feat: embed console into go binary (#3391)

.gitignore

@@ -54,6 +54,7 @@ console/src/app/proto/generated/
 openapi/**/*.json
 /internal/api/assets/authz.go
 /internal/api/assets/router.go
+/internal/api/ui/console/static/*
 
 # local
 build/local/cloud.env

.goreleaser.yaml

@@ -13,6 +13,7 @@ before:
     - sh -c "cp -r .artifacts/grpc/go-client/* ."
     - docker build -f build/console/Dockerfile . -t zitadel-npm-base --target npm-copy -o .artifacts/grpc/js-client
     - docker build -f build/console/Dockerfile . -t zitadel-npm-base --target angular-export -o .artifacts/console
+    - sh -c "cp -r .artifacts/console/* internal/api/ui/console/static/"
 builds:
   - env:
       - CGO_ENABLED=0

cmd/admin/start/start.go

@@ -185,7 +185,7 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
 	}
 	apis.RegisterHandler(console.HandlerPrefix, c)
 
-	l, err := login.CreateLogin(config.Login, commands, queries, authRepo, store, config.SystemDefaults, console.HandlerPrefix, config.ExternalDomain, baseURL, oidc.AuthCallback, config.ExternalSecure, userAgentInterceptor, instanceInterceptor.Handler, keys.User, keys.IDPConfig, keys.CSRFCookieKey)
+	l, err := login.CreateLogin(config.Login, commands, queries, authRepo, store, config.SystemDefaults, console.HandlerPrefix+"/", config.ExternalDomain, baseURL, oidc.AuthCallback, config.ExternalSecure, userAgentInterceptor, instanceInterceptor.Handler, keys.User, keys.IDPConfig, keys.CSRFCookieKey)
 	if err != nil {
 		return fmt.Errorf("unable to start login: %w", err)
 	}

console/package.json

@@ -5,7 +5,7 @@
     "ng": "ng",
     "start": "ng serve",
     "build": "ng build",
-    "prodbuild": "ng build --aot=true --buildOptimizer=true",
+    "prodbuild": "ng build --aot=true --buildOptimizer=true --base-href=/ui/console/",
     "lint": "ng lint && stylelint './src/**/*.scss' --syntax scss"
   },
   "private": true,

internal/api/ui/console/console.go

@@ -1,8 +1,10 @@
 package console
 
 import (
+	"embed"
 	"encoding/json"
 	"fmt"
+	"io/fs"
 	"net/http"
 	"os"
 	"path"
@@ -26,9 +28,13 @@ type spaHandler struct {
 	fileSystem http.FileSystem
 }
 
+var (
+	//go:embed static/*
+	static embed.FS
+)
+
 const (
 	envRequestPath = "/assets/environment.json"
-	consoleDefaultDir = "./console/"
 	HandlerPrefix  = "/ui/console"
 )
 
@@ -54,12 +60,10 @@ func (i *spaHandler) Open(name string) (http.File, error) {
 }
 
 func Start(config Config, domain, url, issuer string, instanceHandler func(http.Handler) http.Handler) (http.Handler, error) {
-	consoleDir := consoleDefaultDir
+	fSys, err := fs.Sub(static, "static")
-	if config.ConsoleOverwriteDir != "" {
+	if err != nil {
-		consoleDir = config.ConsoleOverwriteDir
+		return nil, err
 	}
-	consoleHTTPDir := http.Dir(consoleDir)
-
 	cache := assetsCacheInterceptorIgnoreManifest(
 		config.ShortCache.MaxAge,
 		config.ShortCache.SharedMaxAge,
@@ -69,7 +73,7 @@ func Start(config Config, domain, url, issuer string, instanceHandler func(http.
 	security := middleware.SecurityHeaders(csp(domain), nil)
 
 	handler := &http.ServeMux{}
-	handler.Handle("/", cache(security(http.FileServer(&spaHandler{consoleHTTPDir}))))
+	handler.Handle("/", cache(security(http.FileServer(&spaHandler{http.FS(fSys)}))))
 	handler.Handle(envRequestPath, instanceHandler(cache(security(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		instance := authz.GetInstance(r.Context())
 		if instance.InstanceID() == "" {