Join Log in
Score:1
AmenzO avatar Server

Execute js script to update requestBody before redirect

jm flag
AmenzO

I am configuring à nginx location but I need to run a script (njs) that update requestBody before redirection :

This my conf but when i deploy it still redirect without update requestBody or return error

Parent nginx.conf:

     // .....
     js_import checkScript from  /etc/nginx/js/scripts/checkScript.js;
     // ....

In checkScript.js :

export default {
    rights
}

function rights(r) {
    const body = JSON.parse(r.requestBody);
    if (body.isAdmin) {
        body.rights = ['ADMIN'];
        r.requestBody = JSON.stringify(body);
    } else {
        r.return(403, 'Not admin');
    }
}

products.http-service.conf :

location /api/data/products/new {
    set $gateway_role "dev.yumStore";
    set $gateway_realm "yumStore";

    auth_request /_tokenExchange;

    # check rights and update body
    js_content checkScript.rights;

    proxy_set_header "Authorization" $gateway_auth_header;

    # redirection
    proxy_pass $OUTGATEWAY/api/data/products/new;
}

Thanks for help!!

221
2 + 0
Score:1
avatar Server
us flag
Tero Kilkanen

You are updating a local copy of the JSON document in your function.

I don't know if this is allowed, but you can try:

function rights(r) {
    const body = JSON.parse(r.requestBody);
    if (body.isAdmin) {
        body.rights = ['ADMIN']
        r.requestBody = JSON.stringify(body); // I don't know if nginx JS allows overwriting the requestBody...
    } else {
        r.return(403, 'Not admin');
    }
}

I hope you have proper authentication for your admin part in addition to this, since this approach is really straightforward to bypass.

+ 1
AmenzO avatar
jm flag
AmenzO
sorry but I did it in my conf I only forgot to put it in the example. it allows to overwrite it but proxy_pass ignore it
0
Reply
Score:1
ericminio avatar Server
xk flag
ericminio

Say you send the body detrevni to nginx, a njs module wich inverts the string into inverted, proxy_pass to an upstream server which will respond with echoing: inverted.

The following config works for the test above. Hope it helps.

default.conf:

js_import main from invert.js;

server {
    
    location /ping {
        return 200 'pong';
    }

    location / {
        js_content main.invert;
    }

    location /api {
        proxy_pass http://host.docker.internal:5015;
    }
}

invert.js

async function invert(r) {
  let body = r.requestText;
  let inverted = body.split("").reverse().join("");
  let res = await r.subrequest("/api", { body: inverted });
  r.return(res.status, res.responseBody);
}

export default { invert };

api

const server = new Server(5015, async (request, response) => {
  const incoming = await payload(request);
  const answer = `echoing: ${incoming}`;
  console.log("answering with", answer);
  response.writeHead(200, { "content-type": "text/plain" });
  response.write(answer);
  response.end();
});

The code can be found here: https://github.com/ericminio/learning-nginx/tree/master/njs-modify-body

+ 1
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.