Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't autogenerate access token on homepage. #8

Closed
wants to merge 7 commits into from
Closed

Don't autogenerate access token on homepage. #8

wants to merge 7 commits into from

Conversation

efixler
Copy link

@efixler efixler commented Jul 17, 2024
edited
Loading

What's Here

This PR updates the homepage (aka test console) to require a valid token for API usage, building on the UX introduced in the prior PRs:

Here's a screenshot of the token entry widget:

image

Tokens may be saved to local storage, in which case they'll be pre-loaded for future sessions.

The prior behavior (where API access via the homepage was provided by short-lived token passed from the server) is preserved and can be enabled via the -public-home flag. This mode is useful for development and may also be useful in production environments where route authentication is handled upstream from this service.

Steps to Test

Building this release

Without Go on your machine

In the branch root: make docker-build

With Go 1.22.x on your machine

In the branch root: make

Running the Server

You'll need a signing key to start the server, and a corresponding token to access functionality from the test console.

Here's a signing key for testing:

bCdcAT8EBvQXo7A50c4cSbkTc2gMvpVoMYrVaOpuKmM=

With Go

./build/scrape-server -signing-key [insert signing key from above here]

With Docker

  • In your Docker Desktop find the scrape-bookworm-slim image you just built. If it's running, stop it.
  • Click the play button
  • When the modal opens, expand Optional Settings
  • For host port, enter 8080
  • Make an environment variable called SCRAPE_SIGNING_KEY
  • Set its value to the signing key above
  • Start the container

Testing Functionality

  • Try to fetch a url without entering a token, it should not work and you should see a 401 message in the output field.
  • Unfurl the token entry widget
  • Here's a token that will you can paste into the token entry field:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY3JhcGUiLCJzdWIiOiJ0ZXN0ZXIiLCJhdWQiOlsibW96Il0sImV4cCI6MTc1Mjc3NjM1MiwiaWF0IjoxNzIxMjQwMzUyfQ.ldabSHpxSyBA6VkRvFF2RgQDNfAXCui0zILkdv9ZFhM
  • Operations should work now
  • Save the token and confirm that it's restored when the page is loaded
  • Clear the token and confirm that that works too

@efixler efixler marked this pull request as ready for review July 17, 2024 18:42
cass-moz
cass-moz approved these changes Jul 17, 2024
View reviewed changes
Copy link

@cass-moz cass-moz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works locally for me!

@efixler
Copy link
Author

efixler commented Jul 17, 2024

Awesome, thanks @cass-moz ! I will let you know when I tag this release.

rolf-moz
rolf-moz approved these changes Jul 18, 2024
View reviewed changes
Copy link

@rolf-moz rolf-moz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know go, but seems to make sense.

@efixler efixler closed this Aug 13, 2024
@efixler efixler deleted the token-entry-on-homepage branch August 13, 2024 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rolf-moz rolf-moz rolf-moz approved these changes

@cass-moz cass-moz cass-moz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@efixler @rolf-moz @cass-moz