outpost/proxy: use common template for proxy error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/outpost/proxy/proxy.go

@@ -22,6 +22,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/providers"
 	"goauthentik.io/api"
 	"goauthentik.io/internal/utils/web"
+	staticWeb "goauthentik.io/web"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -255,11 +256,18 @@ func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		p.AuthenticateOnly(rw, req)
 	case path == p.UserInfoPath:
 		p.UserInfo(rw, req)
+	case strings.HasPrefix(path, fmt.Sprintf("%s/static", p.ProxyPrefix)):
+		p.ServeStatic(rw, req)
 	default:
 		p.Proxy(rw, req)
 	}
 }
 
+func (p *OAuthProxy) ServeStatic(rw http.ResponseWriter, req *http.Request) {
+	staticFs := http.FileServer(http.FS(staticWeb.StaticDist))
+	http.StripPrefix(fmt.Sprintf("%s/static", p.ProxyPrefix), staticFs).ServeHTTP(rw, req)
+}
+
 //UserInfo endpoint outputs session email and preferred username in JSON format
 func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
 

internal/outpost/proxy/templates.go

@@ -4,25 +4,11 @@ import (
 	"html/template"
 
 	log "github.com/sirupsen/logrus"
+	"goauthentik.io/internal/outpost/proxy/templates"
 )
 
 func getTemplates() *template.Template {
-	t, err := template.New("foo").Parse(`{{define "error.html"}}
+	t, err := template.New("foo").Parse(templates.ErrorTemplate)
-<!DOCTYPE html>
-<html lang="en" charset="utf-8">
-<head>
-	<title>{{.Title}}</title>
-	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
-	<style>* { font-family: sans-serif; }</style>
-</head>
-<body>
-	<h2>{{.Title}}</h2>
-	<p>{{.Message}}</p>
-	<hr>
-	<p><a href="{{.ProxyPrefix}}/sign_in">Sign In</a></p>
-	<p>Powered by <a href="https://goauthentik.io">authentik</a></p>
-</body>
-</html>{{end}}`)
 	if err != nil {
 		log.Fatalf("failed parsing template %s", err)
 	}

internal/outpost/proxy/templates/error.html

@@ -0,0 +1,65 @@
+{{define "error.html"}}<!DOCTYPE html>
+
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+        <title>{{.Title}}</title>
+        <link rel="shortcut icon" type="image/png" href="/akprox/static/dist/assets/icons/icon.png">
+        <link rel="stylesheet" type="text/css" href="/akprox/static/dist/patternfly.min.css">
+        <link rel="stylesheet" type="text/css" href="/akprox/static/dist/authentik.css">
+        <style>
+            .pf-c-background-image::before {
+                --ak-flow-background: url("/akprox/static/dist/assets/images/flow_background.jpg");
+            }
+        </style>
+    </head>
+    <body>
+        <div class="pf-c-background-image">
+            <svg xmlns="http://www.w3.org/2000/svg" class="pf-c-background-image__filter" width="0" height="0">
+                <filter id="image_overlay">
+                    <feColorMatrix in="SourceGraphic" type="matrix" values="1.3 0 0 0 0 0 1.3 0 0 0 0 0 1.3 0 0 0 0 0 1 0" />
+                    <feComponentTransfer color-interpolation-filters="sRGB" result="duotone">
+                        <feFuncR type="table" tableValues="0.086274509803922 0.43921568627451"></feFuncR>
+                        <feFuncG type="table" tableValues="0.086274509803922 0.43921568627451"></feFuncG>
+                        <feFuncB type="table" tableValues="0.086274509803922 0.43921568627451"></feFuncB>
+                        <feFuncA type="table" tableValues="0 1"></feFuncA>
+                    </feComponentTransfer>
+                </filter>
+            </svg>
+        </div>
+        <div class="pf-c-login">
+            <div class="ak-login-container">
+                <header class="pf-c-login__header">
+                    <div class="pf-c-brand ak-brand">
+                        <img src="/akprox/static/dist/assets/icons/icon_left_brand.svg" alt="authentik icon" />
+                    </div>
+                </header>
+                <main class="pf-c-login__main">
+                    <header class="pf-c-login__main-header">
+                        <h1 class="pf-c-title pf-m-3xl">
+                            {{ .Title }}
+                        </h1>
+                    </header>
+                    <div class="pf-c-login__main-body">
+                        {{ .Message }}
+                    </div>
+                    <div class="pf-c-login__main-body">
+                        <a href="/" class="pf-c-button pf-m-primary pf-m-block">Go to home</a>
+                    </div>
+                </main>
+                <footer class="pf-c-login__footer">
+                    <p></p>
+                    <ul class="pf-c-list pf-m-inline">
+                        <li>
+                            <a href="https://goauthentik.io">
+                                Powered by authentik
+                            </a>
+                        </li>
+                    </ul>
+                </footer>
+            </div>
+        </div>
+    </body>
+</html>
+{{end}}

internal/outpost/proxy/templates/templates.go

@@ -0,0 +1,6 @@
+package templates
+
+import _ "embed"
+
+//go:embed error.html
+var ErrorTemplate string

proxy.Dockerfile

@@ -13,12 +13,24 @@ RUN	docker-entrypoint.sh generate \
     --additional-properties=packageName=api,enumClassPrefix=true,useOneOfDiscriminatorLookup=true && \
     rm -f /local/api/go.mod /local/api/go.sum
 
+# Stage 2: Build website
+FROM node as web-builder
+
+COPY ./web /static/
+
+ENV NODE_ENV=production
+RUN cd /static && npm i && npm run build
+
 # Stage 2: Build
 FROM golang:1.17.0 AS builder
 
 WORKDIR /go/src/goauthentik.io
 
 COPY . .
+COPY --from=web-builder /static/robots.txt /work/web/robots.txt
+COPY --from=web-builder /static/security.txt /work/web/security.txt
+COPY --from=web-builder /static/dist/ /work/web/dist/
+COPY --from=web-builder /static/authentik/ /work/web/authentik/
 COPY --from=api-builder /local/api api
 
 RUN go build -o /go/proxy ./cmd/proxy