wip

Author: geropl

components/BUILD.yaml

@@ -268,7 +268,7 @@ scripts:
         echo "No input."
       else
         echo "User: $user"
-        query="update d_b_user set rolesOrPermissions = '[\"admin\"]', fgaRelationshipsVersion=0 where name=\"$user\";"
+        query="update d_b_user set rolesOrPermissions = '[\"admin\", \"admin-permissions\"]', fgaRelationshipsVersion=0 where name=\"$user\";"
         mysql -e "$query" -u$DB_USERNAME -p$DB_PASSWORD -h 127.0.0.1 gitpod
       fi
       kill $PID || true

components/dashboard/craco.config.js

@@ -49,6 +49,13 @@ module.exports = {
                     Buffer: ["buffer", "Buffer"],
                 }),
             ],
+            output: !!process.env.STATIC_MAIN
+                ? {
+                      filename: (pathData) => {
+                          return pathData.chunk.name === "main" ? "static/js/main.js" : undefined;
+                      },
+                  }
+                : undefined,
         },
     },
     devServer: {

components/dashboard/package.json

@@ -94,8 +94,8 @@
     "web-vitals": "^1.1.1"
   },
   "scripts": {
-    "start": "BROWSER=none HMR_HOST=`gp url 3001` craco start",
-    "start-local": "BROWSER=none HMR_HOST=`gp url 3000` craco start",
+    "start": "BROWSER=none HMR_HOST=`gp url 3001` env",
+    "start-local": "export BROWSER=none; export HMR_HOST=`gp url 3000`; export STATIC_MAIN=true; craco start",
     "build": "craco build --verbose",
     "lint": "eslint --max-warnings=0 --ext=.jsx,.js,.tsx,.ts ./src",
     "test": "yarn test:unit",

components/proxy/conf/Caddyfile

@@ -376,7 +376,9 @@ https://{$GITPOD_DOMAIN} {
 				header_up -Upgrade
 			}
 			# Then handle it with our plugin!
-			gitpod.frontend_dev
+			gitpod.frontend_dev {
+				upstream http://dashboard.{$KUBE_NAMESPACE}.{$KUBE_DOMAIN}:3001
+			}
 		}
 
 		reverse_proxy dashboard.{$KUBE_NAMESPACE}.{$KUBE_DOMAIN}:3001 {

components/proxy/plugins/frontend_dev/frontend_dev.go

@@ -2,14 +2,17 @@
 // Licensed under the GNU Affero General Public License (AGPL).
 // See License.AGPL.txt in the project root for license information.
 
-package workspacedownload
+package frontend_dev
 
 import (
+	"bytes"
 	"fmt"
+	"io"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"os"
+	"regexp"
 	"strings"
 
 	"github.com/caddyserver/caddy/v2"
@@ -25,24 +28,26 @@ const (
 )
 
 func init() {
-	caddy.RegisterModule(Config{})
+	caddy.RegisterModule(FrontendDev{})
 	httpcaddyfile.RegisterHandlerDirective(frontendDevModule, parseCaddyfile)
 }
 
-// Config implements an HTTP handler that extracts gitpod headers
-type Config struct {
+// FrontendDev implements an HTTP handler that extracts gitpod headers
+type FrontendDev struct {
+	Upstream    string `json:"upstream,omitempty"`
+	UpstreamUrl *url.URL
 }
 
 // CaddyModule returns the Caddy module information.
-func (Config) CaddyModule() caddy.ModuleInfo {
+func (FrontendDev) CaddyModule() caddy.ModuleInfo {
 	return caddy.ModuleInfo{
 		ID:  "http.handlers.frontend_dev",
-		New: func() caddy.Module { return new(Config) },
+		New: func() caddy.Module { return new(FrontendDev) },
 	}
 }
 
 // ServeHTTP implements caddyhttp.MiddlewareHandler.
-func (m Config) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
+func (m FrontendDev) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
 	enabled := os.Getenv(frontendDevEnabledEnvVarName)
 	if enabled != "true" {
 		caddy.Log().Sugar().Debugf("Dev URL header present but disabled")
@@ -60,29 +65,107 @@ func (m Config) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp
 		return caddyhttp.Error(http.StatusInternalServerError, fmt.Errorf("unexpected error forwarding to dev URL"))
 	}
 
