当前位置: 文江博客话题详情

使用 Flask 代理到另一个 Web 服务

发布于 2024-11-19 07:13:58 字数 205 浏览 4 评论 0原文

我想将对 Flask 应用程序发出的请求代理到计算机上本地运行的另一个 Web 服务。我宁愿使用 Flask 而不是更高级别的 nginx 实例,这样我们就可以重用应用程序中内置的现有身份验证系统。我们越能保持这种“单点登录”越好。

是否有现有的模块或其他代码可以执行此操作?尝试将 Flask 应用程序桥接到 httplib 或 urllib 之类的东西被证明是一件痛苦的事情。

原文

I want to proxy requests made to my Flask app to another web service running locally on the machine. I'd rather use Flask for this than our higher-level nginx instance so that we can reuse our existing authentication system built into our app. The more we can keep this "single sign on" the better.

Is there an existing module or other code to do this? Trying to bridge the Flask app through to something like httplib or urllib is proving to be a pain.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

放我走吧 2024-11-26 07:13:58

我花了很多时间研究同样的事情,并最终找到了一个使用 requests 库的解决方案,该解决方案似乎运行良好。它甚至可以在一个响应中设置多个 cookie,这需要一些调查才能弄清楚。这是 Flask 视图函数:

from dotenv import load_dotenv  # pip package python-dotenv
import os
#
from flask import request, Response
import requests  # pip package requests


load_dotenv()
API_HOST = os.environ.get('API_HOST'); assert API_HOST, 'Envvar API_HOST is required'

@api.route('/', defaults={'path': ''}, methods=["GET", "POST"])  # ref. https://medium.com/@zwork101/making-a-flask-proxy-server-online-in-10-lines-of-code-44b8721bca6
@api.route('/<path>', methods=["GET", "POST"])  # NOTE: better to specify which methods to be accepted. Otherwise, only GET will be accepted. Ref: https://flask.palletsprojects.com/en/3.0.x/quickstart/#http-methods
def redirect_to_API_HOST(path):  #NOTE var :path will be unused as all path we need will be read from :request ie from flask import request
    res = requests.request(  # ref. https://stackoverflow.com/a/36601467/248616
        method          = request.method,
        url             = request.url.replace(request.host_url, f'{API_HOST}/'),
        headers         = {k:v for k,v in request.headers if k.lower() != 'host'}, # exclude 'host' header
        data            = request.get_data(),
        cookies         = request.cookies,
        allow_redirects = False,
    )

    #region exlcude some keys in :res response
    excluded_headers = ['content-encoding', 'content-length', 'transfer-encoding', 'connection']  #NOTE we here exclude all "hop-by-hop headers" defined by RFC 2616 section 13.5.1 ref. https://www.rfc-editor.org/rfc/rfc2616#section-13.5.1
    headers          = [
        (k,v) for k,v in res.raw.headers.items()
        if k.lower() not in excluded_headers
    ]
    #endregion exlcude some keys in :res response

    response = Response(res.content, res.status_code, headers)
    return response

2021 年 4 月更新:excluded_headers 可能应该包含 RFC 2616 第 13.5.1 节

I spent a good deal of time working on this same thing and eventually found a solution using the requests library that seems to work well. It even handles setting multiple cookies in one response, which took a bit of investigation to figure out. Here's the flask view function:

from dotenv import load_dotenv  # pip package python-dotenv
import os
#
from flask import request, Response
import requests  # pip package requests


load_dotenv()
API_HOST = os.environ.get('API_HOST'); assert API_HOST, 'Envvar API_HOST is required'

@api.route('/', defaults={'path': ''}, methods=["GET", "POST"])  # ref. https://medium.com/@zwork101/making-a-flask-proxy-server-online-in-10-lines-of-code-44b8721bca6
@api.route('/<path>', methods=["GET", "POST"])  # NOTE: better to specify which methods to be accepted. Otherwise, only GET will be accepted. Ref: https://flask.palletsprojects.com/en/3.0.x/quickstart/#http-methods
def redirect_to_API_HOST(path):  #NOTE var :path will be unused as all path we need will be read from :request ie from flask import request
    res = requests.request(  # ref. https://stackoverflow.com/a/36601467/248616
        method          = request.method,
        url             = request.url.replace(request.host_url, f'{API_HOST}/'),
        headers         = {k:v for k,v in request.headers if k.lower() != 'host'}, # exclude 'host' header
        data            = request.get_data(),
        cookies         = request.cookies,
        allow_redirects = False,
    )

