70499dc1d4
## About the changes When edge is configured to automatically generate tokens, it requires the token to be present in all unleash instances. It's behind a flag which enables us to turn it on on a case by case scenario. The risk of this implementation is that we'd be adding load to the database in the middleware that evaluates tokens (which are present in mostly all our API calls. We only query when the token is missing but because the /client and /frontend endpoints which will be the affected ones are high throughput, we want to be extra careful to avoid DDoSing ourselves ## Alternatives: One alternative would be that we merge the two endpoints into one. Currently, Edge does the following: If the token is not valid, it tries to create a token using a service account token and /api/admin/create-token endpoint. Then it uses the token generated (which is returned from the prior endpoint) to query /api/frontend. What if we could call /api/frontend with the same service account we use to create the token? It may sound risky but if the same application holding the service account token with permission to create a token, can call /api/frontend via the generated token, shouldn't it be able to call the endpoint directly? The purpose of the token is authentication and authorization. With the two tokens we are authenticating the same app with 2 different authorization scopes, but because it's the same app we are authenticating, can't we just use one token and assume that the app has both scopes? If the service account already has permissions to create a token and then use that token for further actions, allowing it to directly call /api/frontend does not necessarily introduce new security risks. The only risk is allowing the app to generate new tokens. Which leads to the third alternative: should we just remove this option from edge? |
||
|---|---|---|
| .. | ||
| docs | ||
| remote-content | ||
| src | ||
| static | ||
| .gitignore | ||
| babel.config.js | ||
| clean-generated-docs.js | ||
| docusaurus.config.js | ||
| global.js | ||
| package.json | ||
| README.md | ||
| sidebars.js | ||
| tsconfig.json | ||
| vercel.json | ||
| yarn.lock | ||
Website
This website is built using Docusaurus 2, a modern static website generator.
Installation
In a terminal, cd into the website folder of the locally cloned unleash repository and then start the installation.
cd unleash/website
yarn install
Generate OpenAPI docs
yarn generate
Generate the Open API docs that live at Reference documentation > APIs > OpenAPI
Local Development
Before running the docs the first time, you'll need to generate external documentation, as described in the generate OpenAPI docs section.
yarn start
Start a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
Build
yarn build
This command generates static content into the build directory and can be served using any static contents hosting service.
Deployment
GIT_USER=<Your GitHub username> USE_SSH=true yarn deploy
If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the gh-pages branch.
Troubleshooting
TypeError: source_default(...).bold is not a function
If you get an error like this, it's probably due to a formatting issue within one of the markdown files. It could be
- unescaped angle brackets (markdown will try to parse
<your-key>(when it's not quoted) as HTML, which breaks the build) - incorrectly formatted titles or missing pieces of files
- a lot of other stuff.
Component Figure was not imported, exported, or provided by MDXProvider as global scope
TypeError: source_default(...).bold is not a function
[ERROR] Unable to build website for locale en.
This error is very hard to debug, but there is a trick that appears to work (as shared in this discussion on docusaurus' repo):
In node_modules/@docusaurus/core/lib/client/serverEntry.js, remove all references to chalk. You can use a regex replace for that, by replacing chalk(\w|\.)+ with the empty string.
Depending on your editor, that regex might need more escapes. For instance, here's a command to run with evil-ex in Emacs:
%s/chalk\(\w\|\.\)+//g
For macOS sed, it'd be:
sed -i '' 's/chalk\(\w\|\.\)\+//g' node_modules/@docusaurus/core/lib/client/serverEntry.js
For GNU sed:
sed -i 's/chalk\(\w\|\.\)\+//g' node_modules/@docusaurus/core/lib/client/serverEntry.js
That might turn your error into something like this:
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/change-requests.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/feature-types.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/frontend-api.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/maintenance.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/notifications.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/personal-access-tokens.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/segments.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/service-accounts.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/telemetry.
[ERROR] Docusaurus server-side rendering could not render static page with path /reference/api/unleash/unstable.
Component Figure was not imported, exported, or provided by MDXProvider as global scope
Error: Unexpected: cant find current sidebar in context
[ERROR] Unable to build website for locale en.