Move https server into injectable

Signed-off-by: Sebastian Malton <sebastian@malton.name>

packages/core/src/main/lens-proxy/handle-route-request.injectable.ts

@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import type { ServerResponse } from "http";
+import { apiKubePrefix } from "../../common/vars";
+import contentSecurityPolicyInjectable from "../../common/vars/content-security-policy.injectable";
+import kubeAuthProxyServerInjectable from "../cluster/kube-auth-proxy-server.injectable";
+import routeRequestInjectable from "../router/route-request.injectable";
+import getClusterForRequestInjectable from "./get-cluster-for-request.injectable";
+import { isLongRunningRequest } from "./is-long-running-request";
+import type { ProxyIncomingMessage } from "./messages";
+import proxyInjectable from "./proxy.injectable";
+
+export type HandleRouteRequest = (req: ProxyIncomingMessage, res: ServerResponse) => Promise<void>;
+
+const handleRouteRequestInjectable = getInjectable({
+  id: "handle-route-request",
+  instantiate: (di): HandleRouteRequest => {
+    const getClusterForRequest = di.inject(getClusterForRequestInjectable);
+    const routeRequest = di.inject(routeRequestInjectable);
+    const proxy = di.inject(proxyInjectable);
+    const contentSecurityPolicy = di.inject(contentSecurityPolicyInjectable);
+
+    return async (req, res) => {
+      const cluster = getClusterForRequest(req);
+
+      if (cluster && req.url.startsWith(apiKubePrefix)) {
+        delete req.headers.authorization;
+        req.url = req.url.replace(apiKubePrefix, "");
+
+        const kubeAuthProxyServer = di.inject(kubeAuthProxyServerInjectable, cluster);
+        const proxyTarget = await kubeAuthProxyServer.getApiTarget(isLongRunningRequest(req.url));
+
+        if (proxyTarget) {
+          return proxy.web(req, res, proxyTarget);
+        }
+      }
+
+      res.setHeader("Content-Security-Policy", contentSecurityPolicy);
+      await routeRequest(cluster, req, res);
+    };
+  },
+});
+
+export default handleRouteRequestInjectable;

packages/core/src/main/lens-proxy/https-proxy/on-upgrade.injectable.ts

@@ -0,0 +1,44 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import type { Socket } from "net";
+import loggerInjectable from "../../../common/logger.injectable";
+import { apiPrefix } from "../../../common/vars";
+import getClusterForRequestInjectable from "../get-cluster-for-request.injectable";
+import type { ProxyIncomingMessage } from "../messages";
+import kubeApiUpgradeRequestInjectable from "../proxy-functions/kube-api-upgrade-request.injectable";
+import shellApiRequestInjectable from "../proxy-functions/shell-api-request.injectable";
+
+const lensProxyHttpsServerOnUpgradeInjectable = getInjectable({
+  id: "lens-proxy-https-server-on-upgrade",
+  instantiate: (di) => {
+    const getClusterForRequest = di.inject(getClusterForRequestInjectable);
+    const logger = di.inject(loggerInjectable);
+    const shellApiRequest = di.inject(shellApiRequestInjectable);
+    const kubeApiUpgradeRequest = di.inject(kubeApiUpgradeRequestInjectable);
+
+    return (req: ProxyIncomingMessage, socket: Socket, head: Buffer) => {
+      const cluster = getClusterForRequest(req);
+
+      if (!cluster) {
+        logger.error(`[LENS-PROXY]: Could not find cluster for upgrade request from url=${req.url}`);
+        socket.destroy();
+      } else {
+        const isInternal = req.url.startsWith(`${apiPrefix}?`);
+        const reqHandler = isInternal ? shellApiRequest : kubeApiUpgradeRequest;
+
+        void (async () => {
+          try {
+            await reqHandler({ req, socket, head, cluster });
+          } catch (error) {
+            logger.error("[LENS-PROXY]: failed to handle proxy upgrade", error);
+          }
+        })();
+      }
+    };
+  },
+});
+
+export default lensProxyHttpsServerOnUpgradeInjectable;

packages/core/src/main/lens-proxy/https-proxy/server.injectable.ts

@@ -0,0 +1,30 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import { createServer } from "https";
+import lensProxyCertificateInjectable from "../../../common/certificate/lens-proxy-certificate.injectable";
+import handleRouteRequestInjectable from "../handle-route-request.injectable";
+import lensProxyHttpsServerOnUpgradeInjectable from "./on-upgrade.injectable";
+import { ProxyIncomingMessage } from "../messages";
+
+const lensProxyHttpsServerInjectable = getInjectable({
+  id: "lens-proxy-https-server",
+  instantiate: (di) => {
+    const certificate = di.inject(lensProxyCertificateInjectable).get();
+    const handleRouteRequest = di.inject(handleRouteRequestInjectable);
+
+    const server = createServer({
+      key: certificate.private,
+      cert: certificate.cert,
+      IncomingMessage: ProxyIncomingMessage,
+    }, handleRouteRequest);
+
+    server.on("upgrade", di.inject(lensProxyHttpsServerOnUpgradeInjectable));
+
+    return server;
+  },
+});
+
+export default lensProxyHttpsServerInjectable;

