gateway/proxy.py

"""
Platform Gateway — Proxy helper and service routing.
"""

import json
import urllib.request
import urllib.error

from config import _internal_ssl_ctx
from database import get_db


def proxy_request(target_url, method, headers, body=None, timeout=120):
    """Proxy a request to a backend service. Returns (status, response_headers, response_body)."""
    try:
        req = urllib.request.Request(target_url, data=body, method=method)
        for k, v in headers.items():
            req.add_header(k, v)

        with urllib.request.urlopen(req, context=_internal_ssl_ctx, timeout=timeout) as resp:
            resp_body = resp.read()
            resp_headers = dict(resp.headers)
            return resp.status, resp_headers, resp_body

    except urllib.error.HTTPError as e:
        body = e.read() if e.fp else b'{}'
        return e.code, dict(e.headers), body
    except Exception as e:
        return 502, {"Content-Type": "application/json"}, json.dumps({"error": f"Service unavailable: {e}"}).encode()


# ── Service routing ──

SERVICE_MAP = {}  # populated from DB at startup


def load_service_map():
    global SERVICE_MAP
    conn = get_db()
    rows = conn.execute("SELECT id, proxy_target FROM apps WHERE enabled = 1").fetchall()
    conn.close()
    SERVICE_MAP = {row["id"]: row["proxy_target"] for row in rows}


def resolve_service(path):
    """Given /api/trips/foo, return ('trips', 'http://backend:8087', '/api/foo')."""
    # Path format: /api/{service_id}/...
    parts = path.split("/", 4)  # ['', 'api', 'trips', 'foo']
    if len(parts) < 3:
        return None, None, None
    service_id = parts[2]
    target = SERVICE_MAP.get(service_id)
    if not target:
        return None, None, None
    remainder = "/" + "/".join(parts[3:]) if len(parts) > 3 else "/"
    # Services that don't use /api prefix (Express apps, etc.)
    NO_API_PREFIX_SERVICES = {"inventory", "music", "budget"}
    SERVICE_PATH_PREFIX = {"reader": "/v1"}
    if service_id in SERVICE_PATH_PREFIX:
        backend_path = f"{SERVICE_PATH_PREFIX[service_id]}{remainder}"
    elif service_id in NO_API_PREFIX_SERVICES:
        backend_path = remainder
    elif remainder.startswith("/images/") or remainder.startswith("/documents/"):
        backend_path = remainder
    else:
        backend_path = f"/api{remainder}"
    return service_id, target, backend_path
Refactor gateway into modular architecture Split 1878-line server.py into 15 focused modules: - config.py: all env vars and constants - database.py: schema, init, seed logic - sessions.py: session/token CRUD - proxy.py: proxy_request, SERVICE_MAP, resolve_service - responses.py: ResponseMixin for handler helpers - auth.py: login/logout/register handlers - dashboard.py: dashboard, apps, connections, pinning - command.py: AI command bar - integrations/booklore.py: auth, books, cover, import - integrations/kindle.py: send-to-kindle, file finder - integrations/karakeep.py: save/delete bookmarks - integrations/qbittorrent.py: download status - integrations/image_proxy.py: external image proxy server.py is now thin routing only (~344 lines). All routes, methods, status codes, and responses preserved exactly. Added PYTHONUNBUFFERED=1 to Dockerfile for live logging. 2026-03-29 00:14:46 -05:00			`"""`
			`Platform Gateway — Proxy helper and service routing.`
			`"""`

			`import json`
			`import urllib.request`
			`import urllib.error`

fix: remaining security and deployment hardening (#6 #7 #10) #7 Transport Security: - Removed legacy _ssl_ctx alias from config.py - proxy.py now uses _internal_ssl_ctx directly (explicitly scoped) - No global TLS bypass remains #10 Deployment Hardening: - Inventory Dockerfile: non-root (node user), health check, production deps - Budget Dockerfile: non-root (node user), health check, npm ci, multi-stage ready - Frontend-v2 Dockerfile: multi-stage build, non-root (node user), health check - Added /health endpoints to inventory and budget (before auth middleware) - All 6 containers now run as non-root with health checks All services verified: gateway, trips, fitness, inventory, budget, frontend 2026-03-29 09:35:39 -05:00			`from config import _internal_ssl_ctx`
Refactor gateway into modular architecture Split 1878-line server.py into 15 focused modules: - config.py: all env vars and constants - database.py: schema, init, seed logic - sessions.py: session/token CRUD - proxy.py: proxy_request, SERVICE_MAP, resolve_service - responses.py: ResponseMixin for handler helpers - auth.py: login/logout/register handlers - dashboard.py: dashboard, apps, connections, pinning - command.py: AI command bar - integrations/booklore.py: auth, books, cover, import - integrations/kindle.py: send-to-kindle, file finder - integrations/karakeep.py: save/delete bookmarks - integrations/qbittorrent.py: download status - integrations/image_proxy.py: external image proxy server.py is now thin routing only (~344 lines). All routes, methods, status codes, and responses preserved exactly. Added PYTHONUNBUFFERED=1 to Dockerfile for live logging. 2026-03-29 00:14:46 -05:00			`from database import get_db`


