diff --git a/src/common/cluster/cluster.ts b/src/common/cluster/cluster.ts index a1353474b1..7f2d32df60 100644 --- a/src/common/cluster/cluster.ts +++ b/src/common/cluster/cluster.ts @@ -469,13 +469,11 @@ export class Cluster implements ClusterModel { const canI = this.dependencies.createAuthorizationReview(proxyConfig); const requestNamespaceListPermissions = this.dependencies.requestNamespaceListPermissionsFor(proxyConfig); - console.log("before this.isAdmin"); this.isAdmin = await canI({ namespace: "kube-system", resource: "*", verb: "create", }); - console.log("finished this.isAdmin"); this.isGlobalWatchEnabled = await canI({ verb: "watch", resource: "*", @@ -528,7 +526,6 @@ export class Cluster implements ClusterModel { return ClusterStatus.AccessGranted; } catch (error) { - console.error(error); this.dependencies.logger.error(`[CLUSTER]: Failed to connect to "${this.contextName}": ${error}`); if (isRequestError(error)) { diff --git a/src/common/cluster/create-authorization-review.injectable.ts b/src/common/cluster/create-authorization-review.injectable.ts index 1be387140c..2b084f3f5e 100644 --- a/src/common/cluster/create-authorization-review.injectable.ts +++ b/src/common/cluster/create-authorization-review.injectable.ts @@ -40,7 +40,7 @@ const createAuthorizationReviewInjectable = getInjectable({ return body.status?.allowed ?? false; } catch (error) { - logger.error(`[AUTHORIZATION-REVIEW]: failed to create access review: ${error}`, { resourceAttributes }); + logger.error(`[AUTHORIZATION-REVIEW]: failed to create access review`, { resourceAttributes }, error); return false; } diff --git a/src/common/cluster/make-api-client.injectable.ts b/src/common/cluster/make-api-client.injectable.ts index e7f4c658a6..8ce090834b 100644 --- a/src/common/cluster/make-api-client.injectable.ts +++ b/src/common/cluster/make-api-client.injectable.ts @@ -25,7 +25,7 @@ const makeApiClientInjectable = getInjectable({ api.addInterceptor((opts) => { opts.headers ??= {}; - opts.headers[lensAuthenticationHeader] = lensAuthenticationHeaderValue; + opts.headers[lensAuthenticationHeader] = `Bearer ${lensAuthenticationHeaderValue}`; }); return api; diff --git a/src/common/fetch/lens-authed-fetch.injectable.ts b/src/common/fetch/lens-authed-fetch.injectable.ts index 257cca76e2..9de6384e9f 100644 --- a/src/common/fetch/lens-authed-fetch.injectable.ts +++ b/src/common/fetch/lens-authed-fetch.injectable.ts @@ -3,10 +3,9 @@ * Licensed under MIT License. See LICENSE in root directory for more information. */ import { getInjectable } from "@ogre-tools/injectable"; -import { Agent } from "https"; import type { RequestInit, Response } from "node-fetch"; +import lensAuthenticatedAgentInjectable from "../../features/lens-proxy/common/lens-auth-agent.injectable"; import { lensAuthenticationHeaderValueInjectionToken } from "../auth/header-value"; -import { lensProxyCertificateInjectionToken } from "../certificate/token"; import { lensAuthenticationHeader } from "../vars/auth-header"; import fetchModuleInjectable from "./fetch-module.injectable"; import fetchInjectable from "./fetch.injectable"; @@ -23,7 +22,7 @@ const lensAuthenticatedFetchInjectable = getInjectable({ id: "lens-authenticated-fetch", instantiate: (di): AuthenticatedFetch => { const authHeaderValue = di.inject(lensAuthenticationHeaderValueInjectionToken); - const lensProxyCertificate = di.inject(lensProxyCertificateInjectionToken); + const lensAuthenticatedAgent = di.inject(lensAuthenticatedAgentInjectable); const fetch = di.inject(fetchInjectable); const { Headers } = di.inject(fetchModuleInjectable); @@ -33,16 +32,13 @@ const lensAuthenticatedFetchInjectable = getInjectable({ ...rest } = init ?? {}; const headers = new Headers(headersInit); - const agent = new Agent({ - ca: lensProxyCertificate.cert, - }); - headers.set(lensAuthenticationHeader, authHeaderValue); + headers.set(lensAuthenticationHeader, `Bearer ${authHeaderValue}`); return fetch(url, { headers, ...rest, - agent, + agent: lensAuthenticatedAgent, }); }; }, diff --git a/src/common/k8s-api/api-base-configs.ts b/src/common/k8s-api/api-base-configs.ts deleted file mode 100644 index 5ac67229ec..0000000000 --- a/src/common/k8s-api/api-base-configs.ts +++ /dev/null @@ -1,14 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ - -import { getInjectionToken } from "@ogre-tools/injectable"; - -export const apiBaseServerAddressInjectionToken = getInjectionToken({ - id: "api-base-config-server-address-token", -}); - -export const apiBaseHostHeaderInjectionToken = getInjectionToken({ - id: "api-base-host-header-token", -}); diff --git a/src/common/k8s-api/api-base.injectable.ts b/src/common/k8s-api/api-base.injectable.ts index 459b3eca61..93fc3f242a 100644 --- a/src/common/k8s-api/api-base.injectable.ts +++ b/src/common/k8s-api/api-base.injectable.ts @@ -4,12 +4,14 @@ */ import { getInjectable } from "@ogre-tools/injectable"; import { lensAuthenticationHeaderValueInjectionToken } from "../auth/header-value"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; import { apiPrefix } from "../vars"; -import { lensAuthenticationHeader } from "../vars/auth-header"; +import { lensAuthenticationHeader, lensClusterIdHeader } from "../vars/auth-header"; import isDebuggingInjectable from "../vars/is-debugging.injectable"; import isDevelopmentInjectable from "../vars/is-development.injectable"; -import { apiBaseHostHeaderInjectionToken, apiBaseServerAddressInjectionToken } from "./api-base-configs"; import createJsonApiInjectable from "./create-json-api.injectable"; +import lensAuthenticatedAgentInjectable from "../../features/lens-proxy/common/lens-auth-agent.injectable"; +import { currentClusterIdInjectionToken } from "../../features/cluster/cluster-id/common/current-token"; const apiBaseInjectable = getInjectable({ id: "api-base", @@ -17,19 +19,26 @@ const apiBaseInjectable = getInjectable({ const createJsonApi = di.inject(createJsonApiInjectable); const isDebugging = di.inject(isDebuggingInjectable); const isDevelopment = di.inject(isDevelopmentInjectable); - const serverAddress = di.inject(apiBaseServerAddressInjectionToken); - const hostHeaderValue = di.inject(apiBaseHostHeaderInjectionToken); + const lensProxyPort = di.inject(lensProxyPortInjectable); const lensAuthenticationHeaderValue = di.inject(lensAuthenticationHeaderValueInjectionToken); + const lensAuthenticatedAgent = di.inject(lensAuthenticatedAgentInjectable); + const currentClusterId = di.inject(currentClusterIdInjectionToken); + + const headers = new Headers(); + + headers.set(lensAuthenticationHeader, `Bearer ${lensAuthenticationHeaderValue}`); + + if (currentClusterId) { + headers.set(lensClusterIdHeader, currentClusterId); + } return createJsonApi({ - serverAddress, + serverAddress: `https://127.0.0.1:${lensProxyPort.get()}`, apiBase: apiPrefix, debug: isDevelopment || isDebugging, }, { - headers: { - "Host": hostHeaderValue, - [lensAuthenticationHeader]: lensAuthenticationHeaderValue, - }, + headers, + agent: lensAuthenticatedAgent, }); }, }); diff --git a/src/common/k8s-api/create-kube-json-api-for-cluster.injectable.ts b/src/common/k8s-api/create-kube-json-api-for-cluster.injectable.ts index d2da92992d..ab1e862aa0 100644 --- a/src/common/k8s-api/create-kube-json-api-for-cluster.injectable.ts +++ b/src/common/k8s-api/create-kube-json-api-for-cluster.injectable.ts @@ -3,10 +3,11 @@ * Licensed under MIT License. See LICENSE in root directory for more information. */ import { getInjectable } from "@ogre-tools/injectable"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; +import { lensAuthenticationHeaderValueInjectionToken } from "../auth/header-value"; import { apiKubePrefix } from "../vars"; -import { lensClusterIdHeader } from "../vars/auth-header"; +import { lensAuthenticationHeader, lensClusterIdHeader } from "../vars/auth-header"; import