Summary:
Until now, launching flipper-server with TCP would accept any incoming connection as long as it comes from the same origin (localhost) using web socket host origin verification.
This is not entirely secure as origin can be spoofed with tools like curl.
Our team created a security review and a proposal was written:
https://docs.google.com/document/d/16iXypCQibPiner061SoaQUFUY9tLVAEpkKfV_hUXI7c/
Effectively, Flipper can generate a token which is then used by the client to authenticate.
This diff contains the changes required to generate, obtain, and validate authentication tokens from clients connecting to flipper over TCP connections.
The token itself is a JWT token. JWT was chosen because it is a simple industry standard which offers three features which can immediately benefit us:
- Expiration handling. No need for Flipper to store this information anywhere.
- Payload. Payload can be used to push any data we deem relevant i.e. unix username.
- Signing. Signed and verified using the same server key pair which is already in place for certificate exchange.
Additionally, the token is stored in the Flipper static folder. This ensures that the browser and PWA clients have access to it.
Reviewed By: mweststrate
Differential Revision: D45179654
fbshipit-source-id: 6761bcb24f4ba30b67d1511cde8fe875158d78af
Summary:
In our organization, Flipper is distributed in a version controlled way. As a result, we do not want users to manually update or receive prompts to update when a new version is available. There is already a `--updater` flag in the command line arguments for flipper.exe, but it isn't piped through. This change pipes it through and disables all update related UI when `--no-updater` is passed in.
## Changelog
Support --updater and --no-updater options for flipper.exe
Pull Request resolved: https://github.com/facebook/flipper/pull/4277
Test Plan: Ran `yarn build --win` in flipper/desktop, and launched flipper.exe from flipper/dist/win-unpacked with the `--updater`, `--no-updater` and no flags and ensured the proper behavior was observed (update UI shows by default or when `--updater` is specified, and doesn't show when `--no-updater` is specified).
Reviewed By: passy
Differential Revision: D41298321
Pulled By: mweststrate
fbshipit-source-id: 5ddfede2700954f0fdd6a111b20d0836fab25565
Summary:
Not in all environments keytar is available, but still it will be useful to be able to login to intern with Flipper, even for temporarily sessions. This solution falls back to in memory storage.
Note that the underlying assuption is that multiple different users are not connected to the same Flipper server, as this would share their session!
https://fb.workplace.com/groups/flippersupport/permalink/1498550730625580/
Reviewed By: passy
Differential Revision: D41218132
fbshipit-source-id: 6e518d742df639bfbdc9a36ed1fa56ecb363a0b0
Summary:
We would like to version control Flipper and some of our custom plugins that are installed on developers' systems.
Flipper by default prompts users to upgrade so they sometimes do the update and then all our custom plugins break because they were compiled for an older version.
See https://github.com/facebook/flipper/issues/3947 for feature request info.
## Changelog
Adds notifyAvailable flag to config.json to disable prompting for users that "an update is available"
Pull Request resolved: https://github.com/facebook/flipper/pull/3992
Test Plan:
Tested by running locally.
Had to comment out the isProduction() check to confirm this it worked properly because this flag is false on dev versions.
Couldn't figure out how to manually test the handleOpenPluginDeeplink.tsx change but made a similar change there; happy to test that if you can tell me how to exercise that path.
Reviewed By: antonk52
Differential Revision: D39654481
Pulled By: antonk52
fbshipit-source-id: cef6b48d870915c48f620269c42d24b8ef1f4c29
Summary:
This is the first diff to implement the feature for the Flipper logs plugin to have an option to persist logs in the table between crashes, disconnections, etc.
Since this is not a local change, the UI option for persistence will be located in the settings for the Flipper UI(as seen in the test plan). The setting is associated with the Redux Store `Settings` and is stored globally to be used across all plugins. So the plan is making the persistence pertain to all plugins.
Reviewed By: mweststrate
Differential Revision: D37786988
fbshipit-source-id: 7ffc6077cbca559b3401b16770eda657a6c45620
Summary: We no longer need to Tail the logs as we stream the logs over WebSockets (see D37459924 (dcbc7c40bb))
Reviewed By: lblasa
Differential Revision: D37550482
fbshipit-source-id: 92a87f2ba1ecec140bbbb9e71df107341765ad46
Summary:
There's one setting: to enable or disable flipper-server.
