From 182850ee4401a79f283ddf04f2907cac8d36c672 Mon Sep 17 00:00:00 2001
From: Marcel Jacek <Marcel.Jacek@stackit.cloud>
Date: Fri, 21 Mar 2025 15:25:44 +0100
Subject: [PATCH 1/4] add new STACKIT logo

---
 .../pkg/auth/templates/login-successful.html    |  2 +-
 .../auth/templates/stackit_nav_logo_light.svg   | 11 +++++++++++
 internal/pkg/auth/user_login.go                 | 17 ++++++++++++++++-
 3 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 internal/pkg/auth/templates/stackit_nav_logo_light.svg

diff --git a/internal/pkg/auth/templates/login-successful.html b/internal/pkg/auth/templates/login-successful.html
index 45cf2721c..1e312e5cb 100644
--- a/internal/pkg/auth/templates/login-successful.html
+++ b/internal/pkg/auth/templates/login-successful.html
@@ -271,7 +271,7 @@
       <div class="logo m-5">
         <img
           alt="logo"
-          src="https://cdn.apps.01.cf.eu01.stackit.cloud/assets/img/logo_inverted.svg"
+          src="/stackit_nav_logo_light.svg"
         />
       </div>
 
diff --git a/internal/pkg/auth/templates/stackit_nav_logo_light.svg b/internal/pkg/auth/templates/stackit_nav_logo_light.svg
new file mode 100644
index 000000000..5da793e0b
--- /dev/null
+++ b/internal/pkg/auth/templates/stackit_nav_logo_light.svg
@@ -0,0 +1,11 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="134" height="22" viewBox="0 0 134 22" fill="none">
+  <path d="M51.8688 7.7353H56.5271V19.5377H58.7301V7.7353H63.3701V5.66113H51.8688V7.7353Z" fill="#045462"/>
+  <path d="M105.743 5.66113H103.179L99.5725 11.7845L99.0287 12.6243L99.5695 13.4324L103.403 19.5377H106.004L101.578 12.5543L105.743 5.66113Z" fill="#045462"/>
+  <path d="M115.626 5.66113H113.423V19.5377H115.626V5.66113Z" fill="#045462"/>
+  <path d="M71.6047 5.66113L66.512 19.5377H68.8528L70.4394 15.0946L70.803 14.0035L72.5345 9.30638C72.5588 9.23906 72.5846 9.16482 72.6117 9.08374C72.6387 9.16458 72.6643 9.23857 72.6886 9.30535L76.372 19.5377H78.711L73.6183 5.66113H71.6047Z" fill="#045462"/>
+  <path d="M43.4819 11.5343L43.4815 11.5342C42.0538 10.9305 40.9263 10.4537 40.9263 9.34981C40.9263 8.48396 41.7711 7.58832 43.185 7.58832C44.6498 7.58832 45.6877 8.55392 45.697 8.56263L46.1236 8.97288L47.2281 7.08866L46.981 6.83397C46.9257 6.77702 45.5991 5.44043 43.185 5.44043C40.6623 5.44043 38.6864 7.17389 38.6864 9.38682C38.6864 11.8048 40.7739 12.7055 42.4515 13.4292C43.9586 14.0795 45.1491 14.593 45.1491 15.8311C45.1491 16.8792 44.2808 17.6111 43.0376 17.6111C41.2408 17.6111 39.9987 16.3496 39.9874 16.338L39.6129 15.945L38.2911 17.6541L38.5447 17.9434C38.6098 18.0175 40.175 19.7588 43.0009 19.7588C45.5846 19.7588 47.3892 18.1285 47.3892 15.7942C47.3892 13.1866 45.2227 12.2705 43.4819 11.5343Z" fill="#045462"/>
+  <path d="M121.874 5.66113V7.7353H126.532V19.5377H128.735V7.7353H133.375V5.66113H121.874Z" fill="#045462"/>
+  <path d="M88.7669 7.55261C90.9381 7.55261 92.3296 8.84727 92.3433 8.86016L92.7278 9.23026L93.9343 7.54754L93.6755 7.2652C93.5001 7.07846 91.8703 5.44043 88.7296 5.44043C84.932 5.44043 82.0455 8.28642 81.8569 12.1203H81.8386V12.4623C81.8386 12.4716 81.8399 12.4804 81.8399 12.4897C81.8399 12.499 81.8386 12.5079 81.8386 12.5171V12.8592H81.8569C82.0455 16.693 84.932 19.539 88.7296 19.539C91.8675 19.539 93.4997 17.9012 93.6777 17.712L93.9343 17.4319L92.7275 15.7489L92.3435 16.1192C92.3296 16.1322 90.9381 17.4268 88.7669 17.4268C86.0973 17.4268 84.0837 15.3051 84.0784 12.4897C84.0837 9.67437 86.0973 7.55261 88.7669 7.55261Z" fill="#045462"/>
+  <path d="M7.67387 0L4.99689 12.5446H11.6895L13.1299 5.79617H28.6337L29.8703 0H7.67387Z" fill="#045462"/>
+  <path d="M18.2405 9.41699L16.7919 16.2043H1.23623L0 22.0004H22.2476L24.9331 9.41699H18.2405Z" fill="#045462"/>
+</svg>
\ No newline at end of file
diff --git a/internal/pkg/auth/user_login.go b/internal/pkg/auth/user_login.go
index b8a706a51..2c4dbaf61 100644
--- a/internal/pkg/auth/user_login.go
+++ b/internal/pkg/auth/user_login.go
@@ -30,6 +30,8 @@ const (
 	stackitLandingPage      = "https://www.stackit.de"
 	htmlTemplatesPath       = "templates"
 	loginSuccessfulHTMLFile = "login-successful.html"
+	logoPath                = "/stackit_nav_logo_light.svg"
+	logoSVGFilePath         = "stackit_nav_logo_light.svg"
 
