From 86ac976ba876211e438eb86a8bd6cc2c59c1c201 Mon Sep 17 00:00:00 2001
From: Andrew Martinez <andrew.p.martinez@gmail.com>
Date: Mon, 16 Sep 2024 16:27:31 -0400
Subject: [PATCH 1/3] fix #2405 fix multiple default APIs, tests

---
 controller/webapis/oidc-api.go |  2 +-
 tests/endpoint_test.go         | 67 ++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 tests/endpoint_test.go

diff --git a/controller/webapis/oidc-api.go b/controller/webapis/oidc-api.go
index bab0cc1ed..ff0ed2640 100644
--- a/controller/webapis/oidc-api.go
+++ b/controller/webapis/oidc-api.go
@@ -94,7 +94,7 @@ func (h OidcApiHandler) ServeHTTP(writer http.ResponseWriter, request *http.Requ
 }
 
 func (h OidcApiHandler) IsDefault() bool {
-	return true
+	return false
 }
 
 func NewOidcApiHandler(serverConfig *xweb.ServerConfig, ae *env.AppEnv, options map[interface{}]interface{}) (*OidcApiHandler, error) {
diff --git a/tests/endpoint_test.go b/tests/endpoint_test.go
new file mode 100644
index 000000000..8ffbf43a6
--- /dev/null
+++ b/tests/endpoint_test.go
@@ -0,0 +1,67 @@
+package tests
+
+import (
+	"testing"
+)
+
+// Test_Endpoints does HTTP testing against public entry URLs to ensure they continue to function.
+// Non-prefixed paths are deprecated, but some older clients do not use the edge/client/v1 path.
+// The .well-known path has many handlers among different APIs and tests for those should exist
+// perpetuity.
+func Test_Endpoints(t *testing.T) {
+	ctx := NewTestContext(t)
+	defer ctx.Teardown()
+	ctx.StartServer()
+
+	t.Run("non-prefixed path defaults for enrollment", func(t *testing.T) {
+		ctx.testContextChanged(t)
+
+		rootPathClient, _, _ := ctx.NewClientComponents("/")
+
+		resp, err := rootPathClient.R().Post("https://" + ctx.ApiHost + "/enroll")
+
+		ctx.Req.NoError(err)
+		ctx.Req.Equal(400, resp.StatusCode())
+		ctx.Req.Equal("application/json", resp.Header().Get("Content-Type"))
+		ctx.Req.NotEmpty(resp.Body())
+	})
+
+	t.Run("non-prefixed path defaults for authentication", func(t *testing.T) {
+		ctx.testContextChanged(t)
+
+		rootPathClient, _, _ := ctx.NewClientComponents("/")
+
+		resp, err := rootPathClient.R().Post("https://" + ctx.ApiHost + "/authenticate")
+
+		ctx.Req.NoError(err)
+		ctx.Req.Equal(400, resp.StatusCode())
+		ctx.Req.Equal("application/json", resp.Header().Get("Content-Type"))
+		ctx.Req.NotEmpty(resp.Body())
+	})
+
+	t.Run("oidc-configuration works on .well-known", func(t *testing.T) {
+		ctx.testContextChanged(t)
+
+		rootPathClient, _, _ := ctx.NewClientComponents("/")
+
+		resp, err := rootPathClient.R().Get("https://" + ctx.ApiHost + "/.well-known/openid-configuration")
+
+		ctx.Req.NoError(err)
+		ctx.Req.Equal(200, resp.StatusCode())
+		ctx.Req.Equal("application/json", resp.Header().Get("Content-Type"))
+		ctx.Req.NotEmpty(resp.Body())
+	})
+
+	t.Run("est castore works on .well-known", func(t *testing.T) {
+		ctx.testContextChanged(t)
+
+		rootPathClient, _, _ := ctx.NewClientComponents("/")
+
+		resp, err := rootPathClient.R().Get("https://" + ctx.ApiHost + "/.well-known/est/cacerts")
+
+		ctx.Req.NoError(err)
+		ctx.Req.Equal(200, resp.StatusCode())
+		ctx.Req.Equal("application/pkcs7-mime", resp.Header().Get("Content-Type"))
+		ctx.Req.NotEmpty(resp.Body())
+	})
+}

From 1daac1d0dff5638e318375a02e8e6f548a57ad19 Mon Sep 17 00:00:00 2001
From: Andrew Martinez <andrew.p.martinez@gmail.com>
Date: Tue, 17 Sep 2024 09:49:26 -0400
Subject: [PATCH 2/3] dep update, go mod tidy

