2020-03-25 06:58:58 +00:00
|
|
|
package console
|
|
|
|
|
|
|
|
import (
|
2022-04-04 07:51:35 +00:00
|
|
|
"embed"
|
2022-02-14 16:22:30 +00:00
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
2022-04-04 07:51:35 +00:00
|
|
|
"io/fs"
|
2020-05-13 12:41:43 +00:00
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"path"
|
2020-06-22 11:17:29 +00:00
|
|
|
"time"
|
2020-05-13 12:41:43 +00:00
|
|
|
|
2022-04-26 10:13:16 +00:00
|
|
|
"github.com/gorilla/mux"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/logging"
|
|
|
|
"github.com/zitadel/oidc/v2/pkg/op"
|
2022-02-14 16:22:30 +00:00
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
http_util "github.com/zitadel/zitadel/internal/api/http"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/http/middleware"
|
2020-03-25 06:58:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type Config struct {
|
2022-04-25 09:16:36 +00:00
|
|
|
ShortCache middleware.CacheConfig
|
|
|
|
LongCache middleware.CacheConfig
|
2020-05-13 12:41:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type spaHandler struct {
|
|
|
|
fileSystem http.FileSystem
|
|
|
|
}
|
|
|
|
|
2022-04-04 07:51:35 +00:00
|
|
|
var (
|
|
|
|
//go:embed static/*
|
|
|
|
static embed.FS
|
|
|
|
)
|
|
|
|
|
2020-06-09 05:38:44 +00:00
|
|
|
const (
|
2022-04-04 07:51:35 +00:00
|
|
|
envRequestPath = "/assets/environment.json"
|
|
|
|
HandlerPrefix = "/ui/console"
|
2020-06-24 12:26:27 +00:00
|
|
|
)
|
2020-06-22 11:17:29 +00:00
|
|
|
|
2020-06-24 12:26:27 +00:00
|
|
|
var (
|
2020-11-20 07:47:28 +00:00
|
|
|
shortCacheFiles = []string{
|
|
|
|
"/",
|
2020-06-24 12:26:27 +00:00
|
|
|
"/index.html",
|
|
|
|
"/manifest.webmanifest",
|
|
|
|
"/ngsw.json",
|
|
|
|
"/ngsw-worker.js",
|
|
|
|
"/safety-worker.js",
|
|
|
|
"/worker-basic.min.js",
|
|
|
|
}
|
2020-06-09 05:38:44 +00:00
|
|
|
)
|
|
|
|
|
2020-05-13 12:41:43 +00:00
|
|
|
func (i *spaHandler) Open(name string) (http.File, error) {
|
|
|
|
ret, err := i.fileSystem.Open(name)
|
|
|
|
if !os.IsNotExist(err) || path.Ext(name) != "" {
|
|
|
|
return ret, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return i.fileSystem.Open("/index.html")
|
2020-03-25 06:58:58 +00:00
|
|
|
}
|
|
|
|
|
2022-04-25 08:01:17 +00:00
|
|
|
func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, instanceHandler func(http.Handler) http.Handler) (http.Handler, error) {
|
2022-04-04 07:51:35 +00:00
|
|
|
fSys, err := fs.Sub(static, "static")
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2020-06-09 05:38:44 +00:00
|
|
|
}
|
2022-02-14 16:22:30 +00:00
|
|
|
cache := assetsCacheInterceptorIgnoreManifest(
|
|
|
|
config.ShortCache.MaxAge,
|
|
|
|
config.ShortCache.SharedMaxAge,
|
|
|
|
config.LongCache.MaxAge,
|
|
|
|
config.LongCache.SharedMaxAge,
|
2020-06-24 12:26:27 +00:00
|
|
|
)
|
2022-04-25 08:01:17 +00:00
|
|
|
security := middleware.SecurityHeaders(csp(), nil)
|
2022-02-14 16:22:30 +00:00
|
|
|
|
2022-04-26 10:13:16 +00:00
|
|
|
handler := mux.NewRouter()
