kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-09 11:47:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup

Browse Source 
Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink.

Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN.

Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css.

CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush.

BREAKING CHANGE: role names changed; replace includes and references accordingly.

Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-01 10:10:23 +02:00
parent 3f8e7c1733
commit 231fd567b3
123 changed files with 1789 additions and 1393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
roles/sys-front-inj-logout/README.md Normal file
View File

@@ -0,0 +1,29 @@
# sys-front-inj-logout
This role injects a catcher that intercepts all logout elements in HTML pages served by Nginx and redirects them to a centralized logout endpoint via JavaScript.
## Description
The `sys-front-inj-logout` Ansible role automatically embeds a lightweight JavaScript snippet into your web application's HTML responses. This script identifies logout links, buttons, forms, and other elements, overrides their target URLs, and ensures users are redirected to a central OIDC logout endpoint, providing a consistent single signout experience.
## Overview
- **Detection**: Scans the DOM for anchors (`<a>`), buttons, inputs, forms, `use` elements and any attributes indicating logout functionality.
- **Override**: Rewrites logout URLs to point at your OIDC providers logout endpoint, including a redirect back to the application.
- **Dynamic content support**: Uses a `MutationObserver` to handle AJAXloaded or dynamically injected logout elements.
- **CSP integration**: Automatically appends the required script hash into your CSP policy via the roles CSP helper.
## Features
- Seamless injection via Nginx `sub_filter` on `</head>`.
- Automatic detection of various logout mechanisms (links, buttons, forms).
- Centralized logout redirection for a unified user experience.
- No changes required in application code.
- Compatible with SPAs and dynamically generated content.
- CSPfriendly: manages script hash for you.
## Further Resources
- [OpenID Connect RP-Initiated Logout](https://openid.net/specs/openid-connect-session-1_0.html#RPLogout)
- [Nginx `sub_filter` Module](http://nginx.org/en/docs/http/ngx_http_sub_module.html)
- [Ansible Role Directory Structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_roles.html#role-directory-structure)