-
Notifications
You must be signed in to change notification settings - Fork 56
Expand file tree
/
Copy pathproxies.js
More file actions
136 lines (121 loc) · 3.81 KB
/
proxies.js
File metadata and controls
136 lines (121 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
/** @import { Logger, Options, OnProxyEvent } from "http-proxy-middleware/dist/types.js" */
import * as cookie from "cookie";
import { KONVEYOR_ENV } from "@konveyor-ui/common";
/** @type Logger */
const logger =
process.env.DEBUG === "1"
? console
: {
info() {},
warn: console.warn,
error: console.error,
};
/**
* Add the Bearer token to the request if it is not already present, AND if
* the token is part of the request as a cookie
*
* TODO: Verify this is still relevant when authorization is turned on. The query
* handling libraries probably already take care of this. The cookie may
* not be set.
*
* @type OnProxyEvent["proxyReq"]
*/
const addBearerTokenIfNeeded = (proxyReq, req, _res) => {
const cookies = cookie.parse(req.headers.cookie ?? "");
const bearerToken = cookies.keycloak_cookie;
if (bearerToken && !req.headers["authorization"]) {
proxyReq.setHeader("Authorization", `Bearer ${bearerToken}`);
}
};
/**
* TODO: Verify that if auth doesn't exist or expires that the user is redirect
* back to the app to login. This handler may not be necessary with the
* current query handling libraries. The idea would be to make sure if an
* auth token expires on a data fetch, the app pushes the user back to
* the login page.
*
* @type OnProxyEvent["proxyRes"]
*/
const redirectIfUnauthorized = (proxyRes, req, res) => {
if (
!req.headers.accept?.includes("application/json") &&
(proxyRes.statusCode === 401 || proxyRes.statusMessage === "Unauthorized")
) {
res.writeHead(302, { Location: "/" }).end();
proxyRes?.destroy();
}
};
/** @type Record<string, Options> */
export default {
devServer: {
pathFilter: "/",
target: "http://localhost:9003",
logger,
},
auth: {
pathFilter: "/auth",
target: KONVEYOR_ENV.KEYCLOAK_SERVER_URL || "http://localhost:9001",
logger,
changeOrigin: true,
on: {
proxyReq(proxyReq, req, _res) {
// Keycloak needs these header set so we can function in Kubernetes (non-OpenShift)
// https://www.keycloak.org/server/reverseproxy
//
// Note, on OpenShift, this works as the haproxy implementation
// for the OpenShift route is setting these for us automatically
//
// We saw problems with including the below broke the OpenShift route
// {"X-Forwarded-Proto", req.protocol} broke the OpenShift
// {"X-Forwarded-Port", req.socket.localPort}
// {"Forwarded", `for=${req.socket.remoteAddress};proto=${req.protocol};host=${req.headers.host}`}
// so we are not including even though they are customary
//
req.socket.remoteAddress &&
proxyReq.setHeader("X-Forwarded-For", req.socket.remoteAddress);
req.socket.remoteAddress &&
proxyReq.setHeader("X-Real-IP", req.socket.remoteAddress);
req.headers.host &&
proxyReq.setHeader("X-Forwarded-Host", req.headers.host);
},
},
},
hub: {
pathFilter: "/hub",
target: KONVEYOR_ENV.TACKLE_HUB_URL || "http://localhost:9002",
logger,
changeOrigin: true,
pathRewrite: {
"^/hub": "",
},
on: {
proxyReq: addBearerTokenIfNeeded,
proxyRes: redirectIfUnauthorized,
},
},
kai: {
pathFilter: "/kai",
target: KONVEYOR_ENV.TACKLE_HUB_URL || "http://localhost:9002",
logger,
changeOrigin: true,
pathRewrite: {
"^/kai": "/services/kai",
},
on: {
proxyReq: addBearerTokenIfNeeded,
proxyRes: redirectIfUnauthorized,
},
},
kaiLLMProxy: {
pathFilter: "/llm-proxy",
target: KONVEYOR_ENV.KAI_LLM_PROXY_URL || "http://localhost:9004",
logger,
changeOrigin: true,
pathRewrite: {
"^/llm-proxy": "",
},
on: {
proxyReq: addBearerTokenIfNeeded,
},
},
};