Allow running the authentication service on a different base path

2025-11-20 12:02:22 +03:00 · 2023-09-05 17:51:50 +02:00
parent 9ecb666ec1
commit 9b5c8fb44b
40 changed files with 388 additions and 195 deletions
--- a/crates/handlers/src/lib.rs
+++ b/crates/handlers/src/lib.rs
@@ -30,7 +30,7 @@
    clippy::let_with_type_underscore,
 )]

-use std::{borrow::Cow, convert::Infallible, time::Duration};
+use std::{convert::Infallible, time::Duration};

 use axum::{
    body::{Bytes, HttpBody},
@@ -276,6 +276,18 @@ where
            mas_router::CompatRefresh::route(),
            post(self::compat::refresh::post),
        )
+        .route(
+            mas_router::CompatLoginSsoRedirect::route(),
+            get(self::compat::login_sso_redirect::get),
+        )
+        .route(
+            mas_router::CompatLoginSsoRedirectIdp::route(),
+            get(self::compat::login_sso_redirect::get),
+        )
+        .route(
+            mas_router::CompatLoginSsoRedirectSlash::route(),
+            get(self::compat::login_sso_redirect::get),
+        )
        .layer(
            CorsLayer::new()
                .allow_origin(Any)
@@ -318,16 +330,19 @@ where
        // XXX: hard-coded redirect from /account to /account/
        .route(
            "/account",
-            get(|RawQuery(query): RawQuery| async {
-                let route = mas_router::Account::route();
-                let destination = if let Some(query) = query {
-                    Cow::Owned(format!("{route}?{query}"))
-                } else {
-                    Cow::Borrowed(route)
-                };
+            get(
+                |State(url_builder): State<UrlBuilder>, RawQuery(query): RawQuery| async move {
+                    let prefix = url_builder.prefix().unwrap_or_default();
+                    let route = mas_router::Account::route();
+                    let destination = if let Some(query) = query {
+                        format!("{prefix}{route}?{query}")
+                    } else {
+                        format!("{prefix}{route}")
+                    };

-                axum::response::Redirect::to(&destination)
-            }),
+                    axum::response::Redirect::to(&destination)
+                },
+            ),
        )
        .route(mas_router::Account::route(), get(self::views::app::get))
        .route(
@@ -336,7 +351,9 @@ where
        )
        .route(
            mas_router::ChangePasswordDiscovery::route(),
-            get(|| async { mas_router::AccountPassword.go() }),
+            get(|State(url_builder): State<UrlBuilder>| async move {
+                url_builder.redirect(&mas_router::AccountPassword)
+            }),
        )
        .route(mas_router::Index::route(), get(self::views::index::get))
        .route(
@@ -378,18 +395,6 @@ where
            mas_router::Consent::route(),
            get(self::oauth2::consent::get).post(self::oauth2::consent::post),
        )
-        .route(
-            mas_router::CompatLoginSsoRedirect::route(),
-            get(self::compat::login_sso_redirect::get),
-        )
-        .route(
-            mas_router::CompatLoginSsoRedirectIdp::route(),
-            get(self::compat::login_sso_redirect::get),
-        )
-        .route(
-            mas_router::CompatLoginSsoRedirectSlash::route(),
-            get(self::compat::login_sso_redirect::get),
-        )
        .route(
            mas_router::CompatLoginSsoComplete::route(),
            get(self::compat::login_sso_complete::get).post(self::compat::login_sso_complete::post),