Add option for custom logos on the sign in page

2025-08-08 22:46:33 +02:00 · 2021-02-18 19:13:27 +00:00
parent ad2d7b1ae7
commit 23e545a639
10 changed files with 220 additions and 38 deletions
--- a/pkg/app/pagewriter/sign_in_page.go
+++ b/pkg/app/pagewriter/sign_in_page.go
@ -1,12 +1,24 @@
 package pagewriter

 import (
+	// Import embed to allow importing default logo
+	_ "embed"
+
+	"encoding/base64"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
 	"html/template"
 	"net/http"

 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
 )

+//go:embed default_logo.svg
+var defaultLogoData string
+
 // signInPageWriter is used to render sign-in pages.
 type signInPageWriter struct {
 	// Template is the sign-in page HTML template.
@ -33,6 +45,10 @@ type signInPageWriter struct {

 	// DisplayLoginForm determines whether or not the basic auth password form is displayed on the sign-in page.
 	displayLoginForm bool
+
+	// LogoData is the logo to render in the template.
+	// This should contain valid html.
+	logoData string
 }

 // WriteSignInPage writes the sign-in page to the given response writer.
@ -48,6 +64,7 @@ func (s *signInPageWriter) WriteSignInPage(rw http.ResponseWriter, redirectURL s
 		Version       string
 		ProxyPrefix   string
 		Footer        template.HTML
+		LogoData      template.HTML
 	}{
 		ProviderName:  s.providerName,
 		SignInMessage: template.HTML(s.signInMessage),
@ -56,6 +73,7 @@ func (s *signInPageWriter) WriteSignInPage(rw http.ResponseWriter, redirectURL s
 		Version:       s.version,
 		ProxyPrefix:   s.proxyPrefix,
 		Footer:        template.HTML(s.footer),
+		LogoData:      template.HTML(s.logoData),
 	}

 	err := s.template.Execute(rw, t)
@ -64,3 +82,42 @@ func (s *signInPageWriter) WriteSignInPage(rw http.ResponseWriter, redirectURL s
 		s.errorPageWriter.WriteErrorPage(rw, http.StatusInternalServerError, redirectURL, err.Error())
 	}
 }
+
+// loadCustomLogo loads the logo file from the path and encodes it to an HTML
+// entity. If no custom logo is provided, the OAuth2 Proxy Icon is used instead.
+func loadCustomLogo(logoPath string) (string, error) {
+	if logoPath == "" {
+		// The default logo is an SVG so this will be valid to just return.
+		return defaultLogoData, nil
+	}
+
+	if logoPath == "-" {
+		// Return no logo when the custom logo is set to `-`.
+		// This disables the logo rendering.
+		return "", nil
+	}
+
+	logoData, err := os.ReadFile(logoPath)
+	if err != nil {
+		return "", fmt.Errorf("could not read logo file: %v", err)
+	}
+
+	extension := strings.ToLower(filepath.Ext(logoPath))
+	switch extension {
+	case ".svg":
+		return string(logoData), nil
+	case ".jpg", ".jpeg":
+		return encodeImg(logoData, "jpeg"), nil
+	case ".png":
+		return encodeImg(logoData, "png"), nil
+	default:
+		return "", fmt.Errorf("unknown extension: %q, supported extensions are .svg, .jpg, .jpeg and .png", extension)
+	}
+}
+
+// encodeImg takes the raw image data and converts it to an HTML Img tag with
+// a base64 data source.
+func encodeImg(data []byte, format string) string {
+	b64Data := base64.StdEncoding.EncodeToString(data)
+	return fmt.Sprintf("<img src=\"data:image/%s;base64,%s\" alt=\"Logo\" />", format, b64Data)
+}