project Websites / videos.bentasker.co.uk avatar

Websites / videos.bentasker.co.uk: 7be682da

Allow paths to be excluded from token enforcement

Allow paths to be excluded from token enforcement

For example, if the embed script failed to get a token, it'll write an img tag using /resources/embed/failed.png to notify the user. This should be permitted without a working token

Commit 7be682da.

Authored 2019-04-18T18:41:44.000+01:00 by B Tasker in project Websites / videos.bentasker.co.uk

+23 lines -0 lines

Changes

diff --git a/resources/tokenisation/minter/token_validate.lua b/resources/tokenisation/minter/token_validate.lua
--- a/resources/tokenisation/minter/token_validate.lua
+++ b/resources/tokenisation/minter/token_validate.lua
# @@ -10,6 +10,10 @@ local string = string
# local os = os
# local sha256 = require "lib.sha256"
#
# +
# +local excluded_paths = {'resources/embed/'}
# +
# +
# local function mint_token(path,expires,ip,secret)
# local mint = {path,expires,ip}
# local mintstr = table.concat(mint,':')
# @@ -32,6 +36,17 @@ local function getPath(str,sep)
# return str:match("(.*"..sep..")")
# end
#
# +function table.contains(table, element)
# + -- From https://stackoverflow.com/questions/2282444/how-to-check-if-a-table-contains-an-element-in-lua
# + for _, value in pairs(table) do
# + if value == element then
# + return true
# + end
# + end
# + return false
# +end
# +
# +
# local function bakeTokenCookie(name,value,path,expires)
# -- Return a string like
# -- foo=value; Path=/foo/bar/sed; Expires=Jan 1st 2011
# @@ -53,6 +68,14 @@ secret = ngx.var.secret
# cookiename = sha256.sha256(vidpath)
#
#
# +if table.contains(excluded_paths,vidpath)
# +then
# + -- We don't enforce tokens for this file
# + ngx.exit(ngx.OK)
# +end
# +
# +
# +
# -- ngx.header['X-Tk-Debug'] = 'Validating for ip ' .. ip .. ' and path ' .. vidpath
# local provided = ngx.var.arg_t
# local expires = tonumber(ngx.var.arg_e)
#