# Issue
Currently, if oauth token will be expired in 5 minutes, the handler performs a new auth redirection flow. This will cause an indefinite redirections in the case where the newly refreshed token has an expration time of < 5 minutes.
# Quick Fix
1. The 5-minute buffer is only added when refreshed token expration time > 10 minutes.
2. For (1) to work, the 5-minute buffer is now calculated on token refresh, instead of on regular auth check.
Co-authored-by: Rophy Tsai <rophy@users.noreply.github.com>
Reviewed-on: #150
Co-authored-by: rophy <rophy@noreply.codeberg.org>
Co-committed-by: rophy <rophy@noreply.codeberg.org>
I'm working on a patch to allow disabling access logs. This is because they expose JWT tokens which get logged and it raises alerts for us. This is a very rudimentary approach I've added here to be able to disable only the access_logs while keeping the rest of the container logs which might be useful for users.
Please let me know what you think about it and how this can be improved. I'll then also add updates for the documentation.
Co-authored-by: Noor Malik <nmalik@zalando-70804.corp.ad.zalando.net>
Reviewed-on: #151
Co-authored-by: demoncoder95 <demoncoder95@noreply.codeberg.org>
Co-committed-by: demoncoder95 <demoncoder95@noreply.codeberg.org>
The OAuth2 provider we are working with returns an error before showing the username/password login screen due to the state variable not having enough length / entropy. This happens if you navigate to the root URL "/" or any URL path that is less than 8 characters long. Navigating to "/clusters/local" or another longer path allows the login to function as normal.
This PR makes the state query param a JSON object with the redirect URL in it, simply since I couldn't think of a better way to make it longer 🤷♀️. The length of the JSON key is long enough so that our OAuth2 provider will properly redirect even on the shortest URL "/". I'm happy to use a different scheme if you have any ideas.
I've also added some basic unit tests around the OAuth2 logic to make sure this functionality all works.
Co-authored-by: Andrew Russell <russell@idelic.com>
Reviewed-on: #152
Co-authored-by: idelic_russell <idelic_russell@noreply.codeberg.org>
Co-committed-by: idelic_russell <idelic_russell@noreply.codeberg.org>
### Background
in corporate environment (intranet), a single instance of kube-web-view may not be able to access all k8s clusters directly, e.g.:
1. Developer laptop can access ingress endpoints exposed from both QA cluster and prod cluster, but
2. Pods in QA k8s cluster cannot access k8s api of prod cluster, and vice versa
### Goal
Minimally provide support for multiple kube-web-view instances
### PR
1. An optional arg, `--external-clusters` is added to declare a list of "external clusters".
```
--external-clusters=kube-web-view-us=https://kube-web-view.mycompany.com/us;kube-web-view-eu=https://kube-web-view.mycompany.com/eu'
```
2. When the list exists, it will be appeneded to /clusters page as "external clusters", which actually is just a static link, i.e. clicking the link will exit current kube-web-view and loads the external link.
### Screenshot
Co-authored-by: Rophy Tsai <111145158+yltsaize@users.noreply.github.com>
Co-authored-by: Rophy Tsai <rophy@users.noreply.github.com>
Reviewed-on: #149
Co-authored-by: rophy <rophy@noreply.codeberg.org>
Co-committed-by: rophy <rophy@noreply.codeberg.org>
Issue: the current navbar namespace dropdown isn't really usable for more than a couple namespaces (not scrollable, not searchable).
The PR tries to add a textfield to the dropdown for filtering.
1. The navbar item is changed from "is-hoverable" to activate on click.
2. The textfield is focused upon display:
3. Dropdown items are filtered by typing:
4. When user presses enter, first matched namespace is clicked.
Co-authored-by: Rophy Tsai <rophy@noreply.codeberg.org>
Reviewed-on: #145
Co-authored-by: rophy <rophy@noreply.codeberg.org>
Co-committed-by: rophy <rophy@noreply.codeberg.org>
Also find and replace ISO-8601 timestamps in highlight filter according
to timestamp-links arg.
This could be used to link timestamps directly to the centralized log
viewer at the specific timestamp (for example, finishedAt timestamp).
