Shankiyani/initial popup #181
Conversation
There was a problem hiding this comment.
A few things:
-
Should we have a more advanced stylesheet framework (e.g. scss or sass)? If not sass or scss, we should use CSS variables for things like colors and border radii.
-
Let's declare our browser support matrix for Bets Platform somewhere? I can be the approver. We don't need to support IE 7, but we should be forward about which browsers we're going to support. We cannot assume Chrome for all Bets.
-
Always prefer
remtopxfor responsive designs. -
Prefer flexbox to float.
-
Use class and id selectors instead of styling elements directly. It provides more flexibility in the future.
I didn't review the Go code, but there's a lot of nuance in getting form parsing correct (and secure). Let me know when you want a review of the Go code.
Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com>
Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com>
Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com>
I would rather use a frontend framework, otherwise I would prefer to use CSS variables for this use case.
Yes, all of this, we should probably create a doc for browser support and best practices for CSS/HTML. This also leads into the frontend framework vs go template discussion and it will probably come down to use case. |
Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com>
Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com>
CSS variables are fine with me
Yes, I agree we need a doc 😄 |
Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com>
rename main script to success to match html file name rename windowname attribute to window-name move script tag inside body for both html files proper indentation on xml and json add copyright headers use querySelector over addEventListener use window for event listener shorthand err check on config make regex pattern a global variable
use logger instead of log in tests want and got or sufficient remove .flex-outer in css
|
Thanks for the feedback so far @verbanicm, @sethvargo, and @yolocs. I did some refactoring to mimic the EN service so I hope its more aligned with expectations (still more improvements in upcoming PRs). I wonder if this is a good point to try to merge what we have so far. I want to follow up with the Remaining tasks in the next PR(s). Ill tackle Followups after that. Remaining:
Followups:
|
All are either addressed or noted as followups |
| // limitations under the License. | ||
|
|
||
| window.addEventListener("DOMContentLoaded", async () => { | ||
| const originElement = document.getElementById("origin"); |
There was a problem hiding this comment.
Nit, can be a follow-up. Always prefer document.querySelector.
| } | ||
|
|
||
| // set values for the following hidden input elements, will be persisted to the next page | ||
| originElement.value = targetOrigin; |
There was a problem hiding this comment.
If originElement or windowElement are null, this will NPE.
| if (!targetOrigin) { | ||
| alert("You must pass a target origin from your application to successfully retrieve a token.") | ||
| window.close() | ||
| } else if (!windowName) { | ||
| alert("You must pass a window name from your application to successfully retrieve a token.") | ||
| } else if (!token) { | ||
| alert("Something went wrong, unable to retrieve a token.") | ||
| } else { | ||
| window.opener.postMessage( | ||
| JSON.stringify({ | ||
| // notify the requestor of the window name that was provided, | ||
| // client should check this as a sanity check | ||
| source: windowName, | ||
| payload: { | ||
| token, | ||
| }, | ||
| }), | ||
| targetOrigin | ||
| ); | ||
| } | ||
| window.close(); |
There was a problem hiding this comment.
This flow is a bit weird. I think it'd be better to always return short:
| if (!targetOrigin) { | |
| alert("You must pass a target origin from your application to successfully retrieve a token.") | |
| window.close() | |
| } else if (!windowName) { | |
| alert("You must pass a window name from your application to successfully retrieve a token.") | |
| } else if (!token) { | |
| alert("Something went wrong, unable to retrieve a token.") | |
| } else { | |
| window.opener.postMessage( | |
| JSON.stringify({ | |
| // notify the requestor of the window name that was provided, | |
| // client should check this as a sanity check | |
| source: windowName, | |
| payload: { | |
| token, | |
| }, | |
| }), | |
| targetOrigin | |
| ); | |
| } | |
| window.close(); | |
| if (!targetOrigin) { | |
| alert("You must pass a target origin from your application to successfully retrieve a token.") | |
| window.close() | |
| return | |
| } | |
| if (!windowName) { | |
| alert("You must pass a window name from your application to successfully retrieve a token.") | |
| window.close() | |
| return | |
| } | |
| if (!token) { | |
| alert("Something went wrong, unable to retrieve a token.") | |
| window.close() | |
| return | |
| } | |
| window.opener.postMessage( | |
| JSON.stringify({ | |
| // notify the requestor of the window name that was provided, | |
| // client should check this as a sanity check | |
| source: windowName, | |
| payload: { | |
| token, | |
| }, | |
| }), | |
| targetOrigin | |
| ); | |
| window.close(); |
This can be a follow-up fix.
| for _, tc := range cases { | ||
| tc := tc | ||
| t.Run(tc.name, func(t *testing.T) { | ||
| t.Parallel() | ||
| lookuper := envconfig.MapLookuper(tc.envs) |
There was a problem hiding this comment.
