Release 3.6.4

Author: frwiqueueit

Examples/ApacheHandlerUsingConfigFromFile.lua

@@ -14,14 +14,11 @@
 --...   * QUEUEIT_INT_CONF_FILE: The local JSON file containing the integration configuration
 --      * QUEUEIT_ERROR_CODE: (optional) The response code to use instead of declining to act
 --                            if request handling fails
---      * QUEUEIT_COOKIE_OPTIONS_HTTPONLY: (optional) Set to "true" if you want cookies with httponly 
---                            flag set. Only enable if this you use pure server-side integration 
+--      * QUEUEIT_COOKIE_OPTIONS_HTTPONLY: (optional) Set to "true" if you want cookies with httponly
+--                            flag set. Only enable if this you use pure server-side integration
 --                            e.g. not JS Hybrid.
---      * QUEUEIT_COOKIE_OPTIONS_SECURE: (optional) Set to "true" if you want cookies with secure 
+--      * QUEUEIT_COOKIE_OPTIONS_SECURE: (optional) Set to "true" if you want cookies with secure
 --                            flag set. Only enable if your website runs purely on https.
---      * QUEUEIT_COOKIE_OPTIONS_SAMESITE: (optional) set to any of these values 
---                            "none", "strict" or "lax" if response cookies should have samesite flag set.
---                            only use 'strict' if your queue protected site stays on same domain (no navigation to subdomains).
 --    Note that the integration configuration is read on every request. The JSON file containing
 --    The integration configuration should, for performance reasons, be available locally.
 --
@@ -35,7 +32,6 @@
 --      SetEnv  QUEUEIT_ERROR_CODE                  "400"
 --      SetEnv  QUEUEIT_COOKIE_OPTIONS_HTTPONLY     "false"
 --      SetEnv  QUEUEIT_COOKIE_OPTIONS_SECURE       "false"
---      SetEnv  QUEUEIT_COOKIE_OPTIONS_SAMESITE     "none"
 --      LuaMapHandler  "{URI_PATTERN}"  "{APP_FOLDER}/Handlers/ApacheHandlerUsingConfigFromFile.lua"
 --      LuaPackagePath "{APP_FOLDER}/SDK/?.lua"
 --      LuaPackagePath "{APP_FOLDER}/Helpers/?/?.lua"
@@ -58,10 +54,9 @@ local function initRequiredHelpers(r, cookieOptions)
     local iHelpers = require("KnownUserImplementationHelpers")
 
     iHelpers.request.getAbsoluteUri = function()
-        local fullUrl = string.format("%s://%s:%s%s",
+        local fullUrl = string.format("%s://%s%s",
             r.is_https and "https" or "http",
             r.hostname,
-            r.port,
             r.unparsed_uri)
         r:debug(string.format("[%s] Rebuilt request URL as: %s", DEBUG_TAG, fullUrl))
         return fullUrl
@@ -78,23 +73,21 @@ function handle(r)
     -- catch errors if any occur
     local success, result = pcall(function()
 
-        -- get configuration from environment variables        
+        -- get configuration from environment variables
         local customerId = r.subprocess_env["QUEUEIT_CUSTOMER_ID"]
         local secretKey = r.subprocess_env["QUEUEIT_SECRET_KEY"]
         local intConfFile = r.subprocess_env["QUEUEIT_INT_CONF_FILE"]
-        local errorCode = r.subprocess_env["QUEUEIT_ERROR_CODE"]        
+        local errorCode = r.subprocess_env["QUEUEIT_ERROR_CODE"]
         local co_httpOnly = r.subprocess_env["QUEUEIT_COOKIE_OPTIONS_HTTPONLY"]
         local co_secure = r.subprocess_env["QUEUEIT_COOKIE_OPTIONS_SECURE"]
-        local co_sameSite = r.subprocess_env["QUEUEIT_COOKIE_OPTIONS_SAMESITE"]
-                
+
         r:debug(string.format("[%s] Environment variable QUEUEIT_CUSTOMER_ID: %s", DEBUG_TAG, customerId))
         r:debug(string.format("[%s] Environment variable QUEUEIT_SECRET_KEY: %s", DEBUG_TAG, secretKey))
         r:debug(string.format("[%s] Environment variable QUEUEIT_INT_CONF_FILE: %s", DEBUG_TAG, intConfFile))
         r:debug(string.format("[%s] Environment variable QUEUEIT_ERROR_CODE: %s", DEBUG_TAG, errorCode))
         r:debug(string.format("[%s] Environment variable QUEUEIT_COOKIE_OPTIONS_HTTPONLY: %s", DEBUG_TAG, co_httpOnly))
         r:debug(string.format("[%s] Environment variable QUEUEIT_COOKIE_OPTIONS_SECURE: %s", DEBUG_TAG, co_secure))
-        r:debug(string.format("[%s] Environment variable QUEUEIT_COOKIE_OPTIONS_SAMESITE: %s", DEBUG_TAG, co_sameSite))
-        
+
         assert(customerId ~= nil, "customerId invalid")
         assert(secretKey ~= nil, "secretKey invalid")
         assert(intConfFile ~= nil, "config invalid")
@@ -103,24 +96,24 @@ function handle(r)
         if (errorCode ~= nil) then
             errorCode = tonumber(errorCode)
             if (errorCode == nil) then
-                r:warn(string.format("[%s] Value of QUEUEIT_ERROR_CODE is not a valid HTTP status code: %s", DEBUG_TAG, r.subprocess_env["QUEUEIT_ERROR_CODE"]))
+                r:warn(string.format(
+                    "[%s] Value of QUEUEIT_ERROR_CODE is not a valid HTTP status code: %s",
+                    DEBUG_TAG, r.subprocess_env["QUEUEIT_ERROR_CODE"]))
             elseif (errorCode >= 100) and (errorCode < 600) then
                 errorResult = errorCode
             end
         end
         r:debug(string.format("[%s] Value of variable errorCode: %s", DEBUG_TAG, errorCode))
 
