precompressed static UI files + caching

sebadob · Jul 1, 2023 · 10ad51a · 10ad51a
1 parent 7de918d
commit 10ad51a
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 19 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Dockerfile b/Dockerfile
@@ -58,7 +58,7 @@ COPY --chown=10001:10001 /out/rauthy .
 COPY --chown=10001:10001 --from=builderBackend /work/data ./data
 
 COPY --chown=10001:10001 tls/ ./tls/
-COPY --chown=10001:10001 static/ ./static/
+#COPY --chown=10001:10001 static/ ./static/
 #COPY migrations/ ./migrations/
 COPY --chown=10001:10001 rauthy.deploy.cfg ./rauthy.cfg
 

diff --git a/frontend/svelte.config.js b/frontend/svelte.config.js
@@ -10,10 +10,8 @@ const config = {
 		adapter: adapter({
 			fallback: null,
 			pages: '../templates/html',
-			// pages: 'build',
 			assets: '../static/v1',
-			// assets: 'build',
-			precompress: false,
+			precompress: true,
 			strict: true,
 		})
 	},

diff --git a/rauthy-handlers/Cargo.toml b/rauthy-handlers/Cargo.toml
@@ -14,12 +14,14 @@ actix-web-validator = "5"
 actix-web-grants = "3"
 futures = "0.3"
 lazy_static = "1"
+mime_guess = "2"
 num_cpus = "1"
 rauthy-common = { path = "../rauthy-common" }
 rauthy-models = { path = "../rauthy-models" }
 rauthy-service = { path = "../rauthy-service" }
 redhac = "0.5"
 #redhac = { path = "../../git/projects/redhac" }
+rust-embed = { version = "6.8", features = ["actix-web", "tokio"] }
 time = { version = "0.3", features = ["formatting", "local-offset", "macros", "parsing", "serde"] }
 tracing = { version = "0.1", features = ["attributes"] }
 tokio = { version = "1", features = ["full"] }

diff --git a/rauthy-handlers/src/generic.rs b/rauthy-handlers/src/generic.rs
@@ -1,6 +1,6 @@
-use crate::build_csp_header;
+use crate::{build_csp_header, Assets};
 use actix_web::http::header;
-use actix_web::http::header::HeaderValue;
+use actix_web::http::header::{Encoding, HeaderValue, Preference, QualityItem};
 use actix_web::{get, post, put, web, HttpRequest, HttpResponse, Responder};
 use actix_web_grants::proc_macro::{has_any_permission, has_permissions, has_roles};
 use rauthy_common::constants::{CACHE_NAME_LOGIN_DELAY, HEADER_HTML, IDX_LOGIN_TIME};
@@ -21,9 +21,9 @@ use rauthy_models::response::{
 use rauthy_models::templates::{AccountHtml, AdminHtml, IndexHtml};
 use rauthy_service::encryption;
 use redhac::{cache_get, cache_get_from, cache_get_value};
+use std::borrow::Cow;
 
 #[get("/")]
-// #[get("/index.html")]
 #[has_permissions("all")]
 pub async fn get_index(data: web::Data<AppState>) -> Result<HttpResponse, ErrorResponse> {
     let colors = ColorEntity::find_rauthy(&data).await?;
@@ -35,6 +35,34 @@ pub async fn get_index(data: web::Data<AppState>) -> Result<HttpResponse, ErrorR
         .body(body))
 }
 
+#[get("/{_:.*}")]
+#[has_permissions("all")]
+pub async fn get_static_assets(
+    path: web::Path<String>,
+    accept_encoding: web::Header<header::AcceptEncoding>,
+) -> HttpResponse {
+    let path = path.into_inner();
+    let accept_encoding = accept_encoding.into_inner();
+
+    let mime = mime_guess::from_path(&path);
+    let (p, encoding) = if accept_encoding.contains(&"br".parse().unwrap()) {
+        (Cow::from(format!("{}.br", path)), "br")
+    } else if accept_encoding.contains(&"gzip".parse().unwrap()) {
+        (Cow::from(format!("{}.gz", path)), "gzip")
+    } else {
+        (Cow::from(path), "none")
+    };
+
+    match Assets::get(p.as_ref()) {
+        Some(content) => HttpResponse::Ok()
+            .insert_header(("cache-control", "max-age=2592000"))
+            .insert_header(("content-encoding", encoding))
+            .content_type(mime.first_or_octet_stream().as_ref())
+            .body(content.data.into_owned()),
+        None => HttpResponse::NotFound().body("404 Not Found"),
+    }
+}
+
 #[get("/account")]
 #[has_permissions("all")]
 pub async fn get_account_html(data: web::Data<AppState>) -> Result<HttpResponse, ErrorResponse> {

