TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add interceptors for console (#255)

Browse Source 
* add interceptors for console

* add interceptors for console to env.json
This commit is contained in:
Livio Amstutz
2020-06-22 13:17:29 +02:00
committed by GitHub
parent 66cca48b62
commit f68a5e63b5
4 changed files with 81 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
pkg/console/console.go
View File

@@ -5,15 +5,20 @@ import (
"net/http"
"os"
"path"
"strings"
"time"
"github.com/rakyll/statik/fs"
"github.com/caos/zitadel/internal/api/http/middleware"
_ "github.com/caos/zitadel/pkg/console/statik"
)
type Config struct {
Port string
EnvOverwriteDir string
Cache middleware.CacheConfig
CSPDomain string
}
type spaHandler struct {
@@ -23,6 +28,8 @@ type spaHandler struct {
const (
envRequestPath = "/assets/environment.json"
envDefaultDir = "/console/"
manifestFile = "/manifest.webmanifest"
)
func (i *spaHandler) Open(name string) (http.File, error) {
@@ -43,7 +50,33 @@ func Start(ctx context.Context, config Config) error {
if config.EnvOverwriteDir != "" {
envDir = config.EnvOverwriteDir
}
http.Handle("/", http.FileServer(&spaHandler{statikFS}))
http.Handle(envRequestPath, http.StripPrefix("/assets", http.FileServer(http.Dir(envDir))))
cache := AssetsCacheInterceptorIgnoreManifest(config.Cache.MaxAge.Duration, config.Cache.SharedMaxAge.Duration)
security := middleware.SecurityHeaders(csp(config.CSPDomain), nil)
http.Handle("/", cache(security(http.FileServer(&spaHandler{statikFS}))))
http.Handle(envRequestPath, cache(security(http.StripPrefix("/assets", http.FileServer(http.Dir(envDir))))))
return http.ListenAndServe(":"+config.Port, nil)
}
func csp(zitadelDomain string) *middleware.CSP {
if !strings.HasPrefix(zitadelDomain, "*.") {
zitadelDomain = "*." + zitadelDomain
}
csp := middleware.DefaultSCP
csp.StyleSrc = csp.StyleSrc.AddInline().AddHost("fonts.googleapis.com").AddHost("maxst.icons8.com") //TODO: host it
csp.FontSrc = csp.FontSrc.AddHost("fonts.gstatic.com").AddHost("maxst.icons8.com") //TODO: host it
csp.ScriptSrc = csp.ScriptSrc.AddEval()
csp.ConnectSrc = csp.ConnectSrc.AddHost(zitadelDomain)
return &csp
}
func AssetsCacheInterceptorIgnoreManifest(maxAge, sharedMaxAge time.Duration) func(http.Handler) http.Handler {
return func(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == manifestFile {
middleware.NoCacheInterceptor(handler).ServeHTTP(w, r)
return
}
middleware.AssetsCacheInterceptor(maxAge, sharedMaxAge, handler).ServeHTTP(w, r)
})
}
}