---
 go.mod          | 2 +-
 go.sum          | 4 ++--
 zititest/go.mod | 2 +-
 zititest/go.sum | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 972e421f0..e7ba6cafe 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/openziti/storage v0.3.1
 	github.com/openziti/transport/v2 v2.0.146
 	github.com/openziti/x509-claims v1.0.3
-	github.com/openziti/xweb/v2 v2.1.1
+	github.com/openziti/xweb/v2 v2.1.2
 	github.com/openziti/ziti-db-explorer v1.1.3
 	github.com/orcaman/concurrent-map/v2 v2.0.1
 	github.com/pkg/errors v0.9.1
diff --git a/go.sum b/go.sum
index b14053c2a..aa93b703d 100644
--- a/go.sum
+++ b/go.sum
@@ -598,8 +598,8 @@ github.com/openziti/transport/v2 v2.0.146 h1:Wdr4udri/fFpdj9GR9DR7/FKqt/2cMTgBdt
 github.com/openziti/transport/v2 v2.0.146/go.mod h1:ULrJdwxs0sKmjAhen9Vk9E+Do4qpdDdx1YJeVVu3bZ4=
 github.com/openziti/x509-claims v1.0.3 h1:HNdQ8Nf1agB3lBs1gahcO6zfkeS4S5xoQ2/PkY4HRX0=
 github.com/openziti/x509-claims v1.0.3/go.mod h1:Z0WIpBm6c4ecrpRKrou6Gk2wrLWxJO/+tuUwKh8VewE=
-github.com/openziti/xweb/v2 v2.1.1 h1:T6vbmG2189WWwq16wryM7RQEbT5wNARrVHNQs23jEPE=
-github.com/openziti/xweb/v2 v2.1.1/go.mod h1:d9+vBsVCONyb3GCrJPHb2+GfTJ4MMIu0i6S71uE3WHc=
+github.com/openziti/xweb/v2 v2.1.2 h1:435lpiXOkXwos71Dp4UCOjaFdnp32aQyvOjQ6uB+4X4=
+github.com/openziti/xweb/v2 v2.1.2/go.mod h1:d9+vBsVCONyb3GCrJPHb2+GfTJ4MMIu0i6S71uE3WHc=
 github.com/openziti/ziti-db-explorer v1.1.3 h1:9JER16MJzagtYPdGEhgDcw2p/BXNCVbf9IgA/sMB52w=
 github.com/openziti/ziti-db-explorer v1.1.3/go.mod h1:pMIMNJoTRSTbkO2e7cZWiBokA3jMdeiGAILP3QhU+v8=
 github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c=
diff --git a/zititest/go.mod b/zititest/go.mod
index 6617c4960..d7f974000 100644
--- a/zititest/go.mod
+++ b/zititest/go.mod
@@ -146,7 +146,7 @@ require (
 	github.com/openziti/runzmd v1.0.51 // indirect
 	github.com/openziti/secretstream v0.1.24 // indirect
 	github.com/openziti/x509-claims v1.0.3 // indirect
-	github.com/openziti/xweb/v2 v2.1.1 // indirect
+	github.com/openziti/xweb/v2 v2.1.2 // indirect
 	github.com/openziti/ziti-db-explorer v1.1.3 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
diff --git a/zititest/go.sum b/zititest/go.sum
index d0dafbd5d..67f8b772b 100644
--- a/zititest/go.sum
+++ b/zititest/go.sum
@@ -622,8 +622,8 @@ github.com/openziti/transport/v2 v2.0.146 h1:Wdr4udri/fFpdj9GR9DR7/FKqt/2cMTgBdt
 github.com/openziti/transport/v2 v2.0.146/go.mod h1:ULrJdwxs0sKmjAhen9Vk9E+Do4qpdDdx1YJeVVu3bZ4=
 github.com/openziti/x509-claims v1.0.3 h1:HNdQ8Nf1agB3lBs1gahcO6zfkeS4S5xoQ2/PkY4HRX0=
 github.com/openziti/x509-claims v1.0.3/go.mod h1:Z0WIpBm6c4ecrpRKrou6Gk2wrLWxJO/+tuUwKh8VewE=
-github.com/openziti/xweb/v2 v2.1.1 h1:T6vbmG2189WWwq16wryM7RQEbT5wNARrVHNQs23jEPE=
-github.com/openziti/xweb/v2 v2.1.1/go.mod h1:d9+vBsVCONyb3GCrJPHb2+GfTJ4MMIu0i6S71uE3WHc=
+github.com/openziti/xweb/v2 v2.1.2 h1:435lpiXOkXwos71Dp4UCOjaFdnp32aQyvOjQ6uB+4X4=
+github.com/openziti/xweb/v2 v2.1.2/go.mod h1:d9+vBsVCONyb3GCrJPHb2+GfTJ4MMIu0i6S71uE3WHc=
 github.com/openziti/ziti-db-explorer v1.1.3 h1:9JER16MJzagtYPdGEhgDcw2p/BXNCVbf9IgA/sMB52w=
 github.com/openziti/ziti-db-explorer v1.1.3/go.mod h1:pMIMNJoTRSTbkO2e7cZWiBokA3jMdeiGAILP3QhU+v8=
 github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c=

From 22a800b4de6482b37704a3088155ecc7069d367a Mon Sep 17 00:00:00 2001
From: Andrew Martinez <andrew.p.martinez@gmail.com>
Date: Tue, 17 Sep 2024 10:35:45 -0400
Subject: [PATCH 3/3] allow fabric only testing to set fabric management as
 default API

