Replace go-bindata with Go embed
Co-authored-by: nrwiersma <nick@wiersma.co.za>
This commit is contained in:
Antoine
GitHub
parent
7ff13c3e3e
commit
70359e5d27
27 changed files with 142 additions and 205 deletions
68
pkg/api/dashboard/dashboard.go
Normal file
68
pkg/api/dashboard/dashboard.go
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
package dashboard
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/traefik/traefik/v2/webui"
|
||||
)
|
||||
|
||||
// Handler expose dashboard routes.
|
||||
type Handler struct {
|
||||
assets fs.FS // optional assets, to override the webui.FS default
|
||||
}
|
||||
|
||||
// Append adds dashboard routes on the given router, optionally using the given
|
||||
// assets (or webui.FS otherwise).
|
||||
func Append(router *mux.Router, customAssets fs.FS) {
|
||||
assets := customAssets
|
||||
if assets == nil {
|
||||
assets = webui.FS
|
||||
}
|
||||
// Expose dashboard
|
||||
router.Methods(http.MethodGet).
|
||||
Path("/").
|
||||
HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
|
||||
http.Redirect(resp, req, safePrefix(req)+"/dashboard/", http.StatusFound)
|
||||
})
|
||||
|
||||
router.Methods(http.MethodGet).
|
||||
PathPrefix("/dashboard/").
|
||||
HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// allow iframes from our domains only
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
|
||||
w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;")
|
||||
http.StripPrefix("/dashboard/", http.FileServer(http.FS(assets))).ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
func (g Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
assets := g.assets
|
||||
if assets == nil {
|
||||
assets = webui.FS
|
||||
}
|
||||
// allow iframes from our domains only
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
|
||||
w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;")
|
||||
http.FileServer(http.FS(assets)).ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
func safePrefix(req *http.Request) string {
|
||||
prefix := req.Header.Get("X-Forwarded-Prefix")
|
||||
if prefix == "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
parse, err := url.Parse(prefix)
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
if parse.Host != "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
return parse.Path
|
||||
}
|
||||
114
pkg/api/dashboard/dashboard_test.go
Normal file
114
pkg/api/dashboard/dashboard_test.go
Normal file
|
|
@ -0,0 +1,114 @@
|
|||
package dashboard
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
"testing/fstest"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func Test_safePrefix(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
value string
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
desc: "host",
|
||||
value: "https://example.com",
|
||||
expected: "",
|
||||
},
|
||||
{
|
||||
desc: "host with path",
|
||||
value: "https://example.com/foo/bar?test",
|
||||
expected: "",
|
||||
},
|
||||
{
|
||||
desc: "path",
|
||||
value: "/foo/bar",
|
||||
expected: "/foo/bar",
|
||||
},
|
||||
{
|
||||
desc: "path without leading slash",
|
||||
value: "foo/bar",
|
||||
expected: "foo/bar",
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, "http://localhost", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
req.Header.Set("X-Forwarded-Prefix", test.value)
|
||||
|
||||
prefix := safePrefix(req)
|
||||
|
||||
assert.Equal(t, test.expected, prefix)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_ContentSecurityPolicy(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
handler Handler
|
||||
expected int
|
||||
}{
|
||||
{
|
||||
desc: "OK",
|
||||
handler: Handler{
|
||||
assets: fstest.MapFS{"foobar.html": &fstest.MapFile{
|
||||
Mode: 0755,
|
||||
ModTime: time.Now(),
|
||||
}},
|
||||
},
|
||||
expected: http.StatusOK,
|
||||
},
|
||||
{
|
||||
desc: "Not found",
|
||||
handler: Handler{
|
||||
assets: fstest.MapFS{},
|
||||
},
|
||||
expected: http.StatusNotFound,
|
||||
},
|
||||
{
|
||||
desc: "Internal server error",
|
||||
handler: Handler{
|
||||
assets: errorFS{},
|
||||
},
|
||||
expected: http.StatusInternalServerError,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/foobar.html", nil)
|
||||
|
||||
rw := httptest.NewRecorder()
|
||||
|
||||
test.handler.ServeHTTP(rw, req)
|
||||
|
||||
assert.Equal(t, test.expected, rw.Code)
|
||||
assert.Equal(t, "frame-src 'self' https://traefik.io https://*.traefik.io;", rw.Result().Header.Get("Content-Security-Policy"))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
type errorFS struct{}
|
||||
|
||||
func (e errorFS) Open(name string) (fs.File, error) {
|
||||
return nil, errors.New("oops")
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue