Summary: Recently , we started verifying a special token for every websocket connection. It made e2e tests fail. We are going to use this bypass flag in jest e2e envs.
Reviewed By: lblasa
Differential Revision: D46025343
fbshipit-source-id: c2e6e0b561286fb8b571565243a45cdfb56a54a9
Summary:
We were using an old unmaintained/abandonned library for communicating with adb server https://github.com/openstf/adbkit
This was giving me issues i couldnt figure out when running flipper server.
There is a popular fork written in typescript here https://github.com/DeviceFarmer/adbkit but it uses blue bird for promises.
There is a fork of the fork here which i have chosen to use which is the same api as above but with es6 promises, https://github.com/UrielCh/adbkit.
Both forks have a slightly different api to the original. In the original library there was a single client and any command directed at a particular device had a serial as the first argument
In the new libraries you create a DeviceClient where the serial is baked in and you don't need to supply this argument every time
allow-large-files
Reviewed By: lblasa
Differential Revision: D45569652
fbshipit-source-id: 2a23c0eaa12feaebdccadb3d343e087c0d5708d5
Summary:
Clean initialisation by passing down the environment info to start server.
(Also rename dir to path as that's the name used in other places)
Reviewed By: passy
Differential Revision: D45731751
fbshipit-source-id: a60fdd49c567fc312d1f8da72db3a46a0828c140
Summary:
For Electron builds, use the same directory as certificates and keys.
For headless builds, then use the static directory.
Reviewed By: antonk52
Differential Revision: D45728515
fbshipit-source-id: 55a3b143a9289fed23e57cbf6b701a5e48d27332
Summary: The isHeadlessBuild flag was not properly set.
Reviewed By: antonk52
Differential Revision: D45728435
fbshipit-source-id: 3616c4358114d4f3d96372766dabf48b27b44333
Summary:
Until now, launching flipper-server with TCP would accept any incoming connection as long as it comes from the same origin (localhost) using web socket host origin verification.
This is not entirely secure as origin can be spoofed with tools like curl.
Our team created a security review and a proposal was written:
https://docs.google.com/document/d/16iXypCQibPiner061SoaQUFUY9tLVAEpkKfV_hUXI7c/
Effectively, Flipper can generate a token which is then used by the client to authenticate.
This diff contains the changes required to generate, obtain, and validate authentication tokens from clients connecting to flipper over TCP connections.
The token itself is a JWT token. JWT was chosen because it is a simple industry standard which offers three features which can immediately benefit us:
- Expiration handling. No need for Flipper to store this information anywhere.
- Payload. Payload can be used to push any data we deem relevant i.e. unix username.
- Signing. Signed and verified using the same server key pair which is already in place for certificate exchange.
Additionally, the token is stored in the Flipper static folder. This ensures that the browser and PWA clients have access to it.
Reviewed By: mweststrate
Differential Revision: D45179654
fbshipit-source-id: 6761bcb24f4ba30b67d1511cde8fe875158d78af
Summary: The error is non-fatal as it's already handled and it's not actionable by the Flipper team.
Reviewed By: lawrencelomax
Differential Revision: D44054514
fbshipit-source-id: c54c7e935374a1c97e54a5da4daaa3f26b236023
Summary: We can't do much if a phone is not setup properly
Reviewed By: lblasa
Differential Revision: D43980508
fbshipit-source-id: 5baf82ae36030b81c7cc90bcf6a5de2af9304fb3
Summary: This is firing regularly when people have a broken local setup.
Reviewed By: lawrencelomax
Differential Revision: D43834469
fbshipit-source-id: 1fbc2cf52f93046984e9846f8aed931106542b03
Summary:
Bumps [js-base64](https://github.com/dankogai/js-base64) from 3.7.4 to 3.7.5.
<details>
<summary>Commits</summary>
<ul>
<li><a href="7e790b799e"><code>7e790b7</code></a> version 3.7.5</li>
<li><a href="f729053682"><code>f729053</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dankogai/js-base64/issues/167">https://github.com/facebook/flipper/issues/167</a> from ctomacheski/main</li>
<li><a href="a9a994f367"><code>a9a994f</code></a> improve performance by stop using the mapFn param on Uint8Array.from constructor</li>
<li>See full diff in <a href="https://github.com/dankogai/js-base64/compare/3.7.4...3.7.5">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/4519
Reviewed By: mweststrate
Differential Revision: D43305193
Pulled By: ivanmisuno
fbshipit-source-id: e10eb134c079951e325c1f4d627eb1e60510c12d
Summary: Plugin download failure is typical a transient error, no need to trigger monitoring for that
Reviewed By: ivanmisuno
Differential Revision: D43118116
fbshipit-source-id: 0cd0f87f0ed6123adcba28139308ecea92b1b508
Summary:
The 'screenrecord' command is not in some Android phones e.g OPPO. So 'screenrecord' command can't be used as a basis for determining whether or not you can take a screenshot. Replace it with 'screencap' command to determine whether you can take a screenshot.
