release v.3.7

Examples/Apache/ApacheHandlerUsingConfigFromFile.lua

@@ -14,11 +14,6 @@
 --...   * QUEUEIT_INT_CONF_FILE: The local JSON file containing the integration configuration
 --      * QUEUEIT_ERROR_CODE: (optional) The response code to use instead of declining to act
 --                            if request handling fails
---      * QUEUEIT_COOKIE_OPTIONS_HTTPONLY: (optional) Set to "true" if you want cookies with httponly
---                            flag set. Only enable if this you use pure server-side integration
---                            e.g. not JS Hybrid.
---      * QUEUEIT_COOKIE_OPTIONS_SECURE: (optional) Set to "true" if you want cookies with secure
---                            flag set. Only enable if your website runs purely on https.
 --    Note that the integration configuration is read on every request. The JSON file containing
 --    The integration configuration should, for performance reasons, be available locally.
 --
@@ -29,6 +24,7 @@
 --      SetEnv  QUEUEIT_CUSTOMER_ID                 "{CUSTOMER_ID}"
 --      SetEnv  QUEUEIT_SECRET_KEY                  "{SECRET_KEY}"
 --      SetEnv  QUEUEIT_INT_CONF_FILE               "{APP_FOLDER}/integration_config.json"
+--      SetEnv  QUEUEIT_ERROR_CODE                  "400"
 --      LuaMapHandler  "{URI_PATTERN}"  "{APP_FOLDER}/Handlers/ApacheHandlerUsingConfigFromFile.lua"
 --      LuaPackagePath "{APP_FOLDER}/SDK/?.lua"
 --      LuaPackagePath "{APP_FOLDER}/Helpers/?/?.lua"
@@ -45,7 +41,7 @@ local DEBUG_TAG = "ApacheHandlerUsingConfigFromFile.lua"
 local kuHandler = require("KnownUserApacheHandler")
 local file = require("file")
 
-local function initRequiredHelpers(r, cookieOptions)
+local function initRequiredHelpers(r)
     local iHelpers = require("KnownUserImplementationHelpers")
 
     iHelpers.request.getAbsoluteUri = function()
@@ -56,8 +52,6 @@ local function initRequiredHelpers(r, cookieOptions)
         r:debug(string.format("[%s] Rebuilt request URL as: %s", DEBUG_TAG, fullUrl))
         return fullUrl
     end
-
-    iHelpers.response.cookieOptions = cookieOptions
 end
 
 function handle(r)
@@ -73,8 +67,6 @@ function handle(r)
         local secretKey = r.subprocess_env["QUEUEIT_SECRET_KEY"]
         local intConfFile = r.subprocess_env["QUEUEIT_INT_CONF_FILE"]
         local errorCode = r.subprocess_env["QUEUEIT_ERROR_CODE"]
-        local co_httpOnly = r.subprocess_env["QUEUEIT_COOKIE_OPTIONS_HTTPONLY"]
-        local co_secure = r.subprocess_env["QUEUEIT_COOKIE_OPTIONS_SECURE"]
 
         if customerId ~= nil then
             r:debug(string.format("[%s] Environment variable QUEUEIT_CUSTOMER_ID: %s", DEBUG_TAG, customerId))
@@ -88,12 +80,6 @@ function handle(r)
         if errorCode ~= nil then
             r:debug(string.format("[%s] Environment variable QUEUEIT_ERROR_CODE: %s", DEBUG_TAG, errorCode))
         end
-        if co_httpOnly ~= nil then
-            r:debug(string.format("[%s] Environment variable QUEUEIT_COOKIE_OPTIONS_HTTPONLY: %s", DEBUG_TAG, co_httpOnly))
-        end
-        if co_secure ~= nil then
-            r:debug(string.format("[%s] Environment variable QUEUEIT_COOKIE_OPTIONS_SECURE: %s", DEBUG_TAG, co_secure))
-        end
 
         assert(customerId ~= nil, "customerId invalid")
         assert(secretKey ~= nil, "secretKey invalid")
@@ -112,18 +98,8 @@ function handle(r)
         end
         r:debug(string.format("[%s] Value of variable errorCode: %s", DEBUG_TAG, errorCode))
 
