Revamp the web application (#977)

This PR revamps Central Dogma's web application.

Main web development stacks:

- Typescript
- React
- Redux Toolkit
- Chakra UI
- Next.js

UX of the legacy UI wasn't good but we didn't have the bandwidth to
start to fix the problems. @rainy789 helped us to complete this mission.
Many works have been done in collaboration with @rainy789. Thanks to her
contribution.

Co-authored-by: rainy789 <[email protected]>
Co-authored-by: Clavianus Juneardo <[email protected]>

Author: 3 people

.gitignore

@@ -132,6 +132,7 @@ typings/
 
 # dotenv environment variables file
 .env
+.env*.local
 
 # next.js build output
 .next

server-mirror-git/src/test/java/com/linecorp/centraldogma/server/internal/mirror/MirroringAndCredentialServiceV1Test.java

@@ -74,6 +74,14 @@ if (project.ext.testJavaVersion >= 16) {
     }
 }
 
+if (!rootProject.hasProperty('noWeb')) {
+    sourceSets {
+        main {
+            output.dir project(':webapp').file('build/javaweb'), builtBy: ':webapp:copyWeb'
+        }
+    }
+}
+
 def clientRelocations = [
         'ace-builds/src-min-noconflict/',
         'angular/angular.min.js',

server/build.gradle

@@ -23,7 +23,6 @@
 import static com.linecorp.centraldogma.internal.api.v1.HttpApiV1Constants.API_V1_PATH_PREFIX;
 import static com.linecorp.centraldogma.internal.api.v1.HttpApiV1Constants.HEALTH_CHECK_PATH;
 import static com.linecorp.centraldogma.internal.api.v1.HttpApiV1Constants.METRICS_PATH;
-import static com.linecorp.centraldogma.server.auth.AuthProvider.BUILTIN_WEB_BASE_PATH;
 import static com.linecorp.centraldogma.server.auth.AuthProvider.LOGIN_API_ROUTES;
 import static com.linecorp.centraldogma.server.auth.AuthProvider.LOGIN_PATH;
 import static com.linecorp.centraldogma.server.auth.AuthProvider.LOGOUT_API_ROUTES;
@@ -126,7 +125,6 @@
 import com.linecorp.centraldogma.server.internal.admin.auth.CsrfTokenAuthorizer;
 import com.linecorp.centraldogma.server.internal.admin.auth.ExpiredSessionDeletingSessionManager;
 import com.linecorp.centraldogma.server.internal.admin.auth.FileBasedSessionManager;
-import com.linecorp.centraldogma.server.internal.admin.auth.OrElseDefaultHttpFileService;
 import com.linecorp.centraldogma.server.internal.admin.auth.SessionTokenAuthorizer;
 import com.linecorp.centraldogma.server.internal.admin.service.DefaultLogoutService;
 import com.linecorp.centraldogma.server.internal.admin.service.RepositoryService;
@@ -870,18 +868,37 @@ public String serviceName(ServiceRequestContext ctx) {
                 sb.service(LOGIN_PATH, authProvider.webLoginService());
                 // Will redirect to /web/auth/logout by default.
                 sb.service(LOGOUT_PATH, authProvider.webLogoutService());
-
-                sb.serviceUnder(BUILTIN_WEB_BASE_PATH, new OrElseDefaultHttpFileService(
-                        FileService.builder(CentralDogma.class.getClassLoader(), "auth-webapp")
-                                   .autoDecompress(true)
-                                   .serveCompressedFiles(true)
-                                   .cacheControl(ServerCacheControl.REVALIDATED)
-                                   .build(),
-                        "/index.html"));
             }
-            sb.serviceUnder("/",
+
+            // Folder names contain path patterns such as `[projectName]` which FileService can't infer from
+            // the request path. Return `index.html` as a fallback so that Next.js client router handles the
+            // path patterns.
+            final HttpService fallbackFileService = HttpFile.of(CentralDogma.class.getClassLoader(),
+                                                                "com/linecorp/centraldogma/webapp/index.html")
+                                                            .asService();
+            sb.serviceUnder("/app", FileService.builder(CentralDogma.class.getClassLoader(),
+                                                        "com/linecorp/centraldogma/webapp/app")
+                                               .cacheControl(ServerCacheControl.REVALIDATED)
+                                               .autoDecompress(true)
+                                               .serveCompressedFiles(true)
+                                               .build().orElse(fallbackFileService));
+
+            // Serve all web resources except for '/app'.
+            sb.route()
+              .pathPrefix("/")
+              .exclude("/app")
+              .build(FileService.builder(CentralDogma.class.getClassLoader(),
+                                         "com/linecorp/centraldogma/webapp")
+                                .cacheControl(ServerCacheControl.REVALIDATED)
+                                .autoDecompress(true)
+                                .serveCompressedFiles(true)
+                                .build());
+
+            sb.serviceUnder("/legacy-web",
                             FileService.builder(CentralDogma.class.getClassLoader(), "webapp")
                                        .cacheControl(ServerCacheControl.REVALIDATED)
+                                       .autoDecompress(true)
+                                       .serveCompressedFiles(true)
                                        .build());
         }
 

