1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
Commit Graph

89 Commits

Author SHA1 Message Date
Gastón Fournier
29478828b5
chore: increase max app names to 1000 (#4421)
## About the changes
Looking at our metrics this number should be a good threshold, giving us
more functionality than just limiting it to 100.
2023-08-04 15:03:21 +02:00
Christopher Kolstad
902cc2f2e7
fix: reduce severity of api token middleware errors (#4216)
This isn't something our on-calls can do something about when it fails,
so downgrading to WARN seems like the right level.
2023-07-11 13:33:02 +03:00
Nuno Góis
7e9069e390
refactor: token permissions, drop admin-like permissions (#4050)
https://linear.app/unleash/issue/2-1155/refactor-permissions

- Our `rbac-middleware` now supports multiple OR permissions;
- Drops non-specific permissions (e.g. CRUD API token permissions
without specifying the token type);
- Makes our permission descriptions consistent;
- Drops our higher-level permissions that basically mean ADMIN (e.g.
ADMIN token permissions) in favor of `ADMIN` permission in order to
avoid privilege escalations;

This PR may help with
https://linear.app/unleash/issue/2-1144/discover-potential-privilege-escalations
as it may prevent privilege escalations altogether.

There's some UI permission logic around this, but in the future
https://linear.app/unleash/issue/2-1156/adapt-api-tokens-creation-ui-to-new-permissions
could take it a bit further by adapting the creation of tokens as well.

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-06-22 08:35:54 +01:00
Christopher Kolstad
52904ee038
fix: reject unauthorized client requests (#3881)
If apiTokens are enabled breaks middleware chain with a 401 if no token
is found for requests to client and frontend apis. Previously the
middleware allowed the chain to process.

Removes the regex search for multiple slashes, and instead configures
the apiTokenMiddleware to reject unauthorized requests.
2023-05-27 16:29:54 +02:00
Christopher Kolstad
3d872cf7a2
security: Reject multiple successive slashes in path (#3880) 2023-05-27 14:31:44 +02:00
Thomas Heartman
9943179393
Clean up old errors (#3633)
This PR attempts to improve the error handling introduced in #3607.

## About the changes

## **tl;dr:**
- Make `UnleashError` constructor protected
- Make all custom errors inherit from `UnleashError`.
- Add tests to ensure that all special error cases include their
relevant data
- Remove `PasswordMismatchError` and `BadRequestError`. These don't
exist.
- Add a few new error types: `ContentTypeError`, `NotImplementedError`,
`UnauthorizedError`
- Remove the `...rest` parameter from error constructor
- Add an unexported `GenericUnleashError` class
- Move OpenAPI conversion function to `BadDataError` clas
- Remove explicit `Error.captureStackTrace`. This is done automatically.
- Extract `getPropFromString` function and add tests

### **In a more verbose fashion**

The main thing is that all our internal errors now inherit
from`UnleashError`. This allows us to simplify the `UnleashError`
constructor and error handling in general while still giving us the
extra benefits we added to that class. However, it _does_ also mean that
I've had to update **all** existing error classes.

The constructor for `UnleashError` is now protected and all places that
called that constructor directly have been updated. Because the base
error isn't available anymore, I've added three new errors to cover use
cases that we didn't already have covered: `NotImplementedError`,
`UnauthorizedError`, `ContentTypeError`. This is to stay consistent in
how we report errors to the user.

There is also an internal class, `GenericUnleashError` that inherits
from the base error. This class is only used in conversions for cases
where we don't know what the error is. It is not exported.

In making all the errors inherit, I've also removed the `...rest`
parameter from the `UnleashError` constructor. We don't need this
anymore.

Following on from the fixes with missing properties in #3638, I have
added tests for all errors that contain extra data.

Some of the error names that were originally used when creating the list
don't exist in the backend. `BadRequestError` and
`PasswordMismatchError` have been removed.

The `BadDataError` class now contains the conversion code for OpenAPI
validation errors. In doing so, I extracted and tested the
`getPropFromString` function.

### Main files

Due to the nature of the changes, there's a lot of files to look at. So
to make it easier to know where to turn your attention:

The changes in `api-error.ts` contain the main changes: protected
constructor, removal of OpenAPI conversion (moved into `BadDataError`.

`api-error.test.ts` contains tests to make sure that errors work as
expected.

Aside from `get-prop-from-string.ts` and the tests, everything else is
just the required updates to go through with the changes.

