Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RK-20569 - CORS rework for Dynatrace apps #387

Closed
wants to merge 6 commits into from
Closed

RK-20569 - CORS rework for Dynatrace apps #387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ac28c5a
Better regex
ron-rookout Jun 5, 2024
ae3f3c0
Moved CORS middleware to its own file
ron-rookout Jun 6, 2024
1239803
Added cache + small refactor
ron-rookout Jun 27, 2024
ded595e
Bump version
ron-rookout Jun 27, 2024
f57614c
Add debug option to skip dt verification
ron-rookout Jun 30, 2024
8f162ed
Formatting
ron-rookout Jul 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "explorook",
"version": "1.16.5",
"version": "1.16.6",
"description": "Rookout's site addon to support local files and folders",
"main": "dist/index.js",
"scripts": {
Expand Down
57 changes: 57 additions & 0 deletions src/cors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
import * as cors from "cors";
import fetch from "node-fetch";
import { getStoreSafe } from "./explorook-store";


const LOCALHOST_ORIGIN = "https://localhost:8080";
const ROOKOUT_ORIGIN_REGEX = /^https:\/\/.*\.rookout(?:-dev)?\.com$/;
const DYNATRACE_ORIGIN_REGEX = /^https:\/\/.*\.dynatrace(?:labs)?\.com$/;

const ALLOW_CORS_OPTION: cors.CorsOptions = {origin: true};
const DENY_CORS_OPTION: cors.CorsOptions = {origin: false};


const verifiedOriginsCache = new Set([LOCALHOST_ORIGIN]);

const store = getStoreSafe();

const corsOptionsDelegate = async (req: cors.CorsRequest, callback: (err: Error | null, options?: cors.CorsOptions) => void) => {
try {
const shouldSkipDtVerification = store.get("skipDtVerification", false);
const origin = req.headers.origin;
if (verifiedOriginsCache.has(origin) || ROOKOUT_ORIGIN_REGEX.test(origin)) {
callback(null, ALLOW_CORS_OPTION);
return;
}

if (!DYNATRACE_ORIGIN_REGEX.test(origin)) {
callback(null, DENY_CORS_OPTION);
return;
}


if (shouldSkipDtVerification) {
callback(null, ALLOW_CORS_OPTION);
return;
}


const response = await fetch(`${origin}/platform-reserved/dob/isapprefallowed?appOrigin=${origin}`);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add an env variable to skip the HTTP check
@ElDuderinos

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, let's cache the result for a while :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The results are cached (if successful), take a look at line 37.
I didn't want to cache failed results because it might be because of a network issue or timeout or something so I didn't want to prevent it from retrying.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LiranLast @ElDuderinos As a packaged Electron app can't read system env variables during runtime, I added an option in the debug menu (when you right click the X) to toggle skipping verification. Should I change the text to something more clear?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ron-rookout It may be possible to read env using a package, I remember running into it while patching lang servers

Believe it is called electron-env

Also note this problem mainly occurs in macOs if I recall correctly

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Urook I didn't find this one specifically, I have searched for other ways and couldn't find any either

ron-rookout marked this conversation as resolved.
Show resolved Hide resolved

if (!response.ok) {
callback(null, DENY_CORS_OPTION);
return;
}

verifiedOriginsCache.add(origin);
callback(null, ALLOW_CORS_OPTION);
} catch (err) {
callback(err, DENY_CORS_OPTION);
}
};


export const getCorsMiddleware = () => {
return cors(corsOptionsDelegate);
};

15 changes: 2 additions & 13 deletions src/server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ import { makeExecutableSchema } from "@graphql-tools/schema";
import { ApolloServerPluginLandingPageDisabled } from "apollo-server-core";
import { ApolloServer } from "apollo-server-express";
import * as bodyParser from "body-parser";
import * as cors from "cors";
import * as express from "express";
import { readFileSync } from "fs";
import { applyMiddleware } from "graphql-middleware";
import * as http from "http";
import { join } from "path";
import { resolvers } from "./api";
import {getCorsMiddleware} from "./cors";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
import {getCorsMiddleware} from "./cors";
import { getCorsMiddleware } from "./cors";

import { notify } from "./exceptionManager";
import {
filterDirTraversal,
Expand All @@ -32,17 +32,6 @@ const defaultOptions: StartOptions = {
port: 44512
};

const corsDomainWhitelist = [
/^https:\/\/.*\.rookout\.com$/,
/^https:\/\/.*\.rookout-dev\.com$/,
/^https:\/\/.*\.dynatracelabs\.com$/,
/^https:\/\/.*\.dynatrace\.com$/,
"https://localhost:8080"
];

const corsOptions = {
origin: corsDomainWhitelist
};

export const start = async (options: StartOptions) => {
const settings = { ...options, ...defaultOptions };
Expand Down Expand Up @@ -71,7 +60,7 @@ export const start = async (options: StartOptions) => {
cache: "bounded"
});

app.use(cors(corsOptions));
app.use(getCorsMiddleware());
app.use(bodyParser.json());

await apolloServer.start();
Expand Down
8 changes: 8 additions & 0 deletions src/webapp/src/components/Header.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ export const Header = () => {

const store = new Store({ name: "explorook" });
const isLogLevelDebug = store.get("logLevel", "debug") === "debug";
const shouldSkipDtVerification = store.get("skipDtVerification", false);

const setLogLever = isDebug => {
ipcRenderer.sendTo(window.indexWorkerId, "set-log-level", isDebug ? "debug" : "error")
setOpen(false);
Expand All @@ -34,6 +36,11 @@ export const Header = () => {
setOpen(false);
}

const toggleShouldSkipDtVerification = () => {
store.set('skipDtVerification', !shouldSkipDtVerification);
setOpen(false);
}

return (
<div>
<div id="close-window-wrapper" onContextMenu={onCloseRightClick}>
Expand All @@ -43,6 +50,7 @@ export const Header = () => {
<MenuItem key="debug" onClick={startDebug}>Debug</MenuItem>
<MenuItem key="log-level" onClick={() => setLogLever(!isLogLevelDebug)}>{isLogLevelDebug ? "Error Logs" : "Debug Logs"}</MenuItem>
<MenuItem key="remove-all-repos" onClick={clearAllRepos}>Clear data</MenuItem>
<MenuItem key="toggle-skip-verification" onClick={toggleShouldSkipDtVerification}>{shouldSkipDtVerification ? 'Enable' : 'Skip'} Verification {!shouldSkipDtVerification && '(Unsafe)'}</MenuItem>
<MenuItem key="close" onClick={() => setOpen(false)}>Close</MenuItem>
</Menu>
</div>
Expand Down
Loading