-	targetQuery := devURL.RawQuery
+	// targetQuery := devURL.RawQuery
+	// director := func(req *http.Request) {
+	// 	req.URL.Scheme = devURL.Scheme
+	// 	req.URL.Host = devURL.Host
+	// 	req.Host = devURL.Host // override host header so target proxy can handle this request properly
+
+	// 	req.URL.Path, req.URL.RawPath = joinURLPath(devURL, req.URL)
+	// 	if targetQuery == "" || req.URL.RawQuery == "" {
+	// 		req.URL.RawQuery = targetQuery + req.URL.RawQuery
+	// 	} else {
+	// 		req.URL.RawQuery = targetQuery + "&" + req.URL.RawQuery
+	// 	}
+	// 	if _, ok := req.Header["User-Agent"]; !ok {
+	// 		// explicitly disable User-Agent so it's not set to default value
+	// 		req.Header.Set("User-Agent", "")
+	// 	}
+	// }
+
 	director := func(req *http.Request) {
-		req.URL.Scheme = devURL.Scheme
-		req.URL.Host = devURL.Host
-		req.Host = devURL.Host // override host header so target proxy can handle this request properly
-
-		req.URL.Path, req.URL.RawPath = joinURLPath(devURL, req.URL)
-		if targetQuery == "" || req.URL.RawQuery == "" {
-			req.URL.RawQuery = targetQuery + req.URL.RawQuery
-		} else {
-			req.URL.RawQuery = targetQuery + "&" + req.URL.RawQuery
-		}
+		req.URL.Scheme = m.UpstreamUrl.Scheme
+		req.URL.Host = m.UpstreamUrl.Host
+		req.Host = m.UpstreamUrl.Host
 		if _, ok := req.Header["User-Agent"]; !ok {
 			// explicitly disable User-Agent so it's not set to default value
 			req.Header.Set("User-Agent", "")
 		}
+		req.Header.Set("Accept-Encoding", "") // we can't handle other than plain text
+		caddy.Log().Sugar().Infof("director request (mod): %v", req.URL.String())
 	}
-	proxy := httputil.ReverseProxy{Director: director}
+	proxy := httputil.ReverseProxy{Director: director, Transport: &RedirectingTransport{baseUrl: devURL}}
 	proxy.ServeHTTP(w, r)
 
 	return nil
 }
 
+type RedirectingTransport struct {
+	baseUrl *url.URL
+}
+
+func (rt *RedirectingTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	caddy.Log().Sugar().Infof("issuing upstream request: %s", req.URL.Path)
+	resp, err := http.DefaultTransport.RoundTrip(req)
+	if err != nil {
+		return nil, err
+	}
+	caddy.Log().Sugar().Infof("RESPONSE: %v", resp)
+
+	// gpl: Do we have better means to avoid checking the body?
+	if resp.StatusCode < 300 && strings.HasPrefix(resp.Header.Get("Content-type"), "text/html") {
+		caddy.Log().Sugar().Infof("trying to match request: %s", req.URL.Path)
+		modifiedResp := MatchAndRewriteRootRequest(resp, rt.baseUrl)
+		if modifiedResp != nil {
+			return modifiedResp, nil
+		}
+	}
+	caddy.Log().Sugar().Infof("forwarding upstream response: %s", req.URL.Path)
+
+	return resp, nil
+}
+
+func MatchAndRewriteRootRequest(or *http.Response, baseUrl *url.URL) *http.Response {
+	// match index.html?
+	prefix := []byte("<!doctype html>")
+	var buf bytes.Buffer
+	bodyReader := io.TeeReader(or.Body, &buf)
+	prefixBuf := make([]byte, len(prefix))
+	_, err := io.ReadAtLeast(bodyReader, prefixBuf, len(prefix))
+	if err != nil {
+		caddy.Log().Sugar().Warnf("prefix match: can't read response body: %w", err)
+		return nil
+	}
+	if !bytes.Equal(prefix, prefixBuf) {
+		caddy.Log().Sugar().Infof("prefix mismatch: %s", string(prefixBuf))
+		return nil
+	}
+
+	caddy.Log().Sugar().Infof("match index.html")
+	_, err = io.Copy(&buf, or.Body)
+	if err != nil {
+		caddy.Log().Sugar().Errorf("unable to copy response body: %w, path: %s", err, or.Request.URL.Path)
+		return nil
+	}
+	fullBody := buf.String()
+
+	mainJs := regexp.MustCompile(`"[^"]+?main\.[0-9a-z]+\.js"`)
+	fullBody = mainJs.ReplaceAllStringFunc(fullBody, func(s string) string {
+		return fmt.Sprintf(`"%s/static/js/main.js"`, baseUrl.String())
+	})
+
+	mainCss := regexp.MustCompile(`<link[^>]+?rel="stylesheet">`)
+	fullBody = mainCss.ReplaceAllString(fullBody, "")
+
+	hrefs := regexp.MustCompile(`href="/`)
+	fullBody = hrefs.ReplaceAllString(fullBody, fmt.Sprintf(`href="%s/`, baseUrl.String()))
+
+	or.Body = io.NopCloser(strings.NewReader(fullBody))
+	or.Header.Set("Content-Length", fmt.Sprintf("%d", len(fullBody)))
+	or.Header.Set("Etag", "")
+	return or
+}
+
 func joinURLPath(a, b *url.URL) (path, rawpath string) {
 	if a.RawPath == "" && b.RawPath == "" {
 		return singleJoiningSlash(a.Path, b.Path), ""
@@ -117,13 +200,43 @@ func singleJoiningSlash(a, b string) string {
 }
 
