Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge commit '096f2ff62568be578cfda21a729dc9992161e72e' into dev

Browse source
This commit is contained in:
Théophile Diot 2025-01-17 10:17:38 +01:00
commit eafa4d7481
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
14 changed files with 215 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
src/deps/src/lua-nginx-module/.travis.yml vendored
View file

@ -42,8 +42,6 @@ env:
- LUAJIT_LIB=$LUAJIT_PREFIX/lib
- LUAJIT_INC=$LUAJIT_PREFIX/include/luajit-2.1
- LUA_INCLUDE_DIR=$LUAJIT_INC
- PCRE_VER=8.45
- PCRE2_VER=10.42
- PCRE_PREFIX=/opt/pcre
- PCRE2_PREFIX=/opt/pcre2
- PCRE_LIB=$PCRE_PREFIX/lib
@ -61,12 +59,14 @@ env:
- TEST_NGINX_SLEEP=0.006
- MALLOC_PERTURB_=9
jobs:
#- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
#- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f
- NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y TEST_NGINX_TIMEOUT=5
- NGINX_VERSION=1.27.1 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y TEST_NGINX_QUIC_IDLE_TIMEOUT=3
#- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f
#- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1w TEST_NGINX_USE_HTTP2=1
- NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f TEST_NGINX_TIMEOUT=5 PCRE_VER=8.45
- NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.42
- NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f TEST_NGINX_TIMEOUT=5 PCRE_VER=8.45 TEST_NGINX_USE_HTTP2=1
- NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.42 TEST_NGINX_USE_HTTP2=1
- NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.42
- NGINX_VERSION=1.27.1 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.42
services:
- memcached
@ -80,10 +80,12 @@ before_install:
install:
- if [ ! -f download-cache/drizzle7-$DRIZZLE_VER.tar.gz ]; then wget -P download-cache https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/drizzle7-$DRIZZLE_VER.tar.gz; fi
- if [ "$USE_PCRE2" != "Y" ] && [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi
- if [ "$USE_PCRE2" = "Y" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi
- if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
#- if [ -n "$PCRE_VER" ] && [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi
#- if [ -n "$PCRE2_VER" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi
#- if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VER/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- if [ -n "$OPENSSL_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/openssl-${OPENSSL_VER}-x64-focal.tar.gz; fi
- if [ -n "$PCRE_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/pcre-${PCRE_VER}-x64-focal.tar.gz; fi
- if [ -n "$PCRE2_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/pcre2-${PCRE2_VER}-x64-focal.tar.gz; fi
- wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/boringssl-20230902-x64-focal.tar.gz
- wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz
- git clone https://github.com/openresty/test-nginx.git
@ -135,10 +137,13 @@ script:
- sudo make install-libdrizzle-1.0 > build.log 2>&1 || (cat build.log && exit 1)
- cd ../mockeagain/ && make CC=$CC -j$JOBS && cd ..
- cd lua-cjson/ && make -j$JOBS && sudo make install && cd ..
- if [ "$USE_PCRE2" != "Y" ]; then tar zxf download-cache/pcre-$PCRE_VER.tar.gz; cd pcre-$PCRE_VER/; ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
- if [ "$USE_PCRE2" = "Y" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
- if [ -n "$OPENSSL_VER" ]; then tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz; cd openssl-$OPENSSL_VER/; patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; ./config shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
#- if [ -n "PCRE_VER" ]; then tar zxf download-cache/pcre-$PCRE_VER.tar.gz; cd pcre-$PCRE_VER/; ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
#- if [ -n "$PCRE2_VER" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
#- if [ -n "$OPENSSL_VER" ]; then tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz; cd openssl-$OPENSSL_VER/; patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; ./config shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX --libdir=lib -DPURIFY > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
- if [ -n "$BORINGSSL" ]; then sudo mkdir -p /opt/ssl && sudo tar -C /opt/ssl -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi
- if [ -n "$OPENSSL_VER" ]; then sudo mkdir -p /opt/ssl && sudo tar -C /opt/ssl -xf openssl-$OPENSSL_VER-x64-focal.tar.gz --strip-components=2; fi
- if [ -n "$PCRE_VER" ]; then sudo mkdir -p $PCRE_PREFIX && sudo tar -C $PCRE_PREFIX -xf pcre-$PCRE_VER-x64-focal.tar.gz --strip-components=2; fi
- if [ -n "$PCRE2_VER" ]; then sudo mkdir -p $PCRE2_PREFIX && sudo tar -C $PCRE2_PREFIX -xf pcre2-$PCRE2_VER-x64-focal.tar.gz --strip-components=2; fi
- export NGX_BUILD_CC=$CC
- sh util/build-without-ssl.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1)
- sh util/build-with-dd.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1)

49
src/deps/src/lua-nginx-module/README.markdown vendored
View file

@ -269,7 +269,7 @@ memory use. Request contexts are segregated using lightweight Lua coroutines.
