refactor force ssl redirect logic
This commit is contained in:
Elvin Efendi
parent
73bc2cfc48
commit
8c64b12a96
5 changed files with 53 additions and 15 deletions
|
|
@ -48,6 +48,14 @@ local function get_pem_cert_key(raw_hostname)
|
|||
return pem_cert_key
|
||||
end
|
||||
|
||||
function _M.configured_for_server(hostname)
|
||||
if not hostname then
|
||||
return false
|
||||
end
|
||||
|
||||
return get_pem_cert_key(hostname) ~= nil
|
||||
end
|
||||
|
||||
function _M.call()
|
||||
local hostname, hostname_err = ssl.server_name()
|
||||
if hostname_err then
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
local ngx_re_split = require("ngx.re").split
|
||||
|
||||
local certificate_configured_for_server = require("certificate").configured_for_server
|
||||
|
||||
local original_randomseed = math.randomseed
|
||||
local string_format = string.format
|
||||
local ngx_redirect = ngx.redirect
|
||||
|
|
@ -54,8 +56,20 @@ local function randomseed()
|
|||
math.randomseed(seed)
|
||||
end
|
||||
|
||||
local function redirect_to_https()
|
||||
return ngx.var.pass_access_scheme == "http" and (ngx.var.scheme == "http" or ngx.var.scheme == "https")
|
||||
local function redirect_to_https(location_config)
|
||||
if location_config.force_no_ssl_redirect then
|
||||
return false
|
||||
end
|
||||
|
||||
if ngx.var.pass_access_scheme ~= "http" then
|
||||
return false
|
||||
end
|
||||
|
||||
if location_config.force_ssl_redirect then
|
||||
return true
|
||||
end
|
||||
|
||||
return location_config.ssl_redirect and certificate_configured_for_server(ngx.var.host)
|
||||
end
|
||||
|
||||
local function redirect_host()
|
||||
|
|
@ -119,7 +133,7 @@ function _M.rewrite(location_config)
|
|||
ngx.var.pass_port = 443
|
||||
end
|
||||
|
||||
if location_config.force_ssl_redirect and redirect_to_https() then
|
||||
if redirect_to_https(location_config) then
|
||||
local uri = string_format("https://%s%s", redirect_host(), ngx.var.request_uri)
|
||||
|
||||
if location_config.use_port_in_redirects then
|
||||
|
|
|
|||
|
|
@ -129,4 +129,22 @@ describe("Certificate", function()
|
|||
assert.spy(ngx.log).was_called_with(ngx.ERR, "failed to convert certificate chain from PEM to DER: PEM_read_bio_X509_AUX() failed")
|
||||
end)
|
||||
end)
|
||||
|
||||
describe("configured_for_server", function()
|
||||
before_each(function()
|
||||
set_certificate("hostname", EXAMPLE_CERT, UUID)
|
||||
end)
|
||||
|
||||
it("returns true when certificate exists for given server", function()
|
||||
assert.is_true(certificate.configured_for_server("hostname"))
|
||||
end)
|
||||
|
||||
it("returns false when certificate does not exist for given server", function()
|
||||
assert.is_false(certificate.configured_for_server("hostname.xyz"))
|
||||
end)
|
||||
|
||||
it("returns false when no server given", function()
|
||||
assert.is_false(certificate.configured_for_server())
|
||||
end)
|
||||
end)
|
||||
end)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue