Summary:
Clean initialisation by passing down the environment info to start server.
(Also rename dir to path as that's the name used in other places)
Reviewed By: passy
Differential Revision: D45731751
fbshipit-source-id: a60fdd49c567fc312d1f8da72db3a46a0828c140
Summary:
Until now, launching flipper-server with TCP would accept any incoming connection as long as it comes from the same origin (localhost) using web socket host origin verification.
This is not entirely secure as origin can be spoofed with tools like curl.
Our team created a security review and a proposal was written:
https://docs.google.com/document/d/16iXypCQibPiner061SoaQUFUY9tLVAEpkKfV_hUXI7c/
Effectively, Flipper can generate a token which is then used by the client to authenticate.
This diff contains the changes required to generate, obtain, and validate authentication tokens from clients connecting to flipper over TCP connections.
The token itself is a JWT token. JWT was chosen because it is a simple industry standard which offers three features which can immediately benefit us:
- Expiration handling. No need for Flipper to store this information anywhere.
- Payload. Payload can be used to push any data we deem relevant i.e. unix username.
- Signing. Signed and verified using the same server key pair which is already in place for certificate exchange.
Additionally, the token is stored in the Flipper static folder. This ensures that the browser and PWA clients have access to it.
Reviewed By: mweststrate
Differential Revision: D45179654
fbshipit-source-id: 6761bcb24f4ba30b67d1511cde8fe875158d78af
Summary: When Flipper starts with Flipper Server enabled, on Windows we forgot to attach the WebSocket handler. It led to a white screen on Electron or to connection timeout messages on Flipper Server.
Reviewed By: passy, lblasa
Differential Revision: D40679781
fbshipit-source-id: 1c8df8012efc54077409eb8891b1d82ddaf16689
Summary:
Provide an option to enable/disable TCP connections on flipper-server.
The only change at this stage is that Flipper Desktop will use UDS to connect to flipper-server.
Reviewed By: passy
Differential Revision: D37519656
fbshipit-source-id: 3d02084666fde532ec76134edf8cf6a231060a48
Summary:
This change attaches our event handlers as soon as the ws is created.
As a consequence, we need to wait until the server has created any necessary instances required to process incoming requests.
To achieve this, I created a type called `Lazy`.
This type wraps around a value and a promise to that value. Callers can check if the value is set. If not, callers can wait for it.
Ultimately, the value can be set outside of the promise itself.
Reviewed By: passy
Differential Revision: D37284939
fbshipit-source-id: 17dec548d7155a3d65440c9584cec07cbb826c37
Summary: On exit, close the servers explicitly.
Reviewed By: lawrencelomax
Differential Revision: D37206986
fbshipit-source-id: 7f4313cce1db18e1fb1320993a58c440af2cc7e0
Summary:
For Flipper Desktop, Electron based, the origin maybe file:// as shown in tests:
```
Refused socket connection from cross domain request, origin: file://, host: localhost:52342.
Expected origins: http://localhost:52342 or http://[::1]:52342 or http://::1:52342 or http://localhost:3000.
Expected hosts: localhost:52342 or [::1]:52342 or ::1:52342 or localhost:3000
```
This change effectively adds `file://` as a valid origin.
Reviewed By: passy
Differential Revision: D37212809
fbshipit-source-id: 311a93bb8872587d15c6be4329238af6b0f6988d
Summary:
This changes moves most of the functionality found in flipper-server to flipper-server-core.
flipper-server will mostly be a package that wraps around flipper-server-core. Staying in flipper-server:
- Command line args
- Orchestration to start the necessary servers
Reviewed By: aigoncharov
Differential Revision: D36807087
fbshipit-source-id: f29002c7cc5d08b8c5184fdaaa02ba22562a9f45
