This is spoken in the context of a guide on express.js. Here is the quote:
Static middleware enables pass-through requests for static assets.
Googling doesn't yield a definition like I thought it would.
I think "pass-through" in this context means that static files on disk "pass through" express without any processing or modification and are sent directly to the browser, in contrast to dynamic requests which involve generating new and dynamic HTML in response to a browser request (using templates and databases, perhaps).
For example, we have this code at http://example.org
app.use(express.static(__dirname + '/public'));
app.get('*',function(req, res){
res.send('Hello');
});
For example, we open by browser the url http://example.org/somefile.txt
if there is file of somefile.txt in folder of public/ , it is returned, but if the file doesn't exists, the request is passed to other controllers, in this case to app.get('*',...)
So, the client recieves the response with Hello
Related
I'm running an LWIP http webserver on an STM32F4 discovery board. It displays a webpage when its IP address is entered on a web broswer. I need to send a string back to the webpage when the LWIP CGI handler is called. The javascript code in the html page is expecting this. how do I do that? The only thing I can send to the web page is a URL to another local html page.
here is the setup:
the project was created using the STM32 cubeIDE. Its using the LWIP stack with FreeRTOS. This web page sends a CGI command to the stm32 board using the http GET method. Then LWIP CGI handler is automatically called and executes. I can retrieve the data sent by the webpage.
This is the what the CGI handler looks like:
const char *my_cgi_handler(int iIndex, int iNumParams, char *pcParam[],
char *pcValue[])
{
//do some stuff with retrieved data
// return a filename
return "/index.html";
}
here is a simple LWIP CGI example code
This handler does not give the socket descriptor so that I can directly send data to the web page. Also The LWIP documentation says I should not write directly to the web page.
The simple CGI support offered here works with GET method requests
only and can handle up to 16 parameters encoded into the URI. The
handler function may not write directly to the HTTP output but must
return a filename that the HTTP server will send to the browser as a
response to the incoming CGI request.
How will I solve this problem without editing the HTML page?
You can use lwIP SSI (Server-Side Includes) for this. See documentation on configuration #define switches. The HTTP server documentation has some information on SSI, and there's also some SSI example code.
Basically,
#define LWIP_HTTPD_SSI in your configuration header
add a file to the lwIP HTTP server which only contains /*#TagName*/
register a callback with http_set_ssi_handler. This callback will be called when a http client requests the new file. The callback will receive information about the tag and you can write an arbitrary answer to a supplied buffer. By default, the response is limited to LWIP_HTTPD_MAX_TAG_INSERT_LEN bytes. If that's not sufficient, you can #define LWIP_HTTPD_SSI_MULTIPART to make longer responses.
I am trying to intercept each and every request using python CGI handler to particular path in Apache 2.4 server and modify the original as required. (This is to validate JWT token stored in cookie)
I am referring the below documentation (http://httpd.apache.org/docs/2.2/handler.html)
Modifying static content using a CGI script The following directives
will cause requests for files with the html extension to trigger the
launch of the footer.pl CGI script.
Action add-footer /cgi-bin/footer.pl
AddHandler add-footer .html
Then the CGI script is responsible for sending the originally
requested document (pointed to by the PATH_TRANSLATED environment
variable) and making whatever modifications or additions are desired.
I am able to reach the handler and validate the JWT token in it.
But, the issue is I don't find a way to sent the original document when the token is valid.
You really should not be using a handler for this task. If you must write your extension in an interpreted language, look at a RewriteMap prg: extension point. Otheriwse, you can write code in a hook meant for access control.
But in the example you show, the injected handler would only work for a static file request. It's just going to something akin to cat'ing the file passes as an argument then writing its own trailing data.
I'm extremely new to Lua as well as nginx.we're trying to set up authentication.
I'm trying to write a script that could be injected in my NGINX which would actually listen to a an endpoint.
My api would give give me a token. I would receive this token and check if it exists in my YAML file or probably JSON file .
based on the privilege mentioned in the file, I would like to redirect it the respective url with necessary permissions.
Any help would be highly appreciated.
First of all, nginx on its own has no Lua integration whatsoever; so if you just have an nginx server, you can't script it in Lua at all.
What you probably mean is openresty, aka. the lua-nginx-module, which lets you run Lua code in nginx to handle requests programatically.