         -- configure cookie options
-        local cookieOptions = 
+        local cookieOptions =
         {
             httpOnly = false,
-            secure = false,
-            sameSite = nil
+            secure = false
         }
-        
+
         if (co_httpOnly ~= nil and co_httpOnly == 'true') then cookieOptions.httpOnly = true end
         if (co_secure ~= nil and co_secure == 'true') then cookieOptions.secure = true end
-        if (co_sameSite ~= nil and (co_sameSite == 'none' or co_sameSite == 'lax' or co_sameSite == 'strict' )) then cookieOptions.sameSite = co_sameSite end
 
         -- initialize helper functions
         initRequiredHelpers(r, cookieOptions)

Handlers/KnownUserApacheHandler.lua

@@ -1,6 +1,6 @@
-iHelpers = require("KnownUserImplementationHelpers")
-knownUser = require("KnownUser")
-utils = require("Utils")
+local iHelpers = require("KnownUserImplementationHelpers")
+local knownUser = require("KnownUser")
+local utils = require("Utils")
 
 local aHandler = {}
 
@@ -9,10 +9,10 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 	assert(secretKey ~= nil, "secretKey invalid")
 	assert(config ~= nil, "config invalid")
 	assert(isIntegrationConfig ~= nil, "isIntegrationConfig invalid")
-	assert(request_rec ~= nil, "request_rec invalid")	
-	
+	assert(request_rec ~= nil, "request_rec invalid")
+
 	-- Implement required helpers
-	-- ********************************************************************************		
+	-- ********************************************************************************
 	iHelpers.system.getConnectorName = function()
 		return apache2.version
 	end
@@ -21,72 +21,72 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 		local json = require("json")
 		return json.parse(jsonStr)
 	end
-	
+
 	iHelpers.hash.hmac_sha256_encode = function(message, key)
 		local sha2 = require("sha2")
         return sha2.hmac(sha2.sha256, key, message)
 	end
-	
+
 	iHelpers.request.getHeader = function(name)
 		return request_rec.headers_in[name]
 	end
-	
+
 	iHelpers.request.getUnescapedCookieValue = function(name)
-		-- Alternative to request_rec:getcookie method, 
+		-- Alternative to request_rec:getcookie method,
 		-- which fails if client sends a Cookie header with multiple entries with same name/key.
-		local function getCookieValue(name)
-			local function split(inputstr, sep) 
-				sep=sep or '%s' local t={} 
-				for field,s in string.gmatch(inputstr, "([^"..sep.."]*)("..sep.."?)") do 
-					table.insert(t,field) 
-					if s=="" then 
-						return t 
-					end 
-				end 
+		local function getCookieValue(_name)
+			local function split(inputstr, sep)
+				sep=sep or '%s' local t={}
+				for field,s in string.gmatch(inputstr, "([^"..sep.."]*)("..sep.."?)") do
+					table.insert(t,field)
+					if s=="" then
+						return t
+					end
+				end
 			end
-			
-			if (name == nil) then
+
+			if (_name == nil) then
 				return nil
 			end
 