## Changelog
Fixed a bug where the screenshot of some Android phones was unavailable
Pull Request resolved: https://github.com/facebook/flipper/pull/4366
Test Plan: It passed the test on my Mac and OPPO phone Reno2.
Reviewed By: ivanmisuno
Differential Revision: D42918902
Pulled By: passy
fbshipit-source-id: c1f02f075817d90e0d447f466a1168b6ec932e4e
Summary: Combining a bunch of individual tasks for dep upgrades into one diff.
Reviewed By: ivanmisuno
Differential Revision: D42706074
fbshipit-source-id: 054b2545ad1295699f47f4c6eb5065b7b9a1d6a0
Summary:
In our organization, Flipper is distributed in a version controlled way. As a result, we do not want users to manually update or receive prompts to update when a new version is available. There is already a `--updater` flag in the command line arguments for flipper.exe, but it isn't piped through. This change pipes it through and disables all update related UI when `--no-updater` is passed in.
## Changelog
Support --updater and --no-updater options for flipper.exe
Pull Request resolved: https://github.com/facebook/flipper/pull/4277
Test Plan: Ran `yarn build --win` in flipper/desktop, and launched flipper.exe from flipper/dist/win-unpacked with the `--updater`, `--no-updater` and no flags and ensured the proper behavior was observed (update UI shows by default or when `--updater` is specified, and doesn't show when `--no-updater` is specified).
Reviewed By: passy
Differential Revision: D41298321
Pulled By: mweststrate
fbshipit-source-id: 5ddfede2700954f0fdd6a111b20d0836fab25565
Summary:
Not in all environments keytar is available, but still it will be useful to be able to login to intern with Flipper, even for temporarily sessions. This solution falls back to in memory storage.
Note that the underlying assuption is that multiple different users are not connected to the same Flipper server, as this would share their session!
https://fb.workplace.com/groups/flippersupport/permalink/1498550730625580/
Reviewed By: passy
Differential Revision: D41218132
fbshipit-source-id: 6e518d742df639bfbdc9a36ed1fa56ecb363a0b0
Summary: On older Android devices (API 24) `-printf ` is not available
Reviewed By: lblasa
Differential Revision: D40980640
fbshipit-source-id: d1a1bcadc496deaf3d514c1e45b2e0104a937b18
Summary:
Flipper plugins fail when importing css from third-party dependencies. This diff tries to fix that.
Effectively, the plugin can import the css and export it when is bundled.
When we load the plugin, we check if there's a css file for it. If there's one, we return it and try to use it.
Reviewed By: aigoncharov
Differential Revision: D40758178
fbshipit-source-id: e53afffcc481504905d5eeb1aea1f9114ee2a86b
Summary:
Closes https://github.com/facebook/flipper/issues/4203
CHANGELOG: Stop doing eval to load server add-ons
On Windows `details.path` contains backslashes. When we interpolate it, it loses one of the backslashes and subsequently `require` fails to load it. If we do not interpolate it (by ditching eval) it has the double backslash and work just fine.
Reviewed By: lblasa
Differential Revision: D40715523
fbshipit-source-id: 50c52f2a53690b585a32d3009f1692cf0b0d8428
Summary: When Flipper starts with Flipper Server enabled, on Windows we forgot to attach the WebSocket handler. It led to a white screen on Electron or to connection timeout messages on Flipper Server.
Reviewed By: passy, lblasa
Differential Revision: D40679781
fbshipit-source-id: 1c8df8012efc54077409eb8891b1d82ddaf16689
Summary:
Design doc: https://docs.google.com/document/d/1HLCFl46RfqG0o1mSt8SWrwf_HMfOCRg_oENioc1rkvQ/edit#
Some files on the devices could be unavailable due to lack of permissions (hello SELinux and enterprise builds of iOS apps). Instead of failing the export, we should fetch what we can.
Reviewed By: passy
Differential Revision: D40551931
fbshipit-source-id: 698e157b1283b9e959909b6439cd09d2dc8dc8d6
Summary:
Design doc: https://docs.google.com/document/d/1HLCFl46RfqG0o1mSt8SWrwf_HMfOCRg_oENioc1rkvQ/edit#
In later diffs, we'll start fetching the actual files as well. The list of available files itself might be useful already to see what we have in our folder on the device
Reviewed By: passy
Differential Revision: D40508960
fbshipit-source-id: 96193fef3fed64d509cd3397513ae3e94438ae22
Summary: pull/push might fail when run-as fails on insufficient permissions. When this happens, try to perform the command as root.
