Merge pull request #311 from djyotta/main

support site prefix for use with reverse proxy

Author: lovasoa

configuration.md

@@ -18,6 +18,7 @@ Here are the available configuration options and their default values:
 | `database_connection_acquire_timeout_seconds` | 10                                                          | How long to wait when acquiring a database connection from the pool before giving up and returning an error.                                                                                                                                           |
 | `sqlite_extensions`                           |                                                             | An array of SQLite extensions to load, such as `mod_spatialite`                                                                                                                                                                                        |
 | `web_root`                                    | `.`                                                         | The root directory of the web server, where the `index.sql` file is located.                                                                                                                                                                           |
+| `site_prefix`                                 | `/`                                                         | Base path of the site. If you want to host SQLPage at `https://example.com/sqlpage/`, set this to `/sqlpage/`. When using a reverse proxy, this allows hosting SQLPage together with other applications on the same subdomain. |
 | `configuration_directory`                     | `./sqlpage/`                                                | The directory where the `sqlpage.json` file is located. This is used to find the path to `templates/`, `migrations/`, and `on_connect.sql`. Obviously, this configuration parameter can be set only through environment variables, not through the `sqlpage.json` file itself in order to find the `sqlpage.json` file. Be careful not to use a path that is accessible from the public WEB_ROOT |
 | `allow_exec`                                  | false                                                       | Allow usage of the `sqlpage.exec` function. Do this only if all users with write access to sqlpage query files and to the optional `sqlpage_files` table on the database are trusted.                                                                  |
 | `max_uploaded_file_size`                      | 5242880                                                     | Maximum size of uploaded files in bytes. Defaults to 5 MiB.                                                                                                                                                                                            |

sqlpage/templates/chart.handlebars

@@ -2,7 +2,7 @@
     {{#if id}}id="{{id}}"{{/if}}
     class="card my-2 {{class}}" 
     data-pre-init="chart" 
-    data-sqlpage-js="/{{static_path 'apexcharts.js'}}"
+    data-sqlpage-js="{{static_path 'apexcharts.js'}}"
 >
     <div class="card-body">
         <div class="d-flex">

sqlpage/templates/form.handlebars

@@ -65,7 +65,7 @@
                         {{~#if multiple}} multiple {{/if~}}
                         {{~#if (or dropdown searchable)}} 
                             data-pre-init="select-dropdown"
-                            data-sqlpage-js="/{{static_path 'tomselect.js'}}"
+                            data-sqlpage-js="{{static_path 'tomselect.js'}}"
                         {{/if~}}
                         {{~#if placeholder}} placeholder="{{placeholder}}" {{/if~}}
                         {{~#if create_new}} data-create_new={{create_new}} {{/if~}}

sqlpage/templates/shell.handlebars

@@ -3,8 +3,7 @@
 <head>
     <meta charset="utf-8"/>
     <title>{{default title "SQLPage"}}</title>
-
-    <link rel="stylesheet" href="/{{static_path 'sqlpage.css'}}">
+    <link rel="stylesheet" href="{{static_path 'sqlpage.css'}}">
    {{#each (to_array css)}}
         {{#if this}}
             <link rel="stylesheet" href="{{this}}">
@@ -18,7 +17,7 @@
         <style>:root { --tblr-font-sans-serif: '{{font}}', Arial, sans;}</style>
     {{/if}}
 
-    <script src="/{{static_path 'sqlpage.js'}}" defer></script>
+    <script src="{{static_path 'sqlpage.js'}}" defer></script>
     {{#each (to_array javascript)}}
         {{#if this}}
             <script src="{{this}}" defer></script>

src/app_config.rs

@@ -1,5 +1,6 @@
 use anyhow::Context;
 use config::Config;
+use percent_encoding::AsciiSet;
 use serde::de::Error;
 use serde::{Deserialize, Deserializer};
 use std::net::{SocketAddr, ToSocketAddrs};
@@ -77,6 +78,16 @@ pub struct AppConfig {
     /// whether to show error messages to the user.
     #[serde(default)]
     pub environment: DevOrProd,
+
+    /// Serve the website from a sub path. For example, if you set this to `/sqlpage/`, the website will be
+    /// served from `https://yourdomain.com/sqlpage/`. Defaults to `/`.
+    /// This is useful if you want to serve the website on the same domain as other content, and
+    /// you are using a reverse proxy to route requests to the correct server.
+    #[serde(
+        deserialize_with = "deserialize_site_prefix",
+        default = "default_site_prefix"
+    )]
+    pub site_prefix: String,
 }
 
 impl AppConfig {
@@ -108,6 +119,8 @@ fn cannonicalize_if_possible(path: &std::path::Path) -> PathBuf {
     path.canonicalize().unwrap_or_else(|_| path.to_owned())
 }
 