## Discussion points

I've gone for inheritance of the Error type over composition. This is in
large part because throwing actual Error instances instead of just
objects is preferable (because they collect stack traces, for instance).
However, it's quite possible that we could solve the same thing in a
more elegant fashion using composition.

## For later / suggestions for further improvements

The `api-error` files still contain a lot of code. I think it might be
beneficial to break each Error into a separate folder that includes the
error, its tests, and its schema (if required). It would help decouple
it a bit.

We don't currently expose the schema anywhere, so it's not available in
the openapi spec. We should look at exposing it too.

Finally, it would be good to go through each individual error message
and update each one to be as helpful as possible.
2023-05-11 11:10:57 +02:00
Christopher Kolstad
af3944bd75
fix: log missing user at warn level (#3735)
When using PATs if the user that the PAT is for has been removed, we
currently log the missing user at ERROR level. Since this is not
something our SREs can fix, this PR downgrades the NotFoundError to
WARN, instead of ERROR.
2023-05-10 13:31:42 +02:00
David Leek
f35d9390c1
chore: deprecate username on api-tokens (#3616)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

This deprecates the `username` properties on api-token schemas, and adds
a `tokenName` property.
DB field `username` has been renamed to `token_name`, migration added
for the rename.
Both `username` and `tokenName` can be used when consuming the service,
but only one of them.

## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->

There's a couple of things I'd like to get opinions on and discuss:
- Frontend still uses the deprecated `username` property
- ApiTokenSchema is used both for input and output of `Create`
controller endpoints and should be split out into separate schemas. I'll
set up a task for this

---------

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-04 09:56:00 +02:00
Thomas Heartman
2765ae2c70
feat: unify error responses (#3607)
This PR implements the first version of a suggested unification (and
documentation) of the errors that we return from the API today.

The goal is for this to be the first step towards the error type defined
in this internal [linear
task](https://linear.app/unleash/issue/1-629/define-the-error-type
'Define the new API error type').

## The state of things today

As things stand, we currently have no (or **very** little) documentation
of the errors that are returned from the API. We mention error codes,
but never what the errors may contain.

Second, there is no specified format for errors, so what they return is
arbitrary, and based on ... Who knows? As a result, we have multiple
different errors returned by the API depending on what operation you're
trying to do. What's more, with OpenAPI validation in the mix, it's
absolutely possible for you to get two completely different error
objects for operations to the same endpoint.

Third, the errors we do return are usually pretty vague and don't really
provide any real help to the user. "You don't have the right
permissions". Great. Well what permissions do I need? And how would I
know? "BadDataError". Sick. Why is it bad?

... You get it.

## What we want to achieve

The ultimate goal is for error messages to serve both humans and
machines. When the user provides bad data, we should tell them what
parts of the data are bad and what they can do to fix it. When they
don't have the right permissions, we should tell them what permissions
they need.

Additionally, it would be nice if we could provide an ID for each error
instance, so that you (or an admin) can look through the logs and locate
he incident.

## What's included in **this** PR?

This PR does not aim to implement everything above. It's not intended to
magically fix everything. Its goal is to implement the necessary
**breaking** changes, so that they can be included in v5. Changing error
messages is a slightly grayer area than changing APIs directly, but
changing the format is definitely something I'd consider breaking.

So this PR:

- defines a minimal version of the error type defined in the [API error
definition linear
task](https://linear.app/unleash/issue/1-629/define-the-error-type).
- aims to catch all errors we return today and wrap them in the error
type
-   updates tests to match the new expectations.

An important point: because we are cutting v5 very soon and because work
for this wasn't started until last week, the code here isn't necessarily
very polished. But it doesn't need to be. The internals can be as messy
as we want, as long as the API surface is stable.

That said, I'm very open to feedback about design and code completeness,
etc, but this has intentionally been done quickly.

Please also see my inline comments on the changes for more specific
details.

### Proposed follow-ups

As mentioned, this is the first step to implementing the error type. The
public API error type only exposes `id`, `name`, and `message`. This is
barely any more than most of the previous messages, but they are now all
using the same format. Any additional properties, such as `suggestion`,
`help`, `documentationLink` etc can be added as features without
breaking the current format. This is an intentional limitation of this
PR.

Regarding additional properties: there are some error responses that
must contain extra properties. Some of these are documented in the types
of the new error constructor, but not all. This includes `path` and
`type` properties on 401 errors, `details` on validation errors, and
more.

Also, because it was put together quickly, I don't yet know exactly how
we (as developers) would **prefer** to use these new error messages
within the code, so the internal API (the new type, name, etc), is just
a suggestion. This can evolve naturally over time if (based on feedback
and experience) without changing the public API.

## Returning multiple errors

Most of the time when we return errors today, we only return a single
error (even if many things are wrong). AJV, the OpenAPI integration we
use does have a setting that allows it to return all errors in a request
instead of a single one. I suggest we turn that on, but that we do it in
a separate PR (because it updates a number of other snapshots).

When returning errors that point to `details`, the objects in the
`details` now contain a new `description` property. This "deprecates"
the `message` property. Due to our general deprecation policy, this
should be kept around for another full major and can be removed in v6.

```json
{
  "name": "BadDataError",
  "message": "Something went wrong. Check the `details` property for more information."
  "details": [{
    "message": "The .params property must be an object. You provided an array.",
    "description": "The .params property must be an object. You provided an array.",
  }]
}
```
2023-04-25 13:40:46 +00:00
Jaanus Sellin
f9686a3a33
feat: add plausible as connect src (#3619) 2023-04-25 14:24:54 +03:00
Jaanus Sellin
28f61e05ff
feat: fix csp headers for feedback form (#3617)
Fix feedback form failing due to missing csp headers
2023-04-25 13:40:55 +03:00
Mateusz Kwasniewski
51e871da96
fix: 4 param error handler (#3520) 2023-04-14 08:59:27 +02:00
Mateusz Kwasniewski
84bf60ca78
feat: Catch all error handler (#3499) 2023-04-12 08:05:34 +02:00
Jaanus Sellin
33487d11b9
feat: authorization middleware (#3464) 2023-04-06 11:46:54 +02:00
Jaanus Sellin
407b2524b8
fix: use projectId from param (#3372) 2023-03-23 10:12:38 +02:00
Mateusz Kwasniewski
10f7d57f13
fix: remove remaining warnings in tests (#3296) 2023-03-10 12:12:17 +01:00
Gastón Fournier
4e3ce8e0af
chore: GA responseTimeWithAppNames (#3178)
## About the changes
This makes response time with app names enabled for everyone but also
kept a way of turning it off (kill switch) in case it cause some issues
because of misconfigured app names
2023-02-22 09:10:06 +00:00
Gastón Fournier
896994d42f
fix: when app count is zero because it just started (#3029)
## About the changes
This fixes response time metrics with app names when the app just starts
and has zero which is falsy. We want to compare against undefined (which
means the snapshot is not yet ready)
2023-02-01 17:30:35 +01:00
Mateusz Kwasniewski
6b9a242be5
upload limit and import ui tweaks (#2998) 2023-01-26 12:36:45 +01:00
Nuno Góis
7d73d772df
feat: add the account abstraction logic (#2918)
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept

Builds on top of https://github.com/Unleash/unleash/pull/2917 by moving
the responsibility of handling both account types from `users` to
`accounts`.

Ideally:
 - `users` - Should only handle users;
 - `service-accounts` - Should only handle service accounts;
 - `accounts` - Should handle any type of account;

This should hopefully also provide a good building block in case we
later decide to refactor this further down the `accounts` path.
2023-01-18 16:08:07 +00:00
Gastón Fournier
ce815e5f29
feat: report app names only if below a threshold (#2737)
## About the changes
Introduce a snapshot version of instanceStats inside
instance-stats-service to provide a cached state of the statistics
without compromising the DB.

### Important notes
Some rule-of-thumb applied in the PR that can be changed:
1. The snapshot refresh time
2. The threshold to report appName with the metrics

## Discussion points
1. The snapshot could be limited to just the information needed (things
like `hasOIDC` don't change until there's a restart), to optimize the memory usage
3. metrics.ts (used to expose Prometheus metrics) has a [refresh
interval of
2hs](2d16730cc2/src/lib/metrics.ts (L189-L195)),
but with this implementation, we could remove that background task and
rely on the snapshot
4. We could additionally update the snapshot every time someone queries
the DB to fetch stats (`getStats()` method), but it may increase
complexity without a significant benefit

Co-authored-by: Mateusz Kwasniewski <kwasniewski.mateusz@gmail.com>
Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
2023-01-12 11:26:59 +01:00
Gastón Fournier
fa47fee55e
feat: RBAC read params from body (#2846)
## About the changes
This is a follow-up on #1953

This implementation generalizes how we fetch some standard parameters
from the query parameters or request body.