Loaded Lua modules persist in the Nginx worker process level resulting in a
small memory footprint in Lua even when under heavy loads.
This module is plugged into Nginx's "http" subsystem so it can only speaks
This module is plugged into Nginx's "http" subsystem so it can only speak
downstream communication protocols in the HTTP family (HTTP 0.9/1.0/1.1/2.0,
WebSockets, etc...). If you want to do generic TCP communications with the
downstream clients, then you should use the
@ -283,7 +283,7 @@ Typical Uses
Just to name a few:
* Mashup'ing and processing outputs of various Nginx upstream outputs (proxy, drizzle, postgres, redis, memcached, and etc) in Lua,
* Mashup'ing and processing outputs of various Nginx upstream outputs (proxy, drizzle, postgres, redis, memcached, etc.) in Lua,
* doing arbitrarily complex access control and security checks in Lua before requests actually reach the upstream backends,
* manipulating response headers in an arbitrary way (by Lua)
* fetching backend information from external storage backends (like redis, memcached, mysql, postgresql) and use that information to choose which upstream backend to access on-the-fly,
@ -337,7 +337,7 @@ It is discouraged to build this module with Nginx yourself since it is tricky
to set up exactly right.
Note that Nginx, LuaJIT, and OpenSSL official releases have various limitations
and long standing bugs that can cause some of this module's features to be
and long-standing bugs that can cause some of this module's features to be
disabled, not work properly, or run slower. Official OpenResty releases are
recommended because they bundle [OpenResty's optimized LuaJIT 2.1 fork](https://github.com/openresty/luajit2) and
[Nginx/OpenSSL
@ -421,7 +421,7 @@ While building this module either via OpenResty or with the Nginx core, you can
* `NGX_LUA_USE_ASSERT`
When defined, will enable assertions in the ngx_lua C code base. Recommended for debugging or testing builds. It can introduce some (small) runtime overhead when enabled. This macro was first introduced in the `v0.9.10` release.
* `NGX_LUA_ABORT_AT_PANIC`
When the LuaJIT VM panics, ngx_lua will instruct the current nginx worker process to quit gracefully by default. By specifying this C macro, ngx_lua will abort the current nginx worker process (which usually result in a core dump file) immediately. This option is useful for debugging VM panics. This option was first introduced in the `v0.9.8` release.
When the LuaJIT VM panics, ngx_lua will instruct the current nginx worker process to quit gracefully by default. By specifying this C macro, ngx_lua will abort the current nginx worker process (which usually results in a core dump file) immediately. This option is useful for debugging VM panics. This option was first introduced in the `v0.9.8` release.
To enable one or more of these macros, just pass extra C compiler options to the `./configure` script of either Nginx or OpenResty. For instance,
@ -1184,7 +1184,7 @@ Directives
The basic building blocks of scripting Nginx with Lua are directives. Directives are used to specify when the user Lua code is run and
how the result will be used. Below is a diagram showing the order in which directives are executed.
![Lua Nginx Modules Directives](https://cloud.githubusercontent.com/assets/2137369/15272097/77d1c09e-1a37-11e6-97ef-d9767035fc3e.png)
![Lua Nginx Modules Directives](./doc/images/lua_nginx_modules_directives.drawio.png)
[Back to TOC](#table-of-contents)
@ -3695,6 +3695,7 @@ Nginx API for Lua
* [ngx.decode_args](#ngxdecode_args)
* [ngx.encode_base64](#ngxencode_base64)
* [ngx.decode_base64](#ngxdecode_base64)
* [ngx.decode_base64mime](#ngxdecode_base64mime)
* [ngx.crc32_short](#ngxcrc32_short)
* [ngx.crc32_long](#ngxcrc32_long)
* [ngx.hmac_sha1](#ngxhmac_sha1)
@ -4149,7 +4150,7 @@ Then `GET /main` will give the output
Here, modification of the `ngx.ctx.blah` entry in the subrequest does not affect the one in the parent request. This is because they have two separate versions of `ngx.ctx.blah`.
