I try to check based on the request URI and OIDC roles in HTTP header if the user has access to a specific directory.
Currently I use statically defined
server {
location /tool/ {
location /tool/abc/ {
if ($http_x_auth_roles !~ '(^|,)MY_DEFINED_ROLE_FOR_abc(,|$)') {
return 403;
}
}
# and so on for every single tool
}
}
I tried to switch to a generic variant but the matching does not work:
map $request_uri $expected_role {
default 'DOES_NOT_MATCH';
'~^/tool/(.+)/' 'MY_DEFINED_ROLE_FOR_$1';
}
server {
location /tool/ {
if ($http_x_auth_roles !~ $expected_role) {
return 403;
}
}
}
I checked the content of $expected_role and it's showing exactly what I want, but it never matches. Is there some kind of work around to achieve what I want?
Related
Im having some problems deploying my REST api written in C++ on an EC2 instance.
specifically, in my code I do the following:
server.setEndpoint("http://ec2-18-135-114-10.eu-west-2.compute.amazonaws.com:6502");
Which calls the function (a wrapper for the cpprestsdk):
void BasicController::setEndpoint(const std::string & value) {
uri endpointURI(value);
uri_builder endpointBuilder;
endpointBuilder.set_scheme(endpointURI.scheme());
if (endpointURI.host() == "host_auto_ip4") {
endpointBuilder.set_host(NetworkUtils::hostIP4());
}
else if (endpointURI.host() == "host_auto_ip6") {
endpointBuilder.set_host(NetworkUtils::hostIP6());
}
endpointBuilder.set_port(endpointURI.port());
endpointBuilder.set_path(endpointURI.path());
listener = http_listener(endpointBuilder.to_uri());
}
However, I receive the exception `URI Must contain a host name'
Ok, so I try it again with an elastic public IPv4 address:
server.setEndpoint("http://18.135.114.10:6502/");
Again, I get the same error - no host name.
The only case I can get working is on local host, which looks like
server.setEndpoint("http://127.0.1.1:6502:6502/");
Note, this file shows how the exception arises from the cpprestsdk library https://github.com/microsoft/cpprestsdk/blob/master/Release/src/http/client/http_client.cpp
This is probably a very silly question, so I appreciate an kind person giving their help
Solution, change the function to:
void BasicController::setEndpoint(const std::string & value) {
uri endpointURI(value);
uri_builder endpointBuilder;
endpointBuilder.set_scheme(endpointURI.scheme());
if (endpointURI.host() == "host_auto_ip4") {
endpointBuilder.set_host(NetworkUtils::hostIP4());
}
else if (endpointURI.host() == "host_auto_ip6") {
endpointBuilder.set_host(NetworkUtils::hostIP6());
}
else {
endpointBuilder.set_host(endpointURI.host());
}
endpointBuilder.set_port(endpointURI.port());
endpointBuilder.set_path(endpointURI.path());
listener = http_listener(endpointBuilder.to_uri());
}
and use
server.setEndpoint("http://ec2-18-135-114-10.eu-west2.compute.amazonaws.com:6502/");
I have this action it its model file HandlQuestionTimeOut.model.bxb :
action (HandleQuestionTimeOut)
{
type(Calculation)
description (Handles Question Time Out.)
collect
{
input (message)
{
type (core.Text)
min (Required) max (One)
}
}
output (core.Text)
}
This in HandleQuestionTimeOut.js
var console = require("console");
module.exports.function = function handleQuestionTimeOut (message)
{
console.log("handleQuestionTimeOut -> message: " + message);
return message;
}
This in the quiz.endpoints.bxb inside the endpoints bracket:
action-endpoint (HandleQuestionTimeOut)
{
accepted-inputs (message)
local-endpoint (HandleQuestionTimeOut.js)
}
I am trying to call that action with refresh like this:
input-view
{
match: Answer(this)
{
to-input: UpdateQuiz(action)
}
refresh
{
if(true)
{
spec
{
delay-seconds (3)
with-request
{
intent
{
goal {HandleQuestionTimeOut}
value: core.Text(Timeout)
}
}
}
}
}
// code continues...
