docker: prepend /legacy to requests from cds.cern.ch

CERNDocumentServer · Dec 11, 2024 · ab99e2c · ab99e2c
1 parent e6d3521
commit ab99e2c
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 48 deletions.
diff --git a/docker-services.yml b/docker-services.yml
@@ -19,6 +19,8 @@ services:
       - "INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://cds-rdm:cds-rdm@db/cds-rdm"
       - "INVENIO_WSGI_PROXIES=2"
       - "INVENIO_RATELIMIT_STORAGE_URI=redis://cache:6379/3"
+      - "INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL=redis://cache:6379/4"
+      - "INVENIO_IIIF_CACHE_REDIS_URL=redis://cache:6379/0"
   frontend:
     build: ./docker/nginx/
     image: cds-rdm-frontend

diff --git a/docker/nginx/conf.d/common.conf b/docker/nginx/conf.d/common.conf
@@ -0,0 +1,12 @@
+include uwsgi_params;
+uwsgi_buffering off;
+uwsgi_request_buffering off;
+uwsgi_param Host $host;
+uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
+uwsgi_param X-Forwarded-Proto $scheme;
+# Pass request id to the api server
+uwsgi_param X-Request-ID $request_id;
+# X-Session-ID / X-User-ID is read by nginx and included in the logs,
+# however we don't want to expose them to clients so we are hiding them.
+uwsgi_hide_header X-Session-ID;
+uwsgi_hide_header X-User-ID;
diff --git a/docker/nginx/conf.d/default.conf b/docker/nginx/conf.d/default.conf
@@ -11,6 +11,12 @@ upstream api_server {
   server web-api:5000 fail_timeout=0;
 }
 
+map $http_referer $rewrite_url {
+  "~.*127\.0\.0\.1.*"   ''; # Change to host referer, won't pre-pend /legacy when navigated from host
+  ""                    ''; # If no referer, won't pre-pend /legacy
+  default               '/legacy'; # Only pre-pends when navigated from another website
+}
+
 # HTTP server
 server {
   # Redirects all requests to https. - this is in addition to HAProxy which
@@ -58,40 +64,30 @@ server {
   # in case of chunked transfer encoding
   proxy_http_version 1.1;
 
+  # Redirect requests from `cds.cern.ch` and prefix the path with `/legacy`
+  location ~ ^/(record/|collection/|search) {
+    if ($rewrite_url) { # Re-write only when needed to avoid inconsistent re-writes
+      rewrite ^/(.*)$ $rewrite_url/$1 break;
+    }
+    # Pass request to the web-ui
+    uwsgi_pass ui_server;
+    include /etc/nginx/conf.d/common.conf;
+    # Max upload size (except for files) is set to 100mb as default.
+    client_max_body_size 100m;
+  }
+
   # Proxying to the application server
   ## UI server
   location / {
     uwsgi_pass ui_server;
-    include uwsgi_params;
-    uwsgi_buffering off;
-    uwsgi_request_buffering off;
-    uwsgi_param Host $host;
-    uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-    uwsgi_param X-Forwarded-Proto $scheme;
-    # Pass request id to the ui server
-    uwsgi_param X-Request-ID $request_id;
-    # X-Session-ID / X-User-ID is read by nginx and included in the logs,
-    # however we don't want to expose them to clients so we are hiding them.
-    uwsgi_hide_header X-Session-ID;
-    uwsgi_hide_header X-User-ID;
+    include /etc/nginx/conf.d/common.conf;
     # Max upload size (except for files) is set to 100mb as default.
     client_max_body_size 100m;
   }
   ## Most API
   location /api {
     uwsgi_pass api_server;
-    include uwsgi_params;
-    uwsgi_buffering off;
-    uwsgi_request_buffering off;
-    uwsgi_param Host $host;
-    uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-    uwsgi_param X-Forwarded-Proto $scheme;
-    # Pass request id to the api server
-    uwsgi_param X-Request-ID $request_id;
-    # X-Session-ID / X-User-ID is read by nginx and included in the logs,
-    # however we don't want to expose them to clients so we are hiding them.
-    uwsgi_hide_header X-Session-ID;
-    uwsgi_hide_header X-User-ID;
+    include /etc/nginx/conf.d/common.conf;
     # Max upload size (except for files) is set to 100mb as default.
     client_max_body_size 100m;
   }
@@ -102,18 +98,7 @@ server {
   location ~ /api/records/.+/draft/files/.+/content {
     gzip off;
     uwsgi_pass api_server;
-    include uwsgi_params;
-    uwsgi_buffering off;
-    uwsgi_request_buffering off;
-    uwsgi_param Host $host;
-    uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-    uwsgi_param X-Forwarded-Proto $scheme;
-    # Pass request id to api server
-    uwsgi_param X-Request-ID $request_id;
-    # X-Session-ID / X-User-ID is read by nginx and included in the logs,
-    # however we don't want to expose them to clients so we are hiding them.
-    uwsgi_hide_header X-Session-ID;
-    uwsgi_hide_header X-User-ID;
+    include /etc/nginx/conf.d/common.conf;
     # Max upload size for files is set to 50GB (configure as needed).
     client_max_body_size 50G;
   }

diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
@@ -1,7 +1,7 @@
 user  nginx;
 worker_processes  1;
 
