Closed bungle closed 11 years ago
@bungle Thank you for looking into this part. I have several comments:
@agentzh thank you for the answer. You may close this. I will start to look at implementing my own lua-resty-session, and lua-resty-password libraries (if I get them to work, I will put them on github). lua-resty-core looks nice. I have to agree that using Lua as much as possible, this project will proceed faster.
@bungle That'll be great! I really appreciate your efforts :) Also, using Lua can also be much faster than using the classic Lua C API when the Lua code is JIT compiled by LuaJIT ;)
@agentzh sorry for off-topic question, but I've checked out lua-resty-core and realized that It uses FFI calls for nginx internal functions, not for external libraries.
Is It a (still undocumented?) feature of LuaJIT 2.1 or I read docs poorly?
@eoranged LuaJIT FFI just looks for "external symbols" (or exported symbols), no matter the symbol is in an external DSO or not.
@agentzh Oh, thanks a lot!
You just saved me from writing tons of useless wrappers.
@eoranged I'm glad I did :)
@agentzh I'm glad too. That ffi-stuff really blows my mind. So beautiful, and elegant.
Hi,
I'm a little bit concerned using https://github.com/agentzh/encrypted-session-nginx-module. As I understand, that module is creating stateless (unsigned?) session cookies (the data is stored on a client). In alternative to that, it would be nice to have old-skool stateful session cookies in OpenResty as well, is this considered?
API:
ngx.session.start() ngx.session.set(key, value) ngx.session.get(key) ngx.session.destroy() ngx.session.regenerate()
Backend store could be Redis/memcached for the first implementation (expires supported) (cron-job + files maybe later).
The implementation should use:
Some pointers:
I think that this should be part of a modern web development stack. I know that this has been questioned before: https://github.com/chaoslawful/lua-nginx-module/issues/13 (in addition to that encrypted-session-nginx-module), but should this at least be reconsidered?
I would also like to see Password API:
ngx.password.hash(password, algorithm [, options]) ngx.password.check(password, hash) ngx.password.conflicts(hash, algorithm [, options])
Password hashing algorithms that could be used are scrypt, pbkdf2, and bcrypt. Even one of them is more than enought for the start.
Some pointers:
These could be implemented on client-lua libs, but I think that these use-cases are so common, yet so many times implemented wrongly that they could be part of lua_nginx_module.
I could look at some of these, but my C is very rusty, and I hesitate adding external dependies to lua-nginx-module.
What do you think? Is there room for disqussion, or should I (, and maybe others) go on and look to this problem from Lua library perspective?