Move WebConfig from lib/web/ui to api/client/webclient

Web config was shared with the Web UI through the dynamically generated
/web/config.js file available on the cluster. With the addition of
Teleport Terminal (RFD 63), the Electron app needs to get a hold of this
config as well.

However, unlike the Web UI which directly loads the file and injects
the config this way, any communication between the cluster and Teleport
Terminal is done through the tsh daemon (RFD 63). The tsh daemon needs
to essentially pipe this config from /web/config.js to the gRPC response
it gives to Teleport Terminal.

To achieve this, a GetWebConfig function was added to TeleportClient.
Unfortunately, this breaks the build on Windows as lib/web (where WebConfig
resides) includes code which is not meant to be compiled or run on Windows.

Since we need to share the web config with another frontend application,
it only makes sense to move it to the webclient package. We already have
types shared between the server and the client there, for example the
PingResponse struct.

lib/web/ui/webconfig.go → api/client/webclient/webconfig.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2015 Gravitational, Inc.
+Copyright 2022 Gravitational, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package ui
+package webclient
 
 import "github.com/gravitational/teleport/api/constants"
 
@@ -35,7 +35,7 @@ const (
 	WebConfigAuthProviderGitHubURL = "/v1/webapi/github/login/web?redirect_url=:redirect&connector_id=:providerName"
 )
 
-// WebConfig is web application configuration
+// WebConfig is web application configuration served by the backend to be used in frontend apps.
 type WebConfig struct {
 	// Auth contains Teleport auth. preferences
 	Auth WebConfigAuthSettings `json:"auth,omitempty"`

lib/client/api.go

@@ -2493,7 +2493,7 @@ func (tc *TeleportClient) PingAndShowMOTD(ctx context.Context) (*webclient.PingR
 }
 
 // GetWebConfig retreives Teleport proxy web config
-func (tc *TeleportClient) GetWebConfig(ctx context.Context) (*WebConfig, error) {
+func (tc *TeleportClient) GetWebConfig(ctx context.Context) (*webclient.WebConfig, error) {
 	cfg, err := GetWebConfig(ctx, tc.WebProxyAddr, tc.InsecureSkipVerify)
 	if err != nil {
 		return nil, trace.Wrap(err)

lib/client/weblogin.go

@@ -33,11 +33,11 @@ import (
 	"github.com/gravitational/roundtrip"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client/proto"
+	"github.com/gravitational/teleport/api/client/webclient"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/defaults"
-	"github.com/gravitational/teleport/lib/web/ui"
 
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
@@ -442,7 +442,7 @@ func HostCredentials(ctx context.Context, proxyAddr string, insecure bool, req t
 }
 
 // GetWebConfig is used by teleterm to fetch webconfig.js from proxies
-func GetWebConfig(ctx context.Context, proxyAddr string, insecure bool) (*ui.WebConfig, error) {
+func GetWebConfig(ctx context.Context, proxyAddr string, insecure bool) (*webclient.WebConfig, error) {
 	clt, _, err := initClient(proxyAddr, insecure, nil)
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -461,12 +461,10 @@ func GetWebConfig(ctx context.Context, proxyAddr string, insecure bool) (*ui.Web
 	// WebConfig is served as JS file where GRV_CONFIG is a global object name
 	text := bytes.TrimSuffix(bytes.Replace(body, []byte("var GRV_CONFIG = "), []byte(""), 1), []byte(";"))
 
-	cfg := ui.WebConfig{}
+	cfg := webclient.WebConfig{}
 	if err := json.Unmarshal(text, &cfg); err != nil {
 		return nil, trace.Wrap(err)
 	}
 
 	return &cfg, nil
 }
-
-type WebConfig = ui.WebConfig

lib/teleterm/clusters/cluster_auth.go

@@ -20,18 +20,18 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/gravitational/teleport/api/client/webclient"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/client"
 	dbprofile "github.com/gravitational/teleport/lib/client/db"
 	"github.com/gravitational/teleport/lib/kube/kubeconfig"
-	web "github.com/gravitational/teleport/lib/web/ui"
 
 	"github.com/gravitational/trace"
 )
 
