/** * RBAC Admin API Proxy - Catch-all route * Proxies /api/sdk/v1/rbac//... to ai-compliance-sdk /sdk/v1//... * * Mapping: /rbac/tenants/... → /sdk/v1/tenants/... * /rbac/namespaces/... → /sdk/v1/namespaces/... * /rbac/roles/... → /sdk/v1/roles/... * /rbac/user-roles/... → /sdk/v1/user-roles/... * /rbac/permissions/... → /sdk/v1/permissions/... * /rbac/llm/policies/... → /sdk/v1/llm/policies/... */ import { NextRequest, NextResponse } from 'next/server' const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090' async function proxyRequest( request: NextRequest, pathSegments: string[] | undefined, method: string ) { // Path segments come as the full sub-path after /rbac/ // e.g. /rbac/tenants/123 → pathSegments = ['tenants', '123'] const pathStr = pathSegments?.join('/') || '' const searchParams = request.nextUrl.searchParams.toString() const url = `${SDK_BACKEND_URL}/sdk/v1/${pathStr}${searchParams ? `?${searchParams}` : ''}` try { const headers: HeadersInit = { 'Content-Type': 'application/json', } const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug'] for (const name of headerNames) { const value = request.headers.get(name) if (value) { headers[name] = value } } const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i const clientUserId = request.headers.get('x-user-id') const clientTenantId = request.headers.get('x-tenant-id') headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001' headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e') const fetchOptions: RequestInit = { method, headers, signal: AbortSignal.timeout(60000), } if (method === 'POST' || method === 'PUT' || method === 'PATCH') { const body = await request.text() if (body) { fetchOptions.body = body } } const response = await fetch(url, fetchOptions) if (!response.ok) { const errorText = await response.text() let errorJson try { errorJson = JSON.parse(errorText) } catch { errorJson = { error: errorText } } return NextResponse.json( { error: `Backend Error: ${response.status}`, ...errorJson }, { status: response.status } ) } const data = await response.json() return NextResponse.json(data) } catch (error) { console.error('RBAC API proxy error:', error) return NextResponse.json( { error: 'Verbindung zum SDK Backend fehlgeschlagen' }, { status: 503 } ) } } export async function GET( request: NextRequest, { params }: { params: Promise<{ path?: string[] }> } ) { const { path } = await params return proxyRequest(request, path, 'GET') } export async function POST( request: NextRequest, { params }: { params: Promise<{ path?: string[] }> } ) { const { path } = await params return proxyRequest(request, path, 'POST') } export async function PUT( request: NextRequest, { params }: { params: Promise<{ path?: string[] }> } ) { const { path } = await params return proxyRequest(request, path, 'PUT') } export async function PATCH( request: NextRequest, { params }: { params: Promise<{ path?: string[] }> } ) { const { path } = await params return proxyRequest(request, path, 'PATCH') } export async function DELETE( request: NextRequest, { params }: { params: Promise<{ path?: string[] }> } ) { const { path } = await params return proxyRequest(request, path, 'DELETE') }