[PM-29239] Create proxy cookie redirect connector (#18476)

* Create a subfolder for platform-owned connectors and ensure it's included in the web builds

* Add platform as codeowner of apps/web/src/connectors/platform

* Create proxy-cookie-redirect connector

* Create section within CODEOWNERS for Web connectors

* Swap order of codeowners

* Use kebap-style route

* Update url to redirect to

* Add override to test locally

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

.github/CODEOWNERS

@@ -15,6 +15,10 @@ apps/desktop/desktop_native/core/src/secure_memory @bitwarden/team-key-managemen
 apps/desktop/desktop_native/Cargo.lock
 apps/desktop/desktop_native/Cargo.toml
 
+# Web connectors
+apps/web/src/connectors @bitwarden/team-auth-dev
+apps/web/src/connectors/platform @bitwarden/team-platform-dev
+
 ## Auth team files ##
 apps/browser/src/auth @bitwarden/team-auth-dev
 apps/cli/src/auth @bitwarden/team-auth-dev
@@ -22,8 +26,6 @@ apps/desktop/src/auth @bitwarden/team-auth-dev
 apps/web/src/app/auth @bitwarden/team-auth-dev
 libs/auth @bitwarden/team-auth-dev
 libs/user-core @bitwarden/team-auth-dev
-# web connectors used for auth
-apps/web/src/connectors @bitwarden/team-auth-dev
 bitwarden_license/bit-web/src/app/auth @bitwarden/team-auth-dev
 libs/angular/src/auth @bitwarden/team-auth-dev
 libs/common/src/auth @bitwarden/team-auth-dev

apps/web/src/connectors/platform/proxy-cookie-redirect.html

@@ -0,0 +1,29 @@
+<!doctype html>
+<html class="theme_light">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=1010" />
+    <meta name="theme-color" content="#175DDC" />
+
+    <title>Bitwarden Web vault</title>
+
+    <link rel="apple-touch-icon" sizes="180x180" href="../../images/icons/apple-touch-icon.png" />
+    <link rel="icon" type="image/png" sizes="32x32" href="../../images/icons/favicon-32x32.png" />
+    <link rel="icon" type="image/png" sizes="16x16" href="../../images/icons/favicon-16x16.png" />
+    <link rel="mask-icon" href="../../images/icons/safari-pinned-tab.svg" color="#175DDC" />
+    <link rel="manifest" href="../../manifest.json" />
+  </head>
+
+  <body class="layout_frontend">
+    <div class="tw-p-8 tw-flex">
+      <img class="new-logo-themed" alt="Bitwarden" />
+      <div class="spinner-container tw-justify-center">
+        <i
+          class="bwi bwi-spinner bwi-spin bwi-3x tw-text-muted"
+          title="Loading"
+          aria-hidden="true"
+        ></i>
+      </div>
+    </div>
+  </body>
+</html>

apps/web/src/connectors/platform/proxy-cookie-redirect.ts

@@ -0,0 +1,17 @@
+/**
+ * ONLY FOR SELF-HOSTED SETUPS
+ * Redirects the user to the SSO cookie vendor endpoint when the window finishes loading.
+ *
+ * This script listens for the window's load event and automatically redirects the browser
+ * to the `api/sso-cookie-vendor` path on the current origin. This is used as part
+ * of an authentication flow where cookies need to be set or validated through a vendor endpoint.
+ */
+window.addEventListener("DOMContentLoaded", () => {
+  const origin = window.location.origin;
+  let apiURL = `${window.location.origin}/api/sso-cookie-vendor`;
+  // Override for local testing
+  if (origin.startsWith("https://localhost")) {
+    apiURL = "http://localhost:4000/sso-cookie-vendor";
+  }
+  window.location.href = apiURL;
+});

apps/web/tsconfig.build.json

@@ -1,5 +1,5 @@
 {
   "extends": "./tsconfig.json",
   "files": ["src/polyfills.ts", "src/main.ts", "src/theme.ts"],
-  "include": ["src/connectors/*.ts"]
+  "include": ["src/connectors/*.ts", "src/connectors/platform/*.ts"]
 }

apps/web/tsconfig.json

@@ -4,5 +4,10 @@
     "strictTemplates": true
   },
   "files": ["src/polyfills.ts", "src/main.ts", "src/theme.ts"],
-  "include": ["src/connectors/*.ts", "src/**/*.stories.ts", "src/**/*.spec.ts"]
+  "include": [
+    "src/connectors/*.ts",
+    "src/connectors/platform/*.ts",
+    "src/**/*.stories.ts",
+    "src/**/*.spec.ts"
+  ]
 }

apps/web/webpack.base.js

@@ -166,6 +166,11 @@ module.exports.buildConfig = function buildConfig(params) {
       filename: "duo-redirect-connector.html",
       chunks: ["connectors/duo-redirect", "styles"],
     }),
+    new HtmlWebpackPlugin({
+      template: path.resolve(__dirname, "src/connectors/platform/proxy-cookie-redirect.html"),
+      filename: "proxy-cookie-redirect-connector.html",
+      chunks: ["connectors/platform/proxy-cookie-redirect", "styles"],
+    }),
     new HtmlWebpackPlugin({
       template: path.resolve(__dirname, "src/404.html"),
       filename: "404.html",
@@ -403,6 +408,10 @@ module.exports.buildConfig = function buildConfig(params) {
       "connectors/sso": path.resolve(__dirname, "src/connectors/sso.ts"),
       "connectors/duo-redirect": path.resolve(__dirname, "src/connectors/duo-redirect.ts"),
       "connectors/redirect": path.resolve(__dirname, "src/connectors/redirect.ts"),
+      "connectors/platform/proxy-cookie-redirect": path.resolve(
+        __dirname,
+        "src/connectors/platform/proxy-cookie-redirect.ts",
+      ),
       styles: [
         path.resolve(__dirname, "src/scss/styles.scss"),
         path.resolve(__dirname, "src/scss/tailwind.css"),

bitwarden_license/bit-web/tsconfig.build.json

@@ -9,5 +9,5 @@
 
     "../../bitwarden_license/bit-web/src/main.ts"
   ],
-  "include": ["../../apps/web/src/connectors/*.ts"]
+  "include": ["../../apps/web/src/connectors/*.ts", "../../apps/web/src/connectors/platform/*.ts"]
 }

bitwarden_license/bit-web/tsconfig.json

@@ -11,6 +11,7 @@
   ],
   "include": [
     "../../apps/web/src/connectors/*.ts",
+    "../../apps/web/src/connectors/platform/*.ts",
     "../../apps/web/src/**/*.stories.ts",
     "../../apps/web/src/**/*.spec.ts",
     "src/**/*.stories.ts",