mirror of
https://github.com/bpetschowitsch/weba.git
synced 2026-06-01 16:39:42 +00:00
bpetschowitsch
95 lines
2.1 KiB
Markdown
95 lines
2.1 KiB
Markdown
# API-Key
|
|
|
|
## Validation using Nginx only
|
|
|
|
A very simple example to validate api keys directly via Nginx
|
|
|
|
```bash
|
|
cd /etc/nginx/conf.d/
|
|
sudo vi myKeys.conf
|
|
```
|
|
|
|
define valid keys:
|
|
|
|
```nginx
|
|
# validating the header "Authorization"
|
|
map $http_authorization $api_client_name {
|
|
default ""; # no key matches
|
|
"key_aaaaaa" "client_a";
|
|
"key_bbbbbb" "client_b";
|
|
}
|
|
```
|
|
|
|
and perform validation within Nginx site configuration:
|
|
|
|
```nginx
|
|
location /api/auth/names {
|
|
# if empty, no key was found
|
|
if ($api_client_name = "") {
|
|
return 401 '{"error": "Ungültiger oder fehlender API-Key"}';
|
|
}
|
|
|
|
# Optional: forward user to backend (using header: X-Matched-Client)
|
|
proxy_set_header X-Auth-User $api_client_name;
|
|
|
|
proxy_pass http://127.0.0.1:5000/names;
|
|
}
|
|
```
|
|
|
|
Verify with Postman.
|
|
|
|
## Validation via Auth-Modul
|
|
|
|
integrate to webservice source code:
|
|
|
|
```python
|
|
from flask import Flask, jsonify, request, Response
|
|
|
|
API_KEYS = {
|
|
"key_cccccc": "User-C",
|
|
"key_dddddd": "User-D"
|
|
}
|
|
|
|
@app.route('/validate', methods=['GET'])
|
|
def validate():
|
|
api_key = request.headers.get('Authorization')
|
|
|
|
if not api_key:
|
|
return Response("Missing API Key", status=401)
|
|
|
|
client_name = API_KEYS.get(api_key)
|
|
|
|
if client_name:
|
|
res = Response("Valid", status=200)
|
|
res.headers['X-Auth-User'] = client_name
|
|
return res
|
|
|
|
return Response("Invalid API Key", status=401)
|
|
```
|
|
|
|
and add to nginx site configuration:
|
|
|
|
```nginx
|
|
location = /_auth_check {
|
|
internal; # nginx internal requests only
|
|
proxy_pass http://localhost:5000/validate; # Auth-Modul
|
|
|
|
# skip body
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
|
|
# pass key to auth-service
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
proxy_set_header Authorization $http_authorization;
|
|
}
|
|
|
|
location = /api/auth2/names {
|
|
# perform request towards Auth-Service
|
|
auth_request /_auth_check;
|
|
|
|
# in case of 200 OK Nginx continues
|
|
proxy_pass http://127.0.0.1:5000/names;
|
|
}
|
|
```
|
|
|
|
Verify with Postman. |