{"id":13566529,"url":"https://github.com/jedisct1/encrypted-session-nginx-module","last_synced_at":"2025-04-04T00:31:00.015Z","repository":{"id":7146161,"uuid":"8443920","full_name":"jedisct1/encrypted-session-nginx-module","owner":"jedisct1","description":"encrypt and decrypt nginx variable values","archived":false,"fork":true,"pushed_at":"2013-01-22T20:14:01.000Z","size":184,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-04T20:42:38.242Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"openresty/encrypted-session-nginx-module","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jedisct1.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-02-26T22:53:02.000Z","updated_at":"2021-01-12T07:59:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jedisct1/encrypted-session-nginx-module","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fencrypted-session-nginx-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fencrypted-session-nginx-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fencrypted-session-nginx-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fencrypted-session-nginx-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jedisct1","download_url":"https://codeload.github.com/jedisct1/encrypted-session-nginx-module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247103306,"owners_count":20884023,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T13:02:11.415Z","updated_at":"2025-04-04T00:30:57.403Z","avatar_url":"https://github.com/jedisct1.png","language":"C","funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"Name\n    encrypted-session-nginx-module - encrypt and decrypt nginx variable values\n\n    *This module is not distributed with the Nginx source.* See the\n    installation instructions.\n\nStatus\n    This module is production ready.\n\nSynopsis\n\n    # key must be of 32 bytes long\n    encrypted_session_key \"abcdefghijklmnopqrstuvwxyz123456\";\n\n    # iv must not be longer than 16 bytes\n    #   default: \"deadbeefdeadbeef\" (w/o quotes)\n    encrypted_session_iv \"1234567812345678\";\n\n    # default: 1d (1 day)\n    encrypted_session_expires 2; # in sec\n\n    location /encrypt {\n        set $raw 'text to encrypted'; # from the ngx_rewrite module\n        set_encrypt_session $session $raw;\n        set_encode_base32 $session; # from the ngx_set_misc module\n\n        add_header Set-Cookie 'my_login=$session';  # from the ngx_headers module\n\n        # your content handler goes here...\n    }\n\n    location /decrypt {\n        set_decode_base32 $session $cookie_my_login; # from the ngx_set_misc module\n        set_decrypt_session $raw $session;\n\n        if ($raw = '') {\n            # bad session\n        }\n\n        # your content handler goes here...\n    }\n\nDescription\n    This module provides encryption and decryption support for\n    nginx variables based on AES-256 with Mac.\n\n    This module is usually used with the ngx_set_misc module\n    ( http://github.com/agentzh/set-misc-nginx-module )\n    and the standard rewrite module's directives.\n\n    This module can be used to implement simple user login and ACL.\n\n    Usually, you just decrypt data in nginx level, and pass the uncrypted\n    data to your FastCGI/HTTP backend, as in\n\n       location /blah {\n              set_decrypt_session $raw_text $encrypted;\n\n             # this directive is from thengx_set_misc module\n              set_escape_uri $escaped_raw_text $raw_text;\n\n              fastcgi_param QUERY_STRING \"uid=$uid\";\n              fastcgi_pass unix:/path/to/my/php/or/python/fastcgi.sock;\n       }\n\n    Lua web apps running directly on ngx_lua can call\n    this module's directives directly from within Lua code:\n\n       local raw_text = ndk.set_var.set_decrypt_session(encrypted_text)\n\nDirectives\n    encrypted_session_key\n        set the key for the cipher (must be 32 bytes long)\n\n    encrypted_session_iv\n        set the init vector used for the cipher (must be no longer than 16 bytes)\n\n    encrypted_session_expires\n        set expiration time difference (in seconds)\n\n        For example, consider the config\n\n            encypted_session_expires 1d;\n\n        When your session is being generated, ngx_encrypted_session will plant\n        an expiration time (1 day in the future in this example) into the the\n        encrypted session string, such that when the session is being decrypted\n        later, the server can pull the expiration time out of the session and\n        compare it with the server's current system time. No matter how you\n        transfer and store your session, like using cookies, or uri args, or whatever.\n\n        People may confuse this setting with the expiration date of http cookies.\n        This directive simply controls when the session gets expired; it knows\n        nothing about http cookies. Even if the end user intercepted this session\n        from cookie by himself and uses it later manually, the server will still\n        reject it when the expiration time gets passed.