However, I've added some current running state to it. If there's a better way of doing this, please do let me know.
Reviewed By: aigoncharov
Differential Revision: D37276670
fbshipit-source-id: f6c941cf0cfe55c267b9bcb9f799934fba1e28ef
Summary: We have several folders Flipper uses that sometimes we forget to create before Flipper starts. With this diff we have a single place to initialise the necessary folder structure.
Reviewed By: lblasa
Differential Revision: D37036601
fbshipit-source-id: f945f2bfdfc6be24ba87bd4b13c7fcef3fd74451
Summary: Tail is a server-side logging utility. We cannot add it to flipper-frontend-core as it is going to be included into the browser bundle then and break the build.
Reviewed By: antonk52
Differential Revision: D36771864
fbshipit-source-id: 169cdb88543f1e47f39e8c0976c3a3f45c0439d5
Summary: Allows to attribute errors to flipper server or flipper electron
Reviewed By: passy
Differential Revision: D36698504
fbshipit-source-id: 6d07216fd05aa48b7c8cca5b53145916b64526eb
Summary:
Currently, Flipper Server has a few productions dependencies (mac-ca, node-fetch) that are not bundled with the Flipper Server. It makes it harder to distribute Flipper Server, as now all potential consumers need not only to download the bundle, but also install these additional dependencies.
This diff makes it possible to bundle `mac-ca` and `node-fetch` with Flipper Server. As a result, Flipper Server becomes dependency-free in production.
Reviewed By: lblasa
Differential Revision: D36345213
fbshipit-source-id: 2cd6ba1b3301b45dc2295891964ba020fd107586
Summary:
This is PR on top of: https://github.com/facebook/flipper/pull/3473
It adds an option to Settings to allow distribution of marketplace plugins.
Also includes a simple fetch function to retrieve data from external API/server.
## Changelog
Allow marketplace plugins
Pull Request resolved: https://github.com/facebook/flipper/pull/3491
Test Plan:
1. Enable marketplace
2. Provide custom marketplace server (it will serve the list of internal plugins with downloadURL)
3. Test if can see Available plugins and can download/remove the plugin
4. If new update for the plugin, it should also allow auto update
Reviewed By: antonk52
Differential Revision: D34586339
Pulled By: nikoant
fbshipit-source-id: c887982aa0f0f9abd3b5360f22e8692a2445d345
Summary: Provide server add-on writers with a well-known fetch API
Reviewed By: mweststrate
Differential Revision: D34447630
fbshipit-source-id: 70386940c12f9e53aa97b3530a7edf1d40b5f2e2
Summary: This change gives priority to a user option settingsString to set up the flipper-server configuration and load them from a json string. Also giving the user the chance to avoid flipper-server looking at the launcher config files in the computer
Reviewed By: mweststrate
Differential Revision: D34210110
fbshipit-source-id: 9e852b79da106b5140c59116fd7d0c0f3155e620
Summary: Extract WWW certificate provider from the iOS certificate provider. Hide its implementation from OSS since it is not relevant for OSS folks.
Reviewed By: mweststrate
Differential Revision: D33895378
fbshipit-source-id: 376afda3b5fa3857c0eb280b92555314eb1a0d1f
Summary:
Currently, certificateSetup is called in two places:
- processCertificateSigningRequest
- loadSecureServerConfig
`loadSecureServerConfig` is a mandatory step of Flipper server initialization ([ServerController.init](https://www.internalfb.com/code/flipper/[24785758018a2ffbd4751ad2b9093b5ef97c611d]/src/fbsource/xplat/sonar/desktop/flipper-server-core/src/comms/ServerController.tsx?lines=118)). Flipper cannot start without executing it.
As a result, calling `certificateSetup` in `processCertificateSigningRequest` always results in the early return.
This diff removes executing `certificateSetup` from `processCertificateSigningRequest`. Since it's called only during server setup (so only once), it no longer makes sense to use `didCertificateSetup`.
Next steps:
- Extract Android and iOS certificate utils. Remove the dependency on accessing adb/idb dynamically. See D33711652 (da618fd3f3).
Reviewed By: jknoxville
Differential Revision: D33817119
fbshipit-source-id: 675d1e2fe468782da458832c2e88259c92951fdb
Summary: CertificateProvider initializes too early, and set abd and idb to undefined, before adb and idb are initialized by android and ios manager.
