Feature/react UI

[mdugas]

Make the API compatible with a React UI and keep the deprecated classic UI for testing purposes.

Summary by CodeRabbit

• New Features

  • Added additional VPN server options for improved connectivity.
  • Introduced a new endpoint to display user account details.
  • Deployed updated service configurations for enhanced routing and logging.
  • Enhanced logging capabilities for better monitoring and troubleshooting.

• Refactor

  • Revised authentication and API routes for login, logout, and server access.
  • Streamlined the logout flow for a smoother user experience.

• Style

  • Adjusted build configuration syntax for increased consistency.
  • Modified URL structures for API endpoints to improve clarity.

[coderabbitai]

Walkthrough

The pull request includes several modifications across the project. The Dockerfile has its multi-stage alias casing updated. Logging is enabled within the HAProxy configuration along with a new HAProxy service added in docker-compose. Additional VPN server entries were appended to the JSON mapping. Cypress tests have been refactored to use cross-origin commands with updated endpoints and a new "Who Am I" test has been introduced. The API endpoints in the HTML template and Flask app have been updated, and a new API endpoint for retrieving user information has been added. Finally, the Cypress dependency was reclassified and updated in package.json.

Changes

File(s)	Change Summary
Dockerfile	Updated alias casing in multi-stage build (changed as builder to AS builder).
config/haproxy/haproxy.cfg, docker-compose.yml	Added logging directives (log stdout format raw local0 in global and log global in defaults) in HAProxy config; introduced a new haproxy service with image, restart policy, exposed ports, network aliases, dependencies, and mounted volumes in docker-compose.yml.
config/vsm/vpn_group_mapping.json	Appended two new VPN server configurations for myserver2 and myserver3 with fields matching the existing entry.
cypress/e2e/vsm.cy.js	Refactored tests to use cy.origin for cross-origin interactions, updated endpoint URLs (from /api/myserver to /api/servers/myserver and similar), restructured test flows including screenshot capture, and added a new "Who Am I endpoint test."
package.json	Moved cypress from dependencies to devDependencies and updated its version from ^13.15.2 to ^14.0.0.
templates/index.html, vsm.py	Updated endpoint paths in the HTML form (action changed from /logout to /auth/logout) and link href (from /api/{{vpn_server}} to /api/servers/{{vpn_server}}); in vsm.py, revised routing constants (login, logout, auth callback, API base) and added a new /api/whoami endpoint with its handler.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client
    participant Flask as Flask App
    participant Redis as Redis Cache

    Client->>Flask: GET /api/whoami
    Flask->>Redis: Retrieve user session info
    Redis-->>Flask: Return session data / null
    alt Session is active
        Flask->>Client: 200 OK with user info
    else Session is inactive
        Flask->>Client: 401 Unauthorized
    end

Loading

Poem

In our code garden, changes take flight,
Docker’s alias polished just right.
HAProxy logs now sing with clear sound,
New VPN entries and tests abound.
A fresh "whoami" emerges to shine,
Our project strides forward, simply divine!
🚀🌟

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (5)

cypress/e2e/vsm.cy.js (2)

13-15: Consider making the timeout configurable

The 2-second timeout seems arbitrary. Consider making it a constant or configuration value for better maintainability.

-            setTimeout(function () {
-              doc.location.reload()
-            }, 2000)
+const RELOAD_TIMEOUT = 2000;
+            setTimeout(function () {
+              doc.location.reload()
+            }, RELOAD_TIMEOUT)

---

71-82: Enhance whoami test coverage

The whoami test looks good but could use additional edge cases:

• Test with expired session
• Test with invalid user
• Test with user having no VPN servers

Would you like me to generate the additional test cases?

vsm.py (1)

95-95: Enhance error responses

The 401 responses could be more informative by including error messages.

