在AppEngine中验证PubSub Push消息 [英] Authenticating PubSub Push messages in AppEngine
问题描述
有没有办法确定app引擎收到的消息是否来自Google PubSub服务?目前,PubSub服务在appengine app.yaml中配置为login:admin的URL上获得302。所以它不断重试。
我预计这会像Appengine中的任务一样运行,并自动通过login:adminURLs进行身份验证。
常见问题建议您在设置在您的PubSub推送订阅中,您将共享秘密令牌作为您在处理程序中检查的请求参数。
$ b
如果您另外想要为了验证这些消息来源于Google Cloud Pub / Sub,您可以将您的端点配置为仅接受附带秘密令牌参数的消息,例如,
https://myapp.mydomain.com/myhandler?token=application-secret。
由于PubSub不使用appengine身份验证,并且我们使用令牌进行身份验证,因此您不应在您的app.yaml条目中为此处理程序指定 login 键。以下是一个例子:
main.py
class Handler(webapp2.RequestHandler):
def post(self):
token = self.request.params ['token']
if token!='foo':
self.abort(401,'Not authorized')
#做东西
app = webapp2.WSGIApplication ([
('/',Handler),
],debug = True)
运行时:python27
api_version:1
线程安全:true
处理程序:
- url:/.*
script:main.app
Is there a way to know for sure that a message received by app engine is from the Google PubSub service? Currently the PubSub service gets a 302 on the URLs configured as "login: admin" in appengine app.yaml. So it keeps retrying.
I would have expected this to behave like the Tasks in Appengine and automatically authenticate to "login:admin" URLs.
The FAQ recommends that when setting up your PubSub push subscription you put a shared secret token as a request parameter which you check for in your handler.
If you additionally would like to verify that the messages originated from Google Cloud Pub/Sub, you could configure your endpoint to only accept messages that are accompanied by a secret token argument, for example,
https://myapp.mydomain.com/myhandler?token=application-secret.
Since PubSub does not use appengine authentication and we are using the token to authenticate you should not specify a login key in your app.yaml entry for this handler. Here's an example:
main.py
class Handler(webapp2.RequestHandler):
def post(self):
token = self.request.params['token']
if token != 'foo':
self.abort(401, 'Not authorized')
# do stuff
app = webapp2.WSGIApplication([
('/', Handler),
], debug=True)
app.yaml
runtime: python27
api_version: 1
threadsafe: true
handlers:
- url: /.*
script: main.app
这篇关于在AppEngine中验证PubSub Push消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