## Discussion points
Unfortunately, we have not used standard names for our APIs and one
example is our `projectId` (in some cases we just used `project`).
Ideally, we're only using one way of sending these parameters either
`projectId` or `project` (same applies to `environment` vs
`environmentId`).

If both parameters are present, due to historical reasons, we'll give
precedence to:
- `projectId` over `project`
- `environment` over `environmentId` 

In the presence of both query parameters and body, we'll give precedence
to query parameters also for historical reasons.
2023-01-11 10:48:27 +01:00
sjaanus
a0619e963d
Maintenance mode for users (#2716) 2022-12-21 13:23:44 +02:00
sjaanus
2d5455d203
Maintenance mode middleware (#2707) 2022-12-19 09:01:04 +02:00
Nuno Góis
a3ac96f763
Feat network overview (#2708)
https://linear.app/unleash/issue/2-512/exploration-network-overview-represented-as-a-flow-chart

<img width="1307" alt="image"
src="https://user-images.githubusercontent.com/14320932/208110067-294a0b91-d52e-49d1-9024-fa5e8530e2d8.png">
2022-12-16 14:12:36 +00:00
Ivar Conradi Østhus
09c87c755f
Fix/remove settings cache (#2694)
In this PR we remove the general SettingService cache, as it will not
work across multiple horizontal unleash instances, events are not
published across.

We also fix the CORS origin to: 
- Access-Control-Allow-Origin set to "*" if no Origin is configured
- Access-Control-Allow-Origin set to "*" if any Origin is configured to
"*"
- - Access-Control-Allow-Origin set to array and have the "cors"
middleware to return an exact match on the user provided Origin.

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-12-14 17:35:22 +01:00
Ivar Conradi Østhus
4a3d26065f
Fix/cors expose ETag (#2594)
This commit fixes two issues with the frontend API

1. fix: update cors max age to match chromium defaults
https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/cors/preflight_result.cc;drc=49e7c0b4886cac1f3d09dc046bd528c9c811a0fa;l=31
2: fix: expose ETage for cross-origin requests
2022-12-05 10:04:35 +01:00
Nuno Góis
7ce38ffe89
feat: update seen_at pat column (#2516)
https://linear.app/unleash/issue/2-451/update-last-seen-column-for-pats
2022-11-30 08:10:31 +02:00
Fredrik Strand Oseberg
5d52216d53
fix: adds cors caching (#2522)
* This PR adds a configurable maxAge header to the CORS middleware. This
allows the preflight request to be cached so that we can reduce the
request load on our end for the frontend clients starting to utilise the
frontend api.
2022-11-24 16:14:47 +01:00
andreas-unleash
726ede5cbe
Define exports for enterprise (#2435)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->
This PR sets up exports so that we can import in enterprise with just
"unleash-server".
This will free us to refactor unleash internals without breaking
enterprise

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

<!-- Does it close an issue? Multiple? -->
Closes #

<!-- (For internal contributors): Does it relate to an issue on public
roadmap? -->
<!--
Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#
-->

### Important files
<!-- PRs can contain a lot of changes, but not all changes are equally
important. Where should a reviewer start looking to get an overview of
the changes? Are any files particularly important? -->


## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->
2022-11-17 13:02:40 +02:00
Ivar Conradi Østhus
1312579bf6
fix: upgrade @types/node to v16.18.3 (#2365)
This pr upgrade @types/node to v16.18.3.
This also detected some inconsitent retrun types that I decided to fix.
2022-11-10 08:20:15 +01:00
Nuno Góis
07821174a5
refactor: remove PAT experimental flag (#2299) 2022-10-31 09:38:30 +00:00
Fredrik Strand Oseberg
929f824a3a
fix: refactor conditional middleware (#2261)
* fix: refactor conditional middleware

* fix: update tests

* test: update snapshot to hide things behing flag from openapi

Co-authored-by: kwasniew <kwasniewski.mateusz@gmail.com>
2022-10-26 13:00:49 +02:00
Fredrik Strand Oseberg
b341018b1d
fix: CORS options path (#2165)
* fix: path