Reviewed By: lawrencelomax
Differential Revision: D33792854
fbshipit-source-id: b6bba32dead7edf62e360b2e2563f2b67243b1b8
Summary:
Previously CertificateProvider initialized ADB and provided config to IDB. As result, AndroidDeviceManager and iOSDeviceManager indirectly depended on CertificateProvider.
With this diff we:
1. Make idbConfig resemble adbClient.
2. Make AndroidDeviceManager and iOSDeviceManager initialize their own clients
3. Fix server crash when one of the clients couldn't be initialized. The reason for the crash is CertificateProvider.prototype.init which is no longer needed.
Reviewed By: passy
Differential Revision: D33711652
fbshipit-source-id: 055b5625ed993827b65396f4af5157808479242b
Summary:
This diff makes sure that errors are propagated similarly in flipper desktop and browser version, and that they are shown in either case.
Since in the browser version, the UI loads after the error happened, we'll store the error so that any client connecting in the future will read and report it.
Also added a `--failFast` flag to flipper-server, so that the process exits immediately if misconfigured, which is convenient in CI use cases and such
Reviewed By: nikoant
Differential Revision: D33348922
fbshipit-source-id: 0f584104f881141fde38da3f0031748415343ea2
Summary:
If openssl is not available, this would lead to an unhandled rejection exception. That is because a lot initialization logic generates promises that don't get a catch chained on immediately. Changed the flipper server startup flow to be more idiomatically async
Fixes https://github.com/facebook/flipper/issues/2766
Changelog: More clearly communicate if flipper server failed to start (e.d. due to port already taken, openssl not being available)
This change fixes it only for desktop flipper, will make sure the browser UI will support this as well (the error will fire correctly there, but there are no listeners during startup)
Reviewed By: nikoant
Differential Revision: D33348923
fbshipit-source-id: f561bb27b18a3041c514b37f7aed11435a49647f
Summary:
This refactors the flipper-server release script in such a way that it works the same as the normal release script, which solves two problems:
1) the official release script modifies versioned files, as it touches the package.json
2) it was slightly confusing that `flipper-server/static` was filled for release builds only, but not used in dev builds
3) running test:npx without running a release build before it, would fail with hard to comprehend errors. this has been solved now by removing that script and make it an arg of `build:flipper-server`
Also some further minor changes to prepare running a corresponding build / release job from SandCastle (later in this stack)
Reviewed By: nikoant
Differential Revision: D33297214
fbshipit-source-id: f6299aa982c3e59d1cc6479a93c56cbe4b57f85c
Summary: Make sure flipper-server is bundled in such a way that it is self-contained NPX-able. Also added some checks to make sure that dev dependencies don't accidentallly end up in in Flipper buidls
Reviewed By: nikoant
Differential Revision: D33190254
fbshipit-source-id: 443162e537d8ca9f956acac2d7bd52cbf0c92172
Summary:
Changelog: Allow only a single crash watcher and a single log listener per device. Start log listener and crash watcher for every device upon connection. Remove commands to start/stop them externally.
Monitored CPU load for a physical Android device with the log listener on and off. Did not notice any real difference.
Resolved crashing adbkit-logcat by forcing the usage of 2.0.1. A proper fix would be to unify babel transforms for browser flipper and electron flipper, but we might re-think how we distribute flipper in the next half, so a simple hot fix might be a better use of time and resources.
Reviewed By: mweststrate
Differential Revision: D33132506
fbshipit-source-id: 39d422682a10a64830ac516e30f43f32f416819d
Summary: Run doctor checks remained pending when the socket disonnected during a check. This
Reviewed By: aigoncharov
Differential Revision: D32984539
fbshipit-source-id: 277005e78803afaaa220cc5ca7fdc9cca6254453
Summary:
I was running flipper-server on a fresh machine without Flipper installed and discovered that reading / writing settings failed since `~/.flipper` wasn't existing, due to using `access` instead of `pathExists`.
Added a warning about needing to restart the server after making changes, since that is tricky to do from the UI.
Fixed an issue in the settings screen, which would fs.stat as part of rendering, causing the Settings UI not to load.
Reviewed By: timur-valiev, aigoncharov
Differential Revision: D32984538
fbshipit-source-id: 2b2011ad9d84c72ac824d92a8c96f636237b8771
Summary: Per title, processed some pending review comments made earlier in this stack
Reviewed By: aigoncharov
Differential Revision: D32916920
fbshipit-source-id: 01db85883596b5c85b77efc9cddadeac23cc4ef5
Summary: This diff moves send intern request from the browser to the server. The reason to make this change is that making such requests from a browser environment causes CORS restrictions to kick in.
