 = C.ngx_stream_lua_ffi_encode_base64
ngx_lua_ffi_decode_base64 = C.ngx_stream_lua_ffi_decode_base64
end
local function base64_encoded_length(len, no_padding)
return no_padding and floor((len * 8 + 5) / 6) or
floor((len + 2) / 3) * 4
end
ngx.encode_base64 = function (s, no_padding)
if type(s) ~= 'string' then
if not s then
s = ''
else
s = tostring(s)
end
end
local slen = #s
local no_padding_bool = false;
local no_padding_int = 0;
if no_padding then
if no_padding ~= true then
local typ = type(no_padding)
error("bad no_padding: boolean expected, got " .. typ, 2)
end
no_padding_bool = true
no_padding_int = 1;
end
local dlen = base64_encoded_length(slen, no_padding_bool)
local dst = get_string_buf(dlen)
local r_dlen = ngx_lua_ffi_encode_base64(s, slen, dst, no_padding_int)
-- if dlen ~= r_dlen then error("discrepancy in len") end
return ffi_string(dst, r_dlen)
end
local function base64_decoded_length(len)
return floor((len + 3) / 4) * 3
end
ngx.decode_base64 = function (s)
if type(s) ~= 'string' then
error("string argument only", 2)
end
local slen = #s
local dlen = base64_decoded_length(slen)
-- print("dlen: ", tonumber(dlen))
local dst = get_string_buf(dlen)
local pdlen = get_size_ptr()
local ok = ngx_lua_ffi_decode_base64(s, slen, dst, pdlen)
if ok == 0 then
return nil
end
return ffi_string(dst, pdlen[0])
end
return {
version = base.version
}

143
deps/src/lua-resty-core/lib/resty/core/ctx.lua vendored Normal file
View File

@@ -0,0 +1,143 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local debug = require "debug"
local base = require "resty.core.base"
local misc = require "resty.core.misc"
local C = ffi.C
local register_getter = misc.register_ngx_magic_key_getter
local register_setter = misc.register_ngx_magic_key_setter
local registry = debug.getregistry()
local new_tab = base.new_tab
local ref_in_table = base.ref_in_table
local get_request = base.get_request
local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX
local FFI_OK = base.FFI_OK
local error = error
local setmetatable = setmetatable
local type = type
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_get_ctx_ref
local ngx_lua_ffi_set_ctx_ref
if subsystem == "http" then
ffi.cdef[[
int ngx_http_lua_ffi_get_ctx_ref(ngx_http_request_t *r, int *in_ssl_phase,
int *ssl_ctx_ref);
int ngx_http_lua_ffi_set_ctx_ref(ngx_http_request_t *r, int ref);
]]
ngx_lua_ffi_get_ctx_ref = C.ngx_http_lua_ffi_get_ctx_ref
ngx_lua_ffi_set_ctx_ref = C.ngx_http_lua_ffi_set_ctx_ref
elseif subsystem == "stream" then
ffi.cdef[[
int ngx_stream_lua_ffi_get_ctx_ref(ngx_stream_lua_request_t *r,
int *in_ssl_phase, int *ssl_ctx_ref);
int ngx_stream_lua_ffi_set_ctx_ref(ngx_stream_lua_request_t *r, int ref);
]]
ngx_lua_ffi_get_ctx_ref = C.ngx_stream_lua_ffi_get_ctx_ref
ngx_lua_ffi_set_ctx_ref = C.ngx_stream_lua_ffi_set_ctx_ref
end
local _M = {
_VERSION = base.version
}
local get_ctx_table
do
local in_ssl_phase = ffi.new("int[1]")
local ssl_ctx_ref = ffi.new("int[1]")
function get_ctx_table(ctx)
local r = get_request()
if not r then
error("no request found")
end
local ctx_ref = ngx_lua_ffi_get_ctx_ref(r, in_ssl_phase, ssl_ctx_ref)
if ctx_ref == FFI_NO_REQ_CTX then
error("no request ctx found")
end
local ctxs = registry.ngx_lua_ctx_tables
if ctx_ref < 0 then
ctx_ref = ssl_ctx_ref[0]
if ctx_ref > 0 and ctxs[ctx_ref] then
if in_ssl_phase[0] ~= 0 then
return ctxs[ctx_ref]
end
if not ctx then
ctx = new_tab(0, 4)
end
ctx = setmetatable(ctx, ctxs[ctx_ref])
else
if in_ssl_phase[0] ~= 0 then
if not ctx then
ctx = new_tab(1, 4)
end
-- to avoid creating another table, we assume the users
-- won't overwrite the `__index` key
ctx.__index = ctx
elseif not ctx then
ctx = new_tab(0, 4)
end
end
ctx_ref = ref_in_table(ctxs, ctx)
if ngx_lua_ffi_set_ctx_ref(r, ctx_ref) ~= FFI_OK then
return nil
end
return ctx
end
return ctxs[ctx_ref]
end
end
register_getter("ctx", get_ctx_table)
_M.get_ctx_table = get_ctx_table
local function set_ctx_table(ctx)
local ctx_type = type(ctx)
if ctx_type ~= "table" then
error("ctx should be a table while getting a " .. ctx_type)
end
local r = get_request()
if not r then
error("no request found")
end
local ctx_ref = ngx_lua_ffi_get_ctx_ref(r, nil, nil)
if ctx_ref == FFI_NO_REQ_CTX then
error("no request ctx found")
end
local ctxs = registry.ngx_lua_ctx_tables
if ctx_ref < 0 then
ctx_ref = ref_in_table(ctxs, ctx)
ngx_lua_ffi_set_ctx_ref(r, ctx_ref)
return
end
ctxs[ctx_ref] = ctx
end
register_setter("ctx", set_ctx_table)
return _M

66
deps/src/lua-resty-core/lib/resty/core/exit.lua vendored Normal file
View File

@@ -0,0 +1,66 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local ffi_string = ffi.string
local ngx = ngx
local error = error
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local get_request = base.get_request
local co_yield = coroutine._yield
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_exit
if subsystem == "http" then
ffi.cdef[[
int ngx_http_lua_ffi_exit(ngx_http_request_t *r, int status,
unsigned char *err, size_t *errlen);
]]
ngx_lua_ffi_exit = C.ngx_http_lua_ffi_exit
elseif subsystem == "stream" then
ffi.cdef[[
int ngx_stream_lua_ffi_exit(ngx_stream_lua_request_t *r, int status,
unsigned char *err, size_t *errlen);
]]
ngx_lua_ffi_exit = C.ngx_stream_lua_ffi_exit
end
local ERR_BUF_SIZE = 128
local FFI_DONE = base.FFI_DONE
ngx.exit = function (rc)
local err = get_string_buf(ERR_BUF_SIZE)
local errlen = get_size_ptr()
local r = get_request()
if r == nil then
error("no request found")
end
errlen[0] = ERR_BUF_SIZE
rc = ngx_lua_ffi_exit(r, rc, err, errlen)
if rc == 0 then
-- print("yielding...")
return co_yield()
end
if rc == FFI_DONE then
return
end
error(ffi_string(err, errlen[0]), 2)
end
return {
version = base.version
}

154
deps/src/lua-resty-core/lib/resty/core/hash.lua vendored Normal file
View File

@@ -0,0 +1,154 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local ffi_new = ffi.new
local ffi_string = ffi.string
local ngx = ngx
local type = type
local error = error
local tostring = tostring
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_md5
local ngx_lua_ffi_md5_bin
local ngx_lua_ffi_sha1_bin
local ngx_lua_ffi_crc32_long
local ngx_lua_ffi_crc32_short
if subsystem == "http" then
ffi.cdef[[
void ngx_http_lua_ffi_md5_bin(const unsigned char *src, size_t len,
unsigned char *dst);
void ngx_http_lua_ffi_md5(const unsigned char *src, size_t len,
unsigned char *dst);
int ngx_http_lua_ffi_sha1_bin(const unsigned char *src, size_t len,
unsigned char *dst);
unsigned int ngx_http_lua_ffi_crc32_long(const unsigned char *src,
size_t len);
unsigned int ngx_http_lua_ffi_crc32_short(const unsigned char *src,
size_t len);
]]
ngx_lua_ffi_md5 = C.ngx_http_lua_ffi_md5
ngx_lua_ffi_md5_bin = C.ngx_http_lua_ffi_md5_bin
ngx_lua_ffi_sha1_bin = C.ngx_http_lua_ffi_sha1_bin
ngx_lua_ffi_crc32_short = C.ngx_http_lua_ffi_crc32_short
ngx_lua_ffi_crc32_long = C.ngx_http_lua_ffi_crc32_long
elseif subsystem == "stream" then
ffi.cdef[[
void ngx_stream_lua_ffi_md5_bin(const unsigned char *src, size_t len,
unsigned char *dst);
void ngx_stream_lua_ffi_md5(const unsigned char *src, size_t len,
unsigned char *dst);
int ngx_stream_lua_ffi_sha1_bin(const unsigned char *src, size_t len,
unsigned char *dst);
unsigned int ngx_stream_lua_ffi_crc32_long(const unsigned char *src,
size_t len);
unsigned int ngx_stream_lua_ffi_crc32_short(const unsigned char *src,
size_t len);
]]
ngx_lua_ffi_md5 = C.ngx_stream_lua_ffi_md5
ngx_lua_ffi_md5_bin = C.ngx_stream_lua_ffi_md5_bin
ngx_lua_ffi_sha1_bin = C.ngx_stream_lua_ffi_sha1_bin
ngx_lua_ffi_crc32_short = C.ngx_stream_lua_ffi_crc32_short
ngx_lua_ffi_crc32_long = C.ngx_stream_lua_ffi_crc32_long
end
local MD5_DIGEST_LEN = 16
local md5_buf = ffi_new("unsigned char[?]", MD5_DIGEST_LEN)
ngx.md5_bin = function (s)
if type(s) ~= 'string' then
if not s then
s = ''
else
s = tostring(s)
end
end
ngx_lua_ffi_md5_bin(s, #s, md5_buf)
return ffi_string(md5_buf, MD5_DIGEST_LEN)
end
local MD5_HEX_DIGEST_LEN = MD5_DIGEST_LEN * 2
local md5_hex_buf = ffi_new("unsigned char[?]", MD5_HEX_DIGEST_LEN)
ngx.md5 = function (s)
if type(s) ~= 'string' then
if not s then
s = ''
else
s = tostring(s)
end
end
ngx_lua_ffi_md5(s, #s, md5_hex_buf)
return ffi_string(md5_hex_buf, MD5_HEX_DIGEST_LEN)
end
local SHA_DIGEST_LEN = 20
local sha_buf = ffi_new("unsigned char[?]", SHA_DIGEST_LEN)
ngx.sha1_bin = function (s)
if type(s) ~= 'string' then
if not s then
s = ''
else
s = tostring(s)
end
end
local ok = ngx_lua_ffi_sha1_bin(s, #s, sha_buf)
if ok == 0 then
error("SHA-1 support missing in Nginx")
end
return ffi_string(sha_buf, SHA_DIGEST_LEN)
end
ngx.crc32_short = function (s)
if type(s) ~= "string" then
if not s then
s = ""
else
s = tostring(s)
end
end
return ngx_lua_ffi_crc32_short(s, #s)
end
ngx.crc32_long = function (s)
if type(s) ~= "string" then
if not s then
s = ""
else
s = tostring(s)
end
end
return ngx_lua_ffi_crc32_long(s, #s)
end
return {
version = base.version
}

240
deps/src/lua-resty-core/lib/resty/core/misc.lua vendored Normal file
View File

@@ -0,0 +1,240 @@
-- Copyright (C) Yichun Zhang (agentzh)
local base = require "resty.core.base"
local ffi = require "ffi"
local os = require "os"
local C = ffi.C
local ffi_new = ffi.new
local ffi_str = ffi.string
local ngx = ngx
local type = type
local error = error
local rawget = rawget
local rawset = rawset
local tonumber = tonumber
local setmetatable = setmetatable
local FFI_OK = base.FFI_OK
local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX
local FFI_BAD_CONTEXT = base.FFI_BAD_CONTEXT
local new_tab = base.new_tab
local get_request = base.get_request
local get_size_ptr = base.get_size_ptr
local get_string_buf = base.get_string_buf
local get_string_buf_size = base.get_string_buf_size
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_get_resp_status
local ngx_lua_ffi_get_conf_env
local ngx_magic_key_getters
local ngx_magic_key_setters
local _M = new_tab(0, 3)
local ngx_mt = new_tab(0, 2)
if subsystem == "http" then
ngx_magic_key_getters = new_tab(0, 4)
ngx_magic_key_setters = new_tab(0, 2)
elseif subsystem == "stream" then
ngx_magic_key_getters = new_tab(0, 2)
ngx_magic_key_setters = new_tab(0, 1)
end
local function register_getter(key, func)
ngx_magic_key_getters[key] = func
end
_M.register_ngx_magic_key_getter = register_getter
local function register_setter(key, func)
ngx_magic_key_setters[key] = func
end
_M.register_ngx_magic_key_setter = register_setter
ngx_mt.__index = function (tb, key)
local f = ngx_magic_key_getters[key]
if f then
return f()
end
return rawget(tb, key)
end
ngx_mt.__newindex = function (tb, key, ctx)
local f = ngx_magic_key_setters[key]
if f then
return f(ctx)
end
return rawset(tb, key, ctx)
end
setmetatable(ngx, ngx_mt)
if subsystem == "http" then
ffi.cdef[[
int ngx_http_lua_ffi_get_resp_status(ngx_http_request_t *r);
int ngx_http_lua_ffi_set_resp_status(ngx_http_request_t *r, int r);
int ngx_http_lua_ffi_is_subrequest(ngx_http_request_t *r);
int ngx_http_lua_ffi_headers_sent(ngx_http_request_t *r);
int ngx_http_lua_ffi_get_conf_env(const unsigned char *name,
unsigned char **env_buf,
size_t *name_len);
]]
ngx_lua_ffi_get_resp_status = C.ngx_http_lua_ffi_get_resp_status
ngx_lua_ffi_get_conf_env = C.ngx_http_lua_ffi_get_conf_env
-- ngx.status
local function set_status(status)
local r = get_request()
if not r then
error("no request found")
end
if type(status) ~= 'number' then
status = tonumber(status)
end
local rc = C.ngx_http_lua_ffi_set_resp_status(r, status)
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
return
end
register_setter("status", set_status)
-- ngx.is_subrequest
local function is_subreq()
local r = get_request()
if not r then
error("no request found")
end
local rc = C.ngx_http_lua_ffi_is_subrequest(r)
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
return rc == 1
end
register_getter("is_subrequest", is_subreq)
-- ngx.headers_sent
local function headers_sent()
local r = get_request()
if not r then
error("no request found")
end
local rc = C.ngx_http_lua_ffi_headers_sent(r)
if rc == FFI_NO_REQ_CTX then
error("no request ctx found")
end
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
return rc == 1
end
register_getter("headers_sent", headers_sent)
elseif subsystem == "stream" then
ffi.cdef[[
int ngx_stream_lua_ffi_get_resp_status(ngx_stream_lua_request_t *r);
int ngx_stream_lua_ffi_get_conf_env(const unsigned char *name,
unsigned char **env_buf,
size_t *name_len);
]]
ngx_lua_ffi_get_resp_status = C.ngx_stream_lua_ffi_get_resp_status
ngx_lua_ffi_get_conf_env = C.ngx_stream_lua_ffi_get_conf_env
end
-- ngx.status
local function get_status()
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_get_resp_status(r)
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
return rc
end
register_getter("status", get_status)
do
local _getenv = os.getenv
local env_ptr = ffi_new("unsigned char *[1]")
os.getenv = function (name)
local r = get_request()
if r then
-- past init_by_lua* phase now
os.getenv = _getenv
env_ptr = nil
return os.getenv(name)
end
local size = get_string_buf_size()
env_ptr[0] = get_string_buf(size)
local name_len_ptr = get_size_ptr()
local rc = ngx_lua_ffi_get_conf_env(name, env_ptr, name_len_ptr)
if rc == FFI_OK then
return ffi_str(env_ptr[0] + name_len_ptr[0] + 1)
end
-- FFI_DECLINED
local value = _getenv(name)
if value ~= nil then
return value
end
return nil
end
end
_M._VERSION = base.version
return _M

92
deps/src/lua-resty-core/lib/resty/core/ndk.lua vendored Normal file
View File

@@ -0,0 +1,92 @@
-- Copyright (C) by OpenResty Inc.
local ffi = require 'ffi'
local base = require "resty.core.base"
base.allows_subsystem('http')
local C = ffi.C
local ffi_cast = ffi.cast
local ffi_new = ffi.new
local ffi_str = ffi.string
local FFI_OK = base.FFI_OK
local new_tab = base.new_tab
local get_string_buf = base.get_string_buf
local get_request = base.get_request
local setmetatable = setmetatable
local type = type
local tostring = tostring
local error = error
local _M = {
version = base.version
}
ffi.cdef[[
typedef void * ndk_set_var_value_pt;
int ngx_http_lua_ffi_ndk_lookup_directive(const unsigned char *var_data,
size_t var_len, ndk_set_var_value_pt *func);
int ngx_http_lua_ffi_ndk_set_var_get(ngx_http_request_t *r,
ndk_set_var_value_pt func, const unsigned char *arg_data, size_t arg_len,
ngx_http_lua_ffi_str_t *value);
]]
local func_p = ffi_new("void*[1]")
local ffi_str_size = ffi.sizeof("ngx_http_lua_ffi_str_t")
local ffi_str_type = ffi.typeof("ngx_http_lua_ffi_str_t*")
local function ndk_set_var_get(self, var)
if type(var) ~= "string" then
var = tostring(var)
end
if C.ngx_http_lua_ffi_ndk_lookup_directive(var, #var, func_p) ~= FFI_OK then
error('ndk.set_var: directive "' .. var
.. '" not found or does not use ndk_set_var_value', 2)
end
local func = func_p[0]
return function (arg)
local r = get_request()
if not r then
error("no request found")
end
if type(arg) ~= "string" then
arg = tostring(arg)
end
local buf = get_string_buf(ffi_str_size)
local value = ffi_cast(ffi_str_type, buf)
local rc = C.ngx_http_lua_ffi_ndk_set_var_get(r, func, arg, #arg, value)
if rc ~= FFI_OK then
error("calling directive " .. var .. " failed with code " .. rc, 2)
end
return ffi_str(value.data, value.len)
end
end
local function ndk_set_var_set()
error("not allowed", 2)
end
if ndk then
local mt = new_tab(0, 2)
mt.__newindex = ndk_set_var_set
mt.__index = ndk_set_var_get
ndk.set_var = setmetatable(new_tab(0, 0), mt)
end
return _M

59
deps/src/lua-resty-core/lib/resty/core/phase.lua vendored Normal file
View File

@@ -0,0 +1,59 @@
local ffi = require 'ffi'
local base = require "resty.core.base"
local C = ffi.C
local FFI_ERROR = base.FFI_ERROR
local get_request = base.get_request
local error = error
local tostring = tostring
ffi.cdef[[
int ngx_http_lua_ffi_get_phase(ngx_http_request_t *r, char **err)
]]
local errmsg = base.get_errmsg_ptr()
local context_names = {
[0x0001] = "set",
[0x0002] = "rewrite",
[0x0004] = "access",
[0x0008] = "content",
[0x0010] = "log",
[0x0020] = "header_filter",
[0x0040] = "body_filter",
[0x0080] = "timer",
[0x0100] = "init_worker",
[0x0200] = "balancer",
[0x0400] = "ssl_cert",
[0x0800] = "ssl_session_store",
[0x1000] = "ssl_session_fetch",
[0x2000] = "exit_worker",
}
function ngx.get_phase()
local r = get_request()
-- if we have no request object, assume we are called from the "init" phase
if not r then
return "init"
end
local context = C.ngx_http_lua_ffi_get_phase(r, errmsg)
if context == FFI_ERROR then -- NGX_ERROR
error(errmsg, 2)
end
local phase = context_names[context]
if not phase then
error("unknown phase: " .. tostring(context))
end
return phase
end
return {
version = base.version
}

1213
deps/src/lua-resty-core/lib/resty/core/regex.lua vendored Normal file
View File

File diff suppressed because it is too large Load Diff

451
deps/src/lua-resty-core/lib/resty/core/request.lua vendored Normal file
View File

@@ -0,0 +1,451 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require 'ffi'
local base = require "resty.core.base"
local utils = require "resty.core.utils"
local subsystem = ngx.config.subsystem
local FFI_BAD_CONTEXT = base.FFI_BAD_CONTEXT
local FFI_DECLINED = base.FFI_DECLINED
local FFI_OK = base.FFI_OK
local new_tab = base.new_tab
local C = ffi.C
local ffi_cast = ffi.cast
local ffi_new = ffi.new
local ffi_str = ffi.string
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local setmetatable = setmetatable
local lower = string.lower
local rawget = rawget
local ngx = ngx
local get_request = base.get_request
local type = type
local error = error
local tostring = tostring
local tonumber = tonumber
local str_replace_char = utils.str_replace_char
local _M = {
version = base.version
}
local ngx_lua_ffi_req_start_time
if subsystem == "stream" then
ffi.cdef[[
double ngx_stream_lua_ffi_req_start_time(ngx_stream_lua_request_t *r);
]]
ngx_lua_ffi_req_start_time = C.ngx_stream_lua_ffi_req_start_time
elseif subsystem == "http" then
ffi.cdef[[
double ngx_http_lua_ffi_req_start_time(ngx_http_request_t *r);
]]
ngx_lua_ffi_req_start_time = C.ngx_http_lua_ffi_req_start_time
end
function ngx.req.start_time()
local r = get_request()
if not r then
error("no request found")
end
return tonumber(ngx_lua_ffi_req_start_time(r))
end
if subsystem == "stream" then
return _M
end
local errmsg = base.get_errmsg_ptr()
local ffi_str_type = ffi.typeof("ngx_http_lua_ffi_str_t*")
local ffi_str_size = ffi.sizeof("ngx_http_lua_ffi_str_t")
ffi.cdef[[
typedef struct {
ngx_http_lua_ffi_str_t key;
ngx_http_lua_ffi_str_t value;
} ngx_http_lua_ffi_table_elt_t;
int ngx_http_lua_ffi_req_get_headers_count(ngx_http_request_t *r,
int max, int *truncated);
int ngx_http_lua_ffi_req_get_headers(ngx_http_request_t *r,
ngx_http_lua_ffi_table_elt_t *out, int count, int raw);
int ngx_http_lua_ffi_req_get_uri_args_count(ngx_http_request_t *r,
int max, int *truncated);
size_t ngx_http_lua_ffi_req_get_querystring_len(ngx_http_request_t *r);
int ngx_http_lua_ffi_req_get_uri_args(ngx_http_request_t *r,
unsigned char *buf, ngx_http_lua_ffi_table_elt_t *out, int count);
int ngx_http_lua_ffi_req_get_method(ngx_http_request_t *r);
int ngx_http_lua_ffi_req_get_method_name(ngx_http_request_t *r,
unsigned char **name, size_t *len);
int ngx_http_lua_ffi_req_set_method(ngx_http_request_t *r, int method);
int ngx_http_lua_ffi_req_set_header(ngx_http_request_t *r,
const unsigned char *key, size_t key_len, const unsigned char *value,
size_t value_len, ngx_http_lua_ffi_str_t *mvals, size_t mvals_len,
int override, char **errmsg);
]]
local table_elt_type = ffi.typeof("ngx_http_lua_ffi_table_elt_t*")
local table_elt_size = ffi.sizeof("ngx_http_lua_ffi_table_elt_t")
local truncated = ffi.new("int[1]")
local req_headers_mt = {
__index = function (tb, key)
return rawget(tb, (str_replace_char(lower(key), '_', '-')))
end
}
function ngx.req.get_headers(max_headers, raw)
local r = get_request()
if not r then
error("no request found")
end
if not max_headers then
max_headers = -1
end
if not raw then
raw = 0
else
raw = 1
end
local n = C.ngx_http_lua_ffi_req_get_headers_count(r, max_headers,
truncated)
if n == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
if n == 0 then
local headers = {}
if raw == 0 then
headers = setmetatable(headers, req_headers_mt)
end
return headers
end
local raw_buf = get_string_buf(n * table_elt_size)
local buf = ffi_cast(table_elt_type, raw_buf)
local rc = C.ngx_http_lua_ffi_req_get_headers(r, buf, n, raw)
if rc == 0 then
local headers = new_tab(0, n)
for i = 0, n - 1 do
local h = buf[i]
local key = h.key
key = ffi_str(key.data, key.len)
local value = h.value
value = ffi_str(value.data, value.len)
local existing = headers[key]
if existing then
if type(existing) == "table" then
existing[#existing + 1] = value
else
headers[key] = {existing, value}
end
else
headers[key] = value
end
end
if raw == 0 then
headers = setmetatable(headers, req_headers_mt)
end
if truncated[0] ~= 0 then
return headers, "truncated"
end
return headers
end
return nil
end
function ngx.req.get_uri_args(max_args)
local r = get_request()
if not r then
error("no request found")
end
if not max_args then
max_args = -1
end
local n = C.ngx_http_lua_ffi_req_get_uri_args_count(r, max_args, truncated)
if n == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
if n == 0 then
return {}
end
local args_len = C.ngx_http_lua_ffi_req_get_querystring_len(r)
local strbuf = get_string_buf(args_len + n * table_elt_size)
local kvbuf = ffi_cast(table_elt_type, strbuf + args_len)
local nargs = C.ngx_http_lua_ffi_req_get_uri_args(r, strbuf, kvbuf, n)
local args = new_tab(0, nargs)
for i = 0, nargs - 1 do
local arg = kvbuf[i]
local key = arg.key
key = ffi_str(key.data, key.len)
local value = arg.value
local len = value.len
if len == -1 then
value = true
else
value = ffi_str(value.data, len)
end
local existing = args[key]
if existing then
if type(existing) == "table" then
existing[#existing + 1] = value
else
args[key] = {existing, value}
end
else
args[key] = value
end
end
if truncated[0] ~= 0 then
return args, "truncated"
end
return args
end
do
local methods = {
[0x0002] = "GET",
[0x0004] = "HEAD",
[0x0008] = "POST",
[0x0010] = "PUT",
[0x0020] = "DELETE",
[0x0040] = "MKCOL",
[0x0080] = "COPY",
[0x0100] = "MOVE",
[0x0200] = "OPTIONS",
[0x0400] = "PROPFIND",
[0x0800] = "PROPPATCH",
[0x1000] = "LOCK",
[0x2000] = "UNLOCK",
[0x4000] = "PATCH",
[0x8000] = "TRACE",
}
local namep = ffi_new("unsigned char *[1]")
function ngx.req.get_method()
local r = get_request()
if not r then
error("no request found")
end
do
local id = C.ngx_http_lua_ffi_req_get_method(r)
if id == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
local method = methods[id]
if method then
return method
end
end
local sizep = get_size_ptr()
local rc = C.ngx_http_lua_ffi_req_get_method_name(r, namep, sizep)
if rc ~= 0 then
return nil
end
return ffi_str(namep[0], sizep[0])
end
end -- do
function ngx.req.set_method(method)
local r = get_request()
if not r then
error("no request found")
end
if type(method) ~= "number" then
error("bad method number", 2)
end
local rc = C.ngx_http_lua_ffi_req_set_method(r, method)
if rc == FFI_OK then
return
end
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
if rc == FFI_DECLINED then
error("unsupported HTTP method: " .. method, 2)
end
error("unknown error: " .. rc)
end
do
local function set_req_header(name, value, override)
local r = get_request()
if not r then
error("no request found", 3)
end
if name == nil then
error("bad 'name' argument: string expected, got nil", 3)
end
if type(name) ~= "string" then
name = tostring(name)
end
local rc
if value == nil then
if not override then
error("bad 'value' argument: string or table expected, got nil",
3)
end
rc = C.ngx_http_lua_ffi_req_set_header(r, name, #name, nil, 0, nil,
0, 1, errmsg)
else
local sval, sval_len, mvals, mvals_len, buf
local value_type = type(value)
if value_type == "table" then
mvals_len = #value
if mvals_len == 0 and not override then
error("bad 'value' argument: non-empty table expected", 3)
end
buf = get_string_buf(ffi_str_size * mvals_len)
mvals = ffi_cast(ffi_str_type, buf)
for i = 1, mvals_len do
local s = value[i]
if type(s) ~= "string" then
s = tostring(s)
value[i] = s
end
local str = mvals[i - 1]
str.data = s
str.len = #s
end
sval_len = 0
else
if value_type ~= "string" then
sval = tostring(value)
else
sval = value
end
sval_len = #sval
mvals_len = 0
end
rc = C.ngx_http_lua_ffi_req_set_header(r, name, #name, sval,
sval_len, mvals, mvals_len,
override and 1 or 0, errmsg)
end
if rc == FFI_OK or rc == FFI_DECLINED then
return
end
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 3)
end
-- rc == FFI_ERROR
error(ffi_str(errmsg[0]))
end
_M.set_req_header = set_req_header
function ngx.req.set_header(name, value)
set_req_header(name, value, true) -- override
end
end -- do
function ngx.req.clear_header(name)
local r = get_request()
if not r then
error("no request found")
end
if type(name) ~= "string" then
name = tostring(name)
end
local rc = C.ngx_http_lua_ffi_req_set_header(r, name, #name, nil, 0, nil, 0,
1, errmsg)
if rc == FFI_OK or rc == FFI_DECLINED then
return
end
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
-- rc == FFI_ERROR
error(ffi_str(errmsg[0]))
end
return _M