packages/core/src/main/lens-proxy/lens-proxy.injectable.ts

@@ -4,33 +4,23 @@
  */
 import { getInjectable } from "@ogre-tools/injectable";
 import { LensProxy } from "./lens-proxy";
-import routeRequestInjectable from "../router/route-request.injectable";
-import httpProxy from "http-proxy";
-import shellApiRequestInjectable from "./proxy-functions/shell-api-request.injectable";
 import lensProxyPortInjectable from "./lens-proxy-port.injectable";
-import contentSecurityPolicyInjectable from "../../common/vars/content-security-policy.injectable";
 import emitAppEventInjectable from "../../common/app-event-bus/emit-event.injectable";
 import loggerInjectable from "../../common/logger.injectable";
-import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable";
+import proxyInjectable from "./proxy.injectable";
-import getClusterForRequestInjectable from "./get-cluster-for-request.injectable";
+import handleRouteRequestInjectable from "./handle-route-request.injectable";
-import kubeAuthProxyServerInjectable from "../cluster/kube-auth-proxy-server.injectable";
+import lensProxyHttpsServerInjectable from "./https-proxy/server.injectable";
-import kubeApiUpgradeRequestInjectable from "./proxy-functions/kube-api-upgrade-request.injectable";
 
 const lensProxyInjectable = getInjectable({
   id: "lens-proxy",
 
   instantiate: (di) => new LensProxy({
-    routeRequest: di.inject(routeRequestInjectable),
+    proxy: di.inject(proxyInjectable),
-    proxy: httpProxy.createProxy(),
+    proxyServer: di.inject(lensProxyHttpsServerInjectable),
-    kubeApiUpgradeRequest: di.inject(kubeApiUpgradeRequestInjectable),
+    handleRouteRequest: di.inject(handleRouteRequestInjectable),
-    shellApiRequest: di.inject(shellApiRequestInjectable),
-    getClusterForRequest: di.inject(getClusterForRequestInjectable),
     lensProxyPort: di.inject(lensProxyPortInjectable),
-    contentSecurityPolicy: di.inject(contentSecurityPolicyInjectable),
     emitAppEvent: di.inject(emitAppEventInjectable),
     logger: di.inject(loggerInjectable),
-    certificate: di.inject(lensProxyCertificateInjectable).get(),
-    getKubeAuthProxyServer: (cluster) => di.inject(kubeAuthProxyServerInjectable, cluster),
   }),
 });
 

packages/core/src/main/lens-proxy/lens-proxy.ts

@@ -4,73 +4,37 @@
  */
 
 import net from "net";
-import https from "https";
+import type https from "https";
 import type http from "http";
 import type httpProxy from "http-proxy";
-import { apiPrefix, apiKubePrefix } from "../../common/vars";
-import type { RouteRequest } from "../router/route-request.injectable";
 import type { Cluster } from "../../common/cluster/cluster";
 import type { ProxyApiRequestArgs } from "./proxy-functions";
 import assert from "assert";
 import type { SetRequired } from "type-fest";
 import type { EmitAppEvent } from "../../common/app-event-bus/emit-event.injectable";
 import type { Logger } from "../../common/logger";
-import type { SelfSignedCert } from "selfsigned";
-import type { KubeAuthProxyServer } from "../cluster/kube-auth-proxy-server.injectable";
-import { isLongRunningRequest } from "./is-long-running-request";
 import { disallowedPorts } from "./disallowed-ports";
+import type { HandleRouteRequest } from "./handle-route-request.injectable";
 
 export type GetClusterForRequest = (req: http.IncomingMessage) => Cluster | undefined;
 export type ServerIncomingMessage = SetRequired<http.IncomingMessage, "url" | "method">;
 export type LensProxyApiRequest = (args: ProxyApiRequestArgs) => void | Promise<void>;
 
 interface Dependencies {
-  getClusterForRequest: GetClusterForRequest;
-  shellApiRequest: LensProxyApiRequest;
-  kubeApiUpgradeRequest: LensProxyApiRequest;
   emitAppEvent: EmitAppEvent;
-  getKubeAuthProxyServer: (cluster: Cluster) => KubeAuthProxyServer;
+  handleRouteRequest: HandleRouteRequest;
-  routeRequest: RouteRequest;
   readonly proxy: httpProxy;
   readonly lensProxyPort: { set: (portNumber: number) => void };
-  readonly contentSecurityPolicy: string;
   readonly logger: Logger;
-  readonly certificate: SelfSignedCert;
+  readonly proxyServer: https.Server;
 }
 
 export class LensProxy {
-  protected proxyServer: https.Server;
   protected closed = false;
   protected retryCounters = new Map<string, number>();
 
