Add build tag-based conditional rendering and endpoint access

In this update, build tags have been added to enable or disable certain endpoint accesses and UI rendering based on the build environment. Specifically, the "dev" build tag determines whether the device login button is displayed on the login page, and the "register2fa" build tag configures whether the 2FA endpoints are accessible. Making these features conditional improves the flexibility of customization based on the application's deployment environment.

Signed-off-by: Christian Roessner <[email protected]>

server/core/http.go

@@ -18,6 +18,7 @@ import (
 	"github.com/croessner/nauthilus/server/lualib"
 	"github.com/croessner/nauthilus/server/rediscli"
 	"github.com/croessner/nauthilus/server/stats"
+	"github.com/croessner/nauthilus/server/tags"
 	"github.com/croessner/nauthilus/server/util"
 	"github.com/gin-contrib/pprof"
 	"github.com/gin-contrib/sessions"
@@ -552,15 +553,17 @@ func setupHydraEndpoints(router *gin.Engine, store sessions.Store) {
 //
 //	setup2FAEndpoints(router, sessionStore)
 func setup2FAEndpoints(router *gin.Engine, sessionStore sessions.Store) {
-	group := router.Group(global.TwoFAv1Root)
+	if tags.Register2FA {
+		group := router.Group(global.TwoFAv1Root)
 
-	// This page handles the user login request to do a two-factor authentication
-	twoFactorGroup := routerGroup(viper.GetString("login_2fa_page"), group, sessionStore, loginGET2FAHandler, loginPOST2FAHandler)
-	twoFactorGroup.GET("/home", register2FAHomeHandler)
-	twoFactorGroup.GET("/home/:languageTag", register2FAHomeHandler)
+		// This page handles the user login request to do a two-factor authentication
+		twoFactorGroup := routerGroup(viper.GetString("login_2fa_page"), group, sessionStore, loginGET2FAHandler, loginPOST2FAHandler)
+		twoFactorGroup.GET("/home", register2FAHomeHandler)
+		twoFactorGroup.GET("/home/:languageTag", register2FAHomeHandler)
 
-	// This page handles the TOTP registration
-	routerGroup(viper.GetString("totp_page"), group, sessionStore, registerTotpGETHandler, registerTotpPOSTHandler)
+		// This page handles the TOTP registration
+		routerGroup(viper.GetString("totp_page"), group, sessionStore, registerTotpGETHandler, registerTotpPOSTHandler)
+	}
 }
 
 // setupStaticContent is a function that sets up the static content endpoints in the given Gin router.
@@ -632,12 +635,14 @@ func setupBackChannelEndpoints(router *gin.Engine) {
 // - A GET endpoint at the path "/register/begin" which is handled by the beginRegistration function.
 // - A POST endpoint at the path "/register/finish" which is handled by the finishRegistration function.
 func setupWebAuthnEndpoints(router *gin.Engine, sessionStore sessions.Store) {
-	group := router.Group(global.TwoFAv1Root)
+	if tags.IsDevelopment {
+		group := router.Group(global.TwoFAv1Root)
 
-	regGroup := group.Group(viper.GetString("webauthn_page"))
-	regGroup.Use(sessions.Sessions(global.SessionName, sessionStore))
-	regGroup.GET("/register/begin", beginRegistration)
-	regGroup.POST("/register/finish", finishRegistration)
+		regGroup := group.Group(viper.GetString("webauthn_page"))
+		regGroup.Use(sessions.Sessions(global.SessionName, sessionStore))
+		regGroup.GET("/register/begin", beginRegistration)
+		regGroup.POST("/register/finish", finishRegistration)
+	}
 }
 
 // waitForShutdown is a function that waits for the context to be done, then shuts down the provided http.Server.

server/core/hydra.go

@@ -16,6 +16,7 @@ import (
 	errors2 "github.com/croessner/nauthilus/server/errors"
 	"github.com/croessner/nauthilus/server/global"
 	"github.com/croessner/nauthilus/server/logging"
+	"github.com/croessner/nauthilus/server/tags"
 	"github.com/croessner/nauthilus/server/util"
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
@@ -53,6 +54,9 @@ type Language struct {
 }
 
 type LoginPageData struct {
+	// InDevelopment is a flag that is true, if the build-tag dev is used.
+	InDevelopment bool
+
 	// Determines if the Welcome message should be displayed
 	WantWelcome bool
 
@@ -1051,6 +1055,7 @@ func (a *ApiConfig) handleLoginNoSkip() {
 		LanguagePassive:     languagePassive,
 		CSRFToken:           a.csrfToken,
 		LoginChallenge:      a.challenge,
+		InDevelopment:       tags.IsDevelopment,
 	}
 
 	a.ctx.HTML(http.StatusOK, "login.html", loginData)

server/tags/dev.go

@@ -0,0 +1,5 @@
+//go:build dev
+
+package tags
+
+const IsDevelopment = true

server/tags/disableregistration.go

@@ -0,0 +1,5 @@
+//go:build !register2fa
+
+package tags
+
+const Register2FA = false

server/tags/enableregistration.go

@@ -0,0 +1,5 @@
+//go:build register2fa
+
+package tags
+
+const Register2FA = true

server/tags/prod.go

@@ -0,0 +1,5 @@
+//go:build !dev
+
+package tags
+
+const IsDevelopment = false

static/login.html

@@ -49,11 +49,15 @@ <h2 class="center">{{ .ApplicationName }}</h2>
                     <button type="submit" id="submit" name="submit" value="{{ .Submit }}" data-loginurl="{{ .PostLoginEndpoint }}/post">
                         {{ .Submit }}
                     </button>
+                    {{ if .InDevelopment }}
                     <p class="text center vs-5">{{ .Or }}</p>
                     <div class="vs-15"></div>
                     <button class="device" type="submit" id="device" name="device" value="{{ .Device }}" data-deviceurl="{{ .DeviceLoginEndpoint }}">
                         {{ .Device }}
                     </button>
+                    {{ else }}
+                    <div id="device" style="display: none;"></div>
+                    {{ end }}
                     <div class="vs-5"></div>
                     <input type="checkbox" id="remember" name="remember" value="on"/>
                     <label for="remember">{{ .Remember }}</label>