sr2/link-stack
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Opensearch wrapper WIP

Browse source
This commit is contained in:
Darren Clarke 2025-02-17 10:53:08 +01:00
parent 5ff5eb4213
commit 6e8d3e171e
11 changed files with 58 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

8
apps/link/app/(login)/login/_components/Login.tsx
View file

@ -23,13 +23,11 @@ import { useSearchParams } from "next/navigation";
type LoginProps = {
session: any;
baseURL: string;
};
export const Login: FC<LoginProps> = ({ session }) => {
const origin =
typeof window !== "undefined" && window.location.origin
? window.location.origin
: "";
export const Login: FC<LoginProps> = ({ session, baseURL }) => {
const origin = baseURL;
const callbackUrl = `${origin}/setup`;
const [provider, setProvider] = useState(undefined);
const [email, setEmail] = useState("");

3
apps/link/app/(login)/login/page.tsx
View file

@ -9,10 +9,11 @@ export const metadata: Metadata = {
export default async function Page() {
const session = await getSession();
const baseURL = process.env.LINK_URL;
return (
<Suspense fallback={<div>Loading...</div>}>
<Login session={session} />
<Login session={session} baseURL={baseURL} />
</Suspense>
);
}

10
apps/link/app/_lib/authentication.ts
View file

@ -136,11 +136,11 @@ export const authOptions: NextAuthOptions = {
return roles.includes("admin") || roles.includes("agent");
},
session: async ({ session, token }) => {
const redis = new Redis(process.env.REDIS_URL);
const isInvalidated = await redis.get(`invalidated:${token.sub}`);
if (isInvalidated) {
return null;
}
// const redis = new Redis(process.env.REDIS_URL);
// const isInvalidated = await redis.get(`invalidated:${token.sub}`);
// if (isInvalidated) {
// return null;
// }
// @ts-ignore
session.user.roles = token.roles ?? [];
// @ts-ignore

25
apps/link/middleware.ts
View file

@ -7,6 +7,8 @@ const rewriteURL = (
destinationBaseURL: string,
headers: any = {},
) => {
console.log("Rewriting URL");
console.log({ request, originBaseURL, destinationBaseURL, headers });
let path = request.url.replace(originBaseURL, "");
if (path.startsWith("/")) {
path = path.slice(1);
@ -30,20 +32,11 @@ const rewriteURL = (
const checkRewrites = async (request: NextRequestWithAuth) => {
const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
console.log({ linkBaseURL });
const opensearchBaseURL =
process.env.OPENSEARCH_DASHBOARDS_URL ??
"http://opensearch-dashboards:5601";
const zammadPaths = [
"/zammad",
"/auth/sso",
"/assets",
"/mobile",
"/graphql",
"/cable",
];
const isSetupMode = process.env.SETUP_MODE === "true";
const { token } = request.nextauth;
const email = token?.email?.toLowerCase() ?? "unknown";
const roles = (token?.roles as string[]) ?? [];
@ -59,16 +52,6 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
opensearchBaseURL,
headers,
);
} else if (request.nextUrl.pathname.startsWith("/zammad")) {
return rewriteURL(request, `${linkBaseURL}/zammad`, zammadURL, headers);
} else if (zammadPaths.some((p) => request.nextUrl.pathname.startsWith(p))) {
return rewriteURL(request, linkBaseURL, zammadURL, headers);
} else if (request.nextUrl.pathname.startsWith("/api/v1")) {
if ((email && email !== "unknown") || isSetupMode) {
return NextResponse.next();
} else {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
} else {
const isDev = process.env.NODE_ENV === "development";
const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
@ -109,7 +92,7 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
);
return response;
};
};
}
export default withAuth(checkRewrites, {

2
apps/link/package.json
View file

@ -3,7 +3,7 @@
"version": "2.4.0b1",
"type": "module",
"scripts": {
"dev": "next dev",
"dev": "next dev -H 0.0.0.0",
"build": "next build",
"start": "next start",
"export": "next export",

