Add a reverse proxuy on the backend

MTES-MCT · Oct 22, 2024 · 4feb588 · 4feb588
1 parent d791d94
commit 4feb588
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 9 deletions.
diff --git a/Makefile b/Makefile
@@ -69,7 +69,7 @@ install-front:
 .PHONY: run-back ##LOCAL ▶️  Run backend API
 run-back: run-stubbed-apis
 	docker compose up -d --quiet-pull --wait db keycloak
-	cd backend && ./gradlew bootRun --args='--spring.profiles.active=local --spring.config.additional-location=$(INFRA_FOLDER)'
+	cd backend && MONITORFISH_KEYCLOAK_PROXY_ENABLED=true ./gradlew bootRun --args='--spring.profiles.active=local --spring.config.additional-location=$(INFRA_FOLDER)'
 
 .PHONY: run-front ##LOCAL ▶️  Run frontend for development
 run-front:

diff --git a/backend/build.gradle.kts b/backend/build.gradle.kts
@@ -9,10 +9,18 @@ plugins {
     kotlin("plugin.jpa") version "2.0.20"
     id("org.jlleitschuh.gradle.ktlint") version "12.1.1"
     kotlin("plugin.serialization") version "2.0.20"
+    id("io.spring.dependency-management") version "1.1.6"
+}
+
+dependencyManagement {
+    imports {
+        mavenBom("org.springframework.cloud:spring-cloud-dependencies:2023.0.2")
+    }
 }
 
 repositories {
     mavenCentral()
+    gradlePluginPortal()
 }
 
 kotlin {
@@ -69,6 +77,7 @@ dependencies {
     api("org.hibernate:hibernate-spatial:6.6.1.Final")
     api("io.sentry:sentry:7.14.0")
     api("io.sentry:sentry-log4j2:7.14.0")
+    implementation("org.springframework.cloud:spring-cloud-gateway-mvc:4.1.5")
     runtimeOnly("org.postgresql:postgresql:42.7.4")
     testImplementation("io.ktor:ktor-client-mock-jvm:2.3.12")
     testImplementation("org.assertj:assertj-core:3.26.3")

diff --git a/backend/src/main/kotlin/fr/gouv/cnsp/monitorfish/config/SecurityConfig.kt b/backend/src/main/kotlin/fr/gouv/cnsp/monitorfish/config/SecurityConfig.kt
@@ -49,6 +49,8 @@ class SecurityConfig(
                         "/login",
                         "/register",
                         "/backoffice/**",
+                        "/realms/**",
+                        "/resources/**",
                         "/ext",
                         "/light",
                         "/load_light",

diff --git a/.../main/kotlin/fr/gouv/cnsp/monitorfish/infrastructure/api/proxy/KeycloakProxyController.kt b/.../main/kotlin/fr/gouv/cnsp/monitorfish/infrastructure/api/proxy/KeycloakProxyController.kt
@@ -0,0 +1,62 @@
+package fr.gouv.cnsp.monitorfish.infrastructure.api.proxy
+
+import jakarta.servlet.http.HttpServletRequest
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
+import org.springframework.cloud.gateway.mvc.ProxyExchange
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestMethod
+import org.springframework.web.bind.annotation.RestController
+
+/**
+ * Used for EE tests
+ */
+@RestController
+@ConditionalOnProperty(
+    value = ["monitorfish.keycloak.proxy.enabled"],
+    havingValue = "true",
+    matchIfMissing = false,
+)
+class KeycloakProxyController {
+    @GetMapping("/realms/**")
+    @Throws(Exception::class)
+    fun get(
+        proxy: ProxyExchange<ByteArray?>,
+        request: HttpServletRequest,
+    ): ResponseEntity<*> {
+        val params = request.parameterMap
+        val targetUri = StringBuilder("http://0.0.0.0:8085/${request.requestURI}")
+
+        if (params.isNotEmpty()) {
+            targetUri.append("?")
+            params.entries.joinToString("&") { (key, values) ->
+                "${key}=${values.joinToString(",")}"
+            }.let { targetUri.append(it) }
+        }
+
+        return proxy.uri(targetUri.toString()).get()
+    }
+
+    @GetMapping("/resources/**")
+    @Throws(Exception::class)
+    fun getResources(
+        proxy: ProxyExchange<ByteArray?>,
+        request: HttpServletRequest,
+    ): ResponseEntity<*> {
+        val targetUri = "http://0.0.0.0:8085${request.requestURI}"
+
+        return proxy.uri(targetUri).get()
+    }
+
+    @PostMapping("/realms/**")
+    @Throws(Exception::class)
+    fun post(
+        proxy: ProxyExchange<ByteArray?>,
+        request: HttpServletRequest,
+    ): ResponseEntity<*> {
+        val targetUri = "http://0.0.0.0:8085${request.requestURI}"
+
+        return proxy.uri(targetUri).post()
+    }
+}
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
@@ -56,3 +56,6 @@ monitorfish.sentry.dsn=${sentry.dsn}
 
