get feature flags innit

weaveworks · Feb 22, 2022 · 8e53187 · 8e53187
1 parent ef05352
commit 8e53187
Show file tree

Hide file tree

Showing 11 changed files with 267 additions and 241 deletions.
diff --git a/api/applications/applications.proto b/api/applications/applications.proto
@@ -177,9 +177,9 @@ service Applications {
     /**
     * Config returns configuration information about the server
     */
-    rpc GetConfig(GetConfigRequest) returns (GetConfigResponse) {
+    rpc GetFeatureFlags(GetFeatureFlagsRequest) returns (GetFeatureFlagsResponse) {
         option (google.api.http) = {
-            get : "/v1/config"
+            get : "/v1/featureflags"
         };
     }
 
@@ -441,8 +441,8 @@ message ValidateProviderTokenResponse {
     bool valid = 1;
 }
 
-message GetConfigRequest {}
+message GetFeatureFlagsRequest {}
 
-message GetConfigResponse {
+message GetFeatureFlagsResponse {
     map<string, string> flags = 1;
 }
diff --git a/api/applications/applications.swagger.json b/api/applications/applications.swagger.json
@@ -571,15 +571,15 @@
         ]
       }
     },
-    "/v1/config": {
+    "/v1/featureflags": {
       "get": {
         "summary": "Config returns configuration information about the server",
-        "operationId": "Applications_GetConfig",
+        "operationId": "Applications_GetFeatureFlags",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1GetConfigResponse"
+              "$ref": "#/definitions/v1GetFeatureFlagsResponse"
             }
           },
           "default": {
@@ -815,7 +815,7 @@
         }
       }
     },
-    "v1GetConfigResponse": {
+    "v1GetFeatureFlagsResponse": {
       "type": "object",
       "properties": {
         "flags": {

diff --git a/pkg/api/applications/applications.pb.go b/pkg/api/applications/applications.pb.go
diff --git a/pkg/api/applications/applications.pb.gw.go b/pkg/api/applications/applications.pb.gw.go
diff --git a/pkg/api/applications/applications_grpc.pb.go b/pkg/api/applications/applications_grpc.pb.go
diff --git a/pkg/server/auth/auth.go b/pkg/server/auth/auth.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"net/http"
+	"net/url"
 )
 
 const (
@@ -62,7 +63,7 @@ func WithPrincipal(ctx context.Context, p *UserPrincipal) context.Context {
 // WithAPIAuth middleware adds auth validation to API handlers.
 //
 // Unauthorized requests will be denied with a 401 status code.
-func WithAPIAuth(next http.Handler, srv *AuthServer) http.Handler {
+func WithAPIAuth(next http.Handler, srv *AuthServer, publicRoutes []string) http.Handler {
 	adminAuth := NewJWTAdminCookiePrincipalGetter(srv.logger, srv.tokenSignerVerifier, IDTokenCookieName)
 	cookieAuth := NewJWTCookiePrincipalGetter(srv.logger,
 		srv.verifier(), IDTokenCookieName)
@@ -72,6 +73,11 @@ func WithAPIAuth(next http.Handler, srv *AuthServer) http.Handler {
 		cookieAuth, headerAuth}
 
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		if isPublicRoute(r.URL, publicRoutes) {
+			next.ServeHTTP(rw, r)
+			return
+		}
+
 		principal, err := multi.Principal(r)
 		if err != nil {
 			srv.logger.Error(err, "failed to get principal")
@@ -125,3 +131,12 @@ func generateNonce() (string, error) {
 
 	return base64.StdEncoding.EncodeToString(b), nil
 }
+
+func isPublicRoute(u *url.URL, publicRoutes []string) bool {
+	for _, pr := range publicRoutes {
+		if u.Path == pr {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/server/auth/auth_test.go b/pkg/server/auth/auth_test.go
@@ -62,11 +62,20 @@ func TestWithAPIAuthReturns401ForUnauthenticatedRequests(t *testing.T) {
 
 	res := httptest.NewRecorder()
 	req := httptest.NewRequest(http.MethodGet, s.URL, nil)
-	auth.WithAPIAuth(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {}), srv).ServeHTTP(res, req)
+	auth.WithAPIAuth(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {}), srv, nil).ServeHTTP(res, req)
 