Style nit: can be a follow-up (throughout all tests, just marking once here):
| for _, tc := range cases { | |
| tc := tc | |
| t.Run(tc.name, func(t *testing.T) { | |
| t.Parallel() | |
| lookuper := envconfig.MapLookuper(tc.envs) | |
| for _, tc := range cases { | |
| tc := tc | |
| t.Run(tc.name, func(t *testing.T) { | |
| t.Parallel() | |
| lookuper := envconfig.MapLookuper(tc.envs) |
| // | ||
| // The buffers are fetched via a sync.Pool to reduce allocations and improve | ||
| // performance. | ||
| func (r *Renderer) RenderHTMLStatus(w http.ResponseWriter, code int, tmpl string, data interface{}) { |
There was a problem hiding this comment.
Nit: prefer any over interface{} in modern Go. This can be a follow-up.
| ctrl := controller.New(s.h) | ||
| mux.Handle("/popup", ctrl.HandlePopup(s.allowlist)) |
There was a problem hiding this comment.
In general, I would expect all "setup" to be in the controller. So the allowlist would be passed to controller.New. It's not a huge deal and can be a follow-up.
* initial go template and styling * first pass at the server * send form labels to template * add reset button * remove print statement in server file, label todos * Update assets/templates/index.gohtml Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com> * Update assets/templates/index.gohtml Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com> * Update assets/templates/index.gohtml Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com> * rename template file, format css file * set hidden field values via script tag * Add success page html, used for postMessage on page load * redo the template, dont use floats in css * run gofumpt and set timeouts for http server * Update pkg/ui/server.go Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> * Update pkg/ui/server.go Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> * clean up css * alert user when context is missing * add additional meta tags, format all files * turn off detect indentation, set to 2 spaces * Address comments, add config.go * add favicons * format reset.css and remove unused struct * add a forbidden page * Support allowlist env variable * Add some tests for validation methods * Update pkg/ui/server.go Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> * add new line to reset.css rename main script to success to match html file name rename windowname attribute to window-name move script tag inside body for both html files proper indentation on xml and json add copyright headers use querySelector over addEventListener use window for event listener shorthand err check on config make regex pattern a global variable * add testing for config file * add local ip check, remove helper handler, refactor tests * add _head.html.tmpl, rename main template file for popup * add Validate to cfg interface use logger instead of log in tests want and got or sufficient remove .flex-outer in css * refactor, inspired by EN service * resolve bugs from manual testing * run the linter * add basic testing for the popup handler * address comments, add a readme --------- Signed-off-by: Shan Kiyani <shankiyani@google.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> Co-authored-by: Seth Vargo <seth@sethvargo.com>
* initial go template and styling * first pass at the server * send form labels to template * add reset button * remove print statement in server file, label todos * Update assets/templates/index.gohtml Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com> * Update assets/templates/index.gohtml Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com> * Update assets/templates/index.gohtml Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shankiyani@google.com> * rename template file, format css file * set hidden field values via script tag * Add success page html, used for postMessage on page load * redo the template, dont use floats in css * run gofumpt and set timeouts for http server * Update pkg/ui/server.go Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> * Update pkg/ui/server.go Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> * clean up css * alert user when context is missing * add additional meta tags, format all files * turn off detect indentation, set to 2 spaces * Address comments, add config.go * add favicons * format reset.css and remove unused struct * add a forbidden page * Support allowlist env variable * Add some tests for validation methods * Update pkg/ui/server.go Co-authored-by: Seth Vargo <seth@sethvargo.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> * add new line to reset.css rename main script to success to match html file name rename windowname attribute to window-name move script tag inside body for both html files proper indentation on xml and json add copyright headers use querySelector over addEventListener use window for event listener shorthand err check on config make regex pattern a global variable * add testing for config file * add local ip check, remove helper handler, refactor tests * add _head.html.tmpl, rename main template file for popup * add Validate to cfg interface use logger instead of log in tests want and got or sufficient remove .flex-outer in css * refactor, inspired by EN service * resolve bugs from manual testing * run the linter * add basic testing for the popup handler * address comments, add a readme --------- Signed-off-by: Shan Kiyani <shankiyani@google.com> Signed-off-by: Shan Kiyani <shan.a.raja@gmail.com> Co-authored-by: Seth Vargo <seth@sethvargo.com>
This is the initial change to support a UI for JVS. A go template is used to display a form. On submission of this form, a basic validation is made against the input. If the user provides invalid data, an error message is shown and the user's inputs are maintained. Upon successful submission a script is executed to postMessage back to the target origin that triggered the initial call. This origin must exist within an allow list provided as an env variable.