From 96865519f84c443718d9173d8f0b5e9f462e12b0 Mon Sep 17 00:00:00 2001
From: Hannes Schmidt <hannes@ucsc.edu>
Date: Thu, 3 Aug 2023 22:32:01 -0700
Subject: [PATCH 1/2] Don't hard-code bucket names in `browser` component

---
 terraform/browser/browser.tf.json.template.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/terraform/browser/browser.tf.json.template.py b/terraform/browser/browser.tf.json.template.py
index f4b3f0e3b..f5e6afc62 100644
--- a/terraform/browser/browser.tf.json.template.py
+++ b/terraform/browser/browser.tf.json.template.py
@@ -36,8 +36,10 @@
 )
 
 buckets = {
-    bucket: aws.qualified_bucket_name(bucket)
-    for bucket in ['portal', 'browser']
+    site['bucket']: aws.qualified_bucket_name(site['bucket'])
+    for project, branches in config.browser_sites.items()
+    for branch, sites in branches.items()
+    for site_name, site in sites.items()
 }
 
 

From de1ed6f315fdc9880b5778a18c7a4057dd1f8fa6 Mon Sep 17 00:00:00 2001
From: Hannes Schmidt <hannes@ucsc.edu>
Date: Thu, 3 Aug 2023 22:34:05 -0700
Subject: [PATCH 2/2] Deploy consortia tab of AnVIL portal (#5452)

---
 deployments/anvildev.browser/environment.py   |  6 +++++
 deployments/anvilprod.browser/environment.py  |  6 +++++
 terraform/browser/browser.tf.json.template.py |  7 ++++++
 terraform/browser/ptm_add_response_headers.js | 15 +++++++++++++
 terraform/browser/ptm_next_path_mapper.js     | 22 +++++++++++++++++++
 5 files changed, 56 insertions(+)
 create mode 100644 terraform/browser/ptm_add_response_headers.js
 create mode 100644 terraform/browser/ptm_next_path_mapper.js

diff --git a/deployments/anvildev.browser/environment.py b/deployments/anvildev.browser/environment.py
index 8eb753dd5..2323a3f48 100644
--- a/deployments/anvildev.browser/environment.py
+++ b/deployments/anvildev.browser/environment.py
@@ -45,6 +45,12 @@ def env() -> Mapping[str, Optional[str]]:
                         'bucket': 'portal',
                         'tarball_path': 'public',
                         'real_path': ''
+                    },
+                    'consortia': {
+                        'domain': '{AZUL_DOMAIN_NAME}',
+                        'bucket': 'consortia',
+                        'tarball_path': 'out',
+                        'real_path': ''
                     }
                 }
             }
diff --git a/deployments/anvilprod.browser/environment.py b/deployments/anvilprod.browser/environment.py
index 8eb753dd5..2323a3f48 100644
--- a/deployments/anvilprod.browser/environment.py
+++ b/deployments/anvilprod.browser/environment.py
@@ -45,6 +45,12 @@ def env() -> Mapping[str, Optional[str]]:
                         'bucket': 'portal',
                         'tarball_path': 'public',
                         'real_path': ''
+                    },
+                    'consortia': {
+                        'domain': '{AZUL_DOMAIN_NAME}',
+                        'bucket': 'consortia',
+                        'tarball_path': 'out',
+                        'real_path': ''
                     }
                 }
             }
diff --git a/terraform/browser/browser.tf.json.template.py b/terraform/browser/browser.tf.json.template.py
index f5e6afc62..8cee56d4e 100644
--- a/terraform/browser/browser.tf.json.template.py
+++ b/terraform/browser/browser.tf.json.template.py
@@ -137,6 +137,13 @@ def emit():
                                          explorer_domain_router=True,
                                          add_response_security_headers=False),
                         google_search_behavior(),
+                        *(
+                            bucket_behaviour('consortia',
+                                             path_pattern=path_pattern,
+                                             ptm_next_path_mapper=True,
+                                             ptm_add_response_headers=False)
+                            for path_pattern in ['/consortia*', '_next/*']
+                        ),
                     ],
                     'default_cache_behavior':
                         bucket_behaviour('portal',
diff --git a/terraform/browser/ptm_add_response_headers.js b/terraform/browser/ptm_add_response_headers.js
new file mode 100644
index 000000000..366b9685f
--- /dev/null
+++ b/terraform/browser/ptm_add_response_headers.js
@@ -0,0 +1,15 @@
+function handler(event) {
+    var response = event.response;
+    var headers = response.headers;
+
+    // Set HTTP security headers
+    // Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation
+    headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'};
+    // headers['content-security-policy'] = { value: "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'"};
+    // headers['x-content-type-options'] = { value: 'nosniff'};
+    // headers['x-frame-options'] = {value: 'DENY'};
+    // headers['x-xss-protection'] = {value: '1; mode=block'};
+
+    // Return the response to viewers
+    return response;
+}
diff --git a/terraform/browser/ptm_next_path_mapper.js b/terraform/browser/ptm_next_path_mapper.js
new file mode 100644
index 000000000..eb076befe
--- /dev/null
+++ b/terraform/browser/ptm_next_path_mapper.js
@@ -0,0 +1,22 @@
+function handler(event) {
+
+ var request = event.request;
+
+ var uri = request.uri;
+
+
+ if(uri.includes(".")){
+     // is a request for a file , leaeve alone
+     return request;
+ }
+
+ if(uri.endsWith("/")){
+    //this was a request for for something like /explore/files/ remove the trailing /
+    request.uri = request.uri.slice(0, -1);
+ }
+
+ // final case add  .html as this was not a file /explore or /explore/
+ request.uri +=".html";
+
+ return request;
+}