5e72ec9c0c
* initial subpath support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make outpost compatible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix static files somewhat Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix most static stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix most web links Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix URL for static files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add root redirect for subpath Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set cookie path Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update internal/config/struct.go Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens L. <jens@beryju.org> * fix sfe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump required version Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow background Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint and some more links Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix impersonate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens L. <jens@goauthentik.io> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
111 lines
3.9 KiB
Go
111 lines
3.9 KiB
Go
package web
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/go-http-utils/etag"
|
|
"github.com/gorilla/mux"
|
|
|
|
"goauthentik.io/internal/config"
|
|
"goauthentik.io/internal/constants"
|
|
"goauthentik.io/internal/utils/web"
|
|
staticWeb "goauthentik.io/web"
|
|
)
|
|
|
|
func (ws *WebServer) configureStatic() {
|
|
// Setup routers
|
|
staticRouter := ws.loggingRouter.NewRoute().Subrouter()
|
|
staticRouter.Use(ws.staticHeaderMiddleware)
|
|
indexLessRouter := staticRouter.NewRoute().Subrouter()
|
|
// Specifically disable index
|
|
indexLessRouter.Use(web.DisableIndex)
|
|
|
|
distFs := http.FileServer(http.Dir("./web/dist"))
|
|
|
|
pathStripper := func(handler http.Handler, paths ...string) http.Handler {
|
|
h := handler
|
|
for _, path := range paths {
|
|
h = http.StripPrefix(path, h)
|
|
}
|
|
return h
|
|
}
|
|
|
|
helpHandler := http.FileServer(http.Dir("./website/help/"))
|
|
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/static/dist/").Handler(pathStripper(
|
|
distFs,
|
|
"static/dist/",
|
|
config.Get().Web.Path,
|
|
))
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/static/authentik/").Handler(pathStripper(
|
|
http.FileServer(http.Dir("./web/authentik")),
|
|
"static/authentik/",
|
|
config.Get().Web.Path,
|
|
))
|
|
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/if/flow/{flow_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
|
|
pathStripper(
|
|
distFs,
|
|
"if/flow/"+vars["flow_slug"],
|
|
config.Get().Web.Path,
|
|
).ServeHTTP(rw, r)
|
|
})
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/if/admin/assets").Handler(http.StripPrefix(fmt.Sprintf("%sif/admin", config.Get().Web.Path), distFs))
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/if/user/assets").Handler(http.StripPrefix(fmt.Sprintf("%sif/user", config.Get().Web.Path), distFs))
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/if/rac/{app_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
|
|
pathStripper(
|
|
distFs,
|
|
"if/rac/"+vars["app_slug"],
|
|
config.Get().Web.Path,
|
|
).ServeHTTP(rw, r)
|
|
})
|
|
|
|
// Media files, if backend is file
|
|
if config.Get().Storage.Media.Backend == "file" {
|
|
fsMedia := http.StripPrefix("/media", http.FileServer(http.Dir(config.Get().Storage.Media.File.Path)))
|
|
indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/media/").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
|
|
fsMedia.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
staticRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/if/help/").Handler(pathStripper(
|
|
helpHandler,
|
|
config.Get().Web.Path,
|
|
"/if/help/",
|
|
))
|
|
staticRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/help").Handler(http.RedirectHandler(fmt.Sprintf("%sif/help/", config.Get().Web.Path), http.StatusMovedPermanently))
|
|
|
|
staticRouter.PathPrefix(config.Get().Web.Path).Path("/robots.txt").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
rw.Header()["Content-Type"] = []string{"text/plain"}
|
|
rw.WriteHeader(200)
|
|
_, err := rw.Write(staticWeb.RobotsTxt)
|
|
if err != nil {
|
|
ws.log.WithError(err).Warning("failed to write response")
|
|
}
|
|
})
|
|
staticRouter.PathPrefix(config.Get().Web.Path).Path("/.well-known/security.txt").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
rw.Header()["Content-Type"] = []string{"text/plain"}
|
|
rw.WriteHeader(200)
|
|
_, err := rw.Write(staticWeb.SecurityTxt)
|
|
if err != nil {
|
|
ws.log.WithError(err).Warning("failed to write response")
|
|
}
|
|
})
|
|
}
|
|
|
|
func (ws *WebServer) staticHeaderMiddleware(h http.Handler) http.Handler {
|
|
etagHandler := etag.Handler(h, false)
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Cache-Control", "public, no-transform")
|
|
w.Header().Set("X-authentik-version", constants.VERSION)
|
|
w.Header().Set("Vary", "X-authentik-version, Etag")
|
|
etagHandler.ServeHTTP(w, r)
|
|
})
|
|
}
|