Feature request: List (set) membership method
Hi.
I'd like to suggest a feature in vmod-frozen, where you in VCL can check if a string (currently only strings) is in a JSON list.
Use case: Consider a JWT body with a list of allowed sections for the logged-in user. An article/URL has a single section, and that should be checked against the list in JWT before allowing access.
Example JWT body: {"subscriptions": ["foreign_affairs", "sports", "local_news"] }
Crude workaround is to extract the list as a string, but the escaping needed in VCL (using {"" ""} and so on) makes it quite tiresome to work with. There is also the case of missing dynamic regular expressions.
VCL-like it could look like: (work in progress)
sub vcl_init {
new jwt_body = frozen.parser();
jwt_body.expect(".subscriptions", type=LIST);
}
sub vcl_response {
if (!jwt_body.in(resp.http.x-section, ".subscriptions",))
return(synth(403, "Section not permitted"));
}
}
There may be better ways in VCL, or there may be use cases for other data types and/or recursive membership checks that I haven't considered. I don't think a full JSON query language should be a goal here, just enough for some simple tricks.
(possible simplest hack: add sep=","
and quotechar=""
to extract(), so that one can extract "foreign_affairs,sports,local_news", and then do a (dynamic) regex match for ,sports,
in it.)