101 lines
3.4 KiB
Markdown
101 lines
3.4 KiB
Markdown
|
# facematch
|
|||
|
|
|
|||
|
|
Node.js/Express micro-app for the **Ricerca Facciale** feature on [regalamiunsorriso.it](https://www.regalamiunsorriso.it).
|
|||
|
|
|
|||
|
|
It shares authentication with the main Java/Tomcat app by forwarding the browser's `JSESSIONID` cookie to a lightweight JSP validation endpoint (`/admin/pg/checkSession.jsp`).
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## How authentication works
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
Browser Nginx Node app (this) Tomcat (Java app)
|
|||
|
|
│ │ │ │
|
|||
|
|
│── GET /face_match ──────►│ │ │
|
|||
|
|
│ Cookie: JSESSIONID=X │── proxy_pass ──────────►│ │
|
|||
|
|
│ │ │── GET /admin/pg/ │
|
|||
|
|
│ │ │ checkSession.jsp ──►│
|
|||
|
|
│ │ │ Cookie: JSESSIONID=X│
|
|||
|
|
│ │ │◄── 200 {userId:42} ───│
|
|||
|
|
│◄── 200 face-match page ─┤◄────────────────────────│ │
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
- The Java app stores sessions server-side; the browser carries only the `JSESSIONID` cookie.
|
|||
|
|
- Because both apps are under the same public domain, the browser sends `JSESSIONID` to the Node app too.
|
|||
|
|
- The Node app validates the cookie via a back-channel HTTP call (Tomcat ↔ Node, same host, loopback).
|
|||
|
|
- If the session is invalid/absent, the user is redirected to the main app login page.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Project structure
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
facematch/
|
|||
|
|
├── server.js – Express entry point
|
|||
|
|
├── views/
|
|||
|
|
│ └── index.ejs – Protected face-match page
|
|||
|
|
├── .env.example – Environment variable template
|
|||
|
|
├── package.json
|
|||
|
|
└── README.md
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
The complementary JSP file lives in the main app:
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
admin/pg/checkSession.jsp – Returns {"authenticated":true,"userId":N} or 401
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Setup
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
cd facematch
|
|||
|
|
npm install
|
|||
|
|
cp .env.example .env
|
|||
|
|
# edit .env as needed
|
|||
|
|
npm start
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Environment variables
|
|||
|
|
|
|||
|
|
| Variable | Default | Description |
|
|||
|
|
|---|---|---|
|
|||
|
|
| `PORT` | `3001` | Port this app listens on |
|
|||
|
|
| `PUBLIC_BASE` | `/face_match` | URL prefix in the reverse proxy |
|
|||
|
|
| `JAVA_APP_INTERNAL_URL` | `http://localhost:8080` | Internal URL of the Tomcat app |
|
|||
|
|
| `LOGIN_URL` | `https://www.regalamiunsorriso.it/admin/menu/Menu4.abl` | Login redirect target |
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Nginx configuration snippet
|
|||
|
|
|
|||
|
|
Add inside your existing `server {}` block:
|
|||
|
|
|
|||
|
|
```nginx
|
|||
|
|
# Node facematch app
|
|||
|
|
location /face_match {
|
|||
|
|
proxy_pass http://127.0.0.1:3001;
|
|||
|
|
proxy_http_version 1.1;
|
|||
|
|
proxy_set_header Upgrade $http_upgrade;
|
|||
|
|
proxy_set_header Connection 'upgrade';
|
|||
|
|
proxy_set_header Host $host;
|
|||
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|||
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|||
|
|
proxy_cache_bypass $http_upgrade;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# Protect the session validation endpoint – block external access
|
|||
|
|
location = /admin/pg/checkSession.jsp {
|
|||
|
|
allow 127.0.0.1;
|
|||
|
|
deny all;
|
|||
|
|
# continue to Tomcat proxy as normal
|
|||
|
|
proxy_pass http://127.0.0.1:8080;
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
> **Important**: the `deny all` rule for `checkSession.jsp` ensures only the Node app
|
|||
|
|
> (running on the same host) can call the session validation endpoint.
|