Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auth] Migrate app-backend to use new auth services #23719

Merged
merged 36 commits into from Apr 9, 2024
Merged

[Auth] Migrate app-backend to use new auth services #23719

merged 36 commits into from Apr 9, 2024

Conversation

camilaibs
Copy link
Contributor

@camilaibs camilaibs commented Mar 20, 2024
edited

Hey, I just made a Pull Request!

Migrate app-backend to use new auth APIs:

  • Cookie refresh
    • Backend endpoint, /.backstage/v1-cookie
    • Frontend provider
  • Remove issueUserCookie from HttpAuthService and move to auth-node
  • Move RedirectToRoot to auth-react
  • Logout? How do we clear the cookie?
  • Document index-public-experimental & how to use

✔️ Checklist

  • A changeset describing the change and affected packages. (more info)
  • Added or updated documentation
  • Tests for new functionality and regression tests for bug fixes
  • Screenshots attached (for UI changes)
  • All your commits have a Signed-off-by line in the message. (more info)

@github-actions github-actions bot added auth area:techdocs Related to the TechDocs Project Area labels Mar 20, 2024
@backstage-goalie
Copy link
Contributor

backstage-goalie bot commented Mar 20, 2024
edited

Changed Packages

Package Name Package Path Changeset Bump Current Version
example-app packages/app none v0.2.96-next.0
@backstage/backend-app-api packages/backend-app-api patch v0.6.3-next.0
@backstage/backend-plugin-api packages/backend-plugin-api patch v0.6.17-next.0
@backstage/cli packages/cli patch v0.26.3-next.0
@backstage/core-app-api packages/core-app-api patch v1.12.3
@backstage/frontend-app-api packages/frontend-app-api patch v0.6.4-next.0
@backstage/plugin-app-backend plugins/app-backend patch v0.3.65-next.0
@backstage/plugin-auth-react plugins/auth-react minor v0.0.4-next.0
@backstage/plugin-techdocs-backend plugins/techdocs-backend patch v1.10.4-next.0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 20, 2024
edited

Uffizzi Cluster pr-23719 was deleted.

@camilaibs camilaibs force-pushed the rugvip/app-auth branch 12 times, most recently from e744c99 to 0224cfe Compare March 21, 2024 15:18
@github-actions github-actions bot added documentation Improvements or additions to documentation microsite Changes to backstage.io labels Mar 21, 2024
camilaibs
camilaibs commented Mar 21, 2024
View reviewed changes
docs/tutorials/enable-public-entry.md Outdated
<OAuthRequestDialog />
<AppRouter>
{/* For now, this is just a temporary solution to ensure the user remains logged in properly and has access to the main app content. */}
<ExperimentalAppProtection>
Copy link
Contributor Author

@camilaibs camilaibs Mar 21, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems unnecessary to do manually, I would have placed it in the createRoot logic, but we can't have a dependency on the auth-react package from the core-app-api package, can we?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The public path is not going to work, inject the mode instead

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Convert to an element instead of using a wrap.

Copy link
Contributor Author

@camilaibs camilaibs Apr 4, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realised that the cookie refresh provider expects children, so it needs to be a wrap because of that.

@camilaibs camilaibs marked this pull request as ready for review March 22, 2024 10:58
@Rugvip
app-backend: log users out if session is invalid
f9ad268 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
app-backend: update meta tag injection to be able to update existing tag
52d948d 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
core-app-api: add startCookieAuthRefresh + test
2b57eac 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
core-app-api: replace cookie auth provider with new implementation in…
d11767c 
… AppIdentityProxy

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
docs/tutorials/enable-public-entry: remove AuthProxyDiscoveryApi from…
e2e0c99 
… example

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
frontend-app-api: update app protection wiring
1bfaadb 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
changesets: updated and added changesets for app auth
4fecffc 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
auth-react: remove CompatAppProgress since it's no longer needed
33223c7 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Rugvip
Rugvip approved these changes Apr 9, 2024
View reviewed changes
Copy link
Member