Reviewed By: nikoant
Differential Revision: D32835449
fbshipit-source-id: e8e92e51ca963aa50b3c859bb61c2381171e85ae
Summary: Added a command to let a file be opened by the OS, and some other small bits and pieces to make Flipper browser compatible.
Reviewed By: lblasa
Differential Revision: D32721748
fbshipit-source-id: a4ad1c2f662f4651ddf6c20c57e5af1e123914a8
Summary: Per title. Two new server API's: get-healthchecks, and run-healtcheck. Types have all been moved to flipper-common, so that they can be used by doctor, server-core and ui-core packages. Since it were quite some, moved them into a FlipperDoctor namespace.
Reviewed By: nikoant
Differential Revision: D32720510
fbshipit-source-id: 37aa35cde6ebd58479cf0dffec5b7b2da6d22198
Summary: This diff makes most stuff that is read from the `os` package, and version info etc available from the `serverConfig` object, so that flipper-ui-core no longer needs the `os` package.
Reviewed By: passy
Differential Revision: D32694848
fbshipit-source-id: 93af1e95d898da9aaf351a6970b5a7652ee835c8
Summary:
Follow up of D32665064, this diff moves all plugin management logic from flipper-ui to flipper-server. Things like downloading, installing, querying new plugins.
Loading plugins is handled separately in the next diff.
Reviewed By: nikoant
Differential Revision: D32666537
fbshipit-source-id: 9786b82987f00180bb26200e38735b334dc4d5c3
Summary: This diff moves keychain storage to the server. Figured to leave request logic itself in the UI-core, as basically all use cases happen there, except for streaming download for mobile build plugin, so sending the requests from the backend doesn't really seem to add value, unless we run into some CORS issues later.
Reviewed By: passy
Differential Revision: D32596715
fbshipit-source-id: f5ab9d794f91a6eb8a8dc07ae723bf2890726771
Summary:
This diff moves a lot of stuff from the client to the server. This diff is fairly large, as a lot of concept closely relate, although some things have split off to the earlier diffs in the stack, or are still to follow (like making intern requests).
This diff primarily moves reading and storing settings and GKs from client to server (both flipper and launcher settings). This means that settings are no longer persisted by Redux (which only exists on client). Most other changes are fallout from that. For now settings are just one big object, although we might need to separate settings that are only make sense in an Electron context. For example launcher settings.
Reviewed By: passy, aigoncharov
Differential Revision: D32498649
fbshipit-source-id: d842faf7a7f03774b621c7656e53a9127afc6192
Summary:
Changelog: Fix server certificates not being generated for first time users.
As reported in https://fb.workplace.com/groups/flippersupport/permalink/1247554795725176/, server certificates are not generated properly for new users.
Also the fix. Omg. How does typechecking not find this?
...Oh yeah yeah I now, `await not-a-promise` is juuuusst fine. Long live `.then(` I guess...
Reviewed By: jknoxville
Differential Revision: D32203132
fbshipit-source-id: abd75c178e9c8640a266b2012b9250503d4258be
Summary:
Workaround for idb weirdness
Originally started at D27590885
Re-appared at https://github.com/facebook/flipper/issues/3009
Reviewed By: mweststrate
Differential Revision: D32106952
fbshipit-source-id: 63d4fa64503c5c2ba80dae113850c937450ab0fb
Summary:
This was the last eslint warning for `flipper-server-core` and the only call-site
was async already.
Reviewed By: mweststrate
Differential Revision: D32026626
fbshipit-source-id: 0d6f06086c33707b26f58f668ad533daca9de7dd
Summary: Fixed several tests that caused uncaught promise rejects to fire after the tests finished. This caused jest to fail if there are too many of them.
Reviewed By: aigoncharov
Differential Revision: D32118124
fbshipit-source-id: 50734dab6dee2efec7f056940af72858b27b1707
Summary: Create an example of how one can use `js-flipper` in a browser to connect to Flipper over WS.
Reviewed By: mweststrate
Differential Revision: D31688114
fbshipit-source-id: 135f826daeddeda8dca5b3df6504cc2bdc04dd1b