Internal redirects (triggered by nginx configuration directives like `error_page`, `try_files`, `index` and etc) will destroy the original request `ngx.ctx` data (if any) and the new request will have an empty `ngx.ctx` table. For instance,
Internal redirects (triggered by nginx configuration directives like `error_page`, `try_files`, `index`, etc.) will destroy the original request `ngx.ctx` data (if any) and the new request will have an empty `ngx.ctx` table. For instance,
```nginx
@ -6254,7 +6255,7 @@ ngx.encode_base64
**context:** *set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;, balancer_by_lua&#42;, ssl_certificate_by_lua&#42;, ssl_session_fetch_by_lua&#42;, ssl_session_store_by_lua&#42;, ssl_client_hello_by_lua&#42;*
Encodes `str` to a base64 digest.
Encodes `str` to a base64 digest. For base64url encoding use [`base64.encode_base64url`](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/base64.md#encode_base64url).
Since the `0.9.16` release, an optional boolean-typed `no_padding` argument can be specified to control whether the base64 padding should be appended to the resulting digest (default to `false`, i.e., with padding enabled).
@ -6267,7 +6268,25 @@ ngx.decode_base64
**context:** *set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;, balancer_by_lua&#42;, ssl_certificate_by_lua&#42;, ssl_session_fetch_by_lua&#42;, ssl_session_store_by_lua&#42;, ssl_client_hello_by_lua&#42;*
Decodes the `str` argument as a base64 digest to the raw form. Returns `nil` if `str` is not well formed.
Decodes the `str` argument as a base64 digest to the raw form. For base64url decoding use [`base64.decode_base64url`](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/base64.md#decode_base64url).
The `str` should be standard 'base64' encoding for RFC 3548 or RFC 4648, and will returns `nil` if is not well formed or any characters not in the base encoding alphabet. Padding may be omitted from the input.
[Back to TOC](#nginx-api-for-lua)
ngx.decode_base64mime
---------------------
**syntax:** *newstr = ngx.decode_base64mime(str)*
**context:** *set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;, balancer_by_lua&#42;, ssl_certificate_by_lua&#42;, ssl_session_fetch_by_lua&#42;, ssl_session_store_by_lua&#42;*
**requires:** `resty.core.base64` or `resty.core`
Decodes the `str` argument as a base64 digest to the raw form.
The `str` follows base64 transfer encoding for MIME (RFC 2045), and will discard characters outside the base encoding alphabet.
Returns `nil` if `str` is not well formed.
'''Note:''' This method requires the <code>resty.core.base64</code> or <code>resty.core</code> modules from the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
[Back to TOC](#nginx-api-for-lua)
@ -7971,14 +7990,14 @@ An optional Lua table can be specified as the last argument to this method to sp
* `backlog`
if specified, this module will limit the total number of opened connections
for this pool. No more connections than `pool_size` can be opened
for this pool at any time. If the connection pool is full, subsequent
connect operations will be queued into a queue equal to this option's
value (the "backlog" queue).
for this pool at any time. If `pool_size` number of connections are in use,
subsequent connect operations will be queued into a queue equal to this
option's value (the "backlog" queue).
If the number of queued connect operations is equal to `backlog`,
subsequent connect operations will fail and return `nil` plus the
error string `"too many waiting connect operations"`.
The queued connect operations will be resumed once the number of connections
in the pool is less than `pool_size`.
The queued connect operations will be resumed once the number of active
connections becomes less than `pool_size`.
The queued connect operation will abort once they have been queued for more
than `connect_timeout`, controlled by
[settimeouts](#tcpsocksettimeouts), and will return `nil` plus
@ -8996,7 +9015,7 @@ this context.
You must notice that each timer will be based on a fake request (this fake request is also based on a fake connection). Because Nginx's memory release is based on the connection closure, if you run a lot of APIs that apply for memory resources in a timer, such as [tcpsock:connect](#tcpsockconnect), will cause the accumulation of memory resources. So it is recommended to create a new timer after running several times to release memory resources.
You can pass most of the standard Lua values (nils, booleans, numbers, strings, tables, closures, file handles, and etc) into the timer callback, either explicitly as user arguments or implicitly as upvalues for the callback closure. There are several exceptions, however: you *cannot* pass any thread objects returned by [coroutine.create](#coroutinecreate) and [ngx.thread.spawn](#ngxthreadspawn) or any cosocket objects returned by [ngx.socket.tcp](#ngxsockettcp), [ngx.socket.udp](#ngxsocketudp), and [ngx.req.socket](#ngxreqsocket) because these objects' lifetime is bound to the request context creating them while the timer callback is detached from the creating request's context (by design) and runs in its own (fake) request context. If you try to share the thread or cosocket objects across the boundary of the creating request, then you will get the "no co ctx found" error (for threads) or "bad request" (for cosockets). It is fine, however, to create all these objects inside your timer callback.
You can pass most of the standard Lua values (nils, booleans, numbers, strings, tables, closures, file handles, etc.) into the timer callback, either explicitly as user arguments or implicitly as upvalues for the callback closure. There are several exceptions, however: you *cannot* pass any thread objects returned by [coroutine.create](#coroutinecreate) and [ngx.thread.spawn](#ngxthreadspawn) or any cosocket objects returned by [ngx.socket.tcp](#ngxsockettcp), [ngx.socket.udp](#ngxsocketudp), and [ngx.req.socket](#ngxreqsocket) because these objects' lifetime is bound to the request context creating them while the timer callback is detached from the creating request's context (by design) and runs in its own (fake) request context. If you try to share the thread or cosocket objects across the boundary of the creating request, then you will get the "no co ctx found" error (for threads) or "bad request" (for cosockets). It is fine, however, to create all these objects inside your timer callback.
Please note that the timer Lua handler has its own copy of the `ngx.ctx` magic
table. It won't share the same `ngx.ctx` with the Lua handler creating the timer.
@ -9489,7 +9508,7 @@ The type of `args` must be one of type below:
* nil
* table (the table may be recursive, and contains members of types above.)
The `ok` is in boolean type, which indicate the C land error (failed to get thread from thread pool, pcall the module function failed, .etc). If `ok` is `false`, the `res1` is the error string.
The `ok` is in boolean type, which indicate the C land error (failed to get thread from thread pool, pcall the module function failed, etc.). If `ok` is `false`, the `res1` is the error string.
The return values (res1, ...) are returned by invocation of the module function. Normally, the `res1` should be in boolean type, so that the caller could inspect the error.

16
src/deps/src/lua-nginx-module/doc/HttpLuaModule.wiki vendored
View file

@ -5256,7 +5256,21 @@ Since the <code>0.9.16</code> release, an optional boolean-typed <code>no_paddin
'''context:''' ''set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*, body_filter_by_lua*, log_by_lua*, ngx.timer.*, balancer_by_lua*, ssl_certificate_by_lua*, ssl_session_fetch_by_lua*, ssl_session_store_by_lua*, ssl_client_hello_by_lua*''
Decodes the <code>str</code> argument as a base64 digest to the raw form. Returns <code>nil</code> if <code>str</code> is not well formed.
Decodes the <code>str</code> argument as a base64 digest to the raw form.
The <code>str</code> should be standard 'base64' encoding for RFC 3548 or RFC 4648, and will returns <code>nil</code> if is not well formed or any characters not in the base encoding alphabet.
== ngx.decode_base64mime ==
'''syntax:''' ''newstr = ngx.decode_base64mime(str)''
'''context:''' ''set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*, body_filter_by_lua*, log_by_lua*, ngx.timer.*, balancer_by_lua*, ssl_certificate_by_lua*, ssl_session_fetch_by_lua*, ssl_session_store_by_lua*''
'''requires:''' <code>resty.core.base64</code> or <code>resty.core</code>
Decodes the <code>str</code> argument as a base64 digest to the raw form.
The <code>str</code> follows base64 transfer encoding for MIME (RFC 2045), and will discard characters outside the base encoding alphabet.
Returns <code>nil</code> if <code>str</code> is not well formed.
'''Note:''' This method requires the <code>resty.core.base64</code> or <code>resty.core</code> modules from the [https://github.com/openresty/lua-resty-core lua-resty-core] library.