 	// The IDP doesn't support wildcards for the port,
 	// so we configure a range of ports from 8000 to 8020
@@ -208,7 +210,6 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 	})
 
 	mux.HandleFunc(loginSuccessPath, func(w http.ResponseWriter, _ *http.Request) {
-		defer cleanup(server)
 
 		email, err := GetAuthField(USER_EMAIL)
 		if err != nil {
@@ -232,6 +233,20 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 		}
 	})
 
+	mux.HandleFunc(logoPath, func(w http.ResponseWriter, _ *http.Request) {
+		defer cleanup(server)
+
+		img, err := htmlContent.ReadFile(path.Join(htmlTemplatesPath, logoSVGFilePath))
+		if err != nil {
+			errServer = fmt.Errorf("read logo file: %w", err)
+		}
+		w.Header().Set("Content-Type", "image/svg+xml")
+		_, err = w.Write(img)
+		if err != nil {
+			return
+		}
+	})
+
 	p.Debug(print.DebugLevel, "opening browser for authentication: %s", authorizationURL)
 	p.Debug(print.DebugLevel, "using authentication server on %s", idpWellKnownConfig.Issuer)
 	p.Debug(print.DebugLevel, "using client ID %s for authentication ", idpClientID)

From 97ce2f76ded987b8b866c07782cd21e15c627bec Mon Sep 17 00:00:00 2001
From: Marcel Jacek <Marcel.Jacek@stackit.cloud>
Date: Fri, 21 Mar 2025 15:37:07 +0100
Subject: [PATCH 2/4] fix linter

---
 internal/pkg/auth/user_login.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/internal/pkg/auth/user_login.go b/internal/pkg/auth/user_login.go
index 2c4dbaf61..a3d7deab2 100644
--- a/internal/pkg/auth/user_login.go
+++ b/internal/pkg/auth/user_login.go
@@ -210,7 +210,6 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 	})
 
 	mux.HandleFunc(loginSuccessPath, func(w http.ResponseWriter, _ *http.Request) {
-
 		email, err := GetAuthField(USER_EMAIL)
 		if err != nil {
 			errServer = fmt.Errorf("read user email: %w", err)

