From 5a008467df8eca7ae6e0a4a92b7eb79b9d073298 Mon Sep 17 00:00:00 2001 From: Morten Minde Neergaard <169057+xim@users.noreply.github.com> Date: Fri, 25 Apr 2025 16:25:06 +0200 Subject: [PATCH] Add client_body_temp_access config Adds ability to set file permissions for uploads when using client_body_temp_path Fixes #656 --- contrib/vim/syntax/nginx.vim | 1 + src/http/ngx_http_core_module.c | 10 ++++++++++ src/http/ngx_http_core_module.h | 1 + src/http/ngx_http_request_body.c | 1 + 4 files changed, 13 insertions(+) diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim index 29eef7a23..10ca78a7d 100644 --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -153,6 +153,7 @@ syn keyword ngxDirective contained chunked_transfer_encoding syn keyword ngxDirective contained client_body_buffer_size syn keyword ngxDirective contained client_body_in_file_only syn keyword ngxDirective contained client_body_in_single_buffer +syn keyword ngxDirective contained client_body_temp_access syn keyword ngxDirective contained client_body_temp_path syn keyword ngxDirective contained client_body_timeout syn keyword ngxDirective contained client_header_buffer_size diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index 92c3eae8a..cb071aa1e 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -373,6 +373,13 @@ static ngx_command_t ngx_http_core_commands[] = { offsetof(ngx_http_core_loc_conf_t, client_body_temp_path), NULL }, + { ngx_string("client_body_temp_access"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE123, + ngx_conf_set_access_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_core_loc_conf_t, client_body_temp_access), + NULL }, + { ngx_string("client_body_in_file_only"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_enum_slot, @@ -3590,6 +3597,7 @@ ngx_http_core_create_loc_conf(ngx_conf_t *cf) clcf->client_max_body_size = NGX_CONF_UNSET; clcf->client_body_buffer_size = NGX_CONF_UNSET_SIZE; clcf->client_body_timeout = NGX_CONF_UNSET_MSEC; + clcf->client_body_temp_access = NGX_CONF_UNSET_UINT; clcf->satisfy = NGX_CONF_UNSET_UINT; clcf->auth_delay = NGX_CONF_UNSET_MSEC; clcf->if_modified_since = NGX_CONF_UNSET_UINT; @@ -3821,6 +3829,8 @@ ngx_http_core_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) NGX_HTTP_REQUEST_BODY_FILE_OFF); ngx_conf_merge_value(conf->client_body_in_single_buffer, prev->client_body_in_single_buffer, 0); + ngx_conf_merge_uint_value(conf->client_body_temp_access, + prev->client_body_temp_access, 0); ngx_conf_merge_value(conf->internal, prev->internal, 0); ngx_conf_merge_value(conf->sendfile, prev->sendfile, 0); ngx_conf_merge_size_value(conf->sendfile_max_chunk, diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h index e7e266bf8..040873cdd 100644 --- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -433,6 +433,7 @@ struct ngx_http_core_loc_conf_s { ngx_array_t *error_pages; /* error_page */ ngx_path_t *client_body_temp_path; /* client_body_temp_path */ + ngx_uint_t client_body_temp_access; /* client_body_temp_file_access */ ngx_open_file_cache_t *open_file_cache; time_t open_file_cache_valid; diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c index 93c69220c..bf5ef8b79 100644 --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -569,6 +569,7 @@ ngx_http_write_request_body(ngx_http_request_t *r) tf->file.fd = NGX_INVALID_FILE; tf->file.log = r->connection->log; tf->path = clcf->client_body_temp_path; + tf->access = clcf->client_body_temp_access; tf->pool = r->pool; tf->warn = "a client request body is buffered to a temporary file"; tf->log_level = r->request_body_file_log_level;