PR Feature/ new /verify-request for nginx #140
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is based on @teodorescuserban's idea. The problem that we're trying to solve is related to the nginx cache. When nginx was serving a request from the cache, the
app_identifier
was no longer checked because the request was not reaching HAPI.Before responding to a request from cache, nginx will now first check with HAPI that the
app_identifier
provided in the request is correct.This happens by nginx sending a request to
/api/util/verify-request
. The endpoint doesn't really do anything, but if it gets to return HTTP code 200 with an empty body then nginx knows it's allowed to serve the request from the cache.The request will have the same HTTP headers as the original request received by nginx + it will contain an additional header
X-Original-URI
that will contain the URL of the original request.With the added complexity, I had to refactor the app identifier middleware to be a bit more readable