fix cleanup calls

2025-08-13 13:25:59 +03:00 · 2025-07-05 22:55:25 +03:00 · 2025-07-05 22:55:25 +03:00 · ba216839e6
commit ba216839e6
parent cd5123f32c
2 changed files with 30 additions and 12 deletions
--- a/attachments/kong/handler.lua
+++ b/attachments/kong/handler.lua
@ -47,9 +47,10 @@ function NanoHandler.access(conf)
    local verdict, response = nano.send_data(session_id, session_data, meta_data, req_headers, contains_body, nano.HttpChunkType.HTTP_REQUEST_FILTER)
    if verdict == nano.AttachmentVerdict.DROP then
        nano.fini_session(session_data)
-        nano.cleanup_all()
        kong.ctx.plugin.blocked = true
-        return nano.handle_custom_response(session_data, response)
+        local result = nano.handle_custom_response(session_data, response)
+        nano.cleanup_all()
+        return result
    end

    if contains_body == 1 then
@ -58,9 +59,10 @@ function NanoHandler.access(conf)
            verdict, response = nano.send_body(session_id, session_data, body, nano.HttpChunkType.HTTP_REQUEST_BODY)
            if verdict == nano.AttachmentVerdict.DROP then
                nano.fini_session(session_data)
-                nano.cleanup_all()
                kong.ctx.plugin.blocked = true
-                return nano.handle_custom_response(session_data, response)
+                local result = nano.handle_custom_response(session_data, response)
+                nano.cleanup_all()
+                return result
            end
        else
            -- Body might be buffered to file, try to read it using nginx variables
@ -99,9 +101,10 @@ function NanoHandler.access(conf)
                            if verdict == nano.AttachmentVerdict.DROP then
                                file:close()
                                nano.fini_session(session_data)
-                                nano.cleanup_all()
                                kong.ctx.plugin.blocked = true
-                                return nano.handle_custom_response(session_data, response)
+                                local result = nano.handle_custom_response(session_data, response)
+                                nano.cleanup_all()
+                                return result
                            end
                        end

@ -137,9 +140,10 @@ function NanoHandler.access(conf)
        verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_REQUEST_END)
        if verdict == nano.AttachmentVerdict.DROP then
            nano.fini_session(session_data)
-            nano.cleanup_all()
            kong.ctx.plugin.blocked = true
-            return nano.handle_custom_response(session_data, response)
+            local result = nano.handle_custom_response(session_data, response)
+            nano.cleanup_all()
+            return result
        end
    end

@ -208,10 +212,11 @@ function NanoHandler.body_filter(conf)

        if verdict == nano.AttachmentVerdict.DROP then
            nano.fini_session(session_data)
+            ctx.session_finalized = true
+            local result = nano.handle_custom_response(session_data, response)
            -- Clean up allocated memory
            nano.cleanup_all()
-            ctx.session_finalized = true
-            return nano.handle_custom_response(session_data, response)
+            return result
        end
        return
    end
@ -220,10 +225,11 @@ function NanoHandler.body_filter(conf)
        local verdict, response = nano.end_inspection(session_id, session_data, nano.HttpChunkType.HTTP_RESPONSE_END)
        if verdict == nano.AttachmentVerdict.DROP then
            nano.fini_session(session_data)
+            ctx.session_finalized = true
+            local result = nano.handle_custom_response(session_data, response)
            -- Clean up allocated memory
            nano.cleanup_all()
-            ctx.session_finalized = true
-            return nano.handle_custom_response(session_data, response)
+            return result
        end

        nano.fini_session(session_data)
--- a/attachments/kong/nano_ffi.lua
+++ b/attachments/kong/nano_ffi.lua
@ -96,6 +96,12 @@ function nano.handle_custom_response(session_data, response)

    if response_type == nano.WebResponseType.RESPONSE_CODE_ONLY then
        local code = nano_attachment.get_response_code(response)
+        -- Validate HTTP status code
+        if not code or code < 100 or code > 599 then
+            kong.log.warn("Invalid response code received: ", code, " - using 403 instead")
+            code = 403
+        end
+        kong.log.debug("Response code only: ", code)
        return kong.response.exit(code, "")
    end

@ -110,6 +116,12 @@ function nano.handle_custom_response(session_data, response)
        return kong.response.exit(500, { message = "Internal Server Error" })
    end
    local code = nano_attachment.get_response_code(response) -- Get the intended status code
+    -- Validate HTTP status code
+    if not code or code < 100 or code > 599 then
+        kong.log.warn("Invalid response code received: ", code, " - using 403 instead")
+        code = 403
+    end
+    kong.log.debug("Block page response with code: ", code)
    return kong.response.exit(code, block_page, { ["Content-Type"] = "text/html" })

 end