Embed auth token into HTML
Summary: Auth token used be injected in the manifest file. Instead, have the server injected into the main HTML page. The main driver to this change are: - Simplify - There are instances in which for some reason reading/writing the token from the manifest fails. This will address that problem. Reviewed By: lblasa Differential Revision: D51160521 fbshipit-source-id: 4626fd8f56bc8b61182a53a5d9cf5acad1e723bc
This commit is contained in:
Andrey Goncharov
committed by
Facebook GitHub Bot
Facebook GitHub Bot
parent
69378c4b09
commit
8ef29c8160
@@ -16,11 +16,10 @@ import {
|
||||
} from './openssl-wrapper-with-promises';
|
||||
import path from 'path';
|
||||
import tmp, {FileOptions} from 'tmp';
|
||||
import {FlipperServerConfig, reportPlatformFailures} from 'flipper-common';
|
||||
import {reportPlatformFailures} from 'flipper-common';
|
||||
import {isTest} from 'flipper-common';
|
||||
import {flipperDataFolder} from '../../utils/paths';
|
||||
import * as jwt from 'jsonwebtoken';
|
||||
import {getFlipperServerConfig} from '../../FlipperServerConfig';
|
||||
import {Mutex} from 'async-mutex';
|
||||
import {createSecureContext} from 'tls';
|
||||
|
||||
@@ -288,52 +287,6 @@ const writeToTempFile = async (content: string): Promise<string> => {
|
||||
await fs.writeFile(path, content);
|
||||
return path;
|
||||
};
|
||||
|
||||
const manifestFilename = 'manifest.json';
|
||||
const getManifestPath = (config: FlipperServerConfig): string => {
|
||||
return path.resolve(config.paths.staticPath, manifestFilename);
|
||||
};
|
||||
|
||||
const exportTokenToManifest = async (token: string) => {
|
||||
console.info('Export token to manifest');
|
||||
let config: FlipperServerConfig | undefined;
|
||||
try {
|
||||
config = getFlipperServerConfig();
|
||||
} catch {
|
||||
console.warn(
|
||||
'Unable to obtain server configuration whilst exporting token to manifest',
|
||||
);
|
||||
}
|
||||
|
||||
if (!config || !config.environmentInfo.isHeadlessBuild) {
|
||||
console.warn(
|
||||
'No configuration or not headless build detected, skipping exporting token to manifest',
|
||||
config,
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
const manifestPath = getManifestPath(config);
|
||||
try {
|
||||
console.info('Reading manifest at path', manifestPath);
|
||||
const manifestData = await fs.readFile(manifestPath, {
|
||||
encoding: 'utf-8',
|
||||
});
|
||||
const manifest = JSON.parse(manifestData);
|
||||
manifest.token = token;
|
||||
|
||||
const newManifestData = JSON.stringify(manifest, null, 4);
|
||||
|
||||
console.info('Export token to manifest at path', manifestPath);
|
||||
await fs.writeFile(manifestPath, newManifestData);
|
||||
} catch (e) {
|
||||
console.error(
|
||||
'Unable to export authentication token to manifest, may be non existent.',
|
||||
e,
|
||||
);
|
||||
}
|
||||
};
|
||||
|
||||
export const generateAuthToken = async () => {
|
||||
console.info('Generate client authentication token');
|
||||
|
||||
@@ -347,8 +300,6 @@ export const generateAuthToken = async () => {
|
||||
|
||||
await fs.writeFile(serverAuthToken, token);
|
||||
|
||||
await exportTokenToManifest(token);
|
||||
|
||||
return token;
|
||||
};
|
||||
|
||||
@@ -382,8 +333,6 @@ export const getAuthToken = async (): Promise<string> => {
|
||||
return generateAuthToken();
|
||||
}
|
||||
|
||||
await exportTokenToManifest(token);
|
||||
|
||||
return token;
|
||||
};
|
||||
|
||||
|
||||
@@ -18,7 +18,10 @@ import exitHook from 'exit-hook';
|
||||
import {attachSocketServer} from './attachSocketServer';
|
||||
import {FlipperServerImpl} from '../FlipperServerImpl';
|
||||
import {FlipperServerCompanionEnv} from 'flipper-server-companion';
|
||||
import {validateAuthToken} from '../app-connectivity/certificate-exchange/certificate-utils';
|
||||
import {
|
||||
getAuthToken,
|
||||
validateAuthToken,
|
||||
} from '../app-connectivity/certificate-exchange/certificate-utils';
|
||||
import {tracker} from '../tracker';
|
||||
import {EnvironmentInfo, isProduction} from 'flipper-common';
|
||||
import {GRAPH_SECRET} from '../fb-stubs/constants';
|
||||
@@ -38,6 +41,7 @@ type ReadyForConnections = (
|
||||
|
||||
const verifyAuthToken = (req: http.IncomingMessage): boolean => {
|
||||
let token: string | null = null;
|
||||
|
||||
if (req.url) {
|
||||
const url = new URL(req.url, `http://${req.headers.host}`);
|
||||
token = url.searchParams.get('token');
|
||||
@@ -47,6 +51,10 @@ const verifyAuthToken = (req: http.IncomingMessage): boolean => {
|
||||
token = req.headers['x-access-token'] as string;
|
||||
}
|
||||
|
||||
if (!isProduction()) {
|
||||
console.info('[conn] verifyAuthToken -> token', token);
|
||||
}
|
||||
|
||||
if (!token) {
|
||||
console.warn('[conn] A token is required for authentication');
|
||||
tracker.track('server-auth-token-verification', {
|
||||
@@ -146,16 +154,18 @@ async function startHTTPServer(
|
||||
next();
|
||||
});
|
||||
|
||||
app.get('/', (_req, res) => {
|
||||
app.get('/', async (_req, res) => {
|
||||
const resource = isReady
|
||||
? path.join(config.staticPath, config.entry)
|
||||
: path.join(config.staticPath, 'loading.html');
|
||||
const token = await getAuthToken();
|
||||
fs.readFile(resource, (_err, content) => {
|
||||
const processedContent = content
|
||||
.toString()
|
||||
.replace('GRAPH_SECRET_REPLACE_ME', GRAPH_SECRET)
|
||||
.replace('FLIPPER_APP_VERSION_REPLACE_ME', environmentInfo.appVersion)
|
||||
.replace('FLIPPER_UNIXNAME_REPLACE_ME', environmentInfo.os.unixname)
|
||||
.replace('FLIPPER_AUTH_TOKEN_REPLACE_ME', token)
|
||||
.replace('FLIPPER_SESSION_ID_REPLACE_ME', sessionId);
|
||||
res.end(processedContent);
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user