Use the proxy request identifier for storing the VA cookie in proxy sites (#3091)

Author: taranvohra

.github/workflows/deploy-preview.yaml

@@ -10,7 +10,7 @@ jobs:
     deploy-v1-cloudflare:
         name: Deploy v1 to Cloudflare Pages
         runs-on: ubuntu-latest
-        environment: 
+        environment:
           name: ${{ github.ref == 'refs/heads/main' && '1c-production' || '1c-preview' }}
           url: ${{ steps.deploy.outputs.deployment-url }}
         permissions:
@@ -57,7 +57,7 @@ jobs:
     deploy-v2-vercel:
         name: Deploy v2 to Vercel (preview)
         runs-on: ubuntu-latest
-        environment: 
+        environment:
           name: 2v-preview
           url: ${{ steps.deploy.outputs.deployment-url }}
         outputs:
@@ -78,7 +78,7 @@ jobs:
     deploy-v2-cloudflare:
         name: Deploy v2 to Cloudflare Worker (preview)
         runs-on: ubuntu-latest
-        environment: 
+        environment:
           name: 2c-preview
           url: ${{ steps.deploy.outputs.deployment-url }}
         outputs:

packages/gitbook-v2/src/lib/data/index.ts

@@ -4,3 +4,5 @@ export * from './pages';
 export * from './urls';
 export * from './errors';
 export * from './lookup';
+export * from './proxy';
+export * from './visitor';

packages/gitbook-v2/src/lib/data/proxy.test.ts

@@ -0,0 +1,21 @@
+import { describe, expect, it } from 'bun:test';
+import { getProxyRequestIdentifier, isProxyRequest } from './proxy';
+
+describe('isProxyRequest', () => {
+    it('should return true for proxy requests', () => {
+        const proxyRequestURL = new URL('https://proxy.gitbook.site/sites/site_foo/hello/world');
+        expect(isProxyRequest(proxyRequestURL)).toBe(true);
+    });
+
+    it('should return false for non-proxy requests', () => {
+        const nonProxyRequestURL = new URL('https://example.com/docs/foo/hello/world');
+        expect(isProxyRequest(nonProxyRequestURL)).toBe(false);
+    });
+});
+
+describe('getProxyRequestIdentifier', () => {
+    it('should return the correct identifier for proxy requests', () => {
+        const proxyRequestURL = new URL('https://proxy.gitbook.site/sites/site_foo/hello/world');
+        expect(getProxyRequestIdentifier(proxyRequestURL)).toBe('sites/site_foo');
+    });
+});

packages/gitbook-v2/src/lib/data/proxy.ts

@@ -0,0 +1,15 @@
+/**
+ * Check if the request to the site was through a proxy.
+ */
+export function isProxyRequest(requestURL: URL): boolean {
+    return (
+        requestURL.host === 'proxy.gitbook.site' || requestURL.host === 'proxy.gitbook-staging.site'
+    );
+}
+
+export function getProxyRequestIdentifier(requestURL: URL): string {
+    // For proxy requests, we extract the site ID from the pathname
+    // e.g. https://proxy.gitbook.site/site/siteId/...
+    const pathname = requestURL.pathname.slice(1).split('/');
+    return pathname.slice(0, 2).join('/');
+}

packages/gitbook-v2/src/lib/data/visitor.test.ts

@@ -0,0 +1,41 @@
+import { describe, expect, it } from 'bun:test';
+import { getVisitorAuthBasePath } from './visitor';
+
+describe('getVisitorAuthBasePath', () => {
+    it('should return the correct base path for proxy requests', () => {
+        expect(
+            getVisitorAuthBasePath(
+                new URL('https://proxy.gitbook.site/sites/site_foo/hello/world'),
+                {
+                    site: 'site_foo',
+                    siteSpace: 'sitesp_foo',
+                    basePath: '/foo',
+                    siteBasePath: '/foo',
+                    organization: 'org_foo',
+                    space: 'space_foo',
+                    pathname: '/hello/world',
+                    complete: false,
+                    apiToken: 'api_token_foo',
+                    canonicalUrl: 'https://example.com/docs/foo/hello/world',
+                }
+            )
+        ).toBe('/sites/site_foo/');
+    });
+
+    it('should return the correct base path for non-proxy requests', () => {
+        expect(
+            getVisitorAuthBasePath(new URL('https://example.com/docs/foo/hello/world'), {
+                site: 'site_foo',
+                siteSpace: 'sitesp_foo',
+                basePath: '/foo/',
+                siteBasePath: '/foo/',
+                organization: 'org_foo',
+                space: 'space_foo',
+                pathname: '/hello/world',
+                complete: false,
+                apiToken: 'api_token_foo',
+                canonicalUrl: 'https://example.com/docs/foo/hello/world',
+            })
+        ).toBe('/foo/');
+    });
+});

