From 3bd1c3ebdca64285121940ba39fffa780979407f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sim=C3=B3=20Albert=20i=20Beltran?= <sim6@bona.gent>
Date: Thu, 20 Jan 2022 15:09:53 +0100
Subject: [PATCH 1/4] Nextcloud use api avatars

---
 docker/haproxy/haproxy.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker/haproxy/haproxy.conf b/docker/haproxy/haproxy.conf
index 17bba98..93e3e23 100644
--- a/docker/haproxy/haproxy.conf
+++ b/docker/haproxy/haproxy.conf
@@ -50,6 +50,7 @@ frontend website
     acl is_admin hdr_beg(host) admin.
 
     use_backend letsencrypt if { path_beg /.well-known/acme-challenge/ }
+    use_backend be_api if is_nextcloud { path_beg /avatar/ }
     use_backend be_nextcloud if is_nextcloud
     use_backend be_moodle if is_moodle
     use_backend be_jitsi if is_jitsi
@@ -75,6 +76,8 @@ backend be_api
   acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
   http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
   http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
+  # Nextcloud use /avatar/username/32 /avatar/username/64 and /avatar/username/128
+  http-request set-path %[path,regsub(\"^(/avatar/[^/]+).*\",\"\1\")]
 	server api isard-sso-api:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
 
 backend be_ipa

From bed86a2447c23762f553bf6f405f051a75abed5c Mon Sep 17 00:00:00 2001
From: darta <josepmaria@isardvdi.com>
Date: Fri, 21 Jan 2022 13:10:31 +0000
Subject: [PATCH 2/4] fix(admin): fixed duallogin to no

---
 admin/src/saml_scripts/moodle_saml.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/src/saml_scripts/moodle_saml.py b/admin/src/saml_scripts/moodle_saml.py
index 3a35014..b6112c4 100644
--- a/admin/src/saml_scripts/moodle_saml.py
+++ b/admin/src/saml_scripts/moodle_saml.py
@@ -197,7 +197,7 @@ class MoodleSaml:
         config = {
             "idpmetadata": self.parse_idp_metadata(),
             "certs_locked": "1",
-            "duallogin": "1",
+            "duallogin": "0",
             "idpattr": "username",
             "autocreate": "1",
             "anyauth": "1",

From a6b675c5f77451189f03d721964625305e2bed91 Mon Sep 17 00:00:00 2001
From: darta <josepmaria@isardvdi.com>
Date: Fri, 21 Jan 2022 14:20:39 +0000
Subject: [PATCH 3/4] fix(api): expires to 1m

---
 docker/api/default.conf | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/docker/api/default.conf b/docker/api/default.conf
index ce937d8..a633301 100644
--- a/docker/api/default.conf
+++ b/docker/api/default.conf
@@ -7,7 +7,7 @@ server {
     server_name  localhost;
 
     root /api/api/static/;
-    expires max;
+    expires 1m;
     log_not_found off;
     access_log off;
 
@@ -15,14 +15,14 @@ server {
 
     location /avatar {
         proxy_pass http://127.0.0.1:7039/avatar;
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
 
     location /restart {
         proxy_pass http://127.0.0.1:7039/restart;
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
@@ -31,7 +31,7 @@ server {
         alias /api/api/static/templates/user_menu_header.json;
         default_type application/json;
         index user_menu_header.json;
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
@@ -40,7 +40,7 @@ server {
         alias /api/api/static/templates/user_menu_header.html;
         default_type text/html;
         index user_menu_header.html;
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
@@ -49,7 +49,7 @@ server {
         alias /api/api/static/templates/header.json;
         default_type application/json;
         index header.json;
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
@@ -58,7 +58,7 @@ server {
         alias /api/api/static/templates/header.html;
         default_type text/html;
         index header.html;
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
@@ -67,15 +67,15 @@ server {
         alias /api/api/static/templates/header_nextcloud.html;
         default_type text/html;
         index header_nextcloud.html
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
 
    location / {
         try_files $uri $uri/
-        expires max;
+       expires 1m;
         log_not_found off;
         access_log off;
     }
-}
\ No newline at end of file
+}

From 6bf0f24cef63d053d40e63e4286c293efd2f8ac2 Mon Sep 17 00:00:00 2001
From: darta <josepmaria@isardvdi.com>
Date: Mon, 24 Jan 2022 08:16:14 +0100
Subject: [PATCH 4/4] fix(haproxy): denied pad root path

---
 docker/haproxy/haproxy.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker/haproxy/haproxy.conf b/docker/haproxy/haproxy.conf
index 93e3e23..a4cc11c 100644
--- a/docker/haproxy/haproxy.conf
+++ b/docker/haproxy/haproxy.conf
@@ -49,6 +49,9 @@ frontend website
     acl is_api hdr_beg(host) api.
     acl is_admin hdr_beg(host) admin.
 
+    acl is_root path -i /
+    http-request deny if is_pad is_root
+
     use_backend letsencrypt if { path_beg /.well-known/acme-challenge/ }
     use_backend be_api if is_nextcloud { path_beg /avatar/ }
     use_backend be_nextcloud if is_nextcloud