Re: [nodejs] Proxy server with authentication

[José F. Romaniello]

If you need more than basic auth (user and pass in a header) you will
need also sessions, so rather than the http-proxy i will recommend you
using connect/express + passport, and to pipe the requests after
validating the user thru mikeal/request.

This is more than just a proxy. Imho there is no such thing as proxy
WITH authentication.

Do not use bodyparser middleware since it will read all the stream and
you will not be able to fully pipe the requests.

2013/2/14, jal...@algotree.com <jal...@algotree.com>:
> Hi,
>
>
> I have an elasticsearch database and an clients make ajax queries from the
> javascript files served by apache, What I am trying to build is a proxy
> server in nodejs which authenticates both the request to apache and ajax
> queries.
>
> I have built a proxy server using nodejitsy/node-http-proxy in front of
> apache and elasticsearch, How do i go about authentication as mentioned
> above.
>
> Thanks
>
> --
> --
> Job Board: http://jobs.nodejs.org/
> Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> You received this message because you are subscribed to the Google
> Groups "nodejs" group.
> To post to this group, send email to nod...@googlegroups.com
> To unsubscribe from this group, send email to
> nodejs+un...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/nodejs?hl=en?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups
> "nodejs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nodejs+un...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

--
Enviado desde mi dispositivo móvil

[Bradley Meck]

Any reason not to use http-proxy and passport without express?

[José F. Romaniello]

Ob sorry, i nver used passport other than as a connect middleware, and as I said he probabily needs some kind of sessions to store at least the user is logged in. So, i think connect will be easier. But if you know any other way please go ahead

i know also you could use connect and http proxy on the same instance of the http server

El jueves, 14 de febrero de 2013, Bradley Meck escribió:

Any reason not to use http-proxy and passport without express?

[greelgorke]

yes, passportjs is a good choice. the examples on passportjs.org use express routes, but the important parts are passport.authenticate calls. it's agnostic enough.

Am Freitag, 15. Februar 2013 01:02:26 UTC+1 schrieb José F. Romaniello:

Ob sorry, i nver used passport other than as a connect middleware, and as I said he probabily needs some kind of sessions to store at least the user is logged in. So, i think connect will be easier. But if you know any other way please go ahead

i know also you could use connect and http proxy on the same instance of the http server

El jueves, 14 de febrero de 2013, Bradley Meck escribió:

Any reason not to use http-proxy and passport without express?

--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to

nodejs+unsubscribe@googlegroups.com

For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

---
You received this message because you are subscribed to the Google Groups "nodejs" group.

To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.

[jal...@algotree.com]

Thanks,

This is the gist link to the simple proxy server code that i wrote using express and node-http-proxy

https://gist.github.com/jalaluddeen/4960691

what i wanna do is add authentication and session management to this so that only requests from authenticated users are passed to apache or elasticsearch.

[greelgorke]

in your gist: you dopn't need express here. look at examples here: http://passportjs.org/guide/authenticate/ you can just use passport.authenticate in your request handler after checking the methods

[José F. Romaniello]

@greelgorke and what do you suggest for session management as @jalalm suggest he wants to authenticate the user in one route and then have the information available in other routes?

2013/2/15 greelgorke <greel...@gmail.com>

nodejs+un...@googlegroups.com

For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
 
---
You received this message because you are subscribed to the Google Groups "nodejs" group.

To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.

[greelgorke]

passport handles sessions by default, so you have to disable them if you dont want sessions. see here http://passportjs.org/guide/configure/ how to handle sessions. you could throw in a memory db like memcached or redis, or just hold it in memory by yourself. for distributed proxy i'd suggest redis or even a rdbms.

[José F. Romaniello]

Sorry @greelgorke but I am not totally convinced but your advice to @jalalm, this is what connect is meant to do and there already a lot of middlewares implemented for this. In addition to implementing a session strategy on top of the http you will have also to handle cookies.

All these things are very small per-se but also connect is small and it is already done.

On the other hand every example you have shown from the documentation of Passport.js refers to its usage as a connect middleware. So, if you want to use in the http request handler, you have to do some tricks for the "next" argument.

With all this peaces of information I dont understand the argument about not using connect.

So, I am still sold to my first advice; use connect+passport+session (with some store like redis).. When you have this problem solved, you can pipe requests to other server either using mikeal/request pipe functionality as shown here:

https://github.com/mikeal/request#streaming

Or using the http-proxy in the same instance of http server.

2013/2/15 greelgorke <greel...@gmail.com>

[jal...@algotree.com]

Hi,

I used express here because i thought it will be easier to create login pages and like @Jose F Romaniello said it would be easier to handle sessions and cookies. I am actualy new to javascript ,nodejs and html, I used nginx proxy till now,(being a sys admin) but then this requirement came up and i thought about moving to node js.

[greelgorke]

now i understand the requirement. i consider a proxy-server as something transparent to the user. what you are talking about is a kind of a web-ui to your services. in this case you of course totally can use connect/express. it would be an overkill to use it for a transparent proxy. 

[Mike Rashkovsky]

I am trying to use express + connect + passport + http-proxy, and I believe I am encountering the problem that Jose wrote about: "Do not use bodyparser middleware since it will read all the stream and you will not be able to fully pipe the requests. "

Is there a way to cache the original request before it goes through all of the middleware, so that I can proxy it correctly? Alternatively, I can run the http-proxy on a different server without middleware, but it needs to be able to query the express / passport server with a connect.sid cookie to find out if that session is authenticated and what the user information is. 

Is that possible? Am I overlooking things? Are there other good solutions?