From 4c8518ad48e0e608622eac4c7a33498e06f421ee Mon Sep 17 00:00:00 2001
From: Nazim Azeli <nazim.azeli@crim.ca>
Date: Tue, 19 Sep 2023 18:27:06 +0000
Subject: [PATCH 1/4] Adding redirect to /stac/stac when using twitcher

---
 CHANGES.md                                                   | 4 +++-
 .../config/proxy/conf.extra-service.d/stac.conf.template     | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index ef376f9d9..db77cfff2 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -15,7 +15,9 @@
 [Unreleased](https://github.com/bird-house/birdhouse-deploy/tree/master) (latest)
 ------------------------------------------------------------------------------------------------------------------
 
-[//]: # (list changes here, using '-' for each new entry, remove this when items are added)
+## Fixes
+
+- Fix invalid endpoint redirect for `STAC` when using Twitcher/Magpie.
 
 [1.31.2](https://github.com/bird-house/birdhouse-deploy/tree/1.31.2) (2023-09-13)
 ------------------------------------------------------------------------------------------------------------------
diff --git a/birdhouse/components/stac/config/proxy/conf.extra-service.d/stac.conf.template b/birdhouse/components/stac/config/proxy/conf.extra-service.d/stac.conf.template
index 6ca6cd294..36dde7605 100644
--- a/birdhouse/components/stac/config/proxy/conf.extra-service.d/stac.conf.template
+++ b/birdhouse/components/stac/config/proxy/conf.extra-service.d/stac.conf.template
@@ -12,6 +12,11 @@
         include /etc/nginx/conf.d/cors.include;
     }
 
+    # Automatically redirect to /stac/stac and exclude redirect when already using /stac 
+    location ~ ^${TWITCHER_PROTECTED_PATH}/stac(?!/stac) {
+        return 302 ${TWITCHER_PROTECTED_PATH}/stac/stac;
+    }
+
     location /stac-browser/ {
         # STAC API is protected behind Twitcher so we might not need to protect the browser as well.
         # In case we encounter a valid use case in which we need to protect the browser, we might 

From 96f468a21ffa639215e5cc5f8c9bf34834666c0f Mon Sep 17 00:00:00 2001
From: Nazim Azeli <nazim.azeli@crim.ca>
Date: Wed, 20 Sep 2023 14:57:53 +0000
Subject: [PATCH 2/4] Applying stac permissions under the resource /stac

---
 CHANGES.md                                                      | 2 ++
 .../stac-public-access/config/magpie/config.yml.template        | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index db77cfff2..7fe0a171e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -19,6 +19,8 @@
 
 - Fix invalid endpoint redirect for `STAC` when using Twitcher/Magpie.
 
+- Now Apply Magpie permission on `/stac/stac` since the second `/stac` is needed to secure access properly.
+
 [1.31.2](https://github.com/bird-house/birdhouse-deploy/tree/1.31.2) (2023-09-13)
 ------------------------------------------------------------------------------------------------------------------
 
diff --git a/birdhouse/optional-components/stac-public-access/config/magpie/config.yml.template b/birdhouse/optional-components/stac-public-access/config/magpie/config.yml.template
index 6e0454d93..4b9ed64ae 100644
--- a/birdhouse/optional-components/stac-public-access/config/magpie/config.yml.template
+++ b/birdhouse/optional-components/stac-public-access/config/magpie/config.yml.template
@@ -10,10 +10,12 @@ providers:
 
 permissions:
   - service: stac
+    resource: /stac
     permission: read
     group: anonymous
     action: create
   - service: stac
+    resource: /stac
     permission: write
     group: stac-admin
     action: create

From 522319383d8c1592a274bb54e227481f74e7ae3a Mon Sep 17 00:00:00 2001
From: Francis Charette Migneault <francis.charette.migneault@gmail.com>
Date: Wed, 20 Sep 2023 15:31:06 -0400
Subject: [PATCH 3/4] rename to plain stac magpie permissions.cfg (no template)

---
 CHANGES.md                                                     | 2 +-
 birdhouse/optional-components/stac-public-access/.gitignore    | 3 ---
 .../magpie/{permissions.cfg.template => permissions.cfg}       | 0
 3 files changed, 1 insertion(+), 4 deletions(-)
 rename birdhouse/optional-components/stac-public-access/config/magpie/{permissions.cfg.template => permissions.cfg} (100%)

diff --git a/CHANGES.md b/CHANGES.md
index db0bd3e6c..01e387605 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,7 +30,7 @@
   of `EXTRA_CONF_DIRS`.
 
 - Rename `optional-components/stac-public-access/config/magpie/config.yml.template` to
-  `optional-components/stac-public-access/config/magpie/permissions.yml.template` in order to align
+  `optional-components/stac-public-access/config/magpie/permissions.cfg` in order to align
   with permissions-specific contents as accomplished with other components.
 
 - Fix invalid endpoint redirect for `STAC` when using Twitcher/Magpie.
diff --git a/birdhouse/optional-components/stac-public-access/.gitignore b/birdhouse/optional-components/stac-public-access/.gitignore
index 5d1605ad6..e69de29bb 100644
--- a/birdhouse/optional-components/stac-public-access/.gitignore
+++ b/birdhouse/optional-components/stac-public-access/.gitignore
@@ -1,3 +0,0 @@
-config/magpie/permissions.cfg
-# old name for backward compatibility:
-config/magpie/config.yml
diff --git a/birdhouse/optional-components/stac-public-access/config/magpie/permissions.cfg.template b/birdhouse/optional-components/stac-public-access/config/magpie/permissions.cfg
similarity index 100%
rename from birdhouse/optional-components/stac-public-access/config/magpie/permissions.cfg.template
rename to birdhouse/optional-components/stac-public-access/config/magpie/permissions.cfg

