From 180986cde0d6022e07d71b073e3045d42a5f8762 Mon Sep 17 00:00:00 2001
From: Miguel Salerno <mans17@inf.ufpr.br>
Date: Mon, 14 Mar 2022 11:34:38 -0300
Subject: [PATCH] update caqvix nginx file

---
 nginx/caqvix | 74 +++++++++++++++++++++++++++++++++-------------------
 1 file changed, 47 insertions(+), 27 deletions(-)

diff --git a/nginx/caqvix b/nginx/caqvix
index f4a514a..892a4fa 100644
--- a/nginx/caqvix
+++ b/nginx/caqvix
@@ -1,40 +1,60 @@
 upstream caqvix {
-	  server localhost:5070 fail_timeout=0;
+        server localhost:5070 fail_timeout=0;
 }
 
 upstream api_server {
-    server localhost:3003 fail_timeout=0;
+        server localhost:3003 fail_timeout=0;
+}
+
+upstream autentica {
+        server localhost:5500 fail_timeout=0;
 }
 
 server {
-    listen 80;
-    server_name caqvix.c3sl.ufpr.br www.caqvix.c3sl.ufpr.br;
-    return 301 https://caqvix.c3sl.ufpr.br$request_uri;
+        listen 80;
+        server_name caqvix.c3sl.ufpr.br www.caqvix.c3sl.ufpr.br;
+        return 301 https://caqvix.c3sl.ufpr.br$request_uri;
 }
 
 server {
-    listen 443 ssl;
-    server_name caqvix.c3sl.ufpr.br www.caqvix.c3sl.ufpr.br;
-    ssl_certificate /etc/ssl/certs/c3sl.pem;
-    ssl_certificate_key /etc/ssl/private/c3sl.pem;
+        listen 443 ssl;
+        server_name caqvix.c3sl.ufpr.br www.caqvix.c3sl.ufpr.br;
+        ssl_certificate /etc/ssl/certs/c3sl.pem;
+        ssl_certificate_key /etc/ssl/private/c3sl.pem;
 
-    location / {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_cache_bypass $http_upgrade;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_pass http://caqvix/;
-    }
+ 
+        location /autentica {
+            if ($cookie_CAQVIX = "substituaasenhaaqui") {
+                rewrite ^/autentica$ http://caqvix.c3sl.ufpr.br/ redirect;
+            }
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_cache_bypass $http_upgrade;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_pass http://autentica/;
+        }
+        location / {
+            if ($cookie_CAQVIX != "substituaasenhaaqui") {
+                rewrite ^/$ http://caqvix.c3sl.ufpr.br/autentica redirect;
+		        return 401 "Access denied because token is expired or invalid";
+            }
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_cache_bypass $http_upgrade;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_pass http://caqvix/;
+        }
 
-    location /api/ {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        # proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_pass http://api_server;
-        proxy_read_timeout 600s;
-    }
+        location /api/ {
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                # proxy_set_header Host $host;
+                proxy_cache_bypass $http_upgrade;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_pass http://api_server;
+                proxy_read_timeout 600s;
+        }
 }
-- 
GitLab