Compare commits
2 Commits
c9a7439cdd
...
bb681d02cf
Author | SHA1 | Date |
---|---|---|
Antonio Calanducci | bb681d02cf | |
Antonio Calanducci | a9ff499e0f |
|
@ -1,3 +1,15 @@
|
|||
# Websockets
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Prometheus metrics
|
||||
upstream prometheus {
|
||||
ip_hash;
|
||||
server {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}:{{ shinyproxy_prometheus_port }};
|
||||
}
|
||||
|
||||
# backend service
|
||||
upstream service {
|
||||
ip_hash;
|
||||
|
@ -28,13 +40,17 @@ server {
|
|||
return 200;
|
||||
}
|
||||
|
||||
location / {
|
||||
|
||||
|
||||
location ~ /app/ {
|
||||
proxy_read_timeout 300;
|
||||
proxy_send_timeout 300;
|
||||
js_content pep.enforce_legacy;
|
||||
}
|
||||
|
||||
location /gcube_user_info {
|
||||
|
||||
|
||||
location /gcube_user_info {
|
||||
internal;
|
||||
gunzip on;
|
||||
proxy_method GET;
|
||||
|
@ -46,6 +62,26 @@ server {
|
|||
proxy_cache_key $auth_token;
|
||||
}
|
||||
|
||||
# location /login {
|
||||
# proxy_set_header Host $http_host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-NginX-Proxy true;
|
||||
# proxy_cache_bypass $http_upgrade;
|
||||
# resolver 127.0.0.11;
|
||||
# proxy_pass http://service/;
|
||||
# }
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
# resolver 127.0.0.11;
|
||||
proxy_pass http://service/$request_uri;
|
||||
}
|
||||
|
||||
|
||||
# internal location that redirects to backend will only be called from PEP JS code when all checks are passed
|
||||
location /_backend {
|
||||
|
@ -111,6 +147,8 @@ server {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header gcube-token "$auth_token";
|
||||
proxy_set_header Content-Type "application/json";
|
||||
proxy_pass https://accounting-service.d4science.org/accounting-service/record;
|
||||
proxy_pass ${ACCOUNTING_SERVICE_BASEURL}/record;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
20
src/pep.js
20
src/pep.js
|
@ -47,7 +47,7 @@ function enforce_legacy(r) {
|
|||
|
||||
|
||||
log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
|
||||
log(context, "debug is " + JSON.stringify(defaultExport["config"]))
|
||||
// log(context, "debug is " + JSON.stringify(defaultExport["config"]))
|
||||
const token = getGCubeToken(context)
|
||||
//log(context, JSON.stringify(context, null, 2))
|
||||
log(context, "gcube token" + token)
|
||||
|
@ -76,11 +76,19 @@ function enforce_legacy(r) {
|
|||
|
||||
return context.request.subrequest("/_backend", { method: context.request.method, args: JSON.stringify(context.request.args), headers: context.request.headersIn })
|
||||
}).then(reply => {
|
||||
debug(context, "[{{ sobigdata_ontotagme_service_name }}] response status: " + reply.status)
|
||||
debug(context, reply.responseBody);
|
||||
debug(context, "[SHINYPROXY] response status: " + reply.status)
|
||||
copyHeaders(context, reply.headersOut, r.headersOut)
|
||||
closeAccountingRecord_legacy(context.record, (reply.status === 200 || reply.status === 201 || reply.status === 204))
|
||||
context.request.subrequest("/_accounting_legacy", { detached: true, body: JSON.stringify([context.record]) })
|
||||
r.return(reply.status, reply.responseBody)
|
||||
// r.return(reply.status, reply.responseBody)
|
||||
debug(context, "Redirect URI: " + reply.headersOut["Location"])
|
||||
if(reply.status === 301 || reply.status === 302){
|
||||
debug(context, "sto per fare la redirect");
|
||||
r.return(reply.status, reply.headersOut["Location"])
|
||||
}else{
|
||||
r.return(reply.status, reply.responseBody)
|
||||
}
|
||||
}).catch(e => { log(context, "Error .... " + njs.dump(e)); context.request.return(e.message === "Unauthorized" ? 403 : 500) })
|
||||
|
||||
return
|
||||
|
@ -89,7 +97,11 @@ function enforce_legacy(r) {
|
|||
r.return(401, "Authorization required")
|
||||
}
|
||||
|
||||
|
||||
function copyHeaders(context, hin, hout){
|
||||
for (var h in hin) {
|
||||
if(h !== "Location") hout[h] = hin[h];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// ######## WORKFLOW FUNCTIONS ###############
|
||||
|
|
Loading…
Reference in New Issue