feat(adminmonitor): redirect to timeout page if admin is not created in 5 mins [EE-2691] (#6688)

This PR solves the issue that the Portainer instance will be always accessible in certain cases, like `restart: always` setting with docker run, even if the administrator is not created in the first 5 minutes. The solution is that the user will be redirected to a timeout page when any actions, such as refresh the page and click button, are made after administrator initialisation window(5 minutes) timeout.
2025-07-19 13:29:41 +02:00 · 2022-04-05 16:29:57 +12:00 · 2022-04-05 16:29:57 +12:00 · 2059a9e064
commit 2059a9e064
parent 167825ff3f
9 changed files with 147 additions and 33 deletions
--- a/api/http/handler/file/handler.go
+++ b/api/http/handler/file/handler.go
@ -10,14 +10,16 @@ import (
 // Handler represents an HTTP API handler for managing static files.
 type Handler struct {
 	http.Handler
+	wasInstanceDisabled func() bool
 }

 // NewHandler creates a handler to serve static files.
-func NewHandler(assetPublicPath string) *Handler {
+func NewHandler(assetPublicPath string, wasInstanceDisabled func() bool) *Handler {
 	h := &Handler{
 		Handler: handlers.CompressHandler(
 			http.FileServer(http.Dir(assetPublicPath)),
 		),
+		wasInstanceDisabled: wasInstanceDisabled,
 	}

 	return h
@ -33,6 +35,18 @@ func isHTML(acceptContent []string) bool {
 }

 func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if handler.wasInstanceDisabled() {
+		if r.RequestURI == "/" || r.RequestURI == "/index.html" {
+			http.Redirect(w, r, "/timeout.html", http.StatusTemporaryRedirect)
+			return
+		}
+	} else {
+		if strings.HasPrefix(r.RequestURI, "/timeout.html") {
+			http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
+			return
+		}
+	}
+
 	if !isHTML(r.Header["Accept"]) {
 		w.Header().Set("Cache-Control", "max-age=31536000")
 	} else {
--- a/api/http/server.go
+++ b/api/http/server.go
@ -176,7 +176,7 @@ func (server *Server) Start() error {

 	var kubernetesHandler = kubehandler.NewHandler(requestBouncer, server.AuthorizationService, server.DataStore, server.JWTService, server.KubeClusterAccessService, server.KubernetesClientFactory)

-	var fileHandler = file.NewHandler(filepath.Join(server.AssetsPath, "public"))
+	var fileHandler = file.NewHandler(filepath.Join(server.AssetsPath, "public"), adminMonitor.WasInstanceDisabled)

 	var endpointHelmHandler = helm.NewHandler(requestBouncer, server.DataStore, server.JWTService, server.KubernetesDeployer, server.HelmPackageManager, server.KubeClusterAccessService)

@ -300,8 +300,7 @@ func (server *Server) Start() error {
 		WebhookHandler:         webhookHandler,
 	}

-	handler := offlineGate.WaitingMiddleware(time.Minute, server.Handler)
-
+	handler := adminMonitor.WithRedirect(offlineGate.WaitingMiddleware(time.Minute, server.Handler))
 	if server.HTTPEnabled {
 		go func() {
 			log.Printf("[INFO] [http,server] [message: starting HTTP server on port %s]", server.BindAddress)