chore!: remove deprecated POST ui-config endpoint (#10027)

https://linear.app/unleash/issue/2-3472/remove-post-apiadminui-config-deprecated-in-690

Removes POST `/api/admin/ui-config` which was deprecated in v6.9.
Also cleans up related code.

src/lib/features/frontend-api/frontend-api-service.ts

@@ -215,22 +215,6 @@ export class FrontendApiService {
         }
     }
 
-    async setFrontendSettings(
-        value: FrontendSettings,
-        auditUser: IAuditUser,
-    ): Promise<void> {
-        const error = validateOrigins(value.frontendApiOrigins);
-        if (error) {
-            throw new BadDataError(error);
-        }
-        await this.services.settingService.insert(
-            frontendSettingsKey,
-            value,
-            auditUser,
-            false,
-        );
-    }
-
     async setFrontendCorsSettings(
         value: FrontendSettings['frontendApiOrigins'],
         auditUser: IAuditUser,

src/lib/middleware/cors-origin-middleware.test.ts

@@ -2,7 +2,6 @@ import { resolveOrigin } from './cors-origin-middleware.js';
 import FakeSettingStore from '../../test/fixtures/fake-setting-store.js';
 import { createTestConfig } from '../../test/config/test-config.js';
 import FakeEventStore from '../../test/fixtures/fake-event-store.js';
-import { randomId } from '../util/random-id.js';
 import FakeProjectStore from '../../test/fixtures/fake-project-store.js';
 import {
     FrontendApiService,
@@ -56,32 +55,21 @@ test('resolveOrigin', () => {
 
 test('corsOriginMiddleware origin validation', async () => {
     const { frontendApiService } = createSettingService([]);
-    const userName = randomId();
     await expect(() =>
-        frontendApiService.setFrontendSettings(
+        frontendApiService.setFrontendCorsSettings(['a'], TEST_AUDIT_USER),
-            { frontendApiOrigins: ['a'] },
-            TEST_AUDIT_USER,
-        ),
     ).rejects.toThrow('Invalid origin: a');
 });
 
 test('corsOriginMiddleware without config', async () => {
     const { frontendApiService, settingStore } = createSettingService([]);
-    const userName = randomId();
     expect(await frontendApiService.getFrontendSettings(false)).toEqual({
         frontendApiOrigins: [],
     });
-    await frontendApiService.setFrontendSettings(
+    await frontendApiService.setFrontendCorsSettings([], TEST_AUDIT_USER);
-        { frontendApiOrigins: [] },
-        TEST_AUDIT_USER,
-    );
     expect(await frontendApiService.getFrontendSettings(false)).toEqual({
         frontendApiOrigins: [],
     });
-    await frontendApiService.setFrontendSettings(
+    await frontendApiService.setFrontendCorsSettings(['*'], TEST_AUDIT_USER);
-        { frontendApiOrigins: ['*'] },
-        TEST_AUDIT_USER,
-    );
     expect(await frontendApiService.getFrontendSettings(false)).toEqual({
         frontendApiOrigins: ['*'],
     });
@@ -93,19 +81,15 @@ test('corsOriginMiddleware without config', async () => {
 
 test('corsOriginMiddleware with config', async () => {
     const { frontendApiService, settingStore } = createSettingService(['*']);
-    const userName = randomId();
     expect(await frontendApiService.getFrontendSettings(false)).toEqual({
         frontendApiOrigins: ['*'],
     });
-    await frontendApiService.setFrontendSettings(
+    await frontendApiService.setFrontendCorsSettings([], TEST_AUDIT_USER);
-        { frontendApiOrigins: [] },
-        TEST_AUDIT_USER,
-    );
     expect(await frontendApiService.getFrontendSettings(false)).toEqual({
         frontendApiOrigins: [],
     });
-    await frontendApiService.setFrontendSettings(
+    await frontendApiService.setFrontendCorsSettings(
-        { frontendApiOrigins: ['https://example.com', 'https://example.org'] },
+        ['https://example.com', 'https://example.org'],
         TEST_AUDIT_USER,
     );
     expect(await frontendApiService.getFrontendSettings(false)).toEqual({
@@ -120,16 +104,12 @@ test('corsOriginMiddleware with config', async () => {
 test('corsOriginMiddleware with caching enabled', async () => {
     const { frontendApiService } = createSettingService([]);
 
-    const userName = randomId();
     expect(await frontendApiService.getFrontendSettings()).toEqual({
         frontendApiOrigins: [],
     });
 
     //setting
-    await frontendApiService.setFrontendSettings(
+    await frontendApiService.setFrontendCorsSettings(['*'], TEST_AUDIT_USER);
-        { frontendApiOrigins: ['*'] },
-        TEST_AUDIT_USER,
-    );
 
     //still get cached value
     expect(await frontendApiService.getFrontendSettings()).toEqual({

src/lib/openapi/spec/index.ts

@@ -184,7 +184,6 @@ export * from './segment-strategies-schema.js';
 export * from './segments-schema.js';
 export * from './set-cors-schema.js';
 export * from './set-strategy-sort-order-schema.js';
-export * from './set-ui-config-schema.js';
 export * from './sort-order-schema.js';
 export * from './splash-request-schema.js';
 export * from './splash-response-schema.js';