-        -- configure cookie options
-        local cookieOptions =
-        {
-            httpOnly = false,
-            secure = false
-        }
-
-        if (co_httpOnly ~= nil and co_httpOnly == 'true') then cookieOptions.httpOnly = true end
-        if (co_secure ~= nil and co_secure == 'true') then cookieOptions.secure = true end
-
         -- initialize helper functions
-        initRequiredHelpers(r, cookieOptions)
+        initRequiredHelpers(r)
 
         -- read integration configuration from file
         local intConfJson = file.readAll(intConfFile)

Handlers/KnownUserApacheHandler.lua

@@ -103,7 +103,7 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 	-- Implementation is not using built in r:setcookie method
 	-- because we want to support Apache version < 2.4.12
 	-- where there is bug in that specific method
-	iHelpers.response.setCookie = function(name, value, expire, domain)
+	iHelpers.response.setCookie = function(name, value, expire, domain, isHttpOnly, isSecure)
 		-- lua_mod only supports 1 Set-Cookie header (because 'err_headers_out' is a table).
 		-- So calling this method (setCookie) multiple times will not work as expected.
 		-- In this case final call will apply.
@@ -126,8 +126,8 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 		request_rec.err_headers_out["Set-Cookie"] = name .. '=' .. value
 			.. expire_text
 			.. (domain ~= "" and '; Domain=' .. domain or '')
-			.. (iHelpers.response.cookieOptions.httpOnly and '; HttpOnly' or '')
-			.. (iHelpers.response.cookieOptions.secure and '; Secure' or '')
+			.. (isHttpOnly and '; HttpOnly' or '')
+			.. (isSecure and '; Secure' or '')
 			.. '; Path=/;'
 
 	end
@@ -153,7 +153,9 @@ local function handle(customerId, secretKey, config, isIntegrationConfig, reques
 		-- end
 
 		if (validationResult.isAjaxResult) then
-			request_rec.err_headers_out[validationResult.getAjaxQueueRedirectHeaderKey()] = validationResult:getAjaxRedirectUrl()
+			local headerName = validationResult.getAjaxQueueRedirectHeaderKey()
+			request_rec.err_headers_out[headerName] = validationResult:getAjaxRedirectUrl()
+			request_rec.err_headers_out['Access-Control-Expose-Headers'] = headerName
 		else
 			request_rec.err_headers_out["Location"] = validationResult.redirectUrl
 			return apache2.HTTP_MOVED_TEMPORARILY

Handlers/KnownUserNginxHandler.lua

@@ -39,7 +39,7 @@ iHelpers.request.getUserHostAddress = function()
 	return ngx.var.remote_addr
 end
 
-iHelpers.response.setCookie = function(name, value, expire, domain)
+iHelpers.response.setCookie = function(name, value, expire, domain, isHttpOnly, isSecure)
 	-- lua_mod only supports 1 Set-Cookie header (because 'header' is a table).
 	-- So calling this method (setCookie) multiple times will not work as expected.
 	-- In this case final call will apply.
@@ -62,8 +62,8 @@ iHelpers.response.setCookie = function(name, value, expire, domain)
 	ngx.header["Set-Cookie"] = name .. '=' .. value
 		.. expire_text
 		.. (domain ~= "" and '; Domain=' .. domain or '')
-		.. (iHelpers.response.cookieOptions.httpOnly and '; HttpOnly' or '')
-		.. (iHelpers.response.cookieOptions.secure and '; Secure' or '')
+		.. (isHttpOnly and '; HttpOnly' or '')
+		.. (isSecure and '; Secure' or '')
 		.. '; Path=/;'
 end
 
