From f0c746b30f4e3e99b799aca830bce4a13db330b1 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Mon, 29 Jan 2018 23:55:49 +0100
Subject: protect test backend with apikey

---
 etc/nginx/sites-enabled/test.site | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
index c5e1949..78c95b9 100644
--- a/etc/nginx/sites-enabled/test.site
+++ b/etc/nginx/sites-enabled/test.site
@@ -206,6 +206,23 @@ server {
     error_page 418 = @blue;
     error_page 419 = @green;
     recursive_error_pages on;
+
+    # This is very ugly, but necessary since NGINX
+    # can't do multiple conditions or nexted ifs
+
+    if ($request_filename !~ "^/public/?.*$") {
+      # restricted!
+      set $authresult "r";
+    }
+
+    if ($http_authorization = "ApiKey sandbox") {
+      # auth successful
+      set $authresult "${authresult}y";
+    }
+    if ($authresult = "r") {
+      # restricted but not authorized
+      return 401 "Unauthorized";
+    }
     if ($http_x_taler_deployment_color ~ "blue") { return 418; }
     if ($http_x_taler_deployment_color ~ "green") { return 419; }
     proxy_set_header X-Forwarded-Host "backend.test.taler.net";
-- 
cgit v1.2.3