@Rugvip Rugvip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mkay should be ready to go now 🤞

@Rugvip
backend-app-api: fix cookie delete response
30c7ed4 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
freben
freben reviewed Apr 9, 2024
View reviewed changes
packages/core-app-api/src/apis/implementations/IdentityApi/AppIdentityProxy.ts Outdated Show resolved Hide resolved
plugins/app-backend/src/service/router.ts Outdated Show resolved Hide resolved
plugins/app-backend/src/service/router.ts Outdated Show resolved Hide resolved
plugins/app-backend/migrations/20240113144027_assets-namespace.js
exports.down = async function down(knex) {
await knex.schema.alterTable('static_assets_cache', table => {
table.dropIndex([], 'static_asset_cache_namespace_idx');
table.dropColumn('namespace');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you do these in the same transaction 🤔 maybe

plugins/auth-react/src/hooks/useCookieAuthRefresh/useCookieAuthRefresh.tsx Outdated Show resolved Hide resolved
plugins/auth-react/src/components/CookieAuthRefreshProvider/CookieAuthRefreshProvider.test.tsx Outdated Show resolved Hide resolved
freben
freben reviewed Apr 9, 2024
View reviewed changes
packages/core-app-api/src/apis/implementations/IdentityApi/startCookieAuthRefresh.ts Outdated Show resolved Hide resolved
packages/core-app-api/src/apis/implementations/IdentityApi/startCookieAuthRefresh.ts Outdated Show resolved Hide resolved
packages/core-app-api/src/apis/implementations/IdentityApi/startCookieAuthRefresh.ts Outdated Show resolved Hide resolved
plugins/app-backend/src/service/router.ts Show resolved Hide resolved
plugins/app-backend/src/service/router.ts
const injectedConfigPath =
appConfigs && (await injectConfig({ appConfigs, logger, staticDir }));

await injectAppMode({ appMode, rootDir });
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noting that our disableConfigInjection was there to cover readonly filesystems, and now this one also does writes - do we have to honor that flag for this purpose too?

Also, is it really not possible to do "live" injection of stuff in our app backend serving code? Even with like a middleware, that mutates the body before getting sent?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had a live one but switched to this for simplicity, since that one needs to handle a couple of different cases. We could tweak the injection to only happen if it's not needed, but tbh I prefer the approach of adding it on the fly. Gonna leave that for a followup though

@Rugvip
app-backend auth review fixes
d1adc89 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
app-backend: fix config injection
37973c2 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
app-backend: separate config injection handling for protected and pub…
ed4e394 
…lic bundle

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
auth-react: completely remove path option
633d30e 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip
core-app-api: cookie auth review fixes
5ce40c4 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
@Rugvip Rugvip enabled auto-merge April 9, 2024 15:21
@Rugvip Rugvip disabled auto-merge April 9, 2024 15:45
@Rugvip Rugvip merged commit df279de into master Apr 9, 2024
44 checks passed
@Rugvip Rugvip deleted the rugvip/app-auth branch April 9, 2024 15:45
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 9, 2024

Thank you for contributing to Backstage! The changes in this pull request will be part of the 1.26.0 release, scheduled for Tue, 14 May 2024.

@Rugvip Rugvip mentioned this pull request Apr 13, 2024
Merged
5 tasks
@freben freben mentioned this pull request Apr 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rugvip Rugvip Rugvip approved these changes

@vinzscam vinzscam vinzscam left review comments

@freben freben freben approved these changes

@backstage-service backstage-service Awaiting requested review from backstage-service backstage-service is a code owner

@tudi2d tudi2d Awaiting requested review from tudi2d tudi2d is a code owner automatically assigned from backstage/reviewers

Assignees
No one assigned
Labels
area:techdocs Related to the TechDocs Project Area auth documentation Improvements or additions to documentation microsite Changes to backstage.io
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@camilaibs @Rugvip @freben @vinzscam @tudi2d