mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-01 03:16:31 +02:00
dbd7f55b20
* databroker: add databroker, identity manager, update cache (#864) * databroker: add databroker, identity manager, update cache * fix cache tests * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * authorize: use databroker data for rego policy (#904) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix gitlab test * use v4 backoff * authenticate: databroker changes (#914) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove groups and refresh test * databroker: remove dead code, rename cache url, move dashboard (#925) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * wip * remove groups and refresh test * fix redirect, signout * remove databroker client from proxy * remove unused method * remove user dashboard test * handle missing session ids * session: reject sessions with no id * sessions: invalidate old sessions via databroker server version (#930) * session: add a version field tied to the databroker server version that can be used to invalidate sessions * fix tests * add log * authenticate: create user record immediately, call "get" directly in authorize (#931)
99 lines
2.5 KiB
Go
99 lines
2.5 KiB
Go
//go:generate statik -src=./assets -include=*.svg,*.html,*.css,*.js -ns web
|
|
|
|
// Package frontend handles the generation, and instantiation of Pomerium's
|
|
// html templates.
|
|
package frontend
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"html/template"
|
|
"io/ioutil"
|
|
"mime"
|
|
"net/http"
|
|
"os"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/rakyll/statik/fs"
|
|
|
|
_ "github.com/pomerium/pomerium/internal/frontend/statik" // load static assets
|
|
)
|
|
|
|
const statikNamespace = "web"
|
|
|
|
// NewTemplates loads pomerium's templates. Panics on failure.
|
|
func NewTemplates() (*template.Template, error) {
|
|
statikFS, err := fs.NewWithNamespace(statikNamespace)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("internal/frontend: error creating new file system: %w", err)
|
|
}
|
|
|
|
dataURLs := map[string]template.URL{}
|
|
|
|
err = fs.Walk(statikFS, "/", func(filePath string, fileInfo os.FileInfo, _ error) error {
|
|
if fileInfo.IsDir() {
|
|
return nil
|
|
}
|
|
|
|
file, err := statikFS.Open(filePath)
|
|
if err != nil {
|
|
return fmt.Errorf("internal/frontend: error opening %s: %w", filePath, err)
|
|
}
|
|
defer file.Close()
|
|
|
|
bs, err := ioutil.ReadAll(file)
|
|
if err != nil {
|
|
return fmt.Errorf("internal/frontend: error reading %s: %w", filePath, err)
|
|
}
|
|
|
|
encoded := base64.StdEncoding.EncodeToString(bs)
|
|
dataURLs[filePath] = template.URL(fmt.Sprintf(
|
|
"data:%s;base64,%s", mime.TypeByExtension(path.Ext(filePath)), encoded))
|
|
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
t := template.New("pomerium-templates").Funcs(map[string]interface{}{
|
|
"dataURL": func(p string) template.URL {
|
|
return dataURLs[strings.TrimPrefix(p, "/.pomerium/assets")]
|
|
},
|
|
})
|
|
|
|
err = fs.Walk(statikFS, "/html", func(filePath string, fileInfo os.FileInfo, err error) error {
|
|
if !fileInfo.IsDir() {
|
|
file, err := statikFS.Open(filePath)
|
|
if err != nil {
|
|
return fmt.Errorf("internal/frontend: error opening %s: %w", filePath, err)
|
|
}
|
|
|
|
buf, err := ioutil.ReadAll(file)
|
|
if err != nil {
|
|
return fmt.Errorf("internal/frontend: error reading %s: %w", filePath, err)
|
|
}
|
|
_, err = t.Parse(string(buf))
|
|
if err != nil {
|
|
return fmt.Errorf("internal/frontend: error parsing template %s: %w", filePath, err)
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return t, nil
|
|
}
|
|
|
|
// MustAssetHandler wraps a call to the embedded static file system and panics
|
|
// if the error is non-nil. It is intended for use in variable initializations
|
|
func MustAssetHandler() http.Handler {
|
|
statikFS, err := fs.NewWithNamespace(statikNamespace)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return http.FileServer(statikFS)
|
|
}
|