Merge pull request #343 from yetanalytics/sql-213

[Sql 213] - Proxy path support

Makefile

@@ -2,7 +2,7 @@
 
 # Version of LRS Admin UI to use
 
-LRS_ADMIN_UI_VERSION ?= v0.1.11
+LRS_ADMIN_UI_VERSION ?= v0.1.12
 LRS_ADMIN_UI_LOCATION ?= https://github.com/yetanalytics/lrs-admin-ui/releases/download/${LRS_ADMIN_UI_VERSION}/lrs-admin-ui.zip
 LRS_ADMIN_ZIPFILE ?= lrs-admin-ui-${LRS_ADMIN_UI_VERSION}.zip
 

doc/env_vars.md

@@ -118,7 +118,8 @@ _NOTE:_ `LRSQL_STMT_RETRY_LIMIT` and `LRSQL_STMT_RETRY_BUDGET` are used to mitig
 | `LRSQL_HTTP_HOST` | `httpHost` | The host that the webserver will run on. | `0.0.0.0` |
 | `LRSQL_HTTP_PORT` | `httpPort` | The HTTP port that the webserver will be open on. | `8080` |
 | `LRSQL_SSL_PORT` | `sslPort` | The HTTPS port that the webserver will be open on. | `8443` |
-| `LRSQL_URL_PREFIX` | `urlPrefix` | The prefix of the webserver URL path, e.g. the prefix in `http://0.0.0.0:8080/xapi` is `/xapi`. Used when constructing the `more` value for multi-statement queries. | `/xapi` |
+| `LRSQL_URL_PREFIX` | `urlPrefix` | The prefix of the webserver URL path, e.g. the prefix in `http://0.0.0.0:8080/xapi` is `/xapi`. Used when constructing the `more` value for multi-statement queries. *(Note: Only applies to LRS xapi endpoints, not admin/ui endpoints)* | `/xapi` |
+|`LRSQL_PROXY_PATH` | `proxyPath` | This path modification is exclusively for use with a proxy, such as apache or nginx or a load balancer, where a path is added to prefix the entire application (such as `https://www.mysystem.com/mylrs/xapi/statements`). This does not actually change the routes of the application, it informs the admin frontend where to look for the server endpoints based on the proxied setup, and thus must be used in conjunction with a third party proxy. If used, the value must start with a leading `/` but not end with one (e.g. `/mylrs` is valid, as is `/mylrs/b` but `/mylrs/` is not). Use with caution. | Not Set |
 
 #### TLS/SSL Certificate
 

resources/lrsql/config/prod/default/webserver.edn

@@ -26,6 +26,7 @@
  :allowed-origins #array #or [#env LRSQL_ALLOWED_ORIGINS nil]
  :ssl-port #long #or [#env LRSQL_SSL_PORT 8443]
  :url-prefix #or [#env LRSQL_URL_PREFIX "/xapi"]
+ :proxy-path #or [#env LRSQL_PROXY_PATH nil]
  :enable-admin-delete-actor #boolean #or [#env LRSQL_ENABLE_ADMIN_DELETE_ACTOR false]
  :enable-admin-ui #boolean #or [#env LRSQL_ENABLE_ADMIN_UI true]
  :enable-admin-status #boolean #or [#env LRSQL_ENABLE_ADMIN_STATUS true]

resources/lrsql/config/test/default/webserver.edn

@@ -19,6 +19,7 @@
  ;; Allow access from admin-ui dev
  "http://localhost:9500"]
  :url-prefix "/xapi"
+ :proxy-path nil
  :enable-admin-delete-actor true
  :enable-admin-ui true
  :enable-admin-status true

src/main/lrsql/admin/interceptors/ui.clj

@@ -6,15 +6,16 @@
 
 (defn admin-ui-redirect
  "Handler function to redirect to the admin ui"
- [_]
- (resp/redirect "/admin/index.html"))
+ [path-prefix]
+ (fn [_]
+ (resp/redirect (str path-prefix "/admin/index.html"))))
 
