0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
zot/pkg/extensions/extension_ui.go
Andrei Aaron 5968e7199f
test(ui): add owasp zap scanner in ci/cd (#1224)
(cherry picked from commit 6d03ce5f2d)

Additional changes on top of: 6d03ce5f2d
- Build and use zot from the same branch
do not use a container image as scan target, use the binary
- Fix typo in rules filename
- Add the full rule list to the rules config file
- Ignore some of the specific rules and add reasons
- Add security-related headers to fix some of the issues identified by the scan
- Update UI it includes the latest fixes for zap scan issues

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-27 11:25:47 -08:00

62 lines
1.6 KiB
Go

//go:build search && ui
// +build search,ui
package extensions
import (
"embed"
"io/fs"
"net/http"
"github.com/gorilla/mux"
"zotregistry.io/zot/pkg/api/config"
"zotregistry.io/zot/pkg/log"
"zotregistry.io/zot/pkg/storage"
)
// content is our static web server content.
//
//go:embed build/*
var content embed.FS
type uiHandler struct {
log log.Logger
}
func (uih uiHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
buf, _ := content.ReadFile("build/index.html")
_, err := w.Write(buf)
if err != nil {
uih.log.Error().Err(err).Msg("unable to serve index.html")
}
}
func addUISecurityHeaders(h http.Handler) http.HandlerFunc { //nolint:varnamelen
return func(w http.ResponseWriter, r *http.Request) {
permissionsPolicy := "microphone=(), geolocation=(), battery=(), camera=(), autoplay=(), gyroscope=(), payment=()"
w.Header().Set("Permissions-Policy", permissionsPolicy)
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
h.ServeHTTP(w, r)
}
}
func SetupUIRoutes(config *config.Config, router *mux.Router, storeController storage.StoreController,
log log.Logger,
) {
if config.Extensions.UI != nil {
fsub, _ := fs.Sub(content, "build")
uih := uiHandler{log: log}
router.PathPrefix("/login").Handler(addUISecurityHeaders(uih))
router.PathPrefix("/home").Handler(addUISecurityHeaders(uih))
router.PathPrefix("/explore").Handler(addUISecurityHeaders(uih))
router.PathPrefix("/image").Handler(addUISecurityHeaders(uih))
router.PathPrefix("/").Handler(addUISecurityHeaders(http.FileServer(http.FS(fsub))))
log.Info().Msg("setting up ui routes")
}
}