   constructor(private readonly dependencies: Dependencies) {
     this.configureProxy(dependencies.proxy);
-
-    this.proxyServer = https.createServer(
-      {
-        key: dependencies.certificate.private,
-        cert: dependencies.certificate.cert,
-      },
-      (req, res) => {
-        this.handleRequest(req as ServerIncomingMessage, res);
-      },
-    );
-
-    this.proxyServer
-      .on("upgrade", (req: ServerIncomingMessage, socket: net.Socket, head: Buffer) => {
-        const cluster = this.dependencies.getClusterForRequest(req);
-
-        if (!cluster) {
-          this.dependencies.logger.error(`[LENS-PROXY]: Could not find cluster for upgrade request from url=${req.url}`);
-          socket.destroy();
-        } else {
-          const isInternal = req.url.startsWith(`${apiPrefix}?`);
-          const reqHandler = isInternal ? this.dependencies.shellApiRequest : this.dependencies.kubeApiUpgradeRequest;
-
-          (async () => reqHandler({ req, socket, head, cluster }))()
-            .catch(error => this.dependencies.logger.error("[LENS-PROXY]: failed to handle proxy upgrade", error));
-        }
-      });
   }
 
   /**
@@ -81,19 +45,19 @@ export class LensProxy {
    */
   private attemptToListen(): Promise<number> {
     return new Promise<number>((resolve, reject) => {
-      this.proxyServer.listen(0, "127.0.0.1");
+      this.dependencies.proxyServer.listen(0, "127.0.0.1");
 
-      this.proxyServer
+      this.dependencies.proxyServer
         .once("listening", () => {
-          this.proxyServer.removeAllListeners("error"); // don't reject the promise
+          this.dependencies.proxyServer.removeAllListeners("error"); // don't reject the promise
 
-          const { address, port } = this.proxyServer.address() as net.AddressInfo;
+          const { address, port } = this.dependencies.proxyServer.address() as net.AddressInfo;
 
           this.dependencies.lensProxyPort.set(port);
 
           this.dependencies.logger.info(`[LENS-PROXY]: Proxy server has started at ${address}:${port}`);
 
-          this.proxyServer.on("error", (error) => {
+          this.dependencies.proxyServer.on("error", (error) => {
             this.dependencies.logger.info(`[LENS-PROXY]: Subsequent error: ${error}`);
           });
 
@@ -116,7 +80,7 @@ export class LensProxy {
     const seenPorts = new Set<number>();
 
     while(true) {
-      this.proxyServer?.close();
+      this.dependencies.proxyServer?.close();
       const port = await this.attemptToListen();
 
       if (!disallowedPorts.has(port)) {
@@ -142,7 +106,7 @@ export class LensProxy {
   close() {
     this.dependencies.logger.info("[LENS-PROXY]: Closing server");
 
-    this.proxyServer.close();
+    this.dependencies.proxyServer.close();
     this.closed = true;
   }
 
@@ -178,7 +142,7 @@ export class LensProxy {
             this.dependencies.logger.debug(`Retrying proxy request to url: ${reqId}`);
             setTimeout(() => {
               this.retryCounters.set(reqId, retryCount + 1);
-              this.handleRequest(req as ServerIncomingMessage, res)
+              this.dependencies.handleRouteRequest(req as any, res)
                 .catch(error => this.dependencies.logger.error(`[LENS-PROXY]: failed to handle request on proxy error: ${error}`));
             }, timeoutMs);
           }
@@ -200,23 +164,4 @@ export class LensProxy {
 
     return req.headers.host + req.url;
   }
-
-  protected async handleRequest(req: ServerIncomingMessage, res: http.ServerResponse) {
-    const cluster = this.dependencies.getClusterForRequest(req);
-
-    if (cluster && req.url.startsWith(apiKubePrefix)) {
-      delete req.headers.authorization;
-      req.url = req.url.replace(apiKubePrefix, "");
-
-      const kubeAuthProxyServer = this.dependencies.getKubeAuthProxyServer(cluster);
-      const proxyTarget = await kubeAuthProxyServer.getApiTarget(isLongRunningRequest(req.url));
-
-      if (proxyTarget) {
-        return this.dependencies.proxy.web(req, res, proxyTarget);
-      }
-    }
-
-    res.setHeader("Content-Security-Policy", this.dependencies.contentSecurityPolicy);
-    await this.dependencies.routeRequest(cluster, req, res);
-  }
 }

packages/core/src/main/lens-proxy/messages.ts

@@ -0,0 +1,11 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+
+import http from "http";
+
+export class ProxyIncomingMessage extends http.IncomingMessage {
+  declare url: string;
+  declare method: string;
+}

packages/core/src/main/lens-proxy/proxy.injectable.ts

@@ -0,0 +1,13 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import { createProxy } from "http-proxy";
+
+const proxyInjectable = getInjectable({
+  id: "proxy",
+  instantiate: () => createProxy(),
+});
+
+export default proxyInjectable;