isDebuggingInjectable from "../vars/is-debugging.injectable"; -import { apiBaseServerAddressInjectionToken } from "./api-base-configs"; import createKubeJsonApiInjectable from "./create-kube-json-api.injectable"; import type { KubeJsonApi } from "./kube-json-api"; @@ -17,15 +18,18 @@ const createKubeJsonApiForClusterInjectable = getInjectable({ instantiate: (di): CreateKubeJsonApiForCluster => { const createKubeJsonApi = di.inject(createKubeJsonApiInjectable); const isDebugging = di.inject(isDebuggingInjectable); + const lensProxyPort = di.inject(lensProxyPortInjectable); + const lensAuthenticationHeaderValue = di.inject(lensAuthenticationHeaderValueInjectionToken); return (clusterId) => createKubeJsonApi( { - serverAddress: di.inject(apiBaseServerAddressInjectionToken), + serverAddress: `https://127.0.0.1:${lensProxyPort.get()}`, apiBase: apiKubePrefix, debug: isDebugging, }, { headers: { + [lensAuthenticationHeader]: `Bearer ${lensAuthenticationHeaderValue}`, [lensClusterIdHeader]: clusterId, }, }, diff --git a/src/common/k8s-api/window-location.global-override-for-injectable.ts b/src/common/k8s-api/window-location.global-override-for-injectable.ts deleted file mode 100644 index 616e110c88..0000000000 --- a/src/common/k8s-api/window-location.global-override-for-injectable.ts +++ /dev/null @@ -1,12 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ - -import { getGlobalOverride } from "../test-utils/get-global-override"; -import windowLocationInjectable from "./window-location.injectable"; - -export default getGlobalOverride(windowLocationInjectable, () => ({ - host: "localhost", - port: "12345", -})); diff --git a/src/common/k8s-api/window-location.injectable.ts b/src/common/k8s-api/window-location.injectable.ts deleted file mode 100644 index 80bcd44be6..0000000000 --- a/src/common/k8s-api/window-location.injectable.ts +++ /dev/null @@ -1,17 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ -import { getInjectable } from "@ogre-tools/injectable"; - -const windowLocationInjectable = getInjectable({ - id: "window-location", - instantiate: () => { - const { host, port } = window.location; - - return { host, port }; - }, - causesSideEffects: true, -}); - -export default windowLocationInjectable; diff --git a/src/common/utils/request-app-version.injectable.ts b/src/common/utils/request-app-version.injectable.ts index 449c8bb5a5..599bb3c205 100644 --- a/src/common/utils/request-app-version.injectable.ts +++ b/src/common/utils/request-app-version.injectable.ts @@ -3,7 +3,7 @@ * Licensed under MIT License. See LICENSE in root directory for more information. */ import { getInjectable } from "@ogre-tools/injectable"; -import lensProxyPortInjectable from "../../main/lens-proxy/lens-proxy-port.injectable"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; import lensAuthenticatedFetchInjectable from "../fetch/lens-authed-fetch.injectable"; const requestAppVersionInjectable = getInjectable({ diff --git a/src/features/cluster/cluster-id/common/current-token.ts b/src/features/cluster/cluster-id/common/current-token.ts new file mode 100644 index 0000000000..4b7248d7aa --- /dev/null +++ b/src/features/cluster/cluster-id/common/current-token.ts @@ -0,0 +1,11 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ + +import { getInjectionToken } from "@ogre-tools/injectable"; +import type { ClusterId } from "../../../../common/cluster-types"; + +export const currentClusterIdInjectionToken = getInjectionToken({ + id: "current-cluster-id-token", +}); diff --git a/src/features/cluster/cluster-id/main/current.injectable.ts b/src/features/cluster/cluster-id/main/current.injectable.ts new file mode 100644 index 0000000000..cccbbc7a12 --- /dev/null +++ b/src/features/cluster/cluster-id/main/current.injectable.ts @@ -0,0 +1,14 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { currentClusterIdInjectionToken } from "../common/current-token"; + +const currentClusterIdInjectable = getInjectable({ + id: "current-cluster-id", + instantiate: () => undefined, + injectionToken: currentClusterIdInjectionToken, +}); + +export default currentClusterIdInjectable; diff --git a/src/features/cluster/cluster-id/renderer/current.injectable.ts b/src/features/cluster/cluster-id/renderer/current.injectable.ts new file mode 100644 index 0000000000..f330bb6976 --- /dev/null +++ b/src/features/cluster/cluster-id/renderer/current.injectable.ts @@ -0,0 +1,15 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import hostedClusterIdInjectable from "../../../../renderer/cluster-frame-context/hosted-cluster-id.injectable"; +import { currentClusterIdInjectionToken } from "../common/current-token"; + +const currentClusterIdInjectable = getInjectable({ + id: "current-cluster-id", + instantiate: (di) => di.inject(hostedClusterIdInjectable), + injectionToken: currentClusterIdInjectionToken, +}); + +export default currentClusterIdInjectable; diff --git a/src/features/lens-proxy/common/lens-auth-agent.injectable.ts b/src/features/lens-proxy/common/lens-auth-agent.injectable.ts new file mode 100644 index 0000000000..2b40158152 --- /dev/null +++ b/src/features/lens-proxy/common/lens-auth-agent.injectable.ts @@ -0,0 +1,20 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { Agent } from "https"; +import { lensProxyCertificateInjectionToken } from "../../../common/certificate/token"; + +const lensAuthenticatedAgentInjectable = getInjectable({ + id: "lens-authenticated-agent", + instantiate: (di) => { + const lensProxyCertificate = di.inject(lensProxyCertificateInjectionToken); + + return new Agent({ + ca: lensProxyCertificate.cert, + }); + }, +}); + +export default lensAuthenticatedAgentInjectable; diff --git a/src/features/lens-proxy/common/port-channel.ts b/src/features/lens-proxy/common/port-channel.ts new file mode 100644 index 0000000000..5f20a069ed --- /dev/null +++ b/src/features/lens-proxy/common/port-channel.ts @@ -0,0 +1,10 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ + +import type { RequestChannel } from "../../../common/utils/channel/request-channel-listener-injection-token"; + +export const lensProxyPortChannel: RequestChannel = { + id: "lens-proxy-port", +}; diff --git a/src/main/lens-proxy/lens-proxy-port.injectable.ts b/src/features/lens-proxy/common/port.injectable.ts similarity index 100% rename from src/main/lens-proxy/lens-proxy-port.injectable.ts rename to src/features/lens-proxy/common/port.injectable.ts diff --git a/src/features/lens-proxy/main/port-handler.injectable.ts b/src/features/lens-proxy/main/port-handler.injectable.ts new file mode 100644 index 0000000000..844d2721ec --- /dev/null +++ b/src/features/lens-proxy/main/port-handler.injectable.ts @@ -0,0 +1,19 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ + +import { getRequestChannelListenerInjectable } from "../../../main/utils/channel/channel-listeners/listener-tokens"; +import { lensProxyPortChannel } from "../common/port-channel"; +import lensProxyPortInjectable from "../common/port.injectable"; + +const lensProxyPortListener = getRequestChannelListenerInjectable({ + channel: lensProxyPortChannel, + handler: (di) => { + const lensProxyPort = di.inject(lensProxyPortInjectable); + + return () => lensProxyPort.get(); + }, +}); + +export default lensProxyPortListener; diff --git a/src/features/lens-proxy/renderer/init.injectable.ts b/src/features/lens-proxy/renderer/init.injectable.ts new file mode 100644 index 0000000000..c60f8dbd41 --- /dev/null +++ b/src/features/lens-proxy/renderer/init.injectable.ts @@ -0,0 +1,25 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { beforeFrameStartsFirstInjectionToken } from "../../../renderer/before-frame-starts/tokens"; +import requestFromChannelInjectable from "../../../renderer/utils/channel/request-from-channel.injectable"; +import { lensProxyPortChannel } from "../common/port-channel"; +import lensProxyPortInjectable