From 40a29355a899c64db0c0b5e8860d752bda7b307e Mon Sep 17 00:00:00 2001
From: Francis Charette Migneault <francis.charette.migneault@gmail.com>
Date: Wed, 20 Sep 2023 21:15:38 -0400
Subject: [PATCH 4/4] =?UTF-8?q?Bump=20version:=201.31.2=20=E2=86=92=201.31?=
 =?UTF-8?q?.3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .bumpversion.cfg                                          | 6 +++---
 CHANGES.md                                                | 5 +++++
 Makefile                                                  | 2 +-
 README.rst                                                | 8 ++++----
 RELEASE.txt                                               | 2 +-
 .../config/canarie-api/docker_configuration.py.template   | 8 ++++----
 docs/source/conf.py                                       | 4 ++--
 7 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index 21e6633af..6b76b5b32 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.31.2
+current_version = 1.31.3
 commit = True
 tag = False
 tag_name = {new_version}
@@ -30,11 +30,11 @@ search = {current_version}
 replace = {new_version}
 
 [bumpversion:file:RELEASE.txt]
-search = {current_version} 2023-09-13T18:07:31Z
+search = {current_version} 2023-09-21T01:15:38Z
 replace = {new_version} {utcnow:%Y-%m-%dT%H:%M:%SZ}
 
 [bumpversion:part:releaseTime]
-values = 2023-09-13T18:07:31Z
+values = 2023-09-21T01:15:38Z
 
 [bumpversion:file(version):birdhouse/config/canarie-api/docker_configuration.py.template]
 search = 'version': '{current_version}'
diff --git a/CHANGES.md b/CHANGES.md
index 01e387605..daef09a09 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -15,6 +15,11 @@
 [Unreleased](https://github.com/bird-house/birdhouse-deploy/tree/master) (latest)
 ------------------------------------------------------------------------------------------------------------------
 
+[//]: # (list changes here, using '-' for each new entry, remove this when items are added)
+
+[1.31.3](https://github.com/bird-house/birdhouse-deploy/tree/1.31.3) (2023-09-21)
+------------------------------------------------------------------------------------------------------------------
+
 ## Fixes
 
 - Move initial ``stac`` service Magpie definition under its component configuration.
diff --git a/Makefile b/Makefile
index c0681dcdc..4bce1a862 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 # Generic variables
 override SHELL       := bash
 override APP_NAME    := birdhouse-deploy
-override APP_VERSION := 1.31.2
+override APP_VERSION := 1.31.3
 
 # utility to remove comments after value of an option variable
 override clean_opt = $(shell echo "$(1)" | $(_SED) -r -e "s/[ '$'\t'']+$$//g")
diff --git a/README.rst b/README.rst
index e08b3c2d1..35bb3602f 100644
--- a/README.rst
+++ b/README.rst
@@ -14,13 +14,13 @@ for a full-fledged production platform.
     * - releases
       - | |latest-version| |commits-since|
 
-.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.31.2.svg
+.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.31.3.svg
     :alt: Commits since latest release
-    :target: https://github.com/bird-house/birdhouse-deploy/compare/1.31.2...master
+    :target: https://github.com/bird-house/birdhouse-deploy/compare/1.31.3...master
 
-.. |latest-version| image:: https://img.shields.io/badge/tag-1.31.2-blue.svg?style=flat
+.. |latest-version| image:: https://img.shields.io/badge/tag-1.31.3-blue.svg?style=flat
     :alt: Latest Tag
-    :target: https://github.com/bird-house/birdhouse-deploy/tree/1.31.2
+    :target: https://github.com/bird-house/birdhouse-deploy/tree/1.31.3
 
 .. |readthedocs| image:: https://readthedocs.org/projects/birdhouse-deploy/badge/?version=latest
     :alt: ReadTheDocs Build Status (latest version)
diff --git a/RELEASE.txt b/RELEASE.txt
index 856adfd46..75561ba3d 100644
--- a/RELEASE.txt
+++ b/RELEASE.txt
@@ -1 +1 @@
-1.31.2 2023-09-13T18:07:31Z
+1.31.3 2023-09-21T01:15:38Z
diff --git a/birdhouse/config/canarie-api/docker_configuration.py.template b/birdhouse/config/canarie-api/docker_configuration.py.template
index d7478632b..3c789b61c 100644
--- a/birdhouse/config/canarie-api/docker_configuration.py.template
+++ b/birdhouse/config/canarie-api/docker_configuration.py.template
@@ -109,8 +109,8 @@ SERVICES = {
             # NOTE:
             #   Below version and release time auto-managed by 'make VERSION=x.y.z bump'.
             #   Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'.
-            'version': '1.31.2',
-            'releaseTime': '2023-09-13T18:07:31Z',
+            'version': '1.31.3',
+            'releaseTime': '2023-09-21T01:15:38Z',
             'institution': 'Ouranos',
             'researchSubject': 'Climatology',
             'supportEmail': '${SUPPORT_EMAIL}',
@@ -142,8 +142,8 @@ PLATFORMS = {
             # NOTE:
             #   Below version and release time auto-managed by 'make VERSION=x.y.z bump'.
             #   Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'.
-            'version': '1.31.2',
-            'releaseTime': '2023-09-13T18:07:31Z',
+            'version': '1.31.3',
+            'releaseTime': '2023-09-21T01:15:38Z',
             'institution': 'Ouranos',
             'researchSubject': 'Climatology',
             'supportEmail': '${SUPPORT_EMAIL}',
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 3da9c3662..1a05a1515 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -69,9 +69,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '1.31.2'
+version = '1.31.3'
 # The full version, including alpha/beta/rc tags.
-release = '1.31.2'
+release = '1.31.3'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.