183
deps/src/lua-resty-core/lib/resty/core/response.lua vendored Normal file
View File

@@ -0,0 +1,183 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require 'ffi'
local base = require "resty.core.base"
local C = ffi.C
local ffi_cast = ffi.cast
local ffi_str = ffi.string
local new_tab = base.new_tab
local FFI_BAD_CONTEXT = base.FFI_BAD_CONTEXT
local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX
local FFI_DECLINED = base.FFI_DECLINED
local get_string_buf = base.get_string_buf
local setmetatable = setmetatable
local type = type
local tostring = tostring
local get_request = base.get_request
local error = error
local ngx = ngx
local _M = {
version = base.version
}
local MAX_HEADER_VALUES = 100
local errmsg = base.get_errmsg_ptr()
local ffi_str_type = ffi.typeof("ngx_http_lua_ffi_str_t*")
local ffi_str_size = ffi.sizeof("ngx_http_lua_ffi_str_t")
ffi.cdef[[
int ngx_http_lua_ffi_set_resp_header(ngx_http_request_t *r,
const char *key_data, size_t key_len, int is_nil,
const char *sval, size_t sval_len, ngx_http_lua_ffi_str_t *mvals,
size_t mvals_len, int override, char **errmsg);
int ngx_http_lua_ffi_get_resp_header(ngx_http_request_t *r,
const unsigned char *key, size_t key_len,
unsigned char *key_buf, ngx_http_lua_ffi_str_t *values,
int max_nvalues, char **errmsg);
]]
local function set_resp_header(tb, key, value, no_override)
local r = get_request()
if not r then
error("no request found")
end
if type(key) ~= "string" then
key = tostring(key)
end
local rc
if value == nil then
if no_override then
error("invalid header value", 3)
end
rc = C.ngx_http_lua_ffi_set_resp_header(r, key, #key, true, nil, 0, nil,
0, 1, errmsg)
else
local sval, sval_len, mvals, mvals_len, buf
if type(value) == "table" then
mvals_len = #value
if mvals_len == 0 and no_override then
return
end
buf = get_string_buf(ffi_str_size * mvals_len)
mvals = ffi_cast(ffi_str_type, buf)
for i = 1, mvals_len do
local s = value[i]
if type(s) ~= "string" then
s = tostring(s)
value[i] = s
end
local str = mvals[i - 1]
str.data = s
str.len = #s
end
sval_len = 0
else
if type(value) ~= "string" then
sval = tostring(value)
else
sval = value
end
sval_len = #sval
mvals_len = 0
end
local override_int = no_override and 0 or 1
rc = C.ngx_http_lua_ffi_set_resp_header(r, key, #key, false, sval,
sval_len, mvals, mvals_len,
override_int, errmsg)
end
if rc == 0 or rc == FFI_DECLINED then
return
end
if rc == FFI_NO_REQ_CTX then
error("no request ctx found")
end
if rc == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
-- rc == FFI_ERROR
error(ffi_str(errmsg[0]), 2)
end
_M.set_resp_header = set_resp_header
local function get_resp_header(tb, key)
local r = get_request()
if not r then
error("no request found")
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
local key_buf = get_string_buf(key_len + ffi_str_size * MAX_HEADER_VALUES)
local values = ffi_cast(ffi_str_type, key_buf + key_len)
local n = C.ngx_http_lua_ffi_get_resp_header(r, key, key_len, key_buf,
values, MAX_HEADER_VALUES,
errmsg)
-- print("retval: ", n)
if n == FFI_BAD_CONTEXT then
error("API disabled in the current context", 2)
end
if n == 0 then
return nil
end
if n == 1 then
local v = values[0]
return ffi_str(v.data, v.len)
end
if n > 0 then
local ret = new_tab(n, 0)
for i = 1, n do
local v = values[i - 1]
ret[i] = ffi_str(v.data, v.len)
end
return ret
end
-- n == FFI_ERROR
error(ffi_str(errmsg[0]), 2)
end
do
local mt = new_tab(0, 2)
mt.__newindex = set_resp_header
mt.__index = get_resp_header
ngx.header = setmetatable(new_tab(0, 0), mt)
end
return _M

638
deps/src/lua-resty-core/lib/resty/core/shdict.lua vendored Normal file
View File

@@ -0,0 +1,638 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require 'ffi'
local base = require "resty.core.base"
local _M = {
version = base.version
}
local ngx_shared = ngx.shared
if not ngx_shared then
return _M
end
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local get_string_buf = base.get_string_buf
local get_string_buf_size = base.get_string_buf_size
local get_size_ptr = base.get_size_ptr
local tonumber = tonumber
local tostring = tostring
local next = next
local type = type
local error = error
local getmetatable = getmetatable
local FFI_DECLINED = base.FFI_DECLINED
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_shdict_get
local ngx_lua_ffi_shdict_incr
local ngx_lua_ffi_shdict_store
local ngx_lua_ffi_shdict_flush_all
local ngx_lua_ffi_shdict_get_ttl
local ngx_lua_ffi_shdict_set_expire
local ngx_lua_ffi_shdict_capacity
local ngx_lua_ffi_shdict_free_space
local ngx_lua_ffi_shdict_udata_to_zone
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_shdict_get(void *zone, const unsigned char *key,
size_t key_len, int *value_type, unsigned char **str_value_buf,
size_t *str_value_len, double *num_value, int *user_flags,
int get_stale, int *is_stale, char **errmsg);
int ngx_http_lua_ffi_shdict_incr(void *zone, const unsigned char *key,
size_t key_len, double *value, char **err, int has_init,
double init, long init_ttl, int *forcible);
int ngx_http_lua_ffi_shdict_store(void *zone, int op,
const unsigned char *key, size_t key_len, int value_type,
const unsigned char *str_value_buf, size_t str_value_len,
double num_value, long exptime, int user_flags, char **errmsg,
int *forcible);
int ngx_http_lua_ffi_shdict_flush_all(void *zone);
long ngx_http_lua_ffi_shdict_get_ttl(void *zone,
const unsigned char *key, size_t key_len);
int ngx_http_lua_ffi_shdict_set_expire(void *zone,
const unsigned char *key, size_t key_len, long exptime);
size_t ngx_http_lua_ffi_shdict_capacity(void *zone);
void *ngx_http_lua_ffi_shdict_udata_to_zone(void *zone_udata);
]]
ngx_lua_ffi_shdict_get = C.ngx_http_lua_ffi_shdict_get
ngx_lua_ffi_shdict_incr = C.ngx_http_lua_ffi_shdict_incr
ngx_lua_ffi_shdict_store = C.ngx_http_lua_ffi_shdict_store
ngx_lua_ffi_shdict_flush_all = C.ngx_http_lua_ffi_shdict_flush_all
ngx_lua_ffi_shdict_get_ttl = C.ngx_http_lua_ffi_shdict_get_ttl
ngx_lua_ffi_shdict_set_expire = C.ngx_http_lua_ffi_shdict_set_expire
ngx_lua_ffi_shdict_capacity = C.ngx_http_lua_ffi_shdict_capacity
ngx_lua_ffi_shdict_udata_to_zone =
C.ngx_http_lua_ffi_shdict_udata_to_zone
if not pcall(function ()
return C.ngx_http_lua_ffi_shdict_free_space
end)
then
ffi.cdef[[
size_t ngx_http_lua_ffi_shdict_free_space(void *zone);
]]
end
pcall(function ()
ngx_lua_ffi_shdict_free_space = C.ngx_http_lua_ffi_shdict_free_space
end)
elseif subsystem == 'stream' then
ffi.cdef[[
int ngx_stream_lua_ffi_shdict_get(void *zone, const unsigned char *key,
size_t key_len, int *value_type, unsigned char **str_value_buf,
size_t *str_value_len, double *num_value, int *user_flags,
int get_stale, int *is_stale, char **errmsg);
int ngx_stream_lua_ffi_shdict_incr(void *zone, const unsigned char *key,
size_t key_len, double *value, char **err, int has_init,
double init, long init_ttl, int *forcible);
int ngx_stream_lua_ffi_shdict_store(void *zone, int op,
const unsigned char *key, size_t key_len, int value_type,
const unsigned char *str_value_buf, size_t str_value_len,
double num_value, long exptime, int user_flags, char **errmsg,
int *forcible);
int ngx_stream_lua_ffi_shdict_flush_all(void *zone);
long ngx_stream_lua_ffi_shdict_get_ttl(void *zone,
const unsigned char *key, size_t key_len);
int ngx_stream_lua_ffi_shdict_set_expire(void *zone,
const unsigned char *key, size_t key_len, long exptime);
size_t ngx_stream_lua_ffi_shdict_capacity(void *zone);
void *ngx_stream_lua_ffi_shdict_udata_to_zone(void *zone_udata);
]]
ngx_lua_ffi_shdict_get = C.ngx_stream_lua_ffi_shdict_get
ngx_lua_ffi_shdict_incr = C.ngx_stream_lua_ffi_shdict_incr
ngx_lua_ffi_shdict_store = C.ngx_stream_lua_ffi_shdict_store
ngx_lua_ffi_shdict_flush_all = C.ngx_stream_lua_ffi_shdict_flush_all
ngx_lua_ffi_shdict_get_ttl = C.ngx_stream_lua_ffi_shdict_get_ttl
ngx_lua_ffi_shdict_set_expire = C.ngx_stream_lua_ffi_shdict_set_expire
ngx_lua_ffi_shdict_capacity = C.ngx_stream_lua_ffi_shdict_capacity
ngx_lua_ffi_shdict_udata_to_zone =
C.ngx_stream_lua_ffi_shdict_udata_to_zone
if not pcall(function ()
return C.ngx_stream_lua_ffi_shdict_free_space
end)
then
ffi.cdef[[
size_t ngx_stream_lua_ffi_shdict_free_space(void *zone);
]]
end
-- ngx_stream_lua is only compatible with NGINX >= 1.13.6, meaning it
-- cannot lack support for ngx_stream_lua_ffi_shdict_free_space.
ngx_lua_ffi_shdict_free_space = C.ngx_stream_lua_ffi_shdict_free_space
else
error("unknown subsystem: " .. subsystem)
end
if not pcall(function () return C.free end) then
ffi.cdef[[
void free(void *ptr);
]]
end
local value_type = ffi_new("int[1]")
local user_flags = ffi_new("int[1]")
local num_value = ffi_new("double[1]")
local is_stale = ffi_new("int[1]")
local forcible = ffi_new("int[1]")
local str_value_buf = ffi_new("unsigned char *[1]")
local errmsg = base.get_errmsg_ptr()
local function check_zone(zone)
if not zone or type(zone) ~= "table" then
error("bad \"zone\" argument", 3)
end
zone = zone[1]
if type(zone) ~= "userdata" then
error("bad \"zone\" argument", 3)
end
zone = ngx_lua_ffi_shdict_udata_to_zone(zone)
if zone == nil then
error("bad \"zone\" argument", 3)
end
return zone
end
local function shdict_store(zone, op, key, value, exptime, flags)
zone = check_zone(zone)
if not exptime then
exptime = 0
elseif exptime < 0 then
error('bad "exptime" argument', 2)
end
if not flags then
flags = 0
end
if key == nil then
return nil, "nil key"
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
if key_len == 0 then
return nil, "empty key"
end
if key_len > 65535 then
return nil, "key too long"
end
local str_val_buf
local str_val_len = 0
local num_val = 0
local valtyp = type(value)
-- print("value type: ", valtyp)
-- print("exptime: ", exptime)
if valtyp == "string" then
valtyp = 4 -- LUA_TSTRING
str_val_buf = value
str_val_len = #value
elseif valtyp == "number" then
valtyp = 3 -- LUA_TNUMBER
num_val = value
elseif value == nil then
valtyp = 0 -- LUA_TNIL
elseif valtyp == "boolean" then
valtyp = 1 -- LUA_TBOOLEAN
num_val = value and 1 or 0
else
return nil, "bad value type"
end
local rc = ngx_lua_ffi_shdict_store(zone, op, key, key_len,
valtyp, str_val_buf,
str_val_len, num_val,
exptime * 1000, flags, errmsg,
forcible)
-- print("rc == ", rc)
if rc == 0 then -- NGX_OK
return true, nil, forcible[0] == 1
end
-- NGX_DECLINED or NGX_ERROR
return false, ffi_str(errmsg[0]), forcible[0] == 1
end
local function shdict_set(zone, key, value, exptime, flags)
return shdict_store(zone, 0, key, value, exptime, flags)
end
local function shdict_safe_set(zone, key, value, exptime, flags)
return shdict_store(zone, 0x0004, key, value, exptime, flags)
end
local function shdict_add(zone, key, value, exptime, flags)
return shdict_store(zone, 0x0001, key, value, exptime, flags)
end
local function shdict_safe_add(zone, key, value, exptime, flags)
return shdict_store(zone, 0x0005, key, value, exptime, flags)
end
local function shdict_replace(zone, key, value, exptime, flags)
return shdict_store(zone, 0x0002, key, value, exptime, flags)
end
local function shdict_delete(zone, key)
return shdict_set(zone, key, nil)
end
local function shdict_get(zone, key)
zone = check_zone(zone)
if key == nil then
return nil, "nil key"
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
if key_len == 0 then
return nil, "empty key"
end
if key_len > 65535 then
return nil, "key too long"
end
local size = get_string_buf_size()
local buf = get_string_buf(size)
str_value_buf[0] = buf
local value_len = get_size_ptr()
value_len[0] = size
local rc = ngx_lua_ffi_shdict_get(zone, key, key_len, value_type,
str_value_buf, value_len,
num_value, user_flags, 0,
is_stale, errmsg)
if rc ~= 0 then
if errmsg[0] ~= nil then
return nil, ffi_str(errmsg[0])
end
error("failed to get the key")
end
local typ = value_type[0]
if typ == 0 then -- LUA_TNIL
return nil
end
local flags = tonumber(user_flags[0])
local val
if typ == 4 then -- LUA_TSTRING
if str_value_buf[0] ~= buf then
-- ngx.say("len: ", tonumber(value_len[0]))
buf = str_value_buf[0]
val = ffi_str(buf, value_len[0])
C.free(buf)
else
val = ffi_str(buf, value_len[0])
end
elseif typ == 3 then -- LUA_TNUMBER
val = tonumber(num_value[0])
elseif typ == 1 then -- LUA_TBOOLEAN
val = (tonumber(buf[0]) ~= 0)
else
error("unknown value type: " .. typ)
end
if flags ~= 0 then
return val, flags
end
return val
end
local function shdict_get_stale(zone, key)
zone = check_zone(zone)
if key == nil then
return nil, "nil key"
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
if key_len == 0 then
return nil, "empty key"
end
if key_len > 65535 then
return nil, "key too long"
end
local size = get_string_buf_size()
local buf = get_string_buf(size)
str_value_buf[0] = buf
local value_len = get_size_ptr()
value_len[0] = size
local rc = ngx_lua_ffi_shdict_get(zone, key, key_len, value_type,
str_value_buf, value_len,
num_value, user_flags, 1,
is_stale, errmsg)
if rc ~= 0 then
if errmsg[0] ~= nil then
return nil, ffi_str(errmsg[0])
end
error("failed to get the key")
end
local typ = value_type[0]
if typ == 0 then -- LUA_TNIL
return nil
end
local flags = tonumber(user_flags[0])
local val
if typ == 4 then -- LUA_TSTRING
if str_value_buf[0] ~= buf then
-- ngx.say("len: ", tonumber(value_len[0]))
buf = str_value_buf[0]
val = ffi_str(buf, value_len[0])
C.free(buf)
else
val = ffi_str(buf, value_len[0])
end
elseif typ == 3 then -- LUA_TNUMBER
val = tonumber(num_value[0])
elseif typ == 1 then -- LUA_TBOOLEAN
val = (tonumber(buf[0]) ~= 0)
else
error("unknown value type: " .. typ)
end
if flags ~= 0 then
return val, flags, is_stale[0] == 1
end
return val, nil, is_stale[0] == 1
end
local function shdict_incr(zone, key, value, init, init_ttl)
zone = check_zone(zone)
if key == nil then
return nil, "nil key"
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
if key_len == 0 then
return nil, "empty key"
end
if key_len > 65535 then
return nil, "key too long"
end
if type(value) ~= "number" then
value = tonumber(value)
end
num_value[0] = value
if init then
local typ = type(init)
if typ ~= "number" then
init = tonumber(init)
if not init then
error("bad init arg: number expected, got " .. typ, 2)
end
end
end
if init_ttl ~= nil then
local typ = type(init_ttl)
if typ ~= "number" then
init_ttl = tonumber(init_ttl)
if not init_ttl then
error("bad init_ttl arg: number expected, got " .. typ, 2)
end
end
if init_ttl < 0 then
error('bad "init_ttl" argument', 2)
end
if not init then
error('must provide "init" when providing "init_ttl"', 2)
end
else
init_ttl = 0
end
local rc = ngx_lua_ffi_shdict_incr(zone, key, key_len, num_value,
errmsg, init and 1 or 0,
init or 0, init_ttl * 1000,
forcible)
if rc ~= 0 then -- ~= NGX_OK
return nil, ffi_str(errmsg[0])
end
if not init then
return tonumber(num_value[0])
end
return tonumber(num_value[0]), nil, forcible[0] == 1
end
local function shdict_flush_all(zone)
zone = check_zone(zone)
ngx_lua_ffi_shdict_flush_all(zone)
end
local function shdict_ttl(zone, key)
zone = check_zone(zone)
if key == nil then
return nil, "nil key"
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
if key_len == 0 then
return nil, "empty key"
end
if key_len > 65535 then
return nil, "key too long"
end
local rc = ngx_lua_ffi_shdict_get_ttl(zone, key, key_len)
if rc == FFI_DECLINED then
return nil, "not found"
end
return tonumber(rc) / 1000
end
local function shdict_expire(zone, key, exptime)
zone = check_zone(zone)
if not exptime then
error('bad "exptime" argument', 2)
end
if key == nil then
return nil, "nil key"
end
if type(key) ~= "string" then
key = tostring(key)
end
local key_len = #key
if key_len == 0 then
return nil, "empty key"
end
if key_len > 65535 then
return nil, "key too long"
end
local rc = ngx_lua_ffi_shdict_set_expire(zone, key, key_len,
exptime * 1000)
if rc == FFI_DECLINED then
return nil, "not found"
end
-- NGINX_OK/FFI_OK
return true
end
local function shdict_capacity(zone)
zone = check_zone(zone)
return tonumber(ngx_lua_ffi_shdict_capacity(zone))
end
local shdict_free_space
if ngx_lua_ffi_shdict_free_space then
shdict_free_space = function (zone)
zone = check_zone(zone)
return tonumber(ngx_lua_ffi_shdict_free_space(zone))
end
else
shdict_free_space = function ()
error("'shm:free_space()' not supported in NGINX < 1.11.7", 2)
end
end
local _, dict = next(ngx_shared, nil)
if dict then
local mt = getmetatable(dict)
if mt then
mt = mt.__index
if mt then
mt.get = shdict_get
mt.get_stale = shdict_get_stale
mt.incr = shdict_incr
mt.set = shdict_set
mt.safe_set = shdict_safe_set
mt.add = shdict_add
mt.safe_add = shdict_safe_add
mt.replace = shdict_replace
mt.delete = shdict_delete
mt.flush_all = shdict_flush_all
mt.ttl = shdict_ttl
mt.expire = shdict_expire
mt.capacity = shdict_capacity
mt.free_space = shdict_free_space
end
end
end
return _M

124
deps/src/lua-resty-core/lib/resty/core/socket.lua vendored Normal file
View File

@@ -0,0 +1,124 @@
local base = require "resty.core.base"
base.allows_subsystem('http')
local debug = require 'debug'
local ffi = require 'ffi'
local error = error
local tonumber = tonumber
local registry = debug.getregistry()
local ffi_new = ffi.new
local ffi_string = ffi.string
local C = ffi.C
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local tostring = tostring
local option_index = {
["keepalive"] = 1,
["reuseaddr"] = 2,
["tcp-nodelay"] = 3,
["sndbuf"] = 4,
["rcvbuf"] = 5,
}
ffi.cdef[[
typedef struct ngx_http_lua_socket_tcp_upstream_s
ngx_http_lua_socket_tcp_upstream_t;
int
ngx_http_lua_ffi_socket_tcp_getoption(ngx_http_lua_socket_tcp_upstream_t *u,
int opt, int *val, unsigned char *err, size_t *errlen);
int
ngx_http_lua_ffi_socket_tcp_setoption(ngx_http_lua_socket_tcp_upstream_t *u,
int opt, int val, unsigned char *err, size_t *errlen);
]]
local output_value_buf = ffi_new("int[1]")
local FFI_OK = base.FFI_OK
local SOCKET_CTX_INDEX = 1
local ERR_BUF_SIZE = 4096
local function get_tcp_socket(cosocket)
local tcp_socket = cosocket[SOCKET_CTX_INDEX]
if not tcp_socket then
error("socket is never created nor connected")
end
return tcp_socket
end
local function getoption(cosocket, option)
local tcp_socket = get_tcp_socket(cosocket)
if option == nil then
return nil, 'missing the "option" argument'
end
if option_index[option] == nil then
return nil, "unsupported option " .. tostring(option)
end
local err = get_string_buf(ERR_BUF_SIZE)
local errlen = get_size_ptr()
errlen[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_socket_tcp_getoption(tcp_socket,
option_index[option],
output_value_buf,
err,
errlen)
if rc ~= FFI_OK then
return nil, ffi_string(err, errlen[0])
end
return tonumber(output_value_buf[0])
end
local function setoption(cosocket, option, value)
local tcp_socket = get_tcp_socket(cosocket)
if option == nil then
return nil, 'missing the "option" argument'
end
if value == nil then
return nil, 'missing the "value" argument'
end
if option_index[option] == nil then
return nil, "unsupported option " .. tostring(option)
end
local err = get_string_buf(ERR_BUF_SIZE)
local errlen = get_size_ptr()
errlen[0] = ERR_BUF_SIZE
local rc = C.ngx_http_lua_ffi_socket_tcp_setoption(tcp_socket,
option_index[option],
value,
err,
errlen)
if rc ~= FFI_OK then
return nil, ffi_string(err, errlen[0])
end
return true
end
do
local method_table = registry.__tcp_cosocket_mt
method_table.getoption = getoption
method_table.setoption = setoption
end
return { version = base.version }

