feat: handle missing trailing slashes for console and login (#3490)

* handle calls without trailing slash

* build redirect uris correctly

* handle missing trailing slash for login

* sentry as http middleware

* import

* fix build origin

internal/api/api.go

@@ -77,9 +77,9 @@ func (a *API) RegisterServer(ctx context.Context, grpcServer server.Server) erro
 
 func (a *API) RegisterHandler(prefix string, handler http.Handler) {
 	prefix = strings.TrimSuffix(prefix, "/")
-	sentryHandler := sentryhttp.New(sentryhttp.Options{})
-	subRouter := a.router.PathPrefix(prefix).Subrouter()
-	subRouter.PathPrefix("/").Handler(http.StripPrefix(prefix, sentryHandler.Handle(handler)))
+	subRouter := a.router.PathPrefix(prefix).Name(prefix).Subrouter()
+	subRouter.Use(sentryhttp.New(sentryhttp.Options{}).Handle)
+	subRouter.PathPrefix("").Handler(http.StripPrefix(prefix, handler))
 }
 
 func (a *API) routeGRPC() {

internal/api/http/origin.go

@@ -32,11 +32,10 @@ func IsOrigin(rawOrigin string) bool {
 }
 
 func BuildHTTP(hostname string, externalPort uint16, secure bool) string {
-	host := hostname
-	if externalPort != 0 {
-		host = fmt.Sprintf("%s:%d", hostname, externalPort)
+	if externalPort == 0 || (externalPort == 443 && secure) || (externalPort == 80 && !secure) {
+		return BuildOrigin(hostname, secure)
 	}
-	return BuildOrigin(host, secure)
+	return BuildOrigin(fmt.Sprintf("%s:%d", hostname, externalPort), secure)
 }
 
 func BuildOrigin(host string, secure bool) string {

internal/api/ui/console/console.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/caos/logging"
 	"github.com/caos/oidc/v2/pkg/op"
+	"github.com/gorilla/mux"
 
 	"github.com/caos/zitadel/internal/api/authz"
 	http_util "github.com/caos/zitadel/internal/api/http"
@@ -71,9 +72,9 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, inst
 	)
 	security := middleware.SecurityHeaders(csp(), nil)
 
-	handler := &http.ServeMux{}
-	handler.Handle("/", cache(security(http.FileServer(&spaHandler{http.FS(fSys)}))))
-	handler.Handle(envRequestPath, instanceHandler(cache(security(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	handler := mux.NewRouter()
+	handler.Use(cache, security)
+	handler.Handle(envRequestPath, instanceHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		instance := authz.GetInstance(r.Context())
 		if instance.InstanceID() == "" {
 			http.Error(w, "empty instanceID", http.StatusInternalServerError)
@@ -87,7 +88,8 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, inst
 		}
 		_, err = w.Write(environmentJSON)
 		logging.OnError(err).Error("error serving environment.json")
-	})))))
+	})))
+	handler.SkipClean(true).PathPrefix("").Handler(http.FileServer(&spaHandler{http.FS(fSys)}))
 	return handler, nil
 }
 

internal/api/ui/login/router.go

@@ -94,5 +94,6 @@ func CreateRouter(login *Login, staticDir http.FileSystem, interceptors ...mux.M
 	router.HandleFunc(EndpointRegisterOrg, login.handleRegisterOrg).Methods(http.MethodGet)
 	router.HandleFunc(EndpointRegisterOrg, login.handleRegisterOrgCheck).Methods(http.MethodPost)
 	router.HandleFunc(EndpointLoginSuccess, login.handleLoginSuccess).Methods(http.MethodGet)
+	router.SkipClean(true).Handle("", http.RedirectHandler(HandlerPrefix+"/", http.StatusMovedPermanently))
 	return router
 }

internal/command/instance_domain.go

@@ -98,7 +98,7 @@ func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain strin
 			}
 			if appWriteModel.State.Exists() {
 				redirectUrls := append(appWriteModel.RedirectUris, http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure)+consoleRedirectPath)
-				logoutUrls := append(appWriteModel.PostLogoutRedirectUris, http.BuildOrigin(instanceDomain, c.externalSecure)+consolePostLogoutPath)
+				logoutUrls := append(appWriteModel.PostLogoutRedirectUris, http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure)+consolePostLogoutPath)
 				consoleChangeEvent, err := project.NewOIDCConfigChangedEvent(
 					ctx,
 					ProjectAggregateFromWriteModel(&appWriteModel.WriteModel),