jpdZddlmZddlZddlZddlZddlmZej e Z e dZ dd Zdd Zdd ZddZddZdS)uzHelpers for X-Forwarded-Prefix support. Mission-control style deploys reverse-proxy the dashboard at a path prefix (e.g. ``mission-control.tilos.com/hermes/*`` -> dashboard on :9119), injecting ``X-Forwarded-Prefix: /hermes`` so the backend can reconstruct prefixed URLs (Location: headers, OAuth redirect_uri, cookie Path attributes, SPA asset URLs). This module is also the home of the ``HERMES_DASHBOARD_PUBLIC_URL`` / ``dashboard.public_url`` resolution — when the operator declares a complete public URL (scheme + host + optional path prefix), we use that directly for the OAuth ``redirect_uri`` and skip the X-Forwarded-Prefix reconstruction. Relief valve for deploys where the proxy header chain isn't reliable. The single source of truth for both helpers lives here so the gate middleware, the OAuth routes, the cookie helpers, and the SPA mount all agree on validation rules. ) annotationsN)Optional)"'<>    raw Optional[str]returnstrc|sdS|sdSdsdzddvs$dvs tfdtDrdSt dkrdSS)aTNormalise an X-Forwarded-Prefix header value. Returns a string like ``"/hermes"`` (no trailing slash) or ``""`` when no prefix is set / the header is malformed. We deliberately reject anything containing ``..`` or non-printable bytes so a hostile proxy can't inject HTML or path-traversal sequences via the prefix. /z//z..c3 K|]}|vV dSN).0cps ?/usr/local/lib/hermes-agent/hermes_cli/dashboard_auth/prefix.py z#normalise_prefix..7s'--!qAv------@)strip startswithrstripany _REJECT_CHARSlen)r rs @rnormalise_prefixr$#s r A r <<   !G  A  199 ----}--- - - r 1vv{{r HrcPt|jdS)zConvenience wrapper that reads the header off a Starlette/FastAPI Request and normalises it. Returns ``""`` when no prefix. zx-forwarded-prefix)r$headersget)requests rprefix_from_requestr)?s# GO//0DEE F FFrc6|sdS|sdStfdtDrdS tj}n#t $rYdSwxYw|jdvrdS|jsdS dS)uNormalise a ``dashboard.public_url`` value. Returns the cleaned URL (scheme://netloc[/path], trailing slash removed) on success, or ``""`` when the value is empty, malformed, or contains characters that suggest header injection. The caller must treat ``""`` as "fall back to request reconstruction" — never as "the user explicitly chose no public URL", because the two are indistinguishable from an empty env var. rc3 K|]}|vV dSrr)rrurls rrz(_normalise_public_url..^s' + +18 + + + + + +r>httphttpsr) rr!r"urllibparseurlparse ValueErrorschemenetlocr )r parsedr,s @r_normalise_public_urlr6Ks r ))++C r  + + + +] + + +++r&&s++ rr }---r =r ::c??sA!! A/.A/dictc@ ddlm}n#t$ricYSwxYw |}n4#t$r'}td|icYd}~Sd}~wwxYwt |t r|dnd}t |t r|niS)aYReturn the ``dashboard`` block from ``config.yaml`` if it exists and is a dict; otherwise an empty dict. Robust to (a) load_config() raising (malformed YAML, IO error, config.yaml absent), and (b) ``dashboard`` being absent or non-dict. Both shapes fall through to ``{}`` so the caller can rely on ``.get(...)`` access. r) load_configzVdashboard-auth.prefix: load_config() raised %s; falling back to env-only configurationN dashboard)hermes_cli.configr9 Exception_logdebug isinstancer7r')r9cfgexcsections r_load_dashboard_sectionrCms1111111  kmm   5     '1d&;&;Ecggk"""G $// 777R7s&  ' AA AActjdd}t|}|r|St dd}tt |S)uResolve the operator-declared dashboard public URL. Precedence (mirrors ``dashboard.oauth.client_id``): 1. ``HERMES_DASHBOARD_PUBLIC_URL`` env var (when non-empty after strip — empty values are treated as unset so a provisioned-but- not-populated Fly secret can't shadow a valid config.yaml entry). 2. ``dashboard.public_url`` in ``config.yaml``. 3. Empty string — signals "no override, reconstruct from request" to the caller. Each candidate value is run through :func:`_normalise_public_url`. A malformed env var falls through to the config.yaml entry; a malformed config entry falls through to ``""``. This means a typo in one surface doesn't prevent the other from working. HERMES_DASHBOARD_PUBLIC_URLr public_url)osenvironr'r6rCr)env_raw env_cleancfg_raws rresolve_public_urlrLsd"jnn:B??G%g..I%''++L"==G W . ..r)r rrr)rr)rr7)__doc__ __future__rloggingrG urllib.parser/typingr getLogger__name__r= frozensetr"r$r)r6rCrLrrrrUs&#""""" w""  EFF     8GGGGD88884//////r