Return status code (NGINX wrapper)

[mauricioabreu]

Hello,

First, thank you for this library. I am not using it but I came across this project after searching for lua + g2o (I need to make requests using g2o, because to validate it I am using this one (https://github.com/mauricioabreu/nginx_mod_akamai_g2o)

Second, I think the nginx wrapper could return status code instead of calling exit and logging a message. Why? Because this way the user can use the nginx.location.capture (NGINX with lua) and return the code to the client instead of HTTP 200 (since the status is set by exit the client can't set another status code). Does it make sense?

[mauricioabreu]

If you think it makes sense, I would like to contribute to the project. I would also document that using access_by_lua* could not work if the desired location is requested via ngx.location.capture

[lukaszczerpak]

Hi!

Current implementation returns ngx.HTTP_BAD_REQUEST (400 response code - not sure where you saw HTTP 200?) but obviously can be changed to anything else. That's an example only and can be adjusted.
In my opinion leveraging subrequests to move the decision what to serve - in case of failed signature validation - puts unnecessary overhead. At the end such requests should be rejected with 400 or 403 or wheatever else response code.
I can imagine that some clients might better handle responses HTTP 200 and JSON with a specific error - i.e. { "error": 403, "errorMessage": "Access Denied" }. For that reason I would document the alternate way you proposed. Feel free to fork and create PR, but keep it as an alternate implementation pls.
Thanks!