1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-06-09 01:17:06 +02:00
Commit Graph

17 Commits

Author SHA1 Message Date
Gastón Fournier
e8e1d6e9f0
fix: path metric labels (#6400)
## About the changes
Some of our metrics are not labeled correctly, one example is
`<base-path>/api/frontend/client/metrics` is labeled as
`/client/metrics`. We can see that in internal-backstage/prometheus:

![image](https://github.com/Unleash/unleash/assets/455064/0d8f1f40-8b5b-49d4-8a88-70b523e9be09)

This issue affects all endpoints that fail to validate the request body.
Also, endpoints that are rejected by the authorization-middleware or the
api-token-middleware are reported as `(hidden)`.

To gain more insights on our api usage but being protective of metrics
cardinality we're prefixing `(hidden)` with some well known base urls:
https://github.com/Unleash/unleash/pull/6400/files#diff-1ed998ca46ffc97c9c0d5d400bfd982dbffdb3004b78a230a8a38e7644eee9b6R17-R33

## How to reproduce:
Make an invalid call to metrics (e.g. stop set to null), then check
/internal-backstage/prometheus and find the 400 error. Expected to be at
`path="/api/client/metrics"` but will have `path=""`:
```shell
curl -H"Authorization: *:development.unleash-insecure-client-api-token" -H'Content-type: application/json' localhost:4242/api/client/metrics -d '{
  "appName": "bash-test",
  "instanceId": "application-name-dacb1234",
  "environment": "development",
  "bucket": {
    "start": "2023-07-27T11:23:44Z",
    "stop": null,
    "toggles": {
      "myCoolToggle": {
        "yes": 25,
        "no": 42,
        "variants": {
          "blue": 6,
          "green": 15,
          "red": 46
        }
      },
      "myOtherToggle": {
        "yes": 0,
        "no": 100
      }
    }
  }
}'
```
2024-03-05 15:25:06 +01:00
Daniel Brooks
1392b10727
fix(import): making all imports relative and removing baseUrl (#5847)
Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
2024-01-17 15:33:03 +02:00
Christopher Kolstad
5a3bb1ffc3
Biome1.5.1 (#5867)
Lots of work here, mostly because I didn't want to turn off the
`noImplicitAnyLet` lint. This PR tries its best to type all the untyped
lets biome complained about (Don't ask me how many hours that took or
how many lints that was >200...), which in the future will force test
authors to actually type their global variables setup in `beforeAll`.

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2024-01-12 09:25:59 +00:00
Christopher Kolstad
6673d131fe
feat: biome lint (#4853)
This commit changes our linter/formatter to biome (https://biomejs.dev/)
Causing our prehook to run almost instantly, and our "yarn lint" task to
run in sub 100ms.

Some trade-offs:
* Biome isn't quite as well established as ESLint
* Are we ready to install a different vscode plugin (the biome plugin)
instead of the prettier plugin


The configuration set for biome also has a set of recommended rules,
this is turned on by default, in order to get to something that was
mergeable I have turned off a couple the rules we seemed to violate the
most, that we also explicitly told eslint to ignore.
2023-09-29 14:18:21 +02:00
Jaanus Sellin
39d2d065cd
feat: private project filtering and store implementation (#4758) 2023-09-18 11:06:26 +03:00
Jaanus Sellin
15baea1d25
feat: walking skeleton of private projects (#4753) 2023-09-15 15:52:54 +03:00
Thomas Heartman
5b95eed163
refactor: split NoAccessError into ForbiddenError + PermissionError (#4190)
In some of the places we used `NoAccessError` for permissions, other
places we used it for a more generic 403 error with a different
message. This refactoring splits the error type into two distinct
types instead to make the error messages more consistent.
2023-07-10 12:48:13 +02:00
Nuno Góis
7e9069e390
refactor: token permissions, drop admin-like permissions (#4050)
https://linear.app/unleash/issue/2-1155/refactor-permissions

- Our `rbac-middleware` now supports multiple OR permissions;
- Drops non-specific permissions (e.g. CRUD API token permissions
without specifying the token type);
- Makes our permission descriptions consistent;
- Drops our higher-level permissions that basically mean ADMIN (e.g.
ADMIN token permissions) in favor of `ADMIN` permission in order to
avoid privilege escalations;

This PR may help with
https://linear.app/unleash/issue/2-1144/discover-potential-privilege-escalations
as it may prevent privilege escalations altogether.

There's some UI permission logic around this, but in the future
https://linear.app/unleash/issue/2-1156/adapt-api-tokens-creation-ui-to-new-permissions
could take it a bit further by adapting the creation of tokens as well.

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-06-22 08:35:54 +01:00
sjaanus
1426d5be33
Added login endpoint rate limit (#2074)
* Added login rate limit

* Make more pretty

* Make more pretty

* Fix

* Remove double after all
2022-09-26 10:58:58 +03:00
olav
9aa1f39add
refactor: always accept any content type for GET reqs (#1672) 2022-06-07 09:32:18 +02:00
andreas-unleash
1a27bffe4d
Complete open api schemas for project features controller (#1563)
* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* revert

* revert

* revert

* revert

* revert

* mapper

* revert

* revert

* revert

* remove serialize-dates.ts

* remove serialize-dates.ts

* remove serialize-dates.ts

* remove serialize-dates.ts

* remove serialize-dates.ts

* revert

* revert

* add mappers

* add mappers

* fix pr comments

* ignore report.json

* ignore report.json

* Route permission required

Co-authored-by: olav <mail@olav.io>
2022-05-18 16:17:09 +03:00
olav
fdebeef929
feat: add OpenAPI validation to a few endpoints (#1409)
* feat: add OpenAPI validation to a few endpoints (2)

* refactor: use package version as the OpenAPI version

* refactor: keep the existing OpenAPI page for now

* refactor: add snapshots tests for the OpenAPI output

* refactor: validate Content-Type by default

* refactor: update vulnerable deps

* refactor: fix documentation URL to match schema

* refactor: improve external type declaration

* refactor: remove unused package resolutions

* refactor: try express-openapi fork

* Update package.json

* Update src/lib/services/openapi-service.ts

* Update src/lib/types/openapi.d.ts

* Update src/lib/types/openapi.d.ts

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-04-25 14:17:59 +02:00
Ivar Conradi Østhus
3c550f157a
fix: always require permission for POST, PATCH, PUT, DELETE (#1152) 2021-12-03 12:46:50 +01:00
Ivar Conradi Østhus
90962434d9
fix: Cleanup new features API with env support (#929) 2021-09-13 10:23:57 +02:00
Ivar Conradi Østhus
2bcdb5ec31
fix: Controller wraps handler with try/catch (#909)
By having the controller perform try/catch around the
handler function allows us to add extra safety to all
our controllers and safeguards that we will always catch
exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
Christopher Kolstad
ff7be7696c
fix: Stores as typescript and with interfaces. (#902)
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
Christopher Kolstad
240c6a77a1
Feat/options need types (#794)
feat: options are now typed

- This makes it easier to know what to send to unleash.start / unleash.create
- Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in.


Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-04-22 10:07:10 +02:00