-error_log  /var/log/nginx/error.log warn;
+error_log  /var/log/nginx/error.log debug;
 pid        /var/run/nginx.pid;
 
 events {

diff --git a/site/cds_rdm/legacy/redirector.py b/site/cds_rdm/legacy/redirector.py
@@ -74,9 +74,9 @@ def legacy_search_redirect():
     """
     Redirection for legacy search. Transforms the legacy URL syntax into RDM URL syntax.
 
-        /legacy?cc=<legacy collection name>... -> /communities/<rdm_community_id>/records?...
-        /legacy?c=<legacy collection name>... -> /communities/<rdm_community_id>/records?...
-        /legacy?c=<legacy collection name>&p=<query>... -> /communities/<rdm_community_id>/records?q=<query>...
+        /legacy/search?cc=<legacy collection name>... -> /communities/<rdm_community_id>/records?...
+        /legacy/search?c=<legacy collection name>... -> /communities/<rdm_community_id>/records?...
+        /legacy/search?c=<legacy collection name>&p=<query>... -> /communities/<rdm_community_id>/records?q=<query>...
     """
     query_params = {"q": request.args.get("p")}  # `p` in legacy is the search query
     # Fetch current collection if it exists
@@ -109,7 +109,7 @@ def create_blueprint(app):
         "cds_rdm", __name__, template_folder="../templates", url_prefix="/legacy"
     )
     blueprint.add_url_rule(
-        "/",
+        "/search",
         view_func=legacy_search_redirect,
         strict_slashes=False,
     )

diff --git a/site/tests/legacy/test_redirector.py b/site/tests/legacy/test_redirector.py
@@ -162,26 +162,29 @@ def test_legacy_collection_redirection(
     assert len(response.history) > 0
     assert response.request.path == "/communities/legacy-community/records"
 
-    response = client.get("/legacy?cc=Legacy%20Collection", follow_redirects=True)
+    response = client.get(
+        "/legacy/search?cc=Legacy%20Collection", follow_redirects=True
+    )
     assert response.status_code == 200
     assert len(response.history) > 0
     assert response.request.path == "/communities/legacy-community/records"
 
-    response = client.get("/legacy?c=Legacy%20Collection", follow_redirects=True)
+    response = client.get("/legacy/search?c=Legacy%20Collection", follow_redirects=True)
     assert response.status_code == 200
     assert len(response.history) > 0
     assert response.request.path == "/communities/legacy-community/records"
 
     response = client.get(
-        "/legacy?c=Legacy%20Collection&p=something&not=passed", follow_redirects=True
+        "/legacy/search?c=Legacy%20Collection&p=something&not=passed",
+        follow_redirects=True,
     )
     assert response.status_code == 200
     assert len(response.history) > 0
     assert response.request.path == "/communities/legacy-community/records"
     assert response.request.query_string.decode() == "q=something"
 
     response = client.get(
-        "/legacy?c=Legacy%20Collection&c=Legacy%20Restricted%20Collection&p=something&not=passed",
+        "/legacy/search?c=Legacy%20Collection&c=Legacy%20Restricted%20Collection&p=something&not=passed",
         follow_redirects=True,
     )
     assert response.status_code == 200
@@ -190,7 +193,7 @@ def test_legacy_collection_redirection(
     assert response.request.query_string.decode() == "q=something"
 
     response = client.get(
-        "/legacy?p=something&not=passed",
+        "/legacy/search?p=something&not=passed",
         follow_redirects=True,
     )
     assert response.status_code == 200
@@ -204,7 +207,7 @@ def test_legacy_collection_redirection(
     assert response.status_code == 404
 
     response = client.get(
-        "/legacy?cc=Legacy%20Wrong%20Collection", follow_redirects=True
+        "/legacy/search?cc=Legacy%20Wrong%20Collection", follow_redirects=True
     )
     assert response.status_code == 404
 
@@ -215,7 +218,7 @@ def test_legacy_collection_redirection(
     assert response.status_code == 403
 
     response = client.get(
-        "/legacy?c=Legacy%20Restricted%20Collection&c=Legacy%20Wrong%20Collection",
+        "/legacy/search?c=Legacy%20Restricted%20Collection&c=Legacy%20Wrong%20Collection",
         follow_redirects=True,
     )
     assert response.status_code == 403