* fix: path typo
2022-10-11 09:20:29 +02:00
Ivar Conradi Østhus
5141e77bce
fix: add appName to http response time metrics (#2117) 2022-09-30 15:28:50 +02:00
sjaanus
d5f621f3b2
Add test for api-token-middleware to not make database call when using PAT (#2110)
* Middleware first version

* Middleware tests

* Add tests

* Finish middleware tests

* Add type for request

* Add flagresolver

* Fix snapshot

* Update flags and tests

* Put it back as default

* Update snapshot

* Add middleware test
2022-09-29 08:53:29 +03:00
sjaanus
d79ace57ec
Personal access token middleware (#2069)
* Middleware first version

* Middleware tests

* Add tests

* Finish middleware tests

* Add type for request

* Add flagresolver

* Fix snapshot

* Update flags and tests

* Put it back as default

* Update snapshot
2022-09-28 16:53:56 +03:00
Fredrik Strand Oseberg
85b45b9965
Feat/unleash flags embedded proxy (#1974)
* feat: use unleash flags for embedded proxy

* feat: add a separate flag for the proxy frontend

* fix: setup unleash in dev

* fix: check flagResolver on each request

* fix: remove unleash client setup

* refactor: update frontend routes snapshot

* refactor: make batchMetrics flag dynamic

* fix: always check dynamic CORS origins config

* fix: make conditionalMiddleware work with the OpenAPI schema generation

Co-authored-by: olav <mail@olav.io>
2022-08-26 15:16:29 +02:00
Fredrik Strand Oseberg
1821bb881a
fix: proxy api check (#1965)
* fix: proxy api check

* fix: add await

* fix: revert async setup for prehook

* fix: stricter endpoint checks
2022-08-26 11:44:12 +02:00
olav
42d64c8803
feat: add CORS instance settings (#1957)
* feat: add CORS instance settings

* refactor: disallow arbitrary asterisks in CORS origins
2022-08-26 09:09:48 +02:00
Ivar Conradi Østhus
f3e8f723a2
Feat/exp flag loader (#1961)
* fix: remove unused exp flag

* fix: remove unused flag

* fix: add support for external flag resolver

* fix: rename flagsresolver to flagresolver

* fix: disable external flag resolver

* fix: refactor a bit

* fix: stop using unleash in server-dev

* fix: remove userGroups flag

* fix: revert bumping frontend
2022-08-26 08:22:42 +02:00
olav
0d293929f5
feat: add CORS support to the proxy endpoints (#1936)
* feat: add CORS support to the proxy endpoints

* refactor: remove unused development mode CORS support
2022-08-19 08:09:44 +02:00
Tymoteusz Czech
3266e9c22a
Refactor: rename frontend api key (#1935)
* refactor: rename frontend api key

* fix: api token schema tests
2022-08-18 08:20:51 +00:00
olav
e8d542af0f
feat: embed proxy endpoints (#1926)
* refactor: remove unused API definition routes

* feat: add support for proxy keys

* feat: support listening for any event

* feat: embed proxy endpoints

* refactor: add an experimental flag for the embedded proxy
2022-08-16 15:33:33 +02:00
Christopher Kolstad
482754e9f5
fix: Remove unneeded ts-expect-error now that types in knex are in sync (#1866)
* fix: Remove unneeded ts-expect-error now that types in knex are in sync
2022-07-28 10:34:19 +02:00
olav
e6b49e4bce
refactor: improve token type error message (#1709) 2022-06-17 09:00:13 +02:00
olav
ee35c7ad74
refactor: replace ts-ignore with ts-expect-error (#1675)
* refactor: replace ts-ignore with ts-expect-error

* refactor: remove unused ts-expect-errors
2022-06-07 11:49:17 +02:00
Ivar Conradi Østhus
3359dd204d
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00
Christopher Kolstad
606270d86a
feat: Allow extra CSP domains (#1610)
* feat: Allow extra CSP domains

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>

* fix: eslint:

* fix: allow partial csp domains

* fix: add option and config type

* fix: snapshot

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-05-31 11:32:15 +02:00
renovate[bot]
f52f1cadac
chore(deps): update dependency eslint-config-airbnb-typescript to v16.1.0 (#1147)
* chore(deps): update dependency eslint-config-airbnb-typescript to v16.1.0

* chore: Update a few places with eslint-ignore due to new linter rules for optional parameters

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: sighphyre <liquidwicked64@gmail.com>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-04-25 13:14:43 +02:00