fix: add migration description for ytAuthCluster -> allowPasswordAuth […

…#349]
ytsaurus · Mar 17, 2024 · d1a9b2b · d1a9b2b
1 parent 66ccb44
commit d1a9b2b
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 9 deletions.
diff --git a/packages/ui/README.md b/packages/ui/README.md
@@ -10,7 +10,16 @@ Additionally you have to provide `secrets/yt-interface-secret.json` file with [a
 
 ```json
 {
-  "oauthToken": "special-user-secret-token"
+  // common oauth token, the token is used if there is no cluster-specific token in the file
+  "oauthToken": "special-user-secret-tocken",
+  "cluster_id1": {
+    // cluster_id1 specific oauth token
+    "oauthToken": "cluster1-special-user-secret-token"
+  },
+  "cluster_id2": {
+    // cluster_id2 specific oauth token
+    "oauthToken": "cluster2-special-user-secret-token"
+  }
 }
 ```
 
@@ -43,9 +52,20 @@ Another way is to provide `clusters-config.json` and run the command like:
 $ npm run dev:app
 ```
 
+### Docker
+
+There is ability to build docker-image:
+
+```
+$ docker build . -t ytsaurus-ui:my-tag
+```
+
+All application files in a resulting docker-image will be placed in /opt/app, so you have to mount `/opt/app/cluster-config.json` and `/opt/app/secrets/yt-interface-secret.json`.
+
 ### Environment variables
 
 - `YT_AUTH_ALLOW_INSECURE` - if defined allows insecure (over http) authentication, do not use it for production
+- `ALLOW_PASSWORD_AUTH` - If defined, the app requires a password for cluster access
 
 ### Feature flags
 
@@ -74,12 +94,9 @@ Available flags (**default values** are highlighted in bold):
 
 By default the application uses base configuration from `path_to_dist/server/configs/common.js` file. The behavior might be adjusted through `APP_ENV` and `APP_INSTALLATION` environment variables, see [README.config.md](./docs/configuration.md) for more details.
 
-### Docker
-
-There is ability to build docker-image:
+### Migration
 
-```
-$ docker build . -t ytsaurus-ui:my-tag
-```
+#### v1.17.0
 
-All application files in a resulting docker-image will be placed in /opt/app, so you have to mount `/opt/app/cluster-config.json` and `/opt/app/secrets/yt-interface-secret.json`.
+- [`YT_AUTH_CLUSTER_ID`](https://github.com/ytsaurus/ytsaurus-ui/blob/ui-v1.16.1/packages/ui/README.md#environment-variables) environment variable has been replaced by [`ALLOW_PASSWORD_AUTH`](https://github.com/ytsaurus/ytsaurus-ui/blob/main/packages/ui/README.md#environment-variables).
+- [`config.ytAuthCluster`](https://github.com/ytsaurus/ytsaurus-ui/blob/ui-v1.16.1/packages/ui/src/%40types/core.d.ts#L75) option has been replaced by [`config.allowPasswordAuth`](https://github.com/ytsaurus/ytsaurus-ui/blob/ui-v1.17.0/packages/ui/src/%40types/core.d.ts#L16).
diff --git a/packages/ui/src/server/index.ts b/packages/ui/src/server/index.ts
@@ -1,5 +1,4 @@
 import path from 'path';
-import _reduce from 'lodash/reduce';
 import {NodeKit} from '@gravity-ui/nodekit';
 import {ExpressKit} from '@gravity-ui/expresskit';
 
@@ -10,6 +9,7 @@ import routes from './routes';
 import {createOAuthAuthorizationResolver} from './middlewares/oauth';
 import {createAuthMiddleware} from './middlewares/authorization';
 import {authorizationResolver} from './utils/authorization';
+import {createConfigurationErrorsMidleware} from './middlewares/check-configuration';
 
 const nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});
 
@@ -44,6 +44,11 @@ if (authMiddlewares.length) {
 
 nodekit.config.adjustAppConfig?.(nodekit);
 
+const configurationErrors = createConfigurationErrorsMidleware(nodekit.config);
+if (configurationErrors) {
+    nodekit.config.appBeforeAuthMiddleware = [configurationErrors];
+}
+
 const app = new ExpressKit(nodekit, routes);
 configureApp(app);
 

diff --git a/packages/ui/src/server/middlewares/check-configuration.ts b/packages/ui/src/server/middlewares/check-configuration.ts
@@ -0,0 +1,35 @@
+import type {Request, Response} from 'express';
+import {AppMiddleware} from '@gravity-ui/expresskit';
+import {AppConfig} from '@gravity-ui/nodekit';
+
+function checkConfigurationMiddleware(errors: Array<string>): AppMiddleware {
+    return function checkConfiguration(_req: Request, res: Response) {
+        res.setHeader('Content-Type', 'text/html; charset=utf-8');
+        const body = `Please fix the problems below:<br>
+            <ol>
+                ${errors.map((i) => `<li>${i}</li>`).join('\n')}
+            </ol>
+            Please refer to the <a target='_blank' href='https://github.com/ytsaurus/ytsaurus-ui/tree/main/packages/ui#migration'>migration notices<a/> for more details.
+        `;
+        res.status(500).end(body);
+    };
+}
+
+export function createConfigurationErrorsMidleware(config: AppConfig) {
+    const configurationErrors: Array<string> = [];
+    if (process.env.YT_AUTH_CLUSTER_ID) {
+        configurationErrors.push(
+            'The YT_AUTH_CLUSTER_ID environment variable is no longer supported, please replace it with ALLOW_PASSWORD_AUTH',
+        );
+    }
+
+    if ('ytAuthCluster' in config) {
+        configurationErrors.push(
+            'The config setting `config.ytAuthCluster` is no longer supported, please replace it with `config.allowPasswordAuth` or use ALLOW_PASSWORD_AUTH environment variable',
+        );
+    }
+
+    return configurationErrors.length > 0
+        ? checkConfigurationMiddleware([...configurationErrors])
+        : undefined;
+}