@@ -73,24 +73,6 @@ end
 
 local aHandler = {}
 
-aHandler.setOptions = function(options)
-	if (options == nil) then
-		error('invalid options')
-	end
-
-	if (options.secure) then
-		iHelpers.response.cookieOptions.secure = true
-	else
-		iHelpers.response.cookieOptions.secure = false
-	end
-
-	if (options.httpOnly) then
-		iHelpers.response.cookieOptions.httpOnly = true
-	else
-		iHelpers.response.cookieOptions.httpOnly = false
-	end	
-end
-
 aHandler.handleByIntegrationConfig = function(customerId, secretKey, integrationConfigJson)
 	local queueitToken = ''
 	if (ngx.var.arg_queueittoken ~= nil) then
@@ -111,7 +93,9 @@ aHandler.handleByIntegrationConfig = function(customerId, secretKey, integration
 		-- end
 
 		if (validationResult.isAjaxResult) then
-			ngx.header[validationResult.getAjaxQueueRedirectHeaderKey()] = validationResult:getAjaxRedirectUrl()
+			local headerName = validationResult.getAjaxQueueRedirectHeaderKey()
+			ngx.header[headerName] = validationResult:getAjaxRedirectUrl()
+			ngx.header['Access-Control-Expose-Headers'] = headerName
 		else
 			ngx.redirect(validationResult.redirectUrl)
 			ngx.exit(ngx.HTTP_MOVED_TEMPORARILY)

SDK/KnownUser.lua

@@ -37,7 +37,7 @@ local function setDebugCookie(debugEntries)
 		cookieValue = cookieValue .. (key .. "=" .. value .. "|")
 	end
 	cookieValue = cookieValue:sub(0, cookieValue:len()-1) -- remove trailing |
-	iHelpers.response.setCookie(QUEUEIT_DEBUG_KEY, cookieValue, 0, nil)
+	iHelpers.response.setCookie(QUEUEIT_DEBUG_KEY, cookieValue, 0, nil, false, false)
 end
 
 local function generateTargetUrl(originalTargetUrl)
@@ -124,7 +124,8 @@ local function cancelRequestByLocalConfig(
 end
 -- END Private functions
 
-ku.extendQueueCookie = function(eventId, cookieValidityMinute, cookieDomain, secretKey)
+ku.extendQueueCookie = function(
+	eventId, cookieValidityMinute, cookieDomain, isCookieHttpOnly, isCookieSecure, secretKey)
 	assert(utils.toString(eventId) ~= "", "eventId can not be nil or empty.")
 	assert(utils.toString(secretKey) ~= "", "secretKey can not be nil or empty.")
 
@@ -133,7 +134,8 @@ ku.extendQueueCookie = function(eventId, cookieValidityMinute, cookieDomain, sec
 		error("cookieValidityMinute should be a number greater than 0.")
 	end
 
-	userInQueueService.extendQueueCookie(eventId, cookieValidityMinute, cookieDomain, secretKey)
+	userInQueueService.extendQueueCookie(
+		eventId, cookieValidityMinute, cookieDomain, isCookieHttpOnly, isCookieSecure, secretKey)
 end
 
 ku.cancelRequestByLocalConfig = function(targetUrl, queueitToken, cancelConfig, customerId, secretKey)
@@ -165,19 +167,27 @@ ku.validateRequestByIntegrationConfig = function(
 	currentUrlWithoutQueueITToken, queueitToken, integrationConfigJson, customerId, secretKey)
 	-- Private functions
 	local function handleQueueAction(
-		_currentUrlWithoutQueueITToken, _queueitToken, _customerIntegration,
-		_customerId, _secretKey, _matchedConfig, _debugEntries, _isDebug)
+		_currentUrlWithoutQueueITToken,
+		_queueitToken,
+		_customerIntegration,
+		_customerId,
+		_secretKey,
+		_matchedConfig,
+		_debugEntries,
+		_isDebug)
 
 		local eventConfig = models.QueueEventConfig.create()
 		local targetUrl
 		eventConfig.eventId = _matchedConfig["EventId"]
+		eventConfig.version = _customerIntegration["Version"]
 		eventConfig.queueDomain = _matchedConfig["QueueDomain"]
-		eventConfig.layoutName = _matchedConfig["LayoutName"]
-		eventConfig.culture = _matchedConfig["Culture"]
 		eventConfig.cookieDomain = _matchedConfig["CookieDomain"]
+		eventConfig.isCookieHttpOnly = _matchedConfig["IsCookieHttpOnly"] or false
+		eventConfig.isCookieSecure = _matchedConfig["IsCookieSecure"] or false
 		eventConfig.extendCookieValidity = _matchedConfig["ExtendCookieValidity"]
 		eventConfig.cookieValidityMinute = _matchedConfig["CookieValidityMinute"]
-		eventConfig.version = _customerIntegration["Version"]
+		eventConfig.layoutName = _matchedConfig["LayoutName"]
+		eventConfig.culture = _matchedConfig["Culture"]
 		eventConfig.actionName = _matchedConfig["Name"]
 
