Document features for proxies

Author: RobertoPrevato

.gitignore

@@ -4,6 +4,8 @@ venv
 .env
 site.zip
 deploy
+out
+.local
 
 # temporary
 rodi

blacksheep/docs/behind-proxies.md

@@ -0,0 +1,159 @@
+Production web applications are commonly deployed behind HTTP proxies. While
+many modern web services use cloud platforms that abstract away the need to
+manage HTTP proxies, there are still scenarios where managing load balancing
+and proxy rules is necessary. This is especially true when deploying
+applications using platforms like [Kubernetes](https://kubernetes.io/).
+
+Deploying web applications behind proxies often requires configuring routing
+based on the properties of incoming web requests. The most common examples
+include routing based on the HTTP **host** header, the prefix of the **URL
+path**, or a combination of both.
+
+This page provides an overview of the features provided by BlackSheep to handle
+these scenarios.
+
+### Routing based on hostnames
+
+```mermaid
+graph LR
+    client1["Client 1"] -->|HTTP GET https://orders.neoteroi.xyz/order/123| proxy["Routing rules"]
+    client2["Client 2"] -->|HTTP POST https://orders.neoteroi.xyz/order| proxy["Routing rules"]
+    client3["Client 3"] -->|HTTP GET https://users.neoteroi.xyz/user/123| proxy["Routing rules"]
+
+    subgraph "HTTP Proxy"
+        direction TB
+        proxy
+    end
+
+    subgraph "Servers"
+        A["Orders Web API<br>orders.neoteroi.xyz"]
+        B["Users Web API<br>users.neoteroi.xyz"]
+        C["Consents Web API<br>consents.neoteroi.xyz"]
+    end
+
+    proxy -->|&nbsp;orders.neoteroi.xyz&nbsp;| A
+    proxy -->|&nbsp;users.neoteroi.xyz&nbsp;| B
+    proxy -->|&nbsp;consents.neoteroi.xyz&nbsp;| C
+
+    %% Note
+    classDef note stroke:#000,stroke-width:1px;
+    note["Example: *.neoteroi.xyz is the wildcard domain used by an HTTP&nbsp;Proxy.
+    Several domains are configured to point to the same proxy.<br>
+    Requests are routed to different backend services based on subdomains."]:::note
+    proxy -.-> note
+```
+
+Routing based solely on the **host** header generally does not introduce
+complications for backend web applications. However, it does require additional
+maintenance to manage multiple domain names and TLS settings, and routing
+rules.
+
+### Routing based on paths
+
+Path-based routing allows a proxy server to forward requests to different
+backend services based on a prefix of the URL path. This is particularly useful
+when hosting multiple applications or services under the same domain.
+
+```mermaid
+graph LR
+    client1["Client 1"] -->|HTTP&nbsp;GET&nbsp;https:&sol;&sol;api&period;neoteroi&period;xyz&sol;order&sol;123| proxy["Routing rules"]
+    client2["Client 2"] -->|HTTP&nbsp;POST&nbsp;https:&sol;&sol;api&period;neoteroi&period;xyz&sol;order| proxy["Routing rules"]
+    client3["Client 3"] -->|HTTP&nbsp;GET&nbsp;https:&sol;&sol;api&period;neoteroi&period;xyz&sol;user&sol;123| proxy["Routing rules"]
+
+    subgraph "HTTP Proxy"
+        direction TB
+        proxy
+    end
+
+    subgraph "Servers"
+        A["Orders Web API"]
+        B["Users Web API"]
+        C["Consents Web API"]
+    end
+
+    proxy -->|&nbsp;/orders/*&nbsp;| A
+    proxy -->|&nbsp;/users/*&nbsp;| B
+    proxy -->|&nbsp;/consents/*&nbsp;| C
+
+    %% Note
+    classDef note stroke:#000,stroke-width:1px;
+    note["Example: api.neoteroi.xyz is the domain of an HTTP&nbsp;Proxy.<br>
+    Depending on the first portion of the URL path,<br/>the HTTP Proxy forwards the request to the appropriate server."]:::note
+    proxy -.-> note
+```
+
+When deploying behind proxies in this manner, it is crucial to ensure that the
+application properly handles being exposed at a specific path. While this works
+well for most REST APIs, it can lead to complications with redirects and for
