1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
Commit Graph

71 Commits

Author SHA1 Message Date
Mateusz Kwasniewski
6b9a242be5
upload limit and import ui tweaks (#2998) 2023-01-26 12:36:45 +01:00
Nuno Góis
7d73d772df
feat: add the account abstraction logic (#2918)
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept

Builds on top of https://github.com/Unleash/unleash/pull/2917 by moving
the responsibility of handling both account types from `users` to
`accounts`.

Ideally:
 - `users` - Should only handle users;
 - `service-accounts` - Should only handle service accounts;
 - `accounts` - Should handle any type of account;

This should hopefully also provide a good building block in case we
later decide to refactor this further down the `accounts` path.
2023-01-18 16:08:07 +00:00
Gastón Fournier
ce815e5f29
feat: report app names only if below a threshold (#2737)
## About the changes
Introduce a snapshot version of instanceStats inside
instance-stats-service to provide a cached state of the statistics
without compromising the DB.

### Important notes
Some rule-of-thumb applied in the PR that can be changed:
1. The snapshot refresh time
2. The threshold to report appName with the metrics

## Discussion points
1. The snapshot could be limited to just the information needed (things
like `hasOIDC` don't change until there's a restart), to optimize the memory usage
3. metrics.ts (used to expose Prometheus metrics) has a [refresh
interval of
2hs](2d16730cc2/src/lib/metrics.ts (L189-L195)),
but with this implementation, we could remove that background task and
rely on the snapshot
4. We could additionally update the snapshot every time someone queries
the DB to fetch stats (`getStats()` method), but it may increase
complexity without a significant benefit

Co-authored-by: Mateusz Kwasniewski <kwasniewski.mateusz@gmail.com>
Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
2023-01-12 11:26:59 +01:00
Gastón Fournier
fa47fee55e
feat: RBAC read params from body (#2846)
## About the changes
This is a follow-up on #1953

This implementation generalizes how we fetch some standard parameters
from the query parameters or request body.

## Discussion points
Unfortunately, we have not used standard names for our APIs and one
example is our `projectId` (in some cases we just used `project`).
Ideally, we're only using one way of sending these parameters either
`projectId` or `project` (same applies to `environment` vs
`environmentId`).

If both parameters are present, due to historical reasons, we'll give
precedence to:
- `projectId` over `project`
- `environment` over `environmentId` 

In the presence of both query parameters and body, we'll give precedence
to query parameters also for historical reasons.
2023-01-11 10:48:27 +01:00
sjaanus
a0619e963d
Maintenance mode for users (#2716) 2022-12-21 13:23:44 +02:00
sjaanus
2d5455d203
Maintenance mode middleware (#2707) 2022-12-19 09:01:04 +02:00
Nuno Góis
a3ac96f763
Feat network overview (#2708)
https://linear.app/unleash/issue/2-512/exploration-network-overview-represented-as-a-flow-chart

<img width="1307" alt="image"
src="https://user-images.githubusercontent.com/14320932/208110067-294a0b91-d52e-49d1-9024-fa5e8530e2d8.png">
2022-12-16 14:12:36 +00:00
Ivar Conradi Østhus
09c87c755f
Fix/remove settings cache (#2694)
In this PR we remove the general SettingService cache, as it will not
work across multiple horizontal unleash instances, events are not
published across.

We also fix the CORS origin to: 
- Access-Control-Allow-Origin set to "*" if no Origin is configured
- Access-Control-Allow-Origin set to "*" if any Origin is configured to
"*"
- - Access-Control-Allow-Origin set to array and have the "cors"
middleware to return an exact match on the user provided Origin.

