From c58fe18b97b66616b99ffd748b0f7318bcbcdd03 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 18 May 2021 10:15:52 +0200
Subject: [PATCH] web: remove nginx config, add caching headers to g

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/web/web_static.go         | 14 ++++-
 web/nginx.conf                     | 98 ------------------------------
 web/src/interfaces/flow/index.html |  3 +-
 3 files changed, 14 insertions(+), 101 deletions(-)
 delete mode 100644 web/nginx.conf

diff --git a/internal/web/web_static.go b/internal/web/web_static.go
index a0a0e13c1..921289cef 100644
--- a/internal/web/web_static.go
+++ b/internal/web/web_static.go
@@ -4,16 +4,19 @@ import (
 	"net/http"
 
 	"goauthentik.io/internal/config"
+	"goauthentik.io/internal/constants"
 	staticWeb "goauthentik.io/web"
 )
 
 func (ws *WebServer) configureStatic() {
+	statRouter := ws.lh.NewRoute().Subrouter()
 	if config.G.Debug {
 		ws.log.Debug("Using local static files")
 		ws.lh.PathPrefix("/static/dist").Handler(http.StripPrefix("/static/dist", http.FileServer(http.Dir("./web/dist"))))
 		ws.lh.PathPrefix("/static/authentik").Handler(http.StripPrefix("/static/authentik", http.FileServer(http.Dir("./web/authentik"))))
 	} else {
-		ws.log.Debug("Using packaged static files")
+		statRouter.Use(ws.staticHeaderMiddleware)
+		ws.log.Debug("Using packaged static files with aggressive caching")
 		ws.lh.PathPrefix("/static/dist").Handler(http.StripPrefix("/static", http.FileServer(http.FS(staticWeb.StaticDist))))
 		ws.lh.PathPrefix("/static/authentik").Handler(http.StripPrefix("/static", http.FileServer(http.FS(staticWeb.StaticAuthentik))))
 	}
@@ -41,3 +44,12 @@ func (ws *WebServer) configureStatic() {
 	// Media files, always local
 	ws.lh.PathPrefix("/media").Handler(http.StripPrefix("/media", http.FileServer(http.Dir(config.G.Paths.Media))))
 }
+
+func (ws *WebServer) staticHeaderMiddleware(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Cache-Control", "\"public, no-transform\"")
+		w.Header().Set("X-authentik-version", constants.VERSION)
+		w.Header().Set("Vary", "X-authentik-version")
+		h.ServeHTTP(w, r)
+	})
+}
diff --git a/web/nginx.conf b/web/nginx.conf
deleted file mode 100644
index a96d42c5c..000000000
--- a/web/nginx.conf
+++ /dev/null
@@ -1,98 +0,0 @@
-worker_processes auto;
-pid /tmp/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-error_log /dev/stdout;
-user www-data;
-
-events {
-    worker_connections 768;
-    # multi_accept on;
-}
-
-http {
-
-    ##
-    # Basic Settings
-    ##
-
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
-    types_hash_max_size 2048;
-    # server_tokens off;
-
-    # server_names_hash_bucket_size 64;
-    # server_name_in_redirect off;
-
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    ##
-    # SSL Settings
-    ##
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-    ssl_prefer_server_ciphers on;
-
-    ##
-    # Logging Settings
-    ##
-    log_format json_combined escape=json
-    '{'
-        '"timestamp":"$time_local",'
-        '"host":"$remote_addr",'
-        '"request_username":"$remote_user",'
-        '"event":"$request",'
-        '"status": "$status",'
-        '"size":"$body_bytes_sent",'
-        '"runtime":"$request_time",'
-        '"logger":"nginx",'
-        '"request_useragent":"$http_user_agent"'
-    '}';
-    access_log /dev/null json_combined;
-
-    ##
-    # Gzip Settings
-    ##
-
-    gzip on;
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-    ##
-    # Virtual Host Configs
-    ##
-
-    server {
-        listen      80;
-        server_name _;
-        charset     utf-8;
-        root   /usr/share/nginx/html;
-        index index.html;
-
-        location / {
-            access_log /dev/stdout json_combined;
-        }
-        location /static/ {
-            expires 31d;
-            add_header Cache-Control "public, no-transform";
-            add_header X-authentik-version "2021.5.2";
-            add_header Vary X-authentik-version;
-        }
-
-        location /if/admin {
-            root /usr/share/nginx/html/static/dist;
-            try_files $uri /static/dist/if/admin/index.html;
-        }
-        location /if/flow {
-            root /usr/share/nginx/html/static/dist;
-            try_files $uri /static/dist/if/flow/index.html;
-        }
-    }
-
-}
diff --git a/web/src/interfaces/flow/index.html b/web/src/interfaces/flow/index.html
index cba81f5d7..1b14d8d39 100644
--- a/web/src/interfaces/flow/index.html
+++ b/web/src/interfaces/flow/index.html
@@ -10,9 +10,8 @@
         <link rel="stylesheet" type="text/css" href="/static/dist/empty-state.css">
         <link rel="stylesheet" type="text/css" href="/static/dist/spinner.css">
         <link rel="stylesheet" type="text/css" href="/static/dist/authentik.css">
-        <script>ShadyDOM = { force: !navigator.webdriver };</script>
+        <script>ShadyDOM = { force: !navigator.webdriver }; window["polymerSkipLoadingFontRoboto"] = true;</script>
         <script src="/static/dist/poly.js" type="module"></script>
-        <script>window["polymerSkipLoadingFontRoboto"] = true;</script>
         <script src="/static/dist/FlowInterface.js" type="module"></script>
         <title>authentik</title>
     </head>