 	if res.Result().StatusCode != http.StatusUnauthorized {
 		t.Errorf("expected status of %d but got %d", http.StatusUnauthorized, res.Result().StatusCode)
 	}
+
+	// Test out the publicRoutes
+	res = httptest.NewRecorder()
+	req = httptest.NewRequest(http.MethodGet, s.URL+"/v1/featureflags", nil)
+	auth.WithAPIAuth(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {}), srv, []string{"/v1/featureflags"}).ServeHTTP(res, req)
+
+	if res.Result().StatusCode != http.StatusOK {
+		t.Errorf("expected status of %d but got %d", http.StatusUnauthorized, res.Result().StatusCode)
+	}
 }
 
 func TestWithWebAuthRedirectsToOIDCIssuerForUnauthenticatedRequests(t *testing.T) {

diff --git a/pkg/server/auth/server.go b/pkg/server/auth/server.go
@@ -317,7 +317,6 @@ func (s *AuthServer) UserInfo() http.HandlerFunc {
 	}
 }
 
-
 // func (s *AuthServer) GetAuthConfig() (string) {
 // 	authFlag := os.Getenv("WEAVE_GITOPS_AUTH_ENABLED")
 // 	return authFlag

diff --git a/pkg/server/handler.go b/pkg/server/handler.go
@@ -35,7 +35,7 @@ func NewHandlers(ctx context.Context, cfg *Config) (http.Handler, error) {
 	httpHandler = middleware.WithProviderToken(cfg.AppConfig.JwtClient, httpHandler, cfg.AppConfig.Logger)
 
 	if AuthEnabled() {
-		httpHandler = auth.WithAPIAuth(httpHandler, cfg.AuthServer)
+		httpHandler = auth.WithAPIAuth(httpHandler, cfg.AuthServer, []string{"/v1/featureflags"})
 	}
 
 	appsSrv := NewApplicationsServer(cfg.AppConfig, cfg.AppOptions...)

diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -718,8 +718,8 @@ func (s *applicationServer) ValidateProviderToken(ctx context.Context, msg *pb.V
 	}, nil
 }
 
-func (s *applicationServer) GetConfig(ctx context.Context, msg *pb.GetConfigRequest) (*pb.GetConfigResponse, error) {
-	return &pb.GetConfigResponse{
+func (s *applicationServer) GetFeatureFlags(ctx context.Context, msg *pb.GetFeatureFlagsRequest) (*pb.GetFeatureFlagsResponse, error) {
+	return &pb.GetFeatureFlagsResponse{
 		Flags: map[string]string{
 			"WEAVE_GITOPS_AUTH_ENABLED": os.Getenv("WEAVE_GITOPS_AUTH_ENABLED"),
 		},

diff --git a/ui/lib/api/applications/applications.pb.ts b/ui/lib/api/applications/applications.pb.ts
@@ -264,10 +264,10 @@ export type ValidateProviderTokenResponse = {
   valid?: boolean
 }
 
-export type GetConfigRequest = {
+export type GetFeatureFlagsRequest = {
 }
 
-export type GetConfigResponse = {
+export type GetFeatureFlagsResponse = {
   flags?: {[key: string]: string}
 }
 
@@ -317,7 +317,7 @@ export class Applications {
   static ValidateProviderToken(req: ValidateProviderTokenRequest, initReq?: fm.InitReq): Promise<ValidateProviderTokenResponse> {
     return fm.fetchReq<ValidateProviderTokenRequest, ValidateProviderTokenResponse>(`/v1/applications/validate_token`, {...initReq, method: "POST", body: JSON.stringify(req)})
   }
-  static GetConfig(req: GetConfigRequest, initReq?: fm.InitReq): Promise<GetConfigResponse> {
-    return fm.fetchReq<GetConfigRequest, GetConfigResponse>(`/v1/config?${fm.renderURLSearchParams(req, [])}`, {...initReq, method: "GET"})
+  static GetFeatureFlags(req: GetFeatureFlagsRequest, initReq?: fm.InitReq): Promise<GetFeatureFlagsResponse> {
+    return fm.fetchReq<GetFeatureFlagsRequest, GetFeatureFlagsResponse>(`/v1/featureflags?${fm.renderURLSearchParams(req, [])}`, {...initReq, method: "GET"})
   }
 }