Skip to content

Commit

Permalink
feat: add routes, auth check
Browse files Browse the repository at this point in the history
- scram router module for authentication, logout, and auth check
- no op for no auth
- extend auth support to provide additional functions to all modules
for checking auth, logging out

Contributes-to: strimzi#106

Signed-off-by: Nic Townsend <[email protected]>
  • Loading branch information
nictownsend committed Nov 30, 2020
1 parent 6566cbc commit 51bbe41
Show file tree
Hide file tree
Showing 31 changed files with 612 additions and 267 deletions.
6 changes: 3 additions & 3 deletions config/static.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,6 @@ const client: Config<Literal> = {
const server: Config<Literal> = {
defaultConfig: {
configValue: {
authentication: {
type: 'none',
},
client: {
configOverrides: {},
transport: {},
Expand All @@ -40,6 +37,9 @@ const server: Config<Literal> = {
contextRoot: '/',
port: 9080,
transport: {},
authentication: {
type: 'none',
},
},
session: {
name: 'strimzi-ui',
Expand Down
2 changes: 2 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,14 @@
"apollo-link-http": "^1.5.17",
"apollo-server-express": "^2.18.2",
"axios": "^0.21.0",
"body-parser": "^1.19.0",
"compression-webpack-plugin": "^4.0.0",
"express": "^4.17.1",
"express-session": "^1.17.1",
"express-static-gzip": "^2.1.0",
"fromentries": "^1.3.2",
"graphql": "^15.4.0",
"graphql-tag": "^2.11.0",
"graphql-ws": "^1.14.0",
"helmet": "^4.2.0",
"html-webpack-plugin": "^4.5.0",
Expand Down
38 changes: 19 additions & 19 deletions server/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,22 +20,22 @@ This directory contains all server code for the Strimzi UI - ie code which is re

As described in [the configuration approach](../docs/Architecture.md#configuration-and-feature-flagging), the UI server's configuration is provided via a file, which is then watched at runtime for modification. This configuration file is expected to be called `server.config.json` (available in the same directory as the `node` executable is run from), but this can be configured at runtime via environment variable `configPath`, dictating a different path and file name. The file must be either valid JSON or JS. The server also hosts configuration for discovery by the client via the `config` module. The configuration options for the server provided in the previously mentioned configuration file are as follows:

| Configuration | Required | Default | Purpose |
| ---------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| authentication.strategy | No | `none` | What authentication strategy to use to authenticate users. See [the security section](#security) for details of the available options. |
| authentication.configuration | No | `{}` | Any additional configuration required for the provided authentication strategy `authentication.strategy` . See [the security section](#security) for details of the available options. |
| client.configOverrides | No | `{}` | Overrides to send to the client. See [client configuration for further details](#client-configuration). These values will take precedence over any others provided. |
| client.publicDir | No | `/dist/client` | The location of the built client to serve. |
| client.transport.cert | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate presented to browsers on connecting to the UI server. |
| client.transport.key | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate private key for the certificate provided in `client.transport.cert`. |
| client.transport.ciphers | No | default set from [node's tls module](https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite) | TLS ciphers used/supported by the HTTPS server for client negotiation. Only applies if starting an HTTPS server. |
| client.transport.minTLS | No | `TLSv1.2` | Minimum TLS version supported by the server. Only applies if starting an HTTPS server. Set to `TLSv1.2` for browser compatibility. |
| featureFlags | No | `{}` | Feature flag overrides to set. The configuration is as per the format specified [here](#feature-flags). These values will take precedence over any others provided. |
| hostname | No | '0.0.0.0' | The hostname the UI server will be bound to. |
| logging | No | TBD | Logging configuration settings. Format to be defined in https://github.com/strimzi/strimzi-ui/issues/24 |
| modules | No | Object - [enabled modules and configuration can be found here](../docs/Architecture.md#router-controller-data-pattern) | The modules which are either enabled or disabled. |
| port | No | 3000 | The port the UI server will be bound to. |
| proxy.transport.cert | No | If not provided, SSL certificate validation of the upstream admin server is disabled | CA certificate in PEM format of the backend admin server api requests are to be sent to. |
| proxy.hostname | Yes | N/A | The hostname of the admin server to send api requests to. |
| proxy.port | Yes | N/A | The port of the admin server to send api requests to. |
| session.name | no | `strimzi-ui` | The name used to identify the session cookie |
| Configuration | Required | Default | Purpose |
| ---------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| client.configOverrides | No | `{}` | Overrides to send to the client. See [client configuration for further details](#client-configuration). These values will take precedence over any others provided. |
| client.publicDir | No | `/dist/client` | The location of the built client to serve. |
| client.transport.cert | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate presented to browsers on connecting to the UI server. |
| client.transport.key | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate private key for the certificate provided in `client.transport.cert`. |
| client.transport.ciphers | No | default set from [node's tls module](https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite) | TLS ciphers used/supported by the HTTPS server for client negotiation. Only applies if starting an HTTPS server. |
| client.transport.minTLS | No | `TLSv1.2` | Minimum TLS version supported by the server. Only applies if starting an HTTPS server. Set to `TLSv1.2` for browser compatibility. |
| featureFlags | No | `{}` | Feature flag overrides to set. The configuration is as per the format specified [here](#feature-flags). These values will take precedence over any others provided. |
| hostname | No | '0.0.0.0' | The hostname the UI server will be bound to. |
| logging | No | TBD | Logging configuration settings. Format to be defined in https://github.com/strimzi/strimzi-ui/issues/24 |
| modules | No | Object - [enabled modules and configuration can be found here](../docs/Architecture.md#router-controller-data-pattern) | The modules which are either enabled or disabled. |
| port | No | 3000 | The port the UI server will be bound to. |
| proxy.transport.cert | No | If not provided, SSL certificate validation of the upstream admin server is disabled | CA certificate in PEM format of the backend admin server api requests are to be sent to. |
| proxy.hostname | Yes | N/A | The hostname of the admin server to send api requests to. |
| proxy.port | Yes | N/A | The port of the admin server to send api requests to. |
| proxy.authentication.type | No | `none` | What authentication strategy to use to authenticate users. See [the security section](#security) for details of the available options. |
| proxy.authentication.configuration | No | `{}` | Any additional configuration required for the provided authentication strategy `authentication.strategy` . See [the security section](#security) for details of the available options. |
| session.name | no | `strimzi-ui` | The name used to identify the session cookie |
2 changes: 1 addition & 1 deletion server/api/router.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ const moduleName = 'api';

export const ApiModule: UIServerModule = {
moduleName,
addModule: (logger, { checkAuth }, serverConfig) => {
addModule: (logger, serverConfig, { checkAuth }) => {
const { proxy } = serverConfig;
const { exit } = logger.entry('addModule', proxy);
const { hostname, port, contextRoot, transport } = proxy;
Expand Down
10 changes: 5 additions & 5 deletions server/client/client.feature
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ Feature: client module
Scenario: Critical configuration is templated into index.html so the client can bootstrap
Given a 'client_only' server configuration
And There are files to serve
And Authentication is required
And authentication type 'none' is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '/index.html'
Then the file is returned as with the expected configuration included

Scenario Outline: If assets can be served without authentication, the client module returns the appropriate <StatusCode> return code for a request of <Asset>
Given a 'client_only' server configuration
And There are files to serve
And 'none' authentication is required
And authentication type 'none' is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response
Expand All @@ -48,16 +48,16 @@ Feature: client module
Scenario Outline: If assets can be served with authentication, the client module returns the appropriate <StatusCode> return code for a request of <Asset>
Given a 'client_only' server configuration
And There are files to serve
And 'scram' authentication is required
And authentication type 'scram' is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response
# if the route (not file) is not matched, we redirect to index.html. Hence / and someroute response
Examples:
| Asset | StatusCode |
| /index.html | 200 |
| /index.html | 302 |
| /images/picture.svg | 200 |
| /doesnotexist.html | 404 |
| /someroute | 302 |
| /protected.html | 302 |
| / | 200 |
| / | 302 |
20 changes: 10 additions & 10 deletions server/client/client.steps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,28 @@
* Copyright Strimzi authors.
* License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
*/
import merge from 'lodash.merge';
import { And, Then, Fusion } from 'jest-cucumber-fusion';
import merge from "lodash.merge";
import { And, Fusion, Then } from "jest-cucumber-fusion";
import {
stepWithWorld,
stepWhichUpdatesWorld,
} from 'test_common/commonServerSteps';
stepWithWorld,
} from "test_common/commonServerSteps";

And(
'There are no files to serve',
"There are no files to serve",
stepWhichUpdatesWorld((world) => {
return {
...world,
configuration: merge(world.configuration, {
client: {
publicDir: '/dir/that/does/not/exist',
publicDir: "/dir/that/does/not/exist",
},
}),
};
})
);

And('There are files to serve', () => {
And("There are files to serve", () => {
// NO_OP - the `client_only` configuration is already configured to serve fixture files
});

Expand All @@ -37,10 +37,10 @@ Then(
);

Then(
'the file is returned as with the expected configuration included',
"the file is returned as with the expected configuration included",
stepWithWorld(async (world) => {
const { request, configuration } = world;
const configuredAuthType = configuration.authentication.strategy;
const configuredAuthType = configuration.proxy.authentication.type;

await request.then(
(res) => {
Expand All @@ -59,4 +59,4 @@ Then(
})
);

Fusion('client.feature');
Fusion("client.feature");
Loading

0 comments on commit 51bbe41

Please sign in to comment.