Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(embedded): refresh the guest token #19132

Merged
merged 6 commits into from
Mar 14, 2022

Conversation

suddjian
Copy link
Member

@suddjian suddjian commented Mar 11, 2022

SUMMARY

This refreshes the guest tokens used when embedding a dashboard.

Also fixed guest token generation to use the correct time grain.

relevant: #17187

TESTING INSTRUCTIONS

Embed a dashboard in a demo app (I have been using Preset Manager), wait 5 minutes, then trigger a chart refresh. It should fetch the charts successfully.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@suddjian suddjian force-pushed the guest-token-refresh branch from 070d315 to 5a481a7 Compare March 12, 2022 00:37
@codecov
Copy link

codecov bot commented Mar 12, 2022

Codecov Report

Merging #19132 (0d724e3) into master (8234395) will decrease coverage by 0.00%.
The diff coverage is 25.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #19132      +/-   ##
==========================================
- Coverage   66.55%   66.55%   -0.01%     
==========================================
  Files        1646     1646              
  Lines       63618    63621       +3     
  Branches     6471     6472       +1     
==========================================
  Hits        42340    42340              
- Misses      19600    19603       +3     
  Partials     1678     1678              
Flag Coverage Δ
hive 52.53% <0.00%> (ø)
javascript 51.26% <14.28%> (-0.01%) ⬇️
mysql 81.87% <100.00%> (ø)
postgres 81.92% <100.00%> (ø)
presto 52.38% <0.00%> (ø)
python 82.35% <100.00%> (ø)
sqlite 81.67% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset-frontend/src/embedded/index.tsx 0.00% <0.00%> (ø)
.../superset-ui-core/src/connection/SupersetClient.ts 100.00% <100.00%> (ø)
superset/security/manager.py 94.72% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8234395...0d724e3. Read the comment docs.

@suddjian suddjian requested a review from lilykuang March 12, 2022 01:47
Copy link
Member

@lilykuang lilykuang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. tested this locally and it worked perfectly 🥳

@suddjian suddjian merged commit 54b60de into apache:master Mar 14, 2022
async function refreshGuestToken() {
const newGuestToken = await fetchGuestToken();
ourPort.emit('guestToken', { guestToken: newGuestToken });
setTimeout(refreshGuestToken, getGuestTokenRefreshTiming(newGuestToken));

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will take a look on this, but it does not create a recursion that will consume memory on every new timeout? It will free the calling function?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, there is not a memory leak. Calling setTimeout schedules a new function call, and the current frame is cleaned up.

// if exp is int, it is in seconds, but Date() takes milliseconds
const exp = new Date(/[^0-9\.]/g.test(parsedJwt.exp) ? parsedJwt.exp : parseFloat(parsedJwt.exp) * 1000);
const isValidDate = exp.toString() !== 'Invalid Date';
const ttl = isValidDate ? Math.max(MIN_REFRESH_WAIT_MS, exp.getTime() - Date.now()) : DEFAULT_TOKEN_EXP_MS;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in this case, if (exp - now) is smaller than 5000 couldn't we get some expired notifications?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is what the Math.max call is for, we have a minimum refresh time

villebro pushed a commit that referenced this pull request Apr 3, 2022
* refresh the guest token

* put back the date logic

* version

* fix time hijinks

* test

* Update superset-embedded-sdk/src/guestTokenRefresh.ts

(cherry picked from commit 54b60de)
@mistercrunch mistercrunch added 🍒 1.5.0 🍒 1.5.1 🍒 1.5.2 🍒 1.5.3 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 2.0.0 labels Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels lts-v1 preset-io size/L 🍒 1.5.0 🍒 1.5.1 🍒 1.5.2 🍒 1.5.3 🚢 2.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants