link-stack/apps/leafcutter/pages/api/proxy/[[...path]].ts

import { createProxyMiddleware } from "http-proxy-middleware";
import { NextApiRequest, NextApiResponse } from "next";
import { getToken } from "next-auth/jwt";
import { createLogger } from "@link-stack/logger";

const logger = createLogger('leafcutter-[[...path]]');

/*

  if (validDomains.includes(domain)) {
    res.headers.set("Access-Control-Allow-Origin", origin);
    res.headers.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
    res.headers.set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  }


  */

const withAuthInfo =
  (handler: any) => async (req: NextApiRequest, res: NextApiResponse) => {
    const session: any = await getToken({
      req,
      secret: process.env.NEXTAUTH_SECRET,
    });
    let email = session?.email?.toLowerCase();

    const requestSignature = req.query.signature;
    const url = new URL(req.headers.referer as string);
    const referrerSignature = url.searchParams.get("signature");
    const isAppPath = !!req.url?.startsWith("/app");
    const isResourcePath = !!req.url?.match(
      /\/(api|app|bootstrap|3961|ui|translations|internal|login|node_modules)/,
    );

    if (requestSignature && isAppPath) {
      logger.info("Has Signature");
    }

    if (referrerSignature && isResourcePath) {
      logger.info("Has Signature");
    }

    if (!email) {
      return res.status(401).json({ error: "Not authorized" });
    }

    req.headers["x-proxy-user"] = email;
    req.headers["x-proxy-roles"] = "leafcutter_user";
    const auth = `${email}:${process.env.OPENSEARCH_USER_PASSWORD}`;
    const buff = Buffer.from(auth);
    const base64data = buff.toString("base64");
    req.headers.Authorization = `Basic ${base64data}`;
    return handler(req, res);
  };

const proxy = createProxyMiddleware({
  target: process.env.OPENSEARCH_DASHBOARDS_URL,
  changeOrigin: true,
  xfwd: true,
});

export default withAuthInfo(proxy);

export const config = {
  api: {
    bodyParser: false,
    externalResolver: true,
  },
};
Flatten 2023-08-25 07:11:33 +00:00			`import { createProxyMiddleware } from "http-proxy-middleware";`
			`import { NextApiRequest, NextApiResponse } from "next";`
			`import { getToken } from "next-auth/jwt";`
feat: Add centralized logging system with @link-stack/logger package - Create new @link-stack/logger package wrapping Pino for structured logging - Replace all console.log/error/warn statements across the monorepo - Configure environment-aware logging (pretty-print in dev, JSON in prod) - Add automatic redaction of sensitive fields (passwords, tokens, etc.) - Remove dead commented-out logger file from bridge-worker - Follow Pino's standard argument order (context object first, message second) - Support log levels via LOG_LEVEL environment variable - Export TypeScript types for better IDE support This provides consistent, structured logging across all applications and packages, making debugging easier and production logs more parseable. 2025-08-20 11:37:39 +02:00			`import { createLogger } from "@link-stack/logger";`

			`const logger = createLogger('leafcutter-[[...path]]');`
Flatten 2023-08-25 07:11:33 +00:00
			`/*`

			`if (validDomains.includes(domain)) {`
			`res.headers.set("Access-Control-Allow-Origin", origin);`
			`res.headers.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS");`
			`res.headers.set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");`
			`}`


			`*/`

			`const withAuthInfo =`
			`(handler: any) => async (req: NextApiRequest, res: NextApiResponse) => {`
			`const session: any = await getToken({`
			`req,`
			`secret: process.env.NEXTAUTH_SECRET,`
			`});`
			`let email = session?.email?.toLowerCase();`

			`const requestSignature = req.query.signature;`
			`const url = new URL(req.headers.referer as string);`
			`const referrerSignature = url.searchParams.get("signature");`
			`const isAppPath = !!req.url?.startsWith("/app");`
Update logging 2025-01-22 17:50:38 +01:00			`const isResourcePath = !!req.url?.match(`
			`/\/(api\|app\|bootstrap\|3961\|ui\|translations\|internal\|login\|node_modules)/,`
			`);`
Flatten 2023-08-25 07:11:33 +00:00
			`if (requestSignature && isAppPath) {`
feat: Add centralized logging system with @link-stack/logger package - Create new @link-stack/logger package wrapping Pino for structured logging - Replace all console.log/error/warn statements across the monorepo - Configure environment-aware logging (pretty-print in dev, JSON in prod) - Add automatic redaction of sensitive fields (passwords, tokens, etc.) - Remove dead commented-out logger file from bridge-worker - Follow Pino's standard argument order (context object first, message second) - Support log levels via LOG_LEVEL environment variable - Export TypeScript types for better IDE support This provides consistent, structured logging across all applications and packages, making debugging easier and production logs more parseable. 2025-08-20 11:37:39 +02:00			`logger.info("Has Signature");`
Flatten 2023-08-25 07:11:33 +00:00			`}`

			`if (referrerSignature && isResourcePath) {`
feat: Add centralized logging system with @link-stack/logger package - Create new @link-stack/logger package wrapping Pino for structured logging - Replace all console.log/error/warn statements across the monorepo - Configure environment-aware logging (pretty-print in dev, JSON in prod) - Add automatic redaction of sensitive fields (passwords, tokens, etc.) - Remove dead commented-out logger file from bridge-worker - Follow Pino's standard argument order (context object first, message second) - Support log levels via LOG_LEVEL environment variable - Export TypeScript types for better IDE support This provides consistent, structured logging across all applications and packages, making debugging easier and production logs more parseable. 2025-08-20 11:37:39 +02:00			`logger.info("Has Signature");`
Flatten 2023-08-25 07:11:33 +00:00			`}`

			`if (!email) {`
			`return res.status(401).json({ error: "Not authorized" });`
			`}`

			`req.headers["x-proxy-user"] = email;`
			`req.headers["x-proxy-roles"] = "leafcutter_user";`
			const auth = `${email}:${process.env.OPENSEARCH_USER_PASSWORD}`;
			`const buff = Buffer.from(auth);`
			`const base64data = buff.toString("base64");`
			req.headers.Authorization = `Basic ${base64data}`;
			`return handler(req, res);`
			`};`

			`const proxy = createProxyMiddleware({`
			`target: process.env.OPENSEARCH_DASHBOARDS_URL,`
			`changeOrigin: true,`
			`xfwd: true,`
			`});`

			`export default withAuthInfo(proxy);`

			`export const config = {`
			`api: {`
			`bodyParser: false,`
			`externalResolver: true,`
			`},`
			`};`