Opensearch wrapper WIP

2025-02-17 10:53:08 +01:00 · 2025-02-17 10:53:08 +01:00 · 6e8d3e171e
commit 6e8d3e171e
parent 5ff5eb4213
11 changed files with 58 additions and 71 deletions
--- a/apps/link/app/(login)/login/_components/Login.tsx
+++ b/apps/link/app/(login)/login/_components/Login.tsx
@ -23,13 +23,11 @@ import { useSearchParams } from "next/navigation";

 type LoginProps = {
  session: any;
+  baseURL: string;
 };

-export const Login: FC<LoginProps> = ({ session }) => {
-  const origin =
-    typeof window !== "undefined" && window.location.origin
-      ? window.location.origin
-      : "";
+export const Login: FC<LoginProps> = ({ session, baseURL }) => {
+  const origin = baseURL;
  const callbackUrl = `${origin}/setup`;
  const [provider, setProvider] = useState(undefined);
  const [email, setEmail] = useState("");
--- a/apps/link/app/(login)/login/page.tsx
+++ b/apps/link/app/(login)/login/page.tsx
@ -9,10 +9,11 @@ export const metadata: Metadata = {

 export default async function Page() {
  const session = await getSession();
+  const baseURL = process.env.LINK_URL;

  return (
    <Suspense fallback={<div>Loading...</div>}>
-      <Login session={session} />
+      <Login session={session} baseURL={baseURL} />
    </Suspense>
  );
 }
--- a/apps/link/app/_lib/authentication.ts
+++ b/apps/link/app/_lib/authentication.ts
@ -136,11 +136,11 @@ export const authOptions: NextAuthOptions = {
      return roles.includes("admin") || roles.includes("agent");
    },
    session: async ({ session, token }) => {
-      const redis = new Redis(process.env.REDIS_URL);
-      const isInvalidated = await redis.get(`invalidated:${token.sub}`);
-      if (isInvalidated) {
-        return null;
-      }
+      // const redis = new Redis(process.env.REDIS_URL);
+      // const isInvalidated = await redis.get(`invalidated:${token.sub}`);
+      // if (isInvalidated) {
+      //  return null;
+      // }
      // @ts-ignore
      session.user.roles = token.roles ?? [];
      // @ts-ignore
--- a/apps/link/middleware.ts
+++ b/apps/link/middleware.ts
@ -7,6 +7,8 @@ const rewriteURL = (
  destinationBaseURL: string,
  headers: any = {},
 ) => {
+  console.log("Rewriting URL");
+  console.log({ request, originBaseURL, destinationBaseURL, headers });
  let path = request.url.replace(originBaseURL, "");
  if (path.startsWith("/")) {
    path = path.slice(1);
@ -30,20 +32,11 @@ const rewriteURL = (

 const checkRewrites = async (request: NextRequestWithAuth) => {
  const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
-  const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
+  console.log({ linkBaseURL });
  const opensearchBaseURL =
    process.env.OPENSEARCH_DASHBOARDS_URL ??
    "http://opensearch-dashboards:5601";

-  const zammadPaths = [
-    "/zammad",
-    "/auth/sso",
-    "/assets",
-    "/mobile",
-    "/graphql",
-    "/cable",
-  ];
-  const isSetupMode = process.env.SETUP_MODE === "true";
  const { token } = request.nextauth;
  const email = token?.email?.toLowerCase() ?? "unknown";
  const roles = (token?.roles as string[]) ?? [];
@ -59,16 +52,6 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
      opensearchBaseURL,
      headers,
    );
-  } else if (request.nextUrl.pathname.startsWith("/zammad")) {
-    return rewriteURL(request, `${linkBaseURL}/zammad`, zammadURL, headers);
-  } else if (zammadPaths.some((p) => request.nextUrl.pathname.startsWith(p))) {
-    return rewriteURL(request, linkBaseURL, zammadURL, headers);
-  } else if (request.nextUrl.pathname.startsWith("/api/v1")) {
-    if ((email && email !== "unknown") || isSetupMode) {
-      return NextResponse.next();
-    } else {
-      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-    }
  } else {
    const isDev = process.env.NODE_ENV === "development";
    const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
@ -86,30 +69,30 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
    frame-ancestors 'self';
    upgrade-insecure-requests;
 `;
-  const contentSecurityPolicyHeaderValue = cspHeader
-    .replace(/\s{2,}/g, " ")
-    .trim();
+    const contentSecurityPolicyHeaderValue = cspHeader
+      .replace(/\s{2,}/g, " ")
+      .trim();

-  const requestHeaders = new Headers(request.headers);
-  requestHeaders.set("x-nonce", nonce);
-  requestHeaders.set(
-    "Content-Security-Policy",
-    contentSecurityPolicyHeaderValue,
-  );
+    const requestHeaders = new Headers(request.headers);
+    requestHeaders.set("x-nonce", nonce);
+    requestHeaders.set(
+      "Content-Security-Policy",
+      contentSecurityPolicyHeaderValue,
+    );

-  const response = NextResponse.next({
-    request: {
-      headers: requestHeaders,
-    },
-  });
+    const response = NextResponse.next({
+      request: {
+        headers: requestHeaders,
+      },
+    });

-  response.headers.set(
-    "Content-Security-Policy",
-    contentSecurityPolicyHeaderValue,
-  );
+    response.headers.set(
+      "Content-Security-Policy",
+      contentSecurityPolicyHeaderValue,
+    );

-  return response;
-};
+    return response;
+  };
 }

 export default withAuth(checkRewrites, {
--- a/apps/link/package.json
+++ b/apps/link/package.json
@ -3,7 +3,7 @@
  "version": "2.4.0b1",
  "type": "module",
  "scripts": {
-    "dev": "next dev",
+    "dev": "next dev -H 0.0.0.0",
    "build": "next build",
    "start": "next start",
    "export": "next export",