Skip to content

Commit 0ee5270

Browse files
theboringhumanetheboringhumane
committed
Add CORS support by allowing OPTIONS requests without authentication in auth.lua; enhance logging for authentication flow
1 parent 925db5d commit 0ee5270

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

auth.lua

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -118,34 +118,45 @@ local function parse_cookies(cookie_string)
118118
return cookies
119119
end
120120

121+
-- Allow OPTIONS requests to pass through without authentication for CORS preflight
122+
if ngx.var.request_method == "OPTIONS" then
123+
ngx.log(ngx.INFO, "🚀 Line 105 - auth.lua:main() - Allowing OPTIONS preflight request: ", ngx.var.request_uri)
124+
return ngx.exit(ngx.HTTP_OK)
125+
end
126+
121127
-- get request headers
122128
local headers = ngx.req.get_headers()
123129
local bypass_header_value = headers[BYPASS_HEADER]
124130

125131
if ALLOW_BYPASS == "true" and bypass_header_value and bypass_header_value == BYPASS_HEADER_VALUE then
126-
ngx.log(ngx.INFO, "Bypassing auth for request: ", ngx.var.request_uri)
132+
ngx.log(ngx.INFO, "🔓 Line 112 - auth.lua:main() - Bypassing auth for request: ", ngx.var.request_uri)
127133
return ngx.exit(ngx.HTTP_OK)
128134
end
129135

130136
local cookies = parse_cookies(ngx.var.http_cookie)
131137
local token = cookies[JWT_SALT]
132138

133139
if not token then
140+
ngx.log(ngx.ERR, "❌ Line 119 - auth.lua:main() - No JWT token found in cookies for request: ", ngx.var.request_uri)
134141
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
135142
end
136143

137144
local jwt_obj = validate_jwt(token)
138145
if not jwt_obj then
146+
ngx.log(ngx.ERR, "❌ Line 125 - auth.lua:validate_jwt() - Invalid JWT token for request: ", ngx.var.request_uri)
139147
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
140148
end
141149

142150
local user_id = jwt_obj.payload.sub
143151

144152
-- we need to set user_id in the request headers
145153
ngx.req.set_header("X-User-Id", user_id)
154+
ngx.log(ngx.INFO, "✅ Line 132 - auth.lua:main() - Authentication successful for user: ", user_id, " request: ", ngx.var.request_uri)
146155

147156
if ENABLE_DB_CHECK == "true" then
148157
if not check_user(user_id) then
158+
ngx.log(ngx.ERR, "❌ Line 136 - auth.lua:check_user() - User not found in database: ", user_id, " request: ", ngx.var.request_uri)
149159
return ngx.exit(ngx.HTTP_FORBIDDEN)
150160
end
161+
ngx.log(ngx.INFO, "✅ Line 139 - auth.lua:check_user() - Database check passed for user: ", user_id)
151162
end

0 commit comments

Comments
 (0)