Reviewed By: aigoncharov
Differential Revision: D40623363
fbshipit-source-id: a4cc71d70f83ce1a390b14c9af9d3a3fa09f1307
Summary:
When we start using Flipper from the CLI for automation, we want to have the list of currently connected devices as soon as flipper server is alive.
Otherwise, we would have to poll flipper server waiting for some magical moment in the future when devices connect.
This way, we can be certain that if flipper server started, but we do not see a device, it is not connected at all.
Reviewed By: mweststrate
Differential Revision: D40184106
fbshipit-source-id: ce4c2b897a2df0081e3a0b6a8c26640599e0f9e8
Summary:
We would like to version control Flipper and some of our custom plugins that are installed on developers' systems.
Flipper by default prompts users to upgrade so they sometimes do the update and then all our custom plugins break because they were compiled for an older version.
See https://github.com/facebook/flipper/issues/3947 for feature request info.
## Changelog
Adds notifyAvailable flag to config.json to disable prompting for users that "an update is available"
Pull Request resolved: https://github.com/facebook/flipper/pull/3992
Test Plan:
Tested by running locally.
Had to comment out the isProduction() check to confirm this it worked properly because this flag is false on dev versions.
Couldn't figure out how to manually test the handleOpenPluginDeeplink.tsx change but made a similar change there; happy to test that if you can tell me how to exercise that path.
Reviewed By: antonk52
Differential Revision: D39654481
Pulled By: antonk52
fbshipit-source-id: cef6b48d870915c48f620269c42d24b8ef1f4c29
Summary: Move flipper local deps to prod deps, so yarn installs them later when we build a bundle
Reviewed By: lblasa
Differential Revision: D39475545
fbshipit-source-id: 5b61d15b45ee315c3b35d8e6836c114b90503b1a
Summary: Stop bundling plugins into Flipper Server bundles. In later diffs, we will start building all plugins even in dev mode which removes the need to bundle them.
Reviewed By: lblasa
Differential Revision: D39276249
fbshipit-source-id: 091405cfcf58aa7e1bd2b382da40f8d9841ae6b1
Summary: Flipper server itself requires no babel transforms. We applied extra transforms only for the bundled plugins. However, we pack and ship all plugins in the /static folder. They are always available on the FS. Therefore we could stop bundling any plugins into flipper-server's source code.
Reviewed By: lblasa
Differential Revision: D38910251
fbshipit-source-id: b3e9fe5ae2ab69ce5579b01b6793ebf7e88baf66
Summary:
flipper-server-companion depends on flipper-plugin. flipper-plugin includes dependencies that run only in a browser. Splitting flipper-plugin into core and browser packages helps to avoid including browser-only dependencies into flipper-server bundle.
As a result, bundle size could be cut in half. Subsequently, RSS usage drops as there is twice as less code to process for V8.
Note: it currently breaks external flipper-data-source package. It will be restored in subsequent diffs
Reviewed By: lblasa
Differential Revision: D38658285
fbshipit-source-id: 751b11fa9f3a2d938ce166687b8310ba8b059dee
Summary: Do not remove dummy devices as they are created during WWW cert exchange and are not picked up by IDB
Reviewed By: lblasa
Differential Revision: D39430458
fbshipit-source-id: 249efda23f324522ae2ae3a0ee4f198ab701d22d
Summary:
Starting a screencapture longer than 30 seconds would timeout as the start command waits for the process to finish. Removed that wait is it is the stop command that should only wait for the finish.
(n.b. please ship after accepting, as I'm on PTO)
Reviewed By: LukeDefeo
Differential Revision: D38918570
fbshipit-source-id: fd93e1239985c81a2143ceb79312518e7ebb27f5
Summary:
GraphQL plugin sends garbage JSON at the moment (see T129428800). Still figuring out if that is caused by the plugin on client side, or that the Flipper SDK should escape that properly.
In the mean time, closing the Flipper connection on not being able to handle an individual message seems a cause of unnecessary connection ping-pong and instability. Changing the strategy to instead merely log and drop the message.
Changelog: Stop applications from disconnecting if a single plugin message cannot be processed.
Reviewed By: LukeDefeo
Differential Revision: D38825940
fbshipit-source-id: 4d45c8eea457375ec677238ad09b5e02bc2eb5bf