159
deps/src/lua-resty-core/lib/resty/core/time.lua vendored Normal file
View File

@@ -0,0 +1,159 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require 'ffi'
local base = require "resty.core.base"
local error = error
local tonumber = tonumber
local type = type
local C = ffi.C
local ffi_new = ffi.new
local ffi_str = ffi.string
local time_val = ffi_new("long[1]")
local get_string_buf = base.get_string_buf
local ngx = ngx
local FFI_ERROR = base.FFI_ERROR
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_now
local ngx_lua_ffi_time
local ngx_lua_ffi_today
local ngx_lua_ffi_localtime
local ngx_lua_ffi_utctime
local ngx_lua_ffi_update_time
if subsystem == 'http' then
ffi.cdef[[
double ngx_http_lua_ffi_now(void);
long ngx_http_lua_ffi_time(void);
void ngx_http_lua_ffi_today(unsigned char *buf);
void ngx_http_lua_ffi_localtime(unsigned char *buf);
void ngx_http_lua_ffi_utctime(unsigned char *buf);
void ngx_http_lua_ffi_update_time(void);
int ngx_http_lua_ffi_cookie_time(unsigned char *buf, long t);
void ngx_http_lua_ffi_http_time(unsigned char *buf, long t);
void ngx_http_lua_ffi_parse_http_time(const unsigned char *str, size_t len,
long *time);
]]
ngx_lua_ffi_now = C.ngx_http_lua_ffi_now
ngx_lua_ffi_time = C.ngx_http_lua_ffi_time
ngx_lua_ffi_today = C.ngx_http_lua_ffi_today
ngx_lua_ffi_localtime = C.ngx_http_lua_ffi_localtime
ngx_lua_ffi_utctime = C.ngx_http_lua_ffi_utctime
ngx_lua_ffi_update_time = C.ngx_http_lua_ffi_update_time
elseif subsystem == 'stream' then
ffi.cdef[[
double ngx_stream_lua_ffi_now(void);
long ngx_stream_lua_ffi_time(void);
void ngx_stream_lua_ffi_today(unsigned char *buf);
void ngx_stream_lua_ffi_localtime(unsigned char *buf);
void ngx_stream_lua_ffi_utctime(unsigned char *buf);
void ngx_stream_lua_ffi_update_time(void);
]]
ngx_lua_ffi_now = C.ngx_stream_lua_ffi_now
ngx_lua_ffi_time = C.ngx_stream_lua_ffi_time
ngx_lua_ffi_today = C.ngx_stream_lua_ffi_today
ngx_lua_ffi_localtime = C.ngx_stream_lua_ffi_localtime
ngx_lua_ffi_utctime = C.ngx_stream_lua_ffi_utctime
ngx_lua_ffi_update_time = C.ngx_stream_lua_ffi_update_time
end
function ngx.now()
return tonumber(ngx_lua_ffi_now())
end
function ngx.time()
return tonumber(ngx_lua_ffi_time())
end
function ngx.update_time()
ngx_lua_ffi_update_time()
end
function ngx.today()
-- the format of today is 2010-11-19
local today_buf_size = 10
local buf = get_string_buf(today_buf_size)
ngx_lua_ffi_today(buf)
return ffi_str(buf, today_buf_size)
end
function ngx.localtime()
-- the format of localtime is 2010-11-19 20:56:31
local localtime_buf_size = 19
local buf = get_string_buf(localtime_buf_size)
ngx_lua_ffi_localtime(buf)
return ffi_str(buf, localtime_buf_size)
end
function ngx.utctime()
-- the format of utctime is 2010-11-19 20:56:31
local utctime_buf_size = 19
local buf = get_string_buf(utctime_buf_size)
ngx_lua_ffi_utctime(buf)
return ffi_str(buf, utctime_buf_size)
end
if subsystem == 'http' then
function ngx.cookie_time(sec)
if type(sec) ~= "number" then
error("number argument only", 2)
end
-- the format of cookie time is Mon, 28-Sep-2038 06:00:00 GMT
-- or Mon, 28-Sep-18 06:00:00 GMT
local cookie_time_buf_size = 29
local buf = get_string_buf(cookie_time_buf_size)
local used_size = C.ngx_http_lua_ffi_cookie_time(buf, sec)
return ffi_str(buf, used_size)
end
function ngx.http_time(sec)
if type(sec) ~= "number" then
error("number argument only", 2)
end
-- the format of http time is Mon, 28 Sep 1970 06:00:00 GMT
local http_time_buf_size = 29
local buf = get_string_buf(http_time_buf_size)
C.ngx_http_lua_ffi_http_time(buf, sec)
return ffi_str(buf, http_time_buf_size)
end
function ngx.parse_http_time(time_str)
if type(time_str) ~= "string" then
error("string argument only", 2)
end
C.ngx_http_lua_ffi_parse_http_time(time_str, #time_str, time_val)
local res = time_val[0]
if res == FFI_ERROR then
return nil
end
return tonumber(res)
end
end
return {
version = base.version
}

115
deps/src/lua-resty-core/lib/resty/core/uri.lua vendored Normal file
View File

@@ -0,0 +1,115 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local ffi_string = ffi.string
local ngx = ngx
local type = type
local error = error
local tostring = tostring
local get_string_buf = base.get_string_buf
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_escape_uri
local ngx_lua_ffi_unescape_uri
local ngx_lua_ffi_uri_escaped_length
local NGX_ESCAPE_URI = 0
local NGX_ESCAPE_URI_COMPONENT = 2
local NGX_ESCAPE_MAIL_AUTH = 6
if subsystem == "http" then
ffi.cdef[[
size_t ngx_http_lua_ffi_uri_escaped_length(const unsigned char *src,
size_t len, int type);
void ngx_http_lua_ffi_escape_uri(const unsigned char *src, size_t len,
unsigned char *dst, int type);
size_t ngx_http_lua_ffi_unescape_uri(const unsigned char *src,
size_t len, unsigned char *dst);
]]
ngx_lua_ffi_escape_uri = C.ngx_http_lua_ffi_escape_uri
ngx_lua_ffi_unescape_uri = C.ngx_http_lua_ffi_unescape_uri
ngx_lua_ffi_uri_escaped_length = C.ngx_http_lua_ffi_uri_escaped_length
elseif subsystem == "stream" then
ffi.cdef[[
size_t ngx_stream_lua_ffi_uri_escaped_length(const unsigned char *src,
size_t len, int type);
void ngx_stream_lua_ffi_escape_uri(const unsigned char *src, size_t len,
unsigned char *dst, int type);
size_t ngx_stream_lua_ffi_unescape_uri(const unsigned char *src,
size_t len, unsigned char *dst);
]]
ngx_lua_ffi_escape_uri = C.ngx_stream_lua_ffi_escape_uri
ngx_lua_ffi_unescape_uri = C.ngx_stream_lua_ffi_unescape_uri
ngx_lua_ffi_uri_escaped_length = C.ngx_stream_lua_ffi_uri_escaped_length
end
ngx.escape_uri = function (s, esc_type)
if type(s) ~= 'string' then
if not s then
s = ''
else
s = tostring(s)
end
end
if esc_type == nil then
esc_type = NGX_ESCAPE_URI_COMPONENT
else
if type(esc_type) ~= 'number' then
error("\"type\" is not a number", 3)
end
if esc_type < NGX_ESCAPE_URI or esc_type > NGX_ESCAPE_MAIL_AUTH then
error("\"type\" " .. esc_type .. " out of range", 3)
end
end
local slen = #s
local dlen = ngx_lua_ffi_uri_escaped_length(s, slen, esc_type)
-- print("dlen: ", tonumber(dlen))
if dlen == slen then
return s
end
local dst = get_string_buf(dlen)
ngx_lua_ffi_escape_uri(s, slen, dst, esc_type)
return ffi_string(dst, dlen)
end
ngx.unescape_uri = function (s)
if type(s) ~= 'string' then
if not s then
s = ''
else
s = tostring(s)
end
end
local slen = #s
local dlen = slen
local dst = get_string_buf(dlen)
dlen = ngx_lua_ffi_unescape_uri(s, slen, dst)
return ffi_string(dst, dlen)
end
return {
version = base.version,
}

46
deps/src/lua-resty-core/lib/resty/core/utils.lua vendored Normal file
View File

@@ -0,0 +1,46 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local ffi_str = ffi.string
local ffi_copy = ffi.copy
local byte = string.byte
local str_find = string.find
local get_string_buf = base.get_string_buf
local subsystem = ngx.config.subsystem
local _M = {
version = base.version
}
if subsystem == "http" then
ffi.cdef[[
void ngx_http_lua_ffi_str_replace_char(unsigned char *buf, size_t len,
const unsigned char find, const unsigned char replace);
]]
function _M.str_replace_char(str, find, replace)
if not str_find(str, find, nil, true) then
return str
end
local len = #str
local buf = get_string_buf(len)
ffi_copy(buf, str, len)
C.ngx_http_lua_ffi_str_replace_char(buf, len, byte(find),
byte(replace))
return ffi_str(buf, len)
end
end
return _M

160
deps/src/lua-resty-core/lib/resty/core/var.lua vendored Normal file
View File

@@ -0,0 +1,160 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local ffi_new = ffi.new
local ffi_str = ffi.string
local type = type
local error = error
local tostring = tostring
local setmetatable = setmetatable
local get_request = base.get_request
local get_string_buf = base.get_string_buf
local get_size_ptr = base.get_size_ptr
local new_tab = base.new_tab
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_var_get
local ngx_lua_ffi_var_set
local ERR_BUF_SIZE = 256
ngx.var = new_tab(0, 0)
if subsystem == "http" then
ffi.cdef[[
int ngx_http_lua_ffi_var_get(ngx_http_request_t *r,
const char *name_data, size_t name_len, char *lowcase_buf,
int capture_id, char **value, size_t *value_len, char **err);
int ngx_http_lua_ffi_var_set(ngx_http_request_t *r,
const unsigned char *name_data, size_t name_len,
unsigned char *lowcase_buf, const unsigned char *value,
size_t value_len, unsigned char *errbuf, size_t *errlen);
]]
ngx_lua_ffi_var_get = C.ngx_http_lua_ffi_var_get
ngx_lua_ffi_var_set = C.ngx_http_lua_ffi_var_set
elseif subsystem == "stream" then
ffi.cdef[[
int ngx_stream_lua_ffi_var_get(ngx_stream_lua_request_t *r,
const char *name_data, size_t name_len, char *lowcase_buf,
int capture_id, char **value, size_t *value_len, char **err);
int ngx_stream_lua_ffi_var_set(ngx_stream_lua_request_t *r,
const unsigned char *name_data, size_t name_len,
unsigned char *lowcase_buf, const unsigned char *value,
size_t value_len, unsigned char *errbuf, size_t *errlen);
]]
ngx_lua_ffi_var_get = C.ngx_stream_lua_ffi_var_get
ngx_lua_ffi_var_set = C.ngx_stream_lua_ffi_var_set
end
local value_ptr = ffi_new("unsigned char *[1]")
local errmsg = base.get_errmsg_ptr()
local function var_get(self, name)
local r = get_request()
if not r then
error("no request found")
end
local value_len = get_size_ptr()
local rc
if type(name) == "number" then
rc = ngx_lua_ffi_var_get(r, nil, 0, nil, name, value_ptr, value_len,
errmsg)
else
if type(name) ~= "string" then
error("bad variable name", 2)
end
local name_len = #name
local lowcase_buf = get_string_buf(name_len)
rc = ngx_lua_ffi_var_get(r, name, name_len, lowcase_buf, 0, value_ptr,
value_len, errmsg)
end
-- ngx.log(ngx.WARN, "rc = ", rc)
if rc == 0 then -- NGX_OK
return ffi_str(value_ptr[0], value_len[0])
end
if rc == -5 then -- NGX_DECLINED
return nil
end
if rc == -1 then -- NGX_ERROR
error(ffi_str(errmsg[0]), 2)
end
end
local function var_set(self, name, value)
local r = get_request()
if not r then
error("no request found")
end
if type(name) ~= "string" then
error("bad variable name", 2)
end
local name_len = #name
local errlen = get_size_ptr()
errlen[0] = ERR_BUF_SIZE
local lowcase_buf = get_string_buf(name_len + ERR_BUF_SIZE)
local value_len
if value == nil then
value_len = 0
else
if type(value) ~= 'string' then
value = tostring(value)
end
value_len = #value
end
local errbuf = lowcase_buf + name_len
local rc = ngx_lua_ffi_var_set(r, name, name_len, lowcase_buf, value,
value_len, errbuf, errlen)
-- ngx.log(ngx.WARN, "rc = ", rc)
if rc == 0 then -- NGX_OK
return
end
if rc == -1 then -- NGX_ERROR
error(ffi_str(errbuf, errlen[0]), 2)
end
end
do
local mt = new_tab(0, 2)
mt.__index = var_get
mt.__newindex = var_set
setmetatable(ngx.var, mt)
end
return {
version = base.version
}

77
deps/src/lua-resty-core/lib/resty/core/worker.lua vendored Normal file
View File

@@ -0,0 +1,77 @@
-- Copyright (C) Yichun Zhang (agentzh)
local ffi = require "ffi"
local base = require "resty.core.base"
local C = ffi.C
local new_tab = base.new_tab
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_worker_id
local ngx_lua_ffi_worker_pid
local ngx_lua_ffi_worker_count
local ngx_lua_ffi_worker_exiting
ngx.worker = new_tab(0, 4)
if subsystem == "http" then
ffi.cdef[[
int ngx_http_lua_ffi_worker_id(void);
int ngx_http_lua_ffi_worker_pid(void);
int ngx_http_lua_ffi_worker_count(void);
int ngx_http_lua_ffi_worker_exiting(void);
]]
ngx_lua_ffi_worker_id = C.ngx_http_lua_ffi_worker_id
ngx_lua_ffi_worker_pid = C.ngx_http_lua_ffi_worker_pid
ngx_lua_ffi_worker_count = C.ngx_http_lua_ffi_worker_count
ngx_lua_ffi_worker_exiting = C.ngx_http_lua_ffi_worker_exiting
elseif subsystem == "stream" then
ffi.cdef[[
int ngx_stream_lua_ffi_worker_id(void);
int ngx_stream_lua_ffi_worker_pid(void);
int ngx_stream_lua_ffi_worker_count(void);
int ngx_stream_lua_ffi_worker_exiting(void);
]]
ngx_lua_ffi_worker_id = C.ngx_stream_lua_ffi_worker_id
ngx_lua_ffi_worker_pid = C.ngx_stream_lua_ffi_worker_pid
ngx_lua_ffi_worker_count = C.ngx_stream_lua_ffi_worker_count
ngx_lua_ffi_worker_exiting = C.ngx_stream_lua_ffi_worker_exiting
end
function ngx.worker.exiting()
return ngx_lua_ffi_worker_exiting() ~= 0
end
function ngx.worker.pid()
return ngx_lua_ffi_worker_pid()
end
function ngx.worker.id()
local id = ngx_lua_ffi_worker_id()
if id < 0 then
return nil
end
return id
end
function ngx.worker.count()
return ngx_lua_ffi_worker_count()
end
return {
_VERSION = base.version
}

51
deps/src/lua-resty-core/t/TestCore.pm vendored Normal file
View File

@@ -0,0 +1,51 @@
package t::TestCore;
use Test::Nginx::Socket::Lua -Base;
use Cwd qw(cwd);
$ENV{TEST_NGINX_HOTLOOP} ||= 10;
$ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211;
our $pwd = cwd();
our $lua_package_path = './lib/?.lua;./t/lib/?.lua;../lua-resty-lrucache/lib/?.lua;;';
our $init_by_lua_block = <<_EOC_;
local verbose = false
if verbose then
local dump = require "jit.dump"
dump.on("b", "$Test::Nginx::Util::ErrLogFile")
else
local v = require "jit.v"
v.on("$Test::Nginx::Util::ErrLogFile")
end
require "resty.core"
jit.opt.start("hotloop=$ENV{TEST_NGINX_HOTLOOP}")
-- jit.off()
_EOC_
our $HttpConfig = <<_EOC_;
lua_package_path '$lua_package_path';
init_by_lua_block {
$t::TestCore::init_by_lua_block
}
_EOC_
our @EXPORT = qw(
$pwd
$lua_package_path
$init_by_lua_block
$HttpConfig
);
add_block_preprocessor(sub {
my $block = shift;
if (!defined $block->http_config) {
$block->set_value("http_config", $HttpConfig);
}
});
1;

50
deps/src/lua-resty-core/t/TestCore/Stream.pm vendored Normal file
View File

@@ -0,0 +1,50 @@
package t::TestCore::Stream;
use Test::Nginx::Socket::Lua::Stream -Base;
use Cwd qw(cwd);
$ENV{TEST_NGINX_HOTLOOP} ||= 10;
our $pwd = cwd();
our $lua_package_path = './lib/?.lua;../lua-resty-lrucache/lib/?.lua;;';
our $init_by_lua_block = <<_EOC_;
local verbose = false
if verbose then
local dump = require "jit.dump"
dump.on("b", "$Test::Nginx::Util::ErrLogFile")
else
local v = require "jit.v"
v.on("$Test::Nginx::Util::ErrLogFile")
end
require "resty.core"
jit.opt.start("hotloop=$ENV{TEST_NGINX_HOTLOOP}")
-- jit.off()
_EOC_
our $StreamConfig = <<_EOC_;
lua_package_path '$lua_package_path';
init_by_lua_block {
$t::TestCore::Stream::init_by_lua_block
}
_EOC_
our @EXPORT = qw(
$pwd
$lua_package_path
$init_by_lua_block
$StreamConfig
);
add_block_preprocessor(sub {
my $block = shift;
if (!defined $block->stream_config) {
$block->set_value("stream_config", $StreamConfig);
}
});
1;

392
deps/src/lua-resty-core/t/balancer-timeout.t vendored Normal file
View File

@@ -0,0 +1,392 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
BEGIN {
if (!defined $ENV{LD_PRELOAD}) {
$ENV{LD_PRELOAD} = '';
}
if ($ENV{LD_PRELOAD} !~ /\bmockeagain\.so\b/) {
$ENV{LD_PRELOAD} = "mockeagain.so $ENV{LD_PRELOAD}";
}
if (defined $ENV{MOCKEAGAIN} && $ENV{MOCKEAGAIN} eq 'r') {
$ENV{MOCKEAGAIN} = 'rw';
} else {
$ENV{MOCKEAGAIN} = 'w';
}
$ENV{TEST_NGINX_EVENT_TYPE} = 'poll';
$ENV{TEST_NGINX_POSTPONE_OUTPUT} = 1;
}
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_on();
#workers(2);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 4);
$ENV{TEST_NGINX_LUA_PACKAGE_PATH} = $t::TestCore::lua_package_path;
#worker_connections(1024);
#no_diff();
no_long_string();
run_tests();
__DATA__
=== TEST 1: set_timeouts
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
assert(b.set_timeouts(1.234, 5.678, 7.689))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body
fake origin
--- grep_error_log eval: qr/event timer add: \d+: (?:1234|5678|7689):/
--- grep_error_log_out eval
qr/\Aevent timer add: \d+: 1234:
event timer add: \d+: 5678:
event timer add: \d+: 7689:
\z/
--- no_error_log
[warn]
=== TEST 2: set_timeouts (nil connect timeout)
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_connect_timeout 1234ms;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
assert(b.set_timeouts(nil, 5.678, 7.689))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body
fake origin
--- grep_error_log eval: qr/event timer add: \d+: (?:1234|5678|7689):/
--- grep_error_log_out eval
qr/\Aevent timer add: \d+: 1234:
event timer add: \d+: 5678:
event timer add: \d+: 7689:
\z/
--- no_error_log
[warn]
=== TEST 3: set_timeouts (nil send timeout)
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_send_timeout 5678ms;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
assert(b.set_timeouts(1.234, nil, 7.689))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body
fake origin
--- grep_error_log eval: qr/event timer add: \d+: (?:1234|5678|7689):/
--- grep_error_log_out eval
qr/\Aevent timer add: \d+: 1234:
event timer add: \d+: 5678:
event timer add: \d+: 7689:
\z/
--- no_error_log
[warn]
=== TEST 4: set_timeouts (nil read timeout)
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_read_timeout 7689ms;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
assert(b.set_timeouts(1.234, 5.678, nil))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body
fake origin
--- grep_error_log eval: qr/event timer add: \d+: (?:1234|5678|7689):/
--- grep_error_log_out eval
qr/\Aevent timer add: \d+: 1234:
event timer add: \d+: 5678:
event timer add: \d+: 7689:
\z/
--- no_error_log
[warn]
=== TEST 5: set connect timeout to 0
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_timeouts(0, 1.234, 5.678))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log eval
qr/\[error\] .*? balancer_by_lua:4: bad connect timeout/
--- no_error_log
[warn]
=== TEST 6: set connect timeout to -1
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_timeouts(-1, 1.234, 5.678))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log eval
qr/\[error\] .*? balancer_by_lua:4: bad connect timeout/
--- no_error_log
[warn]
=== TEST 7: set send timeout to 0
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_timeouts(1.234, 0, 5.678))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log eval
qr/\[error\] .*? balancer_by_lua:4: bad send timeout/
--- no_error_log
[warn]
=== TEST 8: set send timeout to -1
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_timeouts(1.234, -1, 5.678))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log eval
qr/\[error\] .*? balancer_by_lua:4: bad send timeout/
--- no_error_log
[warn]
=== TEST 9: set read timeout to -1
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_timeouts(1.234, 5.678, -1))
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
echo "fake origin";
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log eval
qr/\[error\] .*? balancer_by_lua:4: bad read timeout/
--- no_error_log
[warn]
=== TEST 10: set_timeouts called in a wrong context
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
--- config
location = /t {
content_by_lua_block {
local balancer = require "ngx.balancer"
local ok, err = balancer.set_timeouts(1, 1, 1)
if not ok then
ngx.say("failed to call: ", err)
return
end
ngx.say("unexpected success!")
}
}
--- request
GET /t
--- response_body
failed to call: no upstream found
--- no_error_log
[error]
[alert]
=== TEST 11: set_timeouts called with a non-numerical parameter
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local balancer = require "ngx.balancer"
local ok, err = balancer.set_timeouts("1.234", 1, 1)
if not ok then
ngx.log(ngx.ERR, "failed to call: ", err)
end
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log eval
qr/\[error\] .*? bad connect timeout/
--- no_error_log
[alert]

