PR Feature/ new /verify-request for nginx #140
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- without needing app_identifier
+ tests for new endpoint /verify-request
alexandru-m-g
requested review from
danmihaila,
IanHopkinson,
ccataalin and
teodorescuserban
IanHopkinson
approved these changes
Jun 6, 2024
There was a problem hiding this comment.
Thanks for the explanation in the PR opening - that was really useful for this one.
Technically I don't have much to contribute on this, my only question was whether the new verify-request endpoint would appear in the docs UI - my reading is that it doesn't because of the include_in_schema=False entries
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is based on @teodorescuserban's idea. The problem that we're trying to solve is related to the nginx cache. When nginx was serving a request from the cache, the
app_identifierwas no longer checked because the request was not reaching HAPI.Before responding to a request from cache, nginx will now first check with HAPI that the
app_identifierprovided in the request is correct.This happens by nginx sending a request to
/api/util/verify-request. The endpoint doesn't really do anything, but if it gets to return HTTP code 200 with an empty body then nginx knows it's allowed to serve the request from the cache.The request will have the same HTTP headers as the original request received by nginx + it will contain an additional header
X-Original-URIthat will contain the URL of the original request.With the added complexity, I had to refactor the app identifier middleware to be a bit more readable