fix: disable cache for injected file. (janus-idp#710)

* fix: disable cache for injected file. Backed merged config is inject inside one of the Javascript static assets. We should never allow this file to be cached on the client side, so that any change in the configuration can be seen on the frontend side after a backend restart. That's particularly critical to get the latest UI configuration of added dynamic frontend plugins. Signed-off-by: David Festal <dfestal@redhat.com> * use `no-cache` instead of `no-store` Signed-off-by: David Festal <dfestal@redhat.com> * Add changeset Signed-off-by: David Festal <dfestal@redhat.com> * Add rate limiter Signed-off-by: David Festal <dfestal@redhat.com> --------- Signed-off-by: David Festal <dfestal@redhat.com>
RedHatInsights · Nov 6, 2023 · 0e5bd3f · 0e5bd3f
1 parent 6a28d78
commit 0e5bd3f
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 4 deletions.
diff --git a/.changeset/old-fans-work.md b/.changeset/old-fans-work.md
@@ -0,0 +1,5 @@
+---
+'backend': patch
+---
+
+Never cache the static Javascript asset that contains the injected server-side merged configuration.
diff --git a/packages/backend/package.json b/packages/backend/package.json
@@ -49,11 +49,14 @@
     "isolated-vm": "4.6.0",
     "pg": "8.11.3",
     "prom-client": "15.0.0",
-    "winston": "3.11.0"
+    "winston": "3.11.0",
+    "fs-extra": "10.1.0",
+    "express-rate-limit": "^7.1.3"
   },
   "devDependencies": {
     "@backstage/cli": "0.23.1",
     "@types/express": "4.17.20",
+    "@types/fs-extra": "9.0.11",
     "cross-env": "7.0.3"
   },
   "files": [

diff --git a/packages/backend/src/plugins/app.ts b/packages/backend/src/plugins/app.ts
@@ -1,14 +1,65 @@
 import { createRouter } from '@backstage/plugin-app-backend';
-import type { Router } from 'express';
+import { Router } from 'express';
 import type { PluginEnvironment } from '../types';
+import { resolvePackagePath } from '@backstage/backend-common';
+import { resolve as resolvePath } from 'path';
+import fs from 'fs-extra';
+import rateLimit from 'express-rate-limit';
 
 export default async function createPlugin(
   env: PluginEnvironment,
 ): Promise<Router> {
-  return await createRouter({
+  const appPackageName = 'app';
+
+  const appDistDir = resolvePackagePath(appPackageName, 'dist');
+  const staticDir = resolvePath(appDistDir, 'static');
+
+  const files = await fs.readdir(staticDir);
+  const jsFiles = files.filter(file => file.endsWith('.js'));
+  let injectedJSFile: string | undefined = undefined;
+
+  for (const jsFile of jsFiles) {
+    const path = resolvePath(staticDir, jsFile);
+
+    const content = await fs.readFile(path, 'utf8');
+    if (content.includes('__APP_INJECTED_')) {
+      injectedJSFile = jsFile;
+      break;
+    }
+  }
+
+  const router = await createRouter({
     logger: env.logger,
     config: env.config,
     database: env.database,
-    appPackageName: 'app',
+    appPackageName,
   });
+
+  const enclosingRouter = Router();
+  if (injectedJSFile) {
+    env.logger.info(
+      `Setting up static router for injected Javascript file ${injectedJSFile}`,
+    );
+
+    enclosingRouter.get(
+      `/static/${injectedJSFile}`,
+      rateLimit({
+        windowMs: 15 * 60 * 1000, // 15 minutes
+        max: 100, // limit each IP to 100 requests per windowMs
+      }),
+      (_req, res) => {
+        env.logger.info(
+          `Serving in the injected Javascript file with caching disabled`,
+        );
+        res.sendFile(resolvePath(staticDir, injectedJSFile!), {
+          headers: {
+            'cache-control': 'no-cache',
+          },
+        });
+      },
+    );
+  }
+
+  enclosingRouter.use(router);
+  return enclosingRouter;
 }
diff --git a/yarn.lock b/yarn.lock
@@ -10210,6 +10210,13 @@
   resolved "https://registry.yarnpkg.com/@types/geojson/-/geojson-7946.0.12.tgz#0307536218d32e6b970bccd1d148b9c4e5b6f10d"
   integrity sha512-uK2z1ZHJyC0nQRbuovXFt4mzXDwf27vQeUWNhfKGwRcWW429GOhP8HxUHlM6TLH4bzmlv/HlEjpvJh3JfmGsAA==
 
+"@types/fs-extra@9.0.11":
+  version "9.0.11"
+  resolved "https://registry.yarnpkg.com/@types/fs-extra/-/fs-extra-9.0.11.tgz#8cc99e103499eab9f347dbc6ca4e99fb8d2c2b87"
+  integrity sha512-mZsifGG4QeQ7hlkhO56u7zt/ycBgGxSVsFI/6lGTU34VtwkiqrrSDgw0+ygs8kFGWcXnFQWMrzF2h7TtDFNixA==
+  dependencies:
+    "@types/node" "*"
+
 "@types/glob@*":
   version "8.1.0"
   resolved "https://registry.yarnpkg.com/@types/glob/-/glob-8.1.0.tgz#b63e70155391b0584dce44e7ea25190bbc38f2fc"
@@ -16139,6 +16146,11 @@ express-promise-router@4.1.1, express-promise-router@^4.1.0, express-promise-rou
     lodash.flattendeep "^4.0.0"
     methods "^1.0.0"
 
+express-rate-limit@^7.1.3:
+  version "7.1.3"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.1.3.tgz#0eae6c7733316f3d9403a71ad488e31e94ca0aa4"
+  integrity sha512-BDes6WeNYSGRRGQU8QDNwUnwqaBro28HN/TTweM3RlxXRHDld8RLoH7tbfCxAc0hamQyn6aL0KrfR45+ZxknYg==
+
 express-session@^1.17.1:
   version "1.17.3"
   resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.17.3.tgz#14b997a15ed43e5949cb1d073725675dd2777f36"