884
deps/src/lua-resty-core/t/balancer.t vendored Normal file
View File

@@ -0,0 +1,884 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_on();
#workers(2);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 4 + 6);
$ENV{TEST_NGINX_LUA_PACKAGE_PATH} = "$t::TestCore::lua_package_path";
#worker_connections(1024);
#no_diff();
no_long_string();
run_tests();
__DATA__
=== TEST 1: set current peer (separate addr and port)
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_current_peer("127.0.0.3", 12345))
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- error_log eval
[
'[lua] balancer_by_lua:2: hello from balancer by lua! while connecting to upstream,',
qr{connect\(\) failed .*?, upstream: "http://127\.0\.0\.3:12345/t"},
]
--- no_error_log
[warn]
=== TEST 2: set current peer & next upstream (3 tries)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 10;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
if ngx.ctx.tries < 2 then
local ok, err = b.set_more_tries(1)
if not ok then
return error("failed to set more tries: ", err)
elseif err then
ngx.log(ngx.WARN, "set more tries: ", err)
end
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.3", 12345))
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- grep_error_log eval: qr{connect\(\) failed .*, upstream: "http://.*?"}
--- grep_error_log_out eval
qr#^(?:connect\(\) failed .*?, upstream: "http://127.0.0.3:12345/t"\n){3}$#
--- no_error_log
[warn]
=== TEST 3: set current peer & next upstream (no retries)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.3", 12345))
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- grep_error_log eval: qr{connect\(\) failed .*, upstream: "http://.*?"}
--- grep_error_log_out eval
qr#^(?:connect\(\) failed .*?, upstream: "http://127.0.0.3:12345/t"\n){1}$#
--- no_error_log
[warn]
=== TEST 4: set current peer & next upstream (3 tries exceeding the limit)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 2;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
if ngx.ctx.tries < 2 then
local ok, err = b.set_more_tries(1)
if not ok then
return error("failed to set more tries: ", err)
elseif err then
ngx.log(ngx.WARN, "set more tries: ", err)
end
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.3", 12345))
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- grep_error_log eval: qr{connect\(\) failed .*, upstream: "http://.*?"}
--- grep_error_log_out eval
qr#^(?:connect\(\) failed .*?, upstream: "http://127.0.0.3:12345/t"\n){2}$#
--- error_log
set more tries: reduced tries due to limit
=== TEST 5: get last peer failure status (404)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 10;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
local state, status = b.get_last_failure()
print("last peer failure: ", state, " ", status)
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
if ngx.ctx.tries < 2 then
local ok, err = b.set_more_tries(1)
if not ok then
return error("failed to set more tries: ", err)
elseif err then
ngx.log(ngx.WARN, "set more tries: ", err)
end
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
return 404;
}
--- request
GET /t
--- response_body_like: 404 Not Found
--- error_code: 404
--- grep_error_log eval: qr{last peer failure: \S+ \S+}
--- grep_error_log_out
last peer failure: nil nil
last peer failure: next 404
last peer failure: next 404
--- no_error_log
[warn]
=== TEST 6: get last peer failure status (500)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 10;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
local state, status = b.get_last_failure()
print("last peer failure: ", state, " ", status)
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
if ngx.ctx.tries < 2 then
local ok, err = b.set_more_tries(1)
if not ok then
return error("failed to set more tries: ", err)
elseif err then
ngx.log(ngx.WARN, "set more tries: ", err)
end
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
return 500;
}
--- request
GET /t
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- grep_error_log eval: qr{last peer failure: \S+ \S+}
--- grep_error_log_out
last peer failure: nil nil
last peer failure: failed 500
last peer failure: failed 500
--- no_error_log
[warn]
=== TEST 7: get last peer failure status (503)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 10;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
local state, status = b.get_last_failure()
print("last peer failure: ", state, " ", status)
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
if ngx.ctx.tries < 2 then
local ok, err = b.set_more_tries(1)
if not ok then
return error("failed to set more tries: ", err)
elseif err then
ngx.log(ngx.WARN, "set more tries: ", err)
end
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
return 503;
}
--- request
GET /t
--- response_body_like: 503 Service Temporarily Unavailable
--- error_code: 503
--- grep_error_log eval: qr{last peer failure: \S+ \S+}
--- grep_error_log_out eval
qr{\Alast peer failure: nil nil
last peer failure: failed 50[23]
last peer failure: failed 50[23]
\z}
--- no_error_log
[warn]
=== TEST 8: get last peer failure status (connect failed)
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 10;
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
local state, status = b.get_last_failure()
print("last peer failure: ", state, " ", status)
if not ngx.ctx.tries then
ngx.ctx.tries = 0
end
if ngx.ctx.tries < 2 then
local ok, err = b.set_more_tries(1)
if not ok then
return error("failed to set more tries: ", err)
elseif err then
ngx.log(ngx.WARN, "set more tries: ", err)
end
end
ngx.ctx.tries = ngx.ctx.tries + 1
assert(b.set_current_peer("127.0.0.3", 12345))
}
}
--- config
location = /t {
proxy_pass http://backend/back;
}
location = /back {
return 404;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- grep_error_log eval: qr{last peer failure: \S+ \S+}
--- grep_error_log_out
last peer failure: nil nil
last peer failure: failed 502
last peer failure: failed 502
--- no_error_log
[warn]
=== TEST 9: set current peer (port embedded in addr)
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_current_peer("127.0.0.3:12345"))
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- error_log eval
[
'[lua] balancer_by_lua:2: hello from balancer by lua! while connecting to upstream,',
qr{connect\(\) failed .*?, upstream: "http://127\.0\.0\.3:12345/t"},
]
--- no_error_log
[warn]
=== TEST 10: keepalive before balancer
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
keepalive 10;
balancer_by_lua_block {
print("hello from balancer by lua!")
local b = require "ngx.balancer"
assert(b.set_current_peer("127.0.0.3:12345"))
}
}
--- config
location = /t {
proxy_pass http://backend;
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- grep_error_log eval: qr/load balancing method redefined in/
--- grep_error_log_out eval
[
"load balancing method redefined in
",
"",
]
--- error_code: 502
--- error_log eval
[
'[lua] balancer_by_lua:2: hello from balancer by lua! while connecting to upstream,',
qr{connect\(\) failed .*?, upstream: "http://127\.0\.0\.3:12345/t"},
]
--- no_error_log
[crit]
=== TEST 11: keepalive after balancer
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
}
keepalive 1;
}
--- config
location = /t {
content_by_lua_block {
local res0 = ngx.location.capture("/tt")
local res1 = ngx.location.capture("/tt")
local res2 = ngx.location.capture("/tt")
if res2.status == ngx.HTTP_OK then
ngx.print(res2.body)
end
}
}
location = /tt {
proxy_pass http://backend/back;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location = /back {
echo "hello keepalive!";
}
--- request
GET /t
--- response_body
hello keepalive!
--- error_code: 200
--- grep_error_log eval: qr{\S+ keepalive peer:.*?connection}
--- grep_error_log_out eval
["free keepalive peer: saving connection
get keepalive peer: using connection
free keepalive peer: saving connection
get keepalive peer: using connection
free keepalive peer: saving connection
",
"get keepalive peer: using connection
free keepalive peer: saving connection
get keepalive peer: using connection
free keepalive peer: saving connection
get keepalive peer: using connection
free keepalive peer: saving connection
",
]
--- no_error_log
[warn]
=== TEST 12: set_current_peer called in a wrong context
--- wait: 0.2
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 127.0.0.1:$TEST_NGINX_SERVER_PORT;
balancer_by_lua_block {
print("hello from balancer by lua!")
}
}
--- config
location = /fake {
echo ok;
}
location = /t {
proxy_pass http://backend/fake;
log_by_lua_block {
local balancer = require "ngx.balancer"
local ok, err = balancer.set_current_peer("127.0.0.1", 1234)
if not ok then
ngx.log(ngx.ERR, "failed to call: ", err)
return
end
ngx.log(ngx.ALERT, "unexpected success")
}
}
--- request
GET /t
--- response_body
ok
--- error_log eval
qr/\[error\] .*? log_by_lua.*? failed to call: API disabled in the current context/
--- no_error_log
[alert]
=== TEST 13: get_last_failure called in a wrong context
--- wait: 0.2
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 127.0.0.1:$TEST_NGINX_SERVER_PORT;
balancer_by_lua_block {
print("hello from balancer by lua!")
}
}
--- config
location = /fake {
echo ok;
}
location = /t {
proxy_pass http://backend/fake;
log_by_lua_block {
local balancer = require "ngx.balancer"
local state, status, err = balancer.get_last_failure()
if not state and err then
ngx.log(ngx.ERR, "failed to call: ", err)
return
end
ngx.log(ngx.ALERT, "unexpected success")
}
}
--- request
GET /t
--- response_body
ok
--- error_log eval
qr/\[error\] .*? log_by_lua.*? failed to call: API disabled in the current context/
--- no_error_log
[alert]
=== TEST 14: set_more_tries called in a wrong context
--- wait: 0.2
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 127.0.0.1:$TEST_NGINX_SERVER_PORT;
balancer_by_lua_block {
print("hello from balancer by lua!")
}
}
--- config
location = /fake {
echo ok;
}
location = /t {
proxy_pass http://backend/fake;
log_by_lua_block {
local balancer = require "ngx.balancer"
local ok, err = balancer.set_more_tries(1)
if not ok then
ngx.log(ngx.ERR, "failed to call: ", err)
return
end
ngx.log(ngx.ALERT, "unexpected success")
}
}
--- request
GET /t
--- response_body
ok
--- error_log eval
qr/\[error\] .*? log_by_lua.*? failed to call: API disabled in the current context/
--- no_error_log
[alert]
=== TEST 15: hot loop when proxy_upstream_next error is hit and keepalive is used.
github issue openresty/lua-nginx-module#693
--- skip_nginx: 4: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
print("hello from balancer by lua!")
assert(b.set_current_peer("127.0.0.1", $TEST_NGINX_SERVER_PORT))
}
keepalive 1;
}
--- config
location /t {
rewrite ^/t(.*) $1 break;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location = /back {
return 200;
}
location = /main {
echo_location /t/back;
echo_location /t/bad;
}
location = /bad {
content_by_lua_block {
ngx.exit(444)
}
}
--- request
GET /main
--- no_error_log
[alert]
--- ignore_response
--- grep_error_log eval: qr{hello from balancer by lua!}
--- grep_error_log_out
hello from balancer by lua!
hello from balancer by lua!
hello from balancer by lua!
--- error_log eval
qr/\[error] .*? upstream prematurely closed connection while reading response header from upstream/
=== TEST 16: https (keepalive)
--- skip_nginx: 5: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
print("hello from balancer by lua!")
assert(b.set_current_peer("127.0.0.1", 1234))
}
keepalive 1;
}
server {
listen 1234 ssl;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location = /back {
return 200 "ok";
}
}
--- config
location /t {
proxy_pass https://backend/back;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
--- request
GET /t
--- no_error_log
[alert]
[error]
--- response_body chomp
ok
--- grep_error_log eval: qr{hello from balancer by lua!}
--- grep_error_log_out
hello from balancer by lua!
--- no_check_leak
=== TEST 17: https (no keepalive)
--- skip_nginx: 5: < 1.7.5
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
local b = require "ngx.balancer"
print("hello from balancer by lua!")
assert(b.set_current_peer("127.0.0.1", 12347))
}
}
server {
listen 12347 ssl;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location = /back {
return 200 "ok";
}
}
--- config
location /t {
proxy_pass https://backend/back;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
--- request
GET /t
--- no_error_log
[alert]
[error]
--- response_body chomp
ok
--- grep_error_log eval: qr{hello from balancer by lua!}
--- grep_error_log_out
hello from balancer by lua!
--- no_check_leak
=== TEST 18: test ngx.var.upstream_addr after using more than one set_current_peer
--- wait: 0.2
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
proxy_next_upstream_tries 3;
upstream backend {
server 127.0.0.1:$TEST_NGINX_SERVER_PORT;
balancer_by_lua_block {
local balancer = require "ngx.balancer"
if ngx.ctx.tries == nil then
balancer.set_more_tries(1)
ngx.ctx.tries = 1
balancer.set_current_peer("127.0.0.3", 12345)
else
balancer.set_current_peer("127.0.0.3", 12346)
end
}
}
--- config
location = /t {
proxy_pass http://backend;
log_by_lua_block {
ngx.log(ngx.INFO, "ngx.var.upstream_addr is " .. ngx.var.upstream_addr)
}
}
--- request
GET /t
--- response_body_like: 502 Bad Gateway
--- error_code: 502
--- error_log
[lua] log_by_lua(nginx.conf:59):2: ngx.var.upstream_addr is 127.0.0.3:12345, 127.0.0.3:12346
--- no_error_log
[alert]
=== TEST 19: recreate upstream module requests with header change
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
upstream backend {
server 0.0.0.1;
balancer_by_lua_block {
print("here")
local b = require "ngx.balancer"
if ngx.ctx.balancer_run then
assert(b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)))
ngx.var.test = "second"
assert(b.recreate_request())
else
ngx.ctx.balancer_run = true
assert(b.set_current_peer("127.0.0.3", 12345))
assert(b.set_more_tries(1))
end
}
}
--- config
location = /t {
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404;
proxy_next_upstream_tries 2;
set $test "first";
proxy_set_header X-Test $test;
proxy_pass http://backend/upstream;
}
location = /upstream {
return 200 "value is: $http_x_test";
}
--- request
GET /t
--- response_body: value is: second
--- error_log
connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1
--- no_error_log
[warn]
[crit]

42
deps/src/lua-resty-core/t/cert/chain/chain-bad0.pem vendored Normal file
View File

@@ -0,0 +1,42 @@
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICEAQwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UE
AwwMU2lnbmluZy1DQS0yMCAXDTE0MDkyMDA1Mjc0NloYDzIxMTQwODI3MDUyNzQ2
WjBJMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJ
T3BlblJlc3R5MREwDwYDVQQDDAh0ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA2FOsrFw/+YColkuwWNtaht7KMALZGcj2FMVAyUHru3rR4fmWO1TV
6L+sUFpJEdqZYETgJWhANnz2zrScuVjW6udEmGPronL46Wm0Sk1ohkHKZ1hh5nDo
CP6twnVZJA7wLxpwg4yjd2ToTdXFKGKpU9GhIvU2Q6dGAKqXVHLUckcCAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYBAD=BAD=BAD=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICdjCCAd+gAwIBAgICEAIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQ
BgNVBAoMCU9wZW5SZXN0eTEQMA4GA1UEAwwHUm9vdCBDQTAgFw0xNDA5MjAwNTA5
MDVaGA8yMTE0MDgyNzA1MDkwNVowTTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UEAwwMU2lnbmluZy1D
QS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5mj22Md22ivGfYSV5cPbq
S2oPDHLqRfxNUc/1cYiUnPkEQJn9LRcVOt5fcEoGeRP7gUmt2llEEoF0ndgZPk7o
xwDu+ZaBer8J5oiw47LoyuNyI+SGg0HKs0nA9XaK17X8oxIbKwu0VxAkl0C+yxfn
xd6TG1mU/zQ/zU0UdgkO8wIDAQABo1AwTjAdBgNVHQ4EFgQUEleOLJvKyY34iLFN
7qZt85nDr+EwHwYDVR0jBBgwFoAUVmXJi2VVJy6rFPAmRr27nqErQVgwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAe+28+Er1FEVlS1WD/fHOeMs52+gu2
Slho25KkoNJjJCecasVs+oTUtYCTsHmPM8YGmUmBmfRSur3/bvVpP2XgWVHOFmYv
ObUx/xgqpI4Ud3uiLFRL8KUsgxLE1RxKX3sxJu1jutWD4rUdw/M0oLrd7ofucHGu
G8WXmwimnK3Awg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICYzCCAcygAwIBAgICEAMwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UE
AwwMU2lnbmluZy1DQS0xMCAXDTE0MDkyMDA1MjUwNFoYDzIxMTQwODI3MDUyNTA0
WjBNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJ
T3BlblJlc3R5MRUwEwYDVQQDDAxTaWduaW5nLUNBLTIwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAKTQrhaoj50s7hL1DF4pZZvMm2dvQCTXRP/U3o3UNhzhNyvf
/2k1bQtPrpoW56nGJNOOpMMvJdjzZnOOhI6cpsf5zoy3nWAmhUyP9EMXr52UGvUh
exwrnO7+Ssptx8/uKgIoH24TlIU/UKMDGL1s+bWdN7knYSl10zl3XoNBqowhAgMB
AAGjUDBOMB0GA1UdDgQWBBQ5d3ejTpKL4iUgcmQ1CnqHqFip+DAfBgNVHSMEGDAW
gBQSV44sm8rJjfiIsU3upm3zmcOv4TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4GBADtLtjFRcprvQmBemGBx1yZKRvEOHwi+5htf4v0oVI2xxQlvBMtp3Dle
Z+CRnxCUvDWQSmX+WL3pnRjwssQsbgUApGNZaoXPDig6rTQcHowIz6x5GOYrFkmc
CwlmUClTeASePSdAxAxy1ozWsZz18viMnAsN4Uub7MllDB7+JweW
-----END CERTIFICATE-----

39
deps/src/lua-resty-core/t/cert/chain/chain-bad2.pem vendored Normal file
View File

@@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICEAQwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UE
AwwMU2lnbmluZy1DQS0yMCAXDTE0MDkyMDA1Mjc0NloYDzIxMTQwODI3MDUyNzQ2
WjBJMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJ
T3BlblJlc3R5MREwDwYDVQQDDAh0ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA2FOsrFw/+YColkuwWNtaht7KMALZGcj2FMVAyUHru3rR4fmWO1TV
6L+sUFpJEdqZYETgJWhANnz2zrScuVjW6udEmGPronL46Wm0Sk1ohkHKZ1hh5nDo
CP6twnVZJA7wLxpwg4yjd2ToTdXFKGKpU9GhIvU2Q6dGAKqXVHLUckcCAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFB/bwNk8S3eomqwzH3twxM+6yAfdMB8GA1Ud
IwQYMBaAFDl3d6NOkoviJSByZDUKeoeoWKn4MA0GCSqGSIb3DQEBBQUAA4GBAB7N
g2ax2+pcN368MURScgOum0QgLK0AIKXcz53IyI/fzyQmnEOD9NL/69nkfSXPH7iq
Y1gDudpSQvj+LnHMj94mNM3aXHo7ZAcYJ6FhtlgylhCX8n8AxERDt53iMWlPwpXF
ozLRwADG71i5D+YIOg3JwBT3JoxDE1Ubk3Fyx60v
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICdjCCAd+gAwIBAgICEAIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQ
BgNVBAoMCU9wZW5SZXN0eTEQMA4GA1UEAwwHUm9vdCBDQTAgFw0xNDA5MjAwNTA5
MDVaGA8yMTE0MDgyNzA1MDkwNVowTTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UEAwwMU2lnbmluZy1D
QS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5mj22Md22ivGfYSV5cPbq
S2oPDHLqRfxNUc/1cYiUnPkEQJn9LRcVOt5fcEoGeRP7gUmt2llEEoF0ndgZPk7o
xwDu+ZaBer8J5oiw47LoyuNyI+SGg0HKs0nA9XaK17X8oxIbKwu0VxAkl0C+yxfn
xd6TG1mU/zQ/zU0UdgkO8wIDAQABo1AwTjAdBgNVHQ4EFgQUEleOLJvKyY34iLFN
7qZt85nDr+EwHwYDVR0jBBgwFoAUVmXJi2VVJy6rFPAmRr27nqErQVgwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAe+28+Er1FEVlS1WD/fHOeMs52+gu2
Slho25KkoNJjJCecasVs+oTUtYCTsHmPM8YGmUmBmfRSur3/bvVpP2XgWVHOFmYv
ObUx/xgqpI4Ud3uiLFRL8KUsgxLE1RxKX3sxJu1jutWD4rUdw/M0oLrd7ofucHGu
G8WXmwimnK3Awg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICYzCCAcygAwIBAgICEAMwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UE
AwwMU2lnbmluZy1DQS0xMCAXDTE0MDkyMDA1MjUwNFoYDzIxMTQwODI3MDUyNTA0
WjBNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJ
BAD=BAD=BAD
-----END CERTIFICATE-----

BIN
deps/src/lua-resty-core/t/cert/chain/chain.der vendored Normal file
View File

Binary file not shown.

172
deps/src/lua-resty-core/t/cert/chain/chain.pem vendored Normal file
View File

@@ -0,0 +1,172 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4100 (0x1004)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, O=OpenResty, CN=Signing-CA-2
Validity
Not Before: Sep 20 05:27:46 2014 GMT
Not After : Aug 27 05:27:46 2114 GMT
Subject: C=US, ST=California, O=OpenResty, CN=test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d8:53:ac:ac:5c:3f:f9:80:a8:96:4b:b0:58:db:
5a:86:de:ca:30:02:d9:19:c8:f6:14:c5:40:c9:41:
eb:bb:7a:d1:e1:f9:96:3b:54:d5:e8:bf:ac:50:5a:
49:11:da:99:60:44:e0:25:68:40:36:7c:f6:ce:b4:
9c:b9:58:d6:ea:e7:44:98:63:eb:a2:72:f8:e9:69:
b4:4a:4d:68:86:41:ca:67:58:61:e6:70:e8:08:fe:
ad:c2:75:59:24:0e:f0:2f:1a:70:83:8c:a3:77:64:
e8:4d:d5:c5:28:62:a9:53:d1:a1:22:f5:36:43:a7:
46:00:aa:97:54:72:d4:72:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
1F:DB:C0:D9:3C:4B:77:A8:9A:AC:33:1F:7B:70:C4:CF:BA:C8:07:DD
X509v3 Authority Key Identifier:
keyid:39:77:77:A3:4E:92:8B:E2:25:20:72:64:35:0A:7A:87:A8:58:A9:F8
Signature Algorithm: sha1WithRSAEncryption
1e:cd:83:66:b1:db:ea:5c:37:7e:bc:31:44:52:72:03:ae:9b:
44:20:2c:ad:00:20:a5:dc:cf:9d:c8:c8:8f:df:cf:24:26:9c:
43:83:f4:d2:ff:eb:d9:e4:7d:25:cf:1f:b8:aa:63:58:03:b9:
da:52:42:f8:fe:2e:71:cc:8f:de:26:34:cd:da:5c:7a:3b:64:
07:18:27:a1:61:b6:58:32:96:10:97:f2:7f:00:c4:44:43:b7:
9d:e2:31:69:4f:c2:95:c5:a3:32:d1:c0:00:c6:ef:58:b9:0f:
e6:08:3a:0d:c9:c0:14:f7:26:8c:43:13:55:1b:93:71:72:c7:
ad:2f
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICEAQwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UE
AwwMU2lnbmluZy1DQS0yMCAXDTE0MDkyMDA1Mjc0NloYDzIxMTQwODI3MDUyNzQ2
WjBJMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJ
T3BlblJlc3R5MREwDwYDVQQDDAh0ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA2FOsrFw/+YColkuwWNtaht7KMALZGcj2FMVAyUHru3rR4fmWO1TV
6L+sUFpJEdqZYETgJWhANnz2zrScuVjW6udEmGPronL46Wm0Sk1ohkHKZ1hh5nDo
CP6twnVZJA7wLxpwg4yjd2ToTdXFKGKpU9GhIvU2Q6dGAKqXVHLUckcCAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFB/bwNk8S3eomqwzH3twxM+6yAfdMB8GA1Ud
IwQYMBaAFDl3d6NOkoviJSByZDUKeoeoWKn4MA0GCSqGSIb3DQEBBQUAA4GBAB7N
g2ax2+pcN368MURScgOum0QgLK0AIKXcz53IyI/fzyQmnEOD9NL/69nkfSXPH7iq
Y1gDudpSQvj+LnHMj94mNM3aXHo7ZAcYJ6FhtlgylhCX8n8AxERDt53iMWlPwpXF
ozLRwADG71i5D+YIOg3JwBT3JoxDE1Ubk3Fyx60v
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4098 (0x1002)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Francisco, O=OpenResty, CN=Root CA
Validity
Not Before: Sep 20 05:09:05 2014 GMT
Not After : Aug 27 05:09:05 2114 GMT
Subject: C=US, ST=California, O=OpenResty, CN=Signing-CA-1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:b9:9a:3d:b6:31:dd:b6:8a:f1:9f:61:25:79:70:
f6:ea:4b:6a:0f:0c:72:ea:45:fc:4d:51:cf:f5:71:
88:94:9c:f9:04:40:99:fd:2d:17:15:3a:de:5f:70:
4a:06:79:13:fb:81:49:ad:da:59:44:12:81:74:9d:
d8:19:3e:4e:e8:c7:00:ee:f9:96:81:7a:bf:09:e6:
88:b0:e3:b2:e8:ca:e3:72:23:e4:86:83:41:ca:b3:
49:c0:f5:76:8a:d7:b5:fc:a3:12:1b:2b:0b:b4:57:
10:24:97:40:be:cb:17:e7:c5:de:93:1b:59:94:ff:
34:3f:cd:4d:14:76:09:0e:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:57:8E:2C:9B:CA:C9:8D:F8:88:B1:4D:EE:A6:6D:F3:99:C3:AF:E1
X509v3 Authority Key Identifier:
keyid:56:65:C9:8B:65:55:27:2E:AB:14:F0:26:46:BD:BB:9E:A1:2B:41:58
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
1e:fb:6f:3e:12:bd:45:11:59:52:d5:60:ff:7c:73:9e:32:ce:
76:fa:0b:b6:4a:58:68:db:92:a4:a0:d2:63:24:27:9c:6a:c5:
6c:fa:84:d4:b5:80:93:b0:79:8f:33:c6:06:99:49:81:99:f4:
52:ba:bd:ff:6e:f5:69:3f:65:e0:59:51:ce:16:66:2f:39:b5:
31:ff:18:2a:a4:8e:14:77:7b:a2:2c:54:4b:f0:a5:2c:83:12:
c4:d5:1c:4a:5f:7b:31:26:ed:63:ba:d5:83:e2:b5:1d:c3:f3:
34:a0:ba:dd:ee:87:ee:70:71:ae:1b:c5:97:9b:08:a6:9c:ad:
c0:c2
-----BEGIN CERTIFICATE-----
MIICdjCCAd+gAwIBAgICEAIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQ
BgNVBAoMCU9wZW5SZXN0eTEQMA4GA1UEAwwHUm9vdCBDQTAgFw0xNDA5MjAwNTA5
MDVaGA8yMTE0MDgyNzA1MDkwNVowTTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UEAwwMU2lnbmluZy1D
QS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5mj22Md22ivGfYSV5cPbq
S2oPDHLqRfxNUc/1cYiUnPkEQJn9LRcVOt5fcEoGeRP7gUmt2llEEoF0ndgZPk7o
xwDu+ZaBer8J5oiw47LoyuNyI+SGg0HKs0nA9XaK17X8oxIbKwu0VxAkl0C+yxfn
xd6TG1mU/zQ/zU0UdgkO8wIDAQABo1AwTjAdBgNVHQ4EFgQUEleOLJvKyY34iLFN
7qZt85nDr+EwHwYDVR0jBBgwFoAUVmXJi2VVJy6rFPAmRr27nqErQVgwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAe+28+Er1FEVlS1WD/fHOeMs52+gu2
Slho25KkoNJjJCecasVs+oTUtYCTsHmPM8YGmUmBmfRSur3/bvVpP2XgWVHOFmYv
ObUx/xgqpI4Ud3uiLFRL8KUsgxLE1RxKX3sxJu1jutWD4rUdw/M0oLrd7ofucHGu
G8WXmwimnK3Awg==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4099 (0x1003)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, O=OpenResty, CN=Signing-CA-1
Validity
Not Before: Sep 20 05:25:04 2014 GMT
Not After : Aug 27 05:25:04 2114 GMT
Subject: C=US, ST=California, O=OpenResty, CN=Signing-CA-2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a4:d0:ae:16:a8:8f:9d:2c:ee:12:f5:0c:5e:29:
65:9b:cc:9b:67:6f:40:24:d7:44:ff:d4:de:8d:d4:
36:1c:e1:37:2b:df:ff:69:35:6d:0b:4f:ae:9a:16:
e7:a9:c6:24:d3:8e:a4:c3:2f:25:d8:f3:66:73:8e:
84:8e:9c:a6:c7:f9:ce:8c:b7:9d:60:26:85:4c:8f:
f4:43:17:af:9d:94:1a:f5:21:7b:1c:2b:9c:ee:fe:
4a:ca:6d:c7:cf:ee:2a:02:28:1f:6e:13:94:85:3f:
50:a3:03:18:bd:6c:f9:b5:9d:37:b9:27:61:29:75:
d3:39:77:5e:83:41:aa:8c:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:77:77:A3:4E:92:8B:E2:25:20:72:64:35:0A:7A:87:A8:58:A9:F8
X509v3 Authority Key Identifier:
keyid:12:57:8E:2C:9B:CA:C9:8D:F8:88:B1:4D:EE:A6:6D:F3:99:C3:AF:E1
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
3b:4b:b6:31:51:72:9a:ef:42:60:5e:98:60:71:d7:26:4a:46:
f1:0e:1f:08:be:e6:1b:5f:e2:fd:28:54:8d:b1:c5:09:6f:04:
cb:69:dc:39:5e:67:e0:91:9f:10:94:bc:35:90:4a:65:fe:58:
bd:e9:9d:18:f0:b2:c4:2c:6e:05:00:a4:63:59:6a:85:cf:0e:
28:3a:ad:34:1c:1e:8c:08:cf:ac:79:18:e6:2b:16:49:9c:0b:
09:66:50:29:53:78:04:9e:3d:27:40:c4:0c:72:d6:8c:d6:b1:
9c:f5:f2:f8:8c:9c:0b:0d:e1:4b:9b:ec:c9:65:0c:1e:fe:27:
07:96
-----BEGIN CERTIFICATE-----
MIICYzCCAcygAwIBAgICEAMwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAoMCU9wZW5SZXN0eTEVMBMGA1UE
AwwMU2lnbmluZy1DQS0xMCAXDTE0MDkyMDA1MjUwNFoYDzIxMTQwODI3MDUyNTA0
WjBNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJ
T3BlblJlc3R5MRUwEwYDVQQDDAxTaWduaW5nLUNBLTIwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAKTQrhaoj50s7hL1DF4pZZvMm2dvQCTXRP/U3o3UNhzhNyvf
/2k1bQtPrpoW56nGJNOOpMMvJdjzZnOOhI6cpsf5zoy3nWAmhUyP9EMXr52UGvUh
exwrnO7+Ssptx8/uKgIoH24TlIU/UKMDGL1s+bWdN7knYSl10zl3XoNBqowhAgMB
AAGjUDBOMB0GA1UdDgQWBBQ5d3ejTpKL4iUgcmQ1CnqHqFip+DAfBgNVHSMEGDAW
gBQSV44sm8rJjfiIsU3upm3zmcOv4TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4GBADtLtjFRcprvQmBemGBx1yZKRvEOHwi+5htf4v0oVI2xxQlvBMtp3Dle
Z+CRnxCUvDWQSmX+WL3pnRjwssQsbgUApGNZaoXPDig6rTQcHowIz6x5GOYrFkmc
CwlmUClTeASePSdAxAxy1ozWsZz18viMnAsN4Uub7MllDB7+JweW
-----END CERTIFICATE-----