from "../common/port.injectable"; + +const initLensProxyPortInjectable = getInjectable({ + id: "init-lens-proxy-port", + instantiate: (di) => ({ + id: "init-lens-proxy-port", + run: async () => { + const lensProxyPort = di.inject(lensProxyPortInjectable); + const requestFromChannel = di.inject(requestFromChannelInjectable); + + lensProxyPort.set(await requestFromChannel(lensProxyPortChannel)); + }, + }), + injectionToken: beforeFrameStartsFirstInjectionToken, +}); + +export default initLensProxyPortInjectable; diff --git a/src/main/__test__/kubeconfig-manager.test.ts b/src/main/__test__/kubeconfig-manager.test.ts index 9f36f1f2ea..54ac0da3f8 100644 --- a/src/main/__test__/kubeconfig-manager.test.ts +++ b/src/main/__test__/kubeconfig-manager.test.ts @@ -30,7 +30,7 @@ import removePathInjectable from "../../common/fs/remove.injectable"; import pathExistsSyncInjectable from "../../common/fs/path-exists-sync.injectable"; import readJsonSyncInjectable from "../../common/fs/read-json-sync.injectable"; import writeJsonSyncInjectable from "../../common/fs/write-json-sync.injectable"; -import lensProxyPortInjectable from "../lens-proxy/lens-proxy-port.injectable"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; const clusterServerUrl = "https://192.168.64.3:8443"; diff --git a/src/main/k8s-request.injectable.ts b/src/main/k8s-request.injectable.ts index 8a7799da09..4feb85e09a 100644 --- a/src/main/k8s-request.injectable.ts +++ b/src/main/k8s-request.injectable.ts @@ -5,7 +5,7 @@ import { apiKubePrefix } from "../common/vars"; import type { Cluster } from "../common/cluster/cluster"; import { getInjectable } from "@ogre-tools/injectable"; -import lensProxyPortInjectable from "./lens-proxy/lens-proxy-port.injectable"; +import lensProxyPortInjectable from "../features/lens-proxy/common/port.injectable"; import type { AuthenticatedRequestInit } from "../common/fetch/lens-authed-fetch.injectable"; import lensAuthenticatedFetchInjectable from "../common/fetch/lens-authed-fetch.injectable"; import nodeFetchModuleInjectable from "../common/fetch/fetch-module.injectable"; @@ -35,8 +35,6 @@ const k8sRequestInjectable = getInjectable({ if (200 <= response.status && response.status < 300) { const body = await response.text(); - console.log(body); - return JSON.parse(body); } diff --git a/src/main/k8s/api-base-host-header.injectable.ts b/src/main/k8s/api-base-host-header.injectable.ts deleted file mode 100644 index 281c4fda84..0000000000 --- a/src/main/k8s/api-base-host-header.injectable.ts +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ -import { getInjectable } from "@ogre-tools/injectable"; -import { apiBaseHostHeaderInjectionToken } from "../../common/k8s-api/api-base-configs"; -import lensProxyPortInjectable from "../lens-proxy/lens-proxy-port.injectable"; - -const apiBaseHostHeaderInjectable = getInjectable({ - id: "api-base-host-header", - instantiate: (di) => { - const lensProxyPort = di.inject(lensProxyPortInjectable); - - return `localhost:${lensProxyPort.get()}`; - }, - injectionToken: apiBaseHostHeaderInjectionToken, -}); - -export default apiBaseHostHeaderInjectable; diff --git a/src/main/k8s/api-base-server-address.injectable.ts b/src/main/k8s/api-base-server-address.injectable.ts deleted file mode 100644 index 8d3a960ed4..0000000000 --- a/src/main/k8s/api-base-server-address.injectable.ts +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ -import { getInjectable } from "@ogre-tools/injectable"; -import { apiBaseServerAddressInjectionToken } from "../../common/k8s-api/api-base-configs"; -import lensProxyPortInjectable from "../lens-proxy/lens-proxy-port.injectable"; - -const apiBaseServerAddressInjectable = getInjectable({ - id: "api-base-server-address", - instantiate: (di) => { - const lensProxyPort = di.inject(lensProxyPortInjectable); - - return `https://127.0.0.1:${lensProxyPort.get()}`; - }, - injectionToken: apiBaseServerAddressInjectionToken, -}); - -export default apiBaseServerAddressInjectable; diff --git a/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts b/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts index f83d082723..6fd68c0a43 100644 --- a/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts +++ b/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts @@ -8,7 +8,7 @@ import directoryForTempInjectable from "../../common/app-paths/directory-for-tem import type { KubeconfigManagerDependencies } from "./kubeconfig-manager"; import { KubeconfigManager } from "./kubeconfig-manager"; import loggerInjectable from "../../common/logger.injectable"; -import lensProxyPortInjectable from "../lens-proxy/lens-proxy-port.injectable"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; import joinPathsInjectable from "../../common/path/join-paths.injectable"; import getDirnameOfPathInjectable from "../../common/path/get-dirname.injectable"; import pathExistsInjectable from "../../common/fs/path-exists.injectable"; diff --git a/src/main/kubeconfig-manager/kubeconfig-manager.ts b/src/main/kubeconfig-manager/kubeconfig-manager.ts index 16be3bebda..2fb2123f85 100644 --- a/src/main/kubeconfig-manager/kubeconfig-manager.ts +++ b/src/main/kubeconfig-manager/kubeconfig-manager.ts @@ -15,7 +15,6 @@ import type { GetDirnameOfPath } from "../../common/path/get-dirname.injectable" import type { PathExists } from "../../common/fs/path-exists.injectable"; import type { RemovePath } from "../../common/fs/remove.injectable"; import type { WriteFile } from "../../common/fs/write-file.injectable"; -import { lensAuthenticationHeader } from "../../common/vars/auth-header"; import type { SelfSignedCert } from "selfsigned"; export interface KubeconfigManagerDependencies { @@ -101,9 +100,6 @@ export class KubeconfigManager { `kubeconfig-${id}`, ); const kubeConfig = await cluster.getKubeconfig(); - const searchParams = new URLSearchParams({ - [lensAuthenticationHeader]: this.dependencies.authHeaderValue, - }); const proxyConfig: PartialDeep = { currentContext: contextName, @@ -111,7 +107,7 @@ export class KubeconfigManager { { name: contextName, caData: Buffer.from(this.dependencies.lensProxyCertificate.cert).toString("base64"), - server: `https://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}?${searchParams}`, + server: `https://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}`, skipTLSVerify: false, }, ], diff --git a/src/main/lens-proxy/auth-header-value.injectable.ts b/src/main/lens-proxy/auth-header-value.injectable.ts index 4c89d061c4..5ccffdbd83 100644 --- a/src/main/lens-proxy/auth-header-value.injectable.ts +++ b/src/main/lens-proxy/auth-header-value.injectable.ts @@ -8,7 +8,7 @@ import { lensAuthenticationHeaderValueInjectionToken } from "../../common/auth/h const authHeaderValueInjectable = getInjectable({ id: "auth-header-value", - instantiate: () => `Bearer ${uuid.v4()}`, + instantiate: () => uuid.v4(), injectionToken: lensAuthenticationHeaderValueInjectionToken, }); diff --git a/src/main/lens-proxy/get-cluster-for-request.injectable.ts b/src/main/lens-proxy/get-cluster-for-request.injectable.ts index 8d21f1fe60..a51a2b3fef 100644 --- a/src/main/lens-proxy/get-cluster-for-request.injectable.ts +++ b/src/main/lens-proxy/get-cluster-for-request.injectable.ts @@ -19,8 +19,6 @@ const getClusterForRequestInjectable = getInjectable({ return (req) => { const clusterId = req.headers[lensClusterIdHeader.toLowerCase()]; - console.log(clusterId); - if (typeof clusterId === "string") { return getClusterById(clusterId); } diff --git a/src/main/lens-proxy/lens-proxy.injectable.ts b/src/main/lens-proxy/lens-proxy.injectable.ts index b4f7ee071a..25dfca2dd7 100644 --- a/src/main/lens-proxy/lens-proxy.injectable.ts +++ b/src/main/lens-proxy/lens-proxy.injectable.ts @@ -8,7 +8,7 @@ import { kubeApiUpgradeRequest } from "./proxy-functions"; import routeRequestInjectable from "../router/route-request.injectable"; import httpProxy from "http-proxy"; import shellApiRequestInjectable from "./proxy-functions/shell-api-request/shell-api-request.injectable"; -import lensProxyPortInjectable from "./lens-proxy-port.injectable"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; import contentSecurityPolicyInjectable from "../../common/vars/content-security-policy.injectable"; import emitAppEventInjectable from "../../common/app-event-bus/emit-event.injectable"; import loggerInjectable from "../../common/logger.injectable"; diff --git a/src/main/lens-proxy/lens-proxy.ts b/src/main/lens-proxy/lens-proxy.ts index 35aa2adb08..67368e8b30 100644 --- a/src/main/lens-proxy/lens-proxy.ts +++ b/src/main/lens-proxy/lens-proxy.ts @@ -90,7 +90,7 @@ export class LensProxy { const cluster = this.dependencies.getClusterForRequest(req); const url = new URL(req.url, "https://localhost"); - if (url.searchParams.get(lensAuthenticationHeader) !== this.dependencies.authHeaderValue) { + if (url.searchParams.get(lensAuthenticationHeader) !== `Bearer ${this.dependencies.authHeaderValue}`) { this.dependencies.logger.warn(`[LENS-PROXY]: Request from url=${req.url} missing authentication`); socket.destroy(); @@ -260,8 +260,6 @@ export class LensProxy { protected async handleRequest(req: ServerIncomingMessage, res: http.ServerResponse) { const cluster = this.dependencies.getClusterForRequest(req); - console.log(cluster?.id, req.url, req.headers); - const writeServerResponse = writeServerResponseFor(res); if (cluster) { @@ -270,7 +268,7 @@ export class LensProxy { if (proxyTarget) { const authHeader = req.headers[lensAuthenticationHeader.toLowerCase()]; - if (authHeader !== this.dependencies.authHeaderValue) { + if (authHeader !== `Bearer ${this.dependencies.authHeaderValue}`) { writeServerResponse(contentTypes.txt.resultMapper({ statusCode: 401, response: "Missing authorization", diff --git a/src/main/router/create-handler-for-route.injectable.ts b/src/main/router/create-handler-for-route.injectable.ts index a4bade4b76..456a9dc94a 100644 --- a/src/main/router/create-handler-for-route.injectable.ts +++ b/src/main/router/create-handler-for-route.injectable.ts @@ -18,7 +18,7 @@ const createHandlerForRouteInjectable = getInjectable({ id: "create-handler-for-route", instantiate: (di): CreateHandlerForRoute => { const logger = di.inject(loggerInjectable); - const authHeaderValue = di.inject(authHeaderValueInjectable); + const authHeaderValue = `Bearer ${di.inject(authHeaderValueInjectable)}`; return (route) => async (request, response) => { const writeServerResponse = writeServerResponseFor(response); diff --git a/src/renderer/components/test-utils/get-application-builder.tsx b/src/renderer/components/test-utils/get-application-builder.tsx index 405a4e3179..4f25790eb0 100644 --- a/src/renderer/components/test-utils/get-application-builder.tsx +++ b/src/renderer/components/test-utils/get-application-builder.tsx @@ -35,7 +35,7 @@ import { overrideChannels } from "../../../test-utils/channel-fakes/override-cha import assert from "assert"; import { openMenu } from "react-select-event"; import userEvent from "@testing-library/user-event"; -import lensProxyPortInjectable from "../../../main/lens-proxy/lens-proxy-port.injectable"; +import lensProxyPortInjectable from "../../../features/lens-proxy/common/port.injectable"; import type { Route } from "../../../common/front-end-routing/front-end-route-injection-token"; import type { NavigateToRouteOptions } from "../../../common/front-end-routing/navigate-to-route-injection-token"; import { navigateToRouteInjectionToken } from "../../../common/front-end-routing/navigate-to-route-injection-token"; diff --git a/src/renderer/k8s/api-base-host-header.injectable.ts b/src/renderer/k8s/api-base-host-header.injectable.ts deleted file mode 100644 index 6ca954c85c..0000000000 --- a/src/renderer/k8s/api-base-host-header.injectable.ts +++ /dev/null @@ -1,15 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ -import { getInjectable } from "@ogre-tools/injectable"; -import { apiBaseHostHeaderInjectionToken } from "../../common/k8s-api/api-base-configs"; -import windowLocationInjectable from "../../common/k8s-api/window-location.injectable"; - -const apiBaseHostHeaderInjectable = getInjectable({ - id: "api-base-host-header", - instantiate: (di) => di.inject(windowLocationInjectable).host, - injectionToken: apiBaseHostHeaderInjectionToken, -}); - -export default apiBaseHostHeaderInjectable; diff --git a/src/renderer/k8s/api-base-server-address.injectable.ts b/src/renderer/k8s/api-base-server-address.injectable.ts deleted file mode 100644 index 17f4028ea8..0000000000 --- a/src/renderer/k8s/api-base-server-address.injectable.ts +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Copyright (c) OpenLens Authors. All rights reserved. - * Licensed under MIT License. See LICENSE in root directory for more information. - */ -import { getInjectable } from "@ogre-tools/injectable"; -import { apiBaseServerAddressInjectionToken } from "../../common/k8s-api/api-base-configs"; -import windowLocationInjectable from "../../common/k8s-api/window-location.injectable"; - -const apiBaseServerAddressInjectable = getInjectable({ - id: "api-base-server-address", - instantiate: (di) => { - const { port } = di.inject(windowLocationInjectable); - - return `https://127.0.0.1:${port}`; - }, - injectionToken: apiBaseServerAddressInjectionToken, -}); - -export default apiBaseServerAddressInjectable; diff --git a/src/renderer/k8s/api-kube.injectable.ts b/src/renderer/k8s/api-kube.injectable.ts index e13f98e725..82d596be67 100644 --- a/src/renderer/k8s/api-kube.injectable.ts +++ b/src/renderer/k8s/api-kube.injectable.ts @@ -10,10 +10,11 @@ import { storesAndApisCanBeCreatedInjectionToken } from "../../common/k8s-api/st import createKubeJsonApiInjectable from "../../common/k8s-api/create-kube-json-api.injectable"; import isDevelopmentInjectable from "../../common/vars/is-development.injectable"; import showErrorNotificationInjectable from "../components/notifications/show-error-notification.injectable"; -import windowLocationInjectable from "../../common/k8s-api/window-location.injectable"; import { lensAuthenticationHeaderValueInjectionToken } from "../../common/auth/header-value"; import { lensAuthenticationHeader, lensClusterIdHeader } from "../../common/vars/auth-header"; import hostedClusterIdInjectable from "../cluster-frame-context/hosted-cluster-id.injectable"; +import lensProxyPortInjectable from "../../features/lens-proxy/common/port.injectable"; +import lensAuthenticatedAgentInjectable from "../../features/lens-proxy/common/lens-auth-agent.injectable"; const apiKubeInjectable = getInjectable({ id: "api-kube", @@ -22,22 +23,23 @@ const apiKubeInjectable = getInjectable({ const createKubeJsonApi = di.inject(createKubeJsonApiInjectable); const isDevelopment = di.inject(isDevelopmentInjectable); const showErrorNotification = di.inject(showErrorNotificationInjectable); - const { port, host } = di.inject(windowLocationInjectable); const lensAuthenticationHeaderValue = di.inject(lensAuthenticationHeaderValueInjectionToken); const hostedClusterId = di.inject(hostedClusterIdInjectable); + const lensProxyPort = di.inject(lensProxyPortInjectable); + const lensAuthenticatedAgent = di.inject(lensAuthenticatedAgentInjectable); assert(hostedClusterId); const apiKube = createKubeJsonApi({ - serverAddress: `https://127.0.0.1:${port}`, + serverAddress: `https://127.0.0.1:${lensProxyPort.get()}`, apiBase: apiKubePrefix, debug: isDevelopment, }, { headers: { - "Host": host, - [lensAuthenticationHeader]: lensAuthenticationHeaderValue, + [lensAuthenticationHeader]: `Bearer ${lensAuthenticationHeaderValue}`, [lensClusterIdHeader]: hostedClusterId, }, + agent: lensAuthenticatedAgent, }); apiKube.onError.addListener((error, res) => {