mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
6db5455762
This change will allow us to collect frontend code coverage from our Selenium based integration tests. Given that the frontend is embedded into the Go binary and the integration tests run with a compiled binary in Docker this poses some issues with the instrumented code and the ability for it to run in this manner. To fix this we need to relax Authelia's CSP for the integration tests. This is achieved by setting the env variable `ENVIRONMENT` to `dev`.
56 lines
1.8 KiB
Go
56 lines
1.8 KiB
Go
package server
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"text/template"
|
|
|
|
"github.com/valyala/fasthttp"
|
|
|
|
"github.com/authelia/authelia/internal/logging"
|
|
"github.com/authelia/authelia/internal/utils"
|
|
)
|
|
|
|
var alphaNumericRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
|
|
|
|
// ServeIndex serve the index.html file with nonce generated for supporting
|
|
// restrictive CSP while using material-ui from the embedded virtual filesystem.
|
|
//go:generate broccoli -src ../../public_html -o public_html
|
|
func ServeIndex(publicDir, base, rememberMe, resetPassword string) fasthttp.RequestHandler {
|
|
f, err := br.Open(publicDir + "/index.html")
|
|
if err != nil {
|
|
logging.Logger().Fatalf("Unable to open index.html: %v", err)
|
|
}
|
|
|
|
b, err := ioutil.ReadAll(f)
|
|
if err != nil {
|
|
logging.Logger().Fatalf("Unable to read index.html: %v", err)
|
|
}
|
|
|
|
tmpl, err := template.New("index").Parse(string(b))
|
|
if err != nil {
|
|
logging.Logger().Fatalf("Unable to parse index.html template: %v", err)
|
|
}
|
|
|
|
return func(ctx *fasthttp.RequestCtx) {
|
|
nonce := utils.RandomString(32, alphaNumericRunes)
|
|
|
|
ctx.SetContentType("text/html; charset=utf-8")
|
|
|
|
if os.Getenv("ENVIRONMENT") == dev {
|
|
ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'unsafe-eval'; object-src 'none'; style-src 'self' 'nonce-%s'", nonce))
|
|
} else {
|
|
ctx.Response.Header.Add("Content-Security-Policy", fmt.Sprintf("default-src 'self'; object-src 'none'; style-src 'self' 'nonce-%s'", nonce))
|
|
}
|
|
|
|
err := tmpl.Execute(ctx.Response.BodyWriter(), struct{ Base, CSPNonce, RememberMe, ResetPassword string }{Base: base, CSPNonce: nonce, RememberMe: rememberMe, ResetPassword: resetPassword})
|
|
if err != nil {
|
|
ctx.Error("An error occurred", 503)
|
|
logging.Logger().Errorf("Unable to execute template: %v", err)
|
|
|
|
return
|
|
}
|
|
}
|
|
}
|