堆栈内存溢出
  简体   繁体   English

如何允许特定服务器访问我的API?

[英]How to allow a specific server to access my API?

 原文  2015-07-29 05:54:24       node.js/ api/ server/ keystonejs

问题描述

I am writing an API using node.js,express and mongodb, which will be used in another server. 我正在使用node.js,express和mongodb编写API,它将在另一台服务器中使用。 I just want only that server (or some more in the future) to be able to access my API. 我只想要那个服务器(或将来的某个服务器)能够访问我的API。 How can I do that? 我怎样才能做到这一点?

2 个解决方案

解决方案1
 2  2015-07-29 07:26:45

If you only want to restrict based on the IP of the other server, then you can define an express middleware that checks each incoming request and if the IP is not the correct one, return an error. 如果您只想基于其他服务器的IP进行限制,那么您可以定义一个快速中间件来检查每个传入请求,如果IP不正确,则返回错误。

An example of that might look like this: 一个例子可能如下所示: 

var app = express();
app.use(function (req, res, next) {
  if (req.ip !== '1.2.3.4') { // Wrong IP address
    res.status(401);
    return res.send('Permission denied');
  }
  next(); // correct IP address, continue middleware chain
});

If your API is behind one or more proxies (or load-balancers), you should probably enable the 'trust proxy' option ( http://expressjs.com/guide/behind-proxies.html ). 如果您的API位于一个或多个代理(或负载均衡器)后面,则应该启用“信任代理”选项( http://expressjs.com/guide/behind-proxies.html )。

This middleware will restrict access to your API based on the IP address of the incoming request, as you requested. 根据您的请求,此中间件将根据传入请求的IP地址限制对API的访问。

However, this is rather brittle, because what happens if you move your server? 但是,这是相当脆弱的,因为如果移动服务器会发生什么? You now need to update your API application to accept a different IP address. 您现在需要更新API应用程序以接受其他IP地址。

I would strongly encourage you to utilize some form of authentication (pre-shared key) for your API instead of IP-based filtering. 我强烈建议您为API而不是基于IP的过滤使用某种形式的身份验证(预共享密钥)。 You can use Passport with Express to add a variety of authentication schemes for your API. 您可以使用Passport with Express为您的API添加各种身份验证方案。

Finally, in either case, if you really care about the security of your API, you should probably ensure your API is protected with TLS/SSL encryption. 最后,在任何一种情况下,如果您真的关心API的安全性,您应该确保您的API受TLS / SSL加密保护。

解决方案2
 1  2015-07-29 07:21:10

Add a middleware before your handler and validate the req.ip . 在处理程序之前添加中间件并验证req.ip
You can use option to initialize the middleware so the IP lists are configurable. 您可以使用选项初始化中间件,以便IP列表可配置。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 允许远程服务器访问本地主机上的API服务器 - Allow remote server to access API server on localhost 如何在我的应用程序中为特定路径禁用NodeJS Express,并允许其中之一访问特定的正则表达式? - How can I disable NodeJS Express for specific paths in my app and allow access to a specific regex in one of them? 如何允许其他客户端(不在我的 LAN 中)访问我的 web 套接字服务器? - How would I allow other clients (Not in my LAN) to access my web socket server? 如何在同一台服务器上运行 node 和 apache 以允许用户通过 https 访问 api? - How can I run node and apache on the same server to allow the user to access api through https? Node.js - 如何在我的本地计算机上设置服务器并允许某人访问它(用于测试) - Node.js - How to set up a server on my local machine and allow someone to access it(for testing) 仅允许有效的 firebase 用户访问我的 Nodejs API - Allow only valid firebase user to access my Nodejs API Node JS:只允许服务器端调用我的 api - Node JS : Allow only server side calls to my api 特定端点:带有节点的React / Redux App中对API请求的访问被拒绝(无Access-Control-Allow-Origin标头) - Specific Endpoint: Access Denied (no Access-Control-Allow-Origin header) on API Request in React/Redux App with Node 如何将url参数从Nginx转发到服务器的API,以便允许/禁止用户查看某些文件? - How to forward url parameters from Nginx to my server's API so I can allow/disallow users to view certain files? 如何仅允许从某些IP地址访问API - How to only allow access to API from certain ip address
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM