Check routes during installation

[claviska]

Postleaf can run on Apache, NGINX, Caddy, and any other web server that supports the appropriate rewrites. However, when a sample configuration is missing one can be fooled into thinking they have a working server config for Postleaf when in fact some of the rewrites are missing or erroneous.

We've seen this issue a few times and I think it can be prevented during installation. Below are my thoughts from a private discussion about this elsewhere:

I think we can simply check for a known route after the .htaccess file is written. For example, we can use an existing unprotected route (i.e. a route that doesn't require authentication) and check for a 200 OK response:

GET /login

If the route returns a 404 Not Found response, we can assume rewrites aren't configured properly.

More extensively, we could test a whole series of routes to ensure they work as expected (e.g. make sure the backups/ directory is inaccessible). But that's the general idea.

This approach should work for non-Apache servers too, since they require preconfig and those redirects need to be in place before the installer even runs.

Generally speaking, I don't think Postleaf should bother too much with server configs, but checking certain routes during installation can prevent buggy installs and potential security risks.

Any additional thoughts on this?