Score:0

NGINX Crossed Mappings

it flag

I appear to have a issue with my mappings in my NGINX configuration.

The first mapping handles UserID or Username.

The second mapping overrides the first mapping, and is forcing token in place of id or username. This second mapping should only handle two types of string hashes we use to authenticate.

Both mappings allow 2 types of parameters each.

First Mapping Expected

example.com/user/1/   *OR*   example.com/user/Jonny/

Actual Result (ID & Username)

/user/token/    =>    $_GET['token'] should not be here (its NULL)

Second Mapping Expected

example.com/access/SHA1-HASH/   *OR*   example.com/access/OTHER-ENC/

Actual Result (Both Requests)

Requests for /access/* work perfectly fine. 

Our NGINX config (the relevant stuff)

map $id $user {
    ~^\d+$   id;
    default  username;
}

map $password $auth {
    ~^\d+$   password;
    default  token;
}

server {
    rewrite ^/access/([^/]*)/(?<password>[^/]+)/$ /download.php?$auth&$auth=$password;
    rewrite ^/user/(?<id>[^/]+)/$ /user.php?$user&$user=$username
}

I want to support both mappings.

Any help is appreciated!

us flag
Please clarify "I tried renaming variables". What was the exact configuration you tried?
Jonny avatar
it flag
I noticed that too. I tried renaming the first "$id_type" => $user_type, and renamed second "$id_type" => $auth_type, so see if "$id_type" was conflicting with both types of requests. It had no effect and the problem remained.
us flag
Please add the exact configuration you tried to the question, the HTTP requests you made and the responses you received.
Jonny avatar
it flag
```Post updated for clarity```
us flag
There are still the duplicate `$id_type` map declarations here, which cannot work. Please show the attempt where you renamed the variables and corresponding results.
Jonny avatar
it flag
Post updated. Do you have any NGINX suggestions?
Score:1
us flag

$username variable is not defined here, that is one issue at least.

Otherwise I don't see why this configuration would do the effect you are describing.

With the rules above GET /user/1234/ is rewritten to /user.php?id&id=$username.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.