\n\n    set_encrypt_session\n\n    set_decrypt_session\n\nInstallation\n    1. Grab the nginx source code from nginx.org (\u003chttp://nginx.org/ \u003e), for\n        example, the version 1.0.11 (see nginx compatibility),\n\n    2. Grab the NDK module from GitHub:\n        http://github.com/simpl/ngx_devel_kit\n\n    3. and then build the source with this module:\n\n        wget 'http://nginx.org/download/nginx-1.0.11.tar.gz'\n        tar -xzvf nginx-1.0.11.tar.gz\n        cd nginx-1.0.11/\n\n        # Here we assume you would install you nginx under /opt/nginx/.\n        ./configure --prefix=/opt/nginx \\\n            --add-module=/path/to/ngx_devel_kit \\\n            --add-module=/path/to/encrypted-session-nginx-module\n\n        make\n        make install\n\n    Download the latest version of the release tarball of this module from\n    encrypted-session-nginx-module file list\n    (\u003chttp://github.com/agentzh/encrypted-session-nginx-module/tags \u003e).\n\n    OpenSSL should not be disabled in your Nginx build.\n\nCompatibility\n    The following versions of Nginx should work with this module:\n\n    *   1.1.x (last tested: 1.1.5)\n\n    *   1.0.x (last tested: 1.0.11)\n\n    *   0.9.x (last tested: 0.9.4)\n\n    *   0.8.x (last tested: 0.8.54)\n\n    *   0.7.x \u003e= 0.7.46 (last tested: 0.7.68)\n\n    Earlier versions of Nginx like 0.6.x and 0.5.x will *not* work.\n\n    If you find that any particular version of Nginx above 0.7.44 does not\n    work with this module, please consider reporting a bug.\n\nReport Bugs\n    Although a lot of effort has been put into testing and code tuning,\n    there must be some serious bugs lurking somewhere in this module. So\n    whenever you are bitten by any quirks, please don't hesitate to\n\n    1.  send a bug report or even patches to \u003cagentzh@gmail.com\u003e,\n\n    2.  or create a ticket on the issue tracking interface\n        (\u003chttp://github.com/agentzh/encrypted-session-nginx-module/issues \u003e)\n        provided by GitHub.\n\nSource Repository\n    Available on github at agentzh/encrypted-session-nginx-module\n    (\u003chttp://github.com/agentzh/encrypted-session-nginx-module \u003e).\n\nChangeLog\n\nTest Suite\n    This module comes with a Perl-driven test suite. The test cases\n    (\u003chttp://github.com/agentzh/encrypted-session-nginx-module/tree/master/test/t/ \u003e\n    ) are declarative\n    (\u003chttp://github.com/agentzh/encrypted-session-nginx-module/blob/master/test/t/sanity.t \u003e)\n    too. Thanks to the Test::Base\n    (\u003chttp://search.cpan.org/perldoc?Test::Base \u003e) module in the Perl world.\n\n    To run it on your side:\n\n        $ cd test\n        $ PATH=/path/to/your/nginx-with-encrypted-session-module:$PATH prove -r t\n\n    Test::Nginx (\u003chttp://search.cpan.org/perldoc?Test::Nginx \u003e) is used by\n    the test scaffold.\n\n    You need to terminate any Nginx processes before running the test suite\n    if you have changed the Nginx server binary.\n\n    Because a single nginx server (by default, \"localhost:1984\") is used\n    across all the test scripts (\".t\" files), it's meaningless to run the\n    test suite in parallel by specifying \"-jN\" when invoking the \"prove\"\n    utility.\n\n    Some parts of the test suite requires modules rewrite, and echo\n    to be enabled as well when building Nginx.\n\nTODO\n\nGetting involved\n    You'll be very welcomed to submit patches to the author or just ask for\n    a commit bit to the source repository on GitHub.\n\nAuthor\n    agentzh (章亦春) *\u003cagentzh@gmail.com\u003e*\n\nCopyright \u0026 License\n    Copyright (c) 2010, Taobao Inc., Alibaba Group ( http://www.taobao.com\n    ).\n\n    Copyright (c) 2009, agentzh \u003cagentzh@gmail.com\u003e.\n\n    This module is licensed under the terms of the BSD license.\n\n    Redistribution and use in source and binary forms, with or without\n    modification, are permitted provided that the following conditions are\n    met:\n\n    *   Redistributions of source code must retain the above copyright\n        notice, this list of conditions and the following disclaimer.\n\n    *   Redistributions in binary form must reproduce the above copyright\n        notice, this list of conditions and the following disclaimer in the\n        documentation and/or other materials provided with the distribution.\n\n    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\n    IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED\n    TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\n    PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n    HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\n    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\n    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\n    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\n    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\n    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nSee Also\n    * NDK: http://github.com/simpl-it/ngx_devel_kit\n    * ngx_set_misc module: http://github.com/agentzh/set-misc-nginx-module\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fencrypted-session-nginx-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjedisct1%2Fencrypted-session-nginx-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fencrypted-session-nginx-module/lists"}