16
deps/src/lua-resty-core/t/cert/chain/root-ca.crt vendored Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICkDCCAfmgAwIBAgIJAK3s1yAQ5tdfMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMRIwEAYDVQQKDAlPcGVuUmVzdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwIBcNMTQw
OTIwMDM1NTU0WhgPMjExNDA4MjcwMzU1NTRaMGAxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQK
DAlPcGVuUmVzdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAN7CcpCjiafBdl1KaExRcuutAF0/eq4/ht7L4/i0nPDzikscFJ/O
aVyH3UpUF/KMq+72vom2bEbUeRROr1rL/JRe9raGlQtvdovHZt6f4c3/Coihtupp
9BXYrBCU4P+Bxai5gtTXGFvLC2a72qKcXDNeH+NxpIaemfPxSvemCYUXAgMBAAGj
UDBOMB0GA1UdDgQWBBRWZcmLZVUnLqsU8CZGvbueoStBWDAfBgNVHSMEGDAWgBRW
ZcmLZVUnLqsU8CZGvbueoStBWDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAGjMH6qkY+61311DERFhDuYzMSSZjH53qzFseq/chlIMGjrgJIMy6rl7T0AU
2hjvW+FOyhf5NqRrAQDTTuLbtXZ/ygiUformE8lR/SNRY/DVj1yarQkWUC5UpqOs
GWG1VW9DHQAMFVkYwPO3XKeTXpEFOxPLHtXBYcVemCT4zo42
-----END CERTIFICATE-----

9
deps/src/lua-resty-core/t/cert/chain/test-com-bad.key.pem vendored Normal file
View File

@@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDYU6ysXD/5gKiWS7BY21qG3sowAtkZyPYUxUDJQeu7etHh+ZY7
VNXov6xQWkkR2plgROAlaEA2fPbOtJy5WNbq50SYY+uicvjpabRKTWiGQcpnWGHm
cOgI/q3CdVkkDvAvGnCDjKN3ZOhN1cUoYqlT0aEi9TZDp0YAqpdUctRyRwIDAQAB
AoGBAIl/5elIWYGFPaMKSPSxuECxq2II7WVuTru1BRDnTabE0lMICW185tohuqz4
NimbAJIoNTCRqv73Pwjz1AobZb6Nm7TDaahhstak6IlTYKcjXVBuM/UU4G13Kz/f
hNVblv2cCn9CkeTNOvPZjYJXw/c4XlHasjDMMh8S83Q9095BAkEA+6oPzEiSsdo5
BAD=BAD=BAD=
-----END RSA PRIVATE KEY-----

BIN
deps/src/lua-resty-core/t/cert/chain/test-com.key.der vendored Normal file
View File

Binary file not shown.

15
deps/src/lua-resty-core/t/cert/chain/test-com.key.pem vendored Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDYU6ysXD/5gKiWS7BY21qG3sowAtkZyPYUxUDJQeu7etHh+ZY7
VNXov6xQWkkR2plgROAlaEA2fPbOtJy5WNbq50SYY+uicvjpabRKTWiGQcpnWGHm
cOgI/q3CdVkkDvAvGnCDjKN3ZOhN1cUoYqlT0aEi9TZDp0YAqpdUctRyRwIDAQAB
AoGBAIl/5elIWYGFPaMKSPSxuECxq2II7WVuTru1BRDnTabE0lMICW185tohuqz4
NimbAJIoNTCRqv73Pwjz1AobZb6Nm7TDaahhstak6IlTYKcjXVBuM/UU4G13Kz/f
hNVblv2cCn9CkeTNOvPZjYJXw/c4XlHasjDMMh8S83Q9095BAkEA+6oPzEiSsdo5
RX9D0EV+Uv4ID08johKbcZdGbsp+mo+PQ9CYOlE67QcKf8J4Hp2SFmq7mpTvvS7F
tA/a2WwJswJBANwNwsJre3QPJmJCBAGsIrPrw9rFKLiT0/ajyhT7kKfG4Rw9t55S
lY9VPFOxAJF9lDo4QiFUHi/8Htvd0B78wx0CQFh5cRRgbzIXhgrosu6Ff+Otayf2
qpBP+lX02M4aYmf0EGnG672U0SKDVy2TMKeSvckjvNCbi6z2xIqJCGdnlAECQFTh
+f6E91oNfgDo9iKvA7PjfeklpE+OtnStOYZeg640SSFbrTilIovnlR2zaUS17DeI
+/lfOUXJOx4UsfNCDQECQD7nndBJDJeSggFSJKcZ0RI59NVG8eGRSX7/3ycbq6+t
guGI7WBvhDH4jNNL8jhuE+XuJuhhzOwP85872AFgIgw=
-----END RSA PRIVATE KEY-----

183
deps/src/lua-resty-core/t/cert/ocsp/chain.pem vendored Normal file
View File

@@ -0,0 +1,183 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c7:bd:50:99:71:46:af:93:22:85:ab:74:8b:5b:
19:74:af:3e:ad:d2:e1:17:3e:cb:5b:36:9c:8a:38:
bd:1b:47:2d:8b:92:55:1d:fe:a6:72:92:78:00:de:
30:cb:a3:10:b5:92:aa:b8:e0:7b:44:9a:f5:99:89:
36:f4:84:20:81:e3:5c:76:00:9d:76:e7:b9:41:ab:
74:b6:14:9f:b2:94:b3:b6:48:a8:92:dc:09:e3:3d:
04:e3:5f:0f:5b:50:ad:0c:59:3a:88:06:39:2d:34:
a6:52:2f:58:6f:53:1b:df:9f:98:ea:82:8d:52:60:
b1:ef:6b:e9:f5:ad:29:87:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
67:DF:28:25:D1:F8:83:36:28:EE:DB:41:63:E4:E0:3A:32:0D:EA:30
X509v3 Authority Key Identifier:
keyid:B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
DirName:/C=US/ST=California/L=Default City/O=OpenResty/CN=signing-ca-1
serial:03
Authority Information Access:
OCSP - URI:http://127.0.0.1:8888/ocsp?foo=1
Signature Algorithm: sha1WithRSAEncryption
37:29:3f:ed:d9:47:9a:51:36:a3:5b:00:85:66:de:51:4d:48:
2d:f8:bc:f1:5e:b4:fd:30:48:f0:25:ee:77:57:9c:f1:4b:0a:
4f:7e:96:1a:f8:48:76:23:46:8d:d6:f2:5e:1e:08:52:12:53:
08:07:9f:75:db:77:22:2e:7e:89:c2:2c:66:85:6b:df:e9:77:
ca:23:6d:9a:af:87:8a:8c:27:37:1e:9e:55:92:8e:8a:a9:93:
24:41:a8:96:01:c0:65:93:8e:3d:7a:6c:bf:ed:c8:2a:f8:26:
cc:00:17:b7:27:ca:85:6c:2e:d5:2a:0a:8d:f3:88:e8:26:48:
e3:e8
-----BEGIN CERTIFICATE-----
MIIDaTCCAtKgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMjAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MREwDwYDVQQDEwh0ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAx71QmXFGr5Mihat0i1sZdK8+rdLhFz7LWzaciji9G0cti5JVHf6mcpJ4
AN4wy6MQtZKquOB7RJr1mYk29IQggeNcdgCddue5Qat0thSfspSztkioktwJ4z0E
418PW1CtDFk6iAY5LTSmUi9Yb1Mb35+Y6oKNUmCx72vp9a0ph0UCAwEAAaOCASsw
ggEnMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk
IENlcnRpZmljYXRlMB0GA1UdDgQWBBRn3ygl0fiDNiju20Fj5OA6Mg3qMDCBjgYD
VR0jBIGGMIGDgBSzC/V9URZRfig3w6IPHS8QwFGjs6FopGYwZDELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTES
MBAGA1UEChMJT3BlblJlc3R5MRUwEwYDVQQDEwxzaWduaW5nLWNhLTGCAQMwPAYI
KwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vMTI3LjAuMC4xOjg4ODgv
b2NzcD9mb289MTANBgkqhkiG9w0BAQUFAAOBgQA3KT/t2UeaUTajWwCFZt5RTUgt
+LzxXrT9MEjwJe53V5zxSwpPfpYa+Eh2I0aN1vJeHghSElMIB59123ciLn6Jwixm
hWvf6XfKI22ar4eKjCc3Hp5Vko6KqZMkQaiWAcBlk449emy/7cgq+CbMABe3J8qF
bC7VKgqN84joJkjj6A==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-1
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d3:24:1c:92:a5:bb:00:d9:b1:fb:2b:1d:7a:32:
a1:6c:49:eb:3c:2d:29:80:d6:65:8b:17:3a:f0:4b:
dc:0c:57:fb:d5:31:68:a5:e4:54:86:55:f9:1b:a8:
d7:7d:32:01:3b:cf:5c:38:2b:f5:bc:d3:8b:c8:b6:
ab:76:65:32:e6:4b:d5:e4:fd:d1:92:c8:33:6a:74:
f3:c7:ec:97:c3:c7:9f:e4:d5:55:75:b8:bd:39:ec:
2d:1f:c6:54:c8:2b:2d:17:e0:05:77:28:44:f7:dd:
e1:6e:f0:59:05:51:f5:b9:b4:fe:be:ad:40:a6:d5:
9a:c1:64:e0:9b:dd:67:e5:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
X509v3 Authority Key Identifier:
keyid:D2:30:71:56:50:A6:BC:21:C5:A1:A1:AB:11:A7:08:5B:EB:3A:A4:27
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
0c:61:c0:c7:11:c2:f0:39:f0:76:9d:4f:43:d4:90:54:1f:26:
3d:54:3d:77:5f:c0:b3:4a:c2:1b:b6:18:d2:12:8d:24:4d:76:
f5:07:0b:14:3e:17:2d:42:ee:85:30:db:e3:4d:81:67:59:97:
0a:b3:bb:c5:27:ea:69:c6:ee:99:5c:44:36:53:3e:c4:47:68:
f8:fe:c6:53:38:fb:e7:9a:0c:3c:6c:78:93:29:d2:49:7d:29:
d0:61:6e:81:9b:d6:ec:1a:e2:3e:62:62:41:bc:6d:4d:33:91:
76:20:5e:32:70:08:3e:24:72:fe:b1:8a:83:57:04:19:b5:cb:
99:b7
-----BEGIN CERTIFICATE-----
MIICkDCCAfmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMTAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MRUwEwYDVQQDEwxzaWduaW5nLWNhLTIwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANMkHJKluwDZsfsrHXoyoWxJ6zwtKYDWZYsXOvBL3AxX+9UxaKXk
VIZV+Ruo130yATvPXDgr9bzTi8i2q3ZlMuZL1eT90ZLIM2p088fsl8PHn+TVVXW4
vTnsLR/GVMgrLRfgBXcoRPfd4W7wWQVR9bm0/r6tQKbVmsFk4JvdZ+XxAgMBAAGj
UDBOMB0GA1UdDgQWBBSzC/V9URZRfig3w6IPHS8QwFGjszAfBgNVHSMEGDAWgBTS
MHFWUKa8IcWhoasRpwhb6zqkJzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAxhwMcRwvA58HadT0PUkFQfJj1UPXdfwLNKwhu2GNISjSRNdvUHCxQ+Fy1C
7oUw2+NNgWdZlwqzu8Un6mnG7plcRDZTPsRHaPj+xlM4++eaDDxseJMp0kl9KdBh
boGb1uwa4j5iYkG8bU0zkXYgXjJwCD4kcv6xioNXBBm1y5m3
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=root-ca
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a0:3e:1a:4f:6c:b9:3d:ab:0f:02:de:da:82:92:
ee:a2:69:88:80:ed:f2:b6:98:bc:c6:ee:d3:47:82:
4a:e7:d3:7f:55:68:5c:6d:9e:aa:ba:59:e3:5b:7f:
32:4f:79:44:4a:4f:13:e4:2e:3f:1f:98:10:a4:72:
d5:f0:e7:44:8e:d4:a7:b9:fb:54:be:b6:fa:f7:dc:
9c:29:93:d4:9f:a1:5b:18:6e:68:93:91:1b:8c:a0:
4f:02:52:e9:9d:e8:98:f3:fd:67:da:78:4b:4f:d8:
2d:90:83:5c:0b:e5:fe:48:27:e4:ec:bb:99:26:06:
8e:34:fe:93:e4:d2:fc:97:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:30:71:56:50:A6:BC:21:C5:A1:A1:AB:11:A7:08:5B:EB:3A:A4:27
X509v3 Authority Key Identifier:
keyid:1D:2F:09:60:EB:E4:EA:B5:0B:52:A9:5C:5E:09:2B:DD:34:70:CF:BA
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
a6:16:2f:fc:13:67:5e:ce:0e:79:cb:b0:91:52:9b:9e:b5:9f:
e1:fa:7d:78:f4:2a:93:f3:94:62:45:17:87:b9:0a:59:b9:a3:
a9:75:51:ca:f0:04:6c:01:d1:3a:a9:dd:66:7d:27:7b:1e:4f:
48:3a:25:ea:a5:01:32:fc:87:4b:08:da:f8:f5:62:88:e8:b9:
94:c7:cb:ee:33:08:ab:2f:52:f4:4a:14:4f:ac:2d:a2:f8:de:
c9:6f:95:b7:91:23:b9:ec:95:90:de:86:21:f5:6f:1b:cf:13:
47:77:78:dd:7a:16:e9:8b:cc:df:3d:45:8a:76:af:15:d1:9a:
37:a2
-----BEGIN CERTIFICATE-----
MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxEDAOBgNVBAMTB3Jvb3QtY2EwIBcNMTQxMDE2MDMyNzA5
WhgPMjExNDA5MjIwMzI3MDlaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMRUwEwYDVQQHEwxEZWZhdWx0IENpdHkxEjAQBgNVBAoTCU9wZW5SZXN0
eTEVMBMGA1UEAxMMc2lnbmluZy1jYS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCgPhpPbLk9qw8C3tqCku6iaYiA7fK2mLzG7tNHgkrn039VaFxtnqq6WeNb
fzJPeURKTxPkLj8fmBCkctXw50SO1Ke5+1S+tvr33Jwpk9SfoVsYbmiTkRuMoE8C
Uumd6Jjz/WfaeEtP2C2Qg1wL5f5IJ+Tsu5kmBo40/pPk0vyXVwIDAQABo1AwTjAd
BgNVHQ4EFgQU0jBxVlCmvCHFoaGrEacIW+s6pCcwHwYDVR0jBBgwFoAUHS8JYOvk
6rULUqlcXgkr3TRwz7owDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCm
Fi/8E2dezg55y7CRUpuetZ/h+n149CqT85RiRReHuQpZuaOpdVHK8ARsAdE6qd1m
fSd7Hk9IOiXqpQEy/IdLCNr49WKI6LmUx8vuMwirL1L0ShRPrC2i+N7Jb5W3kSO5
7JWQ3oYh9W8bzxNHd3jdehbpi8zfPUWKdq8V0Zo3og==
-----END CERTIFICATE-----

BIN
deps/src/lua-resty-core/t/cert/ocsp/ocsp-req.der vendored Normal file
View File

Binary file not shown.

BIN
deps/src/lua-resty-core/t/cert/ocsp/ocsp-resp-no-certs.der vendored Normal file
View File

Binary file not shown.

BIN
deps/src/lua-resty-core/t/cert/ocsp/ocsp-resp-signed-by-orphaned-no-certs.der vendored Normal file
View File

Binary file not shown.

BIN
deps/src/lua-resty-core/t/cert/ocsp/ocsp-resp-signed-by-orphaned.der vendored Normal file
View File

Binary file not shown.

BIN
deps/src/lua-resty-core/t/cert/ocsp/ocsp-resp.der vendored Normal file
View File

Binary file not shown.

183
deps/src/lua-resty-core/t/cert/ocsp/revoked-chain.pem vendored Normal file
View File

@@ -0,0 +1,183 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=revoked-test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ca:50:23:9a:59:70:ea:00:47:ff:72:05:29:9b:
5d:6d:4b:73:37:a4:ff:38:20:4b:5b:ac:1f:3b:34:
f5:12:f8:8b:0e:02:bc:bd:14:34:39:6f:7d:5b:1f:
d4:15:e7:64:2e:65:fb:b1:a8:aa:f6:96:d3:e6:2b:
00:0e:f3:8a:ef:99:ab:3e:e6:5d:eb:6d:a6:4a:d0:
aa:ff:a9:d6:9a:41:f0:66:22:0a:38:9c:28:4f:1f:
0d:cf:a2:79:96:f9:fc:3d:1e:83:70:f5:97:6e:07:
cf:a2:17:87:0d:2a:41:19:3a:44:96:89:e7:0d:cb:
88:20:86:e1:de:08:8b:0d:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FB:98:2B:56:90:69:E1:B4:2B:C2:DB:25:7C:13:87:D5:D7:BC:70:B6
X509v3 Authority Key Identifier:
keyid:B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
DirName:/C=US/ST=California/L=Default City/O=OpenResty/CN=signing-ca-1
serial:03
Authority Information Access:
OCSP - URI:http://127.0.0.1:8888/ocsp?foo=1
Signature Algorithm: sha1WithRSAEncryption
43:77:33:e9:cc:b1:42:35:94:0a:57:a5:dd:94:21:c0:cc:42:
04:81:bd:b2:ac:4d:10:68:f3:fe:33:0a:8e:b9:3e:e9:f2:44:
aa:1c:e7:3e:e8:e0:57:40:41:ef:4a:b1:32:b0:f2:75:7c:aa:
77:d2:64:9d:ba:a1:12:ea:f9:83:31:ba:9f:83:58:1c:38:e9:
d0:a6:dd:04:72:85:d1:2d:c7:3b:b2:71:ef:e4:f6:57:0c:6a:
b6:fc:e5:13:2d:be:a6:c1:f4:4b:4d:c8:69:cc:7c:2e:25:c1:
8e:80:9e:19:c3:17:b2:21:a7:af:e8:2f:f1:d4:bb:8c:a3:39:
be:49
-----BEGIN CERTIFICATE-----
MIIDcTCCAtqgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMjAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MRkwFwYDVQQDExByZXZva2VkLXRlc3QuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDKUCOaWXDqAEf/cgUpm11tS3M3pP84IEtbrB87NPUS+IsO
Ary9FDQ5b31bH9QV52QuZfuxqKr2ltPmKwAO84rvmas+5l3rbaZK0Kr/qdaaQfBm
Igo4nChPHw3PonmW+fw9HoNw9ZduB8+iF4cNKkEZOkSWiecNy4gghuHeCIsN2wID
AQABo4IBKzCCAScwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPuYK1aQaeG0K8LbJXwTh9XX
vHC2MIGOBgNVHSMEgYYwgYOAFLML9X1RFlF+KDfDog8dLxDAUaOzoWikZjBkMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVs
dCBDaXR5MRIwEAYDVQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2Et
MYIBAzA8BggrBgEFBQcBAQQwMC4wLAYIKwYBBQUHMAGGIGh0dHA6Ly8xMjcuMC4w
LjE6ODg4OC9vY3NwP2Zvbz0xMA0GCSqGSIb3DQEBBQUAA4GBAEN3M+nMsUI1lApX
pd2UIcDMQgSBvbKsTRBo8/4zCo65PunyRKoc5z7o4FdAQe9KsTKw8nV8qnfSZJ26
oRLq+YMxup+DWBw46dCm3QRyhdEtxzuyce/k9lcMarb85RMtvqbB9EtNyGnMfC4l
wY6AnhnDF7Ihp6/oL/HUu4yjOb5J
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-1
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d3:24:1c:92:a5:bb:00:d9:b1:fb:2b:1d:7a:32:
a1:6c:49:eb:3c:2d:29:80:d6:65:8b:17:3a:f0:4b:
dc:0c:57:fb:d5:31:68:a5:e4:54:86:55:f9:1b:a8:
d7:7d:32:01:3b:cf:5c:38:2b:f5:bc:d3:8b:c8:b6:
ab:76:65:32:e6:4b:d5:e4:fd:d1:92:c8:33:6a:74:
f3:c7:ec:97:c3:c7:9f:e4:d5:55:75:b8:bd:39:ec:
2d:1f:c6:54:c8:2b:2d:17:e0:05:77:28:44:f7:dd:
e1:6e:f0:59:05:51:f5:b9:b4:fe:be:ad:40:a6:d5:
9a:c1:64:e0:9b:dd:67:e5:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
X509v3 Authority Key Identifier:
keyid:D2:30:71:56:50:A6:BC:21:C5:A1:A1:AB:11:A7:08:5B:EB:3A:A4:27
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
0c:61:c0:c7:11:c2:f0:39:f0:76:9d:4f:43:d4:90:54:1f:26:
3d:54:3d:77:5f:c0:b3:4a:c2:1b:b6:18:d2:12:8d:24:4d:76:
f5:07:0b:14:3e:17:2d:42:ee:85:30:db:e3:4d:81:67:59:97:
0a:b3:bb:c5:27:ea:69:c6:ee:99:5c:44:36:53:3e:c4:47:68:
f8:fe:c6:53:38:fb:e7:9a:0c:3c:6c:78:93:29:d2:49:7d:29:
d0:61:6e:81:9b:d6:ec:1a:e2:3e:62:62:41:bc:6d:4d:33:91:
76:20:5e:32:70:08:3e:24:72:fe:b1:8a:83:57:04:19:b5:cb:
99:b7
-----BEGIN CERTIFICATE-----
MIICkDCCAfmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMTAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MRUwEwYDVQQDEwxzaWduaW5nLWNhLTIwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANMkHJKluwDZsfsrHXoyoWxJ6zwtKYDWZYsXOvBL3AxX+9UxaKXk
VIZV+Ruo130yATvPXDgr9bzTi8i2q3ZlMuZL1eT90ZLIM2p088fsl8PHn+TVVXW4
vTnsLR/GVMgrLRfgBXcoRPfd4W7wWQVR9bm0/r6tQKbVmsFk4JvdZ+XxAgMBAAGj
UDBOMB0GA1UdDgQWBBSzC/V9URZRfig3w6IPHS8QwFGjszAfBgNVHSMEGDAWgBTS
MHFWUKa8IcWhoasRpwhb6zqkJzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAxhwMcRwvA58HadT0PUkFQfJj1UPXdfwLNKwhu2GNISjSRNdvUHCxQ+Fy1C
7oUw2+NNgWdZlwqzu8Un6mnG7plcRDZTPsRHaPj+xlM4++eaDDxseJMp0kl9KdBh
boGb1uwa4j5iYkG8bU0zkXYgXjJwCD4kcv6xioNXBBm1y5m3
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=root-ca
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a0:3e:1a:4f:6c:b9:3d:ab:0f:02:de:da:82:92:
ee:a2:69:88:80:ed:f2:b6:98:bc:c6:ee:d3:47:82:
4a:e7:d3:7f:55:68:5c:6d:9e:aa:ba:59:e3:5b:7f:
32:4f:79:44:4a:4f:13:e4:2e:3f:1f:98:10:a4:72:
d5:f0:e7:44:8e:d4:a7:b9:fb:54:be:b6:fa:f7:dc:
9c:29:93:d4:9f:a1:5b:18:6e:68:93:91:1b:8c:a0:
4f:02:52:e9:9d:e8:98:f3:fd:67:da:78:4b:4f:d8:
2d:90:83:5c:0b:e5:fe:48:27:e4:ec:bb:99:26:06:
8e:34:fe:93:e4:d2:fc:97:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:30:71:56:50:A6:BC:21:C5:A1:A1:AB:11:A7:08:5B:EB:3A:A4:27
X509v3 Authority Key Identifier:
keyid:1D:2F:09:60:EB:E4:EA:B5:0B:52:A9:5C:5E:09:2B:DD:34:70:CF:BA
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
a6:16:2f:fc:13:67:5e:ce:0e:79:cb:b0:91:52:9b:9e:b5:9f:
e1:fa:7d:78:f4:2a:93:f3:94:62:45:17:87:b9:0a:59:b9:a3:
a9:75:51:ca:f0:04:6c:01:d1:3a:a9:dd:66:7d:27:7b:1e:4f:
48:3a:25:ea:a5:01:32:fc:87:4b:08:da:f8:f5:62:88:e8:b9:
94:c7:cb:ee:33:08:ab:2f:52:f4:4a:14:4f:ac:2d:a2:f8:de:
c9:6f:95:b7:91:23:b9:ec:95:90:de:86:21:f5:6f:1b:cf:13:
47:77:78:dd:7a:16:e9:8b:cc:df:3d:45:8a:76:af:15:d1:9a:
37:a2
-----BEGIN CERTIFICATE-----
MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxEDAOBgNVBAMTB3Jvb3QtY2EwIBcNMTQxMDE2MDMyNzA5
WhgPMjExNDA5MjIwMzI3MDlaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMRUwEwYDVQQHEwxEZWZhdWx0IENpdHkxEjAQBgNVBAoTCU9wZW5SZXN0
eTEVMBMGA1UEAxMMc2lnbmluZy1jYS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCgPhpPbLk9qw8C3tqCku6iaYiA7fK2mLzG7tNHgkrn039VaFxtnqq6WeNb
fzJPeURKTxPkLj8fmBCkctXw50SO1Ke5+1S+tvr33Jwpk9SfoVsYbmiTkRuMoE8C
Uumd6Jjz/WfaeEtP2C2Qg1wL5f5IJ+Tsu5kmBo40/pPk0vyXVwIDAQABo1AwTjAd
BgNVHQ4EFgQU0jBxVlCmvCHFoaGrEacIW+s6pCcwHwYDVR0jBBgwFoAUHS8JYOvk
6rULUqlcXgkr3TRwz7owDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCm
Fi/8E2dezg55y7CRUpuetZ/h+n149CqT85RiRReHuQpZuaOpdVHK8ARsAdE6qd1m
fSd7Hk9IOiXqpQEy/IdLCNr49WKI6LmUx8vuMwirL1L0ShRPrC2i+N7Jb5W3kSO5
7JWQ3oYh9W8bzxNHd3jdehbpi8zfPUWKdq8V0Zo3og==
-----END CERTIFICATE-----

BIN
deps/src/lua-resty-core/t/cert/ocsp/revoked-ocsp-resp.der vendored Normal file
View File

Binary file not shown.