|
|
|
|
handler.Use(cache, security)
|
|
|
|
handler.Handle(envRequestPath, instanceHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2022-03-29 09:53:19 +00:00
|
|
|
instance := authz.GetInstance(r.Context())
|
|
|
|
if instance.InstanceID() == "" {
|
|
|
|
http.Error(w, "empty instanceID", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
2022-04-25 08:01:17 +00:00
|
|
|
url := http_util.BuildOrigin(r.Host, externalSecure)
|
|
|
|
environmentJSON, err := createEnvironmentJSON(url, issuer(r), instance.ConsoleClientID())
|
2022-03-29 09:53:19 +00:00
|
|
|
if err != nil {
|
|
|
|
http.Error(w, fmt.Sprintf("unable to marshal env for console: %v", err), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
_, err = w.Write(environmentJSON)
|
2022-02-14 16:22:30 +00:00
|
|
|
logging.OnError(err).Error("error serving environment.json")
|
2022-04-26 10:13:16 +00:00
|
|
|
})))
|
|
|
|
handler.SkipClean(true).PathPrefix("").Handler(http.FileServer(&spaHandler{http.FS(fSys)}))
|
2022-02-14 16:22:30 +00:00
|
|
|
return handler, nil
|
2020-03-25 06:58:58 +00:00
|
|
|
}
|
2020-06-22 11:17:29 +00:00
|
|
|
|
2022-04-25 08:01:17 +00:00
|
|
|
func csp() *middleware.CSP {
|
2020-06-22 11:17:29 +00:00
|
|
|
csp := middleware.DefaultSCP
|
2022-02-03 06:21:00 +00:00
|
|
|
csp.StyleSrc = csp.StyleSrc.AddInline()
|
2020-06-22 11:17:29 +00:00
|
|
|
csp.ScriptSrc = csp.ScriptSrc.AddEval()
|
2022-04-25 08:01:17 +00:00
|
|
|
csp.ConnectSrc = csp.ConnectSrc.AddOwnHost()
|
|
|
|
csp.ImgSrc = csp.ImgSrc.AddOwnHost().AddScheme("blob")
|
2020-06-22 11:17:29 +00:00
|
|
|
return &csp
|
|
|
|
}
|
|
|
|
|
2022-03-29 09:53:19 +00:00
|
|
|
func createEnvironmentJSON(api, issuer, clientID string) ([]byte, error) {
|
2022-02-14 16:22:30 +00:00
|
|
|
environment := struct {
|
2022-03-29 09:53:19 +00:00
|
|
|
API string `json:"api,omitempty"`
|
|
|
|
Issuer string `json:"issuer,omitempty"`
|
|
|
|
ClientID string `json:"clientid,omitempty"`
|
2022-02-14 16:22:30 +00:00
|
|
|
}{
|
2022-03-29 09:53:19 +00:00
|
|
|
API: api,
|
|
|
|
Issuer: issuer,
|
|
|
|
ClientID: clientID,
|
2022-02-14 16:22:30 +00:00
|
|
|
}
|
|
|
|
return json.Marshal(environment)
|
|
|
|
}
|
|
|
|
|
|
|
|
func assetsCacheInterceptorIgnoreManifest(shortMaxAge, shortSharedMaxAge, longMaxAge, longSharedMaxAge time.Duration) func(http.Handler) http.Handler {
|
2020-06-22 11:17:29 +00:00
|
|
|
return func(handler http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2020-11-20 07:47:28 +00:00
|
|
|
for _, file := range shortCacheFiles {
|
|
|
|
if r.URL.Path == file {
|
2020-06-24 12:26:27 +00:00
|
|
|
middleware.AssetsCacheInterceptor(shortMaxAge, shortSharedMaxAge, handler).ServeHTTP(w, r)
|
|
|
|
return
|
|
|
|
}
|
2020-06-22 11:17:29 +00:00
|
|
|
}
|
2020-11-20 07:47:28 +00:00
|
|
|
middleware.AssetsCacheInterceptor(longMaxAge, longSharedMaxAge, handler).ServeHTTP(w, r)
|
|
|
|
return
|
2020-06-22 11:17:29 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|