From b6ac9ffcab2dfee028763911ecf2c5fee468d318 Mon Sep 17 00:00:00 2001
From: proffapt <proffapt@pm.me>
Date: Mon, 17 Jun 2024 14:46:53 +0530
Subject: [PATCH] feat: naarad protected by heimdall

---
 metaploy/naarad.metaploy.conf | 38 +++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/metaploy/naarad.metaploy.conf b/metaploy/naarad.metaploy.conf
index 98e5679..94887d1 100644
--- a/metaploy/naarad.metaploy.conf
+++ b/metaploy/naarad.metaploy.conf
@@ -1,14 +1,36 @@
 upstream naarad {
-	server naarad:8000;
+    server naarad:8000;
 }
 
 server {
-	server_name naarad.metakgp.org;
+    server_name naarad.metakgp.org;
 
-	location / {
-		proxy_pass http://naarad;
+    location /web {
+        auth_request /auth;
+        error_page 400 401 500 =200 @handle_auth;
 
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection "upgrade";
-	}
-}
\ No newline at end of file
+        proxy_pass http://naarad;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location /auth {
+        internal;
+        proxy_pass https://heimdall-api.metakgp.org/validate-jwt;
+        proxy_set_header Cookie $http_cookie;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location @handle_auth {
+        return 301 https://heimdall.metakgp.org/?redirect_url=https://$server_name$request_uri;
+    }
+
+    location / {
+        proxy_pass http://naarad;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}