WIP 5

apps/link/middleware.ts

@@ -1,94 +1,83 @@
-import { NextResponse } from 'next/server';
+import { NextResponse } from "next/server";
 import { withAuth, NextRequestWithAuth } from "next-auth/middleware";
 
-const rewriteURL = (request: NextRequestWithAuth, originBaseURL: string, destinationBaseURL: string, headers: any = {}) => {
-  if (request.nextUrl.pathname.startsWith('/api/v1/reports/sets')) {
-    console.log(request.nextUrl.searchParams.get("sheet"));
-    NextResponse.next();
-  }
-
+const rewriteURL = (
+  request: NextRequestWithAuth,
+  originBaseURL: string,
+  destinationBaseURL: string,
+  headers: any = {},
+) => {
   const destinationURL = request.url.replace(originBaseURL, destinationBaseURL);
-
   console.log(`Rewriting ${request.url} to ${destinationURL}`);
-
   const requestHeaders = new Headers(request.headers);
   for (const [key, value] of Object.entries(headers)) {
     requestHeaders.set(key, value as string);
   }
+  requestHeaders.delete("connection");
 
-  requestHeaders.delete('connection');
-
-  return NextResponse.rewrite(new URL(destinationURL), { request: { headers: requestHeaders } });
+  return NextResponse.rewrite(new URL(destinationURL), {
+    request: { headers: requestHeaders },
+  });
 };
 
 const checkRewrites = async (request: NextRequestWithAuth) => {
   const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
   const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
-  const opensearchURL = process.env.OPENSEARCH_URL ?? "http://macmini:5601";
-  const metamigoURL = process.env.METAMIGO_URL ?? "http://metamigo-api:3000";
-  const labelStudioURL = process.env.LABEL_STUDIO_URL ?? "http://label-studio:8080";
+  const opensearchDashboardsURL =
+    process.env.OPENSEARCH_DASHBOARDS_URL ?? "http://macmini:5601";
+  const zammadPaths = ["/zammad", "/api/v1", "/auth/sso", "/assets", "/mobile"];
   const { token } = request.nextauth;
-  const headers = { 'X-Forwarded-User': token?.email?.toLowerCase() };
-  console.log({ pathname: request.nextUrl.pathname });
+  const email = token?.email?.toLowerCase() ?? "unknown";
+  let headers = { "x-forwarded-user": email };
 
-  if (request.nextUrl.pathname.startsWith('/opensearch')) {
-    const headers = {
-      'x-proxy-user': "admin",
-      'x-proxy-roles': "all_access",
-      //      'X-Forwarded-For': "link"
-    };
-    return rewriteURL(request, `${linkBaseURL}/opensearch`, opensearchURL, headers);
-  } else if (request.nextUrl.pathname.startsWith('/metamigo')) {
-    return rewriteURL(request, `${linkBaseURL}/metamigo`, metamigoURL);
-  } else if (request.nextUrl.pathname.startsWith('/label-studio')) {
-    return rewriteURL(request, `${linkBaseURL}/label-studio`, labelStudioURL);
-  } else if (request.nextUrl.pathname.startsWith('/zammad')) {
+  if (request.nextUrl.pathname.startsWith("/dashboards")) {
+    const roles: string[] = (token?.roles as string[]) ?? [];
+    const leafcutterRole = roles.includes("admin")
+      ? "leafcutter_admin"
+      : "leafcutter_user";
+    headers["x-forwarded-roles"] = "admin"; // leafcutterRole;
+    // headers["secruitytenant"] = "global";
+    // headers["x-forwarded-for"] = 'link';
+
+    return rewriteURL(
+      request,
+      `${linkBaseURL}/dashboards`,
+      opensearchDashboardsURL,
+      headers,
+    );
+  } else if (request.nextUrl.pathname.startsWith("/zammad")) {
     return rewriteURL(request, `${linkBaseURL}/zammad`, zammadURL, headers);
-  } else if (request.nextUrl.pathname.startsWith('/auth/sso') || request.nextUrl.pathname.startsWith('/assets')) {
-    return rewriteURL(request, linkBaseURL, zammadURL, headers);
-  } else if (request.nextUrl.pathname.startsWith('/proxy/api') || request.nextUrl.pathname.startsWith('/proxy/assets')) {
-    return rewriteURL(request, `${linkBaseURL}/proxy`, zammadURL);
-  } else if (request.nextUrl.pathname.startsWith('/api/v1') || request.nextUrl.pathname.startsWith('/auth/sso') || request.nextUrl.pathname.startsWith('/mobile')) {
+  } else if (zammadPaths.some((p) => request.nextUrl.pathname.startsWith(p))) {
     return rewriteURL(request, linkBaseURL, zammadURL, headers);
   }
 
   return NextResponse.next();
 };
 
-export default withAuth(
-  checkRewrites,
-  {
-    pages: {
-      signIn: `/login`,
+export default withAuth(checkRewrites, {
+  pages: {
+    signIn: `/login`,
+  },
+  callbacks: {
+    authorized: ({ token, req }) => {
+      if (req.nextUrl.pathname === "/api/v1") {
+        return true;
+      }
+
+      if (process.env.SETUP_MODE === "true") {
+        return true;
+      }
+
+      const roles: any = token?.roles ?? [];
+      if (roles.includes("admin") || roles.includes("agent")) {
+        return true;
+      }
+
+      return false;
     },
-    callbacks: {
-      authorized: ({ token, req }) => {
-        const {
-          url,
-        } = req;
-
-        const noAuthPaths = ["/login", "/api/v1"];
-        const parsedURL = new URL(url);
-        const path = parsedURL.pathname;
-
-        if (noAuthPaths.some((p: string) => path.startsWith(p))) {
-          console.log({ p: parsedURL.pathname, auth: "no" });
-          return true;
-        }
-
-        const roles: any = token?.roles ?? [];
-        if (roles.includes("admin") || roles.includes("agent") || process.env.SETUP_MODE === "true") {
-          return true;
-        }
-
-        return false;
-      },
-    }
-  }
-);
+  },
+});
 
 export const config = {
-  matcher: [
-    '/((?!ws|wss|_next/static|_next/image|favicon.ico).*)',
-  ],
+  matcher: ["/((?!ws|wss|_next/static|_next/image|favicon.ico).*)"],
 };