1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
unleash.unleash/src/lib/services/feature-toggle-service.ts

1401 lines
44 KiB
TypeScript
Raw Normal View History

import { IUnleashConfig } from '../types/option';
Complete open api schemas for project features controller (#1563) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * revert * revert * revert * revert * revert * mapper * revert * revert * revert * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * revert * revert * add mappers * add mappers * fix pr comments * ignore report.json * ignore report.json * Route permission required Co-authored-by: olav <mail@olav.io>
2022-05-18 15:17:09 +02:00
import { IUnleashStores } from '../types';
import { Logger } from '../logger';
import BadDataError from '../error/bad-data-error';
import NameExistsError from '../error/name-exists-error';
import InvalidOperationError from '../error/invalid-operation-error';
import { FOREIGN_KEY_VIOLATION } from '../error/db-error';
import {
constraintSchema,
featureMetadataSchema,
nameSchema,
variantsArraySchema,
} from '../schema/feature-schema';
import {
FEATURE_UPDATED,
FeatureArchivedEvent,
FeatureChangeProjectEvent,
FeatureCreatedEvent,
FeatureDeletedEvent,
FeatureEnvironmentEvent,
FeatureMetadataUpdateEvent,
FeatureRevivedEvent,
FeatureStaleEvent,
FeatureStrategyAddEvent,
FeatureStrategyRemoveEvent,
FeatureStrategyUpdateEvent,
FeatureVariantEvent,
EnvironmentVariantEvent,
} from '../types/events';
import NotFoundError from '../error/notfound-error';
2021-08-25 13:38:00 +02:00
import {
FeatureConfigurationClient,
IFeatureStrategiesStore,
} from '../types/stores/feature-strategies-store';
import { IEventStore } from '../types/stores/event-store';
import { IProjectStore } from '../types/stores/project-store';
import { IFeatureTagStore } from '../types/stores/feature-tag-store';
import { IFeatureToggleStore } from '../types/stores/feature-toggle-store';
import {
FeatureToggle,
FeatureToggleDTO,
FeatureToggleLegacy,
FeatureToggleWithEnvironment,
IConstraint,
IFeatureEnvironmentInfo,
IFeatureOverview,
IFeatureStrategy,
IFeatureToggleQuery,
ISegment,
IStrategyConfig,
IVariant,
WeightType,
} from '../types/model';
import { IFeatureEnvironmentStore } from '../types/stores/feature-environment-store';
import { IFeatureToggleClientStore } from '../types/stores/feature-toggle-client-store';
import {
DATE_OPERATORS,
DEFAULT_ENV,
NUM_OPERATORS,
SEMVER_OPERATORS,
STRING_OPERATORS,
} from '../util/constants';
import { applyPatch, deepClone, Operation } from 'fast-json-patch';
import { OperationDeniedError } from '../error/operation-denied-error';
import {
validateDate,
validateLegalValues,
validateNumber,
validateSemver,
validateString,
} from '../util/validators/constraint-types';
import { IContextFieldStore } from 'lib/types/stores/context-field-store';
import { Saved, Unsaved } from '../types/saved';
import { SegmentService } from './segment-service';
import { SetStrategySortOrderSchema } from 'lib/openapi/spec/set-strategy-sort-order-schema';
import { getDefaultStrategy } from '../util/feature-evaluator/helpers';
import { AccessService } from './access-service';
import { User } from '../server-impl';
import { CREATE_FEATURE_STRATEGY } from '../types/permissions';
import NoAccessError from '../error/no-access-error';
2022-11-29 16:06:08 +01:00
import { IFeatureProjectUserParams } from '../routes/admin-api/project/features';
interface IFeatureContext {
featureName: string;
projectId: string;
}
interface IFeatureStrategyContext extends IFeatureContext {
environment: string;
}
2022-11-29 16:06:08 +01:00
export interface IGetFeatureParams {
featureName: string;
archived?: boolean;
projectId?: string;
environmentVariants?: boolean;
userId?: number;
}
const oneOf = (values: string[], match: string) => {
return values.some((value) => value === match);
};
class FeatureToggleService {
private logger: Logger;
private featureStrategiesStore: IFeatureStrategiesStore;
private featureToggleStore: IFeatureToggleStore;
private featureToggleClientStore: IFeatureToggleClientStore;
private tagStore: IFeatureTagStore;
private featureEnvironmentStore: IFeatureEnvironmentStore;
private projectStore: IProjectStore;
private eventStore: IEventStore;
private contextFieldStore: IContextFieldStore;
private segmentService: SegmentService;
private accessService: AccessService;
constructor(
{
featureStrategiesStore,
featureToggleStore,
featureToggleClientStore,
projectStore,
eventStore,
featureTagStore,
featureEnvironmentStore,
contextFieldStore,
}: Pick<
2021-08-25 13:38:00 +02:00
IUnleashStores,
| 'featureStrategiesStore'
| 'featureToggleStore'
| 'featureToggleClientStore'
2021-08-25 13:38:00 +02:00
| 'projectStore'
| 'eventStore'
| 'featureTagStore'
| 'featureEnvironmentStore'
| 'contextFieldStore'
>,
{ getLogger }: Pick<IUnleashConfig, 'getLogger'>,
segmentService: SegmentService,
accessService: AccessService,
) {
this.logger = getLogger('services/feature-toggle-service.ts');
this.featureStrategiesStore = featureStrategiesStore;
this.featureToggleStore = featureToggleStore;
this.featureToggleClientStore = featureToggleClientStore;
this.tagStore = featureTagStore;
this.projectStore = projectStore;
this.eventStore = eventStore;
this.featureEnvironmentStore = featureEnvironmentStore;
this.contextFieldStore = contextFieldStore;
this.segmentService = segmentService;
this.accessService = accessService;
}
async validateFeatureContext({
featureName,
projectId,
}: IFeatureContext): Promise<void> {
const id = await this.featureToggleStore.getProjectId(featureName);
if (id !== projectId) {
throw new InvalidOperationError(
Fix: validate that the project is correct when getting feature by project (#2344) ## What This PR fixes a bug where fetching a feature toggle via the `/api/admin/projects/:projectId/features/:featureName` endpoint doesn't validate that the feature belongs to the provided project. The same thing applies to the archive functionality. This has also been fixed. In doing so, it also adds corresponding tests to check for edge cases, updates the 403 error response we use to provide clearer steps for the user, and adds more error responses to the OpenAPI documentation. ## Why As mentioned in #2337, it's unexpected that the provided project shouldn't matter at all, and after discussions internally, it was also discovered that this was never intended to be the case. ## Discussion points It might be worth rethinking this for Unleash v5. Why does the features API need the projects part at all when features are unique across the entire instance? Would it be worth reverting to a simpler feature API later or would that introduce issues with regards to how different projects can have different active environments and so on? ### Further improvements I have _not_ provided schemas for the error responses for the endpoints at this time. I considered it, but because it would introduce new schema code, more tests, etc, I decided to leave it for later. There's a thorough OpenAPI walkthrough coming up, so I think it makes sense to do it as part of that work instead. I am happy to be challenged on this, however, and will implement it if you think it's better. ### Why 403 when the project is wrong? We could also have used the 404 status code for when the feature exists but doesn't belong to this project, but this would require more (and more complex) code. We also already use 403 for cases like this for post, patch, and put. Finally, the [HTTP spec's section on the 403 status code](https://httpwg.org/specs/rfc9110.html#status.403) says the following (emphasis mine): > The 403 (Forbidden) status code indicates that the server **_understood the request but refuses to fulfill it_**. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any). > > If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, **_a request might be forbidden for reasons unrelated to the credentials_**. As such, I think using 403 makes sense in this case. --- Closes #2337.