14
docker/compose/zammad.yml
View file

@ -15,6 +15,10 @@ x-zammad-vars: &common-zammad-variables
ELASTICSEARCH_SSL_VERIFY: "false" # this doesn't set es_ssl_verify as expected, but ideally it would
ELASTICSEARCH_SCHEMA: "https"
x-zammad-args: &common-zammad-args
EMBEDDED: "true"
LINK_HOST: ${LINK_HOST}
services:
zammad-init:
container_name: zammad-init
@ -28,7 +32,7 @@ services:
build:
context: ../zammad
args:
EMBEDDED: "true"
<<: *common-zammad-args
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: on-failure
user: 0:0
@ -57,7 +61,7 @@ services:
build:
context: ../zammad
args:
EMBEDDED: "true"
<<: *common-zammad-args
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
environment:
@ -81,7 +85,7 @@ services:
build:
context: ../zammad
args:
EMBEDDED: "true"
<<: *common-zammad-args
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
volumes:
@ -110,7 +114,7 @@ services:
build:
context: ../zammad
args:
EMBEDDED: "true"
<<: *common-zammad-args
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
volumes:
@ -129,7 +133,7 @@ services:
build:
context: ../zammad
args:
EMBEDDED: "true"
<<: *common-zammad-args
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
volumes:

2
docker/opensearch-dashboards/opensearch_dashboards.yml
View file

@ -20,5 +20,5 @@ opensearch_security.multitenancy.tenants.preferred: [Private, Global]
# opensearch_security.readonly_mode.roles: [kibana_read_only]
opensearch_security.cookie.secure: false
server.host: "0.0.0.0"
server.basePath: "/dashboards"
server.basePath: "/link/dashboards"
server.rewriteBasePath: false

19
docker/zammad/Dockerfile
View file

@ -22,15 +22,16 @@ RUN sed -i '/touch db\/schema.rb/a ZAMMAD_SAFE_MODE=1 DATABASE_URL=postgresql:\/
RUN cat contrib/docker/setup.sh
RUN contrib/docker/setup.sh builder
ARG EMBEDDED=false
RUN if [ "$EMBEDDED" = "true" ] ; then sed -i '/location \/ {/i \
\ \n\
\ location /link {\n\
\ proxy_pass http://link:3000;\n\
\ proxy_set_header Host $host;\n\
\ proxy_set_header X-Real-IP $remote_addr;\n\
\ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\
\ proxy_set_header X-Forwarded-Proto https;\n\
\ }\n' ${ZAMMAD_DIR}/contrib/nginx/zammad.conf; fi
ARG LINK_HOST=http://link:3000
RUN if [ "$EMBEDDED" = "true" ] ; then sed -i "/location \/ {/i\
location /link {\n\
proxy_pass ${LINK_HOST};\n\
proxy_set_header Host \$host;\n\
proxy_set_header X-Real-IP \$remote_addr;\n\
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n\
proxy_set_header X-Forwarded-Proto https;\n\
}\n\
" ${ZAMMAD_DIR}/contrib/nginx/zammad.conf; fi
RUN sed -i '/^[[:space:]]*# es config/a\
echo "about to reinstall..."\n\
bundle exec rails runner /opt/zammad/contrib/link/setup.rb\n\

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "@link-stack",
"version": "2.4.0b1",
"version": "2.5.0b1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@link-stack",
"version": "2.4.0b1",
"version": "2.5.0b1",
"license": "AGPL-3.0-or-later",
"workspaces": [
"apps/*",

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "@link-stack",
"version": "2.4.0b1",
"version": "2.5.0b1",
"description": "Link from the Center for Digital Resilience",
"scripts": {
"dev": "dotenv -- turbo dev",

2
packages/leafcutter-ui/components/OpenSearchWrapper.tsx
View file

@ -34,7 +34,7 @@ export const OpenSearchWrapper: FC<OpenSearchWrapperProps> = ({
>
<Iframe
id="opensearch"
url={`/dashboards/${url}`}
url={`/link/dashboards/${url}`}
// url={`/dashboards/${url}&_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A0)%2Ctime%3A(from%3Anow-3y%2Cto%3Anow))`}
width="100%"
height="100%"