Merge orig TeslaGov with jaken1986 fork

.bin/git/hooks-wrapper

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+# Runs all executable pre-commit-* hooks and exits after,
+# if any of them was not successful.
+#
+# Based on
+# https://github.com/ELLIOTTCABLE/Paws.js/blob/Master/Scripts/git-hooks/chain-hooks.sh
+# http://osdir.com/ml/git/2009-01/msg00308.html
+#
+# assumes your scripts are located at <repo-root>/bin/git/hooks
+
+exitcodes=()
+hookname=`basename $0`
+# our special hooks folder
+CUSTOM_HOOKS_DIR=$(git rev-parse --show-toplevel)/bin/git/hooks
+# find gits native hooks folder
+NATIVE_HOOKS_DIR=$(git rev-parse --show-toplevel)/.git/hooks
+
+# Run each hook, passing through STDIN and storing the exit code.
+# We don't want to bail at the first failure, as the user might
+# then bypass the hooks without knowing about additional issues.
+
+for hook in ${CUSTOM_HOOKS_DIR}/$(basename $0)-*; do
+    test -x "$hook" || continue
+
+    echo "Running custom hook '$hookname' ..."
+    out=`$hook "$@"`
+    exitcodes+=($?)
+    echo "$out"
+done
+
+# check if there was a local hook that was moved previously
+if [ -f "${NATIVE_HOOKS_DIR}/$hookname.local" ]; then
+    echo "Running native hook '$hookname' ..."
+    out=`${NATIVE_HOOKS_DIR}/$hookname.local "$@"`
+    exitcodes+=($?)
+    echo "$out"
+fi
+
+# If any exit code isn't 0, bail.
+for i in "${exitcodes[@]}"; do
+    [ "$i" == 0 ] || exit $i
+done

.bin/git/hooks/pre-push-build-and-test

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+REPO_ROOT_DIR=$(git rev-parse --show-toplevel)
+CHANGE_COUNT=$(cd ${REPO_ROOT_DIR}; git diff --name-only origin/HEAD..HEAD -- resources/ src/ test/ Dockerfile scripts.sh |wc -l)
+
+if [[ "0" -ne "${CHANGE_COUNT}" ]]; then
+	(cd ${REPO_ROOT_DIR}; ./scripts.sh rebuild_nginx rebuild_test test)
+else
+  HOOK_NAME=$(basename $0)
+
+	echo "Skipping hook '${HOOK_NAME}' -- no changes detected which would require tests to be run."
+fi

.bin/git/init-hooks

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# based on http://stackoverflow.com/a/3464399/1383268
+# assumes that the hooks-wrapper script is located at <repo-root>/bin/git/hooks-wrapper
+
+HOOK_NAMES="applypatch-msg pre-applypatch post-applypatch pre-commit prepare-commit-msg commit-msg post-commit pre-rebase post-checkout post-merge pre-receive update post-receive post-update pre-auto-gc pre-push"
+# find git's native hooks folder
+REPO_ROOT_DIR=$(git rev-parse --show-toplevel)
+HOOKS_DIR=$(git rev-parse --show-toplevel)/.git/hooks
+
+for hook in ${HOOK_NAMES}; do
+    # If the hook already exists, is a file, and is not a symlink
+    if [ ! -h ${HOOKS_DIR}/${hook} ] && [ -f ${HOOKS_DIR}/${hook} ]; then
+        mv ${HOOKS_DIR}/${hook} ${HOOKS_DIR}/${hook}.local
+    fi
+    # create the symlink, overwriting the file if it exists
+    # probably the only way this would happen is if you're using an old version of git
+    # -- back when the sample hooks were not executable, instead of being named ____.sample
+    ln -s -f ${REPO_ROOT_DIR}/bin/git/hooks-wrapper ${HOOKS_DIR}/${hook}
+done

