我正在研究 nginx auth_request 模块,以便在对我的服务器的所有传入请求上放置一个身份验证层。目标是首先将每个 url 请求传递到登录页面,检查授权,然后重定向到为该 url 提到的特定页面。对于身份验证,我使用了一个简单的烧瓶应用程序,成功时返回 200,错误时返回 401。
我面临的问题是,在成功验证后,nginx 会给出 404 错误,而不是重定向到提到的 url。
server {
listen 8080;
server_name _;
location /url_1 {
auth_request /auth_pass;
error_page 401 = @error401;
auth_request_set $user $upstream_http_x_user;
auth_request_set $auth_status $upstream_status;
proxy_set_header x-user $user;
#the aim here is to redirect to google.com on successful authentication.
proxy_pass http://www.google.com;
}
location = /auth_pass {
internal;
proxy_pass http://flask_app_server_address/login;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
#error_page 401 = @error401;
location @error401{
return 302 http://flask_app_server_address/login?url=$request_uri;}
}
另外,这里是我写的flask-app登录功能。
def login():
if request.method=="GET":
redirect_url=request.args.get('url')
if flask_login.current_user.is_authenticated:
return app.response_class(status=200)
print "failed is_authenticated check"
return render_template('login.html',redirect_url=redirect_url),401
else:
data= request.form
username=data['username']
password=data['password']
redirect_url=data['requestParam']
user=User.query.filter_by(login=username).first()
if user is None or not (check_password_hash(user.password,password) or (user.password==password)):
print "failed to login"
return redirect('http://server_ip'+redirect_url),401
flask_login.login_user(user)
return redirect('http://server_ip'+redirect_url),302