69
deps/src/lua-resty-core/t/cert/ocsp/test-com.crt vendored Normal file
View File

@@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c7:bd:50:99:71:46:af:93:22:85:ab:74:8b:5b:
19:74:af:3e:ad:d2:e1:17:3e:cb:5b:36:9c:8a:38:
bd:1b:47:2d:8b:92:55:1d:fe:a6:72:92:78:00:de:
30:cb:a3:10:b5:92:aa:b8:e0:7b:44:9a:f5:99:89:
36:f4:84:20:81:e3:5c:76:00:9d:76:e7:b9:41:ab:
74:b6:14:9f:b2:94:b3:b6:48:a8:92:dc:09:e3:3d:
04:e3:5f:0f:5b:50:ad:0c:59:3a:88:06:39:2d:34:
a6:52:2f:58:6f:53:1b:df:9f:98:ea:82:8d:52:60:
b1:ef:6b:e9:f5:ad:29:87:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
67:DF:28:25:D1:F8:83:36:28:EE:DB:41:63:E4:E0:3A:32:0D:EA:30
X509v3 Authority Key Identifier:
keyid:B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
DirName:/C=US/ST=California/L=Default City/O=OpenResty/CN=signing-ca-1
serial:03
Authority Information Access:
OCSP - URI:http://127.0.0.1:8888/ocsp?foo=1
Signature Algorithm: sha1WithRSAEncryption
37:29:3f:ed:d9:47:9a:51:36:a3:5b:00:85:66:de:51:4d:48:
2d:f8:bc:f1:5e:b4:fd:30:48:f0:25:ee:77:57:9c:f1:4b:0a:
4f:7e:96:1a:f8:48:76:23:46:8d:d6:f2:5e:1e:08:52:12:53:
08:07:9f:75:db:77:22:2e:7e:89:c2:2c:66:85:6b:df:e9:77:
ca:23:6d:9a:af:87:8a:8c:27:37:1e:9e:55:92:8e:8a:a9:93:
24:41:a8:96:01:c0:65:93:8e:3d:7a:6c:bf:ed:c8:2a:f8:26:
cc:00:17:b7:27:ca:85:6c:2e:d5:2a:0a:8d:f3:88:e8:26:48:
e3:e8
-----BEGIN CERTIFICATE-----
MIIDaTCCAtKgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMjAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MREwDwYDVQQDEwh0ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAx71QmXFGr5Mihat0i1sZdK8+rdLhFz7LWzaciji9G0cti5JVHf6mcpJ4
AN4wy6MQtZKquOB7RJr1mYk29IQggeNcdgCddue5Qat0thSfspSztkioktwJ4z0E
418PW1CtDFk6iAY5LTSmUi9Yb1Mb35+Y6oKNUmCx72vp9a0ph0UCAwEAAaOCASsw
ggEnMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk
IENlcnRpZmljYXRlMB0GA1UdDgQWBBRn3ygl0fiDNiju20Fj5OA6Mg3qMDCBjgYD
VR0jBIGGMIGDgBSzC/V9URZRfig3w6IPHS8QwFGjs6FopGYwZDELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTES
MBAGA1UEChMJT3BlblJlc3R5MRUwEwYDVQQDEwxzaWduaW5nLWNhLTGCAQMwPAYI
KwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vMTI3LjAuMC4xOjg4ODgv
b2NzcD9mb289MTANBgkqhkiG9w0BAQUFAAOBgQA3KT/t2UeaUTajWwCFZt5RTUgt
+LzxXrT9MEjwJe53V5zxSwpPfpYa+Eh2I0aN1vJeHghSElMIB59123ciLn6Jwixm
hWvf6XfKI22ar4eKjCc3Hp5Vko6KqZMkQaiWAcBlk449emy/7cgq+CbMABe3J8qF
bC7VKgqN84joJkjj6A==
-----END CERTIFICATE-----

183
deps/src/lua-resty-core/t/cert/ocsp/wrong-issuer-order-chain.pem vendored Normal file
View File

@@ -0,0 +1,183 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c7:bd:50:99:71:46:af:93:22:85:ab:74:8b:5b:
19:74:af:3e:ad:d2:e1:17:3e:cb:5b:36:9c:8a:38:
bd:1b:47:2d:8b:92:55:1d:fe:a6:72:92:78:00:de:
30:cb:a3:10:b5:92:aa:b8:e0:7b:44:9a:f5:99:89:
36:f4:84:20:81:e3:5c:76:00:9d:76:e7:b9:41:ab:
74:b6:14:9f:b2:94:b3:b6:48:a8:92:dc:09:e3:3d:
04:e3:5f:0f:5b:50:ad:0c:59:3a:88:06:39:2d:34:
a6:52:2f:58:6f:53:1b:df:9f:98:ea:82:8d:52:60:
b1:ef:6b:e9:f5:ad:29:87:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
67:DF:28:25:D1:F8:83:36:28:EE:DB:41:63:E4:E0:3A:32:0D:EA:30
X509v3 Authority Key Identifier:
keyid:B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
DirName:/C=US/ST=California/L=Default City/O=OpenResty/CN=signing-ca-1
serial:03
Authority Information Access:
OCSP - URI:http://127.0.0.1:8888/ocsp?foo=1
Signature Algorithm: sha1WithRSAEncryption
37:29:3f:ed:d9:47:9a:51:36:a3:5b:00:85:66:de:51:4d:48:
2d:f8:bc:f1:5e:b4:fd:30:48:f0:25:ee:77:57:9c:f1:4b:0a:
4f:7e:96:1a:f8:48:76:23:46:8d:d6:f2:5e:1e:08:52:12:53:
08:07:9f:75:db:77:22:2e:7e:89:c2:2c:66:85:6b:df:e9:77:
ca:23:6d:9a:af:87:8a:8c:27:37:1e:9e:55:92:8e:8a:a9:93:
24:41:a8:96:01:c0:65:93:8e:3d:7a:6c:bf:ed:c8:2a:f8:26:
cc:00:17:b7:27:ca:85:6c:2e:d5:2a:0a:8d:f3:88:e8:26:48:
e3:e8
-----BEGIN CERTIFICATE-----
MIIDaTCCAtKgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMjAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MREwDwYDVQQDEwh0ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAx71QmXFGr5Mihat0i1sZdK8+rdLhFz7LWzaciji9G0cti5JVHf6mcpJ4
AN4wy6MQtZKquOB7RJr1mYk29IQggeNcdgCddue5Qat0thSfspSztkioktwJ4z0E
418PW1CtDFk6iAY5LTSmUi9Yb1Mb35+Y6oKNUmCx72vp9a0ph0UCAwEAAaOCASsw
ggEnMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk
IENlcnRpZmljYXRlMB0GA1UdDgQWBBRn3ygl0fiDNiju20Fj5OA6Mg3qMDCBjgYD
VR0jBIGGMIGDgBSzC/V9URZRfig3w6IPHS8QwFGjs6FopGYwZDELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTES
MBAGA1UEChMJT3BlblJlc3R5MRUwEwYDVQQDEwxzaWduaW5nLWNhLTGCAQMwPAYI
KwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vMTI3LjAuMC4xOjg4ODgv
b2NzcD9mb289MTANBgkqhkiG9w0BAQUFAAOBgQA3KT/t2UeaUTajWwCFZt5RTUgt
+LzxXrT9MEjwJe53V5zxSwpPfpYa+Eh2I0aN1vJeHghSElMIB59123ciLn6Jwixm
hWvf6XfKI22ar4eKjCc3Hp5Vko6KqZMkQaiWAcBlk449emy/7cgq+CbMABe3J8qF
bC7VKgqN84joJkjj6A==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=root-ca
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a0:3e:1a:4f:6c:b9:3d:ab:0f:02:de:da:82:92:
ee:a2:69:88:80:ed:f2:b6:98:bc:c6:ee:d3:47:82:
4a:e7:d3:7f:55:68:5c:6d:9e:aa:ba:59:e3:5b:7f:
32:4f:79:44:4a:4f:13:e4:2e:3f:1f:98:10:a4:72:
d5:f0:e7:44:8e:d4:a7:b9:fb:54:be:b6:fa:f7:dc:
9c:29:93:d4:9f:a1:5b:18:6e:68:93:91:1b:8c:a0:
4f:02:52:e9:9d:e8:98:f3:fd:67:da:78:4b:4f:d8:
2d:90:83:5c:0b:e5:fe:48:27:e4:ec:bb:99:26:06:
8e:34:fe:93:e4:d2:fc:97:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:30:71:56:50:A6:BC:21:C5:A1:A1:AB:11:A7:08:5B:EB:3A:A4:27
X509v3 Authority Key Identifier:
keyid:1D:2F:09:60:EB:E4:EA:B5:0B:52:A9:5C:5E:09:2B:DD:34:70:CF:BA
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
a6:16:2f:fc:13:67:5e:ce:0e:79:cb:b0:91:52:9b:9e:b5:9f:
e1:fa:7d:78:f4:2a:93:f3:94:62:45:17:87:b9:0a:59:b9:a3:
a9:75:51:ca:f0:04:6c:01:d1:3a:a9:dd:66:7d:27:7b:1e:4f:
48:3a:25:ea:a5:01:32:fc:87:4b:08:da:f8:f5:62:88:e8:b9:
94:c7:cb:ee:33:08:ab:2f:52:f4:4a:14:4f:ac:2d:a2:f8:de:
c9:6f:95:b7:91:23:b9:ec:95:90:de:86:21:f5:6f:1b:cf:13:
47:77:78:dd:7a:16:e9:8b:cc:df:3d:45:8a:76:af:15:d1:9a:
37:a2
-----BEGIN CERTIFICATE-----
MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxEDAOBgNVBAMTB3Jvb3QtY2EwIBcNMTQxMDE2MDMyNzA5
WhgPMjExNDA5MjIwMzI3MDlaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMRUwEwYDVQQHEwxEZWZhdWx0IENpdHkxEjAQBgNVBAoTCU9wZW5SZXN0
eTEVMBMGA1UEAxMMc2lnbmluZy1jYS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCgPhpPbLk9qw8C3tqCku6iaYiA7fK2mLzG7tNHgkrn039VaFxtnqq6WeNb
fzJPeURKTxPkLj8fmBCkctXw50SO1Ke5+1S+tvr33Jwpk9SfoVsYbmiTkRuMoE8C
Uumd6Jjz/WfaeEtP2C2Qg1wL5f5IJ+Tsu5kmBo40/pPk0vyXVwIDAQABo1AwTjAd
BgNVHQ4EFgQU0jBxVlCmvCHFoaGrEacIW+s6pCcwHwYDVR0jBBgwFoAUHS8JYOvk
6rULUqlcXgkr3TRwz7owDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCm
Fi/8E2dezg55y7CRUpuetZ/h+n149CqT85RiRReHuQpZuaOpdVHK8ARsAdE6qd1m
fSd7Hk9IOiXqpQEy/IdLCNr49WKI6LmUx8vuMwirL1L0ShRPrC2i+N7Jb5W3kSO5
7JWQ3oYh9W8bzxNHd3jdehbpi8zfPUWKdq8V0Zo3og==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-1
Validity
Not Before: Oct 16 03:27:09 2014 GMT
Not After : Sep 22 03:27:09 2114 GMT
Subject: C=US, ST=California, L=Default City, O=OpenResty, CN=signing-ca-2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d3:24:1c:92:a5:bb:00:d9:b1:fb:2b:1d:7a:32:
a1:6c:49:eb:3c:2d:29:80:d6:65:8b:17:3a:f0:4b:
dc:0c:57:fb:d5:31:68:a5:e4:54:86:55:f9:1b:a8:
d7:7d:32:01:3b:cf:5c:38:2b:f5:bc:d3:8b:c8:b6:
ab:76:65:32:e6:4b:d5:e4:fd:d1:92:c8:33:6a:74:
f3:c7:ec:97:c3:c7:9f:e4:d5:55:75:b8:bd:39:ec:
2d:1f:c6:54:c8:2b:2d:17:e0:05:77:28:44:f7:dd:
e1:6e:f0:59:05:51:f5:b9:b4:fe:be:ad:40:a6:d5:
9a:c1:64:e0:9b:dd:67:e5:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:0B:F5:7D:51:16:51:7E:28:37:C3:A2:0F:1D:2F:10:C0:51:A3:B3
X509v3 Authority Key Identifier:
keyid:D2:30:71:56:50:A6:BC:21:C5:A1:A1:AB:11:A7:08:5B:EB:3A:A4:27
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
0c:61:c0:c7:11:c2:f0:39:f0:76:9d:4f:43:d4:90:54:1f:26:
3d:54:3d:77:5f:c0:b3:4a:c2:1b:b6:18:d2:12:8d:24:4d:76:
f5:07:0b:14:3e:17:2d:42:ee:85:30:db:e3:4d:81:67:59:97:
0a:b3:bb:c5:27:ea:69:c6:ee:99:5c:44:36:53:3e:c4:47:68:
f8:fe:c6:53:38:fb:e7:9a:0c:3c:6c:78:93:29:d2:49:7d:29:
d0:61:6e:81:9b:d6:ec:1a:e2:3e:62:62:41:bc:6d:4d:33:91:
76:20:5e:32:70:08:3e:24:72:fe:b1:8a:83:57:04:19:b5:cb:
99:b7
-----BEGIN CERTIFICATE-----
MIICkDCCAfmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMRGVmYXVsdCBDaXR5MRIwEAYD
VQQKEwlPcGVuUmVzdHkxFTATBgNVBAMTDHNpZ25pbmctY2EtMTAgFw0xNDEwMTYw
MzI3MDlaGA8yMTE0MDkyMjAzMjcwOVowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFTATBgNVBAcTDERlZmF1bHQgQ2l0eTESMBAGA1UEChMJT3Bl
blJlc3R5MRUwEwYDVQQDEwxzaWduaW5nLWNhLTIwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANMkHJKluwDZsfsrHXoyoWxJ6zwtKYDWZYsXOvBL3AxX+9UxaKXk
VIZV+Ruo130yATvPXDgr9bzTi8i2q3ZlMuZL1eT90ZLIM2p088fsl8PHn+TVVXW4
vTnsLR/GVMgrLRfgBXcoRPfd4W7wWQVR9bm0/r6tQKbVmsFk4JvdZ+XxAgMBAAGj
UDBOMB0GA1UdDgQWBBSzC/V9URZRfig3w6IPHS8QwFGjszAfBgNVHSMEGDAWgBTS
MHFWUKa8IcWhoasRpwhb6zqkJzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAxhwMcRwvA58HadT0PUkFQfJj1UPXdfwLNKwhu2GNISjSRNdvUHCxQ+Fy1C
7oUw2+NNgWdZlwqzu8Un6mnG7plcRDZTPsRHaPj+xlM4++eaDDxseJMp0kl9KdBh
boGb1uwa4j5iYkG8bU0zkXYgXjJwCD4kcv6xioNXBBm1y5m3
-----END CERTIFICATE-----

17
deps/src/lua-resty-core/t/cert/test.crt vendored Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICqTCCAhICCQClDm1WkreW4jANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x
EjAQBgNVBAoMCU9wZW5SZXN0eTESMBAGA1UECwwJT3BlblJlc3R5MREwDwYDVQQD
DAh0ZXN0LmNvbTEgMB4GCSqGSIb3DQEJARYRYWdlbnR6aEBnbWFpbC5jb20wIBcN
MTQwNzIxMDMyMzQ3WhgPMjE1MTA2MTMwMzIzNDdaMIGXMQswCQYDVQQGEwJVUzET
MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzESMBAG
A1UECgwJT3BlblJlc3R5MRIwEAYDVQQLDAlPcGVuUmVzdHkxETAPBgNVBAMMCHRl
c3QuY29tMSAwHgYJKoZIhvcNAQkBFhFhZ2VudHpoQGdtYWlsLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA6P18zUvtmaKQK2xePy8ZbFwSyTLw+jW6t9eZ
aiTec8X3ibN9WemrxHzkTRikxP3cAQoITRuZiQvF4Q7DO6wMkz/b0zwfgX5uedGq
047AJP6n/mwlDOjGSNomBLoXQzo7tVe60ikEm3ZyDUqnJPJMt3hImO5XSop4MPMu
Za9WhFcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA4OBb9bOyWB1//93nSXX1mdENZ
IQeyTK0Dd6My76lnZxnZ4hTWrvvd0b17KLDU6JnS2N5ee3ATVkojPidRLWLIhnh5
0eXrcKalbO2Ce6nShoFvQCQKXN2Txmq2vO/Mud2bHAWwJALg+qi1Iih/gVYB9sct
FLg8zFOzRlYiU+6Mmw==
-----END CERTIFICATE-----

BIN
deps/src/lua-resty-core/t/cert/test.crt.der vendored Normal file
View File

Binary file not shown.

15
deps/src/lua-resty-core/t/cert/test.key vendored Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDo/XzNS+2ZopArbF4/LxlsXBLJMvD6Nbq315lqJN5zxfeJs31Z
6avEfORNGKTE/dwBCghNG5mJC8XhDsM7rAyTP9vTPB+Bfm550arTjsAk/qf+bCUM
6MZI2iYEuhdDOju1V7rSKQSbdnINSqck8ky3eEiY7ldKingw8y5lr1aEVwIDAQAB
AoGBANgB66sKMga2SKN5nQdHS3LDCkevCutu1OWM5ZcbB4Kej5kC57xsf+tzPtab
emeIVGhCPOAALqB4YcT+QtMX967oM1MjcFbtH7si5oq6UYyp3i0G9Si6jIoVHz3+
8yOUaqwKbK+bRX8VS0YsHZmBsPK5ryN50iUwsU08nemoA94BAkEA9GS9Q5OPeFkM
tFxsIQ1f2FSsZAuN/1cpZgJqY+YaAN7MSPGTWyfd7nWG/Zgk3GO9/2ihh4gww+7B
To09GkmW4QJBAPQOHC2V+t2TA98+6Lj6+TYwcGEkhOENfVpH25mQ+kXgF/1Bd6rA
nosT1bdAY+SnmWXbSw6Kv5C20Em+bEX8WjcCQCSRRjhsRdVODbaW9Z7kb2jhEoJN
sEt6cTlQNzcHYPCsZYisjM3g4zYg47fiIfHQAsfKkhDDcfh/KvFj9LaQOEECQQCH
eBWYEDpSJ7rsfqT7mQQgWj7nDThdG/nK1TxGP71McBmg0Gg2dfkLRhVJRQqt74Is
kc9V4Rp4n6F6baL4Lh19AkEA6pZZer0kg3Kv9hjhaITIKUYdfIp9vYnDRWbQlBmR
atV8V9u9q2ETZvqfHpN+9Lu6NYR4yXIEIRf1bnIZ/mr9eQ==
-----END RSA PRIVATE KEY-----

BIN
deps/src/lua-resty-core/t/cert/test.key.der vendored Normal file
View File

Binary file not shown.

16
deps/src/lua-resty-core/t/cert/test2.crt vendored Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIChzCCAfACCQDjCkJpJUtZmjANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x
EjAQBgNVBAoMCU9wZW5SZXN0eTESMBAGA1UEAwwJdGVzdDIuY29tMSIwIAYJKoZI
hvcNAQkBFhNvcGVucmVzdHlAZ21haWwuY29tMCAXDTE0MDkxMzAwMTgxMFoYDzIx
MTQwODIwMDAxODEwWjCBhjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCU9wZW5SZXN0eTES
MBAGA1UEAwwJdGVzdDIuY29tMSIwIAYJKoZIhvcNAQkBFhNvcGVucmVzdHlAZ21h
aWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDy+OVI2u5NBOeB2Cyz
Gnwy9b7Ao4CSi05XtUxh2IoVdzYZz6c4PFb9C1ad52LDdRStiQT5A7+RKLj6Kr7f
JrKFziJxMy4g4Kdn9G659vE7CWu/UAVjRUtc+mTBAEfjdbumizmHLG7DmnNhGl3R
NGiVNLsUInSMGfUlJRzZJXhI4QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEMmRvyN
N7uE24Tc6TR19JadNHK8g3YGktRoXWiqd/y0HY4NRPgvnK/nX7CY/wXa1j+uDO8K
e6/Ldm5RZrjtvfHJmTSAu8zkqTJz8bqRDH7kzL5Ni2Ky2x8r9dtB0ImpOiSlwvZN
snMvbrxEdwBiqlC9prV2f9aG+ACo1KnPL0j6
-----END CERTIFICATE-----

15
deps/src/lua-resty-core/t/cert/test2.key vendored Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDy+OVI2u5NBOeB2CyzGnwy9b7Ao4CSi05XtUxh2IoVdzYZz6c4
PFb9C1ad52LDdRStiQT5A7+RKLj6Kr7fJrKFziJxMy4g4Kdn9G659vE7CWu/UAVj
RUtc+mTBAEfjdbumizmHLG7DmnNhGl3RNGiVNLsUInSMGfUlJRzZJXhI4QIDAQAB
AoGAEqBB83PVENJvbOTFiHVfUAjGtr3R/Wnwd4jOcjHHZB3fZ9sjVoxJntxfp3s1
dwZir2rxlqVS6i3VAFiGiVTOGo2Vvzhw2J7f58twCECmnLb2f863AkGEYe4dAndD
GHGD0WI0CBMD1sT18YCj561o0Wol5deWH0gM9pr2N3HkeIECQQD6hUKFlFhrpaHP
WNJsl6BxgE6pB5kxLcMcpIQ7P+kHUvtyvCJl5QZJqPrpPGjRsAI5Ph92rpsp/zDp
/IZNWGVjAkEA+Ele31Rt+XbV32MrLKZgBDBk+Pzss5LTn9fZ5v1k/7hrMk2VVWvk
AD6n5QiGe/g59woANpPb1T9l956SBf0d6wJABTXOS17pc9uvANP1FGMW6CVl/Wf2
DKrJ+weE5IKQwyE7r4gwIvRfbBrClSU3fNzvPueG2f4JphbzmnoxBNzIxwJAYivY
mGNwzHehXx99/byXMHDWK+EN0n8WsBgP75Z3rekEcbJdfpYXY8Via1vwmOnwOW65
4NqbzHix37PSNw37GwJBALxaGNpREO2Tk+oWOvsD2QyviMVae3mXAJHc6nLVdKDM
q0YvDT6VdeNYYFTkAuzJacsVXOpn6AnUMFj0OBedMhc=
-----END RSA PRIVATE KEY-----

45
deps/src/lua-resty-core/t/count.t vendored Normal file
View File

@@ -0,0 +1,45 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 3);
#no_diff();
no_long_string();
run_tests();
__DATA__
=== TEST 1: module size
--- config
location = /re {
access_log off;
content_by_lua_block {
local base = require "resty.core.base"
local n = 0
for _, _ in pairs(base) do
n = n + 1
end
ngx.say("base size: ", n)
}
}
--- request
GET /re
--- stap2
global c
probe process("$LIBLUA_PATH").function("rehashtab") {
c++
printf("rehash: %d\n", c)
}
--- response_body
base size: 19
--- no_error_log
[error]

