Merge branch 'master' of code-repo.d4science.org:antonio.calanducci/pep

src/nginx.default.conf.template

@@ -1,3 +1,15 @@
+# Websockets
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+# Prometheus metrics
+upstream prometheus {
+  ip_hash;
+  server {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}:{{ shinyproxy_prometheus_port }};
+}
+
 # backend service
 upstream service {
   ip_hash;
@@ -28,13 +40,17 @@ server {
 	return 200;
   }
 
-  location / {
+  
+
+  location ~ /app/ {
   	proxy_read_timeout 300;
     proxy_send_timeout 300;
     js_content pep.enforce_legacy;
   }
 
-   location /gcube_user_info {
+  
+
+  location /gcube_user_info {
      internal;
      gunzip on;
      proxy_method      GET;
@@ -46,6 +62,26 @@ server {
      proxy_cache_key $auth_token;
   }
 
+  # location /login {
+  #   proxy_set_header Host $http_host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-NginX-Proxy true;
+  #   proxy_cache_bypass $http_upgrade;
+  #   resolver 127.0.0.11;
+  #   proxy_pass  http://service/;
+  # }
+  
+  location / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_cache_bypass $http_upgrade;
+    # resolver 127.0.0.11;
+    proxy_pass  http://service/$request_uri;
+  }
+
 
 # internal location that redirects to backend will only be called from PEP JS code when all checks are passed
   location /_backend {
@@ -111,6 +147,8 @@ server {
     proxy_http_version 1.1;
     proxy_set_header  gcube-token "$auth_token";
     proxy_set_header  Content-Type "application/json";
-    proxy_pass        https://accounting-service.d4science.org/accounting-service/record;
+    proxy_pass        ${ACCOUNTING_SERVICE_BASEURL}/record;
   }
+
+
 }

src/pep.js

@@ -47,7 +47,7 @@ function enforce_legacy(r) {
 
 
   log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
-  log(context, "debug is " + JSON.stringify(defaultExport["config"]))
+  // log(context, "debug is " + JSON.stringify(defaultExport["config"]))
   const token = getGCubeToken(context)
   //log(context, JSON.stringify(context, null, 2))
   log(context, "gcube token" + token)
@@ -76,11 +76,19 @@ function enforce_legacy(r) {
 
         return context.request.subrequest("/_backend", { method: context.request.method, args: JSON.stringify(context.request.args), headers: context.request.headersIn })
       }).then(reply => {
-        debug(context, "[{{ sobigdata_ontotagme_service_name }}] response status: " + reply.status)
         debug(context, reply.responseBody);
+        debug(context, "[SHINYPROXY] response status: " + reply.status)
+        copyHeaders(context, reply.headersOut, r.headersOut)
         closeAccountingRecord_legacy(context.record, (reply.status === 200 || reply.status === 201 || reply.status === 204))
         context.request.subrequest("/_accounting_legacy", { detached: true, body: JSON.stringify([context.record]) })
-        r.return(reply.status, reply.responseBody)
+        // r.return(reply.status, reply.responseBody)
+        debug(context, "Redirect URI: " + reply.headersOut["Location"])
+        if(reply.status === 301 || reply.status === 302){
+          debug(context, "sto per fare la redirect");
+          r.return(reply.status, reply.headersOut["Location"])
+        }else{
+          r.return(reply.status, reply.responseBody)
+        } 
       }).catch(e => { log(context, "Error .... " + njs.dump(e)); context.request.return(e.message === "Unauthorized" ? 403 : 500) })
 
     return
@@ -89,7 +97,11 @@ function enforce_legacy(r) {
   r.return(401, "Authorization required")
 }
 
-
+function copyHeaders(context, hin, hout){
+  for (var h in hin) {
+    if(h !== "Location") hout[h] = hin[h];
+  }
+}
 
 
 // ######## WORKFLOW FUNCTIONS ###############