如何解决nginx auth_request 示例
我正在尝试用更用户友好、更吸引人的东西来代替 http 基本身份验证,而且最重要的是,我的密码管理器可以自动填充这些东西,尤其是在手机上。
我已从 this blog 复制了大部分内容,但此示例使用了跨域 cookie。
所以我做了一些小改动以使其与会话 cookie 一起工作。
这是我的示例文件:
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 0;
gzip on;
server {
listen 80;
listen [::]:80;
server_name www.example.com;
index index.php;
root /var/www/secured;
location / {
auth_request /auth;
try_files $uri $uri/ /index.php?$args;
}
location = /auth {
internal;
proxy_pass http://auth.example.com;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
error_page 401 = @login;
location @login {
proxy_pass http://auth.example.com/?login&return=$http_host;
}
location = /logout {
proxy_pass http://auth.example.com/?logout&return=$http_host;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi.conf;
}
}
server {
listen 80;
listen [::]:80;
server_name auth.example.com;
index index.php;
root /var/www/auth;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi.conf;
}
}
}
/var/www/auth/index.php
<?php
session_start();
if (!isset($_GET['login']) && !isset($_GET['logout'])) {
if (isset($_SESSION['authorized']) && $_SESSION['authorized']) {
http_response_code(200);
} else {
http_response_code(401);
}
die();
}
$error = "";
$loginUser = 'user';
$loginPass = 'pass';
$return = filter_input(INPUT_GET,'return');
if (isset($_GET['logout'])) {
session_destroy();
if (!empty($return)) {
header("Location: http://{$return}");
}
die();
}
if (isset($_POST['submit'])) {
$postUser = filter_input(INPUT_POST,'username');
$postPass = filter_input(INPUT_POST,'password');
$_SESSION['authorized'] = ($postUser === $loginUser && $postPass === $loginPass);
if (!$_SESSION['authorized']) {
$error = "Invalid username or password.";
} else if (!empty($return)) {
header("Location: http://{$return}");
die();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Authentication</title>
<meta http-equiv='content-type' content='text/html;charset=utf-8' />
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="icon" type="image/png" href="icon.png">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css" crossorigin="anonymous" />
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.min.js" crossorigin="anonymous"></script>
<style>
html,body {
height: 100%;
width: 100%;
}
.loginOuter {
align-items: center;
display: flex;
height: 100%;
justify-content: center;
width: 100%;
}
.loginInner {
min-width: 200px;
width: 15%;
}
</style>
</head>
<body>
<div class="loginOuter">
<div class="loginInner">
<form method="POST">
<div class="form-group">
<label for="username"><b>Username:</b></label>
<input type="text" id="username" name="username" value="<?= $loginUser; ?>" class="form-control"/>
</div>
<div class="form-group">
<label for="password"><b>Password:</b></label>
<input type="password" id="password" name="password" value="<?= $loginPass; ?>" class="form-control"/>
</div>
<?php if (!empty($error)) { ?><div class="alert alert-danger" role="alert"><?= $error; ?></div><?php } ?>
<button type="submit" name="submit" class="btn btn-success">Login</button>
<?php if (!empty($return)) { ?><a href="http://<?= $return; ?>" class="btn btn-primary">Cancel</a><?php } ?>
</form>
</div>
</div>
</body>
</html>
/var/www/secured/index.php
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Private</title>
</head>
<body>
<h1>Welcome!</h1><br>
<a href="/logout">Logout</a><br>
<pre>
<?= json_encode($_SERVER,JSON_PRETTY_PRINT) ?>
<?= json_encode($_COOKIE,JSON_PRETTY_PRINT) ?>
<?= json_encode($_POST,JSON_PRETTY_PRINT) ?>
<?= json_encode($_GET,JSON_PRETTY_PRINT) ?>
</pre>
</body>
</html>
我的问题和担心是:我是否在可靠的基本身份验证中戳了一个大洞?
谢谢
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。