feat: default prefix to /api if reverse proxy is used (#166)

Resolves #163.

Author: morremeyer

README.md

@@ -19,6 +19,11 @@ The recommended and only supported way for production deployments is to run the
 
 :warning: If you do not configure a postgresql database, sqlite will automatically be used. Mount a persistent volume to the `/data` directory - this is where the sqlite database is stored. If you do not do this, you will lose all data every time the container is deleted.
 
+If you serve the backend with a reverse proxy under a different path than `/`, note the following:
+
+- Your reverse proxy must set the `x-forwarded-host` header so that correct URIs are generated
+- If you do not serve the backend at the prefix `/api` (required by the [frontend](https://github.com/envelope-zero/frontend)), your reverse proxy needs to set the `x-forwarded-prefix` header
+
 The backend can be configured with the following environment variables. None are required.
 
 | Name                 | Type                      | Default                                              | Description                                                                                                                                                       |
@@ -67,8 +72,6 @@ ingress:
         - envelope-zero.example.com
 ```
 
-If you do not use the root path `/`, but a prefix, make sure your reverse proxy writes the used prefix in the `x-forwarded-prefix` header. That header is used by the backend to generate the correct URLs for resources.
-
 ## Supported Versions
 
 This project is under heavy development. Therefore, only the latest release is supported.

internal/httputil/error_test.go

@@ -0,0 +1,75 @@
+package httputil_test
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/envelope-zero/backend/internal/httputil"
+	"github.com/envelope-zero/backend/internal/test"
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+	"gorm.io/gorm"
+)
+
+func TestFetchErrorHandlerErrRecordNotFound(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", func(ctx *gin.Context) {
+		httputil.FetchErrorHandler(c, gorm.ErrRecordNotFound)
+	})
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	r.ServeHTTP(w, c.Request)
+	assert.Equal(t, http.StatusNotFound, w.Code)
+}
+
+func TestFetchErrorHandlerStrconvNumError(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", func(ctx *gin.Context) {
+		httputil.FetchErrorHandler(c, &strconv.NumError{})
+	})
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	r.ServeHTTP(w, c.Request)
+	assert.Equal(t, http.StatusBadRequest, w.Code)
+	assert.Equal(t, "An ID specified in the query string was not a valid uint64", test.DecodeError(t, w.Body.Bytes()))
+}
+
+func TestFetchErrorHandlerTimeParseError(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", func(ctx *gin.Context) {
+		httputil.FetchErrorHandler(c, &time.ParseError{})
+	})
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	r.ServeHTTP(w, c.Request)
+	assert.Equal(t, http.StatusBadRequest, w.Code)
+	assert.Contains(t, test.DecodeError(t, w.Body.Bytes()), "parsing time")
+}
+
+func TestFetchErrorHandlerInternalServerError(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", func(ctx *gin.Context) {
+		httputil.FetchErrorHandler(c, errors.New("Some random error"))
+	})
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	r.ServeHTTP(w, c.Request)
+	assert.Equal(t, http.StatusInternalServerError, w.Code)
+	assert.Contains(t, test.DecodeError(t, w.Body.Bytes()), "an error occured on the server during your request")
+}

internal/httputil/options_test.go

@@ -0,0 +1,56 @@
+package httputil_test
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/envelope-zero/backend/internal/httputil"
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestOptionsGet(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", httputil.OptionsGet)
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	c.Request.Host = "example.com"
+	r.ServeHTTP(w, c.Request)
+
+	assert.Equal(t, "GET", w.Header().Get("allow"))
+	assert.Equal(t, http.StatusNoContent, w.Code)
+}
+
+func TestOptionsPost(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", httputil.OptionsGetPost)
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	c.Request.Host = "example.com"
+	r.ServeHTTP(w, c.Request)
+
+	assert.Equal(t, "GET, POST", w.Header().Get("allow"))
+	assert.Equal(t, http.StatusNoContent, w.Code)
+}
+
+func TestOptionsGetPatchDelete(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	r.GET("/", httputil.OptionsGetPatchDelete)
+
+	// Check without reverse proxy headers
+	c.Request, _ = http.NewRequest(http.MethodGet, "/", nil)
+	c.Request.Host = "example.com"
+	r.ServeHTTP(w, c.Request)
+
+	assert.Equal(t, "GET, PATCH, DELETE", w.Header().Get("allow"))
+	assert.Equal(t, http.StatusNoContent, w.Code)
+}

internal/httputil/request.go

@@ -2,6 +2,7 @@ package httputil
 
 import (
 	"errors"
+	"fmt"
 	"io"
 	"net/http"
 	"strconv"
@@ -19,8 +20,31 @@ func RequestHost(c *gin.Context) string {
 		scheme = "https"
 	}
 
-	forwardedPrefix := c.Request.Header.Get("x-forwarded-prefix")
-	return scheme + "://" + c.Request.Host + forwardedPrefix
+	// We can reasonably expect a reverse proxy to set x-forwarded-host
+	// as it is a de-facto standard.
+	//
+	// If it is set, we use it to construct the links and use the
+	// x-forwarded-prefix header as prefix. If that is unset,
+	// fall back to "/api"
+	//
+	// If no proxy is detected, don’t do anything.
+	host := c.Request.Host
+	var forwardedPrefix string
+
+	fmt.Println(c.Request.Header)
+
+	xForwardedHost := c.Request.Header.Get("x-forwarded-host")
+	if xForwardedHost != "" {
+		host = xForwardedHost
+
+		forwardedPrefix = c.Request.Header.Get("x-forwarded-prefix")
+
+		if forwardedPrefix == "" {
+			forwardedPrefix = "/api"
+		}
+	}
+
+	return scheme + "://" + host + forwardedPrefix
 }
 
 // RequestPathV1 returns the URL with the prefix for API v1.