From 264d673019c20d7705b0c30bd4f4d3e93908386e Mon Sep 17 00:00:00 2001 From: Chika Date: Wed, 30 Nov 2022 18:46:08 +0300 Subject: [PATCH] fix authentication add example nginx.conf --- .env | 2 +- apps/api/src/auth/auth.controller.ts | 8 ++-- apps/api/src/users/users.controller.ts | 2 +- example/nginx.conf | 55 ++++++++++++++++++++++++++ nginx.conf | 13 +++--- 5 files changed, 68 insertions(+), 12 deletions(-) create mode 100644 example/nginx.conf diff --git a/.env b/.env index ae01282..c31a581 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ NETWORK_NAME= -WEB_APP_BASE_PATH= +WEB_APP_BASE_PATH=/login WEB_APP_TITLE= WEB_APP_DESCRIPTION= diff --git a/apps/api/src/auth/auth.controller.ts b/apps/api/src/auth/auth.controller.ts index 2e266e3..1b55052 100644 --- a/apps/api/src/auth/auth.controller.ts +++ b/apps/api/src/auth/auth.controller.ts @@ -6,7 +6,7 @@ import { AuthService } from './auth.service'; import { COOKIE_TOKEN_NAME } from './lib/constants'; import type { Credentials } from './types/request'; -@Controller('auth') +@Controller() export class AuthController { cookieOptions: { maxAge: number; path: string }; constructor(private readonly authService: AuthService) { @@ -43,7 +43,7 @@ export class AuthController { return invalidPasswordURI; } - @Post('/login') + @Post('/signin') async login(@Req() req: FastifyRequest, @Res() reply: FastifyReply) { const targetUri = this.getTargetUri(req); const { login, password } = req.body as Credentials; @@ -72,8 +72,8 @@ export class AuthController { return reply.status(302).redirect('/login'); } - @Get('/check-token') - async checkToken(@Req() req: FastifyRequest, @Res() reply: FastifyReply) { + @Get('/auth') + async auth(@Req() req: FastifyRequest, @Res() reply: FastifyReply) { const token = req.cookies[COOKIE_TOKEN_NAME]; try { diff --git a/apps/api/src/users/users.controller.ts b/apps/api/src/users/users.controller.ts index b3194fd..6785a23 100644 --- a/apps/api/src/users/users.controller.ts +++ b/apps/api/src/users/users.controller.ts @@ -5,7 +5,7 @@ import { FastifyReply, FastifyRequest } from 'fastify'; import { COOKIE_TOKEN_NAME } from '../auth/lib/constants'; import { UsersService } from './users.service'; -@Controller('users') +@Controller() export class UsersController { constructor(private readonly usersService: UsersService) {} diff --git a/example/nginx.conf b/example/nginx.conf new file mode 100644 index 0000000..41ed452 --- /dev/null +++ b/example/nginx.conf @@ -0,0 +1,55 @@ + +worker_processes 4; + +events { + worker_connections 1024; +} + + +http { + + upstream auth_server { + server auth_server:80; + } + + upstream application { + server application:3000; + } + + server { + listen 80; + include /etc/nginx/mime.types; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + + error_page 401 /login; + + location = /auth { + internal; + + proxy_pass http://auth_server; + + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Original-Remote-Addr $remote_addr; + proxy_set_header X-Original-Host $host; + } + + location ~ ^/(login|signin|logout|get-user) { + proxy_pass http://auth_server; + } + + + location / { + auth_request /auth; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_pass http://application/; + } + + } +} \ No newline at end of file diff --git a/nginx.conf b/nginx.conf index f640521..8a13453 100644 --- a/nginx.conf +++ b/nginx.conf @@ -27,14 +27,15 @@ http { proxy_cache_bypass $http_upgrade; location / { - proxy_pass http://web; + proxy_pass http://api/; } - location /api/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://api/; + location /login { + proxy_pass http://web; + + limit_except GET { + deny all; + } } } } \ No newline at end of file