Can you please tell what am I doing wrong? I don't get that HandleQuestionTimeOut log in the console.
Can you clarify you questions?
Though I noticed something, based on my personal opinion:
1) correct module.exports.function -> module.export.function
2) In the refresh section I think you need to specify condition for 'true' or is it there for debugging purpose?
I've just verified that this issue is fixed in 20B SDK release.
Please refer the release notes for details about other changes.
I would like to extract the requirements data in capella using m2doc, requirements (SystemFunctionalRequirement) are located in a "RequirementsPkg" package in System analysis, thanks to the "m:RequirementsPkg.eContents().summary" command I managed to retrieve the summary of all requirements but I would like to retrieve the name and the summary of a specific requirement.
Can you help me ?
Thanks in advance
This mechanism is deprecated. You should use the requirement extension.
Starting from the root element, you can use something like:
{ m:system.ownedArchitectures->filter(la::LogicalArchitecture).ownedRequirementPkgs.ownedRequirements.name }
With the requirement extension the easiest way is to create a service:
public List<Requirement> getRequirements(ExtensibleElement element) {
List<Requirement> res = new ArrayList<>();
for (ElementExtension extension : element.getOwnedExtensions()) {
if (extension instanceof Requirement) {
res.add((Requirement) extension);
break;
} else if (extension instanceof CapellaOutgoingRelation) {
res.add(((CapellaOutgoingRelation) extension).getTarget());
}
}
return res;
}
and call it, for instance on a diagram:
{ m:for req | '[LAB] IFE System - All Components, CEs'.representationByName().eAllContents(viewpoint::DRepresentationElement).semanticElements->filter(emde::ExtensibleElement).getRequirements() }
{ m:req.ReqIFLongName }
{ m:endfor }
I am trying to block or redirect to 400 all the requests which does not contain certain strings or keyword in the uri. I am looking for a solution using nginx.
Specifically on "NOT containing strings". If it is not possible with ! (NOT) matching, is there any alternative.
I would recommend using a map:
map $uri $bad_request {
# start by assuming it's a bad request
default 1;
# if any of the following match, clear the $bad-request variable
~a-required-string 0;
~another-required-string 0;
# ...
}
location / {
if ($bad_request) {
return 400;
}
}
Well, you could try something like this:
location / {
if (condition_1) {
break;
}
if (condition_2) {
break;
}
...
if (condition_n) {
break;
}
return 400;
proxy_pass http://backend;
}
If any of condition_1, ... condition_n match, break keyword prevent return 400 and request goes to proxy_pass. If all conditions fail return 400 will make nginx to response 400 Bad Request error.
Conditions could be anything that if supports. E.g. if ($args_pass = 1) or if ($http_user_agent ~ MSIE), etc.
Fastcgi++ is a library for easing the implementation of fastcgi servers in C++. And here is the very simple use case that I want to do: to check for the existence of a file, and if doesn't exist, to generate some error message. Here is the code, look for the question signs.
struct the_fastcgi_server_t: Fastcgipp::Request<char>
{
bool response()
{
using namespace Fastcgipp;
Fastcgipp::Http::Environment<char> const &env =
this->environment();
// Can I resolve the file?
std::string target_js;
try {
target_js = path_processor( env.scriptName );
} catch ( file_not_found_exc_t const& e )
{
// TODO How do I set a standard 404 here???!!
return true;
}
out << "Content-Type: text/javascript; charset=utf-8\r\n\r\n";
// ... Here I fill the response.
return true;
}
};
Any ideas about how to set the response type?
The answer is basically as here:
https://web.archive.org/web/20160115021335/http://www.fastcgi.com/docs/faq.html#httpstatus
That is, use a fragment of code like this one
out << "Status: 404 Not found\r\n\r\n";
in the response method. It is not standard http, but FastCGI is just a wrapper over CGI, and that's how CGI does it.