Tests: Build njs with QuickJS support.

Author: route443

.github/workflows/ci-functional-perl.yml

@@ -6,17 +6,64 @@ on:
   workflow_dispatch:
 
 jobs:
+  build-njs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx
+          ref: release-1.27.4
+          path: nginx
+      - uses: actions/checkout@v4
+        with:
+          repository: bellard/quickjs
+          path: quickjs
+      - uses: actions/checkout@v4
+        with:
+          repository: xeioex/njs
+          ref: release-0.8.10
+          path: njs
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential \
+                                 libpcre3-dev zlib1g-dev libssl-dev \
+                                 libxml2-dev libxslt-dev
+
+      - name: Build QuickJS
+        working-directory: quickjs
+        run: |
+          CFLAGS='-fPIC' make libquickjs.a
+
+      - name: Build NJS module
+        working-directory: nginx
+        run: |
+          ./auto/configure \
+            --add-dynamic-module=../njs/nginx \
+            --with-cc-opt="-I../quickjs" \
+            --with-ld-opt="-L../quickjs" \
+            --with-compat
+          make -j$(nproc) modules
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: njs-build
+          path: nginx/objs/ngx_http_js_module.so
+
   test-njs-saml:
     runs-on: ubuntu-latest
+    needs: build-njs
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install prerequisites
         run: |
           sudo apt-get update
           sudo apt-get install -y apt-transport-https lsb-release apt-utils ubuntu-keyring gnupg2 \
-          ca-certificates wget mercurial
+          ca-certificates wget
 
       - name: Prepare keys and certificates
         run: |
@@ -58,9 +105,18 @@ jobs:
         run: |
           git clone https://github.com/nginx/nginx-tests.git
 
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: njs-build
+          path: ${{ runner.temp }}
+
       - name: Run tests
         working-directory: t
         run: |
-          PERL5LIB=../nginx-tests/lib TEST_NGINX_BINARY=/usr/sbin/nginx TEST_NGINX_VERBOSE=1 \
-          TEST_NGINX_GLOBALS="load_module /etc/nginx/modules/ngx_http_js_module-debug.so; mgmt {license_token $RUNNER_TEMP/lic;}" \
+          PERL5LIB=../nginx-tests/lib \
+          TEST_NGINX_BINARY=/usr/sbin/nginx \
+          TEST_NGINX_VERBOSE=1 \
+          TEST_NGINX_GLOBALS="load_module $RUNNER_TEMP/ngx_http_js_module.so; mgmt {license_token $RUNNER_TEMP/lic;}" \
+          TEST_NGINX_GLOBALS_HTTP="js_engine qjs;" \
           prove -v .

saml_sp.js

@@ -1,21 +1,13 @@
 /*
  * JavaScript functions for providing SAML SP with NGINX Plus
  * 
- * Copyright (C) 2023 Nginx, Inc.
+ * Copyright (C) 2025 Nginx, Inc.
  */
 
-export default {
-    handleSingleSignOn,     // Process SAML Response form IdP
-    handleSingleLogout,     // Process SAML LogoutRequest and LogoutResponse from IdP
-    handleAllMessages,      // Process all SAML messages from IdP
-    initiateSingleSignOn,   // Initiate SAML SSO by redirecting to IdP
-    initiateSingleLogout    // Initiate SAML SLO by redirecting to IdP
-};
-
-const xml = require("xml");
-const zlib = require("zlib");
-const querystring = require("querystring");
-const fs = require("fs");
+import xml from 'xml';
+import zlib from 'zlib';
+import querystring from 'querystring';
+import fs from 'fs';
 
 const initiateSingleSignOn = produceSAMLMessage.bind(null, "AuthnRequest");
 const initiateSingleLogout = produceSAMLMessage.bind(null, "LogoutRequest");
@@ -124,7 +116,14 @@ async function handleSAMLMessage(messageType, r) {
 }
 
 function samlError(r, http_code, id, e) {
-    let msg = r.variables.saml_debug ? e.stack : "ReferenceError: " + e.message;    
+    let msg;
+
+    if (r.variables.saml_debug) {
+        msg = `ReferenceError: ${e.message}\nStack: ${e.stack}`;
+    } else {
+        msg = `ReferenceError: ${e.message}`;
+    }
+
     r.error(`SAML SSO Error: ReferenceID: ${id} ${msg}`);
 
     r.variables.internal_error_message += `ReferenceID: ${id}`;
@@ -1321,22 +1320,20 @@ function parseConfigurationOptions(r, messageType) {
 }
 
 function getEscapeXML() {
-    const fpc = Function.prototype.call;
-    const _replace = fpc.bind(fpc, String.prototype.replace);
-
-    const tbl = {
-        '<': '&lt;',
-        '>': '&gt;',
-        "'": '&apos;',
-        '"': '&quot;',
-        '&': '&amp;',
+    const escapeMap = {
+      '<': '&lt;',
+      '>': '&gt;',
+      "'": '&apos;',
+      '"': '&quot;',
+      '&': '&amp;'
     };
-    tbl.__proto__ = null;
 
-    return function (str) {
-        return _replace(str, /[<>'"&]/g, c => tbl[c]);
-    }
-};
+    return function escapeXML(str) {
+      if (str == null) return '';
+
+      return String(str).replace(/[<>'"&]/g, character => escapeMap[character]);
+    };
+}
 
 function isUrlOrUrn(str) {
     const urlRegEx = /^((?:(?:https?):)\/\/)?((?:(?:[^:@]+(?::[^:@]+)?|[^:@]+@[^:@]+)(?::\d+)?)|(?:\[[a-fA-F0-9:]+]))(\/(?:[^?#]*))?(\\?(?:[^#]*))?(#(?:.*))?$/;
@@ -1373,3 +1370,11 @@ function readKeysFromFile(keyFile) {
         throw Error(`Failed to read private or public key from file "${keyFile}": ${e.message}`);
     }
 }
+
+export default {
+    handleSingleSignOn,     // Process SAML Response form IdP
+    handleSingleLogout,     // Process SAML LogoutRequest and LogoutResponse from IdP
+    handleAllMessages,      // Process all SAML messages from IdP
+    initiateSingleSignOn,   // Initiate SAML SSO by redirecting to IdP
+    initiateSingleLogout    // Initiate SAML SLO by redirecting to IdP
+};