diff options
author | Florian Dold <florian.dold@gmail.com> | 2018-01-29 23:55:49 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2018-01-29 23:55:49 +0100 |
commit | f0c746b30f4e3e99b799aca830bce4a13db330b1 (patch) | |
tree | 487eadf7d1803bb7a6f7326fc1dee65f6d165cbb | |
parent | 4d0f03c4992455a71e2cde3ddc5fe1ae162ab44e (diff) | |
download | deployment-f0c746b30f4e3e99b799aca830bce4a13db330b1.tar.gz deployment-f0c746b30f4e3e99b799aca830bce4a13db330b1.tar.bz2 deployment-f0c746b30f4e3e99b799aca830bce4a13db330b1.zip |
protect test backend with apikey
-rw-r--r-- | etc/nginx/sites-enabled/test.site | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index c5e1949..78c95b9 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -206,6 +206,23 @@ server { error_page 418 = @blue; error_page 419 = @green; recursive_error_pages on; + + # This is very ugly, but necessary since NGINX + # can't do multiple conditions or nexted ifs + + if ($request_filename !~ "^/public/?.*$") { + # restricted! + set $authresult "r"; + } + + if ($http_authorization = "ApiKey sandbox") { + # auth successful + set $authresult "${authresult}y"; + } + if ($authresult = "r") { + # restricted but not authorized + return 401 "Unauthorized"; + } if ($http_x_taler_deployment_color ~ "blue") { return 418; } if ($http_x_taler_deployment_color ~ "green") { return 419; } proxy_set_header X-Forwarded-Host "backend.test.taler.net"; |