 // SyncAuthPreference fetches Teleport auth preferences and stores it in the cluster profile
-func (c *Cluster) SyncAuthPreference(ctx context.Context) (*web.WebConfigAuthSettings, error) {
+func (c *Cluster) SyncAuthPreference(ctx context.Context) (*webclient.WebConfigAuthSettings, error) {
 	_, err := c.clusterClient.Ping(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err)

lib/web/apiserver.go

@@ -851,17 +851,17 @@ func (h *Handler) pingWithConnector(w http.ResponseWriter, r *http.Request, p ht
 func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprouter.Params) (interface{}, error) {
 	httplib.SetWebConfigHeaders(w.Header())
 
-	authProviders := []ui.WebConfigAuthProvider{}
+	authProviders := []webclient.WebConfigAuthProvider{}
 
 	// get all OIDC connectors
 	oidcConnectors, err := h.cfg.ProxyClient.GetOIDCConnectors(r.Context(), false)
 	if err != nil {
 		h.log.WithError(err).Error("Cannot retrieve OIDC connectors.")
 	}
 	for _, item := range oidcConnectors {
-		authProviders = append(authProviders, ui.WebConfigAuthProvider{
-			Type:        ui.WebConfigAuthProviderOIDCType,
-			WebAPIURL:   ui.WebConfigAuthProviderOIDCURL,
+		authProviders = append(authProviders, webclient.WebConfigAuthProvider{
+			Type:        webclient.WebConfigAuthProviderOIDCType,
+			WebAPIURL:   webclient.WebConfigAuthProviderOIDCURL,
 			Name:        item.GetName(),
 			DisplayName: item.GetDisplay(),
 		})
@@ -873,9 +873,9 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou
 		h.log.WithError(err).Error("Cannot retrieve SAML connectors.")
 	}
 	for _, item := range samlConnectors {
-		authProviders = append(authProviders, ui.WebConfigAuthProvider{
-			Type:        ui.WebConfigAuthProviderSAMLType,
-			WebAPIURL:   ui.WebConfigAuthProviderSAMLURL,
+		authProviders = append(authProviders, webclient.WebConfigAuthProvider{
+			Type:        webclient.WebConfigAuthProviderSAMLType,
+			WebAPIURL:   webclient.WebConfigAuthProviderSAMLURL,
 			Name:        item.GetName(),
 			DisplayName: item.GetDisplay(),
 		})
@@ -887,26 +887,26 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou
 		h.log.WithError(err).Error("Cannot retrieve Github connectors.")
 	}
 	for _, item := range githubConnectors {
-		authProviders = append(authProviders, ui.WebConfigAuthProvider{
-			Type:        ui.WebConfigAuthProviderGitHubType,
-			WebAPIURL:   ui.WebConfigAuthProviderGitHubURL,
+		authProviders = append(authProviders, webclient.WebConfigAuthProvider{
+			Type:        webclient.WebConfigAuthProviderGitHubType,
+			WebAPIURL:   webclient.WebConfigAuthProviderGitHubURL,
 			Name:        item.GetName(),
 			DisplayName: item.GetDisplay(),
 		})
 	}
 
 	// get auth type & second factor type
-	var authSettings ui.WebConfigAuthSettings
+	var authSettings webclient.WebConfigAuthSettings
 	if cap, err := h.cfg.ProxyClient.GetAuthPreference(r.Context()); err != nil {
 		h.log.WithError(err).Error("Cannot retrieve AuthPreferences.")
-		authSettings = ui.WebConfigAuthSettings{
+		authSettings = webclient.WebConfigAuthSettings{
 			Providers:        authProviders,
 			SecondFactor:     constants.SecondFactorOff,
 			LocalAuthEnabled: true,
 			AuthType:         constants.Local,
 		}
 	} else {
-		authSettings = ui.WebConfigAuthSettings{
+		authSettings = webclient.WebConfigAuthSettings{
 			Providers:         authProviders,
 			SecondFactor:      cap.GetSecondFactor(),
 			LocalAuthEnabled:  cap.GetAllowLocalAuth(),
@@ -935,7 +935,7 @@ func (h *Handler) getWebConfig(w http.ResponseWriter, r *http.Request, p httprou
 		canJoinSessions = services.IsRecordAtProxy(recCfg.GetMode()) == false
 	}
 
-	webCfg := ui.WebConfig{
+	webCfg := webclient.WebConfig{
 		Auth:                authSettings,
 		CanJoinSessions:     canJoinSessions,
 		IsCloud:             h.ClusterFeatures.GetCloud(),