bunkerweb/confs/server-http/access-lua.conf

access_by_lua_block {

local logger	= require "logger"
local datastore	= require "datastore"
local plugins	= require "plugins"

-- Don't process internal requests
if ngx.req.is_internal() then
	logger.log(ngx.INFO, "ACCESS", "Skipped access phase because request is internal")
	return
end

logger.log(ngx.INFO, "ACCESS", "Access phase started")

-- Process bans as soon as possible
local banned, err = datastore:get("bans_ip_" .. ngx.var.remote_addr)
if banned then
	logger.log(ngx.WARN, "ACCESS", "IP " .. ngx.var.remote_addr .. " is banned with reason : " .. banned)
	ngx.exit(ngx.HTTP_FORBIDDEN)
end

-- List all plugins
local list, err = plugins:list()
if not list then
	logger.log(ngx.ERR, "ACCESS", "Can't list loaded plugins : " .. err)
	list = {}
end

-- Call access method of plugins
for i, plugin in ipairs(list) do
	local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id)
	if ret then
		local plugin_obj = plugin_lua.new()
		if plugin_obj.access ~= nil then
			logger.log(ngx.INFO, "ACCESS", "Executing access() of " .. plugin.id)
			local ok, err, ret, value = plugin_obj:access()
			if not ok then
				logger.log(ngx.ERR, "ACCESS", "Error while calling access() on plugin " .. plugin.id .. " : " .. err)
			else
				logger.log(ngx.INFO, "ACCESS", "Return value from " .. plugin.id .. ".access() is : " .. err)
			end
			if ret then
				if type(value) == "number" then
					if value == ngx.HTTP_FORBIDDEN then
						logger.log(ngx.WARN, "ACCESS", "Denied access from " .. plugin.id .. " : " .. err)
						ngx.var.reason = plugin.id
					else
						logger.log(ngx.NOTICE, "ACCESS", plugin.id .. " returned status " .. tostring(value) .. " : " .. err)
					end
					return ngx.exit(value)
				else
					return value
				end
			end
		else
			logger.log(ngx.INFO, "ACCESS", "access() method not found in " .. plugin.id .. ", skipped execution")
		end
	end
end

logger.log(ngx.INFO, "ACCESS", "Access phase ended")

}