PD-3704

cryptalith · cryptalith · commit 256e4cf29e3f · 2025-12-09T13:56:04.000-06:00
diff --git a/angular.json b/angular.json
@@ -299,6 +299,10 @@
               "proxyConfig": "src/proxy.conf.sandbox.mjs",
               "buildTarget": "ng-orcid:build:local-with-proxy"
             },
+            "local-orcid-web": {
+              "proxyConfig": "src/proxy.conf.orcid-web.mjs",
+              "buildTarget": "ng-orcid:build:local-with-proxy"
+            },
             "local": {
               "buildTarget": "ng-orcid:build:local"
             },
diff --git a/package.json b/package.json
@@ -5,6 +5,7 @@
     "start-local": "npm run build-runtime-env && ng serve --disable-host-check --host 0.0.0.0",
     "start": "npm run build-runtime-env && (ng serve --configuration=local-qa --host 0.0.0.0 & npm run start:ui-docs)",
     "start-sandbox": "ng serve --configuration=local-sandbox --host 0.0.0.0",
+    "start:orcid-web": "npm run build-runtime-env && ng serve --configuration=local-orcid-web --host 0.0.0.0",
     "start:en": "ng serve --configuration=local-qa-en --disable-host-check",
     "start:ar": "ng serve --configuration=local-qa-ar --disable-host-check",
     "start:fr": "ng serve --configuration=local-qa-fr --disable-host-check",
diff --git a/src/proxy.conf.orcid-web.mjs b/src/proxy.conf.orcid-web.mjs
@@ -0,0 +1,76 @@
+/**
+ * Proxy configuration to hit a local orcid-web backend at http://localhost:8080/orcid-web
+ * - Rewrites cookie domains to localhost
+ * - Strips `secure` so cookies work over http
+ * - Proxies only API calls (not the Angular app shell)
+ */
+
+function rewriteCookies(proxyRes) {
+  const cookies = proxyRes.headers['set-cookie']
+  if (!cookies) return
+
+  const rewrite = (cookie) => {
+    let rewritten = cookie
+    // Force cookies to localhost domain
+    rewritten = rewritten.replace(/Domain=[^;]+/gi, 'Domain=localhost')
+    // Normalize path to root
+    rewritten = rewritten.replace(/Path=\/orcid-web/gi, 'Path=/')
+    // Remove secure for http local dev
+    rewritten = rewritten.replace(/;\s*secure/gi, '')
+    return rewritten.trim()
+  }
+
+  proxyRes.headers['set-cookie'] = Array.isArray(cookies)
+    ? cookies.map(rewrite)
+    : rewrite(cookies)
+}
+
+function responseOverridesGeneric() {
+  return (proxyRes, req, res) => {
+    rewriteCookies(proxyRes)
+    if (proxyRes.statusCode >= 300 && proxyRes.statusCode < 400) {
+      const location = proxyRes.headers['location']
+      if (typeof location === 'string') {
+        proxyRes.headers['location'] = location.replace(
+          'http://localhost:8080/orcid-web',
+          'http://localhost:4200'
+        )
+      }
+    }
+  }
+}
+
+const shouldProxyRootApi = (pathname, req) => {
+  const accept = req.headers.accept || ''
+
+  // Do NOT proxy SPA navigations or dev-server internals
+  if (accept.includes('text/html')) return false
+  if (
+    pathname.startsWith('/assets') ||
+    pathname.startsWith('/favicon.ico') ||
+    pathname.startsWith('/ng-cli-ws') ||
+    pathname.startsWith('/sockjs-node') ||
+    pathname === '/' ||
+    pathname === '/index.html'
+  ) {
+    return false
+  }
+
+  // Everything else at root (your API calls without a prefix) → proxy
+  return true
+}
+
+export default [
+  {
+    // Proxy root-level API calls to local orcid-web
+    context: shouldProxyRootApi,
+    target: 'http://localhost:8080/orcid-web',
+    secure: false,
+    changeOrigin: true,
+    logLevel: 'debug',
+    cookieDomainRewrite: 'localhost',
+    onProxyRes: responseOverridesGeneric(),
+    pathRewrite: { '^/': '/' },
+  },
+]
+
