Examples

• Hello World
• URL Decoding
• URL Encoding
• Internal Redirect
• Returning Fastest Response from Proxy
• Creating HS JWT
• Accessing API from a Subrequest
• Creating secure_link Hash
• Legacy Examples
• Injecting HTTP header using stream proxy

Hello World

nginx.conf:

load_module modules/ngx_http_js_module.so;

events {}

http {
    js_include hello_world.js;

    server {
        listen 8000;

        location / {
            js_content hello;
        }
    }
}

hello_world.js:

function hello(r) {
    r.return(200, "Hello world!");
}

URL Decoding

nginx.conf:

js_include urldecode.js;

js_set $decoded_foo decoded_foo;

urldecode.js:

function decoded_foo(r) {
    return decodeURIComponent(r.args.foo);
}

URL Encoding

nginx.conf:

js_include urlencode.js;

js_set $encoded_foo encoded_foo;
...

location / {
    proxy_pass http://example.com?foo=$encoded_foo;
}

urlencode.js:

function encoded_foo(r) {
    return encodeURIComponent('foo & bar?');
}

Internal Redirect

nginx.conf:

js_include redirect.js;

location /redirect {
    js_content redirect;
}

location @named {
    return 200 named;
}

redirect.js:

function redirect(r) {
    r.internalRedirect('@named');
}

Returning Fastest Response from Proxy

nginx.conf:

js_include fastresponse.js;

location /start {
    js_content content;
}

location /foo {
    proxy_pass http://backend1;
}

location /bar {
    proxy_pass http://backend2;
}

fastresponse.js:

function content(r) {
    var n = 0;

    function done(res) {
        if (n++ == 0) {
            r.return(res.status, res.responseBody);
        }
    }

    r.subrequest('/foo', r.variables.args, done);
    r.subrequest('/bar', r.variables.args, done);
}

Creating HS JWT

nginx.conf:

js_include hs_jwt.js;

js_set $jwt jwt;

hs_jwt.js:

function create_hs256_jwt(claims, key, valid) {
    var header = { "typ" : "JWT", "alg" : "HS256", "exp" : Date.now() + valid };

    var s = JSON.stringify(header).toBytes().toString('base64url') + '.'
            + JSON.stringify(claims).toBytes().toString('base64url');

    var h = require('crypto').createHmac('sha256', key);

    return s + '.' + h.update(s).digest().toString('base64url');
}

function jwt(r) {
    var claims = {
        "iss" : "nginx",
        "sub" : "alice",
        "foo" : 123,
        "bar" : "qq",
        "zyx" : false
    };

    return create_hs256_jwt(claims, 'foo', 600);
}

Accessing API from a Subrequest

nginx.conf:

js_include subrequest.js;

keyval_zone zone=foo:10m;
...

location /keyval {
    js_content set_keyval;
}

location /version {
    js_content version;
}

location /api {
    api write=on;
}

subrequest.js:

function set_keyval(r) {
    r.subrequest('/api/3/http/keyvals/foo',
        { method: 'POST',
          body: JSON.stringify({ foo: 789, bar: "ss dd 00" })},

        function(res) {
            if (res.status >= 300) {
                r.return(res.status, res.responseBody);
                return;
            }
            r.return(500);
        });
}

function version(r) {
    r.subrequest('/api/3/nginx', { method: 'GET' }, function(res) {
        if (res.status != 200) {
            r.return(res.status);
            return;
        }

        var json = JSON.parse(res.responseBody);
        r.return(200, json.version);
    });
}

Creating secure_link Hash

nginx.conf:

js_include hash.js;

js_set $new_foo create_secure_link;
...

location / {
    secure_link $cookie_foo;
    secure_link_md5 "$uri mykey";
    ...
}

location @login {
    add_header Set-Cookie "foo=$new_foo; Max-Age=60";
    return 302 /;
}

hash.js:

function create_secure_link(r) {
    return require('crypto').createHash('md5')
                            .update(r.uri).update(" mykey")
                            .digest('base64url');
}

Legacy Examples

Injecting HTTP header using stream proxy

Starting from njs 0.2.4, stream configuration example has been changed. For njs 0.2.3 and earlier, use this configuration example:

load_module modules/ngx_stream_js_module.so;
...

stream {
    js_include stream.js;

    js_set $foo foo;
    js_set $bar bar;

    server {
        listen 12345;

        js_preread qux;
        return     $foo;
    }

    server {
        listen 12346;

        js_access  xyz;
        proxy_pass 127.0.0.1:8000;
        js_filter  baz;
    }
}

http {
    server {
        listen 8000;
        location / {
            return 200 $http_foo\n;
        }
    }
}

The stream.js file:

var req = '';
var matched = 0;
var line = '';

function qux(s) {
    var n = s.buffer.indexOf('\n');
    if (n == -1) {
        return s.AGAIN;
    }

    line = s.buffer.substr(0, n);
}

function foo(s) {
    return line;
}

function bar(s) {
    var v = s.variables;
    s.log("hello from bar() handler!");
    return "foo-var" + v.remote_port + "; pid=" + v.pid;
}

// The filter processes one buffer per call.
// The buffer is available in s.buffer both for
// reading and writing.  Called for both directions.

function baz(s) {
    if (s.fromUpstream || matched) {
        return;
    }

    // Disable certain addresses.

    if (s.remoteAddress.match('^192.*')) {
        return s.ERROR;
    }

    // Read HTTP request line.
    // Collect bytes in 'req' until request
    // line is read.  Clear current buffer to
    // disable output.

    req = req + s.buffer;
    s.buffer = '';

    var n = req.search('\n');

    if (n != -1) {
        // Inject a new HTTP header.
        var rest = req.substr(n + 1);
        req = req.substr(0, n + 1);

        var addr = s.remoteAddress;

        s.log('req:' + req);
        s.log('rest:' + rest);

        // Output the result and skip further
        // processing.

        s.buffer = req + 'Foo: addr_' + addr + '\r\n' + rest;
        matched = 1;
    }
}

function xyz(s) {
    if (s.remoteAddress.match('^192.*')) {
        return s.ABORT;
    }
}