---
 controller/controller.go                    |  6 ++++-
 controller/webapis/fabric-management-api.go | 26 ++++++++++++++-------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/controller/controller.go b/controller/controller.go
index 3bf4eedad..b49ce752b 100644
--- a/controller/controller.go
+++ b/controller/controller.go
@@ -297,7 +297,8 @@ func (c *Controller) initWeb() {
 		logrus.WithError(err).Fatalf("failed to create health checks api factory")
 	}
 
-	if err = c.xweb.GetRegistry().Add(webapis.NewFabricManagementApiFactory(c.config.Id, c.network, &c.xmgmts)); err != nil {
+	fabricManagementFactory := webapis.NewFabricManagementApiFactory(c.config.Id, c.network, &c.xmgmts)
+	if err = c.xweb.GetRegistry().Add(fabricManagementFactory); err != nil {
 		logrus.WithError(err).Fatalf("failed to create management api factory")
 	}
 
@@ -327,6 +328,9 @@ func (c *Controller) initWeb() {
 		}
 
 		webapis.OverrideRequestWrapper(webapis.NewFabricApiWrapper(c.env))
+	} else {
+		// if no edge  we need 1 default API, make the fabric api the default
+		fabricManagementFactory.MakeDefault = true
 	}
 	c.xwebInitialized.MarkInitialized()
 }
diff --git a/controller/webapis/fabric-management-api.go b/controller/webapis/fabric-management-api.go
index d12d08d2c..3847e448a 100644
--- a/controller/webapis/fabric-management-api.go
+++ b/controller/webapis/fabric-management-api.go
@@ -45,10 +45,11 @@ const (
 var _ xweb.ApiHandlerFactory = &FabricManagementApiFactory{}
 
 type FabricManagementApiFactory struct {
-	InitFunc func(managementApi *FabricManagementApiHandler) error
-	network  *network.Network
-	nodeId   identity.Identity
-	xmgmts   *concurrenz.CopyOnWriteSlice[xmgmt.Xmgmt]
+	InitFunc    func(managementApi *FabricManagementApiHandler) error
+	network     *network.Network
+	nodeId      identity.Identity
+	xmgmts      *concurrenz.CopyOnWriteSlice[xmgmt.Xmgmt]
+	MakeDefault bool
 }
 
 func (factory *FabricManagementApiFactory) Validate(_ *xweb.InstanceConfig) error {
@@ -58,9 +59,10 @@ func (factory *FabricManagementApiFactory) Validate(_ *xweb.InstanceConfig) erro
 func NewFabricManagementApiFactory(nodeId identity.Identity, network *network.Network, xmgmts *concurrenz.CopyOnWriteSlice[xmgmt.Xmgmt]) *FabricManagementApiFactory {
 	pfxlog.Logger().Infof("initializing management api factory with %d xmgmt instances", len(xmgmts.Value()))
 	return &FabricManagementApiFactory{
-		network: network,
-		nodeId:  nodeId,
-		xmgmts:  xmgmts,
+		network:     network,
+		nodeId:      nodeId,
+		xmgmts:      xmgmts,
+		MakeDefault: false,
 	}
 }
 
@@ -88,7 +90,7 @@ func (factory *FabricManagementApiFactory) New(_ *xweb.ServerConfig, options map
 		router.Register(fabricAPI, requestWrapper)
 	}
 
-	managementApiHandler, err := NewFabricManagementApiHandler(fabricAPI, options)
+	managementApiHandler, err := NewFabricManagementApiHandler(fabricAPI, factory.MakeDefault, options)
 
 	if err != nil {
 		return nil, err
@@ -105,10 +107,11 @@ func (factory *FabricManagementApiFactory) New(_ *xweb.ServerConfig, options map
 	return managementApiHandler, nil
 }
 
-func NewFabricManagementApiHandler(fabricApi *operations.ZitiFabricAPI, options map[interface{}]interface{}) (*FabricManagementApiHandler, error) {
+func NewFabricManagementApiHandler(fabricApi *operations.ZitiFabricAPI, isDefault bool, options map[interface{}]interface{}) (*FabricManagementApiHandler, error) {
 	managementApi := &FabricManagementApiHandler{
 		fabricApi: fabricApi,
 		options:   options,
+		isDefault: isDefault,
 	}
 
 	managementApi.handler = managementApi.newHandler()
@@ -125,6 +128,7 @@ type FabricManagementApiHandler struct {
 	wsUrl       string
 	options     map[interface{}]interface{}
 	bindHandler channel.BindHandler
+	isDefault   bool
 }
 
 func (managementApi *FabricManagementApiHandler) Binding() string {
@@ -156,6 +160,10 @@ func (managementApi *FabricManagementApiHandler) newHandler() http.Handler {
 	return requestWrapper.WrapHttpHandler(innerManagementHandler)
 }
 
+func (managementApi *FabricManagementApiHandler) IsDefault() bool {
+	return managementApi.isDefault
+}
+
 func (managementApi *FabricManagementApiHandler) handleWebSocket(writer http.ResponseWriter, request *http.Request) {
 	log := pfxlog.Logger()
 	log.Debug("handling mgmt channel websocket upgrade")