Created
March 15, 2016 22:16
-
-
Save fanda/b4544e3bf0901db6cca4 to your computer and use it in GitHub Desktop.
Nginx HTTP gateway with authentication against PostgreSQL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name auth.localdomain; | |
root /home/fanda/devel/static/auth/; | |
index auth.html; | |
error_page 403 /account.html; | |
access_log /home/fanda/nginx/development/logs/access.log; | |
error_log /home/fanda/nginx/development/logs/error.log; | |
add_header Access-Control-Allow-Origin '*'; | |
access_by_lua_file lua/csrf_protection.lua; | |
# not secured requests | |
location ~/(login)|(register)|(passwd)/ { | |
proxy_pass http://auth_server$uri; | |
} | |
location ~/auth/(.*) { | |
internal; | |
set_quote_sql_str $access_token $cookie_a; | |
set_quote_sql_str $service_name $1; | |
postgres_pass development; | |
postgres_query "SELECT token FROM service.authorizations WHERE access_token=$access_token AND service=$service_name"; | |
postgres_rewrite no_rows 403; | |
postgres_set $auth_token 0 0 required; | |
postgres_output none; | |
} | |
location /logout { | |
# log out here is very simple | |
set_quote_sql_str $access_token $cookie_a; | |
postgres_pass develo; | |
postgres_query "DELETE FROM access_tokens WHERE token=$access_token"; | |
postgres_output none; | |
} | |
# vvv secured requests vvv # | |
# ... | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment