1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-01 00:08:27 +01:00
Commit Graph

9 Commits

Author SHA1 Message Date
Gastón Fournier
70499dc1d4
feat: allow api token middleware to fetch from db (#6344)
## About the changes
When edge is configured to automatically generate tokens, it requires
the token to be present in all unleash instances.
It's behind a flag which enables us to turn it on on a case by case
scenario.

The risk of this implementation is that we'd be adding load to the
database in the middleware that evaluates tokens (which are present in
mostly all our API calls. We only query when the token is missing but
because the /client and /frontend endpoints which will be the affected
ones are high throughput, we want to be extra careful to avoid DDoSing
ourselves

## Alternatives:
One alternative would be that we merge the two endpoints into one.
Currently, Edge does the following:
If the token is not valid, it tries to create a token using a service
account token and /api/admin/create-token endpoint. Then it uses the
token generated (which is returned from the prior endpoint) to query
/api/frontend. What if we could call /api/frontend with the same service
account we use to create the token? It may sound risky but if the same
application holding the service account token with permission to create
a token, can call /api/frontend via the generated token, shouldn't it be
able to call the endpoint directly?

The purpose of the token is authentication and authorization. With the
two tokens we are authenticating the same app with 2 different
authorization scopes, but because it's the same app we are
authenticating, can't we just use one token and assume that the app has
both scopes?

If the service account already has permissions to create a token and
then use that token for further actions, allowing it to directly call
/api/frontend does not necessarily introduce new security risks. The
only risk is allowing the app to generate new tokens. Which leads to the
third alternative: should we just remove this option from edge?
2024-02-27 16:08:44 +01:00
Gard Rimestad
d886c910da
docs: Compare front-end api to edge, not proxy (#5617)
Proxy is superseeded by edge, lets compare to edge instead of the old
proxy.

---------

Co-authored-by: Thomas Heartman <thomas@getunleash.io>
2023-12-14 09:04:44 +01:00
Thomas Heartman
415e1b0596
Source proxy and Edge docs from GitHub (#3122)
## What

The main purpose of this PR is to

1. Delete the proxy docs in this repo and replace them with the proxy's
GitHub readme.
2. Add the docs for Unleash Edge.

### Detailed change description

This PR contains a lot of small changes in a large number of files. To
make it easier to get an overview, here's a detailed description of what
happens where:

#### In the `website/docs`directory

Except for the deletion of the proxy doc, all changes in this directory
are rewriting internal links, so that they point to the newly generated
document instead.

#### `package.json` and `yarn.lock`

When including the documentation for Edge, we also want to render the
mermaid diagrams it uses. Docusaurus supports this via a plugin. All
changes in these files are related to installing that plugin.

#### `docusaurus.config.js`

There's two types of changes in this file:

1. Mermaid-related changes: we ask docusaurus to render mermaid in
markdown files and add the plugin

2. Document generation. There's some rewrites to the sdk doc generation
plus an entirely new section that generates docs for Edge and the proxy

#### `sidebars.js`

Two things:

1. Add the edge docs
2. Move both the Edge and the proxy docs up a level, so that they're
directly under "reference docs" instead of nested inside "unleash
concepts".

#### In the `website/remote-content` directory

These are the remote content files. Previously, all of this lived only
in a `readme-fns.js` file, but with the introduction of Edge and proxy
docs, this has been moved into its own directory and refactored into
three files (`shared`, `sdks`, `edge-proxy`).

#### `custom.css`

Style updates to center mermaid diagrams and provide more space around
them.

#### In `static/img`

The image files that were included in the proxy doc and that have been
deleted.

## Why

For two reasons:

1. Reduce duplication for the proxy. Have one source of truth.
2. Add docs for edge.

## Discussion points and review wishes

This is a big PR, and I don't expect anyone to do a line-by-line review
of it, nor do I think that is particularly useful. Instead, I'd like to
ask reviewers to:

1. Visit the [documentation
preview](https://unleash-docs-git-docs-source-proxy-gh-unleash-team.vercel.app/reference/unleash-proxy)
and have a look at both the proxy docs and the Edge docs. Potentially
have a look at the SDK docs too to verify that everything still works.

2. Consider whether they think moving the proxy and edge docs up a level
(in the sidebar) makes sense.

3. Let me know what slug they'd prefer for the Edge docs. I've gone with
`unleash-edge` for now (so that it's
`docs.getunleash.io/reference/unleash-edge`), but we could potentially
also just use `edge`. WDYT?

