1/15/2021 Examples

Learn how to embed security in your DevOps pipeline.

Download the Free Ebook on Web Application Security.

Examples
Hello World
english
URL Decoding
русский
URL Encoding
Internal Redirect
news
Returning Fastest Response from Proxy
about
Creating HS JWT
download
Accessing API from a Subrequest
security
Creating secure_link Hash
documentation
Logging the Number of Requests Per Client
faq
Subrequests Chaining
books
The examples work since 0.4.0. support

Hello World trac

twitter
nginx.conf: blog

events {} unit
njs
http {
js_import http.js;

server {
listen 8000;

location / {
js_content http.hello;
}
}
}

http.js:

function hello(r) {
r.return(200, "Hello world!");
}

export default {hello};

URL Decoding

nginx.conf:

https://nginx.org/en/docs/njs/examples.html#redirect 1/7
1/15/2021 Examples

js_import http.js;

js_set $decoded_foo http.decoded_foo;

http.js:

function decoded_foo(r) {
return decodeURIComponent(r.args.foo);
}

export default {decoded_foo};

URL Encoding

nginx.conf:

js_import http.js;

js_set $encoded_foo http.encoded_foo;

...

location / {
proxy_pass http://example.com?foo=$encoded_foo;
}

http.js:

function encoded_foo(r) {
return encodeURIComponent('foo & bar?');
}

export default {encoded_foo};

Internal Redirect

nginx.conf:

js_import http.js;

location /redirect {
js_content http.redirect;
}

location @named {
return 200 named;
}

http.js:

function redirect(r) {
r.internalRedirect('@named');

https://nginx.org/en/docs/njs/examples.html#redirect 2/7
1/15/2021 Examples
}

export default {redirect};

Returning Fastest Response from Proxy

nginx.conf:

js_import http.js;

location /start {
js_content http.content;
}

location /foo {
proxy_pass http://backend1;
}

location /bar {
proxy_pass http://backend2;
}

http.js:

function content(r) {
var n = 0;

function done(res) {
if (n++ == 0) {
r.return(res.status, res.responseBody);
}
}

r.subrequest('/foo', r.variables.args, done);

r.subrequest('/bar', r.variables.args, done);
}

export default {content};

Creating HS JWT

nginx.conf:

js_import http.js;

js_set $jwt http.jwt;

http.js:

function generate_hs256_jwt(claims, key, valid) {

var header = { typ: "JWT", alg: "HS256" };
var claims = Object.assign(claims, {exp: Math.floor(Date.now()/1000) + valid});

https://nginx.org/en/docs/njs/examples.html#redirect 3/7
1/15/2021 Examples
var s = [header, claims].map(JSON.stringify)
.map(v=>v.toUTF8())
.map(v=>v.toString('base64url'))
.join('.');

var h = require('crypto').createHmac('sha256', key);

return s + '.' + h.update(s).digest().toString('base64url');

}

function jwt(r) {
var claims = {
iss: "nginx",
sub: "alice",
foo: 123,
bar: "qq",
zyx: false
};

return generate_hs256_jwt(claims, 'foo', 600);

}

export default {jwt};

Accessing API from a Subrequest

nginx.conf:

js_import http.js;

keyval_zone zone=foo:10m;
...

location /keyval {
js_content http.set_keyval;
}

location /version {
js_content http.version;
}

location /api {
api write=on;
}

http.js:

function set_keyval(r) {
r.subrequest('/api/5/http/keyvals/foo',
{ method: 'POST',
body: JSON.stringify({ foo: 789, bar: "ss dd 00" })},

function(res) {
if (res.status >= 300) {
r.return(res.status, res.responseBody);
return;
}
https://nginx.org/en/docs/njs/examples.html#redirect 4/7
1/15/2021 Examples
r.return(500);
});
}

function version(r) {
r.subrequest('/api/5/nginx', { method: 'GET' }, function(res) {
if (res.status != 200) {
r.return(res.status);
return;
}

var json = JSON.parse(res.responseBody);

r.return(200, json.version);
});
}

export default {set_keyval, version};

Creating secure_link Hash

nginx.conf:

js_import http.js;

js_set $new_foo http.create_secure_link;

...

location / {
secure_link $cookie_foo;
secure_link_md5 "$uri mykey";
...
}

location @login {
add_header Set-Cookie "foo=$new_foo; Max-Age=60";
return 302 /;
}

http.js:

function create_secure_link(r) {
return require('crypto').createHash('md5')
.update(r.uri).update(" mykey")
.digest('base64url');
}

export default {create_secure_link};

Logging the Number of Requests Per Client

nginx.conf:

js_import http.js;

https://nginx.org/en/docs/njs/examples.html#redirect 5/7
1/15/2021 Examples
js_set $num_requests http.num_requests;

keyval_zone zone=foo:10m;

keyval $remote_addr $foo zone=foo;

log_format bar '$remote_addr [$time_local] $num_requests';

access_log logs/access.log bar;

server {
listen 8000;

location / {
root html;
}
}

http.js:

function num_requests(r)
{
var n = r.variables.foo;
n = n ? Number(n) + 1 : 1;
r.variables.foo = n;
return n;
}

export default {num_requests};

The keyval and keyval_zone directives are available as part of

our commercial subscription.

Subrequests Chaining

nginx.conf:

js_import http.js;

location /start {
js_content http.content;
}

location /auth {
proxy_pass http://auth_backend;
}

location /backend {
proxy_pass http://backend;
}

http.js:

function content(r) {
r.subrequest('/auth')
https://nginx.org/en/docs/njs/examples.html#redirect 6/7
1/15/2021 Examples
.then(reply => JSON.parse(reply.responseBody))
.then(response => {
if (!response['token']) {
throw new Error("token is not available");
}
return reply['token'];
})
.then(token => {
r.subrequest('/backend', `token=${token}`)
.then(reply => r.return(reply.status, reply.responseBody));
})
.catch(_ => r.return(500));
}

export default {content};

https://nginx.org/en/docs/njs/examples.html#redirect 7/7