Skip to content

Commit

Permalink
Adjusts routing to make sessions and authentication work better; fix …
Browse files Browse the repository at this point in the history 
…logout (#176)
  • Loading branch information
@jkachel
jkachel authored Dec 2, 2024
1 parent c0de51e commit 391dd59
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 14 deletions.
43 changes: 33 additions & 10 deletions config/apisix/apisix.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,29 @@ routes:
- id: 1
name: "ue-unauth"
desc: "Unauthenticated routes, including assets and checkout callback API"
priority: 0
priority: 1
upstream_id: 1
plugins: {}
plugins:
cors:
allow_origins: "**"
allow_methods: "**"
allow_headers: "**"
allow_credential: true
response-rewrite:
headers:
set:
Referrer-Policy: "origin"
uris:
- "/api/v0/payments/checkout/result/*"
- "/static/*"
- "/api/v0/schema/*"
- "/api/*"
- "/_/*"
- "/logged_out/*"
- "/auth/*"
- "/_/v0/meta/apisix_test_request/"
- "/logged_out/"
- "/static/*"
- "/favicon.ico"
- id: 2
name: "ue-default"
desc: "Wildcard route for the rest of the system - authentication required"
priority: 1
priority: 0
upstream_id: 1
plugins:
openid-connect:
Expand All @@ -33,7 +42,9 @@ routes:
bearer_only: false
introspection_endpoint_auth_method: "client_secret_post"
ssl_verify: false
logout_path: "/logout/"
session:
secret: ${{SECRET_KEY}}
logout_path: "/logout"
post_logout_redirect_uri: ${{UE_LOGOUT_URL}}
cors:
allow_origins: "**"
Expand All @@ -45,6 +56,18 @@ routes:
set:
Referrer-Policy: "origin"
uris:
- "/*"
- "/cart/*"
- "/admin/*"
- "/establish_session/*"
- "/logout"
- id: 3
name: "ue-logout-redirect"
desc: "Strip trailing slash from logout redirect."
priority: 0
upstream_id: 1
uri: "/logout/*"
plugins:
redirect:
uri: "/logout"

#END
4 changes: 2 additions & 2 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,14 @@ services:
- django_media:/var/media

api:
image: apache/apisix
platform: linux/amd64
image: apache/apisix:latest
environment:
- KEYCLOAK_REALM=${KEYCLOAK_REALM:-ol-local}
- KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID:-apisix}
- KEYCLOAK_CLIENT_SECRET=${KEYCLOAK_CLIENT_SECRET}
- KEYCLOAK_DISCOVERY_URL=${KEYCLOAK_DISCOVERY_URL:-https://kc.odl.local:7443/realms/ol-local/.well-known/openid-configuration}
- APISIX_PORT=${APISIX_PORT:-9080}
- SECRET_KEY=${SECRET_KEY}
- UE_LOGOUT_URL=${UE_LOGOUT_URL:-http://ue.odl.local:9080/auth/logout/}
ports:
- 9080:9080
Expand Down
2 changes: 1 addition & 1 deletion unified_ecommerce/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@
LOGIN_URL = "/login"
LOGIN_ERROR_URL = "/login"
LOGOUT_URL = "/logout"
LOGOUT_REDIRECT_URL = "/logged_out"
LOGOUT_REDIRECT_URL = "/logged_out/"

ROOT_URLCONF = "unified_ecommerce.urls"

Expand Down
4 changes: 3 additions & 1 deletion users/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,14 @@ def establish_session(request):
session check API endpoint.
"""

next_url = settings.MITOL_UE_PAYMENT_BASKET_CHOOSER

if "next" in request.GET:
try:
system = IntegratedSystem.objects.get(slug=request.GET["next"])
next_url = f"{settings.MITOL_UE_PAYMENT_BASKET_ROOT}{system.slug}/"
except IntegratedSystem.DoesNotExist:
next_url = settings.MITOL_UE_PAYMENT_BASKET_CHOOSER
pass

next_url = request.session.get("next", next_url)

Expand Down

0 comments on commit 391dd59

Please sign in to comment.