From 8b6a569a312e0a6e3810624013e65576a8a034b6 Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Thu, 16 Sep 2021 16:05:37 +0200
Subject: [PATCH] =?UTF-8?q?Classe=20ReverseProxied=20WSGI=20pour=20r=C3=A9?=
 =?UTF-8?q?-=C3=A9criture=20des=20URL=20http/https?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/__init__.py         | 16 ++++++++++++++++
 app/decorators.py       | 14 ++++++++------
 tools/etc/scodoc9.nginx |  1 +
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index 83b6c9087..ac256d8a4 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -133,8 +133,24 @@ class ScoSMTPHandler(SMTPHandler):
         return subject
 
 
+class ReverseProxied(object):
+    """Adaptateur wsgi qui nous permet d'avoir toutes les URL calculées en https
+    sauf quand on est en dev.
+    La variable HTTP_X_FORWARDED_PROTO est positionnée par notre config nginx"""
+
+    def __init__(self, app):
+        self.app = app
+
+    def __call__(self, environ, start_response):
+        scheme = environ.get("HTTP_X_FORWARDED_PROTO")
+        if scheme:
+            environ["wsgi.url_scheme"] = scheme  # ou forcer à https ici ?
+        return self.app(environ, start_response)
+
+
 def create_app(config_class=DevConfig):
     app = Flask(__name__, static_url_path="/ScoDoc/static", static_folder="static")
+    app.wsgi_app = ReverseProxied(app.wsgi_app)
     app.logger.setLevel(logging.DEBUG)
     app.config.from_object(config_class)
 
diff --git a/app/decorators.py b/app/decorators.py
index 3696d56ca..4987f0d83 100644
--- a/app/decorators.py
+++ b/app/decorators.py
@@ -43,12 +43,14 @@ class ZRequest(object):
     "Emulating Zope 2 REQUEST"
 
     def __init__(self):
-        if current_app.config["DEBUG"]:
-            self.URL = request.base_url
-            self.BASE0 = request.url_root
-        else:
-            self.URL = request.base_url.replace("http://", "https://")
-            self.BASE0 = request.url_root.replace("http://", "https://")
+        # if current_app.config["DEBUG"]:
+
+        # le ReverseProxied se charge maintenant de mettre le bon protocole http ou https
+        self.URL = request.base_url
+        self.BASE0 = request.url_root
+        # else:
+        #     self.URL = request.base_url.replace("http://", "https://")
+        #     self.BASE0 = request.url_root.replace("http://", "https://")
         self.URL0 = self.URL
         # query_string is bytes:
         self.QUERY_STRING = request.query_string.decode("utf-8")
diff --git a/tools/etc/scodoc9.nginx b/tools/etc/scodoc9.nginx
index 2cc4ef721..8df2b9d47 100644
--- a/tools/etc/scodoc9.nginx
+++ b/tools/etc/scodoc9.nginx
@@ -27,6 +27,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
     }
     location /ScoDoc/static {
         # handle static files directly, without forwarding to the application