 			local cookieHeader = request_rec.headers_in["Cookie"]
-			
+
 			if(cookieHeader == nil) then
 				return nil
 			end
-				
+
 			local cookieHeaderParts = split(cookieHeader, ";")
-			
+
 			if (cookieHeaderParts == nil) then
 				return nil
 			end
-			
+
 			-- Translate name to pattern so it will work correctly in string.find
-			-- ex. translate 'QueueITAccepted-SDFrts345E-V3_event1' to 'QueueITAccepted--SDFrts345E--V3_event1='	
-			name = name:gsub("-", "--") .. "="			
-			
-			for k, v in pairs(cookieHeaderParts) do
-				startIndex, endIndex = string.find(v, name)
-				
+			-- ex. translate 'QueueITAccepted-SDFrts345E-V3_event1' to 'QueueITAccepted--SDFrts345E--V3_event1='
+			_name = _name:gsub("-", "--") .. "="
+
+			for _, v in pairs(cookieHeaderParts) do
+				local _, endIndex = string.find(v, _name)
+
 				if(endIndex ~= nil) then
 					return v:sub(endIndex + 1)
 				end
 			end
 		end
-		
+
 		local cookieValue = getCookieValue(name)
-		
+
 		if (cookieValue ~= nil) then
 			cookieValue = utils.urlDecode(cookieValue)
 		end
 
 		return cookieValue
 	end
-	
+
 	iHelpers.request.getUserHostAddress = function()
 		return request_rec.useragent_ip
 	end
-	
+
 	-- Implementation is not using built in r:setcookie method
 	-- because we want to support Apache version < 2.4.12
 	-- where there is bug in that specific method
@@ -98,51 +98,50 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 		if (domain == nil) then
 			domain = ""
 		end
-		
+
 		if (value == nil) then
 			value = ""
 		end
-		
+
 		value = utils.urlEncode(value)
 
 		local expire_text = ''
 		if expire ~= nil and type(expire) == "number" and expire > 0 then
 			expire_text = '; Expires=' .. os.date("!%a, %d %b %Y %H:%M:%S GMT", expire)
 		end
 
-		request_rec.err_headers_out["Set-Cookie"] = name .. '=' .. value 
+		request_rec.err_headers_out["Set-Cookie"] = name .. '=' .. value
 			.. expire_text
-			.. (domain ~= "" and '; Domain=' .. domain or '') 
+			.. (domain ~= "" and '; Domain=' .. domain or '')
 			.. (iHelpers.response.cookieOptions.httpOnly and '; HttpOnly' or '')
 			.. (iHelpers.response.cookieOptions.secure and '; Secure' or '')
-			.. (iHelpers.response.cookieOptions.sameSite and '; SameSite=' .. iHelpers.response.cookieOptions.sameSite or '')
 			.. '; Path=/;'
-			
+
 	end
 	-- ********************************************************************************
 	-- END Implement required helpers
 
 	local queueitToken = request_rec:parseargs()["queueittoken"]
 	local fullUrl = iHelpers.request.getAbsoluteUri()
-	local currentUrlWithoutQueueitToken = fullUrl:gsub("([\\%?%&])(" .. knownUser.QUEUEIT_TOKEN_KEY .. "=[^&]*)", "")	
+	local currentUrlWithoutQueueitToken = fullUrl:gsub("([\\%?%&])(" .. knownUser.QUEUEIT_TOKEN_KEY .. "=[^&]*)", "")
 
-	local validationResult = nil
+	local validationResult
 	if (isIntegrationConfig) then
 		validationResult = knownUser.validateRequestByIntegrationConfig(currentUrlWithoutQueueitToken, queueitToken, config, customerId, secretKey)
 	else
 	    validationResult = knownUser.resolveQueueRequestByLocalConfig(currentUrlWithoutQueueitToken, queueitToken, config, customerId, secretKey)
 	end
-		
+
 	if (validationResult:doRedirect()) then
 		--Adding no cache headers to prevent browsers to cache requests
 	    request_rec.err_headers_out["Cache-Control"] = "no-cache, no-store, must-revalidate, max-age=0"
 	    request_rec.err_headers_out["Pragma"] = "no-cache"
 	    request_rec.err_headers_out["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
 	    --end
-		
+
 		if (validationResult.isAjaxResult) then
 			request_rec.err_headers_out[validationResult.getAjaxQueueRedirectHeaderKey()] = validationResult:getAjaxRedirectUrl()
-		else					
+		else
 			request_rec.err_headers_out["Location"] = validationResult.redirectUrl
 			return apache2.HTTP_MOVED_TEMPORARILY
 		end
@@ -153,7 +152,7 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 			return apache2.HTTP_MOVED_TEMPORARILY
 		end
 	end
-	
+
 	return apache2.DECLINED
 end