2022-11-08 13:34:01 +01:00
`The operation could not be completed. The feature exists, but the provided project id ("${projectId}") does not match the project that the feature belongs to ("${id}"). Try using "${id}" in the request URL instead of "${projectId}".`,
);
}
}
validateFeatureStrategyContext(
strategy: IFeatureStrategy,
{ featureName, projectId }: IFeatureStrategyContext,
): void {
if (strategy.projectId !== projectId) {
throw new InvalidOperationError(
'You can not change the projectId for an activation strategy.',
);
}
if (strategy.featureName !== featureName) {
throw new InvalidOperationError(
'You can not change the featureName for an activation strategy.',
);
}
}
async validateConstraints(
constraints: IConstraint[],
): Promise<IConstraint[]> {
const validations = constraints.map((constraint) => {
return this.validateConstraint(constraint);
});
return Promise.all(validations);
}
async validateConstraint(input: IConstraint): Promise<IConstraint> {
const constraint = await constraintSchema.validateAsync(input);
const { operator } = constraint;
const contextDefinition = await this.contextFieldStore.get(
constraint.contextName,
);
if (oneOf(NUM_OPERATORS, operator)) {
await validateNumber(constraint.value);
}
if (oneOf(STRING_OPERATORS, operator)) {
await validateString(constraint.values);
}
if (oneOf(SEMVER_OPERATORS, operator)) {
// Semver library is not asynchronous, so we do not
// need to await here.
validateSemver(constraint.value);
}
if (oneOf(DATE_OPERATORS, operator)) {
await validateDate(constraint.value);
}
if (
oneOf(
[...DATE_OPERATORS, ...SEMVER_OPERATORS, ...NUM_OPERATORS],
operator,
)
) {
if (contextDefinition?.legalValues?.length > 0) {
validateLegalValues(
contextDefinition.legalValues,
constraint.value,
);
}
} else {
if (contextDefinition?.legalValues?.length > 0) {
validateLegalValues(
contextDefinition.legalValues,
constraint.values,
);
}
}
return constraint;
}
async patchFeature(
project: string,
featureName: string,
createdBy: string,
operations: Operation[],
): Promise<FeatureToggle> {
const featureToggle = await this.getFeatureMetadata(featureName);
if (operations.some((op) => op.path.indexOf('/variants') >= 0)) {
throw new OperationDeniedError(
`Changing variants is done via PATCH operation to /api/admin/projects/:project/features/:feature/variants`,
);
}
const { newDocument } = applyPatch(
deepClone(featureToggle),
operations,
);
const updated = await this.updateFeatureToggle(
project,
newDocument,
createdBy,
featureName,
);
if (featureToggle.stale !== newDocument.stale) {
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureStaleEvent({
stale: newDocument.stale,
project,
featureName,
createdBy,
tags,
}),
);
}
return updated;
}
featureStrategyToPublic(
featureStrategy: IFeatureStrategy,
segments: ISegment[] = [],
): Saved<IStrategyConfig> {
return {
id: featureStrategy.id,
name: featureStrategy.strategyName,
constraints: featureStrategy.constraints || [],
parameters: featureStrategy.parameters,
segments: segments.map((segment) => segment.id) ?? [],
};
}
async updateStrategiesSortOrder(
featureName: string,
sortOrders: SetStrategySortOrderSchema,
): Promise<Saved<any>> {
await Promise.all(
sortOrders.map(async ({ id, sortOrder }) =>
this.featureStrategiesStore.updateSortOrder(id, sortOrder),
),
);
}
async createStrategy(
strategyConfig: Unsaved<IStrategyConfig>,
context: IFeatureStrategyContext,
createdBy: string,
): Promise<Saved<IStrategyConfig>> {
await this.stopWhenChangeRequestsEnabled(
context.projectId,
context.environment,
);
return this.unprotectedCreateStrategy(
strategyConfig,
context,
createdBy,
);
}
async unprotectedCreateStrategy(
strategyConfig: Unsaved<IStrategyConfig>,
context: IFeatureStrategyContext,
createdBy: string,
): Promise<Saved<IStrategyConfig>> {
const { featureName, projectId, environment } = context;
await this.validateFeatureContext(context);
if (strategyConfig.constraints?.length > 0) {
strategyConfig.constraints = await this.validateConstraints(
strategyConfig.constraints,
);
}
try {
2021-08-25 13:38:00 +02:00
const newFeatureStrategy =
await this.featureStrategiesStore.createStrategyFeatureEnv({
strategyName: strategyConfig.name,
constraints: strategyConfig.constraints,
parameters: strategyConfig.parameters,
sortOrder: strategyConfig.sortOrder,
projectId,
featureName,
environment,
2021-08-25 13:38:00 +02:00
});
if (
strategyConfig.segments &&
Array.isArray(strategyConfig.segments)
) {
await this.segmentService.updateStrategySegments(
newFeatureStrategy.id,
strategyConfig.segments,
);
}
const tags = await this.tagStore.getAllTagsForFeature(featureName);
const segments = await this.segmentService.getByStrategy(
newFeatureStrategy.id,
);
const strategy = this.featureStrategyToPublic(
newFeatureStrategy,
segments,
);
await this.eventStore.store(
new FeatureStrategyAddEvent({
project: projectId,
featureName,
createdBy,
environment,
data: strategy,
tags,
}),
);
return strategy;
} catch (e) {
if (e.code === FOREIGN_KEY_VIOLATION) {
throw new BadDataError(
'You have not added the current environment to the project',
);
}
throw e;
}
}
/**
* PUT /api/admin/projects/:projectId/features/:featureName/strategies/:strategyId ?
