unleash.unleash/src/lib/routes/index.ts

import { BackstageController } from './backstage';
import ResetPasswordController from './auth/reset-password-controller';
import { SimplePasswordProvider } from './auth/simple-password-provider';
import type { IUnleashConfig, IUnleashServices } from '../types';
import LogoutController from './logout';
import rateLimit from 'express-rate-limit';
import Controller from './controller';
import { AdminApi } from './admin-api';
import ClientApi from './client-api';

import { HealthCheckController } from './health-check';
import FrontendAPIController from '../features/frontend-api/frontend-api-controller';
import EdgeController from './edge-api';
import { PublicInviteController } from './public-invite';
import type { Db } from '../db/db';
import { minutesToMilliseconds } from 'date-fns';

class IndexRouter extends Controller {
    constructor(config: IUnleashConfig, services: IUnleashServices, db: Db) {
        super(config);

        this.use('/health', new HealthCheckController(config, services).router);
        this.use(
            '/invite',
            new PublicInviteController(config, services).router,
        );
        this.use('/internal-backstage', new BackstageController(config).router);
        this.use('/logout', new LogoutController(config, services).router);
        this.useWithMiddleware(
            '/auth/simple',
            new SimplePasswordProvider(config, services).router,
            rateLimit({
                windowMs: minutesToMilliseconds(1),
                max: config.rateLimiting.simpleLoginMaxPerMinute,
                validate: false,
                standardHeaders: true,
                legacyHeaders: false,
            }),
        );
        this.use(
            '/auth/reset',
            new ResetPasswordController(config, services).router,
        );

        this.use('/api/admin', new AdminApi(config, services, db).router);
        this.use('/api/client', new ClientApi(config, services).router);

        this.use(
            '/api/frontend',
            new FrontendAPIController(config, services).router,
        );

        this.use('/edge', new EdgeController(config, services).router);
    }
}

export default IndexRouter;

