fix: caching of assets (correct headers and versioned avatar and variables.css url) (#4118)

* fix: caching of assets (correct headers and versioned avatar url) * serve variables.css versioned and extend shared max age of assets * fix TestCommandSide_AddHumanAvatar * refactor: const types * refactor: return values Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2025-08-12 01:47:33 +00:00 · 2022-08-16 07:04:36 +02:00
parent 0c6b47a081
commit dcac08b1d5
12 changed files with 96 additions and 66 deletions
--- a/internal/api/ui/console/console.go
+++ b/internal/api/ui/console/console.go
@@ -147,12 +147,11 @@ func assetsCacheInterceptorIgnoreManifest(shortMaxAge, shortSharedMaxAge, longMa
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			for _, file := range shortCacheFiles {
 				if r.URL.Path == file || isIndexOrSubPath(r.URL.Path) {
-					middleware.AssetsCacheInterceptor(shortMaxAge, shortSharedMaxAge, handler).ServeHTTP(w, r)
+					middleware.AssetsCacheInterceptor(shortMaxAge, shortSharedMaxAge).Handler(handler).ServeHTTP(w, r)
 					return
 				}
 			}
-			middleware.AssetsCacheInterceptor(longMaxAge, longSharedMaxAge, handler).ServeHTTP(w, r)
-			return
+			middleware.AssetsCacheInterceptor(longMaxAge, longSharedMaxAge).Handler(handler).ServeHTTP(w, r)
 		})
 	}
 }
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
+	"time"

 	"github.com/gorilla/csrf"
 	"github.com/gorilla/mux"
@@ -44,6 +45,7 @@ type Config struct {
 	LanguageCookieName string
 	CSRFCookieName     string
 	Cache              middleware.CacheConfig
+	AssetCache         middleware.CacheConfig
 }

 const (
@@ -62,7 +64,8 @@ func CreateLogin(config Config,
 	externalSecure bool,
 	userAgentCookie,
 	issuerInterceptor,
-	instanceHandler mux.MiddlewareFunc,
+	instanceHandler,
+	assetCache mux.MiddlewareFunc,
 	userCodeAlg crypto.EncryptionAlgorithm,
 	idpConfigAlg crypto.EncryptionAlgorithm,
 	csrfCookieKey []byte,
@@ -84,14 +87,8 @@ func CreateLogin(config Config,
 		return nil, fmt.Errorf("unable to create filesystem: %w", err)
 	}

-	csrfInterceptor, err := createCSRFInterceptor(config.CSRFCookieName, csrfCookieKey, externalSecure, login.csrfErrorHandler())
-	if err != nil {
-		return nil, fmt.Errorf("unable to create csrfInterceptor: %w", err)
-	}
-	cacheInterceptor, err := middleware.DefaultCacheInterceptor(EndpointResources, config.Cache.MaxAge, config.Cache.SharedMaxAge)
-	if err != nil {
-		return nil, fmt.Errorf("unable to create cacheInterceptor: %w", err)
-	}
+	csrfInterceptor := createCSRFInterceptor(config.CSRFCookieName, csrfCookieKey, externalSecure, login.csrfErrorHandler())
+	cacheInterceptor := createCacheInterceptor(config.Cache.MaxAge, config.Cache.SharedMaxAge, assetCache)
 	security := middleware.SecurityHeaders(csp(), login.cspErrorHandler)

 	login.router = CreateRouter(login, statikFS, middleware.TelemetryHandler(IgnoreInstanceEndpoints...), instanceHandler, csrfInterceptor, cacheInterceptor, security, userAgentCookie, issuerInterceptor)
@@ -108,7 +105,7 @@ func csp() *middleware.CSP {
 	return &csp
 }

-func createCSRFInterceptor(cookieName string, csrfCookieKey []byte, externalSecure bool, errorHandler http.Handler) (func(http.Handler) http.Handler, error) {
+func createCSRFInterceptor(cookieName string, csrfCookieKey []byte, externalSecure bool, errorHandler http.Handler) func(http.Handler) http.Handler {
 	path := "/"
 	return func(handler http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -123,7 +120,23 @@ func createCSRFInterceptor(cookieName string, csrfCookieKey []byte, externalSecu
 				csrf.ErrorHandler(errorHandler),
 			)(handler).ServeHTTP(w, r)
 		})
-	}, nil
+	}
+}
+
+func createCacheInterceptor(maxAge, sharedMaxAge time.Duration, assetCache mux.MiddlewareFunc) func(http.Handler) http.Handler {
+	return func(handler http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if strings.HasPrefix(r.URL.Path, EndpointDynamicResources) {
+				assetCache.Middleware(handler).ServeHTTP(w, r)
+				return
+			}
+			if strings.HasPrefix(r.URL.Path, EndpointResources) {
+				middleware.AssetsCacheInterceptor(maxAge, sharedMaxAge).Handler(handler).ServeHTTP(w, r)
+				return
+			}
+			middleware.NoCacheInterceptor().Handler(handler).ServeHTTP(w, r)
+		})
+	}
 }

 func (l *Login) Handler() http.Handler {
--- a/internal/api/ui/login/renderer.go
+++ b/internal/api/ui/login/renderer.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"path"
 	"strings"
+	"time"

 	"github.com/gorilla/csrf"
 	"github.com/zitadel/logging"
@@ -84,19 +85,13 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage
 			return path.Join(r.pathPrefix, EndpointResources, "themes", theme, file)
 		},
 		"hasCustomPolicy": func(policy *domain.LabelPolicy) bool {
-			if policy != nil {
-				return true
-			}
-			return false
+			return policy != nil
 		},
 		"hasWatermark": func(policy *domain.LabelPolicy) bool {
-			if policy != nil && policy.DisableWatermark {
-				return false
-			}
-			return true
+			return policy == nil || !policy.DisableWatermark
 		},
 		"variablesCssFileUrl": func(orgID string, policy *domain.LabelPolicy) string {
-			cssFile := domain.CssPath + "/" + domain.CssVariablesFileName
+			cssFile := domain.CssPath + "/" + domain.CssVariablesFileName + "?v=" + policy.ChangeDate.Format(time.RFC3339)
 			return path.Join(r.pathPrefix, fmt.Sprintf("%s?%s=%s&%s=%v&%s=%s", EndpointDynamicResources, "orgId", orgID, "default-policy", policy.Default, "filename", cssFile))
 		},
 		"customLogoResource": func(orgID string, policy *domain.LabelPolicy, darkMode bool) string {