feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup

Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink. Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN. Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css. CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush. BREAKING CHANGE: role names changed; replace includes and references accordingly. Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d
2025-09-10 04:25:20 +02:00 · 2025-09-01 10:10:23 +02:00
parent 3f8e7c1733
commit 231fd567b3
123 changed files with 1789 additions and 1393 deletions
--- a/roles/sys-front-inj-logout/tasks/01_core.yml
+++ b/roles/sys-front-inj-logout/tasks/01_core.yml
@@ -0,0 +1,8 @@
+- name: Include dependency 'srv-core'
+  include_role:
+    name: srv-core
+  when: 
+    - run_once_srv_core is not defined
+  
+- name: "deploy the logout.js"
+  include_tasks: "02_deploy.yml"
--- a/roles/sys-front-inj-logout/tasks/02_deploy.yml
+++ b/roles/sys-front-inj-logout/tasks/02_deploy.yml
@@ -0,0 +1,16 @@
+- name: Deploy logout.js
+  template:
+    src: logout.js.j2
+    dest: "{{ INJ_LOGOUT_JS_DESTINATION }}"
+    owner: "{{ NGINX.USER }}"
+    group: "{{ NGINX.USER }}"
+    mode: '0644'
+
+- name: Get stat for logout.js
+  stat:
+    path: "{{ INJ_LOGOUT_JS_DESTINATION }}"
+  register: INJ_LOGOUT_JS_STAT
+
+- name: Set INJ_LOGOUT_JS_VERSION
+  set_fact:
+    INJ_LOGOUT_JS_VERSION: "{{ INJ_LOGOUT_JS_STAT.stat.mtime }}"
--- a/roles/sys-front-inj-logout/tasks/main.yml
+++ b/roles/sys-front-inj-logout/tasks/main.yml
@@ -0,0 +1,19 @@
+- block:
+  - include_tasks: 01_core.yml
+  - set_fact:
+      run_once_sys_front_inj_logout: true
+  when: run_once_sys_front_inj_logout is not defined
+
+- name: "Load logout code for '{{ application_id }}'"
+  set_fact:
+    logout_code: "{{ lookup('template', 'logout_one_liner.js.j2') }}"
+
+- name: "Collapse logout code into one-liner for '{{ application_id }}'"
+  set_fact:
+    logout_code_one_liner: "{{ logout_code | to_one_liner }}"
+
+- name: "Append logout CSP hash for '{{ application_id }}'"
+  set_fact:
+    applications: "{{ applications | append_csp_hash(application_id, logout_code_one_liner) }}"
+  changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"