931
deps/src/lua-resty-core/t/ctx.t vendored Normal file
View File

@@ -0,0 +1,931 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
use Cwd qw(cwd);
#worker_connections(1014);
#master_process_enabled(1);
log_level('debug');
#repeat_each(120);
repeat_each(2);
plan tests => repeat_each() * (blocks() * 3 + 11);
#no_diff();
#no_long_string();
my $pwd = cwd();
add_block_preprocessor(sub {
my $block = shift;
my $http_config = $block->http_config || '';
$http_config .= <<_EOC_;
lua_package_path "$pwd/lib/?.lua;\$prefix/html/?.lua;../lua-resty-lrucache/lib/?.lua;;";
init_by_lua_block {
local verbose = false
if verbose then
local dump = require "jit.dump"
dump.on(nil, "$Test::Nginx::Util::ErrLogFile")
else
local v = require "jit.v"
v.on("$Test::Nginx::Util::ErrLogFile")
end
require "resty.core"
-- jit.off()
}
_EOC_
$block->set_value("http_config", $http_config);
});
check_accum_error_log();
$ENV{TEST_NGINX_HTML_DIR} ||= html_dir();
run_tests();
__DATA__
=== TEST 1: get ngx.ctx
--- config
location = /t {
content_by_lua_block {
for i = 1, 100 do
ngx.ctx.foo = i
end
ngx.say("ctx.foo = ", ngx.ctx.foo)
}
}
--- request
GET /t
--- response_body
ctx.foo = 100
--- no_error_log
[error]
-- NYI:
bad argument
--- error_log eval
qr/\[TRACE\s+\d+\s+content_by_lua\(nginx\.conf:\d+\):2 loop\]/
=== TEST 2: set ngx.ctx
--- config
location = /t {
content_by_lua_block {
for i = 1, 100 do
ngx.ctx = {foo = i}
end
ngx.say("ctx.foo = ", ngx.ctx.foo)
}
}
--- request
GET /t
--- response_body
ctx.foo = 100
--- no_error_log
[error]
-- NYI:
bad argument
--- error_log eval
qr/\[TRACE\s+\d+\s+content_by_lua\(nginx\.conf:\d+\):2 loop\]/
=== TEST 3: ngx.ctx in ssl_certificate_by_lua
--- http_config
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
ngx.ctx.answer = 42
ngx.log(ngx.WARN, "ngx.ctx.answer = ", ngx.ctx.answer)
ngx.ctx.count = 0
}
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
content_by_lua_block {
ngx.say(ngx.ctx.answer)
ngx.ctx.count = ngx.ctx.count + 1
ngx.say(ngx.ctx.count)
}
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(nil, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
for i = 1, 2 do
local req = "GET /foo HTTP/1.1\r\nHost: test.com\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local body_seen = false
while true do
local line, err = sock:receive()
if not line then
break
end
if body_seen then
if line == "0" then
assert(sock:receive())
break
end
local line, err = sock:receive(line)
ngx.print("received: ", line)
assert(sock:receive())
elseif line == "" then
body_seen = true
end
end
end
sock:close()
end -- do
-- collectgarbage()
}
}
--- request
GET /t
--- response_body
received: 42
received: 1
received: 42
received: 1
--- error_log
ngx.ctx.answer = 42
--- grep_error_log eval
qr/lua release ngx.ctx at ref \d+/
--- grep_error_log_out eval
["lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 1
",
"lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 1
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 1
"]
--- no_error_log
[error]
=== TEST 4: ngx.ctx in ssl_certificate_by_lua (share objects)
--- http_config
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
ngx.ctx.req = { count = 0 }
}
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
content_by_lua_block {
ngx.ctx.req.count = ngx.ctx.req.count + 1
ngx.say(ngx.ctx.req.count)
}
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(nil, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
for i = 1, 2 do
local req = "GET /foo HTTP/1.1\r\nHost: test.com\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local body_seen = false
while true do
local line, err = sock:receive()
if not line then
break
end
if body_seen then
if line == "0" then
assert(sock:receive())
break
end
local line, err = sock:receive(line)
ngx.print("received: ", line)
assert(sock:receive())
elseif line == "" then
body_seen = true
end
end
end
sock:close()
end -- do
-- collectgarbage()
}
}
--- request
GET /t
--- response_body
received: 1
received: 2
--- no_error_log
[error]
=== TEST 5: ngx.ctx in ssl_certificate_by_lua (release ctx when client aborted)
--- http_config
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
ssl.clear_certs()
ngx.ctx.answer = 42
}
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
return 200 "ok";
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(nil, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
end
sock:close()
end -- do
-- collectgarbage()
}
}
--- request
GET /t
--- response_body
failed to do SSL handshake: handshake failed
--- grep_error_log eval
qr/lua release ngx.ctx at ref \d+/
--- grep_error_log_out eval
["lua release ngx.ctx at ref 1
",
"lua release ngx.ctx at ref 1
lua release ngx.ctx at ref 1
"]
=== TEST 6: ngx.ctx in ssl_session_store_by_lua
--- http_config
ssl_session_store_by_lua_block {
ngx.ctx.answer = 42
ngx.log(ngx.WARN, "ngx.ctx.answer = ", ngx.ctx.answer)
ngx.ctx.count = 0
}
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_session_tickets off;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
content_by_lua_block {
ngx.say(ngx.ctx.answer)
ngx.ctx.count = ngx.ctx.count + 1
ngx.say(ngx.ctx.count)
}
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(package.loaded.session, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
for i = 1, 2 do
local req = "GET /foo HTTP/1.1\r\nHost: test.com\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local body_seen = false
while true do
local line, err = sock:receive()
if not line then
break
end
if body_seen then
if line == "0" then
assert(sock:receive())
break
end
local line, err = sock:receive(line)
ngx.print("received: ", line)
assert(sock:receive())
elseif line == "" then
body_seen = true
end
end
end
package.loaded.session = sess
sock:close()
end -- do
}
}
--- request
GET /t
--- response_body
received: 42
received: 1
received: 42
received: 1
--- error_log
ngx.ctx.answer = 42
--- grep_error_log eval
qr/lua release ngx.ctx at ref \d+/
--- grep_error_log_out eval
["lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 1
",
"lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 1
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 2
lua release ngx.ctx at ref 1
"]
--- no_error_log
[error]
=== TEST 7: ngx.ctx in ssl_session_store_by_lua (release ctx when client aborted)
--- http_config
ssl_session_store_by_lua_block {
ngx.ctx.answer = 42
}
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_session_tickets off;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
return 200 "ok";
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(package.loaded.session, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
ngx.say("closed")
sock:close()
end -- do
}
}
--- request
GET /t
--- response_body
closed
--- grep_error_log eval
qr/lua release ngx.ctx at ref \d+/
--- grep_error_log_out eval
["lua release ngx.ctx at ref 1
",
"lua release ngx.ctx at ref 1
lua release ngx.ctx at ref 1
"]
--- no_error_log
[error]
=== TEST 8: ngx.ctx in ssl_session_fetch_by_lua
--- http_config
ssl_session_fetch_by_lua_block {
ngx.ctx.answer = 42
ngx.ctx.count = 0
}
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_session_tickets off;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
content_by_lua_block {
if package.loaded.session then
ngx.say(ngx.ctx.answer)
ngx.ctx.count = ngx.ctx.count + 1
ngx.say(ngx.ctx.count)
end
}
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(package.loaded.session, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
for i = 1, 2 do
local req = "GET /foo HTTP/1.1\r\nHost: test.com\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local body_seen = false
while true do
local line, err = sock:receive()
if not line then
break
end
if body_seen then
if line == "0" then
assert(sock:receive())
break
end
local line, err = sock:receive(line)
ngx.log(ngx.WARN, "received: ", line)
assert(sock:receive())
elseif line == "" then
body_seen = true
end
end
end
package.loaded.session = sess
sock:close()
end -- do
}
}
--- request
GET /t
--- grep_error_log eval
qr/(received: \w+|lua release ngx.ctx at ref \d+)/
--- grep_error_log_out eval
["",
"lua release ngx.ctx at ref 2
received: 42
received: 1
lua release ngx.ctx at ref 2
received: 42
received: 1
lua release ngx.ctx at ref 1
"]
--- no_error_log
[error]
=== TEST 9: ngx.ctx in ssl_session_fetch_by_lua (release ctx when client aborted)
--- http_config
ssl_session_fetch_by_lua_block {
ngx.ctx.answer = 42
}
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_session_tickets off;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo {
return 200 "ok";
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(package.loaded.session, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
package.loaded.session = sess
ngx.say("closed")
sock:close()
end -- do
}
}
--- request
GET /t
--- response_body
closed
--- grep_error_log eval
qr/lua release ngx.ctx at ref \d+/
--- grep_error_log_out eval
["",
"lua release ngx.ctx at ref 1
"]
--- no_error_log
[error]
=== TEST 10: ngx.ctx in ssl* and other phases
--- http_config
ssl_session_store_by_lua_block {
ngx.ctx.count = ngx.ctx.count and (ngx.ctx.count + 1) or 1
}
ssl_session_fetch_by_lua_block {
ngx.ctx.count = ngx.ctx.count and (ngx.ctx.count + 10) or 10
}
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_session_tickets off;
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
ssl_certificate_by_lua_block {
ngx.ctx.count = ngx.ctx.count and (ngx.ctx.count + 100) or 100
}
server_tokens off;
location /foo {
content_by_lua_block {
ngx.ctx.count = ngx.ctx.count + 1
ngx.say(ngx.ctx.count)
}
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(package.loaded.session, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
for i = 1, 2 do
local req = "GET /foo HTTP/1.1\r\nHost: test.com\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local body_seen = false
while true do
local line, err = sock:receive()
if not line then
break
end
if body_seen then
if line == "0" then
assert(sock:receive())
break
end
local line, err = sock:receive(line)
ngx.log(ngx.WARN, "received: ", line)
assert(sock:receive())
elseif line == "" then
body_seen = true
end
end
end
package.loaded.session = sess
sock:close()
end -- do
}
}
--- request
GET /t
--- grep_error_log eval
qr/(received: \w+|lua release ngx.ctx at ref \d+)/
--- grep_error_log_out eval
["lua release ngx.ctx at ref 2
received: 102
lua release ngx.ctx at ref 2
received: 102
lua release ngx.ctx at ref 1
",
"lua release ngx.ctx at ref 2
received: 102
lua release ngx.ctx at ref 2
received: 102
lua release ngx.ctx at ref 1
lua release ngx.ctx at ref 2
received: 112
lua release ngx.ctx at ref 2
received: 112
lua release ngx.ctx at ref 1
"]
--- no_error_log
[error]
=== TEST 11: overwrite values will only take affect in the current http request
--- http_config
server {
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
ngx.ctx.answer = 0
}
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
server_tokens off;
location /foo1 {
content_by_lua_block {
ngx.say(ngx.ctx.answer)
ngx.ctx.answer = 42
}
}
location /foo2 {
content_by_lua_block {
ngx.say(ngx.ctx.answer)
}
}
}
--- config
lua_ssl_trusted_certificate ../../cert/test.crt;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
sock:settimeout(3000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local sess, err = sock:sslhandshake(nil, "test.com", true)
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
for i = 1, 2 do
local req = "GET /foo" .. i .. " HTTP/1.1\r\nHost: test.com\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local body_seen = false
while true do
local line, err = sock:receive()
if not line then
break
end
if body_seen then
if line == "0" then
assert(sock:receive())
break
end
local line, err = sock:receive(line)
ngx.print("received: ", line)
assert(sock:receive())
elseif line == "" then
body_seen = true
end
end
end
sock:close()
end -- do
-- collectgarbage()
}
}
--- request
GET /t
--- response_body
received: 0
received: 0
=== TEST 12: prohibit setting ngx.ctx to non-table value
--- config
location = /t {
content_by_lua_block {
local ok, err = pcall(function()
ngx.ctx = nil
end)
if not ok then
ngx.say(err)
end
}
}
--- request
GET /t
--- response_body_like
ctx should be a table while getting a nil
--- no_error_log
[error]
=== TEST 13: get_ctx_table
--- config
location = /t {
content_by_lua_block {
local get_ctx_table = require "resty.core.ctx" .get_ctx_table
local reused_ctx = {}
local ctx = get_ctx_table(reused_ctx)
if ctx == reused_ctx then
ngx.say("reused")
end
local ctx2 = get_ctx_table()
if ctx2 == reused_ctx then
ngx.say("reused again")
end
}
}
--- request
GET /t
--- response_body
reused
reused again
--- no_error_log
[error]

225
deps/src/lua-resty-core/t/decode-base64.t vendored Normal file
View File

@@ -0,0 +1,225 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 5 - 2);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: string
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.decode_base64("aGVsbG8=")
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
hello
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 2: set base64 (nil)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.decode_base64("")
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body eval: "\n"
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 3: set base64 (number)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.decode_base64("My4xNA==")
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
3.14
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 4: set base64 (boolean)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.decode_base64("dHJ1ZQ==")
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
true
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 5: string (buf size just smaller than 4096)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.decode_base64(string.rep("a", 5460))
end
if not s then
ngx.say("bad base64 string")
else
ngx.say(string.len(s))
end
}
}
--- request
GET /base64
--- response_body
4095
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 6: string (buf size just a bit bigger than 4096)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.decode_base64(string.rep("a", 5462))
end
if not s then
ngx.say("bad base64 string")
else
ngx.say(string.len(s))
end
}
}
--- request
GET /base64
--- response_body
4096
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 7: decode_base64url
--- config
location = /t {
content_by_lua_block {
local enc = require("ngx.base64")
local function to_hex(str)
return (str:gsub('.', function(c)
return string.format('%02x', string.byte(c))
end))
end
-- RFC 4648 test vectors
ngx.say("decode_base64url(\"\") = \"", enc.decode_base64url(""), "\"")
ngx.say("decode_base64url(\"Zg\") = \"", enc.decode_base64url("Zg"), "\"")
ngx.say("decode_base64url(\"Zm8\") = \"", enc.decode_base64url("Zm8"), "\"")
ngx.say("decode_base64url(\"Zm9v\") = \"", enc.decode_base64url("Zm9v"), "\"")
ngx.say("decode_base64url(\"Zm9vYg\") = \"", enc.decode_base64url("Zm9vYg"), "\"")
ngx.say("decode_base64url(\"Zm9vYmE\") = \"", enc.decode_base64url("Zm9vYmE"), "\"")
ngx.say("decode_base64url(\"Zm9vYmFy\") = \"", enc.decode_base64url("Zm9vYmFy"), "\"")
ngx.say("decode_base64url(\"_w\") = \"\\x", to_hex(enc.decode_base64url("_w")), "\"")
ngx.say("decode_base64url(\"YQBi\") = \"\\x", to_hex(enc.decode_base64url("YQBi")), "\"")
}
}
--- request
GET /t
--- response_body
decode_base64url("") = ""
decode_base64url("Zg") = "f"
decode_base64url("Zm8") = "fo"
decode_base64url("Zm9v") = "foo"
decode_base64url("Zm9vYg") = "foob"
decode_base64url("Zm9vYmE") = "fooba"
decode_base64url("Zm9vYmFy") = "foobar"
decode_base64url("_w") = "\xff"
decode_base64url("YQBi") = "\x610062"
--- no_error_log
[error]
[crit]
=== TEST 8: decode_base64url with invalid input
--- config
location = /t {
content_by_lua_block {
local enc = require("ngx.base64")
local res, err = enc.decode_base64url(" ")
ngx.say("decode_base64url returned: ", res, ", ", err)
}
}
--- request
GET /t
--- response_body
decode_base64url returned: nil, invalid input
--- no_error_log
[error]
-- NYI:

236
deps/src/lua-resty-core/t/encode-base64.t vendored Normal file
View File

@@ -0,0 +1,236 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 5 - 1);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: set base64 (string)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.encode_base64("hello")
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
aGVsbG8=
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 2: set base64 (nil)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.encode_base64(nil)
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body eval: "\n"
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 3: set base64 (number)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.encode_base64(3.14)
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
My4xNA==
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 4: set base64 (boolean)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.encode_base64(true)
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
dHJ1ZQ==
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 5: set base64 (buf is a little larger than 4096)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.encode_base64(string.rep("a", 3073))
end
ngx.say(string.len(s))
}
}
--- request
GET /base64
--- response_body
4100
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 6: set base64 (buf is just 4096)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.encode_base64(string.rep("a", 3071))
end
ngx.say(string.len(s))
}
}
--- request
GET /base64
--- response_body
4096
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 7: set base64 (number) without padding (explicitly specified)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 200 do
s = ngx.encode_base64(3.14, true)
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
My4xNA
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 8: set base64 (number) with padding (explicitly specified)
--- config
location = /base64 {
content_by_lua_block {
local s
for i = 1, 200 do
s = ngx.encode_base64(3.14, false)
end
ngx.say(s)
}
}
--- request
GET /base64
--- response_body
My4xNA==
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
-- NYI:
=== TEST 9: encode_base64url
--- config
location = /t {
content_by_lua_block {
local enc = require("ngx.base64")
-- RFC 4648 test vectors
ngx.say("encode_base64url(\"\") = \"", enc.encode_base64url(""), "\"")
ngx.say("encode_base64url(\"f\") = \"", enc.encode_base64url("f"), "\"")
ngx.say("encode_base64url(\"fo\") = \"", enc.encode_base64url("fo"), "\"")
ngx.say("encode_base64url(\"foo\") = \"", enc.encode_base64url("foo"), "\"")
ngx.say("encode_base64url(\"foob\") = \"", enc.encode_base64url("foob"), "\"")
ngx.say("encode_base64url(\"fooba\") = \"", enc.encode_base64url("fooba"), "\"")
ngx.say("encode_base64url(\"foobar\") = \"", enc.encode_base64url("foobar"), "\"")
ngx.say("encode_base64url(\"\\xff\") = \"", enc.encode_base64url("\xff"), "\"")
ngx.say("encode_base64url(\"a\\0b\") = \"", enc.encode_base64url("a\0b"), "\"")
}
}
--- request
GET /t
--- response_body
encode_base64url("") = ""
encode_base64url("f") = "Zg"
encode_base64url("fo") = "Zm8"
encode_base64url("foo") = "Zm9v"
encode_base64url("foob") = "Zm9vYg"
encode_base64url("fooba") = "Zm9vYmE"
encode_base64url("foobar") = "Zm9vYmFy"
encode_base64url("\xff") = "_w"
encode_base64url("a\0b") = "YQBi"
--- no_error_log
[error]
-- NYI:

218
deps/src/lua-resty-core/t/errlog-raw-log.t vendored Normal file
View File

@@ -0,0 +1,218 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
log_level('error');
repeat_each(1);
plan tests => repeat_each() * (blocks() * 2 + 5);
add_block_preprocessor(sub {
my $block = shift;
my $http_config = $block->http_config || '';
my $init_by_lua_block = $block->init_by_lua_block || '';
$http_config .= <<_EOC_;
lua_package_path '$t::TestCore::lua_package_path';
init_by_lua_block {
$t::TestCore::init_by_lua_block
$init_by_lua_block
}
_EOC_
$block->set_value("http_config", $http_config);
});
no_long_string();
run_tests();
__DATA__
=== TEST 1: errlog.raw_log with bad log level (ngx.ERROR, -1)
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERROR, "hello, log")
ngx.say("done")
}
}
--- request
GET /log
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
bad log level
=== TEST 2: errlog.raw_log with bad levels (9)
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(9, "hello, log")
ngx.say("done")
}
}
--- request
GET /log
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
bad log level
=== TEST 3: errlog.raw_log with bad log message
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERR, 123)
ngx.say("done")
}
}
--- request
GET /log
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
bad argument #2 to 'raw_log' (must be a string)
=== TEST 4: errlog.raw_log test log-level ERR
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERR, "hello world")
}
}
--- request
GET /log
--- error_log eval
qr/\[error\] \S+: \S+ hello world/
=== TEST 5: errlog.raw_log JITs
--- init_by_lua_block
-- local verbose = true
local verbose = false
local outfile = errlog_file
-- local outfile = "/tmp/v.log"
if verbose then
local dump = require "jit.dump"
dump.on(nil, outfile)
else
local v = require "jit.v"
v.on(outfile)
end
require "resty.core"
-- jit.opt.start("hotloop=1")
-- jit.opt.start("loopunroll=1000000")
-- jit.off()
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
for i = 1, 100 do
errlog.raw_log(ngx.ERR, "hello world")
end
}
}
--- request
GET /log
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx.conf:\d+\):4 loop\]/
=== TEST 6: errlog.raw_log in init_by_lua
--- init_by_lua_block
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERR, "hello world from init_by_lua")
--- config
location /t {
return 200;
}
--- request
GET /t
--- grep_error_log chop
hello world from init_by_lua
--- grep_error_log_out eval
["hello world from init_by_lua\n", ""]
=== TEST 7: errlog.raw_log in init_worker_by_lua
--- http_config
init_worker_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERR, "hello world from init_worker_by_lua")
}
--- config
location /t {
return 200;
}
--- request
GET /t
--- grep_error_log chop
hello world from init_worker_by_lua
--- grep_error_log_out eval
["hello world from init_worker_by_lua\n", ""]
=== TEST 8: errlog.raw_log with \0 in the log message
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERR, "hello\0world")
ngx.say("ok")
}
}
--- request
GET /log
--- response_body
ok
--- error_log eval
"hello\0world, client: "
=== TEST 9: errlog.raw_log is captured by errlog.get_logs()
--- http_config
lua_capture_error_log 4k;
--- config
location /log {
content_by_lua_block {
local errlog = require "ngx.errlog"
errlog.raw_log(ngx.ERR, "hello from raw_log()")
local res, err = errlog.get_logs()
if not res then
error("FAILED " .. err)
end
ngx.say("log lines: ", #res / 3)
}
}
--- request
GET /log
--- response_body
log lines: 1
--- error_log eval
qr/\[error\] .*? hello from raw_log\(\)/
--- skip_nginx: 3: <1.11.2

1253
deps/src/lua-resty-core/t/errlog.t vendored Normal file
View File

File diff suppressed because it is too large Load Diff

80
deps/src/lua-resty-core/t/exit.t vendored Normal file
View File

@@ -0,0 +1,80 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
log_level('warn');
repeat_each(120);
#repeat_each(2);
plan tests => repeat_each() * (blocks() * 5);
add_block_preprocessor(sub {
my $block = shift;
my $http_config = $block->http_config || '';
my $init_by_lua_block = $block->init_by_lua_block || '';
$http_config .= <<_EOC_;
lua_package_path '\$prefix/html/?.lua;$t::TestCore::lua_package_path';
init_by_lua_block {
$t::TestCore::init_by_lua_block
$init_by_lua_block
}
_EOC_
$block->set_value("http_config", $http_config);
});
#no_diff();
#no_long_string();
run_tests();
__DATA__
=== TEST 1: sanity
--- config
location = /t {
content_by_lua_block {
ngx.exit(403)
}
}
--- request
GET /t
--- response_body_like: 403 Forbidden
--- error_code: 403
--- no_error_log eval
["[error]",
qr/ -- NYI: (?!FastFunc coroutine.yield)/,
" bad argument"]
=== TEST 2: call ngx.exit() from a custom lua module
--- config
location = /t {
content_by_lua_block {
local foo = require "foo"
foo.go()
}
}
--- user_files
>>> foo.lua
local exit = ngx.exit
local function go()
exit(403)
return
end
return { go = go }
--- request
GET /t
--- response_body_like: 403 Forbidden
--- error_code: 403
--- no_error_log eval
["[error]",
qr/ -- NYI: (?!FastFunc coroutine.yield)/,
" bad argument"]

57
deps/src/lua-resty-core/t/lib/helper.lua vendored Normal file
View File

@@ -0,0 +1,57 @@
local _M = {}
local run_lua_with_graceful_shutdown
do
local function set_up_ngx_conf(dir, code)
local conf = [[
error_log stderr error;
master_process off;
daemon off;
events {
worker_connections 64;
}
http {
init_worker_by_lua_block {
ngx.timer.at(0, function ()
]] .. code .. [[
require("ngx.process").signal_graceful_exit()
end)
}
}
]]
assert(os.execute("mkdir -p " .. dir .. "/logs"))
local conf_file = dir .. "/nginx.conf"
local f, err = io.open(conf_file, "w")
if not f then
ngx.log(ngx.ERR, err)
return
end
assert(f:write(conf))
f:close()
return conf_file
end
local function get_ngx_bin_path()
local ffi = require "ffi"
ffi.cdef[[char **ngx_argv;]]
return ffi.string(ffi.C.ngx_argv[0])
end
function run_lua_with_graceful_shutdown(dir, code)
local ngx_pipe = require "ngx.pipe"
local conf_file = set_up_ngx_conf(dir, code)
local nginx = get_ngx_bin_path()
local cmd = nginx .. " -p " .. dir .. " -c " .. conf_file
return ngx_pipe.spawn(cmd)
end
end
_M.run_lua_with_graceful_shutdown = run_lua_with_graceful_shutdown
return _M

57
deps/src/lua-resty-core/t/master-pid-single-process.t vendored Normal file
View File

@@ -0,0 +1,57 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
#master_on();
repeat_each(2);
plan tests => repeat_each() * (blocks() * 6);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: sanity
--- config
location = /t {
content_by_lua_block {
local process = require "ngx.process"
local v
local get_pid = process.get_master_pid
for i = 1, 400 do
v = get_pid()
end
local f = assert(io.open(ngx.config.prefix() .. "/logs/nginx.pid", "r"))
local str = assert(f:read("*l"))
local expected = str
if tostring(v) == expected then
ngx.say("ok")
else
ngx.say("expected: ", expected)
end
f:close()
ngx.say("got: ", v, " (", type(v), ")")
}
}
--- request
GET /t
--- response_body_like chop
\Aok
got: \d+ \(number\)
\z
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):\d loop\]/
--- no_error_log
[error]
-- NYI:
stitch
--- skip_nginx: 6: < 1.13.8

