Update nginx-jwt.lua

devMls · web-flow · commit 32206d9f0b7f · 2017-01-20T18:17:18.000+01:00
diff --git a/nginx-jwt.lua b/nginx-jwt.lua
@@ -26,21 +26,40 @@ function M.auth(claim_specs)
     -- require Authorization request header
     local auth_header = ngx.var.http_Authorization
 
-    if auth_header == nil then
-        ngx.log(ngx.WARN, "No Authorization header")
-        ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    token_site = os.getenv("NGINX_JWT_TOKEN_SITE")
+    
+    if token_site == nil then 
+        ngx.log(ngx.WARN, "No token site found, use default: HEADER")
+        token_site = "HEADER"
     end
+    
+    if token_site == "HEADER" then
+        if auth_header == nil then
+            ngx.log(ngx.WARN, "No Authorization header")
+            ngx.exit(ngx.HTTP_UNAUTHORIZED)
+        end
 
-    ngx.log(ngx.INFO, "Authorization: " .. auth_header)
+        ngx.log(ngx.INFO, "Authorization: " .. auth_header)
 
     -- require Bearer token
-    local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+        local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
 
-    if token == nil then
-        ngx.log(ngx.WARN, "Missing token")
-        ngx.exit(ngx.HTTP_UNAUTHORIZED)
     end
-
+    
+    if token_site == "COOKIE" then
+        token = ngx.var.cookie_bearer
+    end
+    
+    if token_site == "REQUEST" then
+        token = ngx.var.arg_bearer
+    end
+    
+    if token == nil then
+       ngx.log(ngx.WARN, "Missing token")
+       ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end   
+    
+    
     ngx.log(ngx.INFO, "Token: " .. token)
 
     -- require valid JWT
