Merge pull request #5 from novomatic-tech/task/baseurl

Add support for baseURL, add loginUrl to principal
novomatic-tech · Jan 30, 2019 · a004cbd · a004cbd
2 parents e7830db + c76aa85
commit a004cbd
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -104,7 +104,8 @@ Parameter | Description | Default
 `principalNameAttribute` | An access/ID token attribute which will be used as the principal name (user name). It will fallback to *sub* token attribute in case the *principalNameAttribute* is not present. Possible values are *sub*, *preferred_username*, *email*, *name*. | `name`
 `corsOrigin` | CORS for the `loginUrl` and `logoutUrl` endpoints. In production, only Keycloak server's FQDN should be defined here. | `['*']`
 `shouldRedirectUnauthenticated` | A function used for not authenticated users. It takes a `request` as a parameter and should return: - `false` - if the endpoint should reply with an HTTP 401 right away. - `true` - if the user should be redirected to the Keycloak login page. By default, `401` will be returned when `bearerOnly` is set to `true`, route auth mode is set to `optional` or `try` or if we're accessing `/api/*` route. |
-`basePath` | A base path to use if app is running behind a reverse proxy. This path will be inserted in redirect URIs. It could be useful when proxy changes the base path. | `undefined`
+`basePath` | A base path to use if app is running behind a reverse proxy. This path will be inserted in redirect URIs. It could be useful when proxy changes the base path.  | `undefined`
+`baseUrl` | A base URL to use if app is running behind a reverse proxy where we can't rely on `x-forwarded-host` and `x-forwarded-proto` headers. When set, request headers and `basePath` (if set) are ignored. Note that `server.realm.modifiers.route.prefix` is appended to `baseUrl` when base URL is calculated. This URL will be inserted in redirect URIs. | `undefined`
 
 ## Examples
 

diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,8 @@
+## 1.2.0
+
+* Add possibility to specify a base url to cover cases where we can't relay on `x-forwarded-*` headers
+* Expose `loginUrl` in principal
+
 ## 1.1.0
 
 * Add support for [Back-Channel Logout](https://openid.net/specs/openid-connect-backchannel-1_0.html) procedure

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "keycloak-hapi",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Integration of Keycloak Authorization Server with HapiJS",
   "main": "dist/index.js",
   "scripts": {

diff --git a/src/index.js b/src/index.js
@@ -296,7 +296,8 @@ class KeycloakAdapter {
     }
 
     getBaseUrl(request) {
-        return urljoin(`${getProtocol(request)}://${getHost(request)}`, this.config.basePath || '', this.server.realm.modifiers.route.prefix || '');
+        const base = this.config.baseUrl || urljoin(`${getProtocol(request)}://${getHost(request)}`, this.config.basePath || '');
+        return urljoin(base, this.server.realm.modifiers.route.prefix || '');
     }
 
     getLoginRedirectUrl(request) {
@@ -420,7 +421,8 @@ const registerPrincipalRoute = (keycloak) => {
                 principal = Object.assign({}, principal, {
                     accountUrl: keycloak.getAccountUrl(),
                     changePasswordUrl: keycloak.getChangePasswordUrl(),
-                    logoutUrl: urljoin(keycloak.getBaseUrl(request), keycloak.config.logoutUrl)
+                    logoutUrl: urljoin(keycloak.getBaseUrl(request), keycloak.config.logoutUrl),
+                    loginUrl: urljoin(keycloak.getBaseUrl(request), keycloak.config.loginUrl)
                 });
             }
             if (keycloak.config.principalConversion) {