symfony - How to use varnish with RESTful Api using Oauth2 protocol?

Question

I have a RESTful Api written in Symfony2 using FosOauth2Serverbundle, FosRestBundle and FosUserBundle. I am planing to bring varnish in front of my api as reverse proxy. Since my app using my api always send access_token as parameter or header varnish caches almost every request as different requests and it is not effective. Because i use user of access_token in my controller for security and sometimes for content, i can not remove access_token from request completely from request in vcl_recv. After several search on internet, i come across a solution for authentication http://www.adayinthelifeof.nl/2012/07/06/using-varnish-to-offload-and-cache-your-oauth-requests/ . However, i can not figure out how to tell FosUserBundle current user in header to pass security in security.yml:

  access_control:
   - { path: ^/2013-08-30/foo$, role: ROLE_USER, requires_channel: https, methods: [GET] }

In short, How can i tell FosUserBundle current user in request(send from varnish) header?

Answer 1

有几种方法可以解决此类问题，如果您希望两个稍微不同的请求返回相同的响应（即请求仅通过 API 密钥 GET 参数不同），最快和最简单的解决方案是使用自定义清漆的唯一性定义vcl_hash 中的 hash_data 函数。您只需删除所有无助于使响应与众不同的 url 元素并将其散列。例如，如果 url 包含“access_token”，则从哈希键中删除所有 GET 参数：

sub vcl_hash {
  if (req.url ~ "access_token"){
    set req.url = regsub(req.url, "^https?://(.*)\?access_token=.*$","\1");
  }
  hash_data(req.url);
}

换句话说，这会将 mydomain.com/some/restful/request?access_token=abc 和 mydomain.com/some/restful/request?access_token=def 缓存为匹配项。

如果响应与应该唯一的小区域基本相同（即大型 JSON 响应中的一个值，或标题中显示“欢迎用户名！”的 div），您可以使用边缘侧包含。当然，问题是这需要对后端返回的内容进行自定义。