2021-01-03 04:28:46 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2021-12-01 13:14:15 +00:00
|
|
|
"io"
|
2021-01-03 04:28:46 +00:00
|
|
|
"os"
|
2022-09-16 01:19:16 +00:00
|
|
|
"path"
|
2021-01-03 04:28:46 +00:00
|
|
|
"path/filepath"
|
2022-12-17 00:49:05 +00:00
|
|
|
"strconv"
|
2022-02-20 23:14:09 +00:00
|
|
|
"strings"
|
2021-01-03 04:28:46 +00:00
|
|
|
"text/template"
|
|
|
|
|
2022-09-16 01:19:16 +00:00
|
|
|
"github.com/valyala/fasthttp"
|
|
|
|
|
2022-12-17 00:49:05 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/logging"
|
2022-02-06 13:37:28 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
2021-01-03 04:28:46 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ServeTemplatedFile serves a templated version of a specified file,
|
|
|
|
// this is utilised to pass information between the backend and frontend
|
|
|
|
// and generate a nonce to support a restrictive CSP while using material-ui.
|
2022-12-17 00:49:05 +00:00
|
|
|
func ServeTemplatedFile(publicDir, file string, opts *TemplatedFileOptions) middlewares.RequestHandler {
|
2021-01-16 23:23:35 +00:00
|
|
|
logger := logging.Logger()
|
|
|
|
|
2022-09-16 01:19:16 +00:00
|
|
|
a, err := assets.Open(path.Join(publicDir, file))
|
2021-01-03 04:28:46 +00:00
|
|
|
if err != nil {
|
2021-01-16 23:23:35 +00:00
|
|
|
logger.Fatalf("Unable to open %s: %s", file, err)
|
2021-01-03 04:28:46 +00:00
|
|
|
}
|
|
|
|
|
2021-12-01 13:14:15 +00:00
|
|
|
b, err := io.ReadAll(a)
|
2021-01-03 04:28:46 +00:00
|
|
|
if err != nil {
|
2021-01-16 23:23:35 +00:00
|
|
|
logger.Fatalf("Unable to read %s: %s", file, err)
|
2021-01-03 04:28:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
tmpl, err := template.New("file").Parse(string(b))
|
|
|
|
if err != nil {
|
2021-01-16 23:23:35 +00:00
|
|
|
logger.Fatalf("Unable to parse %s template: %s", file, err)
|
2021-01-03 04:28:46 +00:00
|
|
|
}
|
|
|
|
|
2022-12-17 00:49:05 +00:00
|
|
|
isDevEnvironment := os.Getenv(environment) == dev
|
2021-08-10 00:31:08 +00:00
|
|
|
|
2022-12-17 00:49:05 +00:00
|
|
|
return func(ctx *middlewares.AutheliaCtx) {
|
2021-12-01 03:32:58 +00:00
|
|
|
logoOverride := f
|
2021-11-15 08:37:58 +00:00
|
|
|
|
2022-12-17 00:49:05 +00:00
|
|
|
if opts.AssetPath != "" {
|
|
|
|
if _, err = os.Stat(filepath.Join(opts.AssetPath, fileLogo)); err == nil {
|
2021-12-01 03:32:58 +00:00
|
|
|
logoOverride = t
|
2021-11-15 08:37:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-03 04:28:46 +00:00
|
|
|
switch extension := filepath.Ext(file); extension {
|
2022-12-17 00:49:05 +00:00
|
|
|
case extHTML:
|
|
|
|
ctx.SetContentTypeTextHTML()
|
|
|
|
case extJSON:
|
|
|
|
ctx.SetContentTypeApplicationJSON()
|
2021-01-03 04:28:46 +00:00
|
|
|
default:
|
2022-12-17 00:49:05 +00:00
|
|
|
ctx.SetContentTypeTextPlain()
|
2021-01-03 04:28:46 +00:00
|
|
|
}
|
|
|
|
|
2022-12-26 21:32:00 +00:00
|
|
|
nonce := utils.RandomString(32, utils.CharSetAlphaNumeric)
|
2022-12-17 00:49:05 +00:00
|
|
|
|
2021-01-03 04:28:46 +00:00
|
|
|
switch {
|
2022-09-16 01:19:16 +00:00
|
|
|
case publicDir == assetsSwagger:
|
2022-10-22 11:19:32 +00:00
|
|
|
ctx.Response.Header.Add(fasthttp.HeaderContentSecurityPolicy, fmt.Sprintf(tmplCSPSwagger, nonce, nonce))
|
2022-02-20 23:14:09 +00:00
|
|
|
case ctx.Configuration.Server.Headers.CSPTemplate != "":
|
2022-10-22 11:19:32 +00:00
|
|
|
ctx.Response.Header.Add(fasthttp.HeaderContentSecurityPolicy, strings.ReplaceAll(ctx.Configuration.Server.Headers.CSPTemplate, placeholderCSPNonce, nonce))
|
2022-12-17 00:49:05 +00:00
|
|
|
case isDevEnvironment:
|
2022-10-22 11:19:32 +00:00
|
|
|
ctx.Response.Header.Add(fasthttp.HeaderContentSecurityPolicy, fmt.Sprintf(tmplCSPDevelopment, nonce))
|
2021-01-03 04:28:46 +00:00
|
|
|
default:
|
2022-10-22 11:19:32 +00:00
|
|
|
