Refactor Vue Router and Authentication infrastructure #41
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
We are planning on swapping out authentication library systems from keycloak-js. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
In order to ensure there are hooks to acquiring the configuration data, we wrap the action in a singleton service that can be explicitly initialized. This will be used upon application bootup and ensure that we do not call the /config endpoint more than necessary. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
In order to provide a stable interface for general OIDC authentication operations, we wrap the common pathways of the oidc-client-ts library into a singleton service so that the rest of the application can invoke and interact with the new authentication system without worrying about the order of operations needed to bootstrap a user. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Part of the reason we ended up refactoring the config and auth layers is because we had no way to synchronously wait on the acquisition of config and user auth state. This change ensures that both config and auth are loaded before we mount the application. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
This change focuses on two things: Using the new authentication system and ensuring that static redirection still occurs in production mode code. To achieve this, a full rewrite of the router interceptor lifecycles had to be done. Note that this implementation allows any route to handle the OIDC callback flow. This may or may not be best practices, as other examples frequently direct the OIDC provider to redirect back to a known hard path instead. We went this generic approach as we want to reasonably preserve the potential differences in path and redirections that will also already happen in tandem with on-load behavior. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
This transformer function's sole purpose is to handle aggregation of any query params or path params and have them be exposed to the view for consumption. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
This will be useful for development purposes where we need to flip on verbose debug logs. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Since we want to expose most pinia state as a gated read-only computed getter, we add in this utility function so that it can autowire all the functions needed without having to explicitly write a function for each state object. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Also completes implementation of authStore so that the store data is updated based on userManager events. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
The changes to the vue-router are needed in order to make sure redirection and order of operations on login and mounting are done in the right order. Constants are also redone so that they are in all caps. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
This rename was done in order to make the view more accurately reflect its purpose and where it is mounted in the application. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
While the service singletons are up and running at this point, we want the stores to also be aware of the data changes and be able to react to async update events that show up in userManager. For this to happen, the init function must explicitly add event handlers to userManager before the app starts up. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
While we want to have a way to support a loading visual, the logic that needs to wait is now done before the application is mounted. We will need to revisit this later with a different approach. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
This change reduces instance duplication and makes sure the event handlers mounted in the store stay mounted to the same userManager. This change also adds debug support to conditionally expose the direct state elements in the setup function. Lastly, InitApp is removed as we now initialize earlier in the lifecycle before vue even gets mounted to the DOM. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
While this HoF does work and autowires our state as intended, it is unable to pass typescript compilation checks because typescript expects the methods to be defined explicitly instead of being generated at runtime. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Also bugfixes the requiredAuth meta flag not being picked up correctly Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
There are fringe cases where an access token has expired and is not able to be refreshed. This is addressed by adding an accessToken expiration check to isAuthenticated state checker. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Unfortunately this doesn't appear to fully navigate the application. Left some commented breadcrumbs to revisit later. Also added some various fixes to ensure the application is nominally working on quick inspection. Will need to revisit how and where userStore actually needs to be loaded, but leaving it in top level of application to maintain functionality. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
By shifting the redirection and storage logic from service layer up to component/view layer, we are able to take advantage of the vue context and navigate cleanly between pages for the login flow. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Values still may need to be tweaked, but were grafted from vue-scaffold. Also fixed the config version footer being broken. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
This change wraps up the progress loader so that it is its own component. As well, general file location changes are applied so that layout related components are indexed and grouped together. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Also removes keycloak-js dependency from frontend. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
jujaga
added
bug
Coverage Report (Frontend)
|
Coverage Report (Application)
|
We discovered later on that this flag was actually preventing proper handling of the r query parameter. Since we are doing explicit oidc paths for the auth flow, we can safely remove this flag. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Typescript 4.9.x is not yet supported by a dependency so we are rolling back in the short term. To avoid circular dependency issues, the store index needs to be exporting default aliases for tree shaking purposes. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
kamorel
reviewed
Mar 1, 2023
kamorel
reviewed
Mar 1, 2023
kamorel
reviewed
Mar 1, 2023
kamorel
approved these changes
Mar 1, 2023
TimCsaky
approved these changes
Mar 1, 2023
TimCsaky
reviewed
Mar 1, 2023
|
|
||
| onBeforeMount(async () => { | ||
| appStore.beginDeterminateLoading(); | ||
| await useAuthStore().init(); |
There was a problem hiding this comment.
i thought useAuthStore().init(); was already called when you initializeApp() in main.ts
There was a problem hiding this comment.
We might not necessarily need it here as in theory this should have either already been done in main.ts or done in children components; App.vue itself has no requirements to know about the authentication state; but the children components do.
Also removes unused types, changes store state types to be *StoreState, and changes the progressloader to use hyphenated case for show-value. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR rewrites major chunks of the codebase to support using
oidc-client-tsas our core authentication library instead ofkeycloak-js. It also contains a rewrite of the Vue Router layer so that it can properly support dynamic route entrypoints as a properly functioning SPA. Other numerous fixes have been included to help shore up the application, including a security audit and dependency update pass.Without these changes, we would not be able to proceed with public sharing and other general frontend application behavior.
SHOWCASE-3002
Types of changes
Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to change)
Checklist
Further comments
Things will break. You will need to realign your local.json for things to work again. Do
npm cias nearly all dependencies have been updated.