			`def proxy_request(target_url, method, headers, body=None, timeout=120):`
			`"""Proxy a request to a backend service. Returns (status, response_headers, response_body)."""`
			`try:`
			`req = urllib.request.Request(target_url, data=body, method=method)`
			`for k, v in headers.items():`
			`req.add_header(k, v)`

fix: remaining security and deployment hardening (#6 #7 #10) #7 Transport Security: - Removed legacy _ssl_ctx alias from config.py - proxy.py now uses _internal_ssl_ctx directly (explicitly scoped) - No global TLS bypass remains #10 Deployment Hardening: - Inventory Dockerfile: non-root (node user), health check, production deps - Budget Dockerfile: non-root (node user), health check, npm ci, multi-stage ready - Frontend-v2 Dockerfile: multi-stage build, non-root (node user), health check - Added /health endpoints to inventory and budget (before auth middleware) - All 6 containers now run as non-root with health checks All services verified: gateway, trips, fitness, inventory, budget, frontend 2026-03-29 09:35:39 -05:00			`with urllib.request.urlopen(req, context=_internal_ssl_ctx, timeout=timeout) as resp:`
Refactor gateway into modular architecture Split 1878-line server.py into 15 focused modules: - config.py: all env vars and constants - database.py: schema, init, seed logic - sessions.py: session/token CRUD - proxy.py: proxy_request, SERVICE_MAP, resolve_service - responses.py: ResponseMixin for handler helpers - auth.py: login/logout/register handlers - dashboard.py: dashboard, apps, connections, pinning - command.py: AI command bar - integrations/booklore.py: auth, books, cover, import - integrations/kindle.py: send-to-kindle, file finder - integrations/karakeep.py: save/delete bookmarks - integrations/qbittorrent.py: download status - integrations/image_proxy.py: external image proxy server.py is now thin routing only (~344 lines). All routes, methods, status codes, and responses preserved exactly. Added PYTHONUNBUFFERED=1 to Dockerfile for live logging. 2026-03-29 00:14:46 -05:00			`resp_body = resp.read()`
			`resp_headers = dict(resp.headers)`
			`return resp.status, resp_headers, resp_body`

			`except urllib.error.HTTPError as e:`
			`body = e.read() if e.fp else b'{}'`
			`return e.code, dict(e.headers), body`
			`except Exception as e:`
			`return 502, {"Content-Type": "application/json"}, json.dumps({"error": f"Service unavailable: {e}"}).encode()`


			`# ── Service routing ──`

			`SERVICE_MAP = {} # populated from DB at startup`


			`def load_service_map():`
			`global SERVICE_MAP`
			`conn = get_db()`
			`rows = conn.execute("SELECT id, proxy_target FROM apps WHERE enabled = 1").fetchall()`
			`conn.close()`
			`SERVICE_MAP = {row["id"]: row["proxy_target"] for row in rows}`


			`def resolve_service(path):`
			`"""Given /api/trips/foo, return ('trips', 'http://backend:8087', '/api/foo')."""`
			`# Path format: /api/{service_id}/...`
			`parts = path.split("/", 4) # ['', 'api', 'trips', 'foo']`
			`if len(parts) < 3:`
			`return None, None, None`
			`service_id = parts[2]`
			`target = SERVICE_MAP.get(service_id)`
			`if not target:`
			`return None, None, None`
			`remainder = "/" + "/".join(parts[3:]) if len(parts) > 3 else "/"`
			`# Services that don't use /api prefix (Express apps, etc.)`
			`NO_API_PREFIX_SERVICES = {"inventory", "music", "budget"}`
			`SERVICE_PATH_PREFIX = {"reader": "/v1"}`
			`if service_id in SERVICE_PATH_PREFIX:`
			`backend_path = f"{SERVICE_PATH_PREFIX[service_id]}{remainder}"`
			`elif service_id in NO_API_PREFIX_SERVICES:`
			`backend_path = remainder`
			`elif remainder.startswith("/images/") or remainder.startswith("/documents/"):`
			`backend_path = remainder`
			`else:`
			`backend_path = f"/api{remainder}"`
			`return service_id, target, backend_path`