server/src/main/java/com/linecorp/centraldogma/server/CentralDogma.java

@@ -25,10 +25,8 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
-import com.linecorp.armeria.common.HttpHeaderNames;
 import com.linecorp.armeria.common.HttpResponse;
 import com.linecorp.armeria.common.HttpStatus;
-import com.linecorp.armeria.common.ResponseHeaders;
 import com.linecorp.armeria.server.HttpService;
 import com.linecorp.armeria.server.HttpServiceWithRoutes;
 import com.linecorp.armeria.server.Route;
@@ -42,13 +40,14 @@ public interface AuthProvider {
      * A login page path for the web console. If a user, who has not logged into the web console yet,
      * opens the web console, the web browser would bring the user to the login page.
      */
-    String LOGIN_PATH = "/link/auth/login";
+    // TODO(ikhoon): Remove the trailing slash once https://github.com/line/armeria/issues/4542 is resolved.
+    String LOGIN_PATH = "/link/auth/login/";
 
     /**
      * A logout page path for the web console. If a user clicks the logout button on the navigation bar,
      * the web browser would bring the user to the logout page.
      */
-    String LOGOUT_PATH = "/link/auth/logout";
+    String LOGOUT_PATH = "/link/auth/logout/";
 
     /**
      * A base path of the built-in web app.
@@ -58,12 +57,12 @@ public interface AuthProvider {
     /**
      * A path which provides a built-in HTML login form to a user.
      */
-    String BUILTIN_WEB_LOGIN_PATH = BUILTIN_WEB_BASE_PATH + "/login";
+    String BUILTIN_WEB_LOGIN_PATH = BUILTIN_WEB_BASE_PATH + "/login/";
 
     /**
      * A path which provides a built-in HTML logout page to a user.
      */
-    String BUILTIN_WEB_LOGOUT_PATH = BUILTIN_WEB_BASE_PATH + "/logout";
+    String BUILTIN_WEB_LOGOUT_PATH = BUILTIN_WEB_BASE_PATH + "/logout/";
 
     /**
      * A set of {@link Route}s which handles a login request. It is necessary only if
@@ -86,10 +85,16 @@ public interface AuthProvider {
      * the browser would bring a user to the built-in web login page served on {@value BUILTIN_WEB_LOGIN_PATH}.
      */
     default HttpService webLoginService() {
-        // Redirect to the default page: /link/auth/login -> /web/auth/login
-        return (ctx, req) -> HttpResponse.of(
-                ResponseHeaders.of(HttpStatus.MOVED_PERMANENTLY, HttpHeaderNames.LOCATION,
-                                   BUILTIN_WEB_LOGIN_PATH));
+        // Redirect to the default page: /link/auth/login -> /web/auth/login/
+        return (ctx, req) -> {
+            String returnTo = ctx.queryParam("return_to");
+            if (returnTo != null) {
+                returnTo += BUILTIN_WEB_LOGIN_PATH;
+            } else {
+                returnTo = BUILTIN_WEB_LOGIN_PATH;
+            }
+            return HttpResponse.ofRedirect(HttpStatus.MOVED_PERMANENTLY, returnTo);
+        };
     }
 