module.exports = IndexRouter;
feat: Default roles and RBAC permission checker. (#735) This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles. 2021-03-11 22:51:58 +01:00			`import { BackstageController } from './backstage';`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`import ResetPasswordController from './auth/reset-password-controller';`
refactor: add OpenAPI schema to simple-password-provider controller (#1734) * refactor: add OpenAPI schema to simple-password-provider controller * finish implementation after merge * refactor: address PR comments 2022-06-23 09:40:25 +02:00			`import { SimplePasswordProvider } from './auth/simple-password-provider';`
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit. 2024-03-18 13:58:05 +01:00			`import type { IUnleashConfig, IUnleashServices } from '../types';`
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`import LogoutController from './logout';`
Added login endpoint rate limit (#2074) * Added login rate limit * Make more pretty * Make more pretty * Fix * Remove double after all 2022-09-26 09:58:58 +02:00			`import rateLimit from 'express-rate-limit';`
fix: path metric labels (#6400) ## About the changes Some of our metrics are not labeled correctly, one example is `<base-path>/api/frontend/client/metrics` is labeled as `/client/metrics`. We can see that in internal-backstage/prometheus: ![image](https://github.com/Unleash/unleash/assets/455064/0d8f1f40-8b5b-49d4-8a88-70b523e9be09) This issue affects all endpoints that fail to validate the request body. Also, endpoints that are rejected by the authorization-middleware or the api-token-middleware are reported as `(hidden)`. To gain more insights on our api usage but being protective of metrics cardinality we're prefixing `(hidden)` with some well known base urls: https://github.com/Unleash/unleash/pull/6400/files#diff-1ed998ca46ffc97c9c0d5d400bfd982dbffdb3004b78a230a8a38e7644eee9b6R17-R33 ## How to reproduce: Make an invalid call to metrics (e.g. stop set to null), then check /internal-backstage/prometheus and find the 400 error. Expected to be at `path="/api/client/metrics"` but will have `path=""`: ```shell curl -H"Authorization: *:development.unleash-insecure-client-api-token" -H'Content-type: application/json' localhost:4242/api/client/metrics -d '{ "appName": "bash-test", "instanceId": "application-name-dacb1234", "environment": "development", "bucket": { "start": "2023-07-27T11:23:44Z", "stop": null, "toggles": { "myCoolToggle": { "yes": 25, "no": 42, "variants": { "blue": 6, "green": 15, "red": 46 } }, "myOtherToggle": { "yes": 0, "no": 100 } } } }' ``` 2024-03-05 15:25:06 +01:00			`import Controller from './controller';`
			`import { AdminApi } from './admin-api';`
			`import ClientApi from './client-api';`
codemods 2016-06-18 21:53:18 +02:00
refactor: add OpenAPI schema to health-check controller (#1732) * refactor: add OpenAPI schema to health-check controller * refactor: address PR comments * add type to health-check-schema * fix: update snap 2022-06-20 12:22:41 +02:00			`import { HealthCheckController } from './health-check';`
refactor: rename proxy to frontend api (#6502) 2024-03-11 17:30:46 +01:00			`import FrontendAPIController from '../features/frontend-api/frontend-api-controller';`
Create endpoint that validates tokens for edge (#2039) * Create new endpoint * Change edge url * Fix snapshot 2022-09-01 15:26:26 +02:00			`import EdgeController from './edge-api';`
Feat/invite user (#2061) * refactor: user creation screen cleanup * feat: deprecation notice for google sso * fix: docs openid typo * invite link bar * invite link page * fix prettier docs * regenerated openapi * hooks for invite page api * update openapi * feat: invite link update * feat: add public signup token soft-delete * public signup frontend feature flag * fix: new user api issues * feat: allow for creating new user from invite link * Feat/invite user public controller (#2106) * added PublicInviteController for public urls * added PublicInviteController for public urls * added PublicInviteController for public urls * added PublicInviteController for public urls * fix test * fix test * update openapi * refactor: password reset props * fix: public invite schema and validation Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> * user invite frontend Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> * invite link delete confirmation dialog * refactor: password reset action * fix: new user invite loading state * fix: run ts check with ci * revert openapi changes * fix: invite token api interface * fix: openapi schema index * fix: update test snapshots * update frontend snapshot * fix: prettier ci * fix: updates after review Co-authored-by: andreas-unleash <104830839+andreas-unleash@users.noreply.github.com> Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> 2022-09-30 13:01:32 +02:00			`import { PublicInviteController } from './public-invite';`
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit. 2024-03-18 13:58:05 +01:00			`import type { Db } from '../db/db';`
feat: update rate-limit (#3248) https://linear.app/unleash/issue/2-732/rate-limit-auth-endpoints-in-enterprise Updates the rate-limit to reflect the [recent rate-limiting in Enterprise](https://github.com/ivarconr/unleash-enterprise/pull/381). 2023-03-03 13:09:28 +01:00			`import { minutesToMilliseconds } from 'date-fns';`
feat: embed proxy endpoints (#1926) * refactor: remove unused API definition routes * feat: add support for proxy keys * feat: support listening for any event * feat: embed proxy endpoints * refactor: add an experimental flag for the embedded proxy 2022-08-16 15:33:33 +02:00
chore(modernize): Use base controller for all client controllers 2018-12-03 08:59:13 +01:00			`class IndexRouter extends Controller {`
feat: oss import (#3123) 2023-02-16 08:08:51 +01:00			`constructor(config: IUnleashConfig, services: IUnleashServices, db: Db) {`
feat: Default roles and RBAC permission checker. (#735) This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles. 2021-03-11 22:51:58 +01:00			`super(config);`
Feat/unleash flags embedded proxy (#1974) * feat: use unleash flags for embedded proxy * feat: add a separate flag for the proxy frontend * fix: setup unleash in dev * fix: check flagResolver on each request * fix: remove unleash client setup * refactor: update frontend routes snapshot * refactor: make batchMetrics flag dynamic * fix: always check dynamic CORS origins config * fix: make conditionalMiddleware work with the OpenAPI schema generation Co-authored-by: olav <mail@olav.io> 2022-08-26 15:16:29 +02:00
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`this.use('/health', new HealthCheckController(config, services).router);`