== ngx.crc32_short ==

BIN
src/deps/src/lua-nginx-module/doc/images/lua_nginx_modules_directives.drawio.png vendored Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 142 KiB

2
src/deps/src/lua-nginx-module/src/api/ngx_http_lua_api.h vendored
View file

@ -19,7 +19,7 @@
/* Public API for other Nginx modules */
#define ngx_http_lua_version 10027
#define ngx_http_lua_version 10028
typedef struct ngx_http_lua_co_ctx_s ngx_http_lua_co_ctx_t;

32
src/deps/src/lua-nginx-module/src/ngx_http_lua_misc.c vendored
View file

@ -64,8 +64,11 @@ ngx_http_lua_ffi_get_resp_status(ngx_http_request_t *r)
int
ngx_http_lua_ffi_set_resp_status(ngx_http_request_t *r, int status)
ngx_http_lua_ffi_set_resp_status_and_reason(ngx_http_request_t *r, int status,
const char *reason, size_t reason_len)
{
u_char *buf;
if (r->connection->fd == (ngx_socket_t) -1) {
return NGX_HTTP_LUA_FFI_BAD_CONTEXT;
}
@ -77,6 +80,14 @@ ngx_http_lua_ffi_set_resp_status(ngx_http_request_t *r, int status)
return NGX_DECLINED;
}
/* per RFC-7230 sec 3.1.2, the status line must be 3 digits, it also makes
* buffer size calculation easier */
if (status < 100 || status > 999) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"invalid HTTP status code %d", status);
return NGX_DECLINED;
}
r->headers_out.status = status;
if (r->err_status) {
@ -91,6 +102,18 @@ ngx_http_lua_ffi_set_resp_status(ngx_http_request_t *r, int status)
ngx_str_set(&r->headers_out.status_line, "101 Switching Protocols");
} else if (reason != NULL && reason_len > 0) {
reason_len += 4; /* "ddd <reason>" */
buf = ngx_palloc(r->pool, reason_len);
if (buf == NULL) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "no memory");
return NGX_DECLINED;
}
ngx_snprintf(buf, reason_len, "%d %s", status, reason);
r->headers_out.status_line.len = reason_len;
r->headers_out.status_line.data = buf;
} else {
r->headers_out.status_line.len = 0;
}
@ -99,6 +122,13 @@ ngx_http_lua_ffi_set_resp_status(ngx_http_request_t *r, int status)
}
int
ngx_http_lua_ffi_set_resp_status(ngx_http_request_t *r, int status)
{
return ngx_http_lua_ffi_set_resp_status_and_reason(r, status, NULL, 0);
}
int
ngx_http_lua_ffi_req_is_internal(ngx_http_request_t *r)
{

16
src/deps/src/lua-nginx-module/src/ngx_http_lua_output.c vendored
View file

@ -722,16 +722,14 @@ ngx_http_lua_ngx_send_headers(lua_State *L)
| NGX_HTTP_LUA_CONTEXT_ACCESS
| NGX_HTTP_LUA_CONTEXT_CONTENT);
if (!r->header_sent && !ctx->header_sent) {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"lua send headers");
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"lua send headers");
rc = ngx_http_lua_send_header_if_needed(r, ctx);
if (rc == NGX_ERROR || rc > NGX_OK) {
lua_pushnil(L);
lua_pushliteral(L, "nginx output filter error");
return 2;
}
rc = ngx_http_lua_send_header_if_needed(r, ctx);
if (rc == NGX_ERROR || rc > NGX_OK) {
lua_pushnil(L);
lua_pushliteral(L, "nginx output filter error");
return 2;
}
lua_pushinteger(L, 1);

19
src/deps/src/lua-nginx-module/src/ngx_http_lua_socket_tcp.c vendored
View file

@ -5725,8 +5725,7 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev)
ngx_http_lua_socket_pool_t *spool;
int n;
int err;
char buf[1];
unsigned char buf[1];
ngx_connection_t *c;
c = ev->data;
@ -5747,20 +5746,10 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0,
"lua tcp socket keepalive close handler check stale events");
n = recv(c->fd, buf, 1, MSG_PEEK);
err = ngx_socket_errno;
#if (NGX_HTTP_SSL)
/* ignore ssl protocol data like change cipher spec */
if (n == 1 && c->ssl != NULL) {
n = c->recv(c, (unsigned char *) buf, 1);
if (n == NGX_AGAIN) {
n = -1;
err = NGX_EAGAIN;
}
}
#endif
/* consume the possible ssl-layer data implicitly */
n = c->recv(c, buf, 1);
if (n == -1 && err == NGX_EAGAIN) {
if (n == NGX_AGAIN) {
/* stale event */
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {

2
src/deps/src/lua-nginx-module/src/ngx_http_lua_ssl_certby.c vendored
View file

@ -1433,7 +1433,7 @@ ngx_http_lua_ffi_set_priv_key(ngx_http_request_t *r,
pkey = cdata;
if (pkey == NULL) {
*err = "invalid private key failed";
*err = "invalid private key";
goto failed;
}

20
src/deps/src/lua-nginx-module/src/ngx_http_lua_string.c vendored
View file

@ -424,6 +424,26 @@ ngx_http_lua_ffi_decode_base64(const u_char *src, size_t slen, u_char *dst,
}
int
ngx_http_lua_ffi_decode_base64mime(const u_char *src, size_t slen, u_char *dst,
size_t *dlen)
{
ngx_int_t rc;
ngx_str_t in, out;
in.data = (u_char *) src;
in.len = slen;
out.data = dst;
rc = ngx_http_lua_decode_base64mime(&out, &in);
*dlen = out.len;
return rc == NGX_OK;
}
size_t
ngx_http_lua_ffi_unescape_uri(const u_char *src, size_t len, u_char *dst)
{

6
src/deps/src/lua-nginx-module/src/ngx_http_lua_subrequest.c vendored
View file

@ -173,12 +173,6 @@ ngx_http_lua_ngx_location_capture_multi(lua_State *L)
return luaL_error(L, "no request object found");
}
#if (NGX_HTTP_V2)
if (r->main->stream) {
return luaL_error(L, "http2 requests not supported yet");
}
#endif
ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module);
if (ctx == NULL) {
return luaL_error(L, "no ctx found");

84
src/deps/src/lua-nginx-module/src/ngx_http_lua_util.c vendored
View file

@ -764,10 +764,6 @@ ngx_http_lua_send_http10_headers(ngx_http_request_t *r,
}
r->headers_out.content_length_n = size;
if (r->headers_out.content_length) {
r->headers_out.content_length->hash = 0;
}
}
send:
@ -4407,6 +4403,86 @@ ngx_http_lua_copy_escaped_header(ngx_http_request_t *r,
}
ngx_int_t
ngx_http_lua_decode_base64mime(ngx_str_t *dst, ngx_str_t *src)
{
size_t i;
u_char *d, *s, ch;
size_t data_len = 0;
u_char buf[4];
size_t buf_len = 0;
static u_char basis[] = {
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 62, 77, 77, 77, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 77, 77, 77, 77, 77, 77,
77, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 77, 77, 77, 77, 77,
77, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77
};
for (i = 0; i < src->len; i++) {
ch = src->data[i];
if (ch == '=') {
break;
}
if (basis[ch] == 77) {
continue;
}
data_len++;
}
if (data_len % 4 == 1) {
return NGX_ERROR;
}
s = src->data;
d = dst->data;
for (i = 0; i < src->len; i++) {
if (s[i] == '=') {
break;
}
if (basis[s[i]] == 77) {
continue;
}
buf[buf_len++] = s[i];
if (buf_len == 4) {
*d++ = (u_char) (basis[buf[0]] << 2 | basis[buf[1]] >> 4);
*d++ = (u_char) (basis[buf[1]] << 4 | basis[buf[2]] >> 2);
*d++ = (u_char) (basis[buf[2]] << 6 | basis[buf[3]]);
buf_len = 0;
}
}
if (buf_len > 1) {
*d++ = (u_char) (basis[buf[0]] << 2 | basis[buf[1]] >> 4);
}
if (buf_len > 2) {
*d++ = (u_char) (basis[buf[1]] << 4 | basis[buf[2]] >> 2);
}
dst->len = d - dst->data;
return NGX_OK;
}
ngx_addr_t *
ngx_http_lua_parse_addr(lua_State *L, u_char *text, size_t len)
{

1
src/deps/src/lua-nginx-module/src/ngx_http_lua_util.h vendored
View file

@ -261,6 +261,7 @@ void ngx_http_lua_cleanup_free(ngx_http_request_t *r,
#if (NGX_HTTP_LUA_HAVE_SA_RESTART)
void ngx_http_lua_set_sa_restart(ngx_log_t *log);
#endif
ngx_int_t ngx_http_lua_decode_base64mime(ngx_str_t *dst, ngx_str_t *src);
ngx_addr_t *ngx_http_lua_parse_addr(lua_State *L, u_char *text, size_t len);

4
src/deps/src/lua-nginx-module/util/build-without-ssl.sh vendored
View file

@ -26,10 +26,10 @@ add_fake_shm_module="--add-module=$root/t/data/fake-shm-module"
disable_pcre2=--without-pcre2
answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1`
if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then
if [ "$answer" = "N" ] || [ -n "$PCRE2_VER" ]; then
disable_pcre2=""
fi
if [ "$USE_PCRE2" = "Y" ]; then
if [ -n "$PCRE2_VER" ]; then
PCRE_INC=$PCRE2_INC
PCRE_LIB=$PCRE2_LIB
fi