app: make it possible to serve lldap behind a sub-path

2023-12-05 10:24:25 +01:00
parent ec0737c58a
commit 70d85524db
6 changed files with 88 additions and 35 deletions
--- a/app/src/components/app.rs
+++ b/app/src/components/app.rs
@@ -268,7 +268,7 @@ impl App {
          <header class="p-2 mb-3 border-bottom">
            <div class="container">
              <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
-                <a href="/" class="d-flex align-items-center mt-2 mb-lg-0 me-md-5 text-decoration-none">
+                <a href={yew_router::utils::base_url().unwrap_or("/".to_string())} class="d-flex align-items-center mt-2 mb-lg-0 me-md-5 text-decoration-none">
                  <h2>{"LLDAP"}</h2>
                </a>

--- a/app/src/infra/api.rs
+++ b/app/src/infra/api.rs
@@ -18,6 +18,10 @@ fn get_claims_from_jwt(jwt: &str) -> Result<JWTClaims> {

 const NO_BODY: Option<()> = None;

+fn base_url() -> String {
+    yew_router::utils::base_url().unwrap_or_default()
+}
+
 async fn call_server(
    url: &str,
    body: Option<impl Serialize>,
@@ -97,7 +101,7 @@ impl HostService {
        };
        let request_body = QueryType::build_query(variables);
        call_server_json_with_error_message::<graphql_client::Response<_>, _>(
-            "/api/graphql",
+            &(base_url() + "/api/graphql"),
            Some(request_body),
            error_message,
        )
@@ -109,7 +113,7 @@ impl HostService {
        request: login::ClientLoginStartRequest,
    ) -> Result<Box<login::ServerLoginStartResponse>> {
        call_server_json_with_error_message(
-            "/auth/opaque/login/start",
+            &(base_url() + "/auth/opaque/login/start"),
            Some(request),
            "Could not start authentication: ",
        )
@@ -118,7 +122,7 @@ impl HostService {

    pub async fn login_finish(request: login::ClientLoginFinishRequest) -> Result<(String, bool)> {
        call_server_json_with_error_message::<login::ServerLoginResponse, _>(
-            "/auth/opaque/login/finish",
+            &(base_url() + "/auth/opaque/login/finish"),
            Some(request),
            "Could not finish authentication",
        )
@@ -130,7 +134,7 @@ impl HostService {
        request: registration::ClientRegistrationStartRequest,
    ) -> Result<Box<registration::ServerRegistrationStartResponse>> {
        call_server_json_with_error_message(
-            "/auth/opaque/register/start",
+            &(base_url() + "/auth/opaque/register/start"),
            Some(request),
            "Could not start registration: ",
        )
@@ -141,7 +145,7 @@ impl HostService {
        request: registration::ClientRegistrationFinishRequest,
    ) -> Result<()> {
        call_server_empty_response_with_error_message(
-            "/auth/opaque/register/finish",
+            &(base_url() + "/auth/opaque/register/finish"),
            Some(request),
            "Could not finish registration",
        )
@@ -150,7 +154,7 @@ impl HostService {

    pub async fn refresh() -> Result<(String, bool)> {
        call_server_json_with_error_message::<login::ServerLoginResponse, _>(
-            "/auth/refresh",
+            &(base_url() + "/auth/refresh"),
            NO_BODY,
            "Could not start authentication: ",
        )
@@ -160,13 +164,21 @@ impl HostService {

    // The `_request` parameter is to make it the same shape as the other functions.
    pub async fn logout() -> Result<()> {
-        call_server_empty_response_with_error_message("/auth/logout", NO_BODY, "Could not logout")
-            .await
+        call_server_empty_response_with_error_message(
+            &(base_url() + "/auth/logout"),
+            NO_BODY,
+            "Could not logout",
+        )
+        .await
    }

    pub async fn reset_password_step1(username: String) -> Result<()> {
        call_server_empty_response_with_error_message(
-            &format!("/auth/reset/step1/{}", url_escape::encode_query(&username)),
+            &format!(
+                "{}/auth/reset/step1/{}",
+                base_url(),
+                url_escape::encode_query(&username)
+            ),
            NO_BODY,
            "Could not initiate password reset",
        )
@@ -177,7 +189,7 @@ impl HostService {
        token: String,
    ) -> Result<lldap_auth::password_reset::ServerPasswordResetResponse> {
        call_server_json_with_error_message(
-            &format!("/auth/reset/step2/{}", token),
+            &format!("{}/auth/reset/step2/{}", base_url(), token),
            NO_BODY,
            "Could not validate token",
        )
@@ -185,13 +197,13 @@ impl HostService {
    }

    pub async fn probe_password_reset() -> Result<bool> {
-        Ok(
-            gloo_net::http::Request::get("/auth/reset/step1/lldap_unlikely_very_long_user_name")
-                .header("Content-Type", "application/json")
-                .send()
-                .await?
-                .status()
-                != http::StatusCode::NOT_FOUND,
+        Ok(gloo_net::http::Request::get(
+            &(base_url() + "/auth/reset/step1/lldap_unlikely_very_long_user_name"),
        )
+        .header("Content-Type", "application/json")
+        .send()
+        .await?
+        .status()
+            != http::StatusCode::NOT_FOUND)
    }
 }
--- a/app/src/infra/cookies.rs
+++ b/app/src/infra/cookies.rs
@@ -22,10 +22,11 @@ pub fn set_cookie(cookie_name: &str, value: &str, expiration: &DateTime<Utc>) ->
                .map_err(|_| anyhow!("Document is not an HTMLDocument"))
        })?;
    let cookie_string = format!(
-        "{}={}; expires={}; sameSite=Strict; path=/",
+        "{}={}; expires={}; sameSite=Strict; path={}/",
        cookie_name,
        value,
-        expiration.to_rfc2822()
+        expiration.to_rfc2822(),
+        yew_router::utils::base_url().unwrap_or_default()
    );
    doc.set_cookie(&cookie_string)
        .map_err(|_| anyhow!("Could not set cookie"))