+applications that include user interfaces.
+
+The following diagram illustrates the problem of redirects, if the path prefix
+is not handled properly.
+
+```mermaid
+sequenceDiagram
+    autonumber
+    actor User
+    participant Proxy as HTTP Proxy<br>(Exposes /example/)
+    participant Backend as Backend Server<br>(Exposed at /)
+
+    User->>Proxy: HTTP GET https://example.com/example/dashboard
+    Proxy->>Backend: HTTP GET /dashboard
+    Backend-->>Proxy: HTTP 302 Redirect to /sign-in
+    Proxy-->>User: HTTP 302 Redirect to /sign-in
+
+    note over User: The user is redirected to<br>https://example.com/sign-in,<br>which is incorrect because<br>the prefix /example/ is missing.
+
+    User->>Proxy: HTTP GET https://example.com/sign-in
+    Proxy-->>User: HTTP 404 Not Found
+```
+
+/// details | The example of API Gateway
+    type: info
+
+API Gateways like [AWS API Gateway](https://docs.aws.amazon.com/prescriptive-guidance/latest/cloud-design-patterns/api-routing-path.html)
+and [Azure API Management](https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts)
+use path based routing to expose many APIs behind the same domain name.
+Path based routing generally does not cause complications for REST APIs, but
+likely causes complications for web apps serving HTML documents and
+implementing interactive sign-in.
+
+///
+
+---
+
+`BlackSheep` offers two ways to deal with this scenario:
+
+- One approach, defined by the `ASGI` specification, involves specifying a
+  `root_path` in the `ASGI` server. This information is passed in the scope of
+  web requests. This method is ideal for those who prefer not to modify the
+  path at which web servers handle requests, and to configure the proxy server
+  to strip the extra prefix when forwarding requests to backend services
+  (applying URL rewrite).
+- The second approach involves configuring a prefix in the application router
+  to globally change the prefix of all request handlers. The global prefix can
+  also be set using the environment variable `APP_ROUTE_PREFIX`. This method
+  assumes that modifying the path handled by the web server is desirable to
+  align it with the path handled by the HTTP proxy server, and it is ideal
+  when using URL rewrite is not easy.
+
+For both options, `BlackSheep` handles the information provided by `root_path`
+or the application router prefix in some specific ways.
+For example, the `get_absolute_url_to_path` defined in `blacksheep.messages`
+will handle the information and return an absolute URL to the server
+according to both scenarios.
+
+| Feature                                        | Description                                                                                                                                            |
+| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `request.base_path`                            | Returns the `base_path` of a web request, when the ASGI scope includes a `root_path`, or a route prefix is used.                                       |
+| `blacksheep.messages.get_absolute_url_to_path` | Returns an absolute URL path to a given destination, including the current `root_path` or route prefix. Useful when working with redirects.            |
+| OpenAPI Documentation                          | Since version `2.1.0`, it uses relative links to serve the OpenAPI Specification files (YAML and JSON), and relative paths to support any path prefix. |
+
+/// details | Jinja2 template helper
+    type: tip
+
+The BlackSheep MVC template includes an example of helper function to
+[render absolute paths](https://github.com/Neoteroi/BlackSheep-MVC/blob/88b0672a0696d4bef4775203fae086173fd9b0fc/%7B%7Bcookiecutter.project_name%7D%7D/app/templating.py#L26)
+in Jinja templates.
+
+///

