main.js

const http = require('http');
const https = require('https');
const { URL } = require('url');

const PORT = Number(process.env.PORT || 3000);
// const AUTH_USER = process.env.AUTH_USER || 'defaultadmin';  // use for basic auth not recommended for production
// const AUTH_PASSWORD = process.env.AUTH_PASSWORD || 'default12345'; // use for basic auth not recommended for production

const INCOMING_BASE_PATH = process.env.INCOMING_BASE_PATH || '/visor'; // end point base path, change as needed
const WMS_TARGET = new URL(process.env.WMS_TARGET || 'http://localhost:9001');
const WMS_PREFIX = ensureLeadingSlash(process.env.WMS_PREFIX || '/geoserver');

const server = http.createServer((req, res) => {
  /*  uncomment to enable authentication
  if (!hasValidAuth(req)) {
     res.writeHead(401, { 'WWW-Authenticate': 'Basic realm="Proxy"' });
     res.end('Authentication required');
     return;
   }

  */

  const incomingUrl = new URL(req.url || '/', 'http://placeholder');

  if (!incomingUrl.pathname.startsWith(INCOMING_BASE_PATH)) {
    res.writeHead(404, { 'Content-Type': 'text/plain' });
    res.end('Not Found');
    return;
  }

  if (!isWmsGetMap(incomingUrl.searchParams)) {
    res.writeHead(400, { 'Content-Type': 'text/plain' });
    res.end('Unsupported request');
    return;
  }

  const suffix = normalizeSuffix(incomingUrl.pathname.slice(INCOMING_BASE_PATH.length));
  const targetUrl = new URL(WMS_PREFIX + suffix + incomingUrl.search, WMS_TARGET);
  const client = targetUrl.protocol === 'https:' ? https : http;

  const proxyRequest = client.request(
    {
      hostname: targetUrl.hostname,
      port: resolvePort(targetUrl),
      method: req.method,
      path: targetUrl.pathname + targetUrl.search,
      headers: {
        ...req.headers,
        host: targetUrl.host,
      },
    },
    (proxyResponse) => {
      res.writeHead(proxyResponse.statusCode || 500, proxyResponse.headers);
      proxyResponse.pipe(res);
    },
  );

  proxyRequest.on('error', () => {
    if (!res.headersSent) {
      res.writeHead(502, { 'Content-Type': 'text/plain' });
    }
    res.end('Unable to reach WMS server');
  });

  req.pipe(proxyRequest);
});

server.listen(PORT, () => {
  console.log(`Proxy listening on port ${PORT}`);
});

/* uncomment to enable authentication
// Replace this for jwt or other methods, this works with basic auth but is not recommended for production
// for test, uncomment and set AUTH_USER and AUTH_PASSWORD env variables

function hasValidAuth(request) {
  const authorization = request.headers.authorization;
  if (!authorization || !authorization.startsWith('Basic ')) {
    return false;
  }

  const credentials = Buffer.from(authorization.slice(6), 'base64').toString();
  const [user, password] = credentials.split(':');
  return user === AUTH_USER && password === AUTH_PASSWORD;
}
*/

// Check if the request is a WMS GetMap or related request, change as needed
function isWmsGetMap(params) {
  const request = getParamInsensitive(params, 'request');
  return (request?.toUpperCase() === 'GETMAP' ||
  request?.toUpperCase() === 'GETSTYLES' || 
  request?.toUpperCase() === 'GETLEGENDGRAPHIC' || 
  request?.toUpperCase() === 'GETFEATURES' || 
  request?.toUpperCase() === 'GETCAPABILITIES' ||
  request?.toUpperCase() === 'GETFEATUREINFO');
}

function getParamInsensitive(params, key) {
  key = key.toLowerCase();
  for (const [name, value] of params) {
    if (name.toLowerCase() === key) {
      return value;
    }
  }
  return undefined;
}

function normalizeSuffix(rawSuffix) {
  if (!rawSuffix) {
    return '';
  }
  return rawSuffix.startsWith('/') ? rawSuffix : `/${rawSuffix}`;
}

function resolvePort(urlObj) {
  if (urlObj.port) {
    return Number(urlObj.port);
  }
  return urlObj.protocol === 'https:' ? 443 : 80;
}

function ensureLeadingSlash(value) {
  if (!value.startsWith('/')) {
    return `/${value}`;
  }
  return value;
}