英文:
nginx auth_request: How to add GET parameters after successful authentication
问题
抱歉,以下是翻译好的部分:
抱歉,这可能是一个相当简单的问题,但我觉得nginx有点令人困惑。
我正在使用nginx中的auth_request
模块来对Django用户进行身份验证,以使用Flask应用程序。如果身份验证成功,我想要检索用户所属的Django用户组列表,并将它们添加为结果proxy_pass
的GET参数。有没有一种方法可以实现这个?
以下是我目前的相关部分。确认一下,端口8000用于Django身份验证,端口8080用于Flask应用程序:
location /portal/heatmap/ {
auth_request /auth;
proxy_pass http://127.0.0.1:8080;
}
location /auth {
internal;
proxy_pass http://127.0.0.1:8000/portal/auth;
}
英文:
Sorry this is probably a rather simple question, but I can find nginx rather confusing.
I am using the auth_request
module in nginx to authenticate users with Django to use a Flask app. If the authentication is successful, I want to retrieve a list of the Django groups the user is part of and add them as GET parameters to the resulting proxy_pass
. Is there a way to do this?
Here's the relevant portion of what I have so far. To confirm, port 8000 is for the Django authentication and port 8080 is for the Flask app:
location /portal/heatmap/ {
auth_request /auth;
proxy_pass http://127.0.0.1:8080;
}
location /auth {
internal;
proxy_pass http://127.0.0.1:8000/portal/auth;
}
答案1
得分: 0
以下是翻译好的部分:
- 从概念上讲,认证模块应该只负责认证,不应该返回与认证无关的内容,比如用户的组信息。因此,组信息需要在认证模块外部生成并传递给它,而不是由认证模块产生。
- 但是在 nginx 中,GET 参数不会传递给
auth_module
。相反,必须在auth_request
中添加一个标头,其中包含包含 GET 参数的原始 URI 请求。为此,请在认证位置添加proxy_set_header X-Original-URI $request_uri;
。然后,在认证应用程序中,HTML 标头X-Original-URI
将包含应用程序需要解析的 GET 参数。
英文:
So there are two issues with this.
- Conceptually, an authentication module should only be authenticating and shouldn't return anything other than things related to authentication. It should not be adding things unrelated such as a user's groups. So the group information needs to be generated and passed to the authentication module instead of originating from it.
- But GET parameters are not passed to
auth_module
in nginx. Instead, a header must be added to theauth_request
which contains the original URI request that includes the GET parameters. To do this, addproxy_set_header X-Original-URI $request_uri;
in the authentication location. Then, in the authentication app, the HTML headerX-Original-URI
will have the GET parameters which the app will need to parse.
location /auth {
internal;
proxy_pass http://127.0.0.1:8000/portal/auth;
proxy_set_header X-Original-URI $request_uri;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论