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-12-14 17:35:22 +01:00
Ivar Conradi Østhus
4a3d26065f
Fix/cors expose ETag (#2594)
This commit fixes two issues with the frontend API

1. fix: update cors max age to match chromium defaults
https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/cors/preflight_result.cc;drc=49e7c0b4886cac1f3d09dc046bd528c9c811a0fa;l=31
2: fix: expose ETage for cross-origin requests
2022-12-05 10:04:35 +01:00
Nuno Góis
7ce38ffe89
feat: update seen_at pat column (#2516)
https://linear.app/unleash/issue/2-451/update-last-seen-column-for-pats
2022-11-30 08:10:31 +02:00
Fredrik Strand Oseberg
5d52216d53
fix: adds cors caching (#2522)
* This PR adds a configurable maxAge header to the CORS middleware. This
allows the preflight request to be cached so that we can reduce the
request load on our end for the frontend clients starting to utilise the
frontend api.
2022-11-24 16:14:47 +01:00
andreas-unleash
726ede5cbe
Define exports for enterprise (#2435)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->
This PR sets up exports so that we can import in enterprise with just
"unleash-server".
This will free us to refactor unleash internals without breaking
enterprise

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

<!-- Does it close an issue? Multiple? -->
Closes #

<!-- (For internal contributors): Does it relate to an issue on public
roadmap? -->
<!--
Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#
-->

### Important files
<!-- PRs can contain a lot of changes, but not all changes are equally
important. Where should a reviewer start looking to get an overview of
the changes? Are any files particularly important? -->


## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->
2022-11-17 13:02:40 +02:00
Ivar Conradi Østhus
1312579bf6
fix: upgrade @types/node to v16.18.3 (#2365)
This pr upgrade @types/node to v16.18.3.
This also detected some inconsitent retrun types that I decided to fix.
2022-11-10 08:20:15 +01:00
Nuno Góis
07821174a5
refactor: remove PAT experimental flag (#2299) 2022-10-31 09:38:30 +00:00
Fredrik Strand Oseberg
929f824a3a
fix: refactor conditional middleware (#2261)
* fix: refactor conditional middleware

* fix: update tests

* test: update snapshot to hide things behing flag from openapi

Co-authored-by: kwasniew <kwasniewski.mateusz@gmail.com>
2022-10-26 13:00:49 +02:00
Fredrik Strand Oseberg
b341018b1d
fix: CORS options path (#2165)
* fix: path

* fix: path typo
2022-10-11 09:20:29 +02:00
Ivar Conradi Østhus
5141e77bce
fix: add appName to http response time metrics (#2117) 2022-09-30 15:28:50 +02:00
sjaanus
d5f621f3b2
Add test for api-token-middleware to not make database call when using PAT (#2110)
* Middleware first version

* Middleware tests

* Add tests

* Finish middleware tests

* Add type for request

* Add flagresolver

* Fix snapshot

* Update flags and tests

* Put it back as default

* Update snapshot

* Add middleware test
2022-09-29 08:53:29 +03:00
sjaanus
d79ace57ec
Personal access token middleware (#2069)
* Middleware first version

* Middleware tests

* Add tests

* Finish middleware tests

* Add type for request

* Add flagresolver

* Fix snapshot

* Update flags and tests

* Put it back as default

* Update snapshot
2022-09-28 16:53:56 +03:00
Fredrik Strand Oseberg
85b45b9965
Feat/unleash flags embedded proxy (#1974)
* feat: use unleash flags for embedded proxy

* feat: add a separate flag for the proxy frontend

* fix: setup unleash in dev

* fix: check flagResolver on each request

* fix: remove unleash client setup

* refactor: update frontend routes snapshot

* refactor: make batchMetrics flag dynamic

* fix: always check dynamic CORS origins config

* fix: make conditionalMiddleware work with the OpenAPI schema generation

Co-authored-by: olav <mail@olav.io>
2022-08-26 15:16:29 +02:00
Fredrik Strand Oseberg
1821bb881a
fix: proxy api check (#1965)
* fix: proxy api check

* fix: add await

* fix: revert async setup for prehook

* fix: stricter endpoint checks
2022-08-26 11:44:12 +02:00
olav
42d64c8803
feat: add CORS instance settings (#1957)
* feat: add CORS instance settings

