是否在节点应用引擎中保护PubSub推送端点? [英] Securing PubSub push endpoints in node app engine?

问题描述

我正在使用pubsub将消息推送到在灵活环境的node中编写的App Engine应用程序中.有没有一种方法可以将端点限制为仅来自pubsub的流量?

I'm using pubsub to push messages into an App Engine app written in node on the flexible environment. Is there a way I can limit my endpoints to only traffic from pubsub?

在标准环境中，App Engine具有可以定义仅管理员请求和安全端点的处理程序.但是，此功能在灵活的环境中不可用.是否可以仅针对Google请求设置防火墙规则(防火墙似乎是应用程序范围内的，而不是端点?)，是否有保护端点安全的标准方法，或者我需要自定义滚动解决方案?

In the standard environment, App Engine has handlers that can define admin only requests and secure endpoints. However, this functionality is not available in the flexible environment. Is it possible to set up Firewall rules for only Google requests (Firewall appears to be application wide, not endpoint?), is there a standard method to secure endpoints or do I need to custom roll a solution?

推荐答案

原来Google已经发布了对此

Turns out Google has posted a solution to this in the docs.

解决方案是:

在您的app.yaml环境中创建令牌:

Create a token in your app.yaml environment:

env_variables:
 PUBSUB_TOPIC: <your-topic-name>
 # This token is used to verify that requests originate from your
 # application. It can be any sufficiently random string.
 PUBSUB_VERIFICATION_TOKEN: <your-verification-token>

将令牌与您的消息一起发送:

Send the token with your message:

 https://YOUR_APP_ID.appspot.com/pubsub/push?token=YOUR_TOKEN \
--ack-deadline 10

检查推送处理程序中的令牌:

Check the token in your push handler:

  if (req.query.token !== PUBSUB_VERIFICATION_TOKEN) {
    res.status(400).send();
    return;
  }

RTFM！

这篇关于是否在节点应用引擎中保护PubSub推送端点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！