我有一个Node.js后端,用于ArangoDB Web界面的身份验证和反向代理。我一生都无法弄清楚为什么我无法使用我的外部 URL 登录 Web 界面。
我已经搜索了高低(谷歌,堆栈溢出,arangodb git问题线程,arangodb应用程序代码等),无法弄清楚。我不依赖于我在下面使用的节点-http-proxy 模块。如果有人在节点内以另一种方式执行此操作。
我已经看到了使用 nginx 等的示例,但我真的试图将所有内容都保留在节点后端下,以便能够将代理访问保留在我的站点身份验证后面,这样我就不会将 Web 界面暴露给随机访问。
我希望已经清除了这个障碍的人可以提供帮助。
问题: _open/身份验证请求永远不会得到响应。我仍然可以从服务器访问 http://localhost:8529 并正常登录。
期望的结果: 从 http://example.com:8080/_db/_system/_admin/aardvark/index.html#login 访问 Web 界面并成功登录。
[Chrome 标头网络详细信息]:
Request URL: http://example.com:8080/_db/_system/_open/auth
Referrer Policy: no-referrer-when-downgrade
Request Headers:
Provisional headers are shown
Accept: application/json, text/javascript, */*; q=0.01
Authorization: bearer null
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://example.com:8080
Referer: http://example.com:8080/_db/_system/_admin/aardvark/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
X-Requested-With: XMLHttpRequest
Form Data:
{"username":"username","password":"password"}:
有趣的是:http://127.0.0.1:8080/_db/_system/_admin/aardvark/foxxes/fishbowl 总是出现 401 错误(即使在本地主机地址和端口上的服务器上,也认为这是 aardvark 的错误.js)
请参阅下面的配置文件。
[路线.js]:
// =====================================
// ArangoDB Web interface ============
// =====================================
var httpProxy = require('http-proxy');
var proxy = httpProxy.createProxyServer({followRedirects: true});
// set headers location overwrite per arangodb documentation
proxy.on('proxyReq', function(proxyReq, req, res, options) {
proxyReq.setHeader('X-Script-Name', 'http://example.com:8080');
});
proxy.on('error', function(e) {
console.log(e);
});
app.all('*/_db/*', function(req, res) {
proxy.web(req, res, {target: 'http://localhost:8529'});
});
[/etc/arangodb3/arangod.conf]:
[frontend]
proxy-request-check=false
version-check=false
[http]
trusted-origin=all
allow-method-override=true
注意:我也尝试过"受信任的来源=*"(不确定哪一个是正确的)
已解决
希望这对其他人有所帮助!!
我完全错过了您必须手动将帖子数据从表单转发到代理的事实(认为它会自动执行此操作)。另外,当您获取帖子正文并在值末尾附加:"时,node/arango做了一些奇怪的事情。因此,您必须手动将其删除。
// =====================================
// ArangoDB query interface Route ========
// =====================================
// Add the following to the arangodb config file /etc/arangodb3/arangodb.conf
// [frontend]
// proxy-request-check = false
// [http]
// trusted-origin = *
// trusted-origin = all
// Create the proxy
var httpProxy = require('http-proxy');
var proxy = httpProxy.createProxyServer();
// Catch requests, massage the login form json, and pass along to the proxied server
proxy.on('proxyReq', function(proxyReq, req, res, options) {
var bodyData;
var contentType = proxyReq.getHeader('Content-Type');
if (!req.body || !Object.keys(req.body).length) {
return;
};
if (contentType == 'application/json; charset=UTF-8' || contentType == 'application/json') {
bodyData = JSON.stringify(req.body);
};
if (contentType == 'application/x-www-form-urlencoded; charset=UTF-8' || contentType == 'application/x-www-form-urlencoded') {
bodyData = queryString.stringify(req.body);
};
// handle formatting issue with arangodb web form where it appends a :"" to the end of the credentials (i.e. {"username","root","password","password"}:"")
if (bodyData) {
if (req.url.substr(-23) == '/_db/_system/_open/auth') {
proxyReq.write(String(Object.keys(req.body)[0]))
} else {
proxyReq.write(bodyData);
proxyReq.end();
};
};
});
proxy.on('error', function(e) {
console.log(e);
});
// note I have two functions to ensure that a user is logged in and has a specific role before they can login to the database. Insert authentication functions / middleware before the function(req, res) below
app.all('*/_db/*', function(req, res) { //, isLoggedIn, inRole('admin')
proxy.web(req, res, {target: 'http://127.0.0.1:8529'});
});