local balancer_resty = require("balancer.resty") local ck = require("resty.cookie") local ngx_balancer = require("ngx.balancer") local split = require("util.split") local same_site = require("util.same_site") local ngx = ngx local pairs = pairs local ipairs = ipairs local string = string local tonumber = tonumber local setmetatable = setmetatable local _M = balancer_resty:new() local DEFAULT_COOKIE_NAME = "route" function _M.cookie_name(self) return self.cookie_session_affinity.name or DEFAULT_COOKIE_NAME end function _M.new(self) local o = { alternative_backends = nil, cookie_session_affinity = nil, traffic_shaping_policy = nil } setmetatable(o, self) self.__index = self return o end function _M.get_cookie(self) local cookie, err = ck:new() if not cookie then ngx.log(ngx.ERR, err) end return cookie:get(self:cookie_name()) end function _M.set_cookie(self, value) local cookie, err = ck:new() if not cookie then ngx.log(ngx.ERR, err) end local cookie_path = self.cookie_session_affinity.path if not cookie_path then cookie_path = ngx.var.location_path end local cookie_samesite = self.cookie_session_affinity.samesite if cookie_samesite then local cookie_conditional_samesite_none = self.cookie_session_affinity.conditional_samesite_none if cookie_conditional_samesite_none and cookie_samesite == "None" and not same_site.same_site_none_compatible(ngx.var.http_user_agent) then cookie_samesite = nil end end local cookie_data = { key = self:cookie_name(), value = value, path = cookie_path, httponly = true, samesite = cookie_samesite, secure = ngx.var.https == "on", } if self.cookie_session_affinity.expires and self.cookie_session_affinity.expires ~= "" then cookie_data.expires = ngx.cookie_time(ngx.time() + tonumber(self.cookie_session_affinity.expires)) end if self.cookie_session_affinity.maxage and self.cookie_session_affinity.maxage ~= "" then cookie_data.max_age = tonumber(self.cookie_session_affinity.maxage) end local ok ok, err = cookie:set(cookie_data) if not ok then ngx.log(ngx.ERR, err) end end function _M.get_last_failure() return ngx_balancer.get_last_failure() end local function get_failed_upstreams() local indexed_upstream_addrs = {} local upstream_addrs = split.split_upstream_var(ngx.var.upstream_addr) or {} for _, addr in ipairs(upstream_addrs) do indexed_upstream_addrs[addr] = true end return indexed_upstream_addrs end local function should_set_cookie(self) local host = ngx.var.host if ngx.var.server_name == '_' then host = ngx.var.server_name end if self.cookie_session_affinity.locations then local locs = self.cookie_session_affinity.locations[host] if locs == nil then -- Based off of wildcard hostname in ../certificate.lua local wildcard_host, _, err = ngx.re.sub(host, "^[^\\.]+\\.", "*.", "jo") if err then ngx.log(ngx.ERR, "error: ", err); elseif wildcard_host then locs = self.cookie_session_affinity.locations[wildcard_host] end end if locs ~= nil then for _, path in pairs(locs) do if ngx.var.location_path == path then return true end end end end return false end function _M.balance(self) local upstream_from_cookie local key = self:get_cookie() if key then upstream_from_cookie = self.instance:find(key) end local last_failure = self.get_last_failure() local should_pick_new_upstream = last_failure ~= nil and self.cookie_session_affinity.change_on_failure or upstream_from_cookie == nil if not should_pick_new_upstream then return upstream_from_cookie end local new_upstream new_upstream, key = self:pick_new_upstream(get_failed_upstreams()) if not new_upstream then ngx.log(ngx.WARN, string.format("failed to get new upstream; using upstream %s", new_upstream)) elseif should_set_cookie(self) then self:set_cookie(key) end return new_upstream end function _M.sync(self, backend) -- reload balancer nodes balancer_resty.sync(self, backend) self.traffic_shaping_policy = backend.trafficShapingPolicy self.alternative_backends = backend.alternativeBackends self.cookie_session_affinity = backend.sessionAffinityConfig.cookieSessionAffinity end return _M