* {
*
* }
* @param id
* @param updates
* @param context - Which context does this strategy live in (projectId, featureName, environment)
* @param userName - Human readable id of the user performing the update
*/
async updateStrategy(
id: string,
updates: Partial<IFeatureStrategy>,
context: IFeatureStrategyContext,
userName: string,
): Promise<Saved<IStrategyConfig>> {
await this.stopWhenChangeRequestsEnabled(
context.projectId,
context.environment,
);
return this.unprotectedUpdateStrategy(id, updates, context, userName);
}
async unprotectedUpdateStrategy(
id: string,
updates: Partial<IFeatureStrategy>,
context: IFeatureStrategyContext,
userName: string,
): Promise<Saved<IStrategyConfig>> {
const { projectId, environment, featureName } = context;
const existingStrategy = await this.featureStrategiesStore.get(id);
this.validateFeatureStrategyContext(existingStrategy, context);
if (existingStrategy.id === id) {
if (updates.constraints?.length > 0) {
updates.constraints = await this.validateConstraints(
updates.constraints,
);
}
const strategy = await this.featureStrategiesStore.updateStrategy(
id,
updates,
);
if (updates.segments && Array.isArray(updates.segments)) {
await this.segmentService.updateStrategySegments(
strategy.id,
updates.segments,
);
}
const segments = await this.segmentService.getByStrategy(
strategy.id,
);
// Store event!
const tags = await this.tagStore.getAllTagsForFeature(featureName);
const data = this.featureStrategyToPublic(strategy, segments);
const preData = this.featureStrategyToPublic(
existingStrategy,
segments,
);
await this.eventStore.store(
new FeatureStrategyUpdateEvent({
project: projectId,
featureName,
environment,
createdBy: userName,
data,
preData,
tags,
}),
);
return data;
}
throw new NotFoundError(`Could not find strategy with id ${id}`);
}
async updateStrategyParameter(
id: string,
name: string,
value: string | number,
context: IFeatureStrategyContext,
userName: string,
): Promise<Saved<IStrategyConfig>> {
const { projectId, environment, featureName } = context;
const existingStrategy = await this.featureStrategiesStore.get(id);
this.validateFeatureStrategyContext(existingStrategy, context);
if (existingStrategy.id === id) {
existingStrategy.parameters[name] = String(value);
const strategy = await this.featureStrategiesStore.updateStrategy(
id,
existingStrategy,
);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
const segments = await this.segmentService.getByStrategy(
strategy.id,
);
const data = this.featureStrategyToPublic(strategy, segments);
const preData = this.featureStrategyToPublic(
existingStrategy,
segments,
);
await this.eventStore.store(
new FeatureStrategyUpdateEvent({
featureName,
project: projectId,
environment,
createdBy: userName,
data,
preData,
tags,
}),
);
return data;
}
throw new NotFoundError(`Could not find strategy with id ${id}`);
}
/**
* DELETE /api/admin/projects/:projectId/features/:featureName/environments/:environmentName/strategies/:strategyId
* {
*
* }
* @param id - strategy id
* @param context - Which context does this strategy live in (projectId, featureName, environment)
Complete open api schemas for project features controller (#1563) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * revert * revert * revert * revert * revert * mapper * revert * revert * revert * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * revert * revert * add mappers * add mappers * fix pr comments * ignore report.json * ignore report.json * Route permission required Co-authored-by: olav <mail@olav.io>
2022-05-18 15:17:09 +02:00
* @param createdBy - Which user does this strategy belong to
*/
async deleteStrategy(
id: string,
context: IFeatureStrategyContext,
createdBy: string,
): Promise<void> {
await this.stopWhenChangeRequestsEnabled(
context.projectId,
context.environment,
);
return this.unprotectedDeleteStrategy(id, context, createdBy);
}
async unprotectedDeleteStrategy(
id: string,
context: IFeatureStrategyContext,
createdBy: string,
): Promise<void> {
const existingStrategy = await this.featureStrategiesStore.get(id);
const { featureName, projectId, environment } = context;
this.validateFeatureStrategyContext(existingStrategy, context);
await this.featureStrategiesStore.delete(id);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
const preData = this.featureStrategyToPublic(existingStrategy);
await this.eventStore.store(
new FeatureStrategyRemoveEvent({
featureName,
project: projectId,
environment,
createdBy,
preData,
tags,
}),
);
// If there are no strategies left for environment disable it
await this.featureEnvironmentStore.disableEnvironmentIfNoStrategies(
featureName,
environment,
);
}
async getStrategiesForEnvironment(
project: string,
featureName: string,
environment: string = DEFAULT_ENV,
): Promise<Saved<IStrategyConfig>[]> {
this.logger.debug('getStrategiesForEnvironment');
const hasEnv = await this.featureEnvironmentStore.featureHasEnvironment(
environment,
featureName,
);
if (hasEnv) {
2021-08-25 13:38:00 +02:00
const featureStrategies =
await this.featureStrategiesStore.getStrategiesForFeatureEnv(
project,
2021-08-25 13:38:00 +02:00
featureName,
environment,
);
const result = [];
for (const strat of featureStrategies) {
const segments =
(await this.segmentService.getByStrategy(strat.id)).map(
(segment) => segment.id,
) ?? [];
result.push({
id: strat.id,
name: strat.strategyName,
constraints: strat.constraints,
parameters: strat.parameters,
sortOrder: strat.sortOrder,
segments,
});
}
return result;
}
throw new NotFoundError(
`Feature ${featureName} does not have environment ${environment}`,
);
}
/**
* GET /api/admin/projects/:project/features/:featureName
* @param featureName
* @param archived - return archived or non archived toggles
Fix: validate that the project is correct when getting feature by project (#2344) ## What This PR fixes a bug where fetching a feature toggle via the `/api/admin/projects/:projectId/features/:featureName` endpoint doesn't validate that the feature belongs to the provided project. The same thing applies to the archive functionality. This has also been fixed. In doing so, it also adds corresponding tests to check for edge cases, updates the 403 error response we use to provide clearer steps for the user, and adds more error responses to the OpenAPI documentation. ## Why As mentioned in #2337, it's unexpected that the provided project shouldn't matter at all, and after discussions internally, it was also discovered that this was never intended to be the case. ## Discussion points It might be worth rethinking this for Unleash v5. Why does the features API need the projects part at all when features are unique across the entire instance? Would it be worth reverting to a simpler feature API later or would that introduce issues with regards to how different projects can have different active environments and so on? ### Further improvements I have _not_ provided schemas for the error responses for the endpoints at this time. I considered it, but because it would introduce new schema code, more tests, etc, I decided to leave it for later. There's a thorough OpenAPI walkthrough coming up, so I think it makes sense to do it as part of that work instead. I am happy to be challenged on this, however, and will implement it if you think it's better. ### Why 403 when the project is wrong? We could also have used the 404 status code for when the feature exists but doesn't belong to this project, but this would require more (and more complex) code. We also already use 403 for cases like this for post, patch, and put. Finally, the [HTTP spec's section on the 403 status code](https://httpwg.org/specs/rfc9110.html#status.403) says the following (emphasis mine): > The 403 (Forbidden) status code indicates that the server **_understood the request but refuses to fulfill it_**. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any). > > If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, **_a request might be forbidden for reasons unrelated to the credentials_**. As such, I think using 403 makes sense in this case. --- Closes #2337.
2022-11-08 13:34:01 +01:00
* @param projectId - provide if you're requesting the feature in the context of a specific project.
