如何将 url 参数从 Nginx 转发到我服务器的 API 以便我可以 allow/disallow 用户查看某些文件?
How to forward url parameters from Nginx to my server's API so I can allow/disallow users to view certain files?
我正在尝试创建一个 "allowed users only" 部分,我设法做到了这一点,但我被卡住了。
我使用 Nginx 的 auth_request 模块和 Express.js。
如何将请求的 url 发送到我的 api 路由?
"/" 是通用的 URL,但是 /api/:filename 应该只在访问者试图访问文件时触发,无论文件的位置是什么 / URL是。总之,我想做的是,"okay, I'm Nginx and I see that some visitor tries to access this file (or files, it checks individually). let's pass this file's name to Express.js server and let it check whether this user is allowed to see this image or not. If it says 200, I'll allow it. If it's 403, then no."
app.get('/api/:filename', function(req,res,next) {
// This part decides what you're allowed to see.
// Redis database query. Returns 0 or 1.
// 1 means 200, 0 means 403.
res.sendStatus(200);
// It works if I omit :filename part, so this part is done in theory,
// but we didn't get the file name, so right now all we have is "yes
// to all" or "no to all", it's not dynamic.
});
问题是,我不知道如何将请求的 url 参数从 Nginx 传递到我的 Express.js 应用程序(例如 image.jpg、video.mp4 http://localhost/api/:filename 格式)所以我可以检查用户对数据库的权限和 return 每个文件的动态响应。
这是我的 Nginx 配置。
upstream localhost {
ip_hash;
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 80;
server_name localhost;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf)$ {
root images;
auth_request /api; // How to append requested filename to this URL?
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://localhost;
}
}
编辑 1
location = /api {
proxy_pass http://localhost;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
为“/api”定义自定义位置并将/api$request_uri(原始uri)附加到proxy_pass;
location = /api {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://localhost/api$request_uri;
}
我正在尝试创建一个 "allowed users only" 部分,我设法做到了这一点,但我被卡住了。
我使用 Nginx 的 auth_request 模块和 Express.js。
如何将请求的 url 发送到我的 api 路由?
"/" 是通用的 URL,但是 /api/:filename 应该只在访问者试图访问文件时触发,无论文件的位置是什么 / URL是。总之,我想做的是,"okay, I'm Nginx and I see that some visitor tries to access this file (or files, it checks individually). let's pass this file's name to Express.js server and let it check whether this user is allowed to see this image or not. If it says 200, I'll allow it. If it's 403, then no."
app.get('/api/:filename', function(req,res,next) {
// This part decides what you're allowed to see.
// Redis database query. Returns 0 or 1.
// 1 means 200, 0 means 403.
res.sendStatus(200);
// It works if I omit :filename part, so this part is done in theory,
// but we didn't get the file name, so right now all we have is "yes
// to all" or "no to all", it's not dynamic.
});
问题是,我不知道如何将请求的 url 参数从 Nginx 传递到我的 Express.js 应用程序(例如 image.jpg、video.mp4 http://localhost/api/:filename 格式)所以我可以检查用户对数据库的权限和 return 每个文件的动态响应。
这是我的 Nginx 配置。
upstream localhost {
ip_hash;
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 80;
server_name localhost;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf)$ {
root images;
auth_request /api; // How to append requested filename to this URL?
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://localhost;
}
}
编辑 1
location = /api {
proxy_pass http://localhost;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
为“/api”定义自定义位置并将/api$request_uri(原始uri)附加到proxy_pass;
location = /api {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://localhost/api$request_uri;
}