* refactor: disallow arbitrary asterisks in CORS origins
2022-08-26 09:09:48 +02:00
Ivar Conradi Østhus
f3e8f723a2
Feat/exp flag loader (#1961)
* fix: remove unused exp flag

* fix: remove unused flag

* fix: add support for external flag resolver

* fix: rename flagsresolver to flagresolver

* fix: disable external flag resolver

* fix: refactor a bit

* fix: stop using unleash in server-dev

* fix: remove userGroups flag

* fix: revert bumping frontend
2022-08-26 08:22:42 +02:00
olav
0d293929f5
feat: add CORS support to the proxy endpoints (#1936)
* feat: add CORS support to the proxy endpoints

* refactor: remove unused development mode CORS support
2022-08-19 08:09:44 +02:00
Tymoteusz Czech
3266e9c22a
Refactor: rename frontend api key (#1935)
* refactor: rename frontend api key

* fix: api token schema tests
2022-08-18 08:20:51 +00:00
olav
e8d542af0f
feat: embed proxy endpoints (#1926)
* refactor: remove unused API definition routes

* feat: add support for proxy keys

* feat: support listening for any event

* feat: embed proxy endpoints

* refactor: add an experimental flag for the embedded proxy
2022-08-16 15:33:33 +02:00
Christopher Kolstad
482754e9f5
fix: Remove unneeded ts-expect-error now that types in knex are in sync (#1866)
* fix: Remove unneeded ts-expect-error now that types in knex are in sync
2022-07-28 10:34:19 +02:00
olav
e6b49e4bce
refactor: improve token type error message (#1709) 2022-06-17 09:00:13 +02:00
olav
ee35c7ad74
refactor: replace ts-ignore with ts-expect-error (#1675)
* refactor: replace ts-ignore with ts-expect-error

* refactor: remove unused ts-expect-errors
2022-06-07 11:49:17 +02:00
Ivar Conradi Østhus
3359dd204d
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00
Christopher Kolstad
606270d86a
feat: Allow extra CSP domains (#1610)
* feat: Allow extra CSP domains

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>

* fix: eslint:

* fix: allow partial csp domains

* fix: add option and config type

* fix: snapshot

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-05-31 11:32:15 +02:00
renovate[bot]
f52f1cadac
chore(deps): update dependency eslint-config-airbnb-typescript to v16.1.0 (#1147)
* chore(deps): update dependency eslint-config-airbnb-typescript to v16.1.0

* chore: Update a few places with eslint-ignore due to new linter rules for optional parameters

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: sighphyre <liquidwicked64@gmail.com>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-04-25 13:14:43 +02:00
Christopher Kolstad
fc4d95ff5b
fix: configure user endpoint when AuthType is NONE (#1403)
Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-03-01 10:52:22 +01:00
Ivar Conradi Østhus
e5035f96e1
fix: rbac should pick up projectId from path if available 2022-02-01 22:58:52 +01:00
Ivar Conradi Østhus
367b31185b
fix: allow charset in content-type (#1241) 2022-01-20 15:00:16 +01:00
sighphyre
0c78980502
feat: custom project roles (#1220)
* wip: environment for permissions

* fix: add migration for roles

* fix: connect environment with access service

* feat: add tests

* chore: Implement scaffolding for new rbac

* fix: add fake store

* feat: Add api endpoints for roles and permissions list

* feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure

* fix: Make project roles resolve correctly against new environments permissions structure

* fix: Patch migration to also populate permission names

* fix: Make permissions actually work with new environments

* fix: Add back to get permissions working for editor role

* fix: Removed ability to set role type through api during creation - it's now always custom

* feat: Return permissions on get role endpoint

* feat: Add in support for updating roles

* fix: Get a bunch of tests working and delete a few that make no sense anymore

* chore: A few small cleanups - remove logging and restore default on dev server config