src/lib/openapi/spec/set-ui-config-schema.ts

@@ -1,28 +0,0 @@
-import type { FromSchema } from 'json-schema-to-ts';
-
-export const setUiConfigSchema = {
-    $id: '#/components/schemas/setUiConfigSchema',
-    type: 'object',
-    additionalProperties: false,
-    description: 'Unleash configuration settings affect the admin UI.',
-    properties: {
-        frontendSettings: {
-            type: 'object',
-            description: 'Settings related to the front-end API.',
-            additionalProperties: false,
-            required: ['frontendApiOrigins'],
-            properties: {
-                frontendApiOrigins: {
-                    description:
-                        'The list of origins that the front-end API should accept requests from.',
-                    example: ['*'],
-                    type: 'array',
-                    items: { type: 'string' },
-                },
-            },
-        },
-    },
-    components: {},
-} as const;
-
-export type SetUiConfigSchema = FromSchema<typeof setUiConfigSchema>;

src/lib/routes/admin-api/config.ts

@@ -21,7 +21,6 @@ import type { EmailService } from '../../services/email-service.js';
 import { emptyResponse } from '../../openapi/util/standard-responses.js';
 import type { IAuthRequest } from '../unleash-types.js';
 import NotFoundError from '../../error/notfound-error.js';
-import type { SetUiConfigSchema } from '../../openapi/spec/set-ui-config-schema.js';
 import type { SetCorsSchema } from '../../openapi/spec/set-cors-schema.js';
 import { createRequestSchema } from '../../openapi/util/create-request-schema.js';
 import type {
@@ -103,25 +102,6 @@ class ConfigController extends Controller {
             ],
         });
 
-        this.route({
-            method: 'post',
-            path: '',
-            handler: this.setUiConfig,
-            permission: ADMIN,
-            middleware: [
-                openApiService.validPath({
-                    tags: ['Admin UI'],
-                    summary: 'Set UI configuration',
-                    description:
-                        'Deprecated. Use `./cors` instead. Sets the UI configuration for this Unleash instance.',
-                    operationId: 'setUiConfig',
-                    requestBody: createRequestSchema('setUiConfigSchema'),
-                    responses: { 200: emptyResponse },
-                    deprecated: true,
-                }),
-            ],
-        });
-
         this.route({
             method: 'post',
             path: '/cors',
@@ -210,22 +190,6 @@ class ConfigController extends Controller {
         );
     }
 
-    async setUiConfig(
-        req: IAuthRequest<void, void, SetUiConfigSchema>,
-        res: Response<string>,
-    ): Promise<void> {
-        if (req.body.frontendSettings) {
-            await this.frontendApiService.setFrontendSettings(
-                req.body.frontendSettings,
-                req.audit,
-            );
-            res.sendStatus(204);
-            return;
-        }
-
-        throw new NotFoundError();
-    }
-
     async setCors(
         req: IAuthRequest<void, void, SetCorsSchema>,
         res: Response<string>,

src/test/e2e/api/admin/config.e2e.test.ts

@@ -58,8 +58,8 @@ test('gets ui config with disablePasswordAuth', async () => {
 
 test('gets ui config with frontendSettings', async () => {
     const frontendApiOrigins = ['https://example.net'];
-    await app.services.frontendApiService.setFrontendSettings(
+    await app.services.frontendApiService.setFrontendCorsSettings(
-        { frontendApiOrigins },
+        frontendApiOrigins,
         TEST_AUDIT_USER,
     );
     await app.request
@@ -71,35 +71,6 @@ test('gets ui config with frontendSettings', async () => {
         );
 });
 
-test('sets ui config with frontendSettings', async () => {
-    const frontendApiOrigins = ['https://example.org'];
-    await app.request
-        .get('/api/admin/ui-config')
-        .expect('Content-Type', /json/)
-        .expect(200)
-        .expect((res) => expect(res.body.frontendApiOrigins).toEqual(['*']));
-    await app.request
-        .post('/api/admin/ui-config')
-        .send({ frontendSettings: { frontendApiOrigins: [] } })
-        .expect(204);
-    await app.request
-        .get('/api/admin/ui-config')
-        .expect('Content-Type', /json/)
-        .expect(200)
-        .expect((res) => expect(res.body.frontendApiOrigins).toEqual([]));
-    await app.request
-        .post('/api/admin/ui-config')
-        .send({ frontendSettings: { frontendApiOrigins } })
-        .expect(204);
-    await app.request
-        .get('/api/admin/ui-config')
-        .expect('Content-Type', /json/)
-        .expect(200)
-        .expect((res) =>
-            expect(res.body.frontendApiOrigins).toEqual(frontendApiOrigins),
-        );
-});
-
 describe('maxSessionsCount', () => {
     beforeEach(async () => {
         // prevent memoization of session count

website/docs/using-unleash/troubleshooting/cors.md

@@ -2,5 +2,5 @@
 title: My requests are being blocked by CORS
 ---
 
-1. Make sure you've configured CORS access in Unleash admin UI settings as defined in the [Unleash CORS Policy docs](/reference/front-end-api#configure-cross-origin-resource-sharing-cors). These settings can be changed in the Unleash Dashboard under **Settings -> CORS Origins** or by using the [API](/reference/api/unleash/set-ui-config). Allowing all origins (using a single asterisk) will address this matter and is a great starting point when troubleshooting the behavior.
+1. Make sure you've configured CORS access in Unleash admin UI settings as defined in the [Unleash CORS Policy docs](/reference/front-end-api#configure-cross-origin-resource-sharing-cors). These settings can be changed in the Unleash Dashboard under **Settings -> CORS Origins** or by using the [API](/reference/api/unleash/set-cors). Allowing all origins (using a single asterisk) will address this matter and is a great starting point when troubleshooting the behavior.
 1. When receiving "**No 'Access-Control-Policy' header is present on the requested resource**", using the command `curl -I https://<host>/<endpoint>` will allow us to verify that the response includes the header `Access-Control-Allow-Origin: *`.