*/
2022-11-29 16:06:08 +01:00
async getFeature({
featureName,
archived,
projectId,
environmentVariants,
userId,
}: IGetFeatureParams): Promise<FeatureToggleWithEnvironment> {
if (projectId) {
await this.validateFeatureContext({ featureName, projectId });
}
if (environmentVariants) {
return this.featureStrategiesStore.getFeatureToggleWithVariantEnvs(
featureName,
2022-11-29 16:06:08 +01:00
userId,
archived,
);
} else {
return this.featureStrategiesStore.getFeatureToggleWithEnvs(
Fix: validate that the project is correct when getting feature by project (#2344) ## What This PR fixes a bug where fetching a feature toggle via the `/api/admin/projects/:projectId/features/:featureName` endpoint doesn't validate that the feature belongs to the provided project. The same thing applies to the archive functionality. This has also been fixed. In doing so, it also adds corresponding tests to check for edge cases, updates the 403 error response we use to provide clearer steps for the user, and adds more error responses to the OpenAPI documentation. ## Why As mentioned in #2337, it's unexpected that the provided project shouldn't matter at all, and after discussions internally, it was also discovered that this was never intended to be the case. ## Discussion points It might be worth rethinking this for Unleash v5. Why does the features API need the projects part at all when features are unique across the entire instance? Would it be worth reverting to a simpler feature API later or would that introduce issues with regards to how different projects can have different active environments and so on? ### Further improvements I have _not_ provided schemas for the error responses for the endpoints at this time. I considered it, but because it would introduce new schema code, more tests, etc, I decided to leave it for later. There's a thorough OpenAPI walkthrough coming up, so I think it makes sense to do it as part of that work instead. I am happy to be challenged on this, however, and will implement it if you think it's better. ### Why 403 when the project is wrong? We could also have used the 404 status code for when the feature exists but doesn't belong to this project, but this would require more (and more complex) code. We also already use 403 for cases like this for post, patch, and put. Finally, the [HTTP spec's section on the 403 status code](https://httpwg.org/specs/rfc9110.html#status.403) says the following (emphasis mine): > The 403 (Forbidden) status code indicates that the server **_understood the request but refuses to fulfill it_**. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any). > > If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, **_a request might be forbidden for reasons unrelated to the credentials_**. As such, I think using 403 makes sense in this case. --- Closes #2337.
2022-11-08 13:34:01 +01:00
featureName,
2022-11-29 16:06:08 +01:00
userId,
Fix: validate that the project is correct when getting feature by project (#2344) ## What This PR fixes a bug where fetching a feature toggle via the `/api/admin/projects/:projectId/features/:featureName` endpoint doesn't validate that the feature belongs to the provided project. The same thing applies to the archive functionality. This has also been fixed. In doing so, it also adds corresponding tests to check for edge cases, updates the 403 error response we use to provide clearer steps for the user, and adds more error responses to the OpenAPI documentation. ## Why As mentioned in #2337, it's unexpected that the provided project shouldn't matter at all, and after discussions internally, it was also discovered that this was never intended to be the case. ## Discussion points It might be worth rethinking this for Unleash v5. Why does the features API need the projects part at all when features are unique across the entire instance? Would it be worth reverting to a simpler feature API later or would that introduce issues with regards to how different projects can have different active environments and so on? ### Further improvements I have _not_ provided schemas for the error responses for the endpoints at this time. I considered it, but because it would introduce new schema code, more tests, etc, I decided to leave it for later. There's a thorough OpenAPI walkthrough coming up, so I think it makes sense to do it as part of that work instead. I am happy to be challenged on this, however, and will implement it if you think it's better. ### Why 403 when the project is wrong? We could also have used the 404 status code for when the feature exists but doesn't belong to this project, but this would require more (and more complex) code. We also already use 403 for cases like this for post, patch, and put. Finally, the [HTTP spec's section on the 403 status code](https://httpwg.org/specs/rfc9110.html#status.403) says the following (emphasis mine): > The 403 (Forbidden) status code indicates that the server **_understood the request but refuses to fulfill it_**. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any). > > If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, **_a request might be forbidden for reasons unrelated to the credentials_**. As such, I think using 403 makes sense in this case. --- Closes #2337.
2022-11-08 13:34:01 +01:00
archived,
);
}
}
/**
* GET /api/admin/projects/:project/features/:featureName/variants
* @param featureName
* @return The list of variants
*/
async getVariants(featureName: string): Promise<IVariant[]> {
return this.featureToggleStore.getVariants(featureName);
}
async getVariantsForEnv(
featureName: string,
environment: string,
): Promise<IVariant[]> {
const featureEnvironment = await this.featureEnvironmentStore.get({
featureName,
environment,
});
return featureEnvironment.variants || [];
}
async getFeatureMetadata(featureName: string): Promise<FeatureToggle> {
return this.featureToggleStore.get(featureName);
}
async getClientFeatures(
query?: IFeatureToggleQuery,
feat(#1873/playground): Return detailed information on feature toggle evaluation (#1839) * Feat: return reasons why a feature evaluated to true or false Note: this is very rough and just straight ripped from the nodejs client. It will need a lot of work, but is a good place to start * Feat: add suggested shape for new payload * Chore: minor cleanup * Wip: make server compile again * Remove unused schema ref * Export new schemas * Chore: fix some tests to use sub property * Fix: fix some tests * Refactor: rename some variables, uncomment some stuff * Add segments type to bootstrap options * Add segments capability to offline feature evaluator * Fix function calls after turning params into an option abject * Feat: test strategy order, etc * Feat: add test to check that all strats are returned correctly * Feat: allow you to include strategy ids in clients * Wip: hook up segments in the offline client. Note: compared to regular clients, they still fail * Feat: add segments validation * Fix: fix test case invariant. * Chore: revert to returning only `boolean` from strategies. This _should_ make it work with custom strategies too 🤞 * Feat: make more properties of the returned feature required * Wip: add some comments and unfinished tests for edge cases * Feat: add `isEnabledInCurrentEnvironment` prop * Feat: consider more strategy failure cases * Feat: test that isenabledinenvironment matches expectations * Feat: add unknown strategies * Fix: fix property access typo * Feat: add unknown strategy for fallback purposes * Feat: test edge case: all unknown strategies * Feat: add custom strategy to arbitrary * Feat: test that features can be true, even if not enabled in env * Chore: add