feat. Proxy modia redirect lenker til modiacontextholder med obo token

nais/dev-gcp-intern.yaml

@@ -5,6 +5,8 @@
 "logout-url": "/oauth2/logout"
 "stillingstitler-url": "http://tiltak-stillingstitler"
 "api-scope": "api://dev-fss.arbeidsgiver.tiltak-proxy/.default"
+"tiltak-proxy-api-scope": "api://dev-fss.arbeidsgiver.tiltak-proxy/.default"
+"modiacontextholder-api-scope": "api://dev-gcp.personoversikt.modiacontextholder/.default"
 "proxy-cluster": "dev-fss"
 "aad-redirect-url": "https://tiltaksgjennomforing.intern.dev.nav.no/oauth2/callback"
 "decorator-internal": "https://internarbeidsflatedecorator-q0.dev.adeo.no"

nais/nais-gcp-intern.yaml

@@ -35,8 +35,10 @@ spec:
       value: '{{{decorator-internal-styling}}}'
     - name: STILLINGSTITLER_URL
       value: http://tiltak-stillingstitler
-    - name: API_SCOPE
-      value: '{{{api-scope}}}'
+    - name: TILTAK_PROXY_API_SCOPE
+      value: '{{{tiltak-proxy-api-scope}}}'
+    - name: MODIACONTEXTHOLDER_API_SCOPE
+      value: '{{{modiacontextholder-api-scope}}}'
     - name: INTERN_INGRESS
       value: 'true'
     - name: AAD_REDIRECT_URL
@@ -60,5 +62,7 @@ spec:
           namespace: arbeidsgiver
         - application: nav-dekoratoren
           namespace: personbruker
+        - application: modiacontextholder
+          namespace: personoversikt
       external:
         - host: tiltak-proxy.{{{proxy-cluster}}}-pub.nais.io

nais/prod-gcp-intern.yaml

@@ -4,7 +4,8 @@
 "login-url": "/oauth2/login?redirect=/tiltaksgjennomforing"
 "logout-url": "/oauth2/logout"
 "stillingstitler-url": "http://tiltak-stillingstitler"
-"api-scope": "api://prod-fss.arbeidsgiver.tiltak-proxy/.default"
+"tiltak-proxy-api-scope": "api://prod-fss.arbeidsgiver.tiltak-proxy/.default"
+"modiacontextholder-api-scope": "api://prod-fss.personoversikt.modiacontextholder/.default"
 "proxy-cluster": "prod-fss"
 "aad-redirect-url": "https://tiltaksgjennomforing.intern.nav.no/oauth2/callback"
 "decorator-internal": "https://internarbeidsflatedecorator.intern.nav.no"

server/src/environment.d.ts

@@ -0,0 +1,11 @@
+declare global {
+    namespace NodeJS {
+        interface ProcessEnv {
+            TILTAK_PROXY_API_SCOPE: string;
+            MODIACONTEXTHOLDER_API_SCOPE: string;
+            APIGW_URL: string;
+        }
+    }
+}
+
+export {};

server/src/proxy/api-proxy.ts

@@ -12,7 +12,7 @@ const tokenxSetup = (app: Express): void => {
 
 const azureSetup = (app: Express): void => {
     console.log('api-proxy setup for azure');
-    setup(app, process.env.API_SCOPE!);
+    setup(app, process.env.TILTAK_PROXY_API_SCOPE);
 };
 
 const setup = (app: Express, audience: string) => {

server/src/proxy/decorator-intern-proxy.ts

@@ -1,14 +1,14 @@
 import proxy from 'express-http-proxy';
-import { Express, Response } from 'express';
-import { Request } from 'express-serve-static-core';
+import { createProxyMiddleware } from 'http-proxy-middleware';
+import { Express, Response, Request } from 'express';
 import { ParsedQs } from 'qs';
 import { IncomingMessage, RequestOptions } from 'http';
 import { requestOboToken } from '../auth';
 
 const setup = (app: Express) => {
     app.use(
         '/modiacontextholder/api/decorator',
-        proxy(process.env.APIGW_URL as string, {
+        proxy(process.env.APIGW_URL, {
             proxyReqPathResolver: (req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
                 return req.originalUrl.replace(
                     '/modiacontextholder/api/decorator',
@@ -19,7 +19,7 @@ const setup = (app: Express) => {
                 options: RequestOptions,
                 req: Request<{}, any, any, ParsedQs, Record<string, any>>,
             ) => {
-                const accessToken = await requestOboToken(process.env.API_SCOPE!, req);
+                const accessToken = await requestOboToken(process.env.TILTAK_PROXY_API_SCOPE, req);
                 if (options?.headers) {
                     options.headers.Authorization = `Bearer ${accessToken}`;
                     let cookies = options.headers.cookie;
@@ -35,6 +35,21 @@ const setup = (app: Express) => {
         }),
     );
 
+    app.use(
+        '/modiacontextholder/redirect',
+        async (req, _, next) => {
+            const accessToken = await requestOboToken(process.env.MODIACONTEXTHOLDER_API_SCOPE, req);
+            req.headers.authorization = `Bearer ${accessToken}`;
+            req.headers.cookie = 'innlogget-part=VEILEDER; ' + req.headers.cookie;
+            next();
+        },
+        createProxyMiddleware({
+            target: 'http://modiacontextholder.personoversikt/modiacontextholder/redirect',
+            followRedirects: false,
+            changeOrigin: true,
+        }),
+    );
+
     app.use('/internarbeidsflatedecorator', (req, res) => {
         res.redirect(process.env.DECORATOR_INTERNAL + req.originalUrl);
     });