I've managed to do that with another variable inside my configuration file.
# if token is invalid nginx set $secure_link as empty string
if ($secure_link = "") {
set $is_allowed 'forbidden';
}
# if expiration time is gone nginx set $secure_link as 0
if ($secure_link = "0") {
set $is_allowed 'gone';
}
# if status cookie is set $is_allowed get 'authorized' as value
if ($cookie_STATUS = "IS_AUTHORIZED") {
set $is_allowed 'authorized';
}
# return 403 if $is_allowed = forbidden
if ($is_allowed = 'forbidden') {
return 403;
}
# return 410 if $is_allowed = gone
if ($is_allowed = 'gone') {
return 410;
}
Then it proceed normally setting proxy, and other things.
# if token is invalid nginx set $secure_link as empty string
if ($secure_link = "") {
set $is_allowed 'forbidden';
}
# if expiration time is gone nginx set $secure_link as 0
if ($secure_link = "0") {
set $is_allowed 'gone';
}
# if status cookie is set $is_allowed get 'authorized' as value
if ($cookie_STATUS = "IS_AUTHORIZED") {
set $is_allowed 'authorized';
}
# return 403 if $is_allowed = forbidden
if ($is_allowed = 'forbidden') {
return 403;
}
# return 410 if $is_allowed = gone
if ($is_allowed = 'gone') {
return 410;
}
Then it proceed normally setting proxy, and other things.