Opensearch embed changes

This commit is contained in:
Darren Clarke 2024-11-28 08:27:20 +01:00
parent 130554d86b
commit a8dd53507d
11 changed files with 237 additions and 178 deletions

View file

@ -15,6 +15,7 @@ const rewriteURL = (
console.log(`Rewriting ${request.url} to ${destinationURL}`);
const requestHeaders = new Headers(request.headers);
requestHeaders.delete("x-forwarded-user");
requestHeaders.delete("x-forwarded-roles");
requestHeaders.delete("connection");
for (const [key, value] of Object.entries(headers)) {
@ -29,6 +30,9 @@ const rewriteURL = (
const checkRewrites = async (request: NextRequestWithAuth) => {
const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
const opensearchBaseURL =
process.env.OPENSEARCH_DASHBOARDS_URL ??
"http://opensearch-dashboards:5601";
const zammadPaths = [
"/zammad",
@ -40,9 +44,20 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
];
const { token } = request.nextauth;
const email = token?.email?.toLowerCase() ?? "unknown";
let headers = { "x-forwarded-user": email };
const roles = (token?.roles as string[]) ?? [];
let headers = {
"x-forwarded-user": email,
"x-forwarded-roles": roles.join(","),
};
if (request.nextUrl.pathname.startsWith("/zammad")) {
if (request.nextUrl.pathname.startsWith("/dashboards")) {
return rewriteURL(
request,
`${linkBaseURL}/dashboards`,
opensearchBaseURL,
headers,
);
} else if (request.nextUrl.pathname.startsWith("/zammad")) {
return rewriteURL(request, `${linkBaseURL}/zammad`, zammadURL, headers);
} else if (zammadPaths.some((p) => request.nextUrl.pathname.startsWith(p))) {
return rewriteURL(request, linkBaseURL, zammadURL, headers);
@ -51,6 +66,7 @@ const checkRewrites = async (request: NextRequestWithAuth) => {
const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
const cspHeader = `
default-src 'self';
frame-src 'self' https://digiresilience.org;
connect-src 'self';
script-src 'self' 'nonce-${nonce}' 'strict-dynamic' ${isDev ? "'unsafe-eval'" : ""};
style-src 'self' 'unsafe-inline';