Merge pull request #12 from holaplex/mpw/disable-slugs-apisix-chart

use x-organization-id instead of slugs for hub-orgs plugin

Author: kespinola

charts/hub-gateway/Chart.yaml

@@ -18,13 +18,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.8
+version: 0.1.9
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.8"
+appVersion: "0.1.9"
 sources:
   - https://github.com/holaplex/helm-charts
 

charts/hub-gateway/plugins/hub-orgs.lua

@@ -29,7 +29,7 @@ local schema = {
 
 local _M = {
     version = 0.1,
-    priority = 3000,
+    priority = 1005,
     name = "hub-orgs",
     schema = schema,
 }
@@ -72,38 +72,20 @@ function _M.access(conf, ctx)
         keepalive = conf.keepalive,
         ssl_verify = conf.ssl_verify
     }
-
-    -- Get slug from header
-    local org_slug = string.lower(string.match(headers.host, "([^.]+)."))
-
-    -- make the call - get org id
-    local endpoint = conf.host .. "/organizations/" .. org_slug
-    local httpc = http.new()
-    httpc:set_timeout(conf.timeout)
-    local res, err = httpc:request_uri(endpoint, params)
-
-    -- return 503 if error on response or when parsing
-    if not res then
-        local res = build_json_error(500, "Internal server error", "Unable to get organizations")
-        return 500, res
+    local org_id = ngx.var['cookie__hub_org'] or headers['x-organization-id']
+    if not org_id then
+        local res = build_json_error(401, "Unauthorized", "X-Organization-Id header not found")
+        core.log.error("Failed to get org id from header or cookie")
+        return 401, res
     end
 
-    local org , err = json.decode(res.body)
-    if not org then
-        local res = build_json_error(404, "Not found", "No organization found with slug: " .. org_slug)
-        core.log.error("Failed to parse organization data. invalid response body: ", res.body, " err: ", err)
-        return 404, res
-    end
-
-    if conf.keepalive then
-        params.keepalive_timeout = conf.keepalive_timeout
-        params.keepalive_pool = conf.keepalive_pool
-    end
-
-
     -- make the call - get affiliations
     local endpoint = conf.host .. "/affiliations"
+    local httpc = http.new()
+    httpc:set_timeout(conf.timeout)
     local res, err = httpc:request_uri(endpoint, params)
+
+    core.log.error("Getting affiliations from hub-orgs for user: ", user_id)
     -- return 503 if error on response or when parsing
     if not res then
         local res = build_json_error(500, "Internal server error", "Unable to get affiliations")
@@ -119,13 +101,15 @@ function _M.access(conf, ctx)
 
     -- Expose org_id and affiliations on variables: org_id, hub_affiliations
     core.ctx.register_var("org_id", function(ctx)
-      return org.id
+      return org_id
     end)
 
     local affiliations = ngx.encode_base64(res.body)
     core.ctx.register_var("hub_affiliations", function(ctx)
       return affiliations
     end)
+
+    core.response.set_header("x-organization-id", org_id)
 end
 
 return _M

charts/hub-gateway/plugins/kratos.lua

@@ -49,7 +49,7 @@ local schema = {
 
 local _M = {
     version = 0.1,
-    priority = 4000,
+    priority = 1030,
     name = "kratos",
     schema = schema,
 }
@@ -153,10 +153,10 @@ function _M.access(conf, ctx)
         end)
     end
 