some comments * Wip: fix sdk tests * Remove comments, improve test logging * Feat: add descriptions and examples to playground feature schema * Switch `examples` for `example` * Update schemas with descriptions and examples * Fix: update snapshot * Fix: openapi example * Fix: merge issues * Fix: fix issue where feature evaluation state was wrong * Chore: update openapi spec * Fix: fix broken offline client tests * Refactor: move schemas into separate files * Refactor: remove "reason" for incomplete evaluation. The only instances where evaluation is incomplete is when we don't know what the strategy is. * Refactor: move unleash node client into test and dev dependencies * Wip: further removal of stuff * Chore: remove a bunch of code that we don't use * Chore: remove comment * Chore: remove unused code * Fix: fix some prettier errors * Type parameters in strategies to avoid `any` * Fix: remove commented out code * Feat: make `id` required on playground strategies * Chore: remove redundant type * Fix: remove redundant if and fix fallback evaluation * Refactor: reduce nesting and remove duplication * Fix: remove unused helper function * Refactor: type `parameters` as `unknown` * Chore: remove redundant comment * Refactor: move constraint code into a separate file * Refactor: rename `unleash` -> `feature-evaluator` * Rename class `Unleash` -> `FeatureEvaluator` * Refactor: remove this.ready and sync logic from feature evaluator * Refactor: remove unused code, rename config type * Refactor: remove event emission from the Unleash client * Remove unlistened-for events in feature evaluator * Refactor: make offline client synchronous; remove code * Fix: update openapi snapshot after adding required strategy ids * Feat: change `strategies` format. This commit changes the format of a playground feature's `strategies` properties from a list of strategies to an object with properties `result` and `data`. It looks a bit like this: ```ts type Strategies = { result: boolean | "unknown", data: Strategy[] } ``` The reason is that this allows us to avoid the breaking change that was previously suggested in the PR: `feature.isEnabled` used to be a straight boolean. Then, when we found out we couldn't necessarily evaluate all strategies (custom strats are hard!) we changed it to `boolean | 'unevaluated'`. However, this is confusing on a few levels as the playground results are no longer the same as the SDK would be, nor are they strictly boolean anymore. This change reverts the `isEnabled` functionality to what it was before (so it's always a mirror of what the SDK would show). The equivalent of `feature.isEnabled === 'unevaluated'` now becomes `feature.isEnabled && strategy.result === 'unknown'`. * Fix: Fold long string descriptions over multiple lines. * Fix: update snapshot after adding line breaks to descriptions
2022-08-04 15:41:52 +02:00
includeIds?: boolean,
): Promise<FeatureConfigurationClient[]> {
feat(#1873/playground): Return detailed information on feature toggle evaluation (#1839) * Feat: return reasons why a feature evaluated to true or false Note: this is very rough and just straight ripped from the nodejs client. It will need a lot of work, but is a good place to start * Feat: add suggested shape for new payload * Chore: minor cleanup * Wip: make server compile again * Remove unused schema ref * Export new schemas * Chore: fix some tests to use sub property * Fix: fix some tests * Refactor: rename some variables, uncomment some stuff * Add segments type to bootstrap options * Add segments capability to offline feature evaluator * Fix function calls after turning params into an option abject * Feat: test strategy order, etc * Feat: add test to check that all strats are returned correctly * Feat: allow you to include strategy ids in clients * Wip: hook up segments in the offline client. Note: compared to regular clients, they still fail * Feat: add segments validation * Fix: fix test case invariant. * Chore: revert to returning only `boolean` from strategies. This _should_ make it work with custom strategies too 🤞 * Feat: make more properties of the returned feature required * Wip: add some comments and unfinished tests for edge cases * Feat: add `isEnabledInCurrentEnvironment` prop * Feat: consider more strategy failure cases * Feat: test that isenabledinenvironment matches expectations * Feat: add unknown strategies * Fix: fix property access typo * Feat: add unknown strategy for fallback purposes * Feat: test edge case: all unknown strategies * Feat: add custom strategy to arbitrary * Feat: test that features can be true, even if not enabled in env * Chore: add some comments * Wip: fix sdk tests * Remove comments, improve test logging * Feat: add descriptions and examples to playground feature schema * Switch `examples` for `example` * Update schemas with descriptions and examples * Fix: update snapshot * Fix: openapi example * Fix: merge issues * Fix: fix issue where feature evaluation state was wrong * Chore: update openapi spec * Fix: fix broken offline client tests * Refactor: move schemas into separate files * Refactor: remove "reason" for incomplete evaluation. The only instances where evaluation is incomplete is when we don't know what the strategy is. * Refactor: move unleash node client into test and dev dependencies * Wip: further removal of stuff * Chore: remove a bunch of code that we don't use * Chore: remove comment * Chore: remove unused code * Fix: fix some prettier errors * Type parameters in strategies to avoid `any` * Fix: remove commented out code * Feat: make `id` required on playground strategies * Chore: remove redundant type * Fix: remove redundant if and fix fallback evaluation * Refactor: reduce nesting and remove duplication * Fix: remove unused helper function * Refactor: type `parameters` as `unknown` * Chore: remove redundant comment * Refactor: move constraint code into a separate file * Refactor: rename `unleash` -> `feature-evaluator` * Rename class `Unleash` -> `FeatureEvaluator` * Refactor: remove this.ready and sync logic from feature evaluator * Refactor: remove unused code, rename config type * Refactor: remove event emission from the Unleash client * Remove unlistened-for events in feature evaluator * Refactor: make offline client synchronous; remove code * Fix: update openapi snapshot after adding required strategy ids * Feat: change `strategies` format. This commit changes the format of a playground feature's `strategies` properties from a list of strategies to an object with properties `result` and `data`. It looks a bit like this: ```ts type Strategies = { result: boolean | "unknown", data: Strategy[] } ``` The reason is that this allows us to avoid the breaking change that was previously suggested in the PR: `feature.isEnabled` used to be a straight boolean. Then, when we found out we couldn't necessarily evaluate all strategies (custom strats are hard!) we changed it to `boolean | 'unevaluated'`. However, this is confusing on a few levels as the playground results are no longer the same as the SDK would be, nor are they strictly boolean anymore. This change reverts the `isEnabled` functionality to what it was before (so it's always a mirror of what the SDK would show). The equivalent of `feature.isEnabled === 'unevaluated'` now becomes `feature.isEnabled && strategy.result === 'unknown'`. * Fix: Fold long string descriptions over multiple lines. * Fix: update snapshot after adding line breaks to descriptions
2022-08-04 15:41:52 +02:00
return this.featureToggleClientStore.getClient(query, includeIds);
}
/**
*
* Warn: Legacy!
*
*
* Used to retrieve metadata of all feature toggles defined in Unleash.
