Hi I have two process
Django and MYSQL
node/express and mongo db.
1.
How can I configure this two process to point to different url
like. Django point to api.abc.com/v1 and node point to api.abc.com/v2 ?
2.
all my user login is inside Django and MYSQL with OAuth. I can authenticate user in Django.
But how can authenticate user in nodejs app with the token send by Django REST OAuth ?
Thanks.
You can do it in few ways but the most convenient method would be to use a reverse proxy like nginx.
Configuring the reverse proxy for your Node app and doing exactly the same for your Django app will let you easily have the routes that you require, on the same domain name and port number just in a different path.
Another option would be to proxy requests either from the Node app to the Django app or the other way around, but that would require changing your applications instead of just putting a proxy in front of them.
Here are some questions with onfo on how to configure reverse proxies for Node using nginx, Apache and even Microsoft IIS:
NGINX Reverse Proxy Causes 502 Errors On Some Pages
reverse proxy using ngix and ssl implementation on express failed
SSL With node / IIS
Adding chat through websocket, to an existing PHP web app
Where do I put my Node JS app so it is accessible via the main website?
How to run nodejs server over 443 ensuring nginx doesnt stop working
Configuring HTTPS for Express and Nginx
Scenario A
You create a url in django ^v2/.*$ and then make a request from django view to node.js process. this way django can handle user auth and permissions and node can be standalone and not know anything about user auth. If you need user data (id or something) you can inject it in the request as a header or a cookie.
Scenario B
You dig into django REST OAuth implementation, find where tokens are stored in db, and on each request you take the oauth token from the header/cookie and compare it to the one in DB. You would have to setup nginx as a reverse proxy and route all traffic that goes on url /v1/.*$ to django app, and all traffic that goes to /v2/.*/ to node app.
Either options are doable but I would suggest Scenario A. It's easier, quicker and far less error prone.
Related
I have a Nuxt.js app that is going into production with a domain. However the app is still under construction and nobody should see client-side delivered source code yet unless they have a specific access password.
.htaccess file is something that can be done for Apache servers but Nuxt.js is using a node backend server to deliver the client-side code right? So how can I configure that node server to prompt a login (classical html login alert prompt) before delivering any client-side code?
Apache is a webserver, that have some configuration files it can read and execute accordingly. Node on the other hand uses express - http(s) server written directly for speed (faster than apache) and not using such things.
You have 2 ways of doing that i can think of fast
Use some other server and proxy(reverseproxy) the connections and lock the access on it (like apache proxying to nodejs).
Or a bit harder but i think better in performance and logic
You will need to write some global middleware, that would require some cookie value (if present, next(), otherwise show/handle login)
I am setting up Keycloak on a Node.js Express frontend application.
I have included keycloak.protect() for my private route; this successfully redirects unauthenticated users to the login page.
After the user logs in or registers, it redirects back to the private root, but keycloak protect fails again and redirects you back to the auth server which then redirects you back to the private route and so on.
I have configured the keycloak auth server to use 'Standard Flow', 'Direct Access Grants'.
My natural assumption would be that because 302s wipe out the headers, the Auth header is not present when keycloak.protect is looking at the request but I have coded it as suggested in the documentation.
Is there a piece of config in the Keycloak auth server that governs the redirect back to the application?
This could have something to do with how you initialize your sessionStore
If you run behind a reverse proxy like NGINX (or its Kubernetes Ingress Controller equivalent) you might have success with telling your express app to trust the proxy in front. This would have something to do with SSL offloading and how express reacts to it.
app.enable('trust proxy');
Otherwise take a close look at the logs that keycloak-connect produces. They might be cryptic some time but they provide a good starting point in further debugging.
I setting up React app and Node js for api server, also I deployed it on Docker.
How to intercept React api requests with nginx, and send them to node js server, while the backend should not be accessible from the browser
Please, give some links or github repositories.
Can you specify what does backend should not be accessible from the browser? back end is not accessible from the browser, if you mean hide request uris there are no way to do it, only option is to encode uris and uglify code
I'm using express / node js for a simple server.
There's no need for secure https everywhere, but I do want to secure some upload form posts and responses that come back on that to phones.
So far I've setup a standard nodejs server on http with express.js.
I have an app.post('/upload'...)
I'm deployed on heroku, so I changed the app I'm testing to post the form data to https://myapp.herokuapp.com/upload
Is it now posting over https? And will the response be over https?
Or do I need to reconfigure the express server in some way to specifically handle that?
These uploads/responses are the only secure part, and non-visible to users (done by the phone app) - so there's no need to do full http ssl endpoint config for the whole domain/sub domain if the above piggyback solution is ok.
On Heroku, SSL is terminated at the routing layer and a X-Forwarded-Proto: https header is added to the request so your app can know that the request came in over SSL. In other words, from your app's perspective, the request is plain HTTP and doesn't need to do anything special, but you can always check for the X-Forwarded-Proto: https header if you want to make sure the request was made securely. If the request was made over SSL, the response will also be over SSL since it they are both part of the same connection.
I run an Express js page driven heavily by socket.io but I'm planning to setup an Nginx instance (proxy-ing the node js app) to develop the rest of the website.
If a user is authenticated in Nginx how do I pass the credentials to the express js app? Can I share a cookie, or a session? Also take into consideration storing data in Redis. What's the best way of handling this?
If you use cookies to remember authentication, they will be automatically passed to Node by Nginx along with the rest of the request, with the proxy_pass directive.
If you are talking about Basic Auth (user is not strictly speaking "authenticated to Nginx" but Nginx will not serve requests without the correct credentials, you can set up custom headers when you pass requests to Node with the proxy_set_header directive, to tell Node who is authenticated.