 (defn get-env
  "Provide select config data to client upon request. Takes a map with static
  config to inject:
  :enable-admin-status - boolean, determines if the admin status endpoint is
  enabled."
- [{:keys [enable-admin-delete-actor enable-admin-status no-val?]
+ [{:keys [enable-admin-delete-actor enable-admin-status no-val? proxy-path]
  :or {enable-admin-delete-actor false
  enable-admin-status false
  no-val? false}}]
@@ -30,9 +31,10 @@
  {:status 200
  :body
  (merge
- {:url-prefix url-prefix
- :enable-stmt-html (some? enable-stmt-html)
- :enable-admin-delete-actor enable-admin-delete-actor 
- :enable-admin-status enable-admin-status
- :no-val? no-val?}
+ {:url-prefix url-prefix
+ :proxy-path proxy-path
+ :enable-stmt-html (some? enable-stmt-html)
+ :enable-admin-delete-actor enable-admin-delete-actor
+ :enable-admin-status enable-admin-status
+ :no-val? no-val?}
  oidc-env)})))}))

src/main/lrsql/admin/routes.clj

@@ -115,15 +115,15 @@
  :route-name :lrsql.admin.status/get]})
 
 (defn admin-ui-routes
- [common-interceptors inject-config]
+ [common-interceptors {:keys [proxy-path] :as inject-config}]
  #{;; Redirect root to admin UI
- ["/" :get `ui/admin-ui-redirect
+ ["/" :get (ui/admin-ui-redirect proxy-path)
  :route-name :lrsql.admin.ui/root-redirect]
  ;; Redirect admin w/o slash to admin UI
- ["/admin" :get `ui/admin-ui-redirect
+ ["/admin" :get (ui/admin-ui-redirect proxy-path)
  :route-name :lrsql.admin.ui/path-redirect]
  ;; Redirect admin with slash to admin UI
- ["/admin/" :get `ui/admin-ui-redirect
+ ["/admin/" :get (ui/admin-ui-redirect proxy-path)
  :route-name :lrsql.admin.ui/slash-redirect]
  ["/admin/env" :get (conj common-interceptors
  (ui/get-env inject-config))
@@ -153,6 +153,7 @@
  enable-admin-delete-actor
  enable-admin-ui
  enable-admin-status
+ proxy-path
  enable-account-routes
  oidc-interceptors
  oidc-ui-interceptors
@@ -180,6 +181,7 @@
  oidc-ui-interceptors)
  {:enable-admin-status enable-admin-status
  :no-val? no-val?
+ :proxy-path proxy-path
  :enable-admin-delete-actor enable-admin-delete-actor}))
  (when enable-admin-status
  (admin-status-routes

src/main/lrsql/spec/config.clj

@@ -166,6 +166,8 @@
 (s/def ::enable-admin-status boolean?)
 (s/def ::enable-stmt-html boolean?)
 
+(s/def ::proxy-path (s/nilable string?))
+
 (s/def ::oidc-issuer (s/nilable string?))
 (s/def ::oidc-audience (s/nilable string?))
 (s/def ::oidc-client-id (s/nilable string?))
@@ -191,6 +193,7 @@
  ::allow-all-origins
  ::allowed-origins
  ::url-prefix
+ ::proxy-path
  ::key-alias
  ::key-password
  ::key-enable-selfie

src/main/lrsql/system/webserver.clj

@@ -23,6 +23,7 @@
  http-port
  ssl-port
  url-prefix
+ proxy-path
  key-password
  enable-admin-delete-actor
  enable-admin-ui
@@ -78,6 +79,7 @@
  :secret private-key
  :enable-admin-delete-actor enable-admin-delete-actor
  :enable-admin-ui enable-admin-ui
+ :proxy-path proxy-path
  :enable-admin-status enable-admin-status
  :enable-account-routes enable-local-admin
  :oidc-interceptors oidc-admin-interceptors