OpaApiClient: fix request path hook to work with proxies

Signed-off-by: Stephan Renatus <stephan@styra.com>

Author: srenatus

src/hooks/request-path-hook.ts

@@ -7,7 +7,7 @@ export class RewriteRequestPathHook implements BeforeCreateRequestHook {
     input: RequestInput,
   ): RequestInput {
     const url = new URL(input.url);
-    if (url.pathname.startsWith("/v1/data")) {
+    if (url.pathname.indexOf("/v1/data/") != -1) {
       url.pathname = decodeURIComponent(url.pathname);
       return { ...input, url };
     }

tests/authorizer.test.ts

@@ -1,6 +1,12 @@
 import { describe, before, after, it } from "node:test";
 import assert from "node:assert";
-import { GenericContainer, StartedTestContainer, Wait } from "testcontainers";
+import {
+  GenericContainer,
+  Network,
+  StartedNetwork,
+  StartedTestContainer,
+  Wait,
+} from "testcontainers";
 import { OPAClient, ToInput, Input, Result } from "../src/";
 import { HTTPClient } from "../src/lib/http";
 
@@ -53,8 +59,11 @@ allow if {
 `;
 
   let container: StartedTestContainer;
+  let network: StartedNetwork;
+  let proxy: StartedTestContainer;
   let serverURL: string;
   before(async () => {
+    network = await new Network().start();
     container = await new GenericContainer("openpolicyagent/opa:latest")
       .withCommand([
         "run",
@@ -66,6 +75,8 @@ allow if {
         "--set=default_decision=system/main/main",
         "/authz.rego",
       ])
+      .withName("opa")
+      .withNetwork(network)
       .withExposedPorts(8181)
       .withWaitStrategy(Wait.forHttp("/health", 8181).forStatusCode(200))
       .withCopyContentToContainer([
@@ -75,6 +86,23 @@ allow if {
         },
       ])
       .start();
+
+    proxy = await new GenericContainer("caddy:latest")
+      .withNetwork(network)
+      .withExposedPorts(8000)
+      .withWaitStrategy(Wait.forHttp("/opa/health", 8000).forStatusCode(200))
+      .withCopyContentToContainer([
+        {
+          content: `
+:8000 {
+  handle_path /opa/* {
+    reverse_proxy http://opa:8181
+  }
+}`,
+          target: "/etc/caddy/Caddyfile",
+        },
+      ])
+      .start();
     serverURL = `http://${container.getHost()}:${container.getMappedPort(8181)}`;
 
     for (const [id, body] of Object.entries(policies)) {
@@ -228,5 +256,17 @@ allow if {
     assert.strictEqual(res, true);
   });
 
-  after(async () => await container.stop());
+  it("supports rules with slashes when proxied", async () => {
+    const serverURL = `http://${proxy.getHost()}:${proxy.getMappedPort(8000)}/opa`;
+    const res = await new OPAClient(serverURL).evaluate(
+      "has/weird%2fpackage/but/it_is",
+    );
+    assert.strictEqual(res, true);
+  });
+
+  after(async () => {
+    await container.stop();
+    await proxy.stop();
+    await network.stop();
+  });
 });