* @param query - Allow you to limit search based on criteria such as project, tags, namePrefix. See @IFeatureToggleQuery
* @param archived - Return archived or active toggles
* @returns
*/
async getFeatureToggles(
query?: IFeatureToggleQuery,
2022-11-29 16:06:08 +01:00
userId?: number,
archived: boolean = false,
): Promise<FeatureToggle[]> {
2022-11-29 16:06:08 +01:00
return this.featureToggleClientStore.getAdmin({
featureQuery: query,
userId,
archived,
});
}
async getFeatureOverview(
2022-11-29 16:06:08 +01:00
params: IFeatureProjectUserParams,
): Promise<IFeatureOverview[]> {
2022-11-29 16:06:08 +01:00
return this.featureStrategiesStore.getFeatureOverview(params);
}
async getFeatureToggle(
featureName: string,
): Promise<FeatureToggleWithEnvironment> {
return this.featureStrategiesStore.getFeatureToggleWithEnvs(
2021-08-25 13:38:00 +02:00
featureName,
);
}
async createFeatureToggle(
projectId: string,
value: FeatureToggleDTO,
createdBy: string,
isValidated: boolean = false,
): Promise<FeatureToggle> {
this.logger.info(`${createdBy} creates feature toggle ${value.name}`);
await this.validateName(value.name);
const exists = await this.projectStore.hasProject(projectId);
if (exists) {
let featureData;
if (isValidated) {
featureData = value;
} else {
featureData = await featureMetadataSchema.validateAsync(value);
}
const featureName = featureData.name;
const createdToggle = await this.featureToggleStore.create(
projectId,
featureData,
);
await this.featureEnvironmentStore.connectFeatureToEnvironmentsForProject(
featureName,
projectId,
);
if (value.variants && value.variants.length > 0) {
const environments =
await this.featureEnvironmentStore.getEnvironmentsForFeature(
featureName,
);
environments.forEach(async (featureEnv) => {
await this.featureEnvironmentStore.addVariantsToFeatureEnvironment(
featureName,
featureEnv.environment,
value.variants,
);
});
}
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureCreatedEvent({
featureName,
createdBy,
project: projectId,
data: createdToggle,
tags,
}),
);
return createdToggle;
}
throw new NotFoundError(`Project with id ${projectId} does not exist`);
}
2021-10-08 09:37:27 +02:00
async cloneFeatureToggle(
featureName: string,
projectId: string,
newFeatureName: string,
replaceGroupId: boolean = true, // eslint-disable-line
2021-10-08 09:37:27 +02:00
userName: string,
): Promise<FeatureToggle> {
this.logger.info(
`${userName} clones feature toggle ${featureName} to ${newFeatureName}`,
);
await this.validateName(newFeatureName);
const cToggle =
await this.featureStrategiesStore.getFeatureToggleWithVariantEnvs(
2021-10-08 09:37:27 +02:00
featureName,
);
const newToggle = {
...cToggle,
name: newFeatureName,
variants: undefined,
};
2021-10-08 09:37:27 +02:00
const created = await this.createFeatureToggle(
projectId,
newToggle,
userName,
);
const variantTasks = newToggle.environments.map((e) => {
return this.featureEnvironmentStore.addVariantsToFeatureEnvironment(
newToggle.name,
e.name,
e.variants,
);
});
const strategyTasks = newToggle.environments.flatMap((e) =>
e.strategies.map((s) => {
2021-10-08 09:37:27 +02:00
if (replaceGroupId && s.parameters.hasOwnProperty('groupId')) {
s.parameters.groupId = newFeatureName;
}
const context = {
projectId,
featureName: newFeatureName,
environment: e.name,
};
return this.createStrategy(s, context, userName);
2021-10-08 09:37:27 +02:00
}),
);
await Promise.all([...strategyTasks, ...variantTasks]);
2021-10-08 09:37:27 +02:00
return created;
}
async updateFeatureToggle(
projectId: string,
updatedFeature: FeatureToggleDTO,
userName: string,
featureName: string,
): Promise<FeatureToggle> {
await this.validateFeatureContext({ featureName, projectId });
this.logger.info(`${userName} updates feature toggle ${featureName}`);
const featureData = await featureMetadataSchema.validateAsync(
updatedFeature,
);
const preData = await this.featureToggleStore.get(featureName);
const featureToggle = await this.featureToggleStore.update(projectId, {
...featureData,
name: featureName,
});
const tags = await this.tagStore.getAllTagsForFeature(featureName);
2021-08-26 13:59:11 +02:00
await this.eventStore.store(
new FeatureMetadataUpdateEvent({
createdBy: userName,
data: featureToggle,
preData,
featureName,
project: projectId,
tags,
}),
);
return featureToggle;
}
async getFeatureCountForProject(projectId: string): Promise<number> {
return this.featureToggleStore.count({
archived: false,
project: projectId,
});
}
async removeAllStrategiesForEnv(
toggleName: string,
environment: string = DEFAULT_ENV,
): Promise<void> {
await this.featureStrategiesStore.removeAllStrategiesForFeatureEnv(
toggleName,
environment,
);
}
async getStrategy(strategyId: string): Promise<Saved<IStrategyConfig>> {
const strategy = await this.featureStrategiesStore.getStrategyById(
strategyId,
);
const segments = await this.segmentService.getByStrategy(strategyId);
let result: Saved<IStrategyConfig> = {
id: strategy.id,
name: strategy.strategyName,
constraints: strategy.constraints || [],
parameters: strategy.parameters,
segments: [],
};
if (segments && segments.length > 0) {
result = {
...result,
segments: segments.map((segment) => segment.id),
};
}
return result;
}
async getEnvironmentInfo(
project: string,
environment: string,
featureName: string,
): Promise<IFeatureEnvironmentInfo> {
2021-08-25 13:38:00 +02:00
const envMetadata =
await this.featureEnvironmentStore.getEnvironmentMetaData(
environment,
featureName,
);
const strategies =
await this.featureStrategiesStore.getStrategiesForFeatureEnv(
2021-08-25 13:38:00 +02:00
project,
featureName,
environment,
);
return {
name: featureName,
environment,
enabled: envMetadata.enabled,
strategies,
};
}
// todo: store events for this change.
async deleteEnvironment(
projectId: string,
environment: string,
): Promise<void> {
await this.featureStrategiesStore.deleteConfigurationsForProjectAndEnvironment(
projectId,
environment,
);
2021-08-25 13:38:00 +02:00
await this.projectStore.deleteEnvironmentForProject(
projectId,
environment,
);
}
/** Validations */
async validateName(name: string): Promise<string> {
await nameSchema.validateAsync({ name });
await this.validateUniqueFeatureName(name);
return name;
}
async validateUniqueFeatureName(name: string): Promise<void> {
let msg: string;
try {
const feature = await this.featureToggleStore.get(name);
msg = feature.archived
? 'An archived toggle with that name already exists'
: 'A toggle with that name already exists';
} catch (error) {
return;
}
throw new NameExistsError(msg);
}
async hasFeature(name: string): Promise<boolean> {
return this.featureToggleStore.exists(name);
}
async updateStale(
featureName: string,
isStale: boolean,
createdBy: string,
): Promise<any> {
const feature = await this.featureToggleStore.get(featureName);
const { project } = feature;
feature.stale = isStale;
await this.featureToggleStore.update(project, feature);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureStaleEvent({
stale: isStale,
project,
featureName,
createdBy,
tags,
}),
);
return feature;
}
Fix: validate that the project is correct when getting feature by project (#2344) ## What This PR fixes a bug where fetching a feature toggle via the `/api/admin/projects/:projectId/features/:featureName` endpoint doesn't validate that the feature belongs to the provided project. The same thing applies to the archive functionality. This has also been fixed. In doing so, it also adds corresponding tests to check for edge cases, updates the 403 error response we use to provide clearer steps for the user, and adds more error responses to the OpenAPI documentation. ## Why As mentioned in #2337, it's unexpected that the provided project shouldn't matter at all, and after discussions internally, it was also discovered that this was never intended to be the case. ## Discussion points It might be worth rethinking this for Unleash v5. Why does the features API need the projects part at all when features are unique across the entire instance? Would it be worth reverting to a simpler feature API later or would that introduce issues with regards to how different projects can have different active environments and so on? ### Further improvements I have _not_ provided schemas for the error responses for the endpoints at this time. I considered it, but because it would introduce new schema code, more tests, etc, I decided to leave it for later. There's a thorough OpenAPI walkthrough coming up, so I think it makes sense to do it as part of that work instead. I am happy to be challenged on this, however, and will implement it if you think it's better. ### Why 403 when the project is wrong? We could also have used the 404 status code for when the feature exists but doesn't belong to this project, but this would require more (and more complex) code. We also already use 403 for cases like this for post, patch, and put. Finally, the [HTTP spec's section on the 403 status code](https://httpwg.org/specs/rfc9110.html#status.403) says the following (emphasis mine): > The 403 (Forbidden) status code indicates that the server **_understood the request but refuses to fulfill it_**. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any). > > If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, **_a request might be forbidden for reasons unrelated to the credentials_**. As such, I think using 403 makes sense in this case. --- Closes #2337.