* chore: Refactor role/access stores into more logical domains

* feat: Add in validation for roles

* feat: Patch db migration to handle old stucture

* fix: migration for project roles

* fix: patch a few broken tests

* fix: add permissions to editor

* fix: update test name

* fix: update user permission mapping

* fix: create new user

* fix: update root role test

* fix: update tests

* feat: Validation now works when updating a role

* fix: Add in very barebones down migration for rbac so that tests work

* fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error

* fix: remove unused permissions

* fix: add test for connecting roles and deleting project

* fix: add test for adding a project member with a custom role

* fix: add test for changing user role

* fix: add guard for deleting role if the role is in use

* fix: alter migration

* chore: Minor code cleanups

* chore: Small code cleanups

* chore: More minor cleanups of code

* chore: Trim some dead code to make the linter happy

* feat: Schema validation for roles

* fix: setup permission for variant

* fix: remove unused import

* feat: Add cascading delete for role_permissions when deleting a role

* feat: add configuration option for disabling legacy api

* chore: update frontend to beta version

* 4.6.0-beta.0

* fix: export default project constant

* fix: update snapshot

* fix: module pattern ../../lib

* fix: move DEFAULT_PROJECT to types

* fix: remove debug logging

* fix: remove debug log state

* fix: Change permission descriptions

* fix: roles should have unique name

* fix: root roles should be connected to the default project

* fix: typo in role-schema.ts

* fix: Role permission empty string for non environment type

* feat: new permission for moving project

* fix: add event for changeProject

* fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner

* fix: add tests for move project

* fix: Add in missing create/delete tag permissions

* fix: Removed duplicate impl caused by multiple good samaritans putting it back in!

* fix: Trim out add tag permissions, for now at least

* chore: Trim out new add and delete tag permissions - we're going with update feature instead

* chore: update frontend

* 4.6.0-beta.1

* feat: Prevent editing of built in roles

* fix: Patch an issue where permissions for variants/environments didn't match the front end

* fix: lint

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-01-13 11:14:17 +01:00
Ivar Conradi Østhus
4a5b332567
fix: make sure our CSP allow gravatar.com for images 2022-01-12 23:22:04 +01:00
Ivar Conradi Østhus
73685c771a
fix: allow static assets from cdn.getunleash.io 2022-01-06 21:08:16 +01:00
Ivar Conradi Østhus
26b7da8b5c
feat: add support for cdnPrefix for static assets (#1191) 2022-01-06 10:31:00 +01:00
Ivar Conradi Østhus
4a9939ccb1 feat: remove old metrics service 2021-12-10 09:31:54 +01:00
Ivar Conradi Østhus
053956b45e
fix/projectId cannot change for strategy configs (#1084) 2021-11-04 21:24:55 +01:00
Martin Lehmann
b47e228181
fix: be explicit when specifying time & replace moment with date-fns (#1072) 2021-11-02 15:13:46 +01:00
Ivar Conradi Østhus
9e73ed8f47
chore: remvoe console.error for tests expecting error 2021-10-29 09:25:47 +02:00
Ivar Conradi Østhus
131eeeaa78
fix: demo-auth should use /auth path 2021-10-26 23:04:44 +02:00
Christopher Kolstad
62b121285c
Create a apiuser for demo auth. (#1045)
- If api token middleware is disabled, still allow calls to /api/client with a
  populated fake api user with client access.
2021-10-20 13:16:07 +02:00
Christopher Kolstad
28d0238732
add try-catch to demo auth middleware (#1044)
- Since we validate email used in auth the route function needs to
  handle the possibility that userService.loginUserWithoutPassword can
  throw.
2021-10-19 14:24:23 +02:00
Christopher Kolstad
132e801836
Add UPDATE and DELETE TAG_TYPE permissions (#951) 2021-09-24 09:01:15 +02:00
Ivar Conradi Østhus
c4b697b57d
Feat/api key scoping (#941)
Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
Ivar Conradi Østhus
2bcdb5ec31
fix: Controller wraps handler with try/catch (#909)
By having the controller perform try/catch around the
handler function allows us to add extra safety to all
our controllers and safeguards that we will always catch
exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
Christopher Kolstad
ff7be7696c
fix: Stores as typescript and with interfaces. (#902)
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00