Merge pull request #2025 from corybolar/embedded-static-files

Embed static stylesheets and dependencies
2023-08-25 10:37:27 +01:00 · 2023-08-25 10:37:27 +01:00 · 9215944ccc
parent bd867b5138 40ee2bb944
commit 9215944ccc
8 changed files with 23 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -23,6 +23,7 @@
 - [#2013](https://github.com/oauth2-proxy/oauth2-proxy/pull/2013) Upgrade alpine to version 3.17.2 and library dependencies (@miguelborges99)
 - [#2047](https://github.com/oauth2-proxy/oauth2-proxy/pull/2047) CVE-2022-41717: DoS in Go net/http may lead to DoS (@miguelborges99)
 - [#1921](https://github.com/oauth2-proxy/oauth2-proxy/pull/1921) Check jsonpath syntax before interpretation
+- [#2025](https://github.com/oauth2-proxy/oauth2-proxy/pull/2025) Embed static stylesheets and dependencies

 # V7.4.0

--- a/docs/docs/features/endpoints.md
+++ b/docs/docs/features/endpoints.md
@ -15,6 +15,7 @@ OAuth2 Proxy responds directly to the following endpoints. All other endpoints w
 - /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
 - /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
 - /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the [Nginx `auth_request` directive](../configuration/overview.md#configuring-for-use-with-the-nginx-auth_request-directive)
+- /oauth2/static/\* - stylesheets and other dependencies used in the sign_in and error pages

 ### Sign out

--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"embed"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -50,6 +51,7 @@ const (
 	oauthCallbackPath = "/callback"
 	authOnlyPath      = "/auth"
 	userInfoPath      = "/userinfo"
+	staticPathPrefix  = "/static/"
 )

 var (
@ -58,6 +60,9 @@ var (

 	// ErrAccessDenied means the user should receive a 401 Unauthorized response
 	ErrAccessDenied = errors.New("access denied")
+
+	//go:embed static/*
+	staticFiles embed.FS
 )

 // allowedRoute manages method + path based allowlists
@ -320,6 +325,9 @@ func (p *OAuthProxy) buildProxySubrouter(s *mux.Router) {
 	s.Path(oauthStartPath).HandlerFunc(p.OAuthStart)
 	s.Path(oauthCallbackPath).HandlerFunc(p.OAuthCallback)

+	// Static file paths
+	s.PathPrefix(staticPathPrefix).Handler(http.StripPrefix(p.ProxyPrefix, http.FileServer(http.FS(staticFiles))))
+
 	// The userinfo endpoint needs to load sessions before handling the request
 	s.Path(userInfoPath).Handler(p.sessionChain.ThenFunc(p.UserInfo))
 }
--- a/pkg/app/pagewriter/error.html
+++ b/pkg/app/pagewriter/error.html
@ -5,8 +5,8 @@
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
  <title>{{.StatusCode}} {{.Title}}</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.1/css/bulma.min.css">
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css">
+<link rel="stylesheet" href="{{.ProxyPrefix}}/static/css/bulma.min.css">
+<link rel="stylesheet" href="{{.ProxyPrefix}}/static/css/all.min.css">

 <script type="text/javascript">
  document.addEventListener('DOMContentLoaded', function() {
--- a/pkg/app/pagewriter/sign_in.html
+++ b/pkg/app/pagewriter/sign_in.html
@ -5,7 +5,7 @@
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
    <title>Sign In</title>
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.1/css/bulma.min.css">
+    <link rel="stylesheet" href="{{.ProxyPrefix}}/static/css/bulma.min.css">

    <style>
      body {
--- a/static/css/all.min.css
+++ b/static/css/all.min.css
--- a/static/css/bulma.min.css
+++ b/static/css/bulma.min.css
--- a/static/webfonts/fa-solid-900.woff2
+++ b/static/webfonts/fa-solid-900.woff2