Merge branch 'mg-fix-webpack-ssl-issues' into 'master'

Clean up webpack integration settings See merge request gitlab-org/gitlab!44218

Merge branch 'mg-fix-webpack-ssl-issues' into 'master'
Clean up webpack integration settings See merge request gitlab-org/gitlab!44218
194f4b61 · Stan Hu · c6eda450 · 7b99ed56 · 194f4b61 · 194f4b61
Commit 194f4b61 authored Oct 07, 2020 by Stan Hu
8 changed files
--- a/app/helpers/webpack_helper.rb
+++ b/app/helpers/webpack_helper.rb
@@ -57,10 +57,12 @@ module WebpackHelper
  end

  def webpack_public_host
-    if Rails.env.test? && Rails.configuration.webpack.dev_server.enabled
-      host = Rails.configuration.webpack.dev_server.host
-      port = Rails.configuration.webpack.dev_server.port
-      protocol = Rails.configuration.webpack.dev_server.https ? 'https' : 'http'
+    # We do not proxy the webpack output in the 'test' environment,
+    # so we must reference the webpack dev server directly.
+    if Rails.env.test? && Gitlab.config.webpack.dev_server.enabled
+      host = Gitlab.config.webpack.dev_server.host
+      port = Gitlab.config.webpack.dev_server.port
+      protocol = Gitlab.config.webpack.dev_server.https ? 'https' : 'http'
      "#{protocol}://#{host}:#{port}"
    else
      ActionController::Base.asset_host.try(:chomp, '/')
@@ -68,8 +70,8 @@ module WebpackHelper
  end

  def webpack_public_path
-    relative_path = Rails.application.config.relative_url_root
-    webpack_path = Rails.application.config.webpack.public_path
+    relative_path = Gitlab.config.gitlab.relative_url_root
+    webpack_path = Gitlab.config.webpack.public_path
    File.join(webpack_public_host.to_s, relative_path.to_s, webpack_path.to_s, '')
  end
 end
--- a/config/application.rb
+++ b/config/application.rb
@@ -152,20 +152,6 @@ module Gitlab
    # like if you have constraints or database-specific column types
    config.active_record.schema_format = :sql

-    # Configure webpack
-    config.webpack = ActiveSupport::OrderedOptions.new
-    config.webpack.config_file = "config/webpack.config.js"
-    config.webpack.output_dir  = "public/assets/webpack"
-    config.webpack.public_path = "assets/webpack"
-    config.webpack.manifest_filename = "manifest.json"
-
-    # Webpack dev server configuration is handled in initializers/static_files.rb
-    config.webpack.dev_server = ActiveSupport::OrderedOptions.new
-    config.webpack.dev_server.enabled = false
-    config.webpack.dev_server.host = 'localhost'
-    config.webpack.dev_server.port = 3808
-    config.webpack.dev_server.https = false
-
    config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob"

    # Enable the asset pipeline

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -785,10 +785,15 @@ Settings['gitaly'] ||= Settingslogic.new({})
 # Webpack settings
 #
 Settings['webpack'] ||= Settingslogic.new({})
+Settings.webpack['config_file'] ||= 'config/webpack.config.js'
+Settings.webpack['output_dir']  ||= 'public/assets/webpack'
+Settings.webpack['public_path'] ||= 'assets/webpack'
+Settings.webpack['manifest_filename'] ||= 'manifest.json'
 Settings.webpack['dev_server'] ||= Settingslogic.new({})
 Settings.webpack.dev_server['enabled'] ||= false
 Settings.webpack.dev_server['host']    ||= 'localhost'
 Settings.webpack.dev_server['port']    ||= 3808
+Settings.webpack.dev_server['https']   ||= false

 #
 # Monitoring settings

--- a/config/initializers/static_files.rb
+++ b/config/initializers/static_files.rb
@@ -15,32 +15,14 @@ if app.config.public_file_server.enabled

