diff --git a/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx b/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx index 6e632d0e4..216f7b579 100644 --- a/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx +++ b/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx @@ -16,11 +16,10 @@ import { } from './openssl-wrapper-with-promises'; import path from 'path'; import tmp, {FileOptions} from 'tmp'; -import {FlipperServerConfig, reportPlatformFailures} from 'flipper-common'; +import {reportPlatformFailures} from 'flipper-common'; import {isTest} from 'flipper-common'; import {flipperDataFolder} from '../../utils/paths'; import * as jwt from 'jsonwebtoken'; -import {getFlipperServerConfig} from '../../FlipperServerConfig'; import {Mutex} from 'async-mutex'; import {createSecureContext} from 'tls'; @@ -288,52 +287,6 @@ const writeToTempFile = async (content: string): Promise => { await fs.writeFile(path, content); return path; }; - -const manifestFilename = 'manifest.json'; -const getManifestPath = (config: FlipperServerConfig): string => { - return path.resolve(config.paths.staticPath, manifestFilename); -}; - -const exportTokenToManifest = async (token: string) => { - console.info('Export token to manifest'); - let config: FlipperServerConfig | undefined; - try { - config = getFlipperServerConfig(); - } catch { - console.warn( - 'Unable to obtain server configuration whilst exporting token to manifest', - ); - } - - if (!config || !config.environmentInfo.isHeadlessBuild) { - console.warn( - 'No configuration or not headless build detected, skipping exporting token to manifest', - config, - ); - return; - } - - const manifestPath = getManifestPath(config); - try { - console.info('Reading manifest at path', manifestPath); - const manifestData = await fs.readFile(manifestPath, { - encoding: 'utf-8', - }); - const manifest = JSON.parse(manifestData); - manifest.token = token; - - const newManifestData = JSON.stringify(manifest, null, 4); - - console.info('Export token to manifest at path', manifestPath); - await fs.writeFile(manifestPath, newManifestData); - } catch (e) { - console.error( - 'Unable to export authentication token to manifest, may be non existent.', - e, - ); - } -}; - export const generateAuthToken = async () => { console.info('Generate client authentication token'); @@ -347,8 +300,6 @@ export const generateAuthToken = async () => { await fs.writeFile(serverAuthToken, token); - await exportTokenToManifest(token); - return token; }; @@ -382,8 +333,6 @@ export const getAuthToken = async (): Promise => { return generateAuthToken(); } - await exportTokenToManifest(token); - return token; }; diff --git a/desktop/flipper-server-core/src/server/startServer.tsx b/desktop/flipper-server-core/src/server/startServer.tsx index 51f1639fa..b1df9b460 100644 --- a/desktop/flipper-server-core/src/server/startServer.tsx +++ b/desktop/flipper-server-core/src/server/startServer.tsx @@ -18,7 +18,10 @@ import exitHook from 'exit-hook'; import {attachSocketServer} from './attachSocketServer'; import {FlipperServerImpl} from '../FlipperServerImpl'; import {FlipperServerCompanionEnv} from 'flipper-server-companion'; -import {validateAuthToken} from '../app-connectivity/certificate-exchange/certificate-utils'; +import { + getAuthToken, + validateAuthToken, +} from '../app-connectivity/certificate-exchange/certificate-utils'; import {tracker} from '../tracker'; import {EnvironmentInfo, isProduction} from 'flipper-common'; import {GRAPH_SECRET} from '../fb-stubs/constants'; @@ -38,6 +41,7 @@ type ReadyForConnections = ( const verifyAuthToken = (req: http.IncomingMessage): boolean => { let token: string | null = null; + if (req.url) { const url = new URL(req.url, `http://${req.headers.host}`); token = url.searchParams.get('token'); @@ -47,6 +51,10 @@ const verifyAuthToken = (req: http.IncomingMessage): boolean => { token = req.headers['x-access-token'] as string; } + if (!isProduction()) { + console.info('[conn] verifyAuthToken -> token', token); + } + if (!token) { console.warn('[conn] A token is required for authentication'); tracker.track('server-auth-token-verification', { @@ -146,16 +154,18 @@ async function startHTTPServer( next(); }); - app.get('/', (_req, res) => { + app.get('/', async (_req, res) => { const resource = isReady ? path.join(config.staticPath, config.entry) : path.join(config.staticPath, 'loading.html'); + const token = await getAuthToken(); fs.readFile(resource, (_err, content) => { const processedContent = content .toString() .replace('GRAPH_SECRET_REPLACE_ME', GRAPH_SECRET) .replace('FLIPPER_APP_VERSION_REPLACE_ME', environmentInfo.appVersion) .replace('FLIPPER_UNIXNAME_REPLACE_ME', environmentInfo.os.unixname) + .replace('FLIPPER_AUTH_TOKEN_REPLACE_ME', token) .replace('FLIPPER_SESSION_ID_REPLACE_ME', sessionId); res.end(processedContent); }); diff --git a/desktop/flipper-ui-browser/src/global.tsx b/desktop/flipper-ui-browser/src/global.tsx index edc96f165..606a72df0 100644 --- a/desktop/flipper-ui-browser/src/global.tsx +++ b/desktop/flipper-ui-browser/src/global.tsx @@ -22,6 +22,7 @@ declare global { FLIPPER_APP_VERSION: string; FLIPPER_SESSION_ID: string; FLIPPER_UNIXNAME: string; + FLIPPER_AUTH_TOKEN: string; flipperShowMessage?(message: string): void; flipperHideMessage?(): void; diff --git a/desktop/flipper-ui-browser/src/index.tsx b/desktop/flipper-ui-browser/src/index.tsx index d6c4b018e..f0d1fc63f 100644 --- a/desktop/flipper-ui-browser/src/index.tsx +++ b/desktop/flipper-ui-browser/src/index.tsx @@ -55,17 +55,12 @@ async function start() { const providerParams = new URL(location.href).searchParams; let token = providerParams.get('token'); if (!token) { - console.info( - '[flipper-client][ui-browser] Get token from manifest instead', - ); - try { - const manifestResponse = await fetch('manifest.json'); - const manifest = await manifestResponse.json(); - token = manifest.token; - } catch (e) { + console.info('[flipper-client][ui-browser] Get token from HTML instead'); + token = window.FLIPPER_AUTH_TOKEN; + if (!token || token === 'FLIPPER_AUTH_TOKEN_REPLACE_ME') { console.warn( - '[flipper-client][ui-browser] Failed to get token from manifest. Error:', - e.message, + '[flipper-client][ui-browser] Failed to get token from HTML', + token, ); } } @@ -73,6 +68,7 @@ async function start() { getLogger().info( '[flipper-client][ui-browser] Token is available: ', token?.length != 0, + token?.length === 460, ); return token; diff --git a/desktop/static/index.web.dev.html b/desktop/static/index.web.dev.html index 0c3606a0a..59d1b1c2d 100644 --- a/desktop/static/index.web.dev.html +++ b/desktop/static/index.web.dev.html @@ -141,13 +141,12 @@ window.FLIPPER_APP_VERSION = 'FLIPPER_APP_VERSION_REPLACE_ME'; window.FLIPPER_SESSION_ID = 'FLIPPER_SESSION_ID_REPLACE_ME'; window.FLIPPER_UNIXNAME = 'FLIPPER_UNIXNAME_REPLACE_ME'; + window.FLIPPER_AUTH_TOKEN = 'FLIPPER_AUTH_TOKEN_REPLACE_ME'; const params = new URL(location.href).searchParams; let token = params.get('token'); if (!token) { - const manifestResponse = await fetch('manifest.json'); - const manifest = await manifestResponse.json(); - token = manifest.token; + token = window.FLIPPER_AUTH_TOKEN } const socket = new WebSocket(`ws://${location.host}?token=${token}`); @@ -212,7 +211,7 @@ setTimeout(() => retry(retries), 1000); } } - + retry(3); }; diff --git a/desktop/static/index.web.html b/desktop/static/index.web.html index 80c2bdc17..dae259b93 100644 --- a/desktop/static/index.web.html +++ b/desktop/static/index.web.html @@ -90,6 +90,7 @@ window.FLIPPER_APP_VERSION = 'FLIPPER_APP_VERSION_REPLACE_ME'; window.FLIPPER_SESSION_ID = 'FLIPPER_SESSION_ID_REPLACE_ME'; window.FLIPPER_UNIXNAME = 'FLIPPER_UNIXNAME_REPLACE_ME'; + window.FLIPPER_AUTH_TOKEN = 'FLIPPER_AUTH_TOKEN_REPLACE_ME'; // load correct theme (n.b. this doesn't handle system value specifically, will assume light in such cases) try { @@ -117,7 +118,7 @@ setTimeout(() => retry(retries), 1000); } } - + retry(3); };