documentation:2.1:nodehandler

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:nodehandler [2019/08/31 09:30] (current)
Line 1: Line 1:
 +====== Node.js handler ======
  
 +Since version 2.0, a beta Node.js handler is available on [[https://github.com/LemonLDAPNG/node-lemonldap-ng-handler|GitHub]] and [[https://www.npmjs.com/package/lemonldap-ng-handler|NPMJS]].
 +
 +Up-to-date documentation is available on GitHub.
 +
 +===== Examples =====
 +
 +**Important things**:
 +  * Rules and headers must be written in javascript for these hosts //(example ''$uid eq "dwho"'' becomes ''$uid === "dwho"'')//
 +  * Multi-lines are not supported in lemonldap-ng.ini
 +  * Virtualhosts handled by node-lemonldap-ng-handler must be explicitly declared in your ''lemonldap-ng.ini'' file in ''[node-handler]'' section //(**NB**: section ''[handler]'' isn't used by node handler)//:
 +<code ini>
 +[node-handler]
 +
 +nodeVhosts = test.example.com, test2.example.com
 +</code>
 +
 +==== Use it as FastCGI server (application protection only) ====
 +
 +=== FastCGI server ===
 +
 +<file javascript server.js>
 +var handler = require('lemonldap-ng-handler');
 +
 +handler.init({
 +  configStorage: {
 +    "confFile": "/path/to/lemonldap-ng.ini"
 +  }
 +});
 +
 +handler.nginxServer({
 +  "mode": "fcgi",   // or "http", default: fcgi
 +  "port": 9090,     // default value
 +  "ip": 'localhost' // default value
 +});
 +</file>
 +
 +=== Nginx configuration ===
 +
 +<file nginx nginx.conf>
 +server {
 +  #...
 +  # Internal authentication request
 +  location = /lmauth {
 +    internal;
 +    include /etc/nginx/fastcgi_params;
 +    fastcgi_pass localhost:9090;
 +
 +    # Drop post datas
 +    fastcgi_pass_request_body  off;
 +    fastcgi_param CONTENT_LENGTH "";
 +
 +    # Keep original hostname
 +    fastcgi_param HOST $http_host;
 +
 +    # Keep original request (LLNG server will receive /lmauth)
 +    fastcgi_param X_ORIGINAL_URI  $request_uri;
 +  }
 +
 +  # Client requests
 +  location / {
 +    auth_request /lmauth;
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
 +    auth_request_set $lmlocation $upstream_http_location;
 +    error_page 401 $lmlocation;
 +    include conf/nginx-lua-headers.conf;
 +  }
 +}
 +</file>
 +
 +==== Use it to protect an express app ====
 +
 +<file javascript app.js>
 +// Variables
 +var express = require('express');
 +var app = express();
 +var handler = require('lemonldap-ng-handler');
 +
 +// initialize handler (optional args)
 +handler.init({
 +  configStorage: {
 +    "confFile":"test/lemonldap-ng.ini"
 +  }
 +});
 +
 +// and load it
 +app.use(handler.run);
 +
 +// Then simply use your express app
 +app.get('/', function(req, res) {
 +  return res.send('Hello ' + req.headers['Auth-User'] + ' !');
 +});
 +app.listen(3000, function() {
 +  return console.log('Example app listening on port 3000!');
 +});
 +</file>