4. Read through the detailed changes section.

5. Let me know if they have any other concerns or questions.

## Screenies

The new proxy doc:


![image](https://user-images.githubusercontent.com/17786332/219043145-1c75c83e-4191-45a3-acb5-775d05d13862.png)

The new edge doc:


![image](https://user-images.githubusercontent.com/17786332/219043220-1f5daf13-972e-4d56-8aaf-70ff1812863e.png)
2023-02-16 13:36:28 +01:00
Thomas Heartman
a3fdef11ab
docs: various fixes (#2669)
## What

This PR contains a number of minor fixes to the docs in terms of
formatting and redirects. The changes are:

- Adding an availability notice for the front-end API reference docs
(with links to the release blog post).

- Fix malformed admonition headers in the Unleash proxy docs and
impression data docs.

-   Add missing redirects:

- `/advanced/custom_activation_strategy` ->
`/reference/custom-activation-strategies`
- `/docs/deploy/configuring_unleash` ->
`/reference/deploy/configuring-unleash`
- `/docs/user_guide/connect_sdk` -> `/reference/sdks`(this one goes to
the SDKs doc instead of the quickstart because there's more
comprehensive information there and because `/user_guide/connect_sdk`
already goes there)
    -   `/sdks/proxy-javascript` -> `/reference/sdks/javascript-browser`
    -   `/sdks/proxy-react`-> `/reference/sdks/react`
- `/docs/getting_started` -> `/tutorials/quickstart` (this does not go
to "Deploy: getting started" because that is its own link)

## Why

Because keeping the docs up to date and accessible is important.
2022-12-12 14:08:13 +01:00
Mateusz Kwasniewski
867a8a4e8d
remove experimental notice (#2640) 2022-12-09 09:30:00 +01:00
Thomas Heartman
d5fbd0b743
refactor: move docs into new structure / fix links for SEO (#2416)
## What

This (admittedly massive) PR updates the "physical" documentation
structure and fixes url inconsistencies and SEO problems reported by
marketing. The main points are:

- remove or move directories : advanced, user_guide, deploy, api
- move the files contained within to the appropriate one of topics,
how-to, tutorials, or reference
- update internal doc links and product links to the content
- create client-side redirects for all the urls that have changed.

A number of the files have been renamed in small ways to better match
their url and to make them easier to find. Additionally, the top-level
api directory has been moved to /reference/api/legacy/unleash (see the
discussion points section for more on this).

## Why

When moving our doc structure to diataxis a while back, we left the
"physical' files lying where they were, because it didn't matter much to
the new structure. However, that did introduce some inconsistencies with
where you place docs and how we organize them.

There's also the discrepancies in whether urls us underscores or hyphens
(which isn't necessarily the same as their file name), which has been
annoying me for a while, but now has also been raised by marketing as an
issue in terms of SEO.

## Discussion points

The old, hand-written API docs have been moved from /api to
/reference/api/legacy/unleash. There _is_ a /reference/api/unleash
directory, but this is being populated by the OpenAPI plugin, and mixing
those could only cause trouble. However, I'm unsure about putting
/legacy/ in the title, because the API isn't legacy, the docs are. Maybe
we could use another path? Like /old-docs/ or something? I'd appreciate
some input on this.
2022-11-22 09:05:30 +00:00
Fredrik Strand Oseberg
7fbe227e0f
Fix/frontendapi synchronization (#2100)
* feat: add db fetch polling for proxy endpoints

* feat: add test for retrieving cache on interval

* feat: configurable interval

* fix: add config options

* feat: docs

* fix: add config to proxy-repository

* fix: update snapshots

* Update website/docs/reference/front-end-api.md

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* fix: update docs

* Update website/docs/deploy/configuring-unleash.md

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* Update website/docs/reference/front-end-api.md

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-09-28 14:23:41 +02:00
Thomas Heartman
86824d693f
docs(fix): fix broken link to front-end API tokens (#2094)
This change fixes a broken link to front-end API tokens from the front-end API page. The anchor had changed.
2022-09-27 15:52:06 +02:00
Tymoteusz Czech
2cd5028125
Docs: update API access for new token type (#1958)
* refactor how-to guide for creating a token

* fix token links

* update SDK reference

* beginning of direct api guide

* refactored frontend api guide

* lint staged breaking notes

* update docs - cors for frontend

* update token guide images

* update after review

* Apply suggestions from code review

`website/docs/user_guide/token.mdx`

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* Apply suggestions from code review

`website/docs/topics/frontend-api.md`

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* Apply suggestions from code review

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* Apply suggestions from code review

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* pr review

* docs: Add info about front-end tokens + formatting

* docs: add info about token anatomy

* docs: link to correct  place in doc

* docs: replace "direct access API" -> "front-end API"

* docs: rename file frontend-api -> front-end-api

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-09-15 09:02:10 +02:00