 		if (_matchedConfig["RedirectLogic"] == "ForcedTargetUrl"
@@ -201,9 +211,11 @@ ku.validateRequestByIntegrationConfig = function(
 
 		local cancelEventConfig = models.CancelEventConfig.create()
 		cancelEventConfig.eventId = _matchedConfig["EventId"]
+		cancelEventConfig.version = _customerIntegration["Version"]
 		cancelEventConfig.queueDomain = _matchedConfig["QueueDomain"]
 		cancelEventConfig.cookieDomain = _matchedConfig["CookieDomain"]
-		cancelEventConfig.version = _customerIntegration["Version"]
+		cancelEventConfig.isCookieHttpOnly = _matchedConfig["IsCookieHttpOnly"] or false
+		cancelEventConfig.isCookieSecure = _matchedConfig["IsCookieSecure"] or false
 		cancelEventConfig.actionName = _matchedConfig["Name"]
 
 		return cancelRequestByLocalConfig(

SDK/KnownUserImplementationHelpers.lua

@@ -35,20 +35,14 @@ local iHelpers =
 	{
 		cookieOptions =
 		{
-			-- true if response cookies should have httponly flag set
-			-- only enable if you use pure server-side integration e.g. not JS Hybrid
-			httpOnly = false,
-			-- true if response cookies should have secure flag set
-			-- only enable if your website runs on https
-			secure = false,
 			-- set to any string value (none, strict, lax) if response cookies should have samesite flag set
 			-- only use 'strict' if your queue protected site stays on same domain (no navigation to subdomains)
 			sameSite = nil
 		},
-		-- arguments: name, value, expire, domain
+		-- arguments: name, value, expire, domain, isHttpOnly, isSecure
 		-- returns: void
-		setCookie = function(_, _, _, _)
-			error("Not implemented : response.setCookie(name, value, expire, domain)")
+		setCookie = function(_, _, _, _, _, _)
+			error("Not implemented : response.setCookie(name, value, expire, domain, isHttpOnly, isSecure)")
 		end
 	},
 	hash =

SDK/Models.lua

@@ -11,6 +11,8 @@ local models = {
 				extendCookieValidity = nil,
 				cookieValidityMinute = nil,
 				cookieDomain = nil,
+				isCookieHttpOnly = nil,
+				isCookieSecure = nil,
 				version = nil,
 				actionName = "unspecified",
 				getString = function(self)
@@ -19,6 +21,8 @@ local models = {
 						"&Version:" .. utils.toString(self.version) ..
 						"&QueueDomain:" .. utils.toString(self.queueDomain) ..
 						"&CookieDomain:" .. utils.toString(self.cookieDomain) ..
+						"&IsCookieHttpOnly:" .. utils.toString(self.isCookieHttpOnly) ..
+						"&IsCookieSecure:" .. utils.toString(self.isCookieSecure) ..
 						"&ExtendCookieValidity:" .. utils.toString(self.extendCookieValidity) ..
 						"&CookieValidityMinute:" .. utils.toString(self.cookieValidityMinute) ..
 						"&LayoutName:" .. utils.toString(self.layoutName) ..
@@ -36,6 +40,8 @@ local models = {
 				eventId = nil,
 				queueDomain = nil,
 				cookieDomain = nil,
+				isCookieHttpOnly = nil,
+				isCookieSecure = nil,
 				version = nil,
 				actionName = "unspecified",
 				getString = function(self)
@@ -44,6 +50,8 @@ local models = {
 						"&Version:" .. utils.toString(self.version) ..
 						"&QueueDomain:" .. utils.toString(self.queueDomain) ..
 						"&CookieDomain:" .. utils.toString(self.cookieDomain) ..
+						"&IsCookieHttpOnly:" .. utils.toString(self.isCookieHttpOnly) ..
+						"&IsCookieSecure:" .. utils.toString(self.isCookieSecure) ..
 						"&ActionName:" .. utils.toString(self.actionName)
 				end
 			}