+/// Parses and loads the configuration from the `sqlpage.json` file in the current directory.
+/// This should be called only once at the start of the program.
 pub fn load() -> anyhow::Result<AppConfig> {
     let configuration_directory = &configuration_directory();
     log::debug!(
@@ -140,6 +153,47 @@ fn deserialize_socket_addr<'de, D: Deserializer<'de>>(
         .transpose()
 }
 
+fn deserialize_site_prefix<'de, D: Deserializer<'de>>(deserializer: D) -> Result<String, D::Error> {
+    let prefix: String = Deserialize::deserialize(deserializer)?;
+    Ok(normalize_site_prefix(prefix.as_str()))
+}
+
+/// We standardize the site prefix to always be stored with both leading and trailing slashes.
+/// We also percent-encode special characters in the prefix, but allow it to contain slashes (to allow
+/// hosting on a sub-sub-path).
+fn normalize_site_prefix(prefix: &str) -> String {
+    const TO_ENCODE: AsciiSet = percent_encoding::NON_ALPHANUMERIC.remove(b'/');
+
+    let prefix = prefix.trim_start_matches('/').trim_end_matches('/');
+    if prefix.is_empty() {
+        return default_site_prefix();
+    }
+    let encoded_prefix = percent_encoding::percent_encode(prefix.as_bytes(), &TO_ENCODE);
+
+    std::iter::once("/")
+        .chain(encoded_prefix)
+        .chain(std::iter::once("/"))
+        .collect::<String>()
+}
+
+#[test]
+fn test_normalize_site_prefix() {
+    assert_eq!(normalize_site_prefix(""), "/");
+    assert_eq!(normalize_site_prefix("/"), "/");
+    assert_eq!(normalize_site_prefix("a"), "/a/");
+    assert_eq!(normalize_site_prefix("a/"), "/a/");
+    assert_eq!(normalize_site_prefix("/a"), "/a/");
+    assert_eq!(normalize_site_prefix("a/b"), "/a/b/");
+    assert_eq!(normalize_site_prefix("a/b/"), "/a/b/");
+    assert_eq!(normalize_site_prefix("a/b/c"), "/a/b/c/");
+    assert_eq!(normalize_site_prefix("a b"), "/a%20b/");
+    assert_eq!(normalize_site_prefix("a b/c"), "/a%20b/c/");
+}
+
+fn default_site_prefix() -> String {
+    '/'.to_string()
+}
+
 fn parse_socket_addr(host_str: &str) -> anyhow::Result<SocketAddr> {
     host_str
         .to_socket_addrs()?

src/lib.rs

@@ -40,7 +40,7 @@ impl AppState {
     pub async fn init(config: &AppConfig) -> anyhow::Result<Self> {
         // Connect to the database
         let db = Database::init(config).await?;
-        let all_templates = AllTemplates::init()?;
+        let all_templates = AllTemplates::init(config)?;
         let mut sql_file_cache = FileCache::new();
         let file_system = FileSystem::init(&config.web_root, &db).await;
         sql_file_cache.add_static(

src/template_helpers.rs

@@ -1,22 +1,21 @@
 use std::borrow::Cow;
 
+use crate::{app_config::AppConfig, utils::static_filename};
 use anyhow::Context as _;
 use handlebars::{
     handlebars_helper, Context, Handlebars, PathAndJson, RenderError, RenderErrorReason,
     Renderable, ScopedJson,
 };
 use serde_json::Value as JsonValue;
 
-use crate::utils::static_filename;
-
 /// Simple json to json helper
 type H = fn(&JsonValue) -> JsonValue;
 /// Simple json to json helper with error handling
 type EH = fn(&JsonValue) -> anyhow::Result<JsonValue>;
 /// Helper that takes two arguments
 type HH = fn(&JsonValue, &JsonValue) -> JsonValue;
 
