feat: Fix link rewriting for localhost:PORT

[pantierra]

When using stac-auth-proxy with ROOT_PATH set, links containing localhost:PORT (e.g., localhost:8080) were not rewritten. The proxy only matched exact netloc strings, so localhost:8080 didn't match localhost, causing 404s when clients followed these links. This is probably a common need for running stac-fastapi behind a load balancer.

This PR proposes:

• Add _extract_hostname() to extract hostnames ignoring ports
• Add _hostnames_match() to compare hostnames case-insensitively, ignoring ports
• Update _update_link() to compare hostnames instead of exact netloc matches

[alukach]

The proxy only matched exact netloc strings, so localhost:8080 didn't match localhost, causing 404s when clients followed these links

Can you help me understand this a bit more? In this example, what does localhost:8080 and and localhost represent?

Add _hostnames_match() to compare hostnames case-insensitively, ignoring ports

I'm not convinced that we want this. If we have a STAC API running on localhost:8000 and titiler running on localhost:8001, and the STAC records have links that point to titiler, I think we actually don't want to rewrite those links. This probably could be better described in the docstrings, but the intention of the link rewriting is that we want to ensure that any links that point to the upstream STAC API are rewritten to point to the STAC Auth Proxy.

https://github.com/developmentseed/stac-auth-proxy/blob/v0.10.1/src/stac_auth_proxy/middleware/ProcessLinksMiddleware.py#L63-L66

[pantierra]

Can you help me understand this a bit more? In this example, what does localhost:8080 and and localhost represent?

On the cluster the services run with these cluster-internal urls:

• stac-fastapi-pgstac: http://eoapi-stac:8080/
• stac-auth-proxy: http://eoapi-stac-auth-proxy:8080/

Both are then available to the outside of the cluster via the ingress on: http://localhost:80/stac or https://localhost:443/stac (while titiler is available externally under http://localhost:80/raster)

Flow:

• Client requests: GET http://localhost/stac/collections (via ingress on port 80)
• Ingress forwards to: http://eoapi-stac-auth-proxy:8080/stac/collections
• Proxy forwards to: http://eoapi-stac:8080/collections (strips /stac, uses internal service)
• STAC API responds with links : http://eoapi-stac.eoapi.svc.cluster.local:8080/collections
• Proxy needs to rewrite to: http://localhost/stac/collections

In the stac-auth-proxy:

• Link: http://localhost:8080/collection and request URL: http://localhost
• Comparison of "localhost:8080" == "localhost" is False
• Result: Rewrite is omited, client gets http://localhost:8080/collections instead of http://localhost/stac/collections