[英]how can i check that a admin user is logged into django website or not into NGINX
I want to see that admin user is logged in or not into nginx.conf
file . 我想查看管理员用户是否已登录
nginx.conf
文件。
I need this for my specific requirement. 我需要这个来满足我的特定要求。 My Try :
我的尝试:
I tried to fetch COOKIES into nginx.conf file. but when admin is logged out so cookies are changed so i am not able figure out that if a admin is logged in or not.
As far as I know this is not possible. 据我所知这是不可能的。
Django uses encrypted cookies by default and stores all data in the session table in the DB (also encrypted). Django默认使用加密的cookie,并将所有数据存储在数据库的会话表中(也已加密)。 You could check if the user has a cookie set in nginx but you won't be able to verify if that cookie value actually means "Admin" or "random other cookie value".
您可以检查用户是否在nginx中设置了cookie,但是您将无法验证该cookie值实际上是“ Admin”还是“ random other cookie value”。
Also unless you're using custom nginx modules to check the contents of the cookie you run the risk of someone managing to trick nginx into thinking the user is an admin when that is not the case. 另外,除非您使用自定义的nginx模块检查cookie的内容,否则您将冒着诱使某人设法欺骗nginx认为用户是管理员的风险。
I'm not sure what the use case is here but you could try doing something with the django middleware or looking for third party plugins instead of using nginx. 我不确定这里的用例是什么,但是您可以尝试使用django中间件或寻找第三方插件来代替使用nginx。
If you want to limit file access to a specific file, eg admin-only images/javascript/data files or such you could try the HttpAccessKeyModule for Nginx and just generate a custom 'url' for your admin to access them. 如果要将文件访问限制为特定文件,例如仅管理员的图像/ javascript /数据文件,则可以尝试HttpAccessKeyModule for Nginx并为管理员生成一个自定义“ url”以访问它们。
You can also try looking into: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html and see about delegating the check to some part of Django which just returns Yes or No to nginx. 您还可以尝试查看以下内容: http : //nginx.org/zh-CN/docs/http/ngx_http_auth_request_module.html,并了解将检查委托给Django的某些部分,该部分仅对nginx返回Yes或No。
There might be another nginx plugin somewhere which you can add/enable for an admin user from within django. 某个地方可能还有另一个Nginx插件,您可以在Django中为管理员用户添加/启用该插件。 But this requires you to think the other way around.
但这需要您反过来思考。 With django telling nginx the user is an admin.
使用django告诉nginx的用户是管理员。 Instead of nginx finding it out itself.
而不是nginx自己发现它。
Hope this helps you in some way. 希望这对您有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.