internal/frontend : serve static assets (#392)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-08-02 00:10:45 +02:00 · 2019-11-22 17:46:01 -08:00 · 2019-11-22 17:46:01 -08:00 · ebee64b70b
commit ebee64b70b
parent f20d913abe
24 changed files with 700 additions and 502 deletions
--- a/authenticate/authenticate.go
+++ b/authenticate/authenticate.go
@ -14,9 +14,9 @@ import (
 	"github.com/pomerium/pomerium/internal/encoding"
 	"github.com/pomerium/pomerium/internal/encoding/ecjson"
 	"github.com/pomerium/pomerium/internal/encoding/jws"
+	"github.com/pomerium/pomerium/internal/frontend"
 	"github.com/pomerium/pomerium/internal/identity"
 	"github.com/pomerium/pomerium/internal/sessions"
-	"github.com/pomerium/pomerium/internal/templates"
 	"github.com/pomerium/pomerium/internal/urlutil"
 )

@ -147,6 +147,6 @@ func New(opts config.Options) (*Authenticate, error) {
 		// IdP
 		provider: provider,

-		templates: templates.New(),
+		templates: template.Must(frontend.NewTemplates()),
 	}, nil
 }
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@ -21,21 +21,10 @@ import (
 	"github.com/pomerium/pomerium/internal/urlutil"
 )

-// CSPHeaders are the content security headers added to the service's handlers
-// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
-var CSPHeaders = map[string]string{
-	"Content-Security-Policy": "default-src 'none'; style-src 'self'" +
-		" 'sha256-z9MsgkMbQjRSLxzAfN55jB3a9pP0PQ4OHFH8b4iDP6s=' " +
-		" 'sha256-qnVkQSG7pWu17hBhIw0kCpfEB3XGvt0mNRa6+uM6OUU=' " +
-		" 'sha256-qOdRsNZhtR+htazbcy7guQl3Cn1cqOw1FcE4d3llae0='; " +
-		"img-src 'self';",
-	"Referrer-Policy": "Same-origin",
-}
-
 // Handler returns the authenticate service's handler chain.
 func (a *Authenticate) Handler() http.Handler {
 	r := httputil.NewRouter()
-	r.Use(middleware.SetHeaders(CSPHeaders))
+	r.Use(middleware.SetHeaders(httputil.HeadersContentSecurityPolicy))
 	r.Use(csrf.Protect(
 		a.cookieSecret,
 		csrf.Secure(a.cookieOptions.Secure),
--- a/authenticate/handlers_test.go
+++ b/authenticate/handlers_test.go
@ -4,6 +4,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"html/template"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@ -13,9 +14,9 @@ import (
 	"github.com/pomerium/pomerium/internal/cryptutil"
 	"github.com/pomerium/pomerium/internal/encoding"
 	"github.com/pomerium/pomerium/internal/encoding/mock"
+	"github.com/pomerium/pomerium/internal/frontend"
 	"github.com/pomerium/pomerium/internal/identity"
 	"github.com/pomerium/pomerium/internal/sessions"
-	"github.com/pomerium/pomerium/internal/templates"

 	"github.com/google/go-cmp/cmp"
 	"golang.org/x/crypto/chacha20poly1305"
@ -29,7 +30,7 @@ func testAuthenticate() *Authenticate {
 	auth.sharedKey = cryptutil.NewBase64Key()
 	auth.cookieSecret = cryptutil.NewKey()
 	auth.cookieOptions = &sessions.CookieOptions{Name: "name"}
-	auth.templates = templates.New()
+	auth.templates = template.Must(frontend.NewTemplates())
 	return &auth
 }

@ -189,7 +190,7 @@ func TestAuthenticate_SignOut(t *testing.T) {
 			a := &Authenticate{
 				sessionStore: tt.sessionStore,
 				provider:     tt.provider,
-				templates:    templates.New(),
+				templates:    template.Must(frontend.NewTemplates()),
 			}
 			u, _ := url.Parse("/sign_out")
 			params, _ := url.ParseQuery(u.RawQuery)