Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Reverse Proxy login with credentials from node.js

Tags:

node.js

express

proxy

shiro

I currently have a server running Spring in a Tomcat servlet with Shiro Token system for checking if a user is logged in already. It allows cross-domain requests.

In any other domain I can on the client (generally using angular) call...

http.get('https://<my_check_login_service>', {withCredentials: true})

...and as long as I am already logged in (token doesn't expire) return the user info (name, avatar, etc.).

I have another system now that is a node server (also serving up angular for the client side) for which I would like to call the node server and have it proxy over to the above my_check_login_service to get the user, set info on the session object (using express), and then return the user to the client. But also, through the session object, allow me to trust their connection and allow them to perform further api calls depending on the security level of the user returned from the login service.

On the node.js router I can proxy doing this ...

app.get('/checklogin', function(req, res) {
    req.pipe(request.get("https://<my_check_login_service>").pipe(res);
}

...but I don't know how to pass the proper credentials to the service. If I do ...

http.get('checkLogin', {withCredentials: true})

...it, of course, doesn't work because the credentials for my login_service are not sent to the local server. How can I pass the correct credentials to make this work?

Cheers.

like image 669
crowmagnumb Avatar asked Sep 30 '16 22:09

crowmagnumb

1 Answers

Credentials are most likely in the HTTP headers, passing all headers (both from request and to response), with the address of original request, should make it work:

app.get('/checklogin', function(req, res) {
  console.dir(req.headers)
  //You can inspect the headers here and pass only required values
  const options = {
    url: 'https://<my_check_login_service>',
    headers: Object.assign(
      //Tell the login service about address of original request
      {'X-Forwarded-For': req.connection.remoteAddress}
      req.headers)
  }
  req.pipe(request.get(options))
  .on('response', (response) => res.set(response.headers))
  .pipe(res)
}

This example passes original address by setting X-Forwarded-For, login_service may recognize it ...or not, depending on the configuration.

like image 124
DarkKnight Avatar answered Sep 29 '22 02:09

DarkKnight
Sign in to Comment

Related questions

Loading Bootstrap in NW.js (node-webkit) app with pure npm build
How to Use Node.js net.Socket To Communicate with Postgresql Database Like One Would Using Terminal
Can function in module.exports access global variable in module?
Setting access token cookie in Loopback?
How can I suppress 301 redirects from the target with node-http-proxy?
Using a try catch around an object literal
Using relative path for templateUrl in Angular2+Webpack
Async/Await - Typescript and ExpressJs
Enable Cors in Gulp/BrowserSync
Detecting a video's codec in JavaScript
Express.js response status code with jsonp payload
Duplicating Node.js `assert` assertions in spec `expect` [closed]
How to order by included model property in LoopBack JS
Understanding Node.JS use async.waterfall how to execute external functions
ImageData byte length is not a multiple of 4 * width
RangeError: Invalid array buffer length - Meteor JS
How do I properly set routes up for a Single Page App using Express.js?
aws s3 putObject vs sync
Dynamic file path in require with webpack?
How to Access a Sql lite Variable From one Js to another Js in Cordova

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!