4

我正在尝试使用auth_request模块来检查是否允许用户访问某个文件。用户在 上发布请求/my/download/uri/<File ID>。我希望将授权请求发布在auth_service:9999/files/<File ID>。我的配置的相关部分如下:

location /my/download/uri {
    auth_request /auth/files/$uri;
    alias /my/file/directory;
}
location /auth {
    internal;
    proxy_pass http://auth_service:9999/;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
}

请求由授权服务接收,但字面意思是 /files/$uri; 变量未放置。我尝试先通过变量准备好 URI set,但无济于事。如何让 nginx 正确引导授权请求?

(注意:我知道我可以通过 将原始请求包含在授权请求的标头中X-Original-URI。但是,这意味着我必须在授权服务器上对完整 URI 进行额外处理才能获取相关数据,我宁愿这样做如果有办法首先将授权请求发布到正确的 URI,则不这样做。)

4

1 回答 1

0

You cant use variables in auth_request this is apparently a design choice for nginx https://trac.nginx.org/nginx/ticket/761 I came up with this through trial and error. I had trouble putting $uri in a variable, not sure why.

location ~ /my/download/uri/(.*) {
    set $key $1
    auth_request /auth;
    alias /my/file/directory;
}
location /auth {
    internal;
    proxy_pass http://auth_service:9999/$key;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
}
于 2021-05-20T06:35:42.207 回答