-    -- Expose user id on $kratos_user_id variable and X-USER-ID header
+    -- Expose user id on $kratos_user_id variable
     if conf.expose_user_id then
-      core.request.set_header(ctx, "X-USER-ID", data.identity.id)
-      core.response.set_header("X-USER-ID", data.identity.id)
+      core.request.set_header(ctx, "x-user-id", data.identity.id)
+      core.response.set_header("x-user-id", data.identity.id)
       core.ctx.register_var("kratos_user_id", function(ctx)
         return data.identity.id
       end)

charts/hub-gateway/plugins/opa-mod.lua

@@ -85,7 +85,7 @@ local schema = {
 
 local _M = {
     version = 0.1,
-    priority = 2002,
+    priority = 1000,
     name = "opa-mod",
     schema = schema,
 }

charts/hub-gateway/templates/apisixroute.yaml

@@ -13,41 +13,41 @@ metadata:
     {{- include "hub-gateway.labels" $ | nindent 4 }}
 spec:
   http:
-  - name:  {{ .name }}
+  - name: {{ .name }}
     backends:
     - serviceName: {{ .serviceName }}
       servicePort: {{ .servicePort }}
     match:
       hosts:
-      - {{ print .subdomain "." $domain | quote}}
+        - {{ print .subdomain "." $domain | quote }}
       paths:
       {{ .paths | toYaml | nindent 7 }}
       methods:
       {{ .methods | toYaml | nindent 7 }}
     plugins:
-    {{- if .require_auth}}
+    {{- if .require_auth }}
     - name: kratos
       enable: true
       config:
         host: {{ print "http://" $apisixPlugins.kratos.serviceName  "." $namespace ".svc:" $apisixPlugins.kratos.servicePort | quote }}
         expose_user_data: true
         expose_user_id: true
         session_cookie_name: {{ $sessionCookie }}
+    {{- end }}
+    {{- if .require_org }}
     - name: hub-orgs
       enable: true
       config:
         host: {{ print "http://" $apisixPlugins.hubOrgs.serviceName  "." $namespace ".svc:" $apisixPlugins.hubOrgs.servicePort "/v1" | quote }}
-    {{ end }}
-    {{- if .regex_uri}}
+    {{- end }}
+    {{- if .regex_uri }}
     - name: proxy-rewrite
       enable: true
       config:
-        headers:
-        {{ .headers | toYaml | nindent 9 }}
         regex_uri: 
         {{ .regex_uri | toYaml | nindent 9 }}
-    {{ end }} 
-    {{- if .policy}}
+    {{- end }} 
+    {{- if .policy }}
     - name: opa-mod
       enable: true
       config:
@@ -59,7 +59,7 @@ spec:
           org_id: $org_id
           project_id: $project_id
           affiliations: $hub_affiliations
-    {{ end }}
+    {{- end }}
 ---
 {{- end }}
 {{- end }}

charts/hub-gateway/values.yaml

@@ -7,23 +7,52 @@ routes:
 - name: api
   serviceName: hub-orgs
   servicePort: 80
-  subdomain: '*.api'
+  subdomain: api
   paths:
-    - /organization
-    - /projects
-    - /credentials
-    - /webhooks/*
+    - /v1/organization
+    - /v1/organizations
+    - /v1/projects
+    - /v1/projects/*
+    - /v1/affiliations
+    - /v1/members
+    - /v1/credentials
+    - /v1/credentials/*
+    - /v1/webhook/events
+    - /v1/webhooks/*
+    - /v1/members
+    - /v1/members/*
+    - /v1/invites
+    - /v1/invites/*
   methods:
     - GET
     - POST
     - DELETE
   require_auth: true
-  regex_uri: [ "^/(.*)", "/v1/$1" ]
-  headers:
-    X-Organization-Id: $org_id
-    X-Project-Id: $project_id
-    X-User-Id: $kratos_user_id
-  #policy: "hub/utils/echo"
+  require_org: true
+  policy: "hub/api/orgs"
+
+- name: hub-browser-api
+  serviceName: hub-orgs
+  servicePort: 80
+  subdomain: hub
+  paths:
+    - /browser/login
+    - /browser/organizations/*
+  methods:
+    - POST
+  require_auth: true
+
+- name: ui-private
+  subdomain: hub
+  serviceName: hub
+  servicePort: 80
+  require_auth: true
+  require_org: true
+  methods:
+    - GET
+  paths:
+    - /organization/*
+    - /projects/*
 
 - name: ui-public
   subdomain: hub