ctx.Response.Header.Add(fasthttp.HeaderContentSecurityPolicy, fmt.Sprintf(tmplCSPDefault, nonce))
|
2021-01-03 04:28:46 +00:00
|
|
|
}
|
|
|
|
|
2022-12-17 00:49:05 +00:00
|
|
|
if err = tmpl.Execute(ctx.Response.BodyWriter(), opts.CommonData(ctx.BasePath(), ctx.RootURLSlash().String(), nonce, logoOverride)); err != nil {
|
2022-02-06 13:37:28 +00:00
|
|
|
ctx.RequestCtx.Error("an error occurred", 503)
|
2021-01-16 23:23:35 +00:00
|
|
|
logger.Errorf("Unable to execute template: %v", err)
|
2021-01-03 04:28:46 +00:00
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-08-05 04:02:07 +00:00
|
|
|
|
|
|
|
func writeHealthCheckEnv(disabled bool, scheme, host, path string, port int) (err error) {
|
|
|
|
if disabled {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = os.Stat("/app/healthcheck.sh")
|
|
|
|
if err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = os.Stat("/app/.healthcheck.env")
|
|
|
|
if err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
file, err := os.OpenFile("/app/.healthcheck.env", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
defer func() {
|
|
|
|
_ = file.Close()
|
|
|
|
}()
|
|
|
|
|
|
|
|
if host == "0.0.0.0" {
|
2022-04-07 00:58:51 +00:00
|
|
|
host = localhost
|
2022-03-25 00:56:23 +00:00
|
|
|
} else if strings.Contains(host, ":") {
|
|
|
|
host = "[" + host + "]"
|
2021-08-05 04:02:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
_, err = file.WriteString(fmt.Sprintf(healthCheckEnv, scheme, host, port, path))
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
2022-12-17 00:49:05 +00:00
|
|
|
|
|
|
|
// NewTemplatedFileOptions returns a new *TemplatedFileOptions.
|
|
|
|
func NewTemplatedFileOptions(config *schema.Configuration) (opts *TemplatedFileOptions) {
|
|
|
|
opts = &TemplatedFileOptions{
|
|
|
|
AssetPath: config.Server.AssetPath,
|
|
|
|
DuoSelfEnrollment: f,
|
|
|
|
RememberMe: strconv.FormatBool(config.Session.RememberMeDuration != schema.RememberMeDisabled),
|
|
|
|
ResetPassword: strconv.FormatBool(!config.AuthenticationBackend.PasswordReset.Disable),
|
|
|
|
ResetPasswordCustomURL: config.AuthenticationBackend.PasswordReset.CustomURL.String(),
|
|
|
|
Theme: config.Theme,
|
|
|
|
}
|
|
|
|
|
|
|
|
if !config.DuoAPI.Disable {
|
|
|
|
opts.DuoSelfEnrollment = strconv.FormatBool(config.DuoAPI.EnableSelfEnrollment)
|
|
|
|
}
|
|
|
|
|
|
|
|
return opts
|
|
|
|
}
|
|
|
|
|
|
|
|
// TemplatedFileOptions is a struct which is used for many templated files.
|
|
|
|
type TemplatedFileOptions struct {
|
|
|
|
AssetPath string
|
|
|
|
DuoSelfEnrollment string
|
|
|
|
RememberMe string
|
|
|
|
ResetPassword string
|
|
|
|
ResetPasswordCustomURL string
|
|
|
|
Session string
|
|
|
|
Theme string
|
|
|
|
}
|
|
|
|
|
|
|
|
// CommonData returns a TemplatedFileCommonData with the dynamic options.
|
|
|
|
func (options *TemplatedFileOptions) CommonData(base, baseURL, nonce, logoOverride string) TemplatedFileCommonData {
|
|
|
|
return TemplatedFileCommonData{
|
|
|
|
Base: base,
|
|
|
|
BaseURL: baseURL,
|
|
|
|
CSPNonce: nonce,
|
|
|
|
LogoOverride: logoOverride,
|
|
|
|
DuoSelfEnrollment: options.DuoSelfEnrollment,
|
|
|
|
RememberMe: options.RememberMe,
|
|
|
|
ResetPassword: options.ResetPassword,
|
|
|
|
ResetPasswordCustomURL: options.ResetPasswordCustomURL,
|
|
|
|
Session: options.Session,
|
|
|
|
Theme: options.Theme,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// TemplatedFileCommonData is a struct which is used for many templated files.
|
|
|
|
type TemplatedFileCommonData struct {
|
|
|
|
Base string
|
|
|
|
BaseURL string
|
|
|
|
CSPNonce string
|
|
|
|
LogoOverride string
|
|
|
|
DuoSelfEnrollment string
|
|
|
|
RememberMe string
|
|
|
|
ResetPassword string
|
|
|
|
ResetPasswordCustomURL string
|
|
|
|
Session string
|
|
|
|
Theme string
|
|
|
|
}
|