Mijn-7645 prod fixes (#1142)

Dockerfile

@@ -100,15 +100,13 @@ WORKDIR /app
 ARG MA_FRONTEND_HOST=mijn.amsterdam.nl
 ENV MA_FRONTEND_HOST=$MA_FRONTEND_HOST
 
-ARG MA_API_HOST=$MA_FRONTEND_HOST
-ENV MA_API_HOST=$MA_API_HOST
 
 # forward request and error logs to docker log collector
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
   && ln -sf /dev/stderr /var/log/nginx/error.log
 
 COPY conf/nginx-server-default.template.conf /tmp/nginx-server-default.template.conf
-RUN envsubst '${MA_FRONTEND_HOST},${MA_API_HOST}' < /tmp/nginx-server-default.template.conf > /etc/nginx/conf.d/default.conf
+RUN envsubst '${MA_FRONTEND_HOST}' < /tmp/nginx-server-default.template.conf > /etc/nginx/conf.d/default.conf
 COPY conf/nginx.conf /etc/nginx/nginx.conf
 
 # Copy the built application files to the current image

conf/nginx-server-default.template.conf

@@ -1,5 +1,5 @@
 # CSP details:
-# Usabilla 
+# Usabilla
 # Domains https://d6tizftlrpuof.cloudfront.net https://d6tizftlrpuof.cloudfront.net
 # Hashes 'sha256-3zlukFCE2NAZ1CGoSeIoF0IIVuyFB0H6mcqhOyOqspw=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-cvlvhwY+ty738GCnq1Y3zkFc8vj6uNi7jMXe/iyaIhE='
 # Nonces 'nonce-e8b4abda34ab' + 'nonce-9fd5da44aa5b' Usabilla.
@@ -26,34 +26,12 @@ server {
   # Permissions-Policy
   set $pp_header "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
 
-  set $target_host $MA_FRONTEND_HOST;
-  set $api_host $MA_API_HOST;
-
-  # Note: prolly better to put this in env somewhere
-  set $mams_bff_login "https://$api_host/api/v1/auth/digid/login";
-  set $mams_bff_login_eh "https://$api_host/api/v1/auth/eherkenning/login";
-
   # Config options
   listen 80;
   server_name localhost;
   large_client_header_buffers 4 16k;
 
-  root /usr/share/nginx/html;  
-
-
-  location /api/login {
-      if ($host = $target_host) {
-        return 301 $mams_bff_login;
-      }
-      return 301 $target_host;
-  }
-
-  location /api1/login {
-      if ($host = $target_host) {
-        return 301 $mams_bff_login_eh;
-      }
-      return 301 $target_host;
-  }
+  root /usr/share/nginx/html;
 
   location ~ /\.ht {
     deny all;

src/server/app.ts

@@ -44,7 +44,7 @@ import { clearRequestCache, nocache, requestID, send404 } from './helpers/app';
 import { authRouterDevelopment, relayDevRouter } from './router-development';
 import { router as oidcRouter } from './router-oidc';
 import { router as protectedRouter } from './router-protected';
-import { router as publicRouter } from './router-public';
+import { legacyRouter, router as publicRouter } from './router-public';
 import { adminRouter } from './router-admin';
 import { cleanupSessionBlacklistTable } from './services/cron/jobs';
 
@@ -135,6 +135,8 @@ if (IS_AP && !IS_OT) {
   app.use(oidcRouter);
 }
 
+app.use(legacyRouter);
+
 app.use(BFF_BASE_PATH, publicRouter);
 
 // Legacy health check. TODO: Remove after migration to az is complete.

src/server/config.ts

@@ -334,6 +334,10 @@ export const BffEndpoints = {
   MAP_DATASETS: '/map/datasets/:datasetId?/:id?',
   SEARCH_CONFIG: '/services/search-config',
 
+  // Legacy login links (still used in other portals)
+  LEGACY_LOGIN_API_LOGIN: '/api/login',
+  LEGACY_LOGIN_API1_LOGIN: '/api1/login',
+
   // Signalen endpoints
   SIA_ATTACHMENTS: '/services/signals/:id/attachments',
   SIA_HISTORY: '/services/signals/:id/history',

src/server/router-public.ts

@@ -147,3 +147,13 @@ router.get(
     });
   }
 );
+
+export const legacyRouter = express.Router();
+
+legacyRouter.get(BffEndpoints.LEGACY_LOGIN_API_LOGIN, (req, res) => {
+  return res.redirect(BffEndpoints.AUTH_LOGIN_DIGID);
+});
+
+legacyRouter.get(BffEndpoints.LEGACY_LOGIN_API1_LOGIN, (req, res) => {
+  return res.redirect(BffEndpoints.AUTH_LOGIN_EHERKENNING);
+});