Y
Y
Yaroslav2021-11-27 12:17:50
Nginx
Yaroslav, 2021-11-27 12:17:50

How to make a fast web server for static but with authentication?

Or: How can an application share session data with a web server and have the web server use it for access control?

The application (written in something relatively slow like python) does the authentication (in some complicated way like OAuth2, OpenID Connect) and then the user has to get their files from the server. Naturally, it is impossible for user1 to get user2's files. Of course, the distribution of files can also be done through python, and there you can check who is requesting and whether he has the right to do so. But it's slow.

Is it possible to somehow delegate this to a fast web server (apache / nginx / other), somehow passing authentication data to it? Let the slow application do authentication (it is rarely done), and the web server itself quickly processes all requests from the authenticated client.

Maybe some modules for web servers support such functionality?

Task 1 (Easy)
The webserver will only serve a request GET /users/user1/myfile.txtif there are some valid cookies in the request that are either cryptographically signed or are listed as active somewhere in the database. The cookie is set by the application upon successful authentication. Accordingly, a simple GET request without authorization will not work.

Task 2 (more difficult)
The webserver also checks if the cookie matches the request. That is, for the request, it is /users/user1/myfile.txtnecessary that the cookie matches exactly user1, and not user2.

Task 3 (complicated)
The web server also chooses the path of the document depending on the authorized user. For example, GET /myfile.txt will send /users/<USERNAME>/myfile.txt, depending on the username.

If we make a simple Go webserver (which seems to be fast) - and make this functionality there - will we lose much in performance compared to nginx?

I think if you do this for GET, then it will be easy to do for PUT / DELETE? Then, with a flick of the wrist, the webserver turns into a file storage facility with authentication.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sergey Gornostaev, 2021-11-27
@sergey-gornostaev

Just set up oauth authorization on Nginx and that's it.

T
true, 2021-11-28
@RAFAILgaley

normal basic authentication?
and you can do without cookies

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question