  # If webpack-dev-server is configured, proxy webpack's public directory
  # instead of looking for static assets
-  dev_server = Gitlab.config.webpack.dev_server
-
-  if dev_server.enabled
-    settings = {
-      enabled: true,
-      host: dev_server.host,
-      manifest_host: dev_server.host,
-      manifest_port: dev_server.port,
-      port: dev_server.port
-    }
-
-    if Rails.env.development?
-      settings.merge!(
-        host: Gitlab.config.gitlab.host,
-        port: Gitlab.config.gitlab.port,
-        https: Gitlab.config.gitlab.https
-      )
-      app.config.middleware.insert_before(
-        Gitlab::Middleware::Static,
-        Gitlab::Webpack::DevServerMiddleware,
-        proxy_path: app.config.webpack.public_path,
-        proxy_host: dev_server.host,
-        proxy_port: dev_server.port
-      )
-    end
-
-    app.config.webpack.dev_server.merge!(settings)
+  if Gitlab.config.webpack.dev_server.enabled && Rails.env.development?
+    app.config.middleware.insert_before(
+      Gitlab::Middleware::Static,
+      Gitlab::Webpack::DevServerMiddleware,
+      proxy_path: Gitlab.config.webpack.public_path,
+      proxy_host: Gitlab.config.webpack.dev_server.host,
+      proxy_port: Gitlab.config.webpack.dev_server.port,
+      proxy_https: Gitlab.config.webpack.dev_server.https
+    )
  end
 end
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -18,6 +18,7 @@ const IS_DEV_SERVER = process.env.WEBPACK_DEV_SERVER === 'true';
 const IS_EE = require('./helpers/is_ee_env');
 const DEV_SERVER_HOST = process.env.DEV_SERVER_HOST || 'localhost';
 const DEV_SERVER_PORT = parseInt(process.env.DEV_SERVER_PORT, 10) || 3808;
+const DEV_SERVER_HTTPS = process.env.DEV_SERVER_HTTPS && process.env.DEV_SERVER_HTTPS !== 'false';
 const DEV_SERVER_LIVERELOAD = IS_DEV_SERVER && process.env.DEV_SERVER_LIVERELOAD !== 'false';
 const WEBPACK_REPORT = process.env.WEBPACK_REPORT && process.env.WEBPACK_REPORT !== 'false';
 const WEBPACK_MEMORY_TEST =
@@ -551,6 +552,7 @@ module.exports = {
  devServer: {
    host: DEV_SERVER_HOST,
    port: DEV_SERVER_PORT,
+    https: DEV_SERVER_HTTPS,
    disableHostCheck: true,
    headers: {
      'Access-Control-Allow-Origin': '*',

--- a/lib/gitlab/webpack/dev_server_middleware.rb
+++ b/lib/gitlab/webpack/dev_server_middleware.rb
@@ -11,8 +11,15 @@ module Gitlab
        @proxy_host = opts.fetch(:proxy_host, 'localhost')
        @proxy_port = opts.fetch(:proxy_port, 3808)
        @proxy_path = opts[:proxy_path] if opts[:proxy_path]
+        @proxy_scheme = opts[:proxy_https] ? 'https' : 'http'

-        super(app, backend: "http://#{@proxy_host}:#{@proxy_port}", **opts)
+        super(app, backend: "#{@proxy_scheme}://#{@proxy_host}:#{@proxy_port}", **opts)
+      end
+
+      # disable SSL check since any cert used here will likely be self-signed
+      def rewrite_env(env)
+        env["rack.ssl_verify_none"] = true
+        env
      end

      def perform_request(env)

--- a/lib/gitlab/webpack/manifest.rb
+++ b/lib/gitlab/webpack/manifest.rb
@@ -9,7 +9,7 @@ module Gitlab
      # Raised if we can't read our webpack manifest for whatever reason
      class ManifestLoadError < StandardError
        def initialize(message, orig)
-          super "#{message} (original error #{orig})"
+          super "#{message}\n\n(original error #{orig.class.name}: #{orig})"
        end
      end

