fix: improve interceptor handling (#3578)

* fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
2025-08-12 04:17:32 +00:00 · 2022-05-02 17:26:54 +02:00
parent 20f275f178
commit 06a1b52adf
9 changed files with 81 additions and 28 deletions
--- a/internal/api/ui/console/console.go
+++ b/internal/api/ui/console/console.go
@@ -74,7 +74,7 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, inst

 	handler := mux.NewRouter()
 	handler.Use(cache, security)
-	handler.Handle(envRequestPath, instanceHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler.Handle(envRequestPath, middleware.TelemetryHandler()(instanceHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		instance := authz.GetInstance(r.Context())
 		if instance.InstanceID() == "" {
 			http.Error(w, "empty instanceID", http.StatusInternalServerError)
@@ -88,7 +88,7 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, inst
 		}
 		_, err = w.Write(environmentJSON)
 		logging.OnError(err).Error("error serving environment.json")
-	})))
+	}))))
 	handler.SkipClean(true).PathPrefix("").Handler(http.FileServer(&spaHandler{http.FS(fSys)}))
 	return handler, nil
 }
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"strings"

 	"github.com/gorilla/csrf"
 	"github.com/gorilla/mux"
@@ -93,7 +94,7 @@ func CreateLogin(config Config,
 	}
 	security := middleware.SecurityHeaders(csp(), login.cspErrorHandler)

-	login.router = CreateRouter(login, statikFS, instanceHandler, csrfInterceptor, cacheInterceptor, security, userAgentCookie, middleware.TelemetryHandler(EndpointResources), issuerInterceptor)
+	login.router = CreateRouter(login, statikFS, middleware.TelemetryHandler(IgnoreInstanceEndpoints...), instanceHandler, csrfInterceptor, cacheInterceptor, security, userAgentCookie, issuerInterceptor)
 	login.renderer = CreateRenderer(HandlerPrefix, statikFS, staticStorage, config.LanguageCookieName)
 	login.parser = form.NewParser()
 	return login, nil
@@ -109,12 +110,20 @@ func csp() *middleware.CSP {

 func createCSRFInterceptor(cookieName string, csrfCookieKey []byte, externalSecure bool, errorHandler http.Handler) (func(http.Handler) http.Handler, error) {
 	path := "/"
-	return csrf.Protect(csrfCookieKey,
-		csrf.Secure(externalSecure),
-		csrf.CookieName(http_utils.SetCookiePrefix(cookieName, "", path, externalSecure)),
-		csrf.Path(path),
-		csrf.ErrorHandler(errorHandler),
-	), nil
+	return func(handler http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if strings.HasPrefix(r.URL.Path, EndpointResources) {
+				handler.ServeHTTP(w, r)
+				return
+			}
+			csrf.Protect(csrfCookieKey,
+				csrf.Secure(externalSecure),
+				csrf.CookieName(http_utils.SetCookiePrefix(cookieName, "", path, externalSecure)),
+				csrf.Path(path),
+				csrf.ErrorHandler(errorHandler),
+			)(handler).ServeHTTP(w, r)
+		})
+	}, nil
 }

 func (l *Login) Handler() http.Handler {
--- a/internal/api/ui/login/router.go
+++ b/internal/api/ui/login/router.go
@@ -46,6 +46,15 @@ const (
 	EndpointDynamicResources = "/resources/dynamic"
 )

+var (
+	IgnoreInstanceEndpoints = []string{
+		EndpointResources + "/fonts",
+		EndpointResources + "/images",
+		EndpointResources + "/scripts",
+		EndpointResources + "/themes",
+	}
+)
+
 func CreateRouter(login *Login, staticDir http.FileSystem, interceptors ...mux.MiddlewareFunc) *mux.Router {
 	router := mux.NewRouter()
 	router.Use(interceptors...)