57
deps/src/lua-resty-core/t/master-pid.t vendored Normal file
View File

@@ -0,0 +1,57 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
master_on();
repeat_each(2);
plan tests => repeat_each() * (blocks() * 6);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: sanity
--- config
location = /t {
content_by_lua_block {
local process = require "ngx.process"
local v
local get_pid = process.get_master_pid
for i = 1, 400 do
v = get_pid()
end
local f = assert(io.open(ngx.config.prefix() .. "/logs/nginx.pid", "r"))
local str = assert(f:read("*l"))
local expected = str
if tostring(v) == expected then
ngx.say("ok")
else
ngx.say("expected: ", expected)
end
f:close()
ngx.say("got: ", v, " (", type(v), ")")
}
}
--- request
GET /t
--- response_body_like chop
\Aok
got: \d+ \(number\)
\z
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):\d loop\]/
--- no_error_log
[error]
-- NYI:
stitch
--- skip_nginx: 6: < 1.13.8

104
deps/src/lua-resty-core/t/md5-bin.t vendored Normal file
View File

@@ -0,0 +1,104 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 4);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: set md5_bin (string)
--- config
location = /md5_bin {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5_bin("hello")
end
ngx.say(string.len(s))
}
}
--- request
GET /md5_bin
--- response_body
16
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
=== TEST 2: set md5_bin (nil)
--- config
location = /md5_bin {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5_bin(nil)
end
ngx.say(string.len(s))
}
}
--- request
GET /md5_bin
--- response_body
16
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
=== TEST 3: set md5_bin (number)
--- config
location = /md5_bin {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5_bin(3.14)
end
ngx.say(string.len(s))
}
}
--- request
GET /md5_bin
--- response_body
16
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
=== TEST 4: set md5_bin (boolean)
--- config
location = /md5_bin {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5_bin(true)
end
ngx.say(string.len(s))
}
}
--- request
GET /md5_bin
--- response_body
16
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]

104
deps/src/lua-resty-core/t/md5.t vendored Normal file
View File

@@ -0,0 +1,104 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
#log_level('warn');
repeat_each(2);
plan tests => repeat_each() * (blocks() * 4);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: set md5 hello
--- config
location = /md5 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5("hello")
end
ngx.say(s)
}
}
--- request
GET /md5
--- response_body
5d41402abc4b2a76b9719d911017c592
--- error_log eval
qr/\[TRACE\s+1 content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
=== TEST 2: nil string to ngx.md5
--- config
location = /md5 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5(nil)
end
ngx.say(s)
}
}
--- request
GET /md5
--- response_body
d41d8cd98f00b204e9800998ecf8427e
--- error_log eval
qr/\[TRACE\s+1 content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
=== TEST 3: empty string to ngx.md5
--- config
location /md5 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5("")
end
ngx.say(s)
}
}
--- request
GET /md5
--- response_body
d41d8cd98f00b204e9800998ecf8427e
--- error_log eval
qr/\[TRACE\s+1 content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]
=== TEST 4: number to ngx.md5
--- config
location /md5 {
content_by_lua_block {
local s
for i = 1, 100 do
s = ngx.md5(3.14)
end
ngx.say(s)
}
}
--- request
GET /md5
--- response_body
4beed3b9c4a886067de0e3a094246f78
--- error_log eval
qr/\[TRACE\s+1 content_by_lua\(nginx\.conf:\d+\):3 loop\]/
--- no_error_log
[error]

136
deps/src/lua-resty-core/t/misc.t vendored Normal file
View File

@@ -0,0 +1,136 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
#worker_connections(1014);
#master_process_enabled(1);
log_level('warn');
#repeat_each(120);
repeat_each(2);
plan tests => repeat_each() * (blocks() * 6 - 2);
#no_diff();
#no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: ngx.is_subrequest
--- config
location = /t {
return 201;
header_filter_by_lua_block {
local rc
for i = 1, 100 do
rc = ngx.is_subrequest
end
ngx.log(ngx.WARN, "is subrequest: ", rc)
}
}
--- request
GET /t
--- response_body
--- error_code: 201
--- no_error_log
[error]
-- NYI:
bad argument
--- error_log eval
["is subrequest: false,",
qr/\[TRACE\s+\d+\s+header_filter_by_lua:3 loop\]/
]
=== TEST 2: ngx.headers_sent (false)
--- config
location = /t {
content_by_lua_block {
local rc
for i = 1, 100 do
rc = ngx.headers_sent
end
ngx.say("headers sent: ", rc)
}
}
--- request
GET /t
--- response_body
headers sent: false
--- no_error_log
[error]
-- NYI:
bad argument
--- error_log eval
qr/\[TRACE\s+\d+\s+content_by_lua\(nginx\.conf:\d+\):3 loop\]/
=== TEST 3: ngx.headers_sent (true)
--- config
location = /t {
content_by_lua_block {
ngx.send_headers()
local rc
for i = 1, 100 do
rc = ngx.headers_sent
end
ngx.say("headers sent: ", rc)
}
}
--- request
GET /t
--- response_body
headers sent: true
--- no_error_log
[error]
-- NYI:
bad argument
--- error_log eval
qr/\[TRACE\s+\d+\s+content_by_lua\(nginx\.conf:\d+\):4 loop\]/
=== TEST 4: base.check_subsystem
--- config
location = /t {
content_by_lua_block {
local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
base.allows_subsystem('http')
ngx.say("ok")
}
}
--- request
GET /t
--- response_body
ok
--- no_error_log
[error]
-- NYI:
bad argument
=== TEST 5: base.check_subsystem with non-http subsystem
--- config
location = /t {
content_by_lua_block {
local base = require "resty.core.base"
base.allows_subsystem('stream')
ngx.say("ok")
}
}
--- request
GET /t
--- error_code: 500
--- no_error_log
-- NYI:
bad argument
--- error_log
unsupported subsystem: http

262
deps/src/lua-resty-core/t/ndk.t vendored Normal file
View File

@@ -0,0 +1,262 @@
use lib '.';
use t::TestCore;
repeat_each(2);
plan tests => repeat_each() * (blocks() * 5 + 4);
add_block_preprocessor(sub {
my $block = shift;
my $http_config = $block->http_config || '';
$http_config .= <<_EOC_;
$t::TestCore::HttpConfig
_EOC_
$block->set_value("http_config", $http_config);
if (!defined $block->error_log) {
my $no_error_log = <<_EOC_;
[error]
[alert]
[emerg]
-- NYI:
stitch
_EOC_
$block->set_value("no_error_log", $no_error_log);
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
});
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: sanity
--- config
location /t {
content_by_lua_block {
local s = ndk.set_var.set_escape_uri(" :")
local r = ndk.set_var.set_unescape_uri("a%20b")
ngx.say(s)
ngx.say(r)
local set_escape_uri = ndk.set_var.set_escape_uri
local set_unescape_uri = ndk.set_var.set_unescape_uri
ngx.say(set_escape_uri(" :"))
ngx.say(set_unescape_uri("a%20b"))
local res
for i = 1, $TEST_NGINX_HOTLOOP * 10 do
res = set_escape_uri(" :")
end
for i = 1, $TEST_NGINX_HOTLOOP * 10 do
res = set_unescape_uri("a%20b")
end
}
}
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):13 loop\]/,
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):17 loop\]/
--- no_error_log
[error]
[alert]
[emerg]
-- NYI:
stitch
--- response_body
%20%3A
a b
%20%3A
a b
=== TEST 2: directive not found
--- config
location /t {
content_by_lua_block {
local s = ndk.set_var.set_escape_uri_blah_blah(" :")
ngx.say(s)
}
}
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
ndk.set_var: directive "set_escape_uri_blah_blah" not found or does not use ndk_set_var_value
=== TEST 3: ndk.set_var initialize ngx_http_variable_value_t variable properly
--- config
location /t {
content_by_lua_block {
local version = '2011.10.13+0000'
local e_version = ndk.set_var.set_encode_base32(version)
local s_version= ndk.set_var.set_quote_sql_str(version)
ngx.say(e_version)
ngx.say(s_version)
}
}
--- response_body
68o32c9e64o2sc9j5co30c1g
'2011.10.13+0000'
=== TEST 4: set directive not allowed
--- config
location /t {
content_by_lua_block {
ndk.set_var.set_escape_uri = "hack it"
}
}
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
not allowed
=== TEST 5: call directive failed
--- config
location /t {
content_by_lua_block {
ndk.set_var.set_decode_hex('a')
}
}
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
calling directive set_decode_hex failed with code -1
=== TEST 6: convert directive type to string
--- config
location /t {
content_by_lua_block {
ndk.set_var[1]()
}
}
--- response_body_like: 500 Internal Server Error
--- error_code: 500
--- error_log
ndk.set_var: directive "1" not found or does not use ndk_set_var_value
=== TEST 7: convert directive argument to string
--- config
location /t {
content_by_lua_block {
local s = ndk.set_var.set_escape_uri(1)
ngx.say(s)
}
}
--- response_body
1
=== TEST 8: call in set_by_lua
--- config
location /t {
set_by_lua_block $s {
return ndk.set_var.set_escape_uri(" :")
}
echo $s;
}
--- response_body
%20%3A
=== TEST 9: call in timer
--- config
location /t {
content_by_lua_block {
ngx.timer.at(0, function()
local s = ndk.set_var.set_escape_uri(" :")
ngx.log(ngx.WARN, "s = ", s)
end)
ngx.sleep(0.01)
}
}
--- error_log
s = %20%3A
--- no_error_log
[error]
=== TEST 10: call in header_filter_by_lua
--- config
location /t {
content_by_lua_block {
ngx.send_headers()
ngx.say(package.loaded.s)
}
header_filter_by_lua_block {
package.loaded.s = ndk.set_var.set_escape_uri(" :")
}
}
--- response_body
%20%3A
=== TEST 11: call in log_by_lua
--- config
location /t {
echo ok;
log_by_lua_block {
local s = ndk.set_var.set_escape_uri(" :")
ngx.log(ngx.WARN, "s = ", s)
}
}
--- response_body
ok
--- error_log
s = %20%3A
--- no_error_log
[error]
=== TEST 12: call in init_worker_by_lua
--- http_config
init_worker_by_lua_block {
package.loaded.s = ndk.set_var.set_escape_uri(" :")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.s)
}
}
--- response_body
%20%3A
=== TEST 13: cache the function in init_worker_by_lua and call in other phases
--- http_config
init_worker_by_lua_block {
package.loaded.set_escape_uri = ndk.set_var.set_escape_uri
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.set_escape_uri(" :"))
}
}
--- response_body
%20%3A

317
deps/src/lua-resty-core/t/ngx-req.t vendored Normal file
View File

@@ -0,0 +1,317 @@
use lib '.';
use t::TestCore;
repeat_each(2);
plan tests => repeat_each() * (blocks() * 3);
add_block_preprocessor(sub {
my $block = shift;
if (!defined $block->error_log) {
$block->set_value("no_error_log", "[error]");
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
});
no_long_string();
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: ngx_req.add_header (jitted)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
for i = 1, $TEST_NGINX_HOTLOOP * 20 do
ngx_req.add_header("Foo", "bar")
end
}
}
--- error_log eval
qr/\[TRACE\s+\d+ content_by_lua\(nginx\.conf:\d+\):4 loop\]/
--- no_error_log
[error]
=== TEST 2: ngx_req.add_header (single value)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx.req.set_header("Foo", "bar")
ngx_req.add_header("Foo", "baz")
ngx_req.add_header("Foo", 2)
ngx.say("Foo: ", table.concat(ngx.req.get_headers()["Foo"], ", "))
}
}
--- response_body
Foo: bar, baz, 2
=== TEST 3: ngx_req.add_header (empty single value)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx.req.set_header("Foo", "bar")
ngx_req.add_header("Foo", "")
ngx.say("Foo: [", table.concat(ngx.req.get_headers()["Foo"], ", "), ']')
}
}
--- response_body
Foo: [bar, ]
=== TEST 4: ngx_req.add_header (non-string single value)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx.req.set_header("Foo", "bar")
ngx_req.add_header("Foo", 123)
ngx.say("Foo: [", table.concat(ngx.req.get_headers()["Foo"], ", "), ']')
}
}
--- response_body
Foo: [bar, 123]
=== TEST 5: ngx_req.add_header (non-string header name)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header(123, 456)
ngx_req.add_header(123, 789)
ngx.say("123: [", table.concat(ngx.req.get_headers()[123], ", "), ']')
}
}
--- response_body
123: [456, 789]
=== TEST 6: ngx_req.add_header (multiple values)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx.req.set_header("Foo", "bar")
ngx_req.add_header("Foo", { "baz", 123 })
ngx.say("Foo: ", table.concat(ngx.req.get_headers()["Foo"], ", "))
}
}
--- response_body
Foo: bar, baz, 123
=== TEST 7: ngx_req.add_header (override builtin header)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header("User-Agent", "Mozilla/5.0 (Android; Mobile; rv:13.0) Gecko/13.0 Firefox/13.0")
ngx.say("UA: ", ngx.var.http_user_agent)
}
}
--- response_body
UA: Mozilla/5.0 (Android; Mobile; rv:13.0) Gecko/13.0 Firefox/13.0
=== TEST 8: ngx_req.add_header (added header is inherited by subrequests)
--- config
location = /sub {
content_by_lua_block {
ngx.say("Foo: ", table.concat(ngx.req.get_headers()["Foo"], ", "))
}
}
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
ngx.req.set_header("Foo", "bar")
ngx_req.add_header("Foo", {"baz", 2})
local res = ngx.location.capture("/sub")
ngx.print(res.body)
}
}
--- response_body
Foo: bar, baz, 2
=== TEST 9: ngx_req.add_header (invalid context)
--- http_config
init_worker_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header("Foo", "baz")
}
--- config
location /t {
return 200;
}
--- response_body
--- error_log
API disabled in the current context
=== TEST 10: ngx_req.add_header (header names edge-cases)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
local function check_invalid_header_name(header_name)
local ok, err = pcall(ngx_req.add_header, header_name, "bar")
if not ok then
ngx.say(err)
else
ngx.say("ok")
end
end
check_invalid_header_name()
check_invalid_header_name("")
check_invalid_header_name({})
}
}
--- response_body
bad 'name' argument: string expected, got nil
ok
ok
=== TEST 11: ngx_req.add_header (invalid header values)
--- config
location = /t {
content_by_lua_block {
local ngx_req = require "ngx.req"
local function check_invalid_header_value(...)
local ok, err = pcall(ngx_req.add_header, "Foo", ...)
if not ok then
ngx.say(err)
else
ngx.say("ok")
end
end
check_invalid_header_value()
check_invalid_header_value(nil)
check_invalid_header_value({})
}
}
--- response_body
bad 'value' argument: string or table expected, got nil
bad 'value' argument: string or table expected, got nil
bad 'value' argument: non-empty table expected
=== TEST 12: ngx_req.add_header (header name with control characters)
--- config
location /bar {
access_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header("header\r\nabc", "value")
}
proxy_pass http://127.0.0.1:$server_port/foo;
}
location = /foo {
echo $echo_client_request_headers;
}
--- request
GET /bar
--- response_body_like chomp
\bheader%0D%0Aabc: value\r\n
=== TEST 13: ngx_req.add_header (header value with control characters)
--- config
location /bar {
access_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header("header", "value\r\nabc")
}
proxy_pass http://127.0.0.1:$server_port/foo;
}
location = /foo {
echo $echo_client_request_headers;
}
--- request
GET /bar
--- response_body_like chomp
\bheader: value%0D%0Aabc\r\n
=== TEST 14: ngx_req.add_header (header name with Chinese characters)
--- config
location /bar {
access_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header("header中文", "value")
}
proxy_pass http://127.0.0.1:$server_port/foo;
}
location = /foo {
echo $echo_client_request_headers;
}
--- request
GET /bar
--- response_body_like chomp
\bheader%E4%B8%AD%E6%96%87: value
=== TEST 15: ngx_req.add_header (header value with Chinese characters)
--- config
location /bar {
access_by_lua_block {
local ngx_req = require "ngx.req"
ngx_req.add_header("header", "value中文")
}
proxy_pass http://127.0.0.1:$server_port/foo;
}
location = /foo {
echo $echo_client_request_headers;
}
--- request
GET /bar
--- response_body_like chomp
\bheader: value中文

186
deps/src/lua-resty-core/t/ngx-resp.t vendored Normal file
View File

@@ -0,0 +1,186 @@
use lib '.';
use t::TestCore;
repeat_each(2);
plan tests => repeat_each() * (blocks() * 3 + 4);
add_block_preprocessor(sub {
my $block = shift;
if (!defined $block->error_log) {
$block->set_value("no_error_log", "[error]");
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
});
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: ngx.resp.add_header (single value)
--- config
location = /t {
set $foo hello;
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header("Foo", "bar")
ngx_resp.add_header("Foo", 2)
ngx.say("Foo: ", table.concat(ngx.header["Foo"], ", "))
}
}
--- response_body
Foo: bar, 2
=== TEST 2: ngx.resp.add_header (nil)
--- config
location = /t {
content_by_lua_block {
local ngx_resp = require "ngx.resp"
local ok, err = pcall(ngx_resp.add_header, "Foo")
if not ok then
ngx.say(err)
else
ngx.say('ok')
end
}
}
--- response_body
invalid header value
=== TEST 3: ngx.resp.add_header (multi-value)
--- config
location = /t {
set $foo hello;
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header('Foo', {'bar', 'baz'})
local v = ngx.header["Foo"]
ngx.say("Foo: ", table.concat(ngx.header["Foo"], ", "))
}
}
--- response_body
Foo: bar, baz
=== TEST 4: ngx.resp.add_header (append header)
--- config
location = /t {
set $foo hello;
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx.header["fruit"] = "apple"
ngx_resp.add_header("fruit", "banana")
ngx_resp.add_header("fruit", "cherry")
ngx.say("fruit: ", table.concat(ngx.header["fruit"], ", "))
}
}
--- response_body
fruit: apple, banana, cherry
=== TEST 5: ngx.resp.add_header (override builtin header)
--- config
location = /t {
set $foo hello;
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header("Date", "now")
ngx.say("Date: ", ngx.header["Date"])
}
}
--- response_body
Date: now
=== TEST 6: ngx.resp.add_header (empty table)
--- config
location = /t {
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx.header["Foo"] = "aaa"
local ok, err = pcall(ngx_resp.add_header, "Foo", {})
if not ok then
ngx.say(err)
else
ngx.say("Foo: ", ngx.header["Foo"])
end
}
}
--- response_body
Foo: aaa
=== TEST 7: ngx.resp.add_header (header name with control characters)
--- config
location = /t {
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header("head\r\n", "value")
ngx.say("OK")
}
}
--- response_body
OK
--- response_headers
head%0D%0A: value
=== TEST 8: ngx.resp.add_header (header value with control characters)
--- config
location = /t {
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header("head", "value\r\n")
ngx.say("OK")
}
}
--- response_body
OK
--- response_headers
head: value%0D%0A
=== TEST 9: ngx.resp.add_header (header name with Chinese characters)
--- config
location = /t {
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header("head中文", "value")
ngx.say("OK")
}
}
--- response_body
OK
--- response_headers
head%E4%B8%AD%E6%96%87: value
=== TEST 10: ngx.resp.add_header (header value with Chinese characters)
--- config
location = /t {
content_by_lua_block {
local ngx_resp = require "ngx.resp"
ngx_resp.add_header("head", "value中文")
ngx.say("OK")
}
}
--- response_body
OK
--- response_headers
head: value中文

1566
deps/src/lua-resty-core/t/ocsp.t vendored Normal file
View File

File diff suppressed because it is too large Load Diff

170
deps/src/lua-resty-core/t/os-getenv-hup.t vendored Normal file
View File

@@ -0,0 +1,170 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
our $SkipReason;
BEGIN {
if ($ENV{TEST_NGINX_CHECK_LEAK}) {
$SkipReason = "unavailable for the hup tests";
} else {
undef $ENV{TEST_NGINX_USE_STAP};
}
}
use lib '.';
use t::TestCore $SkipReason ? (skip_all => $SkipReason) : ();
plan tests => repeat_each() * (blocks() * 4);
add_block_preprocessor(sub {
my $block = shift;
if (!defined $block->error_log) {
$block->set_value("error_log",
qr/\[notice\] .*? \(SIGHUP\) received/);
}
if (!defined $block->no_error_log) {
$block->set_value("no_error_log", "[error]");
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
});
no_shuffle();
use_hup();
$ENV{TEST_NGINX_BAR} = 'old';
$ENV{TEST_NGINX_LUA_PACKAGE_PATH} = "$t::TestCore::lua_package_path";
run_tests();
__DATA__
=== TEST 1: env directive explicit value is visible within init_by_lua*
--- main_config
env FOO=old;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo)
}
}
--- response_body
old
--- error_log
[notice]
=== TEST 2: HUP reload changes env value (1/3)
--- main_config
env FOO=new;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo)
}
}
--- response_body
new
=== TEST 3: HUP reload changes env value (2/3)
--- main_config
env FOO=;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo)
}
}
--- response_body_like chomp
\s
=== TEST 4: HUP reload changes env value (3/3)
--- main_config
env FOO;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo)
}
}
--- response_body
nil
=== TEST 5: HUP reload changes visible environment variable (1/2)
--- main_config
env TEST_NGINX_BAR;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.test_nginx_bar = os.getenv("TEST_NGINX_BAR")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.test_nginx_bar)
}
}
--- response_body
old
=== TEST 6: HUP reload changes visible environment variable (2/2)
--- main_config
env TEST_NGINX_BAR=new;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.test_nginx_bar = os.getenv("TEST_NGINX_BAR")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.test_nginx_bar)
}
}
--- response_body
new

252
deps/src/lua-resty-core/t/os-getenv.t vendored Normal file
View File

@@ -0,0 +1,252 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
plan tests => repeat_each() * (blocks() * 3 + 1);
add_block_preprocessor(sub {
my $block = shift;
if (!defined $block->error_log) {
$block->set_value("no_error_log", "[error]");
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
});
$ENV{TEST_NGINX_BAR} = 'world';
$ENV{TEST_NGINX_LUA_PACKAGE_PATH} = "$t::TestCore::lua_package_path";
run_tests();
__DATA__
=== TEST 1: env directive explicit value is visible within init_by_lua*
--- main_config
env FOO=hello;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo, "\n", os.getenv("FOO"))
}
}
--- response_body
hello
hello
=== TEST 2: env directive explicit value is visible within init_by_lua* with lua_shared_dict
--- main_config
env FOO=hello;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
lua_shared_dict dogs 24k;
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo, "\n", os.getenv("FOO"))
}
}
--- response_body
hello
hello
=== TEST 3: env directive explicit value is case-sensitive within init_by_lua*
--- main_config
env FOO=hello;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("foo")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo, "\n", os.getenv("foo"))
}
}
--- response_body
nil
nil
=== TEST 4: env directives with no value are ignored
--- main_config
env FOO;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo, "\n", os.getenv("FOO"))
}
}
--- response_body
nil
nil
=== TEST 5: env is visible from environment
--- main_config
env TEST_NGINX_BAR;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("TEST_NGINX_BAR")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo, "\n", os.getenv("TEST_NGINX_BAR"))
}
}
--- response_body
world
world
=== TEST 6: env explicit set vs environment set
--- main_config
env TEST_NGINX_BAR=goodbye;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("TEST_NGINX_BAR")
}
--- config
location /t {
content_by_lua_block {
ngx.say(package.loaded.foo, "\n", os.getenv("TEST_NGINX_BAR"))
}
}
--- response_body
goodbye
goodbye
=== TEST 7: env directive with empty value
--- main_config
env FOO=;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
require "resty.core"
package.loaded.foo = os.getenv("FOO")
}
--- config
location /t {
content_by_lua_block {
ngx.say("in init: ", package.loaded.foo, "\n",
"in content: ", os.getenv("FOO"))
}
}
--- response_body_like
in init:\s+
in content:\s+
=== TEST 8: os.getenv() overwrite is reverted in worker phases
--- main_config
env FOO=hello;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
package.loaded.init_os_getenv = os.getenv
}
--- config
location /t {
content_by_lua_block {
ngx.say("FOO=", os.getenv("FOO"))
if os.getenv ~= package.loaded.init_os_getenv then
ngx.say("os.getenv() overwrite was reverted")
else
ngx.say("os.getenv() overwrite was not reverted")
end
}
}
--- response_body
FOO=hello
os.getenv() overwrite was reverted
=== TEST 9: os.getenv() can be localized after loading resty.core
--- main_config
env FOO=hello;
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
init_by_lua_block {
do
local getenv = os.getenv
package.loaded.f = function ()
ngx.log(ngx.NOTICE, "FOO: ", getenv("FOO"))
end
end
require "resty.core"
package.loaded.f()
package.loaded.is_os_getenv = os.getenv == package.loaded.os_getenv
}
--- config
location /t {
content_by_lua_block {
package.loaded.f()
package.loaded.f()
if os.getenv ~= package.loaded.init_os_getenv then
ngx.say("os.getenv() overwrite was reverted")
else
ngx.say("os.getenv() overwrite was not reverted")
end
}
}
--- response_body
os.getenv() overwrite was reverted
--- grep_error_log eval
qr/FOO: [a-z]+/
--- grep_error_log_out
FOO: hello
FOO: hello
FOO: hello

33
deps/src/lua-resty-core/t/phase.t vendored Normal file
View File

@@ -0,0 +1,33 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use lib '.';
use t::TestCore;
repeat_each(2);
plan tests => repeat_each() * (blocks() * 5);
check_accum_error_log();
run_tests();
__DATA__
=== TEST 1: get_phase
--- config
location /lua {
content_by_lua_block {
local phase
for i = 1, 100 do
phase = ngx.get_phase()
end
ngx.say(phase)
}
}
--- request
GET /lua
--- response_body
content
--- no_error_log
[error]
-- NYI:
--- error_log eval
qr/\[TRACE\s+\d+\s+content_by_lua\(nginx\.conf:\d+\):3 loop\]/

Some files were not shown because too many files have changed in this diff Show More