maddo/Regalamiunsorriso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
Regalamiunsorriso/rus/facematch/README.md
MaddoScientisto 4d332ef662 first commit
2026-03-14 20:04:39 +01:00

101 lines
3.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# facematch
Node.js/Express micro-app for the **Ricerca Facciale** feature on [regalamiunsorriso.it](https://www.regalamiunsorriso.it).
It shares authentication with the main Java/Tomcat app by forwarding the browser's `JSESSIONID` cookie to a lightweight JSP validation endpoint (`/admin/pg/checkSession.jsp`).
---
## How authentication works
```
Browser Nginx Node app (this) Tomcat (Java app)
│ │ │ │
│── GET /face_match ──────►│ │ │
│ Cookie: JSESSIONID=X │── proxy_pass ──────────►│ │
│ │ │── GET /admin/pg/ │
│ │ │ checkSession.jsp ──►│
│ │ │ Cookie: JSESSIONID=X│
│ │ │◄── 200 {userId:42} ───│
│◄── 200 face-match page ─┤◄────────────────────────│ │
```
- The Java app stores sessions server-side; the browser carries only the `JSESSIONID` cookie.
- Because both apps are under the same public domain, the browser sends `JSESSIONID` to the Node app too.
- The Node app validates the cookie via a back-channel HTTP call (Tomcat ↔ Node, same host, loopback).
- If the session is invalid/absent, the user is redirected to the main app login page.
---
## Project structure
```
facematch/
├── server.js Express entry point
├── views/
│ └── index.ejs Protected face-match page
├── .env.example Environment variable template
├── package.json
└── README.md
```
The complementary JSP file lives in the main app:
```
admin/pg/checkSession.jsp Returns {"authenticated":true,"userId":N} or 401
```
---
## Setup
```bash
cd facematch
npm install
cp .env.example .env
# edit .env as needed
npm start
```
---
## Environment variables
| Variable | Default | Description |
|---|---|---|
| `PORT` | `3001` | Port this app listens on |
| `PUBLIC_BASE` | `/face_match` | URL prefix in the reverse proxy |
| `JAVA_APP_INTERNAL_URL` | `http://localhost:8080` | Internal URL of the Tomcat app |
| `LOGIN_URL` | `https://www.regalamiunsorriso.it/admin/menu/Menu4.abl` | Login redirect target |
---
## Nginx configuration snippet
Add inside your existing `server {}` block:
```nginx
# Node facematch app
location /face_match {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Protect the session validation endpoint block external access
location = /admin/pg/checkSession.jsp {
allow 127.0.0.1;
deny all;
# continue to Tomcat proxy as normal
proxy_pass http://127.0.0.1:8080;
}
```
> **Important**: the `deny all` rule for `checkSession.jsp` ensures only the Node app
> (running on the same host) can call the session validation endpoint.
Reference in a new issue View git blame Copy permalink