-        return Response(status=401)
+        return Response(json.dumps({'error': 'Session not found'}), status=401, content_type='application/json')
-        return Response(status=401)
+        return Response(json.dumps({'error': 'Session expired'}), status=401, content_type='application/json')

Also applies to: 98-98

config/vsm/vpn_group_mapping.json (1)

11-28: Hey there! Let's talk about these copy-pasted server configs 👀

I notice we're using identical configuration values for all three servers. While this might be fine for testing, in production we should:

1. Consider using unique JWT roles per server for better security isolation
2. Look into templating or configuration reuse to avoid duplication

Here's a suggestion - we could restructure this to have common configs as defaults:

 [
+    {
+        "defaults": {
+            "idp_group": "/example",
+            "vault_metadata_mountpoint": "vpnmeta",
+            "vault_metadata_path": "develmeta",
+            "vault_pki_mountpoint": "vpn/devel",
+            "vault_jwt_role": "test-role",
+            "vault_jwt_path": "jwt"
+        }
+    },
     {
         "vpn_server": "myserver",
-        "idp_group": "/example",
-        "vault_metadata_mountpoint": "vpnmeta",
-        "vault_metadata_path": "develmeta",
-        "vault_pki_mountpoint": "vpn/devel",
-        "vault_jwt_role": "test-role",
-        "vault_jwt_path": "jwt"
+        "vault_jwt_role": "myserver-role"
     },
     {
         "vpn_server": "myserver2",
-        "idp_group": "/example",
-        "vault_metadata_mountpoint": "vpnmeta",
-        "vault_metadata_path": "develmeta",
-        "vault_pki_mountpoint": "vpn/devel",
-        "vault_jwt_role": "test-role",
-        "vault_jwt_path": "jwt"
+        "vault_jwt_role": "myserver2-role"
     },
     {
         "vpn_server": "myserver3",
-        "idp_group": "/example",
-        "vault_metadata_mountpoint": "vpnmeta",
-        "vault_metadata_path": "develmeta",
-        "vault_pki_mountpoint": "vpn/devel",
-        "vault_jwt_role": "test-role",
-        "vault_jwt_path": "jwt"
+        "vault_jwt_role": "myserver3-role"
     }
 ]

docker-compose.yml (1)

44-44: Quick cleanup needed! 🧹

There's a trailing space on line 44 that we should remove.

-      - ./config/vsm:/app/config:ro
- 
+      - ./config/vsm:/app/config:ro
+

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 44-44: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 92b5947 and f66d98b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (8)

• Dockerfile (1 hunks)
• config/haproxy/haproxy.cfg (1 hunks)
• config/vsm/vpn_group_mapping.json (1 hunks)
• cypress/e2e/vsm.cy.js (2 hunks)
• docker-compose.yml (1 hunks)
• package.json (1 hunks)
• templates/index.html (2 hunks)
• vsm.py (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• Dockerfile

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.yml

[error] 44-44: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Building container

🔇 Additional comments (4)

config/haproxy/haproxy.cfg (1)

3-3: Nice logging setup! 👍

The addition of logging to stdout in raw format is perfect for containerized environments. The configuration in both global and defaults sections is well-structured.

Also applies to: 8-8

package.json (1)

2-3: Verify Cypress version compatibility

Moving Cypress to devDependencies is correct! However, let's check if version 14.0.0 has any breaking changes that might affect our tests.

✅ Verification successful

🌐 Web query:

What are the breaking changes in Cypress 14.0.0 compared to 13.15.2?

💡 Result:

Cypress 14.0.0 introduced several breaking changes compared to version 13.15.2, primarily focused on modernizing dependencies and improving security/maintenance efficiency:

Core System Requirements

• Node.js support dropped: Removed compatibility with Node.js 16 and 21[1][3]
• Bundled Node.js upgraded: From v18.17 → v20.18.1[1][3]
• Linux compatibility reduced: Prebuilt binaries no longer support glibc <2.28 (affects Ubuntu 14-18/RHEL 7/CentOS 7/Amazon Linux 2)[1][3]

Browser & Testing Changes

• Strict cy.origin() requirements: Now mandatory for cross-subdomain navigation due to Chrome's document.domain deprecation[1][3][5]
• Browser support narrowed: Only latest 3 major Chrome/Firefox/Edge versions officially supported[1]
• Test isolation behavior: Fixed navigation issues when test isolation is disabled[1][3]

Removed Features

• Deprecated CLI commands:
  • cypress open-ct/run-ct replaced with --component flag[1]
  • Undocumented Cypress.backend() methods removed[1]
• Configuration options:
  • nodeVersion configuration removed[3]
  • videoUploadOnPasses option eliminated[3]

Component Testing

• Just-in-Time compilation became default for Webpack (Vite excluded)[5]
• Experimental flag renamed: experimentalJustInTimeCompile → justInTimeCompile config option[5]

Dependency Updates

• Electron upgraded to Chromium 130[2]
• Critical security patches applied for:
  • express (CVE-2024-43796/45590/43800)[3]
  • send (CVE-2024-43799)[3]
  • loader-utils (CVE-2022-37601)[3]

For migration assistance, Cypress provides an official guide addressing these changes[5]. Most users report minimal disruption when upgrading, though cross-subdomain tests require explicit cy.origin() usage[2][3].

