From 5ba572755feeb4f8d9958881b53f9ab368be1993 Mon Sep 17 00:00:00 2001
From: roch <trinque@free.fr>
Date: Tue, 17 Sep 2024 15:48:06 +0100
Subject: [PATCH] Add a disable_chat bool to disable the GOV.UK chat service

In case of an emergency we want a way to disable the service at
the edge.
---
 www/service.tf    | 1 +
 www/www.vcl.tftpl | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/www/service.tf b/www/service.tf
index c007b75..57395da 100644
--- a/www/service.tf
+++ b/www/service.tf
@@ -19,6 +19,7 @@ locals {
       minimum_tls_version  = "1.2"
       ssl_ciphers          = "ECDHE-RSA-AES256-GCM-SHA384"
       basic_authentication = null
+      disable_chat         = false
 
       s3_static_assets_port     = 443
       s3_static_assets_hostname = null
diff --git a/www/www.vcl.tftpl b/www/www.vcl.tftpl
index e97f8af..96d88a8 100644
--- a/www/www.vcl.tftpl
+++ b/www/www.vcl.tftpl
@@ -373,6 +373,13 @@ sub vcl_recv {
     unset req.http.Cookie;
   }
 
+%{ if disable_chat == true ~}
+  # Chat app is disabled
+  if (req.url ~ "^/chat/") {
+    error 503 "Service unavailable";
+  }
+%{ endif ~}
+
   # Strip cookies for requests to /chat/* that lack a session cookie,
   # otherwise pass through
   if (req.url ~ "^/chat/") {