Summary:
All clients need to provide an authentication token before connecting. Electron app is no different.
This change adds the authentication token whether we are connecting over UDS or TCP.
Before this change, if Flipper server was already running, launching the Electron app would look similar to this:
{F1016961594}
Reviewed By: antonk52
Differential Revision: D46418758
fbshipit-source-id: f00ffe675df78403d5921250e3e9ed9331a55bde
Summary:
Until now, launching flipper-server with TCP would accept any incoming connection as long as it comes from the same origin (localhost) using web socket host origin verification.
This is not entirely secure as origin can be spoofed with tools like curl.
Our team created a security review and a proposal was written:
https://docs.google.com/document/d/16iXypCQibPiner061SoaQUFUY9tLVAEpkKfV_hUXI7c/
Effectively, Flipper can generate a token which is then used by the client to authenticate.
This diff contains the changes required to generate, obtain, and validate authentication tokens from clients connecting to flipper over TCP connections.
The token itself is a JWT token. JWT was chosen because it is a simple industry standard which offers three features which can immediately benefit us:
- Expiration handling. No need for Flipper to store this information anywhere.
- Payload. Payload can be used to push any data we deem relevant i.e. unix username.
- Signing. Signed and verified using the same server key pair which is already in place for certificate exchange.
Additionally, the token is stored in the Flipper static folder. This ensures that the browser and PWA clients have access to it.
Reviewed By: mweststrate
Differential Revision: D45179654
fbshipit-source-id: 6761bcb24f4ba30b67d1511cde8fe875158d78af
Summary: We no longer need to Tail the logs as we stream the logs over WebSockets (see D37459924 (dcbc7c40bb))
Reviewed By: lblasa
Differential Revision: D37550482
fbshipit-source-id: 92a87f2ba1ecec140bbbb9e71df107341765ad46
Summary:
This changes moves most of the functionality found in flipper-server to flipper-server-core.
flipper-server will mostly be a package that wraps around flipper-server-core. Staying in flipper-server:
- Command line args
- Orchestration to start the necessary servers
Reviewed By: aigoncharov
Differential Revision: D36807087
fbshipit-source-id: f29002c7cc5d08b8c5184fdaaa02ba22562a9f45
Summary: Tail is a server-side logging utility. We cannot add it to flipper-frontend-core as it is going to be included into the browser bundle then and break the build.
Reviewed By: antonk52
Differential Revision: D36771864
fbshipit-source-id: 169cdb88543f1e47f39e8c0976c3a3f45c0439d5
Summary: During startup the socket connection would close a few times, among others because Scribe dumps 1.3 MB of data after startup, and the maximum payload of `socket.io` defaults to 1MB. This diff changes it to 100MB (the max size used by `ws` library). We know that we need at least > 10 MB, as that is what plugins like Network cap at.
Reviewed By: aigoncharov
Differential Revision: D33017653
fbshipit-source-id: 1233af6fbdc4b9eed42786ee418cfd6d43b2b433
Summary: This diff makes most stuff that is read from the `os` package, and version info etc available from the `serverConfig` object, so that flipper-ui-core no longer needs the `os` package.
Reviewed By: passy
Differential Revision: D32694848
fbshipit-source-id: 93af1e95d898da9aaf351a6970b5a7652ee835c8
Summary:
This diff moves a lot of stuff from the client to the server. This diff is fairly large, as a lot of concept closely relate, although some things have split off to the earlier diffs in the stack, or are still to follow (like making intern requests).
This diff primarily moves reading and storing settings and GKs from client to server (both flipper and launcher settings). This means that settings are no longer persisted by Redux (which only exists on client). Most other changes are fallout from that. For now settings are just one big object, although we might need to separate settings that are only make sense in an Electron context. For example launcher settings.
Reviewed By: passy, aigoncharov
Differential Revision: D32498649
fbshipit-source-id: d842faf7a7f03774b621c7656e53a9127afc6192
Summary: moved `app/src/server` to `flipper-server-core/src` and fixed any fallout from that (aka integration points I missed on the preparing diffs).
Reviewed By: passy
Differential Revision: D31541378
fbshipit-source-id: 8a7e0169ebefa515781f6e5e0f7b926415d4b7e9
Summary:
This diff introduces the packages necessary for Flipper decapitated.
* flipper-common: utilities & types shared between client, server, flipper-plugin
* flipper-server-core: all device & client management goes in here. Basically flipper's backend
* flipper-ui-core: all UI goes in here, as far as it doesn't depend on Electron
* desktop: the Electron app, will load server-core and ui-core, and glue them together, providing implementations for some electron specific stuff like dialgos
* flipper-server: A node process hosting flipper-server-core, that can be connected to over websockets. And probably can serve a browser version of the UI as well.
* flipper-ui-browser: thin wrapper around flipper-ui-core, providing some browser specific behavior / stubs.
* flipper-dump: (might remove later), but want to hack a quick and dirt flipper dump in here, as alternative way to test flipper-server-core.
This diff just creates the packages, but doesn't move any code, so it can be summarized as:
restoftheowl
Reviewed By: nikoant
Differential Revision: D30218646
fbshipit-source-id: 735598a1261a98e584f52504b5eba01ec0afa162
