fix auth

1 files changed, 17 insertions, 13 deletions

diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
index 3066042..8420010 100644
--- a/etc/nginx/sites-enabled/test.site
+++ b/etc/nginx/sites-enabled/test.site
@@ -200,29 +200,33 @@ server {
     proxy_set_header X-Forwarded-Proto "https";
   }
 
-  location / {
+  location /public {
     # Redirection technique explainted at
     # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
     error_page 418 = @blue;
     error_page 419 = @green;
     recursive_error_pages on;
 
-    # This is very ugly, but necessary since NGINX
-    # can't do multiple conditions or nexted ifs
+    if ($http_x_taler_deployment_color ~ "blue") { return 418; }
+    if ($http_x_taler_deployment_color ~ "green") { return 419; }
+    proxy_set_header X-Forwarded-Host "backend.test.taler.net";
+    proxy_set_header X-Forwarded-Proto "https";
+    proxy_pass http://unix:/home/test/sockets/merchant.http:/public;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+  }
 
-    if ($request_filename !~ "^/public/?.*$") {
-      # restricted!
-      set $authresult "r";
-    }
+  location / {
+    # Redirection technique explainted at
+    # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
+    error_page 418 = @blue;
+    error_page 419 = @green;
+    recursive_error_pages on;
 
-    if ($http_authorization = "ApiKey sandbox") {
-      # auth successful
-      set $authresult "${authresult}y";
-    }
-    if ($authresult = "r") {
-      # restricted but not authorized
+    if ($http_authorization != "ApiKey sandbox") {
       return 401;
     }
+
     if ($http_x_taler_deployment_color ~ "blue") { return 418; }
     if ($http_x_taler_deployment_color ~ "green") { return 419; }
     proxy_set_header X-Forwarded-Host "backend.test.taler.net";