@@ -35,7 +35,7 @@ module Gitlab
            # Can be either a string or an array of strings.
            # Do not include source maps as they are not javascript
            [dll_assets, entrypoint["assets"]].flatten.reject { |p| p =~ /.*\.map$/ }.map do |p|
-              "/#{::Rails.configuration.webpack.public_path}/#{p}"
+              "/#{Gitlab.config.webpack.public_path}/#{p}"
            end
          else
            raise AssetMissingError, "Can't find asset '#{source}' in webpack manifest"
@@ -50,7 +50,7 @@ module Gitlab
            # Can be either a string or an array of strings.
            # Do not include source maps as they are not javascript
            [paths].flatten.reject { |p| p =~ /.*\.map$/ }.map do |p|
-              "/#{::Rails.configuration.webpack.public_path}/#{p}"
+              "/#{Gitlab.config.webpack.public_path}/#{p}"
            end
          else
            raise AssetMissingError, "Can't find entry point '#{source}' in webpack manifest"
@@ -68,7 +68,7 @@ module Gitlab
        end

        def manifest
-          if ::Rails.configuration.webpack.dev_server.enabled
+          if Gitlab.config.webpack.dev_server.enabled
            # Don't cache if we're in dev server mode, manifest may change ...
            load_manifest
          else
@@ -78,7 +78,7 @@ module Gitlab
        end

        def load_manifest
-          data = if ::Rails.configuration.webpack.dev_server.enabled
+          data = if Gitlab.config.webpack.dev_server.enabled
                   load_dev_server_manifest
                 else
                   load_static_manifest
@@ -88,9 +88,10 @@ module Gitlab
        end

        def load_dev_server_manifest
-          host = ::Rails.configuration.webpack.dev_server.manifest_host
-          port = ::Rails.configuration.webpack.dev_server.manifest_port
-          uri = Addressable::URI.new(scheme: 'http', host: host, port: port, path: dev_server_path)
+          host = Gitlab.config.webpack.dev_server.host
+          port = Gitlab.config.webpack.dev_server.port
+          scheme = Gitlab.config.webpack.dev_server.https ? 'https' : 'http'
+          uri = Addressable::URI.new(scheme: scheme, host: host, port: port, path: dev_server_path)

          # localhost could be blocked via Gitlab::HTTP
          response = HTTParty.get(uri.to_s, verify: false) # rubocop:disable Gitlab/HTTParty
@@ -98,25 +99,28 @@ module Gitlab
          return response.body if response.code == 200

          raise "HTTP error #{response.code}"
+        rescue OpenSSL::SSL::SSLError, EOFError => e
+          ssl_status = Gitlab.config.webpack.dev_server.https ? ' over SSL' : ''
+          raise ManifestLoadError.new("Could not connect to webpack-dev-server at #{uri}#{ssl_status}.\n\nIs SSL enabled? Check that settings in `gitlab.yml` and webpack-dev-server match.", e)
        rescue => e
-          raise ManifestLoadError.new("Could not load manifest from webpack-dev-server at #{uri} - is it running, and is stats-webpack-plugin loaded?", e)
+          raise ManifestLoadError.new("Could not load manifest from webpack-dev-server at #{uri}.\n\nIs webpack-dev-server running? Try running `gdk status webpack` or `gdk tail webpack`.", e)
        end

        def load_static_manifest
          File.read(static_manifest_path)
        rescue => e
-          raise ManifestLoadError.new("Could not load compiled manifest from #{static_manifest_path} - have you run `rake webpack:compile`?", e)
+          raise ManifestLoadError.new("Could not load compiled manifest from #{static_manifest_path}.\n\nHave you run `rake gitlab:assets:compile`?", e)
        end