 // UnmarshalCaddyfile implements Caddyfile.Unmarshaler.
-func (m *Config) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
+func (m *FrontendDev) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
+	if !d.Next() {
+		return d.Err("expected token following filter")
+	}
+
+	for d.NextBlock(0) {
+		key := d.Val()
+		var value string
+		d.Args(&value)
+		if d.NextArg() {
+			return d.ArgErr()
+		}
+
+		switch key {
+		case "upstream":
+			m.Upstream = value
+
+		default:
+			return d.Errf("unrecognized subdirective '%s'", value)
+		}
+	}
+
+	if m.Upstream == "" {
+		return fmt.Errorf("frontend_dev: 'upstream' config field may not be empty")
+	}
+
+	upstreamURL, err := url.Parse(m.Upstream)
+	if err != nil {
+		return fmt.Errorf("frontend_dev: 'upstream' is not a valid URL: %w", err)
+	}
+	m.UpstreamUrl = upstreamURL
 
 	return nil
 }
 
 func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) {
-	m := new(Config)
+	m := new(FrontendDev)
 	err := m.UnmarshalCaddyfile(h.Dispenser)
 	if err != nil {
 		return nil, err
@@ -134,6 +247,6 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error)
 
 // Interface guards
 var (
-	_ caddyhttp.MiddlewareHandler = (*Config)(nil)
-	_ caddyfile.Unmarshaler       = (*Config)(nil)
+	_ caddyhttp.MiddlewareHandler = (*FrontendDev)(nil)
+	_ caddyfile.Unmarshaler       = (*FrontendDev)(nil)
 )

components/proxy/plugins/frontend_dev/frontend_dev_test.go

@@ -0,0 +1,99 @@
+// Copyright (c) 2023 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License.AGPL.txt in the project root for license information.
+
+package frontend_dev
+
+import (
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"testing"
+)
+
+const index_html = `<!doctype html>
+<html lang="en">
+
+<head>
+<meta charset="utf-8" />
+<link rel="icon" href="/favicon256.png" />
+<meta name="viewport" content="width=device-width,initial-scale=1" />
+<meta name="theme-color" content="#000000" />
+<meta name="robots" content="noindex">
+<meta name="Gitpod" content="Always Ready-to-Code" />
+<link rel="apple-touch-icon" href="/favicon192.png" />
+<link rel="manifest" href="/manifest.json" />
+<title>Dashboard</title>
+<script defer="defer" src="/static/js/main.b009793d.js"></script>
+<link href="/static/css/main.32e61b25.css" rel="stylesheet">
+</head>
+
+<body><noscript>You need to enable JavaScript to run this app.</noscript>
+<div id="root"></div>
+</body>
+
+</html>`
+
+func Test_MatchAndRewriteRootRequest(t *testing.T) {
+
+	type Test struct {
+		name         string
+		response     *http.Response
+		newBaseUrl   string
+		expectedBody string
+	}
+	tests := []Test{
+		{
+			name: "should match and rewrite root request",
+			response: &http.Response{
+				StatusCode: 200,
+				Header: http.Header{
+					"Content-Type": []string{"text/html"},
+				},
+				Body: ioutil.NopCloser(strings.NewReader(index_html)),
+			},
+			newBaseUrl: "https://3000-gitpodio-gitpod-hk3453q4csi.ws-eu108.gitpod.io",
+			expectedBody: `<!doctype html>
+<html lang="en">
+
+<head>
+<meta charset="utf-8" />
+<link rel="icon" href="https://3000-gitpodio-gitpod-hk3453q4csi.ws-eu108.gitpod.io/favicon256.png" />
+<meta name="viewport" content="width=device-width,initial-scale=1" />
+<meta name="theme-color" content="#000000" />
+<meta name="robots" content="noindex">
+<meta name="Gitpod" content="Always Ready-to-Code" />
+<link rel="apple-touch-icon" href="https://3000-gitpodio-gitpod-hk3453q4csi.ws-eu108.gitpod.io/favicon192.png" />
+<link rel="manifest" href="https://3000-gitpodio-gitpod-hk3453q4csi.ws-eu108.gitpod.io/manifest.json" />
+<title>Dashboard</title>
+<script defer="defer" src="https://3000-gitpodio-gitpod-hk3453q4csi.ws-eu108.gitpod.io/static/js/main.js"></script>
+
+</head>
+
+<body><noscript>You need to enable JavaScript to run this app.</noscript>
+<div id="root"></div>
+</body>
+
+</html>`,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			newBase, err := url.Parse(test.newBaseUrl)
+			if err != nil {
+				t.Errorf("error parsing new base url: %v", err)
+			}
+			actual := MatchAndRewriteRootRequest(test.response, newBase)
+			actualBodyBytes, err := ioutil.ReadAll(actual.Body)
+			if err != nil {
+				t.Errorf("error reading response body: %v", err)
+			}
+			actualBody := string(actualBodyBytes)
+			if strings.Compare(actualBody, test.expectedBody) != 0 {
+				t.Errorf("got %v, want %v", actualBody, test.expectedBody)
+			}
+		})
+	}
+}

components/proxy/plugins/frontend_dev/go.mod

@@ -1,4 +1,4 @@
-module github.com/gitpod-io/gitpod/proxy/plugins/workspacedownload
+module github.com/gitpod-io/gitpod/proxy/plugins/frontend_dev
 
 go 1.21