blacksheep/docs/cache-control.md

@@ -115,7 +115,7 @@ For example, a middleware that disables cache-control by default can be defined
 class NoCacheControlMiddleware(CacheControlMiddleware):
     """
     Disable client caching globally, by default, setting a
-    Cache-Contro: no-cache, no-store for all responses.
+    Cache-Control: no-cache, no-store for all responses.
     """
 
     def __init__(self) -> None:

blacksheep/docs/css/extra.css

@@ -1,3 +1,51 @@
+html {
+    overflow-y: scroll;
+}
+
+/* For large screens, make better use of the horizontal space */
+@media screen and (min-width: 2000px) {
+    .md-grid {
+        max-width: 98%;
+    }
+
+    .md-sidebar {
+        width: auto;
+        min-width: 15%;
+    }
+
+    body.fullscreen #fullscreen-form label {
+        display: none !important;
+    }
+}
+
+@media screen and (min-width: 1000px) {
+    html.fullscreen {
+        .md-grid {
+            max-width: 98%;
+        }
+
+        .md-sidebar {
+            width: auto;
+            min-width: 15%;
+        }
+    }
+}
+
+#fullscreen-form label {
+    display: none;
+}
+
+html:not(.fullscreen) #full-screen {
+    display: inline-block !important;
+}
+
+html.fullscreen #full-screen-exit {
+    display: inline-block !important;
+}
+
+html.fullscreen #full-screen {
+    display: none !important;
+}
 
 [data-md-color-scheme="default"] .md-typeset [type="checkbox"]:checked + .task-list-indicator::before {
     background-color: #2d319f;

blacksheep/docs/js/fullscreen.js

@@ -0,0 +1,26 @@
+document.addEventListener("DOMContentLoaded", function () {
+    function setFullScreen() {
+        localStorage.setItem("FULLSCREEN", "Y")
+        document.documentElement.classList.add("fullscreen");
+    }
+    function exitFullScreen() {
+        localStorage.setItem("FULLSCREEN", "N")
+        document.documentElement.classList.remove("fullscreen");
+    }
+
+    // Select all radio inputs with the name "__fullscreen"
+    const fullscreenRadios = document.querySelectorAll('input[name="__fullscreen"]');
+
+    // Add a change event listener to each radio input
+    fullscreenRadios.forEach(function (radio) {
+        radio.addEventListener("change", function () {
+            if (radio.checked) {
+                if (radio.id === "__fullscreen") {
+                    setFullScreen();
+                } else if (radio.id === "__fullscreen_no") {
+                    exitFullScreen();
+                }
+            }
+        });
+    });
+});

blacksheep/docs/settings.md

@@ -14,6 +14,7 @@ This page describes:
 | APP_ENV                  | Settings | This environment variable is read to determine the environment of the application. For more information, refer to [_Defining application environment_](/blacksheep/settings/#defining-application-environment). |
 | APP_SHOW_ERROR_DETAILS   | Settings | If "1" or "true", configures the application to display web pages with error details in case of HTTP 500 Internal Server Error.                                                                                 |
 | APP_MOUNT_AUTO_EVENTS    | Settings | If "1" or "true", automatically binds lifecycle events of mounted apps between children and parents BlackSheep applications.                                                                                    |
+| APP_ROUTE_PREFIX         | Settings | Allows configuring a global prefix for all routes handled by the application. For more information, refer to: [Behind proxies](/blacksheep/behind-proxies/).                                                    |
 | APP_SECRET_<i>i</i>      | Secrets  | Allows configuring the secrets used by the application to protect data.                                                                                                                                         |
 | BLACKSHEEP_SECRET_PREFIX | Secrets  | Allows specifying the prefix of environment variables used to configure application secrets, defaults to "APP_SECRET" if not specified.                                                                         |
 

blacksheep/mkdocs.yml

@@ -39,6 +39,8 @@ nav:
     - Compression: compression.md
   - Examples:
     - Using Marshmallow: examples/marshmallow.md
+  - Production deployments:
+    - Behind proxies: behind-proxies.md
   - Settings: settings.md
   - Binders: binders.md
   - Background tasks: background-tasks.md
@@ -83,6 +85,9 @@ extra_css:
   - css/neoteroi.css
   - css/extra.css?v=20221120
 