From 05e75936ce0c0175d52eda523a55483693c88ea9 Mon Sep 17 00:00:00 2001
From: Marcel Jacek <Marcel.Jacek@stackit.cloud>
Date: Fri, 21 Mar 2025 17:08:38 +0100
Subject: [PATCH 3/4] add logo as base64 to the login-successful.html instead
 of adding an extra handleFunc - add go:embed - removed unused variables

---
 .../pkg/auth/templates/login-successful.html  |  2 +-
 internal/pkg/auth/user_login.go               | 51 +++++++++----------
 2 files changed, 24 insertions(+), 29 deletions(-)

diff --git a/internal/pkg/auth/templates/login-successful.html b/internal/pkg/auth/templates/login-successful.html
index 1e312e5cb..d8519cad0 100644
--- a/internal/pkg/auth/templates/login-successful.html
+++ b/internal/pkg/auth/templates/login-successful.html
@@ -271,7 +271,7 @@
       <div class="logo m-5">
         <img
           alt="logo"
-          src="/stackit_nav_logo_light.svg"
+          src="data:image/svg+xml;base64,{{.Logo}}"
         />
       </div>
 
diff --git a/internal/pkg/auth/user_login.go b/internal/pkg/auth/user_login.go
index a3d7deab2..6c09d69da 100644
--- a/internal/pkg/auth/user_login.go
+++ b/internal/pkg/auth/user_login.go
@@ -1,7 +1,8 @@
 package auth
 
 import (
-	"embed"
+	_ "embed"
+	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -11,7 +12,6 @@ import (
 	"net/http"
 	"os"
 	"os/exec"
-	"path"
 	"runtime"
 	"strconv"
 	"strings"
@@ -26,12 +26,7 @@ const (
 	defaultWellKnownConfig = "https://accounts.stackit.cloud/.well-known/openid-configuration"
 	defaultCLIClientID     = "stackit-cli-0000-0000-000000000001"
 
-	loginSuccessPath        = "/login-successful"
-	stackitLandingPage      = "https://www.stackit.de"
-	htmlTemplatesPath       = "templates"
-	loginSuccessfulHTMLFile = "login-successful.html"
-	logoPath                = "/stackit_nav_logo_light.svg"
-	logoSVGFilePath         = "stackit_nav_logo_light.svg"
+	loginSuccessPath = "/login-successful"
 
 	// The IDP doesn't support wildcards for the port,
 	// so we configure a range of ports from 8000 to 8020
@@ -39,11 +34,15 @@ const (
 	configuredPortRange = 20
 )
 
-//go:embed templates/*
-var htmlContent embed.FS
+//go:embed templates/login-successful.html
+var htmlTemplateContent string
 
-type User struct {
+//go:embed templates/stackit_nav_logo_light.svg
+var logoSvgContent []byte
+
+type InputValues struct {
 	Email string
+	Logo  string
 }
 
 type apiClient interface {
@@ -210,42 +209,31 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 	})
 
 	mux.HandleFunc(loginSuccessPath, func(w http.ResponseWriter, _ *http.Request) {
+		defer cleanup(server)
+
 		email, err := GetAuthField(USER_EMAIL)
 		if err != nil {
 			errServer = fmt.Errorf("read user email: %w", err)
 		}
 
-		user := User{
+		input := InputValues{
 			Email: email,
+			Logo:  base64Encode(logoSvgContent),
 		}
 
 		// ParseFS expects paths using forward slashes, even on Windows
 		// See: https://github.com/golang/go/issues/44305#issuecomment-780111748
-		htmlTemplate, err := template.ParseFS(htmlContent, path.Join(htmlTemplatesPath, loginSuccessfulHTMLFile))
+		htmlTemplate, err := template.New("loginSuccess").Parse(htmlTemplateContent)
 		if err != nil {
 			errServer = fmt.Errorf("parse html file: %w", err)
 		}
 
-		err = htmlTemplate.Execute(w, user)
+		err = htmlTemplate.Execute(w, input)
 		if err != nil {
 			errServer = fmt.Errorf("render page: %w", err)
 		}
 	})
 