 # Multipart uploads
 spring.servlet.multipart.max-file-size=5MB
+
+# Keycloak proxy for EE tests
+monitorfish.keycloak.proxy.enabled=${monitorfish.keycloak.proxy.enabled}
diff --git a/frontend/.env.local.defaults b/frontend/.env.local.defaults
@@ -24,11 +24,11 @@ FRONTEND_MONITORENV_URL=//localhost:8081
 ################################################################################
 # OICD
 
-FRONTEND_OIDC_AUTHORITY=http://0.0.0.0:8085/realms/monitor
+FRONTEND_OIDC_AUTHORITY=http://localhost:8880/realms/monitor
 FRONTEND_OIDC_CLIENT_ID=monitorfish
 FRONTEND_OIDC_ENABLED=true
-FRONTEND_OIDC_REDIRECT_URI=http://0.0.0.0:3000
-FRONTEND_OIDC_LOGOUT_REDIRECT_URI=http://0.0.0.0:3000/login
+FRONTEND_OIDC_REDIRECT_URI=http://localhost:3000
+FRONTEND_OIDC_LOGOUT_REDIRECT_URI=http://localhost:3000/login
 
 ################################################################################
 # Sentry

diff --git a/frontend/config/cypress.config.ts b/frontend/config/cypress.config.ts
@@ -7,7 +7,7 @@ const DEFAULT_PORT = IS_CI ? 8880 : 3000
 
 export default defineConfig({
   e2e: {
-    baseUrl: `http://0.0.0.0:${DEFAULT_PORT}`,
+    baseUrl: `http://localhost:${DEFAULT_PORT}`,
     excludeSpecPattern: ['**/__snapshots__/*', '**/__image_snapshots__/*'],
     setupNodeEvents(on, config) {
       initCypressMousePositionPlugin(on)
@@ -16,7 +16,7 @@ export default defineConfig({
     specPattern: 'cypress/e2e/**/*.spec.ts'
   },
   env: {
-    "auth_base_url": `http://0.0.0.0:8085`,
+    "auth_base_url": `http://0.0.0.0:8880`,
     "auth_realm": "monitor",
     "auth_client_id": "monitorfish",
     'cypress-plugin-snapshots': {

diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
@@ -33,7 +33,7 @@ export default defineConfig({
   ],
 
   server: {
-    host: '0.0.0.0',
+    host: 'localhost',
     port: 3000,
     proxy: {
       '/api': {

diff --git a/infra/docker/docker-compose.cypress.yml b/infra/docker/docker-compose.cypress.yml
@@ -38,10 +38,11 @@ services:
       - FRONTEND_GEOSERVER_REMOTE_URL=http://0.0.0.0:8081
       - FRONTEND_MAPBOX_KEY=pk.eyJ1IjoibW9uaXRvcmZpc2giLCJhIjoiY2tsdHJ6dHhhMGZ0eDJ2bjhtZmJlOHJmZiJ9.bdi1cO-cUcZKXdkEkqAoZQ
       - FRONTEND_MONITORENV_URL=http://0.0.0.0:8081
-      - FRONTEND_OIDC_AUTHORITY=http://0.0.0.0:8085/realms/monitor
+      - FRONTEND_OIDC_AUTHORITY=http://0.0.0.0:8880/realms/monitor
       - FRONTEND_OIDC_CLIENT_ID=monitorfish
       - MONITORFISH_OIDC_ENABLED=true
       - FRONTEND_OIDC_ENABLED=true
+      - MONITORFISH_KEYCLOAK_PROXY_ENABLED=true
       - MONITORFISH_SCHEDULING_ENABLED=false
       - FRONTEND_OIDC_REDIRECT_URI=http://0.0.0.0:8880
       - FRONTEND_OIDC_LOGOUT_REDIRECT_URI=http://0.0.0.0:8880/login

diff --git a/infra/docker/docker-compose.puppeteer.yml b/infra/docker/docker-compose.puppeteer.yml
@@ -54,7 +54,7 @@ services:
       - FRONTEND_GEOSERVER_REMOTE_URL=http://0.0.0.0:8081
       - FRONTEND_MAPBOX_KEY=pk.eyJ1IjoibW9uaXRvcmZpc2giLCJhIjoiY2tsdHJ6dHhhMGZ0eDJ2bjhtZmJlOHJmZiJ9.bdi1cO-cUcZKXdkEkqAoZQ
       - FRONTEND_MONITORENV_URL=http://0.0.0.0:9880
-      - FRONTEND_OIDC_AUTHORITY=http://0.0.0.0:8085/realms/monitor
+      - FRONTEND_OIDC_AUTHORITY=http://0.0.0.0:8880/realms/monitor
       - FRONTEND_OIDC_CLIENT_ID=monitorfish
       - MONITORFISH_OIDC_ENABLED=false
       - MONITORFISH_SCHEDULING_ENABLED=false