Draft: web-ui root endpoint x-frame-options: deny header

qdrant · Jun 20, 2024 · 8a699db · 8a699db
1 parent dff5151
commit 8a699db
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 2 deletions.
diff --git a/src/actix/mod.rs b/src/actix/mod.rs
@@ -12,8 +12,10 @@ use std::sync::Arc;
 
 use ::api::grpc::models::{ApiResponse, ApiStatus, VersionInfo};
 use actix_cors::Cors;
+use actix_files::NamedFile;
 use actix_multipart::form::tempfile::TempFileConfig;
 use actix_multipart::form::MultipartFormConfig;
+use actix_web::http::header::{self, HeaderValue};
 use actix_web::middleware::{Compress, Condition, Logger};
 use actix_web::{error, get, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
 use actix_web_extras::middleware::Condition as ConditionEx;
@@ -47,6 +49,35 @@ use crate::tracing::LoggerHandle;
 const DEFAULT_STATIC_DIR: &str = "./static";
 const WEB_UI_PATH: &str = "/dashboard";
 
+struct WebUISettings {
+    static_folder: String,
+}
+
+impl WebUISettings {
+    pub fn new(static_folder: String) -> Self {
+        Self { static_folder }
+    }
+}
+
+async fn web_ui_index(
+    req: HttpRequest,
+    web_ui_settings: web::Data<WebUISettings>,
+) -> impl Responder {
+    match NamedFile::open(
+        Path::new(&web_ui_settings.static_folder)
+            .join("index.html")
+            .as_path(),
+    ) {
+        Ok(file) => {
+            let mut res = file.respond_to(&req);
+            res.headers_mut()
+                .insert(header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY"));
+            res
+        }
+        Err(err) => HttpResponse::from_error(err),
+    }
+}
+
 #[get("/")]
 pub async fn index() -> impl Responder {
     HttpResponse::Ok().json(VersionInfo::default())
@@ -183,7 +214,22 @@ pub fn init(
 
             if web_ui_available {
                 app = app.service(
-                    actix_files::Files::new(WEB_UI_PATH, &static_folder).index_file("index.html"),
+                    actix_web::web::scope(WEB_UI_PATH)
+                        .app_data(actix_web::web::Data::new(WebUISettings::new(
+                            static_folder.to_owned(),
+                        )))
+                        .service(
+                            actix_web::web::resource("")
+                                .route(actix_web::web::get().to(web_ui_index)),
+                        )
+                        .service(
+                            actix_web::web::resource("/")
+                                .route(actix_web::web::get().to(web_ui_index)),
+                        )
+                        .service(
+                            actix_files::Files::new("/", &static_folder)
+                                .path_filter(|path, _| Path::new("index.html").ne(path)),
+                        ),
                 )
             }
             app

diff --git a/tools/sync-web-ui.sh b/tools/sync-web-ui.sh
@@ -10,7 +10,12 @@ OPENAPI_FILE=${OPENAPI_DIR:-"./docs/redoc/master/openapi.json"}
 # Get latest dist.zip, assume jq is installed
 DOWNLOAD_LINK=$(curl --silent "https://api.github.com/repos/qdrant/qdrant-web-ui/releases/latest" | jq -r '.assets[] | select(.name=="dist-qdrant.zip") | .browser_download_url')
 
-wget -O dist-qdrant.zip $DOWNLOAD_LINK
+if command -v wget &> /dev/null
+then
+    wget -O dist-qdrant.zip $DOWNLOAD_LINK
+else
+    curl -L -o dist-qdrant.zip $DOWNLOAD_LINK
+fi
 
 rm -rf "${STATIC_DIR}/"*
 unzip -o dist-qdrant.zip -d "${STATIC_DIR}"