Skip to content
This repository was archived by the owner on Jan 22, 2019. It is now read-only.

feat: support running extensions on private code without a private Sourcegraph instance#249

Merged
chrismwendt merged 5 commits intomasterfrom
allow-known-safe-gql-requests
Oct 18, 2018
Merged

feat: support running extensions on private code without a private Sourcegraph instance#249
chrismwendt merged 5 commits intomasterfrom
allow-known-safe-gql-requests

Conversation

@chrismwendt
Copy link

@chrismwendt chrismwendt commented Oct 17, 2018

Motivation This adds support for running extensions (e.g. Codecov) on private code even when the repository does not exist on the Sourcegraph instance. Doing so will resolve this issue: https://github.com/sourcegraph/browser-extensions/issues/234#issuecomment-430429015

Problem The browser extension must not let arbitrary GraphQL requests through to the Sourcegraph instance (which could be Sourcegraph.com) because they might contain private info (such as repo names), but some GraphQL requests are necessary to run extensions at all (e.g. fetching the extension manifests).

Implementation I've marked some GraphQL requests as safe by passing in requestMightContainPrivateInfo: false (defaults to true to keep old behavior for unmarked requests). The browser extension will allow those requests to be sent to the Sourcegraph instance. I also blocked queryLSP when sent from a private repo to Sourcegraph.com.

Reviewers The main file to review is src/shared/backend/extensions.ts. If you want to review the rest, I'd recommend reviewing commit-by-commit.

  • @ijsnow I'd like your 👀 on "refactor: avoid a network request while resolving the revision"
  • @sqs I'd like your input on the interaction between e-c-c and the browser extension in "feat: allow GraphQL requests that are known to not contain private info" and "feat: block queryLSP from a private repo to Sourcegraph.com" and whether or not this approach makes sense

Testing

  • git checkout allow-known-safe-gql-requests
  • yarn ; yarn run dev
  • Make sure one language extension (e.g. Go) and one other extension (e.g. token-highlights) have the following behavior in these scenarios:
    • Private repository that doesn't exist on a private Sourcegraph instance: token-highlights should work, Go should not (also, Go should not spam you with 404s in the hover tooltips)
    • Private repository that exists on a private Sourcegraph instance: both should work
    • Private repository that doesn't exist on Sourcegraph.com: token-highlights should work, Go should not (also, Go should not send ANY requests to Sourcegraph.com - you must check the background script's Network tab to confirm)
  • Public repos should work as usual (check both the content script and background script for errors you haven't seen before)

Depends on sourcegraph/sourcegraph-langserver-http#8
Depends on sourcegraph/extensions-client-common#57

@chrismwendt chrismwendt requested review from ijsnow and sqs October 17, 2018 11:09
sqs
sqs approved these changes Oct 17, 2018
View reviewed changes
Copy link
Member

@sqs sqs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sqs I'd like your input on the interaction between e-c-c and the browser extension in "feat: allow GraphQL requests that are known to not contain private info" and "feat: block queryLSP from a private repo to Sourcegraph.com" and whether or not this approach makes sense

Makes sense to me. 👍

ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow reviewed Oct 17, 2018
View reviewed changes
ijsnow
ijsnow suggested changes Oct 17, 2018
View reviewed changes
Copy link

@ijsnow ijsnow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall nice work. I've got some suggestions/requests in the commit you asked me to review. The changes to request logic will conflict with changes I've made in my auth token PR. The changes look nice but unnecessary for the changes intended in this PR. Could we break that out separately so we can easily merge our PRs and then get those changes in afterwards?

src/libs/gitlab/file_info.ts Outdated
)
)
}
const commitID = commitIDFromPermalink({
Copy link

@ijsnow ijsnow Oct 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I purposefully kept DOM stuff outside of this file. Could you move this into scrape? Why is this needed if we get the rev from getFilePageInfo anyways?

Copy link
Author

@chrismwendt chrismwendt Oct 18, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved to scrape. getFilePageInfo doesn't resolve to a commit ID, does it? It looks like it only gives you the revision (i.e. it could be a ref like master rather than a commit ID).

@chrismwendt
Copy link
Author

chrismwendt commented Oct 18, 2018
edited
Loading

Thanks, @ijsnow, I accepted all of your suggestions except the .href one ✨

The changes look nice but unnecessary for the changes intended in this PR. Could we break that out separately so we can easily merge our PRs and then get those changes in afterwards?

Mind if I try resolving the conflicts? No conflict is too difficult to resolve when equipped with the almighty diffme 🔨

@chrismwendt chrismwendt force-pushed the allow-known-safe-gql-requests branch from 2237ec3 to db539b1 Compare October 18, 2018 05:43
@chrismwendt
Copy link
Author

chrismwendt commented Oct 18, 2018

I resolved the conflicts in src/shared/backend/graphql.tsx and src/shared/backend/server.ts (there didn't appear to be any fundamental conflicts, just some code shuffling).

@chrismwendt chrismwendt force-pushed the allow-known-safe-gql-requests branch from db539b1 to 2899060 Compare October 18, 2018 06:08
@chrismwendt chrismwendt force-pushed the allow-known-safe-gql-requests branch from 2899060 to b8b1aa1 Compare October 18, 2018 06:09
ijsnow
ijsnow approved these changes Oct 18, 2018
View reviewed changes
Copy link

@ijsnow ijsnow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@chrismwendt chrismwendt merged commit 022124a into master Oct 18, 2018
@chrismwendt chrismwendt deleted the allow-known-safe-gql-requests branch October 18, 2018 18:51
@sourcegraph-bot
Copy link

sourcegraph-bot commented Oct 18, 2018

🎉 This PR is included in version 1.17.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@chrismwendt chrismwendt mentioned this pull request Oct 24, 2018
Merged
@chrismwendt chrismwendt mentioned this pull request Nov 6, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@sqs sqs sqs approved these changes

@ijsnow ijsnow ijsnow approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@chrismwendt @sourcegraph-bot @sqs @ijsnow