Assuming that you have a working nginx + lua-nginx-module installed and running, what you're looking for is the rewrite_by_lua directive, which lets you redirect the client to a different address based on their request.
(Realistically, you'd likely want to use rewrite_by_lua_block or rewrite_by_lua_file instead)
Within the Lua block, you can make API calls, execute some logic, etc. and then redirect to some URI internally with ngx.exec or send an actual redirect to the client with ngx.redirect.
If you want to read in a JSON or YAML file, you should do so in the init_by_lua so the file gets loaded only once and then stays in memory. The lua-cjson module comes with nginx, so you can just use that to parse your json data into a Lua table.
I want to host two version of my ASP Core website on the same VPS, one for each supplied environement (Staging and Test). I would like both web sites to be accessible from a subfolder of the same URL:
http://www.mywebsite/Staging
http://www.mywebsite/Test
After reading a lot I found the following Github issue: https://github.com/aspnet/Hosting/issues/815
This tip works but for AJAX calls it crashes: Indeed, the JavaScript calls are not aware of this new path (BUG?). All requests are sent to the root base path (ignoring /Staging or /Test).
I partially solved it usig a middleware that redirects my AJAX calls to the correct path. It works for GET requests but it obviously fails for POST request that have a body.
Note that if we don't redirect, and just change the original PathBase request in the middleware, if the API call needs any authentication schema, it will throws a 401 error: The original PathBase is the root / where the response has a different path base, i.e. /Staging, then the cookie in the header prevents from this cross path base request/response.
Could someone tell me what is the recomanded practice to achieve my needs?
Startup.cs
public void Configure(IApplicationBuilder app, IHostingEnvironment env
{
app.UsePathBase($"/{env.EnvironmentName}");
...
}
My Middleware :
public async Task Invoke(HttpContext context)
{
if (context.Request.Headers[RequestedWithHeader] == XmlHttpRequest)
{
if (string.IsNullOrEmpty(context.Request.PathBase))
{
if (context.Request.Method == HttpMethod.Post.Method)
{
// Do what ?
}
else
{
//Get request : set environement name + original path + original query string
context.Response.Redirect(context.Request.Path.ToString().Insert(0, "/" + _env.EnvironmentName) + context.Request.QueryString);
return;
}
}
}
}
Of course, your client-side code will not be able to automatically change its code based on the path base that is active for the current request. JavaScript code is (usually) static content, so unless you actually rewrite the code dynamically, it cannot update URLs that are embedded inside.
You could determine the base path from the current request’s URL but that is a rather fragile solution since you need to find a logic that will work regardless of where in the application you are. So doing so is not recommended.
The overall problem is that on the client-side, there is no concept of a path base (or even an environment). So you will have to transfer that knowledge from the server to the client. And just like the path base is set for the server-side code using the path base middleware, you will need some server-side code that will pass the path base to the client-side code.
What I personally do is just configure the root path to the API in the application layout. So my _Layout.cshtml contains the following line:
<body data-api="#Url.Content("~/api/")">
That way, I can then retrieve the root path to the API using document.body.dataset.api in JavaScript. My AJAX calls are then all made so they respect that value. That way, I can host the site at any path, and the AJAX calls will use the proper path too.
You could also just use "~" as the content path to just refer to the root of your application. And you could also expose this value in a JavaScript variable inside a <script> block instead, if you prefer that.
My project use htaccess files to restrict access to the server resources. The access is granted with an HTTP authentication.
I want to leave HTTP authentication and use a php-session-like login authentication to check access.
What I want to do could be simply done in a script like:
<?php
session_start()
if ( !isset($_SESSION['user']) ) {
header('location : /login.php');
exit;
}
//...also we could use url rewriting to redirect all urls pointing to static resource through
// a script that will deliver its content or redirect to the login form depending on
// identification status
Using php for dynamic pages is not a problem, but how to I grand access to Static resource using a session id passed with cookies in apache ?
I've seen questions related to cookie based redirection in apache, but none of them treat about identifying a user based on a sessionId passed by cookie.
For HTML content, keep your "static" content in PHP scripts whose only "dynamic" feature is that they contain a common header included for checking login/session.
For images, css, javascript, documents, anything else, this more extensive discussion will be of help.