-pub fn register_all_helpers(h: &mut Handlebars<'_>) {
+pub fn register_all_helpers(h: &mut Handlebars<'_>, config: &AppConfig) {
     register_helper(h, "stringify", stringify_helper as H);
     register_helper(h, "parse_json", parse_json_helper as EH);
     register_helper(h, "default", default_helper as HH);
@@ -40,7 +39,10 @@ pub fn register_all_helpers(h: &mut Handlebars<'_>) {
     h.register_helper("array_contains", Box::new(array_contains));
 
     // static_path helper: generate a path to a static file. Replaces sqpage.js by sqlpage.<hash>.js
-    register_helper(h, "static_path", static_path_helper as EH);
+    let static_path_helper = StaticPathHelper {
+        site_prefix: config.site_prefix.clone(),
+    };
+    register_helper(h, "static_path", static_path_helper);
 
     // icon helper: generate an image with the specified icon
     h.register_helper("icon_img", Box::new(icon_img_helper));
@@ -131,13 +133,27 @@ fn to_array_helper(v: &JsonValue) -> JsonValue {
     .into()
 }
 
-fn static_path_helper(v: &JsonValue) -> anyhow::Result<JsonValue> {
-    match v.as_str().with_context(|| "static_path: not a string")? {
-        "sqlpage.js" => Ok(static_filename!("sqlpage.js").into()),
-        "sqlpage.css" => Ok(static_filename!("sqlpage.css").into()),
-        "apexcharts.js" => Ok(static_filename!("apexcharts.js").into()),
-        "tomselect.js" => Ok(static_filename!("tomselect.js").into()),
-        other => Err(anyhow::anyhow!("unknown static file: {other:?}")),
+struct StaticPathHelper {
+    site_prefix: String,
+}
+
+impl CanHelp for StaticPathHelper {
+    fn call(&self, args: &[PathAndJson]) -> Result<JsonValue, String> {
+        let static_file = match args {
+            [v] => v.value(),
+            _ => return Err("expected one argument".to_string()),
+        };
+        let name = static_file
+            .as_str()
+            .ok_or_else(|| format!("static_path: not a string: {static_file}"))?;
+        let path = match name {
+            "sqlpage.js" => static_filename!("sqlpage.js"),
+            "sqlpage.css" => static_filename!("sqlpage.css"),
+            "apexcharts.js" => static_filename!("apexcharts.js"),
+            "tomselect.js" => static_filename!("tomselect.js"),
+            other => return Err(format!("unknown static file: {other:?}")),
+        };
+        Ok(format!("{}{}", self.site_prefix, path).into())
     }
 }
 

src/templates.rs

@@ -1,3 +1,4 @@
+use crate::app_config::AppConfig;
 use crate::file_cache::AsyncFromStrWithState;
 use crate::template_helpers::register_all_helpers;
 use crate::{AppState, FileCache, TEMPLATES_DIR};
@@ -76,9 +77,9 @@ pub struct AllTemplates {
 const STATIC_TEMPLATES: Dir = include_dir!("$CARGO_MANIFEST_DIR/sqlpage/templates");
 
 impl AllTemplates {
-    pub fn init() -> anyhow::Result<Self> {
+    pub fn init(config: &AppConfig) -> anyhow::Result<Self> {
         let mut handlebars = Handlebars::new();
-        register_all_helpers(&mut handlebars);
+        register_all_helpers(&mut handlebars, config);
         let mut this = Self {
             handlebars,
             split_templates: FileCache::new(),

