TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
fd04fb58d0
zitadel/internal/ui/console/console.go
Max Peintner 465081ee6d
fix(console): remove cropper, set avatar url if available (#1865) 
* set avatarurl if available

* lint

* force sidemargin

* dont load image via asset

* rm log

* stylelint

* add ZITADEL domain to csp img src

* sanitize url

* fix undefined link projects

* use name as fallback

* operator: rename uploadServiceURL to assetServiceURL in environment json for console

* remove data

* rm logs

* center crop image

* add avatar to changes

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-06-14 13:53:40 +02:00

107 lines
2.9 KiB
Go
Raw Blame History

package console
import (
"net/http"
"os"
"path"
"strings"
"time"
"github.com/rakyll/statik/fs"
"github.com/caos/zitadel/internal/api/http/middleware"
_ "github.com/caos/zitadel/internal/ui/console/statik"
)
type Config struct {
Port string
EnvOverwriteDir string
ShortCache middleware.CacheConfig
LongCache middleware.CacheConfig
CSPDomain string
}
type spaHandler struct {
fileSystem http.FileSystem
}
const (
envRequestPath = "/assets/environment.json"
envDefaultDir = "/console/"
handlerPrefix = "/console"
)
var (
shortCacheFiles = []string{
"/",
"/index.html",
"/manifest.webmanifest",
"/ngsw.json",
"/ngsw-worker.js",
"/safety-worker.js",
"/worker-basic.min.js",
}
)
func (i *spaHandler) Open(name string) (http.File, error) {
ret, err := i.fileSystem.Open(name)
if !os.IsNotExist(err) || path.Ext(name) != "" {
return ret, err
}
return i.fileSystem.Open("/index.html")
}
func Start(config Config) (http.Handler, string, error) {
statikFS, err := fs.NewWithNamespace("console")
if err != nil {
return nil, "", err
}
envDir := envDefaultDir
if config.EnvOverwriteDir != "" {
envDir = config.EnvOverwriteDir
}
cache := AssetsCacheInterceptorIgnoreManifest(
config.ShortCache.MaxAge.Duration,
config.ShortCache.SharedMaxAge.Duration,
config.LongCache.MaxAge.Duration,
config.LongCache.SharedMaxAge.Duration,
)
security := middleware.SecurityHeaders(csp(config.CSPDomain), nil)
handler := &http.ServeMux{}
handler.Handle("/", cache(security(http.FileServer(&spaHandler{statikFS}))))
handler.Handle(envRequestPath, cache(security(http.StripPrefix("/assets", http.FileServer(http.Dir(envDir))))))
return handler, handlerPrefix, nil
}
func csp(zitadelDomain string) *middleware.CSP {
if !strings.HasPrefix(zitadelDomain, "*.") {
zitadelDomain = "*." + zitadelDomain
}
csp := middleware.DefaultSCP
csp.StyleSrc = csp.StyleSrc.AddInline().AddHost("fonts.googleapis.com").AddHost("maxst.icons8.com") //TODO: host it
csp.FontSrc = csp.FontSrc.AddHost("fonts.gstatic.com").AddHost("maxst.icons8.com") //TODO: host it
csp.ScriptSrc = csp.ScriptSrc.AddEval()
csp.ConnectSrc = csp.ConnectSrc.AddHost(zitadelDomain).
AddHost("fonts.googleapis.com").
AddHost("fonts.gstatic.com").
AddHost("maxst.icons8.com") //TODO: host it
csp.ImgSrc = csp.ImgSrc.AddHost(zitadelDomain).AddScheme("blob")
return &csp
}
func AssetsCacheInterceptorIgnoreManifest(shortMaxAge, shortSharedMaxAge, longMaxAge, longSharedMaxAge time.Duration) func(http.Handler) http.Handler {
return func(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
for _, file := range shortCacheFiles {
if r.URL.Path == file {
middleware.AssetsCacheInterceptor(shortMaxAge, shortSharedMaxAge, handler).ServeHTTP(w, r)
return
}
}
middleware.AssetsCacheInterceptor(longMaxAge, longSharedMaxAge, handler).ServeHTTP(w, r)
return
})
}
}
Reference in New Issue View Git Blame Copy Permalink