Feat/invite user (#2061) * refactor: user creation screen cleanup * feat: deprecation notice for google sso * fix: docs openid typo * invite link bar * invite link page * fix prettier docs * regenerated openapi * hooks for invite page api * update openapi * feat: invite link update * feat: add public signup token soft-delete * public signup frontend feature flag * fix: new user api issues * feat: allow for creating new user from invite link * Feat/invite user public controller (#2106) * added PublicInviteController for public urls * added PublicInviteController for public urls * added PublicInviteController for public urls * added PublicInviteController for public urls * fix test * fix test * update openapi * refactor: password reset props * fix: public invite schema and validation Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> * user invite frontend Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> * invite link delete confirmation dialog * refactor: password reset action * fix: new user invite loading state * fix: run ts check with ci * revert openapi changes * fix: invite token api interface * fix: openapi schema index * fix: update test snapshots * update frontend snapshot * fix: prettier ci * fix: updates after review Co-authored-by: andreas-unleash <104830839+andreas-unleash@users.noreply.github.com> Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> 2022-09-30 13:01:32 +02:00			`this.use(`
			`'/invite',`
			`new PublicInviteController(config, services).router,`
			`);`
chore: Begin converting files from JS to TypeScript 2021-02-16 14:30:08 +01:00			`this.use('/internal-backstage', new BackstageController(config).router);`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`this.use('/logout', new LogoutController(config, services).router);`
Added login endpoint rate limit (#2074) * Added login rate limit * Make more pretty * Make more pretty * Fix * Remove double after all 2022-09-26 09:58:58 +02:00			`this.useWithMiddleware(`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`'/auth/simple',`
			`new SimplePasswordProvider(config, services).router,`
Added login endpoint rate limit (#2074) * Added login rate limit * Make more pretty * Make more pretty * Fix * Remove double after all 2022-09-26 09:58:58 +02:00			`rateLimit({`
feat: update rate-limit (#3248) https://linear.app/unleash/issue/2-732/rate-limit-auth-endpoints-in-enterprise Updates the rate-limit to reflect the [recent rate-limiting in Enterprise](https://github.com/ivarconr/unleash-enterprise/pull/381). 2023-03-03 13:09:28 +01:00			`windowMs: minutesToMilliseconds(1),`
feat: make all internal rate limits configurable (#5095) ### What This PR makes the rate limit for user creation and simple login (our password based login) configurable in the same way you can do metricsRateLimiting. ### Worth noting In addition this PR adds a `rate_limit{endpoint, method}` prometheus gauge, which gets the data from the UnleashConfig. 2023-10-26 09:20:29 +02:00			`max: config.rateLimiting.simpleLoginMaxPerMinute,`
feat: allow trust proxy (#4396) 2023-08-03 12:47:19 +02:00			`validate: false,`
Added login endpoint rate limit (#2074) * Added login rate limit * Make more pretty * Make more pretty * Fix * Remove double after all 2022-09-26 09:58:58 +02:00			`standardHeaders: true,`
			`legacyHeaders: false,`
			`}),`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`);`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`this.use(`
			`'/auth/reset',`
			`new ResetPasswordController(config, services).router,`
			`);`
Personal access tokens backend (#2064) * First version ready * Final * Refactor * Update pat store * Website revert * Website revert * Update * Revert website * Revert docs to main * Revert docs to main * Fix eslint * Test * Fix table name 2022-09-16 09:54:27 +02:00
feat: oss import (#3123) 2023-02-16 08:08:51 +01:00			`this.use('/api/admin', new AdminApi(config, services, db).router);`
feat: embed proxy endpoints (#1926) * refactor: remove unused API definition routes * feat: add support for proxy keys * feat: support listening for any event * feat: embed proxy endpoints * refactor: add an experimental flag for the embedded proxy 2022-08-16 15:33:33 +02:00			`this.use('/api/client', new ClientApi(config, services).router);`
Refactor routes setup, move test files, cleanup legacy 2017-06-28 10:20:22 +02:00
Feat/unleash flags embedded proxy (#1974) * feat: use unleash flags for embedded proxy * feat: add a separate flag for the proxy frontend * fix: setup unleash in dev * fix: check flagResolver on each request * fix: remove unleash client setup * refactor: update frontend routes snapshot * refactor: make batchMetrics flag dynamic * fix: always check dynamic CORS origins config * fix: make conditionalMiddleware work with the OpenAPI schema generation Co-authored-by: olav <mail@olav.io> 2022-08-26 15:16:29 +02:00			`this.use(`
			`'/api/frontend',`
chore: avoid printing out warnings from known frontend proxies (#6271) ## About the changes Our frontend API creates new instances of unleash-client-proxy. Because this is by-design, we don't want to log a warning that was designed to warn users about potential misconfiguration of Unleash Proxy. As an extra, I'm renaming ProxyController to FrontendAPIController to better reflect the intent of this controller. 2024-02-20 11:27:21 +01:00			`new FrontendAPIController(config, services).router,`
Feat/unleash flags embedded proxy (#1974) * feat: use unleash flags for embedded proxy * feat: add a separate flag for the proxy frontend * fix: setup unleash in dev * fix: check flagResolver on each request * fix: remove unleash client setup * refactor: update frontend routes snapshot * refactor: make batchMetrics flag dynamic * fix: always check dynamic CORS origins config * fix: make conditionalMiddleware work with the OpenAPI schema generation Co-authored-by: olav <mail@olav.io> 2022-08-26 15:16:29 +02:00			`);`
Create endpoint that validates tokens for edge (#2039) * Create new endpoint * Change edge url * Fix snapshot 2022-09-01 15:26:26 +02:00
			`this.use('/edge', new EdgeController(config, services).router);`
Added option to disable legacy routes. Closes #244 2017-09-07 21:42:21 +02:00			`}`
chore(modernize): Modernize IndexController 2018-11-24 12:58:30 +01:00			`}`
Introduces the /api path. Some endpoints are provided on both / and /api to support older clients. Closes #162 2016-11-09 22:31:49 +01:00
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`export default IndexRouter;`

chore(modernize): Modernize IndexController 2018-11-24 12:58:30 +01:00			`module.exports = IndexRouter;`
No results found.