maddo/Regalamiunsorriso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
Regalamiunsorriso/rus/facematch
History
MaddoScientisto 4d332ef662 first commit
2026-03-14 20:04:39 +01:00
..
views first commit 2026-03-14 20:04:39 +01:00
.env.example first commit 2026-03-14 20:04:39 +01:00
.gitignore first commit 2026-03-14 20:04:39 +01:00
package.json first commit 2026-03-14 20:04:39 +01:00
README.md first commit 2026-03-14 20:04:39 +01:00
server.js first commit 2026-03-14 20:04:39 +01:00

README.md

facematch

Node.js/Express micro-app for the Ricerca Facciale feature on regalamiunsorriso.it.

It shares authentication with the main Java/Tomcat app by forwarding the browser's JSESSIONID cookie to a lightweight JSP validation endpoint (/admin/pg/checkSession.jsp).

How authentication works

Browser                  Nginx                  Node app (this)        Tomcat (Java app)
  │                         │                         │                       │
  │── GET /face_match ──────►│                         │                       │
  │   Cookie: JSESSIONID=X  │── proxy_pass ──────────►│                       │
  │                         │                         │── GET /admin/pg/      │
  │                         │                         │   checkSession.jsp ──►│
  │                         │                         │   Cookie: JSESSIONID=X│
  │                         │                         │◄── 200 {userId:42} ───│
  │◄── 200 face-match page ─┤◄────────────────────────│                       │
  • The Java app stores sessions server-side; the browser carries only the JSESSIONID cookie.
  • Because both apps are under the same public domain, the browser sends JSESSIONID to the Node app too.
  • The Node app validates the cookie via a back-channel HTTP call (Tomcat ↔ Node, same host, loopback).
  • If the session is invalid/absent, the user is redirected to the main app login page.

Project structure

facematch/
├── server.js           Express entry point
├── views/
│   └── index.ejs       Protected face-match page
├── .env.example        Environment variable template
├── package.json
└── README.md

The complementary JSP file lives in the main app:

admin/pg/checkSession.jsp    Returns {"authenticated":true,"userId":N} or 401

Setup

cd facematch
npm install
cp .env.example .env
# edit .env as needed
npm start

Environment variables

Variable Default Description
PORT 3001 Port this app listens on
PUBLIC_BASE /face_match URL prefix in the reverse proxy
JAVA_APP_INTERNAL_URL http://localhost:8080 Internal URL of the Tomcat app
LOGIN_URL https://www.regalamiunsorriso.it/admin/menu/Menu4.abl Login redirect target

Nginx configuration snippet

Add inside your existing server {} block:

# Node facematch app
location /face_match {
    proxy_pass         http://127.0.0.1:3001;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection 'upgrade';
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_cache_bypass $http_upgrade;
}

# Protect the session validation endpoint  block external access
location = /admin/pg/checkSession.jsp {
    allow 127.0.0.1;
    deny  all;
    # continue to Tomcat proxy as normal
    proxy_pass http://127.0.0.1:8080;
}

Important: the deny all rule for checkSession.jsp ensures only the Node app (running on the same host) can call the session validation endpoint.