From 95870c95930ed0decd6d12dfae849a310e24f5cd Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Mon, 5 Feb 2018 13:34:00 +0100
Subject: apikey auth for demo

---
 etc/nginx/sites-enabled/demo.site | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'etc/nginx')

diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site
index 70e0a2d..7017a24 100644
--- a/etc/nginx/sites-enabled/demo.site
+++ b/etc/nginx/sites-enabled/demo.site
@@ -81,10 +81,25 @@ server {
   server_name backend.demo.taler.net;
   include conf.d/talerssl;
 
-  location / {
+  location /public {
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host "backend.test.taler.net";
+    proxy_set_header X-Forwarded-Proto "https";
     proxy_pass http://unix:/home/demo/sockets/merchant.http:/;
+  }
+
+  location / {
+    # match the ApiKey part ignoring case, and the actual key
+    # with case-sensitivity on.
+    if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") {
+      return 401;
+    }
     proxy_redirect off;
     proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host "backend.test.taler.net";
+    proxy_set_header X-Forwarded-Proto "https";
+    proxy_pass http://unix:/home/demo/sockets/merchant.http:/;
   }
 }
 
-- 
cgit v1.2.3