Add UI boilerplate with sign up, sign in and ability to list clusters #140

jmorganca · 2021-07-30T02:24:05Z

This looks to be a pretty hefty PR, but much of the code is generated or boilerplate. The three main additions:

A next.js UI under ./internal/ui
Modifications to ./internal/registry to serve the UI as static website
GRPC-gateway to translate GRPC requests to REST/JSON for browsers to use (namely our UI)

This fixes #123 in passing

Screenshots

Below are some screenshots @BruceMacD @mchiang0610

internal/registry/registry.go

jmorganca · 2021-07-30T02:28:09Z

internal/registry/registry.go

+		Expires:  expires,
+		HttpOnly: true,
+		Path:     "/",
+		SameSite: http.SameSiteStrictMode,


In this case I opted to not make the cookies Secure - which means they work over plaintext http. While this is much easier for self-hosted setups who don't want to deal with the certificate issue, it might be better if we just force everything to be https. Thoughts?

Any way we can check if there is a certificate and set the secure flag based on that? Otherwise I think it is better to force it.

Makes sense. I'll commit as-is and then create an issue to enforce secure cookies and redirect http to https automatically: #143 in case users don't set this up on their side

This may have a few issues with usability (e.g. accessing via port forwarding) we should double check so will treat it as it's own issue for now vs amending that here

Sounds good to me

jmorganca · 2021-07-30T02:29:20Z

internal/registry/http.go

@@ -38,3 +49,87 @@ func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request) {
 		[]jose.JSONWebKey{pubKey},
 	})
 }
+
+func (h *Http) loginRedirectMiddleware(next http.Handler) http.Handler {


This middleware is used to avoid "flashes of content" by doing server-side redirects to the /login route based on auth info (instead of client side redirects, which is what most products do, and is very ugly).

internal/registry/static_fs.go

internal/registry/registry.go

helm/charts/infra/templates/NOTES.txt

internal/cmd/cmd.go

jmorganca · 2021-07-30T02:40:22Z

internal/registry/data.go

@@ -429,6 +433,26 @@ func NewToken(db *gorm.DB, userId string, token *Token) (secret string, err erro
 	return
 }

+func ValidateAndGetToken(db *gorm.DB, in string) (*Token, error) {


This is extracted from grpc.go and unmodified so it can be shared with the loginRedirectMiddleware below

Doesn't need to be part of this PR, but we should add some tests for this token validation too at some point

BruceMacD · 2021-07-30T17:30:31Z

nit: Should the UI be under ./internal/registry/ui where it is specifically a UI for the registry? Not a big deal though.

BruceMacD

BruceMacD · 2021-07-30T17:43:14Z

internal/registry/data.go

@@ -429,6 +433,26 @@ func NewToken(db *gorm.DB, userId string, token *Token) (secret string, err erro
 	return
 }

+func ValidateAndGetToken(db *gorm.DB, in string) (*Token, error) {


Doesn't need to be part of this PR, but we should add some tests for this token validation too at some point

BruceMacD · 2021-07-30T18:05:14Z

internal/registry/http.go

@@ -38,3 +49,87 @@ func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request) {
 		[]jose.JSONWebKey{pubKey},
 	})
 }
+
+func (h *Http) loginRedirectMiddleware(next http.Handler) http.Handler {


BruceMacD · 2021-07-30T18:14:09Z

internal/registry/registry.go

+		Expires:  expires,
+		HttpOnly: true,
+		Path:     "/",
+		SameSite: http.SameSiteStrictMode,


Any way we can check if there is a certificate and set the secure flag based on that? Otherwise I think it is better to force it.

BruceMacD · 2021-07-30T18:17:54Z

internal/ui/layouts/Dashboard.tsx

+  ]
+
+    return (
+    <div className="h-screen bg-gray-50 overflow-hidden flex">


Should we split the sidebars and header out to separate components?

I think so, but only if we re-use them elsewhere. Otherwise the thinking is to keep it one (albeit big) Layout component.

BruceMacD · 2021-07-30T18:20:56Z

internal/ui/pages/login.tsx

+  if (process.browser && cookies.login) {
+        router.replace("/")
+        return <></>
+    }


nit: this } isn't correctly aligned 👀

BruceMacD · 2021-07-30T18:22:44Z

internal/ui/pages/signup.tsx

+          </div>
+          <div className="my-2.5">
+            <label htmlFor="password" className="block text-sm font-medium text-gray-700">
+              Password


We should have a confirm password here too and do some client side validation to make sure they match.

BruceMacD · 2021-07-30T18:24:18Z

internal/ui/pages/signup.tsx

+              id="password"
+              name="password"
+              type="password"
+              autoComplete="current-password"


Not sure we want auto-complete here

BruceMacD · 2021-07-30T18:27:38Z

internal/v1/v1.proto

+    rpc CreateUser(CreateUserRequest) returns (User) {
+        option (google.api.http) = {
+            post: "/v1/users"
+            body: "*"


These body fields are wild-carded because we are looking at request params?

Yes, to my knowledge this tells the grpc gateway to map http body params to grpc params

jmorganca added 11 commits July 29, 2021 22:18

wip ui

550411a

add next= parameter for logins

825d632

add user dialog

ffec182

consistent input fields

c164c6c

wip destinations

aff1917

show errors on login & signup pages

c0c1a6c

errors & auth handling

3938c2b

standardize on 2-space indents for the ui, add contributing doc

ab12f88

add http test cases

332d6f7

remove --ui options

ea32b8c

remove multi error details for now

1591556

jmorganca requested a review from BruceMacD July 30, 2021 02:24