-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: set basic jwt authentication allowlist #1596
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abvthecity
had a problem deploying
to
Preview - app-dev.buildwithfern.com
October 3, 2024 22:13 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app.buildwithfern.com
October 3, 2024 22:13 — with
GitHub Actions
Failure
Playwright test resultsDetails 1 test across 1 suite |
abvthecity
had a problem deploying
to
Preview - app.buildwithfern.com
October 3, 2024 22:25 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app-dev.buildwithfern.com
October 3, 2024 22:25 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app.buildwithfern.com
October 4, 2024 01:11 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app-dev.buildwithfern.com
October 4, 2024 01:11 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app-dev.buildwithfern.com
October 4, 2024 01:23 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app.buildwithfern.com
October 4, 2024 01:23 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app-dev.buildwithfern.com
October 4, 2024 01:30 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app.buildwithfern.com
October 4, 2024 01:30 — with
GitHub Actions
Failure
abvthecity
had a problem deploying
to
Preview - app.buildwithfern.com
October 4, 2024 16:59 — with
GitHub Actions
Failure
dsinghvi
approved these changes
Oct 5, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that we will need to productize this pretty fast (i.e. support audiences in docs.yml, multiple search indexes with the upcoming docs deployments)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pruning the navigation tree
The pages that do not require authentication are allowed to be cached, and thus they do get served via SSG. In this case, the navigation tree needs to be pruned to show ONLY the pages that unauthenticated users are allowed to see.
This required adding the following:
pointsTo
redirects after pruning the tree, so that redirects only point to public pages.In other words: pruning applies to all leaf nodes (visitable in the browser). But, if any container (i.e. section, api reference, changelog, etc) is found to NOT contain children, it too will be deleted.
Special handling for section overview pages:
If a section contains an overview page, but it is not included in the allowlist, then only the overview page itself will get deleted. But since section nodes are not leaf nodes and may contain children, we avoid deleting it unless it has no children left.
Known edge case:
if there's a stream/nonstream endpoint node (aka. EndpointPairNode), if only one of the two nodes are marked to be pruned, then both nodes will be pruned
Applying auth on routes selectively
Adds the ability to set an
allowlist
and adenylist
on pages and api routes using edge config, when the authentication scheme is set tobasic_token_verification
.To be conservative, the denylist is prioritized over the allowlist, and anything that isn't captured in the allowlist will automatically be denied as well.
The allowlist/denylist leverages path-to-regexp@6 which allows wildcard and regex matching.
Some API routes must be explicitly allowed. for example:
/sitemap.xml/api/fern-docs/sitemap.xml (must be set on both the origin and rewrite)/path/to/changelog.rss/api/fern-docs/changelog (must be set on both the origin and rewrite)/api/fern-docs/api-definition/[api]/endpoint/[endpoint] (danger if certain endpoints are enabled, the api routes also need to be explicitly enabled or else api playground will stop working).UPDATE (10/7): 8222166 undos the strict auth checks applied to all of the api endpoints except for
/api/fern-docs/search
. Two reason:What's next
Tests