fix: improve exhausted SetCookie header (#5789)

* fix: remove access interceptor for console

* feat: template quota cookie value

* fix: send exhausted cookie from grpc-gateway

* refactor: remove ineffectual err assignments

* Update internal/api/grpc/server/gateway.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

* use dynamic host header to find instance

* add instance mgmt url to environment.json

* support hosts with default ports

* fix linting

* docs: update lb example

* print access logs to stdout

* fix grpc gateway exhausted cookies

* cleanup

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

internal/api/ui/console/console.go

@@ -1,9 +1,11 @@
 package console
 
 import (
+	"bytes"
 	"embed"
 	"encoding/json"
 	"fmt"
+	"html/template"
 	"io/fs"
 	"net/http"
 	"os"
@@ -22,8 +24,9 @@ import (
 )
 
 type Config struct {
-	ShortCache middleware.CacheConfig
-	LongCache  middleware.CacheConfig
+	ShortCache            middleware.CacheConfig
+	LongCache             middleware.CacheConfig
+	InstanceManagementURL string
 }
 
 type spaHandler struct {
@@ -106,7 +109,13 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, call
 	handler.Use(callDurationInterceptor, instanceHandler, security, accessInterceptor)
 	handler.Handle(envRequestPath, middleware.TelemetryHandler()(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		url := http_util.BuildOrigin(r.Host, externalSecure)
-		environmentJSON, err := createEnvironmentJSON(url, issuer(r), authz.GetInstance(r.Context()).ConsoleClientID(), customerPortal)
+		instance := authz.GetInstance(r.Context())
+		instanceMgmtURL, err := templateInstanceManagementURL(config.InstanceManagementURL, instance)
+		if err != nil {
+			http.Error(w, fmt.Sprintf("unable to template instance management url for console: %v", err), http.StatusInternalServerError)
+			return
+		}
+		environmentJSON, err := createEnvironmentJSON(url, issuer(r), instance.ConsoleClientID(), customerPortal, instanceMgmtURL)
 		if err != nil {
 			http.Error(w, fmt.Sprintf("unable to marshal env for console: %v", err), http.StatusInternalServerError)
 			return
@@ -118,6 +127,18 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, call
 	return handler, nil
 }
 
+func templateInstanceManagementURL(templateableCookieValue string, instance authz.Instance) (string, error) {
+	cookieValueTemplate, err := template.New("cookievalue").Parse(templateableCookieValue)
+	if err != nil {
+		return templateableCookieValue, err
+	}
+	cookieValue := new(bytes.Buffer)
+	if err = cookieValueTemplate.Execute(cookieValue, instance); err != nil {
+		return templateableCookieValue, err
+	}
+	return cookieValue.String(), nil
+}
+
 func csp() *middleware.CSP {
 	csp := middleware.DefaultSCP
 	csp.StyleSrc = csp.StyleSrc.AddInline()
@@ -127,17 +148,19 @@ func csp() *middleware.CSP {
 	return &csp
 }
 
-func createEnvironmentJSON(api, issuer, clientID, customerPortal string) ([]byte, error) {
+func createEnvironmentJSON(api, issuer, clientID, customerPortal, instanceMgmtUrl string) ([]byte, error) {
 	environment := struct {
-		API            string `json:"api,omitempty"`
-		Issuer         string `json:"issuer,omitempty"`
-		ClientID       string `json:"clientid,omitempty"`
-		CustomerPortal string `json:"customer_portal,omitempty"`
+		API                   string `json:"api,omitempty"`
+		Issuer                string `json:"issuer,omitempty"`
+		ClientID              string `json:"clientid,omitempty"`
+		CustomerPortal        string `json:"customer_portal,omitempty"`
+		InstanceManagementURL string `json:"instance_management_url,omitempty"`
 	}{
-		API:            api,
-		Issuer:         issuer,
-		ClientID:       clientID,
-		CustomerPortal: customerPortal,
+		API:                   api,
+		Issuer:                issuer,
+		ClientID:              clientID,
+		CustomerPortal:        customerPortal,
+		InstanceManagementURL: instanceMgmtUrl,
 	}
 	return json.Marshal(environment)
 }