mirror of
https://github.com/bpetschowitsch/weba.git
synced 2026-06-01 16:39:42 +00:00
bpetschowitsch
2.1 KiB
2.1 KiB
API-Key
Validation using Nginx only
A very simple example to validate api keys directly via Nginx
cd /etc/nginx/conf.d/
sudo vi myKeys.conf
define valid keys:
# validating the header "Authorization"
map $http_authorization $api_client_name {
default ""; # no key matches
"key_aaaaaa" "client_a";
"key_bbbbbb" "client_b";
}
and perform validation within Nginx site configuration:
location /api/auth/names {
# if empty, no key was found
if ($api_client_name = "") {
return 401 '{"error": "Ungültiger oder fehlender API-Key"}';
}
# Optional: forward user to backend (using header: X-Matched-Client)
proxy_set_header X-Auth-User $api_client_name;
proxy_pass http://127.0.0.1:5000/names;
}
Verify with Postman.
Validation via Auth-Modul
integrate to webservice source code:
from flask import Flask, jsonify, request, Response
API_KEYS = {
"key_cccccc": "User-C",
"key_dddddd": "User-D"
}
@app.route('/validate', methods=['GET'])
def validate():
api_key = request.headers.get('Authorization')
if not api_key:
return Response("Missing API Key", status=401)
client_name = API_KEYS.get(api_key)
if client_name:
res = Response("Valid", status=200)
res.headers['X-Auth-User'] = client_name
return res
return Response("Invalid API Key", status=401)
and add to nginx site configuration:
location = /_auth_check {
internal; # nginx internal requests only
proxy_pass http://localhost:5000/validate; # Auth-Modul
# skip body
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# pass key to auth-service
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Authorization $http_authorization;
}
location = /api/auth2/names {
# perform request towards Auth-Service
auth_request /_auth_check;
# in case of 200 OK Nginx continues
proxy_pass http://127.0.0.1:5000/names;
}
Verify with Postman.