Changed how paths are handled by server.js, to more closely match the Angular

dev environment. New paths: /api/login: redirects to SSO /api: all calls (other than above) are sent to cloudapi /: static content served from static/ All API calls to cloudapi now pass through server.js's HTTP /api, not /. The static/static path is now gone, since it was causing too much trouble. static/ is now a symlink directly to app/dist, which is where a fresh Angular build appears when app/ is built.
2021-04-10 21:14:09 +02:00 · 2021-04-10 21:14:09 +02:00 · 8672439358
parent 18d35b5172
commit 8672439358
5 changed files with 39 additions and 41 deletions
--- a/README.md
+++ b/README.md
@ -25,46 +25,39 @@ The SSH key used must be the correct format, e.g. generated with:

 # Endpoints

-## GET /static/*
+## GET /*

 This is where all the front-end code goes. All files will be served as-is as
-found in that directory. The default is static/index.html. There is no
-authentication; all files are public.
+found in that directory (by default a symlink to app/dist). The default is
+static/index.html. There is no authentication; all files are public.

-## GET /login
+## GET /api/login

 Call this endpoint to begin the login cycle. It will redirect you to the SSO
 login page: an HTTP 302, with a Location header.

-## GET /token
+## GET/POST/PUT/DELETE/HEAD /api/*

-Upon successful login, the SSO login page will redirect to this endpoint. This
-endpoint will return a 204, along with a X-Auth-Token header that must be saved
-by the front-end code. All subsequent calls should provide this X-Auth-Token
-header.
-
-## Other
-
-All other calls will be passed through to cloudapi. For these calls to succeed,
-they MUST provide the X-Auth-Token header that the /token endpoint returns.
+All calls will be passed through to cloudapi. For these calls to succeed,
+they MUST provide an X-Auth-Token header, containing the token returned from
+SSO.

 # Interaction cycle

-client --- GET /login --------> this server
+client --- GET /api/login --------> this server
       <-- 302 Location #1 ----

 client --- GET <Location #1> --> SSO server
       <separate SSO cycle>
-       <-- 302 Location #2 ----
-
-client --- GET <Location #2> --> this server
-       <-- 204 X-Auth-Token ----
+       <-- 302 with token query arg

 From now on call this server as if it were a cloudapi server (using [cloudapi
 paths](https://github.com/joyent/sdc-cloudapi/blob/master/docs/index.md#api-introduction)),
-always providing the X-Auth-Token. For example, to retrieve a list of packages:
+except prefixing any path with "/api". Also always provide the X-Auth-Token.

-client --- GET /my/packages --> this server
+For example, to retrieve a list of packages:
+
+client --- GET /api/my/packages --> this server
       <-- 200 JSON body ------

 The most useful cloudapi endpoints to begin with will be ListPackages,
--- a/bin/server.js
+++ b/bin/server.js
@ -15,6 +15,10 @@ let CLOUDAPI = {};
 let CLOUDAPI_HOST = '';
 let SIGNER = {};

+const LOGIN_PATH = '/api/login';
+const API_PATH = '/api'; // all calls here go to cloudapi
+const API_RE = new RegExp('^' + API_PATH + '/');
+const STATIC_RE = new RegExp('^/');

 // Take any HTTP request that has a token, sign that request  with an
 // HTTP-Signature header, and pass it along to cloudapi. Return any response
@ -40,16 +44,19 @@ function proxy(req, res, cb) {

    // check the X-Auth-Token is present
    if (req.header('X-Auth-Token') == undefined) {
-        res.send({"Error": "X-Auth-Token header missing"});
+        res.send({'Error': 'X-Auth-Token header missing'});
        res.send(401);
        return cb();
    }

+    // strip off /api from path before forwarding to cloudapi
+    let url = req.url.substr(API_PATH.length);
+
    // sign the request before forwarding to cloudapi
    let headers = req.headers;
    var rs = mod_sdcauth.requestSigner({ sign: SIGNER });
    headers.date = rs.writeDateHeader();
-    rs.writeTarget(req.method, req.url);
+    rs.writeTarget(req.method, url);

    rs.sign(function signedCb(err, authz) {
        if (err) {
@ -60,10 +67,12 @@ function proxy(req, res, cb) {
        headers.authorization = authz;

        const opts = {
-            path: req.url,
+            path: url,
            headers: headers
        };

+console.dir(opts);
+
        // make the call to cloudapi
        switch (req.method) {
            case 'GET':    CLOUDAPI.get(opts,  proxyReturn); break;
@ -153,20 +162,21 @@ function main() {
    server.use(mod_restify.authorizationParser());
    server.use(mod_restify.bodyReader());

-    // where to server static content from
-    server.get(/^\/static.*/, mod_restify.plugins.serveStatic({
+    // login path is /api/login
+    server.get(LOGIN_PATH,  login);
+
+    // all cloudapi calls are proxied through /api
+    server.get(API_RE,  proxy);
+    server.put(API_RE,  proxy);
+    server.del(API_RE,  proxy);
+    server.post(API_RE, proxy);
+    server.head(API_RE, proxy);
+
+    // where to serve static content from
+    server.get(STATIC_RE, mod_restify.plugins.serveStatic({
        directory: 'static',
        default: 'index.html'
    }));
- 
-    // route HTTP requests to proper functions
-    server.get('/login',  login);
-
-    server.get(/^/,  proxy);
-    server.put(/^/,  proxy);
-    server.del(/^/,  proxy);
-    server.post(/^/, proxy);
-    server.head(/^/, proxy);

    // enable HTTP server
    server.listen(CONFIG.server.port, function listening() {
--- a/1
+++ b/1
@ -0,0 +1 @@
+app/dist
--- a/static/index.html
+++ b/static/index.html
@ -1,5 +0,0 @@
-<html>
-  <body>
-    Hi!
-  </body>
-</html>
--- a/static/static
+++ b/static/static
@ -1 +0,0 @@
-.