2022-11-08 13:34:01 +01:00
async archiveToggle(
featureName: string,
createdBy: string,
projectId?: string,
): Promise<void> {
const feature = await this.featureToggleStore.get(featureName);
Fix: validate that the project is correct when getting feature by project (#2344) ## What This PR fixes a bug where fetching a feature toggle via the `/api/admin/projects/:projectId/features/:featureName` endpoint doesn't validate that the feature belongs to the provided project. The same thing applies to the archive functionality. This has also been fixed. In doing so, it also adds corresponding tests to check for edge cases, updates the 403 error response we use to provide clearer steps for the user, and adds more error responses to the OpenAPI documentation. ## Why As mentioned in #2337, it's unexpected that the provided project shouldn't matter at all, and after discussions internally, it was also discovered that this was never intended to be the case. ## Discussion points It might be worth rethinking this for Unleash v5. Why does the features API need the projects part at all when features are unique across the entire instance? Would it be worth reverting to a simpler feature API later or would that introduce issues with regards to how different projects can have different active environments and so on? ### Further improvements I have _not_ provided schemas for the error responses for the endpoints at this time. I considered it, but because it would introduce new schema code, more tests, etc, I decided to leave it for later. There's a thorough OpenAPI walkthrough coming up, so I think it makes sense to do it as part of that work instead. I am happy to be challenged on this, however, and will implement it if you think it's better. ### Why 403 when the project is wrong? We could also have used the 404 status code for when the feature exists but doesn't belong to this project, but this would require more (and more complex) code. We also already use 403 for cases like this for post, patch, and put. Finally, the [HTTP spec's section on the 403 status code](https://httpwg.org/specs/rfc9110.html#status.403) says the following (emphasis mine): > The 403 (Forbidden) status code indicates that the server **_understood the request but refuses to fulfill it_**. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any). > > If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, **_a request might be forbidden for reasons unrelated to the credentials_**. As such, I think using 403 makes sense in this case. --- Closes #2337.
2022-11-08 13:34:01 +01:00
if (projectId) {
await this.validateFeatureContext({ featureName, projectId });
}
await this.featureToggleStore.archive(featureName);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureArchivedEvent({
featureName,
createdBy,
project: feature.project,
tags,
}),
);
}
async updateEnabled(
project: string,
featureName: string,
environment: string,
enabled: boolean,
createdBy: string,
user?: User,
): Promise<FeatureToggle> {
await this.stopWhenChangeRequestsEnabled(project, environment);
return this.unprotectedUpdateEnabled(
project,
featureName,
environment,
enabled,
createdBy,
user,
);
}
async unprotectedUpdateEnabled(
project: string,
featureName: string,
environment: string,
enabled: boolean,
createdBy: string,
user?: User,
): Promise<FeatureToggle> {
2021-08-25 13:38:00 +02:00
const hasEnvironment =
await this.featureEnvironmentStore.featureHasEnvironment(
environment,
featureName,
);
2021-08-25 13:38:00 +02:00
if (hasEnvironment) {
if (enabled) {
const strategies = await this.getStrategiesForEnvironment(
project,
2021-08-25 13:38:00 +02:00
featureName,
environment,
2021-08-25 13:38:00 +02:00
);
if (strategies.length === 0) {
const canAddStrategies =
user &&
(await this.accessService.hasPermission(
user,
CREATE_FEATURE_STRATEGY,
project,
environment,
));
if (canAddStrategies) {
await this.unprotectedCreateStrategy(
getDefaultStrategy(featureName),
{
environment,
projectId: project,
featureName,
},
createdBy,
);
} else {
throw new NoAccessError(CREATE_FEATURE_STRATEGY);
}
}
}
const updatedEnvironmentStatus =
await this.featureEnvironmentStore.setEnvironmentEnabledStatus(
environment,
featureName,
enabled,
);
const feature = await this.featureToggleStore.get(featureName);
if (updatedEnvironmentStatus > 0) {
const tags = await this.tagStore.getAllTagsForFeature(
featureName,
);
await this.eventStore.store(
new FeatureEnvironmentEvent({
enabled,
project,
featureName,
environment,
createdBy,
tags,
}),
);
}
return feature;
}
throw new NotFoundError(
`Could not find environment ${environment} for feature: ${featureName}`,
);
}
// @deprecated
async storeFeatureUpdatedEventLegacy(
featureName: string,
createdBy: string,
): Promise<FeatureToggleLegacy> {
const tags = await this.tagStore.getAllTagsForFeature(featureName);
const feature = await this.getFeatureToggleLegacy(featureName);
// Legacy event. Will not be used from v4.3.
// We do not include 'preData' on purpose.
await this.eventStore.store({
type: FEATURE_UPDATED,
createdBy,
featureName,
data: feature,
tags,
project: feature.project,
});
return feature;
}
// @deprecated
async toggle(
projectId: string,
featureName: string,
environment: string,
userName: string,
): Promise<FeatureToggle> {
await this.featureToggleStore.get(featureName);
2021-08-25 13:38:00 +02:00
const isEnabled =
await this.featureEnvironmentStore.isEnvironmentEnabled(
featureName,
environment,
);
return this.updateEnabled(
projectId,
featureName,
environment,
!isEnabled,
userName,
);
}
// @deprecated
async getFeatureToggleLegacy(
featureName: string,
): Promise<FeatureToggleLegacy> {
const feature =
await this.featureStrategiesStore.getFeatureToggleWithEnvs(
featureName,
);
const { environments, ...legacyFeature } = feature;
const defaultEnv = environments.find((e) => e.name === DEFAULT_ENV);
const strategies = defaultEnv?.strategies || [];
const enabled = defaultEnv?.enabled || false;
return { ...legacyFeature, enabled, strategies };
2021-08-26 13:59:11 +02:00
}
2021-10-21 21:06:56 +02:00
async changeProject(
featureName: string,
2021-10-21 21:06:56 +02:00
newProject: string,
createdBy: string,
2021-10-21 21:06:56 +02:00
): Promise<void> {
const feature = await this.featureToggleStore.get(featureName);
2021-10-21 21:06:56 +02:00
const oldProject = feature.project;
feature.project = newProject;
await this.featureToggleStore.update(newProject, feature);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureChangeProjectEvent({
createdBy,
2021-10-21 21:06:56 +02:00
oldProject,
newProject,
featureName,
tags,
}),
);
}
async getArchivedFeatures(): Promise<FeatureToggle[]> {
2022-11-29 16:06:08 +01:00
return this.getFeatureToggles({}, undefined, true);
}
// TODO: add project id.