.bin/init

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/git/init-hooks

.env

@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=jwt-nginx-test

.github/workflows/make-releases.yml

@@ -0,0 +1,182 @@
+name: Make Releases
+
+on:
+  workflow_dispatch:
+
+jobs:
+  meta:
+    name: Get Metadata
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{steps.meta.outputs.tag}}
+    steps:
+
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get Metadata
+        id: meta
+        run: |
+          set -eu
+          tag=$(git describe --tags --abbrev=0)
+
+          echo "tag=${tag}" >> $GITHUB_OUTPUT
+
+  build:
+    name: "NGINX: ${{ matrix.nginx-version }}; libjwt: ${{ matrix.libjwt-version }}"
+    needs: meta
+    strategy:
+      matrix:
+        nginx-version:
+          - 1.20.2 # legacy
+          - 1.22.1 # legacy
+          - 1.24.0 # legacy
+          - 1.26.2 # stable
+          - 1.26.3 # stable
+          - 1.27.3 # mainline
+          - 1.27.4 # mainline
+
+        libjwt-version:
+          - 1.12.0
+          - 1.14.0
+          - 1.15.3
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout Code
+      uses: actions/checkout@v4
+      with:
+        path: ngx-http-auth-jwt-module
+
+    - name: Get Metadata
+      id: meta
+      run: |
+        set -eu
+        artifact="ngx-http-auth-jwt-module-${{needs.meta.outputs.tag}}_libjwt-${{matrix.libjwt-version}}_nginx-${{matrix.nginx-version}}"
+
+        echo "artifact=${artifact}" >> $GITHUB_OUTPUT
+        echo "filename=${artifact}.tgz" >> $GITHUB_OUTPUT
+
+
+    # TODO cache the build result so we don't have to do this every time?
+    - name: Download jansson
+      uses: actions/checkout@v4
+      with:
+        repository: 'akheron/jansson'
+        ref: 'v2.14'
+        path: 'jansson'
+
+    - name: Build jansson
+      working-directory: ./jansson
+      run: |
+        set -e
+        cmake . -DJANSSON_BUILD_SHARED_LIBS=1 -DJANSSON_BUILD_DOCS=OFF
+        make
+        make check
+        sudo make install
+
+    # TODO cache the build result so we don't have to do this every time?
+    - name: Download libjwt
+      uses: actions/checkout@v4
+      with:
+        repository: 'benmcollins/libjwt'
+        ref: 'v${{matrix.libjwt-version}}'
+        path: 'libjwt'
+
+    - name: Build libjwt
+      working-directory: ./libjwt
+      run: |
+        set -e
+        autoreconf -i
+        ./configure
+        make all
+        sudo make install
+
+    - name: Download NGINX
+      run: | 
+        mkdir nginx
+        curl -O http://nginx.org/download/nginx-${{matrix.nginx-version}}.tar.gz
+        tar -xzf nginx-${{matrix.nginx-version}}.tar.gz --strip-components 1 -C nginx
+
+    - name: Configure NGINX
+      working-directory: ./nginx
+      run: |
+        BUILD_FLAGS=''
+        MAJ=$(echo ${{matrix.nginx-version}} | cut -f1 -d.)
+        MIN=$(echo ${{matrix.nginx-version}} | cut -f2 -d.)
+        REV=$(echo ${{matrix.nginx-version}} | cut -f3 -d.)
+
+        if [ "${MAJ}" -gt 1 ] || [ "${MAJ}" -eq 1 -a "${MIN}" -ge 23 ]; then
+          BUILD_FLAGS="${BUILD_FLAGS} --with-cc-opt='-DNGX_LINKED_LIST_COOKIES=1'"
+        fi
+
+        ./configure --with-compat --without-http_rewrite_module --add-dynamic-module=../ngx-http-auth-jwt-module ${BUILD_FLAGS}
+
+    - name: Make Modules
+      working-directory: ./nginx
+      run: make modules
+
+    - name: Create Release Archive
+      run: |
+        cp ./nginx/objs/ngx_http_auth_jwt_module.so ./
+        tar czf ${{steps.meta.outputs.filename}} ngx_http_auth_jwt_module.so
+
+    - name: Upload Build Artifact
+      uses: actions/upload-artifact@v4
+      with:
+        if-no-files-found: error
+        name: ${{steps.meta.outputs.artifact}}
+        path: ${{steps.meta.outputs.filename}}
+
+  release:
+    name: Create/Update Release
+    needs:
+      - meta
+      - build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+
+      - name: Set-up Variables
+        id: vars
+        run: |
+          echo "date_now=$(date --rfc-3339=seconds)" >> "${GITHUB_OUTPUT}"
+
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+
+      - name: Flatten Artifacts
+        run: |
+          set -eu
+
+          cd artifacts
+
+          for f in $(find . -type f); do
+            echo "Staging: ${f}"
+            mv "${f}" .
+          done
+
+          find . -type d -mindepth 1 -exec rm -rf "{}" +
+
+      - name: Create/Update Release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{needs.meta.outputs.tag}}
+          name: "Pre-release: ${{needs.meta.outputs.tag}}"
+          body: |
+            > [!WARNING]
+            > This is an automatically generated pre-release version of the module, which includes the latest master branch changes.
+            > Please report any bugs you find.
+
+            - Build Date: `${{ steps.vars.outputs.date_now }}`
+            - Commit: `${{ github.sha }}`
+          prerelease: true
+          allowUpdates: true
+          removeArtifacts: true
+          artifactErrorsFailBuild: true
+          artifacts: artifacts/*

.gitignore

@@ -0,0 +1,4 @@
+.idea
+.vscode
+bin
+release

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Tesla Government
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.