fix: route hwlab auth through cloud web
This commit is contained in:
@@ -0,0 +1,30 @@
|
||||
import assert from "node:assert/strict";
|
||||
import { test } from "bun:test";
|
||||
|
||||
import { publicExposureCaddyBlock } from "./public-exposure";
|
||||
|
||||
test("public exposure leaves auth routes on cloud-web same-origin proxy", () => {
|
||||
const block = publicExposureCaddyBlock({
|
||||
hostname: "hwlab.example.test",
|
||||
caddyTls: "auto",
|
||||
responseHeaderTimeoutSeconds: 600,
|
||||
webProxy: {
|
||||
name: "hwlab-cloud-web",
|
||||
localIP: "hwlab-cloud-web.hwlab-v03.svc.cluster.local",
|
||||
localPort: 8080,
|
||||
remotePort: 22090,
|
||||
},
|
||||
apiProxy: {
|
||||
name: "hwlab-edge-proxy",
|
||||
localIP: "hwlab-edge-proxy.hwlab-v03.svc.cluster.local",
|
||||
localPort: 6667,
|
||||
remotePort: 22089,
|
||||
},
|
||||
extraProxies: [],
|
||||
} as never);
|
||||
|
||||
assert.match(block, /@api path \/health\* \/v1\* \/json-rpc\* \/openapi\* \/docs\* \/swagger\*/u);
|
||||
assert.doesNotMatch(block, /@api path[^\n]*\/auth\*/u);
|
||||
assert.match(block, /reverse_proxy @api 127\.0\.0\.1:22089/u);
|
||||
assert.match(block, /reverse_proxy 127\.0\.0\.1:22090/u);
|
||||
});
|
||||
@@ -984,7 +984,7 @@ export function publicExposureCaddyScript(options: NodePublicExposureOptions, ex
|
||||
export function publicExposureCaddyBlock(exposure: HwlabRuntimePublicExposureSpec): string {
|
||||
const tlsLines = exposure.caddyTls === "internal" ? " tls internal\n" : "";
|
||||
const mainBlock = `${exposure.hostname} {
|
||||
${tlsLines} @api path /health* /auth* /v1* /json-rpc* /openapi* /docs* /swagger*
|
||||
${tlsLines} @api path /health* /v1* /json-rpc* /openapi* /docs* /swagger*
|
||||
reverse_proxy @api 127.0.0.1:${exposure.apiProxy.remotePort} {
|
||||
transport http {
|
||||
response_header_timeout ${exposure.responseHeaderTimeoutSeconds}s
|
||||
|
||||
Reference in New Issue
Block a user