Skip to main content
Version: 8.2405.x.x RR

Restrict access on some locations

If you need a cheap access control but do not want to involve nevisAuth, you can use the following LuaFilter setup, which mimics a simple basic authentication workflow. Be aware that this is not a very secure way of doing access control.

   <filter>
<filter-name>SetRequestAttributeLuaFilter</filter-name>
<filter-class>ch::nevis::isiweb4::filter::lua::LuaFilter</filter-class>
<init-param>
<param-name>Script.InputHeaderFunctionName</param-name>
<param-value>inputHeader</param-value>
</init-param>
<init-param>
<param-name>Script</param-name>
<param-value>
local store = { ["cli:foo"] = true, ["vinc:bar"] = true }
local function try(f, catch)
local status, exception = pcall(f)
if not status then
catch(exception)
end
end

local function send401(resp)
resp:setHeader("WWW-Authenticate", "Basic realm=\"User Visible Realm\"")
resp:send(401)
end

local base64 = nevis.crypto.base64.new()
function inputHeader(req, resp)
local auth =
req:getHeader("Authorization");
if auth then
local plainCred
string.gsub(auth, "Basic (.*)",
function(cred)
try(function()
plainCred = base64:decode(cred)
end, function(e)
send401(resp)
end)
end)
if not store[plainCred] then
send401(resp)
end
else
send401(resp)
end
end
</param-value>
</init-param>
</filter>