Citations:

• 1: https://github.com/cypress-io/cypress/blob/develop/cli/CHANGELOG.md
• 2: https://www.cypress.io/blog/cypress-14-is-here-see-whats-new
• 3: https://docs.cypress.io/app/references/changelog
• 4: https://www.npmjs.com/package/cypress?activeTab=versions
• 5: https://docs.cypress.io/app/references/migration-guide
• 6: https://www.npmjs.com/package/cypress/v/0.7.0?activeTab=versions
• 7: Cypress 14: Breaking changes cypress-io/cypress#29925
• 8: https://community.chocolatey.org/packages/cypress
• 9: https://fossies.org/linux/www/cypress-14.0.0.tar.gz/cypress-14.0.0/npm/vue/CHANGELOG.md
• 10: https://tuleap.net/plugins/tracker/?aid=41797

---

Cypress 14.0.0 Upgrade – Breaking Changes Verification

Based on the migration details for Cypress 14.0.0, the update from 13.15.2 introduces several breaking changes that you should be aware of:

• Node.js & System Requirements:

  • Dropped support for older Node.js versions (e.g., Node 16) and requires using a supported version (Node ≥18).
  • Linux prebuilt binaries now require glibc 2.28 or higher.

• Testing Behavior Changes:

  • Mandatory usage of cy.origin() for cross-subdomain tests due to changes around Chrome’s document.domain.
  • Test isolation improvements and navigation changes that might affect tests if isolation is disabled.

• CLI & Configuration Adjustments:

  • Some deprecated CLI commands have been removed or replaced (e.g., cypress open-ct / run-ct now use the --component flag).
  • Certain configuration options like nodeVersion and videoUploadOnPasses have been eliminated.

While moving Cypress to devDependencies is indeed the right approach for a testing tool, please review your test suites and CI environments to ensure that the changes above do not conflict with your current setups. It may be a good idea to run your tests in a controlled staging environment after the upgrade and consult Cypress’s official migration guide for any necessary adjustments.

templates/index.html (1)

16-16: Looking good! The API paths are all lined up nicely 👍

The updates to both the logout path and VPN server endpoints are consistent with the API restructuring. Nice job keeping things organized!

Also applies to: 29-29

docker-compose.yml (1)

45-62: The HAProxy setup looks solid! 🚀

Good practices I'm seeing:

• Read-only volume mounts for configs and certs
• Proper service dependencies
• Standard web ports exposed

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 48-48: trailing spaces

(trailing-spaces)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

vsm.py (2)

96-128: Let's make the error responses more informative 🔍

While the session validation is solid, we could make the API more user-friendly by providing specific error messages.

Consider this improvement:

     if uuid is not None and rcon.get(uuid) is not None:
         user = json.loads(rcon.get(uuid))
     else:
-        return Response(status=401)
+        return Response(
+            json.dumps({'error': 'No active session found'}),
+            status=401,
+            content_type='application/json'
+        )

     if user['expires_at'] <= time.time():
-        return Response(status=401)
+        return Response(
+            json.dumps({'error': 'Session has expired'}),
+            status=401,
+            content_type='application/json'
+        )

---

184-189: Consider a more thorough session cleanup 🧹

While the basic session cleanup works, we could make it more robust.

Here's a suggestion:

 def logout():
     """UI - Logout"""
     rcon.delete(session['user'])
     session.pop('user', None)
+    session.clear()  # Clear all session data
     return redirect(INDEX_PAGE, 302)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f66d98b and 5a293df.

📒 Files selected for processing (1)

• vsm.py (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Building container

🔇 Additional comments (3)

vsm.py (3)

46-50: Nice work on the route structure! 👍

The updated routes follow a clear and consistent pattern:

• Auth-related routes under /auth/*
• API endpoints under /api/*

This separation makes the API more intuitive and maintainable.

---

87-94: Thanks for extracting the common logic! 🎯

Great job implementing the suggested refactor to eliminate code duplication. The helper function makes the code more maintainable.

---

153-153: Clean and simple! ✨

Great use of the helper function here. It makes the code more readable and maintainable.