Rm base_path from requests proxied upstream

Author: alukach

src/stac_auth_proxy/app.py

@@ -21,6 +21,7 @@
     BuildCql2FilterMiddleware,
     EnforceAuthMiddleware,
     OpenApiMiddleware,
+    RemoveRootPathMiddleware,
 )
 from .utils.lifespan import check_conformance, check_server_health
 
@@ -75,6 +76,7 @@ async def lifespan(app: FastAPI):
     #
     # Handlers (place catch-all proxy handler last)
     #
+
     if settings.healthz_prefix:
         app.include_router(
             HealthzHandler(upstream_url=str(settings.upstream_url)).router,
@@ -90,6 +92,7 @@ async def lifespan(app: FastAPI):
     #
     # Middleware (order is important, last added = first to run)
     #
+
     if settings.enable_authentication_extension:
         app.add_middleware(
             AuthenticationExtensionMiddleware,
@@ -135,4 +138,10 @@ async def lifespan(app: FastAPI):
         oidc_config_url=settings.oidc_discovery_internal_url,
     )
 
+    if settings.root_path:
+        app.add_middleware(
+            RemoveRootPathMiddleware,
+            base_path=settings.root_path,
+        )
+
     return app

src/stac_auth_proxy/middleware/BasePathMiddleware.py

@@ -0,0 +1,33 @@
+"""Middleware to remove BASE_PATH from incoming requests."""
+
+from dataclasses import dataclass
+
+from starlette.types import ASGIApp, Receive, Scope, Send
+
+
+@dataclass
+class RemoveRootPathMiddleware:
+    """
+    Middleware to remove BASE_PATH from incoming requests.
+
+    IMPORTANT: This middleware must be the first middleware in the chain (ie last in the
+    order of declaration) so that it trims the base_path from the request path before
+    other middleware review the request.
+    """
+
+    app: ASGIApp
+    base_path: str
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        """Remove BASE_PATH from the request path if it exists."""
+        if scope["type"] != "http":
+            return await self.app(scope, receive, send)
+
+        path = scope["path"]
+
+        # Remove base_path if it exists at the start of the path
+        if path.startswith(self.base_path):
+            scope["raw_path"] = scope["path"].encode()
+            scope["path"] = path[len(self.base_path) :] or "/"
+
+        return await self.app(scope, receive, send)

src/stac_auth_proxy/middleware/__init__.py

@@ -3,6 +3,7 @@
 from .AddProcessTimeHeaderMiddleware import AddProcessTimeHeaderMiddleware
 from .ApplyCql2FilterMiddleware import ApplyCql2FilterMiddleware
 from .AuthenticationExtensionMiddleware import AuthenticationExtensionMiddleware
+from .BasePathMiddleware import RemoveRootPathMiddleware
 from .BuildCql2FilterMiddleware import BuildCql2FilterMiddleware
 from .EnforceAuthMiddleware import EnforceAuthMiddleware
 from .UpdateOpenApiMiddleware import OpenApiMiddleware
@@ -11,6 +12,7 @@
     "AddProcessTimeHeaderMiddleware",
     "ApplyCql2FilterMiddleware",
     "AuthenticationExtensionMiddleware",
+    "RemoveRootPathMiddleware",
     "BuildCql2FilterMiddleware",
     "EnforceAuthMiddleware",
     "OpenApiMiddleware",