introduce FLEXMEASURES_FORCE_HTTPS so we can control better when we w…

…ant the app to answer to https. Apply in the internal API to solve a load balancer situation. Signed-off-by: Nicolas Höning <nicolas@seita.nl>
FlexMeasures · Mar 11, 2024 · 7b5dbe7 · 7b5dbe7
1 parent 78bc3b4
commit 7b5dbe7
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 9 deletions.
diff --git a/.vscode/spellright.dict b/.vscode/spellright.dict
@@ -272,3 +272,9 @@ cron
 CSV
 UI
 frontend
+http
+https
+balancer
+url
+HTTPS
+Werkzeug
diff --git a/documentation/configuration.rst b/documentation/configuration.rst
@@ -455,6 +455,14 @@ Allows users to make authenticated requests. If true, injects the Access-Control
 Default: ``True``
 
 
+FLEXMEASURES_FORCE_HTTPS
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Set to ``True`` if all requests should be forced to be https.
+
+Default: ``False``
+
+
 FLEXMEASURES_ENFORCE_SECURE_CONTENT_POLICY
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

diff --git a/flexmeasures/app.py b/flexmeasures/app.py
@@ -106,7 +106,7 @@ def create(  # noqa C901
     set_secret_key(app)
     if app.config.get("SECURITY_PASSWORD_SALT", None) is None:
         app.config["SECURITY_PASSWORD_SALT"] = app.config["SECRET_KEY"]
-    if app.config.get("FLEXMEASURES_ENV") not in ("documentation", "development"):
+    if app.config.get("FLEXMEASURES_FORCE_HTTPS", False):
         SSLify(app)
 
     # Prepare profiling, if needed

diff --git a/flexmeasures/ui/crud/api_wrapper.py b/flexmeasures/ui/crud/api_wrapper.py
@@ -41,17 +41,28 @@ def _maybe_raise(
         if response.status_code not in do_not_raise_for:
             response.raise_for_status()
 
+    def _url_root(self) -> str:
+        """
+        Get the root for the URLs this API should use to call FlexMeasures.
+        """
+        url_root = request.url_root
+        if current_app.config.get("FLEXMEASURES_FORCE_HTTPS", False):
+            # this replacement is for the case we are behind a load balancer who talks http internally
+            url_root = url_root.replace("http://", "https://")
+        return url_root
+
     def get(
         self,
         url: str,
         query: dict[str, Any] | None = None,
         do_not_raise_for: list | None = None,
     ) -> requests.Response:
+        url_root = self._url_root()
         current_app.logger.debug(
-            f"{self._log_prefix} GETting {url} with query {query} ..."
+            f"{self._log_prefix} Calling GET to {url_root}{url} with query {query} ..."
         )
         response = requests.get(
-            f"{request.url_root}{url}",
+            f"{url_root}{url}",
             params=query,
             headers=self._auth_headers(),
         )
@@ -64,11 +75,12 @@ def post(
         args: dict | None = None,
         do_not_raise_for: list | None = None,
     ) -> requests.Response:
+        url_root = self._url_root()
         current_app.logger.debug(
-            f"{self._log_prefix} POSTing {url} with json data {args} ..."
+            f"{self._log_prefix} Call POST to {url_root}{url} with json data {args} ..."
         )
         response = requests.post(
-            f"{request.url_root}{url}",
+            f"{url_root}{url}",
             headers=self._auth_headers(),
             json=args if args else {},
         )
@@ -81,11 +93,12 @@ def patch(
         args: dict | None = None,
         do_not_raise_for: list | None = None,
     ) -> requests.Response:
+        url_root = self._url_root()
         current_app.logger.debug(
-            f"{self._log_prefix} PATCHing {url} with json data {args} ..."
+            f"{self._log_prefix} Calling PATCH to {url_root}{url} with json data {args} ..."
         )
         response = requests.patch(
-            f"{request.url_root}{url}",
+            f"{url_root}{url}",
             headers=self._auth_headers(),
             json=args if args else {},
         )
@@ -97,9 +110,12 @@ def delete(
         url: str,
         do_not_raise_for: list | None = None,
     ) -> requests.Response:
-        current_app.logger.debug(f"{self._log_prefix} DELETEing {url} ...")
+        url_root = self._url_root()
+        current_app.logger.debug(
+            f"{self._log_prefix} Calling DELETE to {url_root}{url} ..."
+        )
         response = requests.delete(
-            f"{request.url_root}{url}",
+            f"{url_root}{url}",
             headers=self._auth_headers(),
         )
         self._maybe_raise(response, do_not_raise_for)

diff --git a/flexmeasures/utils/config_defaults.py b/flexmeasures/utils/config_defaults.py
@@ -138,6 +138,8 @@ class Config(object):
     FLEXMEASURES_API_SUNSET_DATE: str | None = None  # e.g. 2023-05-01
     FLEXMEASURES_API_SUNSET_LINK: str | None = None  # e.g. https://flexmeasures.readthedocs.io/en/latest/api/introduction.html#deprecation-and-sunset
 
+    # if True, all requests are forced to be via HTTPS.
+    FLEXMEASURES_FORCE_HTTPS: bool = False
     # if True, the content could be accessed via HTTPS.
     FLEXMEASURES_ENFORCE_SECURE_CONTENT_POLICY: bool = False