crowmagnumb crowmagnumb - 7 months ago 40
Node.js Question

Reverse Proxy login with credentials from node.js

I currently have a server running Spring in a Tomcat servlet with Shiro Token system for checking if a user is logged in already. It allows cross-domain requests.

In any other domain I can on the client (generally using angular) call...

http.get('https://<my_check_login_service>', {withCredentials: true})

...and as long as I am already logged in (token doesn't expire) return the user info (name, avatar, etc.).

I have another system now that is a node server (also serving up angular for the client side) for which I would like to call the node server and have it proxy over to the above my_check_login_service to get the user, set info on the session object (using express), and then return the user to the client. But also, through the session object, allow me to trust their connection and allow them to perform further api calls depending on the security level of the user returned from the login service.

On the node.js router I can proxy doing this ...

app.get('/checklogin', function(req, res) {

...but I don't know how to pass the proper credentials to the service. If I do ...

http.get('checkLogin', {withCredentials: true}), of course, doesn't work because the credentials for my login_service are not sent to the local server. How can I pass the correct credentials to make this work?



Credentials are most likely in the HTTP headers, passing all headers (both from request and to response) should make it work:

app.get('/checklogin', function(req, res) {
  //You can inspect the headers here and pass only required values
  const options = {
    url: 'https://<my_check_login_service>',
    headers: req.headers
  .on('response', (response) => res.set(response.headers))