5

我正在限制与经过身份验证的第三方 API 交互的纯客户端 COR 演示应用程序的 IP。我有一个正在运行的“中间件”服务器,我用它来代理从 CORs 应用程序到第三方 API 的请求,但是我无法将基本身份验证凭据注入到这些代理请求中。

isAllowed = (req, res, next) -> # Do IP check here.

base64Encode = (unencoded) -> new Buffer(unencoded or '').toString 'base64'

app.all "/demoproxy/*", isAllowed, (req, res) ->

  req.url = "/" + req.url.split("/").slice(2).join("/")

  userPass = base64Encode "#{process.env.DEMO_USERNAME}:#{process.env.DEMO_PASSWORD}"

   # This doesn't work.
   # res.setHeader 'Authorization',  "Basic #{userPass}"

   # This doesn't work either.
   ###res.oldWriteHead = res.writeHead

   res.writeHead = (statusCode, headers) ->

     headers = { }
     headers['Authorization'] = "Basic #{userPass}"
     res.oldWriteHead statusCode, headers###

    proxy = new httpProxy.HttpProxy
      target:
        host: 'remote-api.com'
        port: 80

    proxy.proxyRequest req, res

这样做的正确方法是什么?

4

2 回答 2

13

在这种情况下,我认为您想在请求(req)对象上设置授权标头,而不是响应(res)。如果需要对 remote-api.com 进行身份验证,那么它需要知道您发送给它的请求。proxy.proxyRequest也许在提出请求之前尝试以下操作

req.headers["authorization"] = "Basic #{userPass}"

req对象没有 setHeader 函数,headers 属性只是一个 javascript 对象/映射。希望对您有所帮助...

于 2013-06-20T16:49:01.123 回答
0

以下是一些适用于我的代码,例如:

# Demo server requiring basic authentication
servAuth = require("http").createServer (req, res) ->
  if auth = req.headers?.authorization
    res.statusCode = 200
    res.end "Good job, you sent '#{auth}'"
  else
    res.statusCode = 401
    res.end "How about you authenticate first?"
servAuth.listen(8090)

# Proxy server which checks the IP address and then proxies the request
servProxy = require("http-proxy").createServer (req, res, proxy) ->
  checkIP req, (err, isOK) ->
    # something wrong happened even with the IP address checking
    if err
      res.statusCode = 500
      res.end "Sorry, everything got fargled", "ascii"
    # IP address not allowed
    else if not isOK
      res.statusCode = 403
      res.end "You ain't from around here, are you?", "ascii"
    # all good, proxy the request with basic auth added
    else
      userPass = new Buffer("#{process.env.USERNAME}:#{process.env.PASSWORD}", "ascii")
      userPass = userPass.toString("base64")
      req.headers.authorization = "Basic #{userPass}"
      proxy.proxyRequest req, res, {
        host: "localhost"
        port: 8090
      }
servProxy.listen(8080)

# asynchronous IP address checking
checkIP = (req, done) ->
  # TODO: implement whatever custom IP checking
  # this example just says everything is OK
  done( null, true )
于 2013-07-01T10:43:58.407 回答