src/webserver/http.rs

@@ -344,7 +344,7 @@ impl SingleOrVec {
 
 /// Resolves the path in a query to the path to a local SQL file if there is one that matches
 fn path_to_sql_file(path: &str) -> Option<PathBuf> {
-    let mut path = PathBuf::from(path.strip_prefix('/').unwrap_or(path));
+    let mut path = PathBuf::from(path);
     match path.extension() {
         None => {
             path.push("index.sql");
@@ -385,7 +385,7 @@ async fn serve_file(
     state: &AppState,
     if_modified_since: Option<IfModifiedSince>,
 ) -> actix_web::Result<HttpResponse> {
-    let path = path.strip_prefix('/').unwrap_or(path);
+    let path = path.strip_prefix(&state.config.site_prefix).unwrap_or(path);
     if let Some(IfModifiedSince(date)) = if_modified_since {
         let since = DateTime::<Utc>::from(SystemTime::from(date));
         let modified = state
@@ -440,6 +440,10 @@ pub async fn main_handler(
 /// Extracts the path from a request and percent-decodes it
 fn req_path(req: &ServiceRequest) -> Cow<'_, str> {
     let encoded_path = req.path();
+    let app_state: &web::Data<AppState> = req.app_data().expect("app_state");
+    let encoded_path = encoded_path
+        .strip_prefix(&app_state.config.site_prefix)
+        .unwrap_or(encoded_path);
     percent_encoding::percent_decode_str(encoded_path).decode_utf8_lossy()
 }
 
@@ -467,6 +471,24 @@ fn redirect_missing_trailing_slash(uri: &Uri) -> Option<HttpResponse> {
     }
 }
 
+/// called when a request is made to a path outside of the sub-path we are serving the site from
+async fn default_prefix_redirect(
+    service_request: ServiceRequest,
+) -> actix_web::Result<ServiceResponse> {
+    let app_state: &web::Data<AppState> = service_request.app_data().expect("app_state");
+    let redirect_path = app_state
+        .config
+        .site_prefix
+        .trim_end_matches('/')
+        .to_string()
+        + service_request.path();
+    Ok(service_request.into_response(
+        HttpResponse::PermanentRedirect()
+            .insert_header((header::LOCATION, redirect_path))
+            .finish(),
+    ))
+}
+
 pub fn create_app(
     app_state: web::Data<AppState>,
 ) -> App<
@@ -480,13 +502,20 @@ pub fn create_app(
         InitError = (),
     >,
 > {
+    let encoded_scope: &str = app_state.config.site_prefix.trim_end_matches('/');
+    let decoded_scope = percent_encoding::percent_decode_str(encoded_scope).decode_utf8_lossy();
     App::new()
-        .service(static_content::js())
-        .service(static_content::apexcharts_js())
-        .service(static_content::tomselect_js())
-        .service(static_content::css())
-        .service(static_content::icons())
-        .default_service(fn_service(main_handler))
+        .service(
+            web::scope(&decoded_scope)
+                .service(static_content::js())
+                .service(static_content::apexcharts_js())
+                .service(static_content::tomselect_js())
+                .service(static_content::css())
+                .service(static_content::icons())
+                .default_service(fn_service(main_handler)),
+        )
+        // when receiving a request outside of the prefix, redirect to the prefix
+        .default_service(fn_service(default_prefix_redirect))
         .wrap(Logger::default())
         .wrap(
             middleware::DefaultHeaders::new()

tests/index.rs

@@ -292,6 +292,36 @@ async fn privileged_paths_are_not_accessible() {
     );
 }
 
+#[actix_web::test]
+async fn test_static_files() {
+    let resp = req_path("/tests/it_works.txt").await.unwrap();
+    assert_eq!(resp.status(), http::StatusCode::OK);
+    let body = test::read_body(resp).await;
+    assert_eq!(&body, &b"It works !"[..]);
+}
+
+#[actix_web::test]
+async fn test_with_site_prefix() {
+    let mut config = test_config();
+    config.site_prefix = "/xxx/".to_string();
+    let state = AppState::init(&config).await.unwrap();
+    let app_data = actix_web::web::Data::new(state);
+    let resp = req_path_with_app_data("/xxx/tests/sql_test_files/it_works_simple.sql", app_data)
+        .await
+        .unwrap();
+    assert_eq!(resp.status(), http::StatusCode::OK);
+    let body = test::read_body(resp).await;
+    let body_str = String::from_utf8(body.to_vec()).unwrap();
+    assert!(
+        body_str.contains("It works !"),
+        "{body_str}\nexpected to contain: It works !"
+    );
+    assert!(
+        body_str.contains("href=\"/xxx/"),
+        "{body_str}\nexpected to contain stylesheet link with site prefix"
+    );
+}
+
 async fn get_request_to(path: &str) -> actix_web::Result<TestRequest> {
     let data = make_app_data().await;
     Ok(test::TestRequest::get()