     /**
@@ -98,10 +103,16 @@ default HttpService webLoginService() {
      * {@value BUILTIN_WEB_LOGOUT_PATH}.
      */
     default HttpService webLogoutService() {
-        // Redirect to the default page: /link/auth/logout -> /web/auth/logout
-        return (ctx, req) -> HttpResponse.of(
-                ResponseHeaders.of(HttpStatus.MOVED_PERMANENTLY, HttpHeaderNames.LOCATION,
-                                   BUILTIN_WEB_LOGOUT_PATH));
+        // Redirect to the default page: /link/auth/logout -> /web/auth/logout/
+        return (ctx, req) -> {
+            String returnTo = ctx.queryParam("return_to");
+            if (returnTo != null) {
+                returnTo += BUILTIN_WEB_LOGOUT_PATH;
+            } else {
+                returnTo = BUILTIN_WEB_LOGOUT_PATH;
+            }
+            return HttpResponse.ofRedirect(HttpStatus.MOVED_PERMANENTLY, returnTo);
+        };
     }
 
     /**

server/src/main/java/com/linecorp/centraldogma/server/auth/AuthProvider.java

@@ -16,6 +16,9 @@
 
 package com.linecorp.centraldogma.server.internal.api;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+
 import java.util.List;
 import java.util.concurrent.CompletableFuture;
 
@@ -32,6 +35,7 @@
 import com.linecorp.centraldogma.server.internal.api.auth.RequiresReadPermission;
 import com.linecorp.centraldogma.server.internal.api.auth.RequiresWritePermission;
 import com.linecorp.centraldogma.server.internal.storage.project.ProjectApiManager;
+import com.linecorp.centraldogma.server.metadata.User;
 import com.linecorp.centraldogma.server.mirror.MirrorCredential;
 import com.linecorp.centraldogma.server.storage.project.Project;
 import com.linecorp.centraldogma.server.storage.repository.MetaRepository;
@@ -56,8 +60,18 @@ public CredentialServiceV1(ProjectApiManager projectApiManager, CommandExecutor
      */
     @RequiresReadPermission(repository = Project.REPO_META)
     @Get("/projects/{projectName}/credentials")
-    public CompletableFuture<List<MirrorCredential>> listCredentials(@Param String projectName) {
-        return metaRepo(projectName).credentials();
+    public CompletableFuture<List<MirrorCredential>> listCredentials(User loginUser,
+                                                                     @Param String projectName) {
+        final CompletableFuture<List<MirrorCredential>> future = metaRepo(projectName).credentials();
+        if (loginUser.isAdmin()) {
+            return future;
+        }
+        return future.thenApply(credentials -> {
+            return credentials
+                    .stream()
+                    .map(MirrorCredential::withoutSecret)
+                    .collect(toImmutableList());
+        });
     }
 
     /**
@@ -67,8 +81,13 @@ public CompletableFuture<List<MirrorCredential>> listCredentials(@Param String p
      */
     @RequiresReadPermission(repository = Project.REPO_META)
     @Get("/projects/{projectName}/credentials/{id}")
-    public CompletableFuture<MirrorCredential> getCredentialById(@Param String projectName, @Param String id) {
-        return metaRepo(projectName).credential(id);
+    public CompletableFuture<MirrorCredential> getCredentialById(User loginUser,
+                                                                 @Param String projectName, @Param String id) {
+        final CompletableFuture<MirrorCredential> future = metaRepo(projectName).credential(id);
+        if (loginUser.isAdmin()) {
+            return future;
+        }
+        return future.thenApply(MirrorCredential::withoutSecret);
     }
 
     /**
@@ -86,15 +105,17 @@ public CompletableFuture<PushResultDto> createCredential(@Param String projectNa
     }
 
