fix: route hwlab auth through cloud web

This commit is contained in:
Codex
2026-06-29 22:58:35 +00:00
parent d0476aa1c8
commit 1774a4dbbc
2 changed files with 31 additions and 1 deletions
@@ -0,0 +1,30 @@
import assert from "node:assert/strict";
import { test } from "bun:test";
import { publicExposureCaddyBlock } from "./public-exposure";
test("public exposure leaves auth routes on cloud-web same-origin proxy", () => {
const block = publicExposureCaddyBlock({
hostname: "hwlab.example.test",
caddyTls: "auto",
responseHeaderTimeoutSeconds: 600,
webProxy: {
name: "hwlab-cloud-web",
localIP: "hwlab-cloud-web.hwlab-v03.svc.cluster.local",
localPort: 8080,
remotePort: 22090,
},
apiProxy: {
name: "hwlab-edge-proxy",
localIP: "hwlab-edge-proxy.hwlab-v03.svc.cluster.local",
localPort: 6667,
remotePort: 22089,
},
extraProxies: [],
} as never);
assert.match(block, /@api path \/health\* \/v1\* \/json-rpc\* \/openapi\* \/docs\* \/swagger\*/u);
assert.doesNotMatch(block, /@api path[^\n]*\/auth\*/u);
assert.match(block, /reverse_proxy @api 127\.0\.0\.1:22089/u);
assert.match(block, /reverse_proxy 127\.0\.0\.1:22090/u);
});
+1 -1
View File
@@ -984,7 +984,7 @@ export function publicExposureCaddyScript(options: NodePublicExposureOptions, ex
export function publicExposureCaddyBlock(exposure: HwlabRuntimePublicExposureSpec): string {
const tlsLines = exposure.caddyTls === "internal" ? " tls internal\n" : "";
const mainBlock = `${exposure.hostname} {
${tlsLines} @api path /health* /auth* /v1* /json-rpc* /openapi* /docs* /swagger*
${tlsLines} @api path /health* /v1* /json-rpc* /openapi* /docs* /swagger*
reverse_proxy @api 127.0.0.1:${exposure.apiProxy.remotePort} {
transport http {
response_header_timeout ${exposure.responseHeaderTimeoutSeconds}s