default.conf

error_log logs/error.log info;

server {

    server_name localhost;
    listen 8080;
    charset utf-8;
    charset_types application/json;
    default_type application/json;

    location / {

        resolver 127.0.0.11;

        access_by_lua_block {
            local cjson = require "cjson"
            local gotipathPolicy = ngx.var.cookie_gotipath_policy
            local gotipathSignature = ngx.var.cookie_gotipath_signature

            local b64 = require("ngx.base64")
            local res, err

            res, err = b64.decode_base64url(gotipathPolicy)
            if not res then
            ngx.log(ngx.ERR, err)
            end


            local str = require('resty.string')
            local sha256 = require('resty.sha256')
            -- dynamic call from tm portal
            local secret = "npkj0qkaczlkapq5uuzr2yh1cftut4zdz8o6ifb0dff4xq4vh0comb82tdt506fh"
            -- TODO expire times checking

            local hasher = sha256:new()
            local msg = secret .. gotipathPolicy
            hasher:update(msg)

            local hmac_str = str.to_hex(hasher:final())

            local signature = '0'..hmac_str:sub(0,20)

            if gotipathSignature ~= signature then
            ngx.status = 401
            ngx.header.content_type = 'application/json'
            ngx.print('{"error":"not authorized"}')
            ngx.exit(401)
            end
        }
        ## Upstram pulling from tm portal
        proxy_pass https://console.gotipath.com;

    }
}