async deleteFeature(featureName: string, createdBy: string): Promise<void> {
const toggle = await this.featureToggleStore.get(featureName);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.featureToggleStore.delete(featureName);
await this.eventStore.store(
new FeatureDeletedEvent({
featureName,
project: toggle.project,
createdBy,
preData: toggle,
tags,
}),
);
}
// TODO: add project id.
async reviveToggle(featureName: string, createdBy: string): Promise<void> {
const toggle = await this.featureToggleStore.revive(featureName);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureRevivedEvent({
createdBy,
featureName,
project: toggle.project,
tags,
}),
2021-08-25 13:38:00 +02:00
);
}
2021-08-25 13:38:00 +02:00
async getMetadataForAllFeatures(
archived: boolean,
): Promise<FeatureToggle[]> {
return this.featureToggleStore.getAll({ archived });
}
async getMetadataForAllFeaturesByProjectId(
archived: boolean,
project: string,
): Promise<FeatureToggle[]> {
return this.featureToggleStore.getAll({ archived, project });
}
async getProjectId(name: string): Promise<string> {
return this.featureToggleStore.getProjectId(name);
}
async updateFeatureStrategyProject(
featureName: string,
newProjectId: string,
): Promise<void> {
await this.featureStrategiesStore.setProjectForStrategiesBelongingToFeature(
featureName,
newProjectId,
);
}
async updateVariants(
featureName: string,
project: string,
newVariants: Operation[],
createdBy: string,
): Promise<FeatureToggle> {
const oldVariants = await this.getVariants(featureName);
const { newDocument } = applyPatch(oldVariants, newVariants);
return this.saveVariants(featureName, project, newDocument, createdBy);
}
async updateVariantsOnEnv(
featureName: string,
project: string,
environment: string,
newVariants: Operation[],
createdBy: string,
): Promise<IVariant[]> {
const oldVariants = await this.getVariantsForEnv(
featureName,
environment,
);
const { newDocument } = await applyPatch(oldVariants, newVariants);
return this.saveVariantsOnEnv(
project,
featureName,
environment,
newDocument,
createdBy,
);
}
async saveVariants(
featureName: string,
project: string,
newVariants: IVariant[],
createdBy: string,
): Promise<FeatureToggle> {
await variantsArraySchema.validateAsync(newVariants);
const fixedVariants = this.fixVariantWeights(newVariants);
const oldVariants = await this.featureToggleStore.getVariants(
featureName,
);
const featureToggle = await this.featureToggleStore.saveVariants(
project,
featureName,
fixedVariants,
);
const tags = await this.tagStore.getAllTagsForFeature(featureName);
await this.eventStore.store(
new FeatureVariantEvent({
project,
featureName,
createdBy,
tags,
oldVariants,
Complete open api schemas for project features controller (#1563) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * Completed OpenAPI Schemas for ProjectFeatures Controller Completed OpenAPI Schemas for Feature Controller (tags) * bug fix * bug fix * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * fix merge conflicts, some refactoring * added emptyResponse, patch feature operation schemas and request * added emptyResponse, patch feature operation schemas and request * patch strategy * patch strategy * update strategy * update strategy * fix pr comment * fix pr comments * improvements * added operationId to schema for better generation * fix pr comment * fix pr comment * fix pr comment * improvements to generated and dynamic types * improvements to generated and dynamic types * improvements to generated and dynamic types * Update response types to use inferred types * Update addTag response status to 201 * refactor: move schema ref destructuring into createSchemaObject * made serialize date handle deep objects * made serialize date handle deep objects * add `name` to IFeatureStrategy nad fix tests * fix pr comments * fix pr comments * Add types to IAuthRequest * Sync StrategySchema for FE and BE - into the rabbit hole * Sync model with OAS spec * revert * revert * revert * revert * revert * mapper * revert * revert * revert * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * remove serialize-dates.ts * revert * revert * add mappers * add mappers * fix pr comments * ignore report.json * ignore report.json * Route permission required Co-authored-by: olav <mail@olav.io>
2022-05-18 15:17:09 +02:00
newVariants: featureToggle.variants as IVariant[],
}),
);
return featureToggle;
}
async saveVariantsOnEnv(
projectId: string,
featureName: string,
environment: string,
newVariants: IVariant[],
createdBy: string,
): Promise<IVariant[]> {
await variantsArraySchema.validateAsync(newVariants);
const fixedVariants = this.fixVariantWeights(newVariants);
const oldVariants = (
await this.featureEnvironmentStore.get({
featureName,
environment,
})
).variants;
await this.eventStore.store(
new EnvironmentVariantEvent({
featureName,
environment,
project: projectId,
createdBy,
oldVariants,
newVariants: fixedVariants,
}),
);
await this.featureEnvironmentStore.addVariantsToFeatureEnvironment(
featureName,
environment,
fixedVariants,
);
return fixedVariants;
}
fixVariantWeights(variants: IVariant[]): IVariant[] {
let variableVariants = variants.filter((x) => {
return x.weightType === WeightType.VARIABLE;
});
if (variants.length > 0 && variableVariants.length === 0) {
throw new BadDataError(
'There must be at least one "variable" variant',
);
}
let fixedVariants = variants.filter((x) => {
return x.weightType === WeightType.FIX;
});
let fixedWeights = fixedVariants.reduce((a, v) => a + v.weight, 0);
if (fixedWeights > 1000) {
throw new BadDataError(
'The traffic distribution total must equal 100%',
);
}
let averageWeight = Math.floor(
(1000 - fixedWeights) / variableVariants.length,
);
let remainder = (1000 - fixedWeights) % variableVariants.length;
variableVariants = variableVariants.map((x) => {
x.weight = averageWeight;
if (remainder > 0) {
x.weight += 1;
remainder--;
}
return x;
});
return variableVariants
.concat(fixedVariants)
.sort((a, b) => a.name.localeCompare(b.name));
}
private async stopWhenChangeRequestsEnabled(
project: string,
environment: string,
) {
if (
await this.accessService.isChangeRequestsEnabled(
project,
environment,
)
) {
throw new Error(
`Change requests are enabled in project "${project}" for environment "${environment}"`,
);
}
}
}
export default FeatureToggleService;