From 1da1dd179f8cfac2f9991c90dd7c0de480c56754 Mon Sep 17 00:00:00 2001
From: proffapt <proffapt@pm.me>
Date: Fri, 28 Jun 2024 13:49:28 +0530
Subject: [PATCH] fix: protected by heimdall; infinite auth loop

---
 metaploy/naarad.metaploy.conf | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/metaploy/naarad.metaploy.conf b/metaploy/naarad.metaploy.conf
index 3d6f088..e597efa 100644
--- a/metaploy/naarad.metaploy.conf
+++ b/metaploy/naarad.metaploy.conf
@@ -5,34 +5,31 @@ upstream naarad {
 server {
     server_name naarad.metakgp.org;
 
-    location /web {
+    location / {
         auth_request /auth;
         error_page 300 301 302 303 304 305 306 307 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 = @handle_auth;
 
         proxy_pass http://naarad;
-        
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
 
-    location /auth {
+    location = /auth {
         internal;
-        proxy_pass https://heimdall-api.metakgp.org/validate-jwt;
-        
+
+        proxy_pass http://heimdall_server/validate-jwt;
         proxy_set_header Cookie $http_cookie;
+
         proxy_set_header Host $host;
+        proxy_set_header Content-Length "";
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Original-URI $request_uri;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_pass_request_body off;
     }
 
     location @handle_auth {
         return 302 https://heimdall.metakgp.org/?redirect_url=https://$server_name$request_uri;
     }
-
-    location / {
-        proxy_pass http://naarad;
-
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
 }