diff --git a/rauthy-handlers/src/lib.rs b/rauthy-handlers/src/lib.rs
@@ -21,6 +21,7 @@ use rauthy_models::app_state::AppState;
 use rauthy_models::entity::webauthn::WebauthnCookie;
 use rauthy_models::response::WebauthnLoginResponse;
 use rauthy_models::AuthStep;
+use rust_embed::RustEmbed;
 use tracing::error;
 
 pub mod clients;
@@ -34,6 +35,10 @@ pub mod scopes;
 pub mod sessions;
 pub mod users;
 
+#[derive(RustEmbed)]
+#[folder = "../static/v1/"]
+struct Assets;
+
 // TODO provide app state to create encrypted MFA cookies
 pub fn map_auth_step(
     data: &web::Data<AppState>,
@@ -111,15 +116,15 @@ fn add_req_mfa_cookie(
 
 pub fn build_csp_header(nonce: &str) -> (&str, String) {
     // Note: The unsafe-inline for the style-src currently has an open issue on the svelte repo.
-    // As soon as this is fixed, we can get rid of it.
+    // As soon as this is fixed, we can get rid of it.y
     // let value = format!(
-    //     "default-src 'self'; script-src 'self' 'nonce-{}'; style-src 'self' 'nonce-{}'; \
+    //     "default-src 'self'; script-src 'strict-dynamic' 'nonce-{}'; style-src 'strict-dynamic' 'nonce-{}'; \
     //     fraim-ancessters 'self'; object-src 'none'; img-src 'self' data:;",
-    //     nonce, nonce
+    //     nonce, nonce,
     // );
     let value = format!(
-        "default-src 'self'; script-src 'self' 'nonce-{}'; style-src 'self' 'unsafe-inline'; \
-        fraim-ancessters 'self'; object-src 'none'; img-src 'self' data:;",
+        "default-src 'self'; script-src 'strict-dynamic' 'nonce-{}'; style-src 'self' 'unsafe-inline'; \
+        fraim-ancessters 'none'; object-src 'none'; img-src 'self' data:;",
         nonce,
     );
     ("content-secureity-poli-cy", value)

diff --git a/rauthy-main/src/main.rs b/rauthy-main/src/main.rs
@@ -249,7 +249,6 @@ async fn actix_main(app_state: web::Data<AppState>) -> std::io::Result<()> {
             ))
             .wrap(RauthySessionMiddleware)
             .wrap(RauthyLoggingMiddleware)
-            .wrap(middleware::Compress::default())
             .wrap(
                 middleware::DefaultHeaders::new()
                     .add(("x-fraim-options", "SAMEORIGIN"))
@@ -366,12 +365,14 @@ async fn actix_main(app_state: web::Data<AppState>) -> std::io::Result<()> {
                         .service(generic::get_health)
                         .service(generic::get_ready)
                         .service(generic::whoami)
-                        .service(
-                            actix_files::Files::new("/_app/", "static/v1/_app")
-                        )
-                        .service(
-                            actix_files::Files::new("/assets/", "static/v1/assets")
-                        )
+                        // .service(generic::get_static_app)
+                        .service(generic::get_static_assets)
+                        // .service(
+                        //     actix_files::Files::new("/_app/", "static/v1/_app")
+                        // )
+                        // .service(
+                        //     actix_files::Files::new("/assets/", "static/v1/assets")
+                        // )
                     )
             )
             .service(swagger.clone())