nginx auth_request:成功验证后如何添加GET参数

huangapple go评论76阅读模式
英文:

nginx auth_request: How to add GET parameters after successful authentication

问题

抱歉,以下是翻译好的部分:

抱歉,这可能是一个相当简单的问题,但我觉得nginx有点令人困惑。

我正在使用nginx中的auth_request模块来对Django用户进行身份验证,以使用Flask应用程序。如果身份验证成功,我想要检索用户所属的Django用户组列表,并将它们添加为结果proxy_pass的GET参数。有没有一种方法可以实现这个?

以下是我目前的相关部分。确认一下,端口8000用于Django身份验证,端口8080用于Flask应用程序:

location /portal/heatmap/ {
    auth_request /auth;

    proxy_pass http://127.0.0.1:8080;
}

location /auth {
    internal;
    proxy_pass http://127.0.0.1:8000/portal/auth;
}
英文:

Sorry this is probably a rather simple question, but I can find nginx rather confusing.

I am using the auth_request module in nginx to authenticate users with Django to use a Flask app. If the authentication is successful, I want to retrieve a list of the Django groups the user is part of and add them as GET parameters to the resulting proxy_pass. Is there a way to do this?

Here's the relevant portion of what I have so far. To confirm, port 8000 is for the Django authentication and port 8080 is for the Flask app:

location /portal/heatmap/ {
    auth_request /auth;

    proxy_pass http://127.0.0.1:8080;
}

location /auth {
    internal;
    proxy_pass http://127.0.0.1:8000/portal/auth;
}

答案1

得分: 0

以下是翻译好的部分:

  1. 从概念上讲,认证模块应该只负责认证,不应该返回与认证无关的内容,比如用户的组信息。因此,组信息需要在认证模块外部生成并传递给它,而不是由认证模块产生。
  2. 但是在 nginx 中,GET 参数不会传递给 auth_module。相反,必须在 auth_request 中添加一个标头,其中包含包含 GET 参数的原始 URI 请求。为此,请在认证位置添加 proxy_set_header X-Original-URI $request_uri;。然后,在认证应用程序中,HTML 标头 X-Original-URI 将包含应用程序需要解析的 GET 参数。
英文:

So there are two issues with this.

  1. Conceptually, an authentication module should only be authenticating and shouldn't return anything other than things related to authentication. It should not be adding things unrelated such as a user's groups. So the group information needs to be generated and passed to the authentication module instead of originating from it.
  2. But GET parameters are not passed to auth_module in nginx. Instead, a header must be added to the auth_request which contains the original URI request that includes the GET parameters. To do this, add proxy_set_header X-Original-URI $request_uri; in the authentication location. Then, in the authentication app, the HTML header X-Original-URI will have the GET parameters which the app will need to parse.
location /auth {
    internal;
    proxy_pass http://127.0.0.1:8000/portal/auth;
    proxy_set_header        X-Original-URI $request_uri;
}

huangapple
  • 本文由 发表于 2023年6月9日 06:37:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/76436130.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定