    #region exlcude some keys in :res response
    excluded_headers = ['content-encoding', 'content-length', 'transfer-encoding', 'connection']  #NOTE we here exclude all "hop-by-hop headers" defined by RFC 2616 section 13.5.1 ref. https://www.rfc-editor.org/rfc/rfc2616#section-13.5.1
    headers          = [
        (k,v) for k,v in res.raw.headers.items()
        if k.lower() not in excluded_headers
    ]
    #endregion exlcude some keys in :res response

    response = Response(res.content, res.status_code, headers)
    return response

Update April 2021: excluded_headers should probably include all "hop-by-hop headers" defined by RFC 2616 section 13.5.1.

回复 原文
只是一片海 2024-11-26 07:13:58

我在基于 Werkzeug 的应用程序中使用 httplib 实现了代理(就像您的情况一样,我需要使用 web 应用程序的身份验证和授权)。

尽管 Flask 文档没有说明如何访问 HTTP 标头,但您可以使用 request.headers (请参阅 Werkzeug 文档)。如果您不需要修改响应,并且代理应用程序使用的标头是可预测的,则代理是直接的。

请注意,如果您不需要修改响应,则应使用 werkzeug.wsgi.wrap_file 来包装 httplib 的响应流。这允许将打开的操作系统级文件描述符传递到 HTTP 服务器以获得最佳性能。

I have an implementation of a proxy using httplib in a Werkzeug-based app (as in your case, I needed to use the webapp's authentication and authorization).

Although the Flask docs don't state how to access the HTTP headers, you can use request.headers (see Werkzeug documentation). If you don't need to modify the response, and the headers used by the proxied app are predictable, proxying is staightforward.

Note that if you don't need to modify the response, you should use the werkzeug.wsgi.wrap_file to wrap httplib's response stream. That allows passing of the open OS-level file descriptor to the HTTP server for optimal performance.

回复 原文
泅人 2024-11-26 07:13:58

我最初的计划是面向公众的 URL 类似于 http://www.example.com/admin/myapp 代理到 http://myapp.internal.example.com /。沿着这条路走下去会导致疯狂。

大多数网络应用程序,特别是自托管的网络应用程序,假设它们将在 HTTP 服务器的根目录下运行,并执行诸如通过绝对路径引用其他文件之类的操作。要解决此问题,您必须重写所有位置的 URL:位置标头以及 HTML、JavaScript 和 CSS 文件。

编写了一个 Flask 代理蓝图,它做到了这一点,虽然它对于我真正想要代理的一个 Web 应用程序来说工作得足​​够好,但它是不可持续的。这是一团乱七八糟的正则表达式。

最后,我在 nginx 中设置了一个新的虚拟主机并使用了它自己的代理。由于两者都位于主机的根目录,因此几乎不需要重写 URL。 (nginx 的代理模块处理了几乎不需要的事情。)被代理的 web 应用程序会进行自己的身份验证,目前这已经足够好了。

My original plan was for the public-facing URL to be something like http://www.example.com/admin/myapp proxying to http://myapp.internal.example.com/. Down that path leads madness.

Most webapps, particularly self-hosted ones, assume that they're going to be running at the root of a HTTP server and do things like reference other files by absolute path. To work around this, you have to rewrite URLs all over the place: Location headers and HTML, JavaScript, and CSS files.

I did write a Flask proxy blueprint which did this, and while it worked well enough for the one webapp I really wanted to proxy, it was not sustainable. It was a big mess of regular expressions.

In the end, I set up a new virtual host in nginx and used its own proxying. Since both were at the root of the host, URL rewriting was mostly unnecessary. (And what little was necessary, nginx's proxy module handled.) The webapp being proxied to does its own authentication which is good enough for now.

回复 原文
~没有更多了~

关于作者

不顾

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

佚名

文章 0 评论 0

羁客

文章 0 评论 0

天天爱笑的徐老师

文章 0 评论 0

文章 0 评论 0

夏日落

文章 0 评论 0

隐诗

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文