Skip to main content
Version: 3.14.x.x LTS

Restrict access on some locations

If you need a cheap access control but do not want to involve nevisAuth, you can use the following LuaFilter setup, which mimics a simple basic authentication workflow. Be aware that this is not a very secure way of doing access control.

 <filter>
  <filter-name>SetRequestAttributeLuaFilter</filter-name>
  <filter-class>ch::nevis::isiweb4::filter::lua::LuaFilter</filter-class>
  <init-param>
  <param-name>Script.InputHeaderFunctionName</param-name>
  <param-value>inputHeader</param-value>
  </init-param>
  <init-param>
  <param-name>Script</param-name>
  <param-value>
  local store = { cli:foo = true, vinc:bar = true }
  local function try(f, catch)
       local status, exception = pcall(f)
        if not status then
       catch(exception)
      end
    end

       local function send401(resp)
         resp:setHeader("WWW-Authenticate", "Basic realm=\"User Visible Realm\"")
         resp:send(401)
       end

       local base64 = nevis.crypto.base64.new()
       function inputHeader(req, resp)
         local auth
 req:getHeader("Authorization");
         if auth then
         local plainCred
         string.gsub(auth, "Basic (.*)",
function(cred)
           try(function()
            plainCred = base64:decode(cred)
           end, function(e)
            send401(resp)
           end)
         end)
         if not store[plainCred] then
          send401(resp)
         end
         else
         send401(resp)
         end
       end
    </param-value>
  </init-param>
</filter>