Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding secret access token header checks for authorization

Browse Source 
without threescale

Signed-off-by: Shahbaz Nazir <shahbaz@bigchaindb.com>
This commit is contained in:
Shahbaz Nazir
2018-02-22 16:54:34 +01:00
parent cdec60a7c0
commit 9205837c8b
5 changed files with 233 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
k8s/nginx-https/container/nginx.conf.template
View File

@@ -100,27 +100,27 @@ http {
proxy_pass http://$bdb_backend:BIGCHAINDB_API_PORT;
}
# POST requests get forwarded to OpenResty instance. Enable CORS too.
if ($request_method = POST ) {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
proxy_pass http://$openresty_backend:OPENRESTY_BACKEND_PORT;
}
# OPTIONS requests handling for CORS.
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,app_key,app_id';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Secret-Access-Token,User-Agent';
add_header 'Access-Control-Max-Age' 43200;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
# Check for security header to authorize POST requests
if ( $http_x_secret_access_token != "SECRET_ACCESS_TOKEN" ) {
return 403;
}
# POST requests get forwarded to OpenResty instance. Enable CORS too.
if ($request_method = POST ) {}
proxy_pass http://$bdb_backend:BIGCHAINDB_API_PORT;
}
# Only return this reponse if request_method is neither POST|GET|OPTIONS
if ($request_method !~ ^(GET|OPTIONS|POST)$) {
return 444;