feat: support error page templeting

shelmangroup · Oct 7, 2024 · 55601ea · 55601ea
1 parent 0e80940
commit 55601ea
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 64 deletions.
diff --git a/authz/authz.go b/authz/authz.go
@@ -593,6 +593,11 @@ func (s *Service) authResponse(success bool, httpStatusCode envoy_type.StatusCod
 			},
 		}
 	}
+	errorContentType := "text/plain"
+	if s.cfg.ErrorTemplateContentType != "" {
+		errorContentType = s.cfg.ErrorTemplateContentType
+	}
+
 	return &auth.CheckResponse{
 		Status: &rpcstatus.Status{
 			Code: int32(rpc.PERMISSION_DENIED),
@@ -606,76 +611,29 @@ func (s *Service) authResponse(success bool, httpStatusCode envoy_type.StatusCod
 					&core.HeaderValueOption{
 						Header: &core.HeaderValue{
 							Key:   "Content-Type",
-							Value: "text/html; charset=utf-8",
+							Value: errorContentType,
 						},
 					}),
-				Body: s.genErrorHtmlPage(body),
+				Body: s.genErrorTemplate(body),
 			},
 		},
 	}
 }
 
-func (s *Service) genErrorHtmlPage(msg string) string {
+func (s *Service) genErrorTemplate(msg string) string {
 	tplData := struct {
 		Message string
 	}{
 		Message: msg,
 	}
 
+	errorTemplate := `envoy-oidc-authserver error: {{ .Message }}`
+	if s.cfg.ErrorTemplate != "" {
+		errorTemplate = s.cfg.ErrorTemplate
+	}
+
 	// Define our template
-	t := template.Must(template.New("error").Parse(`
-    <!DOCTYPE html>
-    <html>
-     <head>
-      <title>Error</title>
-      <link href="https://fonts.googleapis.com/css2?family=Fira+Code&display=swap" rel="stylesheet">
-      <style>
-        body {
-          background-color: #333;
-          color: white;
-          text-align: center;
-          font-family: 'Fira Code', monospace;
-        }
-
-        .main {
-          display: block;
-          position: relative;
-          margin: 50px auto 0 auto;
-          width: 600px;
-        }
-
-        .main h1 {
-          font-size: 80px;
-          line-height: 36px;
-          color: #fff;
-        }
-
-        .box {
-          width: 400px;
-          display: flex;
-          border: 2px solid #000;
-          margin: 0 auto 15px;
-          text-align: center;
-          padding: 30px;
-          font-weight: bold;
-          border-radius: 10px;
-        }
-
-        .error {
-          background-color: #EBB1B1;
-          border-color: #973939;
-          color: #973939;
-        }
-      </style>
-     </head>
-     <body>
-      <div class="main">
-      <h1>$#*!🤦</h1>
-        <div class="error box"> {{ .Message }} </div>
-      </div>
-     </body>
-    </html>
-  `))
+	t := template.Must(template.New("error").Parse(errorTemplate))
 
 	// Render our template
 	body := new(bytes.Buffer)

diff --git a/authz/config.go b/authz/config.go
@@ -13,8 +13,10 @@ import (
 )
 
 type Config struct {
-	SessionExpiration string         `yaml:"sessionExpiration"`
-	Providers         []OIDCProvider `yaml:"providers"`
+	SessionExpiration        string         `yaml:"sessionExpiration"`
+	ErrorTemplate            string         `yaml:"errorTemplate"`
+	ErrorTemplateContentType string         `yaml:"errorTemplateContentType"`
+	Providers                []OIDCProvider `yaml:"providers"`
 }
 
 type LogoutConfig struct {
@@ -23,16 +25,15 @@ type LogoutConfig struct {
 }
 
 type OIDCProvider struct {
-	p              oidc.UnimplementedAuthProvider
-	preAuthPolicy  *policy.Policy
-	postAuthPolicy *policy.Policy
-
+	p                              oidc.UnimplementedAuthProvider
+	preAuthPolicy                  *policy.Policy
+	postAuthPolicy                 *policy.Policy
 	HeaderMatch                    HeaderMatch  `yaml:"headerMatch"`
 	Logout                         LogoutConfig `yaml:"logout"`
-	ClientID                       string       `yaml:"clientID"`
+	CookieNamePrefix               string       `yaml:"cookieNamePrefix"`
 	CallbackURI                    string       `yaml:"callbackURI"`
 	ClientSecret                   string       `yaml:"clientSecret"`
-	CookieNamePrefix               string       `yaml:"cookieNamePrefix"`
+	ClientID                       string       `yaml:"clientID"`
 	PreAuthPolicy                  string       `yaml:"preAuthPolicy"`
 	PostAuthPolicy                 string       `yaml:"postAuthPolicy"`
 	IssuerURL                      string       `yaml:"issuerURL"`

diff --git a/run/config/providers.yaml b/run/config/providers.yaml
@@ -1,4 +1,57 @@
 sessionExpiration: 48h
+errorTemplateContentType: text/html; charset=utf-8
+errorTemplate: |
+  <html>
+  <head>
+    <title>Something went wrong</title>
+    <link href="https://fonts.googleapis.com/css2?family=Inconsolata&display=swap" rel="stylesheet">
+    <style>
+      body {
+        background-color: #f0f0f0;
+        color: white;
+        text-align: center;
+        font-family: 'Inconsolata', monospace;
+      }
+    
+      .main {
+        display: block;
+        position: relative;
+        margin: 50px auto 0 auto;
+        width: 600px;
+      }
+    
+      .main h1 {
+        font-size: 30px;
+        line-height: 60px;
+        color: #333;
+      }
+    
+      .box {
+        width: 400px;
+        display: flex;
+        border: 2px solid #000;
+        margin: 0 auto 15px;
+        text-align: center;
+        padding: 30px;
+        font-weight: bold;
+        border-radius: 10px;
+      }
+    
+      .error {
+        background-color: #EBB1B1;
+        border-color: #973939;
+        color: #973939;
+      }
+    </style>
+  </head>
+    <body>
+      <div class="main">
+        <h1>🚨 Don't call us, we'll call you!😸</h1>
+        <div class="box error">{{.Message}}</div>
+      </div>
+    </body>
+  </html>
+
 providers:
   - issuerURL: http://localhost:5556/dex
     callbackURI: http://localhost:8000/_authz/callback