feat(controller,app): automatically redirect requests to cookie domain

internal/agent/controller/app/controller.go

@@ -16,7 +16,7 @@ import (
 )
 
 type serverEntry struct {
-	SpecHash uint64
+	AppDefHash uint64
 	Server     *Server
 }
 
@@ -124,7 +124,20 @@ func (c *Controller) updateAppRepository(ctx context.Context, specs *spec.Spec)
 func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey string) (err error) {
 	appEntry := specs.Apps[appKey]
 
-	newAppSpecHash, err := hashstructure.Hash(appEntry, hashstructure.FormatV2, nil)
+	var auth *spec.Auth
+	if specs.Config != nil {
+		auth = specs.Config.Auth
+	}
+
+	appDef := struct {
+		App  spec.AppEntry
+		Auth *spec.Auth
+	}{
+		App:  appEntry,
+		Auth: auth,
+	}
+
+	newAppDefHash, err := hashstructure.Hash(appDef, hashstructure.FormatV2, nil)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -164,19 +177,19 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
 
 		server = &serverEntry{
 			Server:     NewServer(bundle, auth, options...),
-			SpecHash: 0,
+			AppDefHash: 0,
 		}
 
 		c.servers[appKey] = server
 	}
 
-	specChanged := newAppSpecHash != server.SpecHash
+	defChanged := newAppDefHash != server.AppDefHash
 
-	if server.Server.Running() && !specChanged {
+	if server.Server.Running() && !defChanged {
 		return nil
 	}
 
-	if specChanged && server.SpecHash != 0 {
+	if defChanged && server.AppDefHash != 0 {
 		logger.Info(
 			ctx, "restarting app",
 			logger.F("address", appEntry.Address),
@@ -194,7 +207,7 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
 		return errors.Wrap(err, "could not start app")
 	}
 
-	server.SpecHash = newAppSpecHash
+	server.AppDefHash = newAppDefHash
 
 	return nil
 }

internal/agent/controller/app/server.go

@@ -3,11 +3,13 @@ package app
 import (
 	"context"
 	"net/http"
+	"strings"
 	"sync"
 	"time"
 
 	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
 	appSpec "forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/Cadoles/emissary/internal/proxy/wildcard"
 	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
 	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
 	"gitlab.com/wpetit/goweb/logger"
@@ -109,7 +111,7 @@ func (s *Server) Stop() error {
 	}()
 
 	if err := s.server.Close(); err != nil {
-		panic(errors.WithStack(err))
+		return errors.WithStack(err)
 	}
 
 	return nil
@@ -140,6 +142,10 @@ func (s *Server) configureAuth(router chi.Router, auth *spec.Auth) error {
 			}
 		}
 
+		if s.auth.Local.CookieDomain != "" {
+			router.Use(invalidCookieDomainRedirect(s.auth.Local.CookieDomain))
+		}
+
 		router.Handle("/auth/*", authHTTP.NewLocalHandler(
 			jwa.HS256, key,
 			authHTTP.WithRoutePrefix("/auth"),
@@ -158,3 +164,33 @@ func NewServer(bundle bundle.Bundle, auth *appSpec.Auth, handlerOptions ...edgeH
 		handlerOptions: handlerOptions,
 	}
 }
+
+func invalidCookieDomainRedirect(cookieDomain string) func(http.Handler) http.Handler {
+	domain := strings.TrimPrefix(cookieDomain, ".")
+	hostPattern := "*" + domain
+
+	return func(h http.Handler) http.Handler {
+		fn := func(w http.ResponseWriter, r *http.Request) {
+			hostParts := strings.SplitN(r.Host, ":", 2)
+
+			if !wildcard.Match(hostParts[0], hostPattern) {
+				url := r.URL
+
+				newHost := domain
+				if len(hostParts) > 1 {
+					newHost += ":" + hostParts[1]
+				}
+
+				url.Host = newHost
+
+				http.Redirect(w, r, url.String(), http.StatusTemporaryRedirect)
+
+				return
+			}
+
+			h.ServeHTTP(w, r)
+		}
+
+		return http.HandlerFunc(fn)
+	}
+}