packages/gitbook-v2/src/lib/data/visitor.ts

@@ -0,0 +1,19 @@
+import { withLeadingSlash, withTrailingSlash } from '@/lib/paths';
+import type { PublishedSiteContent } from '@gitbook/api';
+import { getProxyRequestIdentifier, isProxyRequest } from './proxy';
+
+/**
+ * Get the appropriate base path for the visitor authentication cookie.
+ */
+export function getVisitorAuthBasePath(
+    siteRequestURL: URL,
+    siteURLData: PublishedSiteContent
+): string {
+    // The siteRequestURL for proxy requests is of the form `https://proxy.gitbook.com/site/siteId/...`
+    // In such cases, we should not use the resolved siteBasePath for the cookie because for subsequent requests
+    // we will not have the siteBasePath in the request URL in order to retrieve the cookie. So we use the
+    // proxy identifier instead.
+    return isProxyRequest(siteRequestURL)
+        ? withLeadingSlash(withTrailingSlash(getProxyRequestIdentifier(siteRequestURL)))
+        : siteURLData.siteBasePath;
+}

packages/gitbook-v2/src/lib/images/getImageResizingContextId.ts

@@ -1,13 +1,12 @@
+import { getProxyRequestIdentifier, isProxyRequest } from '../data';
+
 /**
  * Get the site identifier to use for image resizing for an incoming request.
  * This identifier can be obtained before resolving the request URL.
  */
 export function getImageResizingContextId(url: URL): string {
-    if (url.host === 'proxy.gitbook.site' || url.host === 'proxy.gitbook-staging.site') {
-        // For proxy requests, we extract the site ID from the pathname
-        // e.g. https://proxy.gitbook.site/site/siteId/...
-        const pathname = url.pathname.slice(1).split('/');
-        return pathname.slice(0, 2).join('/');
+    if (isProxyRequest(url)) {
+        return getProxyRequestIdentifier(url);
     }
 
     return url.host;

packages/gitbook-v2/src/middleware.ts

@@ -17,14 +17,14 @@ import { serveResizedImage } from '@/routes/image';
 import {
     DataFetcherError,
     getPublishedContentByURL,
+    getVisitorAuthBasePath,
     normalizeURL,
     throwIfDataError,
 } from '@v2/lib/data';
 import { isGitBookAssetsHostURL, isGitBookHostURL } from '@v2/lib/env';
 import { getImageResizingContextId } from '@v2/lib/images';
 import { MiddlewareHeaders } from '@v2/lib/middleware';
 import type { SiteURLData } from './lib/context';
-
 export const config = {
     matcher: [
         '/((?!_next/static|_next/image|~gitbook/static|~gitbook/revalidate|~gitbook/monitoring|~scalar/proxy).*)',
@@ -137,7 +137,12 @@ async function serveSiteRoutes(requestURL: URL, request: NextRequest) {
             return NextResponse.redirect(siteURLData.redirect);
         }
 
-        cookies.push(...getResponseCookiesForVisitorAuth(siteURLData.siteBasePath, visitorToken));
+        cookies.push(
+            ...getResponseCookiesForVisitorAuth(
+                getVisitorAuthBasePath(siteRequestURL, siteURLData),
+                visitorToken
+            )
+        );
 
         // We use the host/origin from the canonical URL to ensure the links are
         // correctly generated when the site is proxied. e.g. https://proxy.gitbook.com/site/siteId/...

packages/gitbook/e2e/internal.spec.ts

@@ -419,6 +419,43 @@ const testCases: TestsCase[] = [
             },
         ],
     },
+    {
+        name: 'Site subdirectory (proxy)',
+        skip: process.env.ARGOS_BUILD_NAME !== 'v2-vercel',
+        contentBaseURL: 'https://nextjs-gbo-proxy.vercel.app/documentation/',
+        tests: [
+            {
+                name: 'Main',
+                url: '',
+                fullPage: true,
+            },
+        ],
+    },
+    {
+        name: 'Site subdirectory (proxy) with VA',
+        skip: process.env.ARGOS_BUILD_NAME !== 'v2-vercel',
+        contentBaseURL: 'https://nextjs-gbo-proxy-va.vercel.app/va/docs/',
+        tests: [
+            {
+                name: 'Main',
+                url: () => {
+                    const privateKey =
+                        'rqSfA6x7eAKx1qDRCDq9aCXwivpUvQ8YkXeDdFvCCUa9QchIcM7pF1iJ4o7AGOU49spmOWjKoIPtX0pVUVQ81w==';
+                    const token = jwt.sign(
+                        {
+                            name: 'gitbook-open-tests',
+                        },
+                        privateKey,
+                        {
+                            expiresIn: '24h',
+                        }
+                    );
+                    return `?jwt_token=${token}`;
+                },
+                fullPage: true,
+            },
+        ],
+    },
     {
         name: 'Content tests',
         contentBaseURL: 'https://gitbook.gitbook.io/test-gitbook-open/',