Ingest-Only Mode Support

[rswalkden]

This pull request introduces several improvements and new features to the Netacea NGINX integration, focusing on enhanced session and cookie handling, more flexible real IP extraction, and improved documentation. The most significant changes include replacing the secretKey configuration with cookieEncryptionKey, supporting indexed parsing of real IP headers, and improving the robustness of cookie parsing and error handling.

Configuration and Backwards Compatibility:

• Replaces the secretKey configuration option with cookieEncryptionKey for cookie encryption, while retaining secretKey as a backwards-compatible alias. All relevant code and documentation have been updated to use the new name. [1] [2] [3]

Session and Cookie Handling:

• Updates all cookie-related functions to use cookieEncryptionKey instead of secretKey, including encryption, decryption, and parsing. Adds improved error handling for invalid or missing cookies, ensuring invalid sessions are handled gracefully. [1] [2] [3] [4] [5]
• Introduces a new method refreshIngestSession to handle session refreshes in ingest-only mode, and updates mitigate logic to support this flow.

Real IP Header Extraction:

• Adds support for parsing real IP headers as comma-separated lists, allowing selection by index (including negative indices for reverse selection). Updates utility functions and all relevant code paths to support this, and documents the feature in the README. [1] [2] [3] [4]

Documentation Improvements:

• Expands the README with detailed configuration examples, including a new section for ingest-only mode and guidance on real IP header indexing. Updates all instructions to reflect the new configuration options and best practices. [1] [2] [3]

Testing and Robustness:

• Enhances test coverage for cookie parsing and error handling, ensuring invalid or malformed cookies are properly detected and handled. Adds tests for JWT decryption failures and header parsing logic. [1] [2] [3] [4] [5] [6]

Other minor updates include version bumps in the rockspec and Dockerfile, and improved default values for several fields in the ingest pipeline. [1] [2] [3] [4]