+extra_javascript:
+  - js/fullscreen.js
+
 plugins:
   - search
   - neoteroi.contribs:
@@ -94,6 +99,7 @@ markdown_extensions:
   - admonition
   - markdown.extensions.codehilite:
       guess_lang: false
+  - pymdownx.blocks.details
   - pymdownx.superfences:
       custom_fences:
         - name: mermaid

blacksheep/overrides/main.html

@@ -19,6 +19,14 @@
   <meta name="twitter:title" content="{{ title }}">
   <meta name="twitter:description" content="{{ config.site_description }}">
   <meta name="twitter:image" content="{{ image }}">
+  <script>
+    (function () {
+        var fullscreen = localStorage.getItem("FULLSCREEN") || "N";
+        if (fullscreen === "Y") {
+            document.documentElement.classList.add("fullscreen");
+        }
+    })();
+  </script>
 {% endblock %}
 {% block content %}
 {% if not config.extra.is_current_version %}

blacksheep/overrides/partials/header.html

@@ -0,0 +1,76 @@
+{#-
+  This file was automatically generated - do not edit
+-#}
+{% set class = "md-header" %}
+{% if "navigation.tabs.sticky" in features %}
+  {% set class = class ~ " md-header--shadow md-header--lifted" %}
+{% elif "navigation.tabs" not in features %}
+  {% set class = class ~ " md-header--shadow" %}
+{% endif %}
+<header class="{{ class }}" data-md-component="header">
+  <nav class="md-header__inner md-grid" aria-label="{{ lang.t('header') }}">
+    <a href="{{ config.extra.homepage | d(nav.homepage.url, true) | url }}" title="{{ config.site_name | e }}" class="md-header__button md-logo" aria-label="{{ config.site_name }}" data-md-component="logo">
+      {% include "partials/logo.html" %}
+    </a>
+    <label class="md-header__button md-icon" for="__drawer">
+      {% set icon = config.theme.icon.menu or "material/menu" %}
+      {% include ".icons/" ~ icon ~ ".svg" %}
+    </label>
+    <div class="md-header__title" data-md-component="header-title">
+      <div class="md-header__ellipsis">
+        <div class="md-header__topic">
+          <span class="md-ellipsis">
+            {{ config.site_name }}
+          </span>
+        </div>
+        <div class="md-header__topic" data-md-component="header-topic">
+          <span class="md-ellipsis">
+            {% if page.meta and page.meta.title %}
+              {{ page.meta.title }}
+            {% else %}
+              {{ page.title }}
+            {% endif %}
+          </span>
+        </div>
+      </div>
+    </div>
+    <form id="fullscreen-form" class="md-header__option" data-md-component="fullscreen">
+      <input class="md-option" aria-label="Enter full screen" type="radio" name="__fullscreen" id="__fullscreen">
+      <label title="Full screen" class="md-header__button md-icon" id="full-screen" for="__fullscreen">
+        {% include ".icons/material/fullscreen.svg" %}
+      </label>
+      <input class="md-option" aria-label="Exit full screen" type="radio" name="__fullscreen" id="__fullscreen_no">
+      <label title="Exit full screen" class="md-header__button md-icon" id="full-screen-exit" for="__fullscreen_no">
+        {% include ".icons/material/fullscreen-exit.svg" %}
+      </label>
+    </form>
+    {% if config.theme.palette %}
+      {% if not config.theme.palette is mapping %}
+        {% include "partials/palette.html" %}
+      {% endif %}
+    {% endif %}
+    {% if not config.theme.palette is mapping %}
+      {% include "partials/javascripts/palette.html" %}
+    {% endif %}
+    {% if config.extra.alternate %}
+      {% include "partials/alternate.html" %}
+    {% endif %}
+    {% if "material/search" in config.plugins %}
+      <label class="md-header__button md-icon" for="__search">
+        {% set icon = config.theme.icon.search or "material/magnify" %}
+        {% include ".icons/" ~ icon ~ ".svg" %}
+      </label>
+      {% include "partials/search.html" %}
+    {% endif %}
+    {% if config.repo_url %}
+      <div class="md-header__source">
+        {% include "partials/source.html" %}
+      </div>
+    {% endif %}
+  </nav>
+  {% if "navigation.tabs.sticky" in features %}
+    {% if "navigation.tabs" in features %}
+      {% include "partials/tabs.html" %}
+    {% endif %}
+  {% endif %}
+</header>