first commit

config.json

@@ -2,12 +2,12 @@
   {
     "id": "radarr",
     "pathPrefix": "/radarr",
-    "upstream": "http://10.1.4.2:7878",
+    "upstream": "http://google.fr:7878",
     "oidc": {
       "issuer": "https://sso.leskientz.ovh/realms/master",
       "client_id": "proxyopenid",
       "client_secret": "biM7eaxeCrzI2OnAoVHOAWe1n2ptAdhz",
-      "redirect_uri": "https://secure.k2r.ovh/callback/app1"
+      "redirect_uri": "https://secure.k2r.ovh/callback/radarr"
     }
   }
 ]

server.js

@@ -128,6 +128,55 @@ app.post('/admin/reload', ensureAdmin, async (req, res) => {
   }
 });
 
+// Admin preview page (iframe) — keep user on proxy domain while showing upstream
+app.get('/admin/preview/:id', ensureAdmin, (req, res) => {
+  const host = HOSTS.find(h => h.id === req.params.id);
+  if (!host) return res.status(404).send('Not found');
+  res.render('admin/preview', { host });
+});
+
+// Proxy used by the preview iframe; strips headers that prevent embedding.
+app.use('/preview-proxy/:id', ensureAdmin, (req, res, next) => {
+  const id = req.params.id;
+  const host = HOSTS.find(h => h.id === id);
+  if (!host) return res.status(404).send('Unknown host');
+
+  // Create a proxy middleware tailored to this host
+  const proxy = createProxyMiddleware({
+    target: host.upstream,
+    changeOrigin: true,
+    selfHandleResponse: false,
+    proxyTimeout: 15000,
+    pathRewrite: (path, req2) => {
+      // path starts with /preview-proxy/:id
+      const prefix = `/preview-proxy/${id}`;
+      let newPath = path.replace(prefix, '') || '/';
+      // ensure upstream receives the host's pathPrefix if configured
+      if (host.pathPrefix && host.pathPrefix !== '/') {
+        // avoid double slashes
+        newPath = host.pathPrefix.replace(/\/$/, '') + newPath;
+      }
+      return newPath;
+    },
+    onProxyReq(proxyReq, req2, res2) {
+      // pass admin identity header for upstream if desired
+      if (req.session && req.session.isAdmin) proxyReq.setHeader('X-Admin-User', req.session.username || 'admin');
+    },
+    onProxyRes(proxyRes, req2, res2) {
+      // Remove headers that would prevent embedding in an iframe
+      try {
+        delete proxyRes.headers['x-frame-options'];
+        delete proxyRes.headers['x-content-security-policy'];
+        delete proxyRes.headers['content-security-policy'];
+        delete proxyRes.headers['frame-options'];
+      } catch (e) {
+        // ignore
+      }
+    }
+  });
+  return proxy(req, res, next);
+});
+
 // Load hosts configuration. If `config.json` exists, use it; otherwise fallback to UPSTREAM env.
 let HOSTS = [];
 const cfgPath = path.join(__dirname, 'config.json');

views/admin/index.ejs

@@ -25,6 +25,7 @@
               <td><%= h.oidc ? 'yes' : 'no' %></td>
               <td class="actions">
                 <a href="/admin/edit/<%= h.id %>">Edit</a>
+                <a href="/admin/preview/<%= h.id %>" target="_blank">Preview</a>
                 <form method="post" action="/admin/delete/<%= h.id %>" style="display:inline" onsubmit="return confirm('Supprimer ?');">
                   <button type="submit">Delete</button>
                 </form>

views/admin/preview.ejs

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="fr">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width,initial-scale=1" />
+    <title>Preview <%= host.id %></title>
+    <style>body{margin:0;height:100vh} iframe{width:100%;height:100vh;border:0}</style>
+  </head>
+  <body>
+    <iframe id="previewFrame" src="/preview-proxy/<%= host.id %>/" sandbox="allow-forms allow-same-origin allow-scripts allow-popups"></iframe>
+  </body>
+</html>