fix authentication

add example nginx.conf
2022-11-30 18:46:08 +03:00 · 2022-11-30 18:46:08 +03:00 · 264d673019
commit 264d673019
parent b8b9597156
5 changed files with 68 additions and 12 deletions
--- a/.env
+++ b/.env
@ -1,6 +1,6 @@
 NETWORK_NAME=

-WEB_APP_BASE_PATH=
+WEB_APP_BASE_PATH=/login
 WEB_APP_TITLE=
 WEB_APP_DESCRIPTION=

--- a/apps/api/src/auth/auth.controller.ts
+++ b/apps/api/src/auth/auth.controller.ts
@ -6,7 +6,7 @@ import { AuthService } from './auth.service';
 import { COOKIE_TOKEN_NAME } from './lib/constants';
 import type { Credentials } from './types/request';

-@Controller('auth')
+@Controller()
 export class AuthController {
  cookieOptions: { maxAge: number; path: string };
  constructor(private readonly authService: AuthService) {
@ -43,7 +43,7 @@ export class AuthController {
    return invalidPasswordURI;
  }

-  @Post('/login')
+  @Post('/signin')
  async login(@Req() req: FastifyRequest, @Res() reply: FastifyReply) {
    const targetUri = this.getTargetUri(req);
    const { login, password } = req.body as Credentials;
@ -72,8 +72,8 @@ export class AuthController {
    return reply.status(302).redirect('/login');
  }

-  @Get('/check-token')
-  async checkToken(@Req() req: FastifyRequest, @Res() reply: FastifyReply) {
+  @Get('/auth')
+  async auth(@Req() req: FastifyRequest, @Res() reply: FastifyReply) {
    const token = req.cookies[COOKIE_TOKEN_NAME];

    try {
--- a/apps/api/src/users/users.controller.ts
+++ b/apps/api/src/users/users.controller.ts
@ -5,7 +5,7 @@ import { FastifyReply, FastifyRequest } from 'fastify';
 import { COOKIE_TOKEN_NAME } from '../auth/lib/constants';
 import { UsersService } from './users.service';

-@Controller('users')
+@Controller()
 export class UsersController {
  constructor(private readonly usersService: UsersService) {}

--- a/example/nginx.conf
+++ b/example/nginx.conf
@ -0,0 +1,55 @@
+
+worker_processes 4;
+
+events {
+    worker_connections 1024;
+}
+
+
+http {
+
+    upstream auth_server {
+        server auth_server:80;
+    }
+
+    upstream application {
+        server application:3000;
+    }
+
+    server {
+        listen 80;
+        include /etc/nginx/mime.types;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+
+        error_page 401 /login;
+
+        location = /auth {
+            internal;
+
+            proxy_pass http://auth_server;
+
+            proxy_pass_request_body off;
+            proxy_set_header Content-Length "";
+            proxy_set_header X-Original-URI $request_uri;
+            proxy_set_header X-Original-Remote-Addr $remote_addr;
+            proxy_set_header X-Original-Host $host;
+        }
+
+        location ~ ^/(login|signin|logout|get-user) {
+            proxy_pass http://auth_server;
+        }
+
+
+        location / {
+            auth_request /auth;
+            auth_request_set $auth_cookie $upstream_http_set_cookie;
+            add_header Set-Cookie $auth_cookie;
+            proxy_pass http://application/;
+        }
+
+    }
+}
--- a/nginx.conf
+++ b/nginx.conf
@ -27,14 +27,15 @@ http {
        proxy_cache_bypass $http_upgrade;

        location / {
-            proxy_pass http://web;
+            proxy_pass http://api/;
        }

-        location /api/ {
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_pass http://api/;
+        location /login {
+            proxy_pass http://web;
+
+            limit_except GET {
+                deny all;
+            }
        }
    }
 }