Use OpenSSL ERR_get_error() to pop an error

This addition fixes the following alert in nginx logs:

[alert] ignoring stale global SSL error

See: openresty/lua-resty-string#65

app/cipher.lua

@@ -1,9 +1,56 @@
-local aes = require('resty.aes')
+local ffi = require('ffi')
 
+local aes = require('resty.aes')
 local aes_params = require('app.config').aes
 
+local string_format = string.format
+
+local ffi_new = ffi.new
+local ffi_string = ffi.string
+local C = ffi.C
+
+
+ffi.cdef[[
+  unsigned long ERR_get_error(void);
+  void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+]]
+
+
+local _M = {}
+
+-- https://github.com/openresty/lua-resty-string/pull/65
+local get_error = function(op)
+    local errno = C.ERR_get_error()
+    if errno == 0 then
+        return nil
+    end
+    local msg = ffi_new('char[?]', 256)
+    C.ERR_error_string_n(errno, msg, 256)
+    return string_format('AES %s error: %s', op, ffi_string(msg))
+end
+
+local aes_obj = aes:new(
+  aes_params.key,
+  aes_params.salt,
+  aes.cipher(aes_params.size, aes_params.mode),
+  aes_params.hash and aes.hash[aes_params.hash],
+  aes_params.hash_rounds
+)
+
+_M.encrypt = function(data)
+  data = aes_obj:encrypt(data)
+  if not data then
+    return nil, get_error('encrypt')
+  end
+  return data
+end
+
+_M.decrypt = function(data)
+  data = aes_obj:decrypt(data)
+  if not data then
+    return nil, get_error('decrypt')
+  end
+  return data
+end
 
-local hash = aes_params.hash and aes.hash[aes_params.hash]
-local cipher = aes.cipher(aes_params.size, aes_params.mode)
-return aes:new(aes_params.key, aes_params.salt, cipher,
-               hash, aes_params.hash_rounds)
+return _M

app/tinyid.lua

@@ -4,6 +4,9 @@ local cipher = require('app.cipher')
 local mediatypes = require('app.mediatypes')
 local utils = require('app.utils')
 
+local cipher_encrypt = cipher.encrypt
+local cipher_decrypt = cipher.decrypt
+
 local DEFAULT_TYPE_ID = mediatypes.DEFAULT_TYPE_ID
 local ID_TYPE_MAP = mediatypes.ID_TYPE_MAP
 local decode_urlsafe_base64 = utils.decode_urlsafe_base64
@@ -25,7 +28,7 @@ _M.encode = function(params)
     file_id_bytes,
     media_type_byte,
   }
-  local tiny_id_encr_bytes = cipher:encrypt(tiny_id_raw_bytes)
+  local tiny_id_encr_bytes = cipher_encrypt(tiny_id_raw_bytes)
   return base58:encode(tiny_id_encr_bytes)
 end
 
@@ -35,9 +38,9 @@ _M.decode = function(tiny_id)
   if not tiny_id_encr_bytes then
     return nil, err
   end
-  local tiny_id_raw_bytes = cipher:decrypt(tiny_id_encr_bytes)
+  local tiny_id_raw_bytes, err = cipher_decrypt(tiny_id_encr_bytes)   -- luacheck: ignore 411
   if not tiny_id_raw_bytes then
-    return nil, 'AES decrypt error'
+    return nil, err
   end
   -- get file_id size
   local file_id_size = string.byte(tiny_id_raw_bytes:sub(1, 1))

app/views/get-file.lua

@@ -23,6 +23,9 @@ local ngx_HTTP_NOT_MODIFIED = ngx.HTTP_NOT_MODIFIED
 local ngx_HTTP_NOT_FOUND = ngx.HTTP_NOT_FOUND
 local ngx_HTTP_BAD_GATEWAY = ngx.HTTP_BAD_GATEWAY
 
+local cipher_encrypt = cipher.encrypt
+local cipher_decrypt = cipher.decrypt
+
 local log = utils.log
 local error = utils.error
 local escape_uri = utils.escape_uri
@@ -51,7 +54,7 @@ end
 local encode_etag = function(etag)
   etag = unquote_etag(etag)
   if not etag then return nil end
-  etag = base58:encode(cipher:encrypt(etag))
+  etag = base58:encode(cipher_encrypt(etag))
   return string_format('"%s"', etag)
 end
 
@@ -60,7 +63,7 @@ local decode_etag = function(etag)
   if not etag then return nil end
   etag = base58:decode(etag)
   if not etag then return nil end
-  etag = cipher:decrypt(etag)
+  etag = cipher_decrypt(etag)
   if not etag then return nil end
   return string_format('"%s"', etag)
 end

app/views/webhook.lua

@@ -86,7 +86,7 @@ local forward_message = function(message)
       message_id = message.message_id,
     },
   }
-  local res, err = request_tg_server(conn, params, true)  -- luacheck: ignore 411
+  local res, err = request_tg_server(conn, params, true)   -- luacheck: ignore 411
   if not res then
     log(ngx_ERR, 'tg api request error: %s', err)
     return