-	mux.HandleFunc(logoPath, func(w http.ResponseWriter, _ *http.Request) {
-		defer cleanup(server)
-
-		img, err := htmlContent.ReadFile(path.Join(htmlTemplatesPath, logoSVGFilePath))
-		if err != nil {
-			errServer = fmt.Errorf("read logo file: %w", err)
-		}
-		w.Header().Set("Content-Type", "image/svg+xml")
-		_, err = w.Write(img)
-		if err != nil {
-			return
-		}
-	})
-
 	p.Debug(print.DebugLevel, "opening browser for authentication: %s", authorizationURL)
 	p.Debug(print.DebugLevel, "using authentication server on %s", idpWellKnownConfig.Issuer)
 	p.Debug(print.DebugLevel, "using client ID %s for authentication ", idpClientID)
@@ -272,6 +260,13 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 	return nil
 }
 
+// base64Encode encodes a []byte to a base64 representation as string
+func base64Encode(message []byte) string {
+	b := make([]byte, base64.StdEncoding.EncodedLen(len(message)))
+	base64.StdEncoding.Encode(b, message)
+	return string(b)
+}
+
 // getUserAccessAndRefreshTokens trades the authorization code retrieved from the first OAuth2 leg for an access token and a refresh token
 func getUserAccessAndRefreshTokens(idpWellKnownConfig *wellKnownConfig, clientID, codeVerifier, authorizationCode, callbackURL string) (accessToken, refreshToken string, err error) {
 	// Set form-encoded data for the POST to the access token endpoint

From de33ef8be6f7e9a856b316d291e81337c70c9d0e Mon Sep 17 00:00:00 2001
From: Marcel Jacek <Marcel.Jacek@stackit.cloud>
Date: Fri, 21 Mar 2025 17:16:27 +0100
Subject: [PATCH 4/4] move base64Encode function to utils

---
 internal/pkg/auth/user_login.go | 11 ++---------
 internal/pkg/utils/utils.go     |  8 ++++++++
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/internal/pkg/auth/user_login.go b/internal/pkg/auth/user_login.go
index 6c09d69da..8ac94743e 100644
--- a/internal/pkg/auth/user_login.go
+++ b/internal/pkg/auth/user_login.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	_ "embed"
-	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -17,6 +16,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/stackitcloud/stackit-cli/internal/pkg/utils"
 	"golang.org/x/oauth2"
 
 	"github.com/stackitcloud/stackit-cli/internal/pkg/print"
@@ -218,7 +218,7 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 
 		input := InputValues{
 			Email: email,
-			Logo:  base64Encode(logoSvgContent),
+			Logo:  utils.Base64Encode(logoSvgContent),
 		}
 
 		// ParseFS expects paths using forward slashes, even on Windows
@@ -260,13 +260,6 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
 	return nil
 }
 
-// base64Encode encodes a []byte to a base64 representation as string
-func base64Encode(message []byte) string {
-	b := make([]byte, base64.StdEncoding.EncodedLen(len(message)))
-	base64.StdEncoding.Encode(b, message)
-	return string(b)
-}
-
 // getUserAccessAndRefreshTokens trades the authorization code retrieved from the first OAuth2 leg for an access token and a refresh token
 func getUserAccessAndRefreshTokens(idpWellKnownConfig *wellKnownConfig, clientID, codeVerifier, authorizationCode, callbackURL string) (accessToken, refreshToken string, err error) {
 	// Set form-encoded data for the POST to the access token endpoint
diff --git a/internal/pkg/utils/utils.go b/internal/pkg/utils/utils.go
index a8b2a31b3..5649155cd 100644
--- a/internal/pkg/utils/utils.go
+++ b/internal/pkg/utils/utils.go
@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"encoding/base64"
 	"fmt"
 	"net/url"
 	"strings"
@@ -116,3 +117,10 @@ func PtrByteSizeDefault(size *int64, defaultValue string) string {
 	}
 	return bytesize.New(float64(*size)).String()
 }
+
+// Base64Encode encodes a []byte to a base64 representation as string
+func Base64Encode(message []byte) string {
+	b := make([]byte, base64.StdEncoding.EncodedLen(len(message)))
+	base64.StdEncoding.Encode(b, message)
+	return string(b)
+}