Merge pull request #75 from hkeeler/inst-search-proxy

Refactor for hmda-platform Institution Search

auth-proxy/conf/etc/httpd/conf.d/01-auth-proxy.conf

@@ -1,14 +1,5 @@
-ServerName localhost
-
-# Force all traffic to HTTPS
-<VirtualHost *:8080>
-  RewriteEngine On
-  RewriteCond %{HTTPS} off
-  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] 
-</VirtualHost>
-
+# Auth Proxy
 <VirtualHost *:8443>
-  DocumentRoot /var/www/html
 
   # Makes $HOSTNAME available as SSI envvar
   PassEnv HOSTNAME
@@ -30,15 +21,15 @@ ServerName localhost
   OIDCAuthNHeader ${REMOTE_USER_HEADER}
 
   # Upstream API Location
-  <Location "${API_PATH_PREFIX}">
+  <Location "${FILING_API_PATH_PREFIX}">
     AuthType oauth20
     AuthName "OpenID Connect (HMDA Ops)"
     Require valid-user
 
     LogMessage "REMOTE_USER: %{REMOTE_USER}" hook=check_authz
 
-    ProxyPass ${UPSTREAM_API_URI}
-    ProxyPassReverse ${UPSTREAM_API_URI}
+    ProxyPass ${FILING_API_UPSTREAM_URI}
+    ProxyPassReverse ${FILING_API_UPSTREAM_URI}
   </Location>
 
   # Top-level path, providing default settings for CORS and OIDC

auth-proxy/conf/etc/httpd/conf.d/02-institution-search.conf

@@ -0,0 +1,35 @@
+# Institution Search Reverse Proxy 
+<VirtualHost *:9443>
+
+  # Enable HTTPS with default Apache cert 
+  SSLEngine On
+  SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+  # Route all traffic CORS and ProxyPass
+  <Location "/">
+
+    # CORS Preflight
+    # SEE: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests 
+    <If "%{REQUEST_METHOD} == 'OPTIONS' && %{HTTP:Origin} != '' && %{HTTP:Access-Control-Request-Headers} != '' && %{HTTP:Access-Control-Request-Method} != ''">
+      LogMessage "CORS Preflight - Origin: %{req:Origin}; Headers: %{req:Access-Control-Request-Headers}; Methods: %{req:Access-Control-Request-Method}"
+
+      Header always set Access-Control-Allow-Origin "*"
+      Header always set Access-Control-Allow-Methods: "GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD"
+      Header always set Access-Control-Allow-Headers: "Authorization, Cache-Control, Accept, Content-Type"
+      Header always set Access-Control-Max-Age "600"
+
+      RewriteEngine On
+      RewriteRule ^(.*)$ $1 [R=204,L]
+    </If>
+    <ElseIf "%{HTTP:Origin} != ''">
+     LogMessage "CORS Request - Origin: %{req:Origin}"
+
+     Header always set Access-Control-Allow-Origin "*"
+    </ElseIf>
+
+    ProxyPass ${PUBLIC_API_UPSTREAM_URI}
+    ProxyPassReverse ${PUBLIC_API_UPSTREAM_URI}
+  </Location>
+
+</VirtualHost>

auth-proxy/conf/etc/httpd/conf/httpd.conf

@@ -22,8 +22,10 @@ Group apache
 
 
 # Bind Apache to specific IP addresses and/or ports
-Listen 8080
-Listen 8443
+# Auth Proxy
+Listen 8443 
+# Institution Search
+Listen 9443
 
 
 # Deny access to the entirety of your server's filesystem.