Add support for `X-Forwarded-Prefix` when behind the proxy (#173)

Wojciech Kapcia (Tigase) opened 1 month ago

Currently, when http-api is behind the proxy and the URI path is change, eg:

    location / {
        proxy_set_header Host $host:$proxy_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://xmpp:8080/some-module/;
    }

Redirects and URIInfo breaks because it operates within context (that maches proxied path). Consider module test-module that has /view and /login edpoints. Usually they would be available under http://tigase:8080/test-module/view and http://tigase:8080/test-module/login respecitvely. However, if we put them behind the proxy they should be available under http://module.domain.com/view and http://module.domain.com/login. Unfortunatelly right now the redirect (and all related URIinfo paths) would include context name thus result in http://module.domain.com/test-module/login.

From what I found most of the projects relay on (unofficial) http header X-Forwarded-Prefix, for example Spring (https://docs.spring.io/spring-framework/reference/web/webmvc/filters.html#x-forwarded-prefix):

While not standard, X-Forwarded-Prefix: is a de-facto standard header that is used to communicate the original URL path prefix to a downstream server. Use of X-Forwarded-Prefix can vary by deployment scenario, and needs to be flexible to allow replacing, removing, or prepending the path prefix of the target server.

Scenario 1: Override path prefix Scenario 2: Remove path prefix

Activities

Wojciech Kapcia (Tigase) added "Related" tigase-private/tigase-update-checker-handler#19 1 month ago
Wojciech Kapcia (Tigase) changed state to 'In Progress' 2 weeks ago
Previous Value Current Value
Open

In Progress
Wojciech Kapcia (Tigase) commented 2 weeks ago
Created new filter (ForwardedPrefixFilter) that handles the header and, if present, wrapps it into PrefixedContextPathRequest (based on HttpServletRequestWrapper) which later on is properly handled if needed, especially in tigase.http.jaxrs.ContainerRequestContext#getUriInfo.

Crucially, now uriInfo.getBaseUriBuilder().path("/somepath").build().toString() returns correct path based on X-Forwarded-Prefix value.

X-Forwarded-Prefix header is handled as "noun" (sets the prefix for the whole [context] path).

For example can be used in nginx configuration:

server { listen 80; server_name admin.tigase.net; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Prefix /; proxy_pass http://localhost:8080/admin/; } }

Which will result in http://admin.tigase.net correctly opening http://localhost:8080/admin/ and providing proper, relative links.

Commit: https://tigase.dev/tigase/_server/tigase-http-api/~commits/e141434e391c3abd20f8d78f549660a4f6b1865c
Wojciech Kapcia (Tigase) changed state to 'In QA' 2 weeks ago
Previous Value Current Value
In Progress

In QA
Wojciech Kapcia (Tigase) changed fields 2 weeks ago
Name Previous Value Current Value
Assignee

wojtek

andrzej.wojcik
Andrzej Wójcik (Tigase) changed state to 'Closed' 2 weeks ago
Previous Value Current Value
In QA

Closed
Login to comment

Previous Value	Current Value
Open	In Progress

Previous Value	Current Value
In Progress	In QA

Name	Previous Value	Current Value
Assignee	wojtek	andrzej.wojcik

Previous Value	Current Value
In QA	Closed

Type	New Feature
Priority	Normal
Assignee	Andrzej Wójcik (Tigase)
Version	none
Sprints	n/a
Customer	n/a

Iterations

tigase-server-8.5.0 Open

Issue Votes (0)

Watchers (3)

Reference

tigase/_server/tigase-http-api#173