Update proxying, swap /zammad and /link

2025-02-06 13:03:31 +01:00 · 2025-02-06 13:03:31 +01:00 · 9283227074
commit 9283227074
parent 2fd85f045c
24 changed files with 3317 additions and 2822 deletions
--- a/apps/link/middleware.ts
+++ b/apps/link/middleware.ts
@ -1,6 +1,7 @@
 import { NextResponse } from "next/server";
 import { withAuth, NextRequestWithAuth } from "next-auth/middleware";

+/*
 const rewriteURL = (
  request: NextRequestWithAuth,
  originBaseURL: string,
@ -25,31 +26,16 @@ const rewriteURL = (
    request: { headers: requestHeaders },
  });
 };
-
+ */
 const checkRewrites = async (request: NextRequestWithAuth) => {
-  const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
-  const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
-
-  const zammadPaths = [
-    "/zammad",
-    "/auth/sso",
-    "/assets",
-    "/mobile",
-    "/graphql",
-    "/cable",
-  ];
+  // const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
  const { token } = request.nextauth;
  const email = token?.email?.toLowerCase() ?? "unknown";
-  let headers = { "x-forwarded-user": email };
+  // let headers = { "x-forwarded-user": email };

-  if (request.nextUrl.pathname.startsWith("/zammad")) {
-    return rewriteURL(request, `${linkBaseURL}/zammad`, zammadURL, headers);
-  } else if (zammadPaths.some((p) => request.nextUrl.pathname.startsWith(p))) {
-    return rewriteURL(request, linkBaseURL, zammadURL, headers);
-  } else {
-    const isDev = process.env.NODE_ENV === "development";
-    const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
-    const cspHeader = `
+  const isDev = process.env.NODE_ENV === "development";
+  const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
+  const cspHeader = `
    default-src 'self';
    connect-src 'self';
    script-src 'self' 'nonce-${nonce}' 'strict-dynamic' ${isDev ? "'unsafe-eval'" : ""};
@ -62,30 +48,29 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
    frame-ancestors 'none';
    upgrade-insecure-requests;
 `;
-    const contentSecurityPolicyHeaderValue = cspHeader
-      .replace(/\s{2,}/g, " ")
-      .trim();
+  const contentSecurityPolicyHeaderValue = cspHeader
+    .replace(/\s{2,}/g, " ")
+    .trim();

-    const requestHeaders = new Headers(request.headers);
-    requestHeaders.set("x-nonce", nonce);
-    requestHeaders.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
-    );
+  const requestHeaders = new Headers(request.headers);
+  requestHeaders.set("x-nonce", nonce);
+  requestHeaders.set(
+    "Content-Security-Policy",
+    contentSecurityPolicyHeaderValue,
+  );

-    const response = NextResponse.next({
-      request: {
-        headers: requestHeaders,
-      },
-    });
+  const response = NextResponse.next({
+    request: {
+      headers: requestHeaders,
+    },
+  });

-    response.headers.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
-    );
+  response.headers.set(
+    "Content-Security-Policy",
+    contentSecurityPolicyHeaderValue,
+  );

-    return response;
-  }
+  return response;
 };

 export default withAuth(checkRewrites, {