A helper library intended to enable rapid go-to-prod by providing simple Feature Toggling helpers and optional early shared-key cookie based authentication.
Feature Toggling (or Feature Flagging) is a great tool you can use to get stuff to prod fast! #shipit
It goes hand in hand with concepts like CI/CD and other best practices like Automated Testing, etc. One of the great benefits of Mainline Development (GitHub Flow) is that everything is integrated all the time and ideally, it should be ready for production all the time too. That's where DevCookie comes in.
DevCookie is a simple infrastructure which enables you to hide/show features easily using various hooks so that, even if a story/epic/feature is not complete, it can go to production integrated. Devs/testers/anyone on your team can then test it, show it to stakeholders and ultimately get it accepted without it being visible to the wild. Once the Feature Toggle is lifted, it's live and thoroughly de-risked. There's a great article on Fowler's site which goes into detail about the different types of toggles, specifically Release Toggles, which is where DevCookie fits in.
DevCookie is about getting to prod fast in a low risk manner! This applies to the enterprise where apps have longer story lifetimes; but it's also useful for MVP/prototypes too. DevCookie can be used to show/hide small parts of the site or act as a simple authentication wall for the whole web-app until launch.
-
Ensure that you're using Autofac for MVC so you can register dependencies. Sorry, but for now we're taking a hard dependency on Autofac.
-
Register the Autofac module and specify your dev cookie secret key:
builder.RegisterModule(new DevAccessModule("U4SdMn12dTkLT4aktB75fvdpPcqnmEBc39aufs3QlGo6x2SZYo"));(<< don't use this key!)
- When registering the
DevAccessModule, use theuseAsGlobalAuthFilterflag:builder.RegisterModule(new DevAccessModule("U4SdMn12dTkLT4aktB75fvdpPcqnmEBc39aufs3QlGo6x2SZYo", useAsGlobalAuthFilter: true));
Now all requests should return 404. To access a page simply append ?devaccess=U4SdMn12dTkLT4aktB75fvdpPcqnmEBc39aufs3QlGo6x2SZYo to the url in your browser to create the cookie.
I just want to feature toggle certain behaviour at the action/controller level
- Make sure the
useAsGlobalAuthFilterflag is set tofalse. - Use the
[DevAccessAuthorize]on only those actions/controllers you wish to prevent public access to. Only requests that include the dev cookie (or query string param) will be able to access those actions. - When the feature goes live, remove the
[DevAccessAuthorize]and redeploy.
- You can use something like the
DevAccessCheckerfrom aBasePagein this fashion:
@if (DevAccessChecker.UserHasDevAccess())
{
<p>Looks like you're DEV. You're invited to the @Html.ActionLink("secret section!", "SecretPage", "Other")</p>
}- Inject the
IDevAccessCheckerinto your abstraction like is shown in theFooServiceexample:
class FooService : IFooService
{
private readonly IDevAccessChecker _devAccessChecker;
public FooService(IDevAccessChecker devAccessChecker)
{
_devAccessChecker = devAccessChecker;
}
public string GetFoo()
{
if (_devAccessChecker.UserHasDevAccess())
return "the foo is strong with this one!";
return string.Empty;
}
}Now you should be able to toggle features on and off easily giving only "dev access" to those who need to preview/accept/test them in production.
Also, you can test the example project, with the above token, as it is deployed to devcookie.apphb.com. You'll need to navigate to a restricted page to get the 404 where you can then use the query string approach as listed above to set up the cookie and gain access.
Any feedback, suggestions or pull requests are really appreciated.