        def static_manifest_path
          ::Rails.root.join(
-            ::Rails.configuration.webpack.output_dir,
-            ::Rails.configuration.webpack.manifest_filename
+            Gitlab.config.webpack.output_dir,
+            Gitlab.config.webpack.manifest_filename
          )
        end

        def dev_server_path
-          "/#{::Rails.configuration.webpack.public_path}/#{::Rails.configuration.webpack.manifest_filename}"
+          "/#{Gitlab.config.webpack.public_path}/#{Gitlab.config.webpack.manifest_filename}"
        end
      end
    end

--- a/spec/lib/gitlab/webpack/manifest_spec.rb
+++ b/spec/lib/gitlab/webpack/manifest_spec.rb
@@ -40,18 +40,15 @@ RSpec.describe Gitlab::Webpack::Manifest do

  before do
    # Test that config variables work while we're here
-    ::Rails.configuration.webpack.dev_server.host = 'hostname'
-    ::Rails.configuration.webpack.dev_server.port = 1999
-    ::Rails.configuration.webpack.dev_server.manifest_host = 'hostname'
-    ::Rails.configuration.webpack.dev_server.manifest_port = 2000
-    ::Rails.configuration.webpack.manifest_filename = "my_manifest.json"
-    ::Rails.configuration.webpack.public_path = "public_path"
-    ::Rails.configuration.webpack.output_dir = "manifest_output"
+    allow(Gitlab.config.webpack.dev_server).to receive_messages(host: 'hostname', port: 2000, https: false)
+    allow(Gitlab.config.webpack).to receive(:manifest_filename).and_return('my_manifest.json')
+    allow(Gitlab.config.webpack).to receive(:public_path).and_return('public_path')
+    allow(Gitlab.config.webpack).to receive(:output_dir).and_return('manifest_output')
  end

  context "with dev server enabled" do
    before do
-      ::Rails.configuration.webpack.dev_server.enabled = true
+      allow(Gitlab.config.webpack.dev_server).to receive(:enabled).and_return(true)

      stub_request(:get, "http://hostname:2000/public_path/my_manifest.json").to_return(body: manifest, status: 200)
    end
@@ -60,7 +57,7 @@ RSpec.describe Gitlab::Webpack::Manifest do
      it_behaves_like "a valid manifest"

      it "errors if we can't find the manifest" do
-        ::Rails.configuration.webpack.manifest_filename = "broken.json"
+        allow(Gitlab.config.webpack).to receive(:manifest_filename).and_return('broken.json')
        stub_request(:get, "http://hostname:2000/public_path/broken.json").to_raise(SocketError)

        expect { Gitlab::Webpack::Manifest.asset_paths("entry1") }.to raise_error(Gitlab::Webpack::Manifest::ManifestLoadError)
@@ -99,7 +96,7 @@ RSpec.describe Gitlab::Webpack::Manifest do

  context "with dev server disabled" do
    before do
-      ::Rails.configuration.webpack.dev_server.enabled = false
+      allow(Gitlab.config.webpack.dev_server).to receive(:enabled).and_return(false)
      allow(File).to receive(:read).with(::Rails.root.join("manifest_output/my_manifest.json")).and_return(manifest)
    end

@@ -107,7 +104,7 @@ RSpec.describe Gitlab::Webpack::Manifest do
      it_behaves_like "a valid manifest"

      it "errors if we can't find the manifest" do
-        ::Rails.configuration.webpack.manifest_filename = "broken.json"
+        allow(Gitlab.config.webpack).to receive(:manifest_filename).and_return('broken.json')
        allow(File).to receive(:read).with(::Rails.root.join("manifest_output/broken.json")).and_raise(Errno::ENOENT)
        expect { Gitlab::Webpack::Manifest.asset_paths("entry1") }.to raise_error(Gitlab::Webpack::Manifest::ManifestLoadError)
      end