     /**
-     * PUT /projects/{projectName}/credentials
+     * PUT /projects/{projectName}/credentials/{id}
      *
      * <p>Update the existing credential.
      */
     @RequiresWritePermission(repository = Project.REPO_META)
-    @Put("/projects/{projectName}/credentials")
+    @Put("/projects/{projectName}/credentials/{id}")
     @ConsumesJson
     public CompletableFuture<PushResultDto> updateCredential(@Param String projectName,
+                                                             @Param String id,
                                                              MirrorCredential credential, Author author) {
+        checkArgument(id.equals(credential.id()), "The credential ID (%s) can't be updated", id);
         return createOrUpdate(projectName, credential, author, true);
     }
 

server/src/main/java/com/linecorp/centraldogma/server/internal/api/CredentialServiceV1.java

@@ -16,6 +16,7 @@
 
 package com.linecorp.centraldogma.server.internal.api;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.collect.ImmutableList.toImmutableList;
 
 import java.net.URI;
@@ -106,10 +107,11 @@ public CompletableFuture<PushResultDto> createMirror(@Param String projectName,
      * <p>Update the exising mirror.
      */
     @RequiresWritePermission(repository = Project.REPO_META)
-    @Put("/projects/{projectName}/mirrors")
+    @Put("/projects/{projectName}/mirrors/{id}")
     @ConsumesJson
     public CompletableFuture<PushResultDto> updateMirror(@Param String projectName, MirrorDto mirror,
-                                                         Author author) {
+                                                         @Param String id, Author author) {
+        checkArgument(id.equals(mirror.id()), "The mirror ID (%s) can't be updated", id);
         return createOrUpdate(projectName, mirror, author, true);
     }
 

server/src/main/java/com/linecorp/centraldogma/server/internal/api/MirroringServiceV1.java

@@ -31,6 +31,8 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.google.common.base.MoreObjects.ToStringHelper;
 
+import com.linecorp.centraldogma.server.mirror.MirrorCredential;
+
 public final class AccessTokenMirrorCredential extends AbstractMirrorCredential {
 
     private static final Logger logger = LoggerFactory.getLogger(AccessTokenMirrorCredential.class);
@@ -93,4 +95,9 @@ public boolean equals(Object o) {
     void addProperties(ToStringHelper helper) {
         // Access token must be kept secret.
     }
+
+    @Override
+    public MirrorCredential withoutSecret() {
+        return new AccessTokenMirrorCredential(id(), enabled(), hostnamePatterns(), "****");
+    }
 }

server/src/main/java/com/linecorp/centraldogma/server/internal/mirror/credential/AccessTokenMirrorCredential.java

@@ -25,6 +25,8 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.google.common.base.MoreObjects.ToStringHelper;
 
+import com.linecorp.centraldogma.server.mirror.MirrorCredential;
+
 public final class NoneMirrorCredential extends AbstractMirrorCredential {
 
     @JsonCreator
@@ -40,4 +42,9 @@ public NoneMirrorCredential(@JsonProperty("id") String id,
     void addProperties(ToStringHelper helper) {
         // No properties to add
     }
+
+    @Override
+    public MirrorCredential withoutSecret() {
+        return this;
+    }
 }

server/src/main/java/com/linecorp/centraldogma/server/internal/mirror/credential/NoneMirrorCredential.java

@@ -32,6 +32,8 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.google.common.base.MoreObjects.ToStringHelper;
 
+import com.linecorp.centraldogma.server.mirror.MirrorCredential;
+
 public final class PasswordMirrorCredential extends AbstractMirrorCredential {
 
     private static final Logger logger = LoggerFactory.getLogger(PasswordMirrorCredential.class);
@@ -64,7 +66,7 @@ public String password() {
         } catch (Throwable t) {
             // The password probably has `:` without prefix. Just return it as is for backward compatibility.
             logger.debug("Failed to convert the password of the credential. username: {}, id: {}",
-                         username, id(), t);
+                    username, id(), t);
             return password;
         }
     }
@@ -104,4 +106,9 @@ public boolean equals(Object o) {
     void addProperties(ToStringHelper helper) {
         helper.add("username", username);
     }
+
+    @Override
+    public MirrorCredential withoutSecret() {
+        return new PasswordMirrorCredential(id(), enabled(), hostnamePatterns(), username(), "****");
+    }
 }