|
| 1 | +# Software Design Document |
| 2 | + |
| 3 | +Reference: Introspection - Development and production setup of Dashboard <br> |
| 4 | +Authors: Samiya Akhtar, Andre Briggs, Dennis Seah |
| 5 | + |
| 6 | +| Revision | Date | Author | Remarks | |
| 7 | +| -------: | ------------ | ----------- | -------------------------------------- | |
| 8 | +| 0.1 | Mar-02, 2020 | Dennis Seah | Initial Draft | |
| 9 | +| 0.2 | Mar-05, 2020 | Dennis Seah | Incorporate comments from Andre Briggs | |
| 10 | +| 1.0 | Mar-06, 2020 | Dennis Seah | Void Document section because tasks are taken care of | |
| 11 | + |
| 12 | +## 1. Overview |
| 13 | + |
| 14 | +This design fixes a few things in the previous implementation of |
| 15 | +`spk deployment dashboard` command. The issues are |
| 16 | + |
| 17 | +1. Secret and configuration values are exposed in the browser. |
| 18 | +2. Cross-origin resource sharing, CORS issue because HTTP request is initiated |
| 19 | + from browser to Azure DevOps API Server. |
| 20 | + |
| 21 | +These problems are due to how the React App was deployed. |
| 22 | + |
| 23 | +<p style="text-align:center"> |
| 24 | +<img src="currentDeployment.png" style="width:400px; height:auto"> |
| 25 | +</p> |
| 26 | + |
| 27 | +The React App had only a frontend layer hence secret and configuration values |
| 28 | +need to be sent to the browser so that browser can make HTTP calls to Azure |
| 29 | +Dev-Op API server (which leads to CORS error). |
| 30 | + |
| 31 | +## 2. Out of Scope |
| 32 | + |
| 33 | +This design shall only address the above mentioned issues, see |
| 34 | +[Background Section](#background). There a few other known issues, see |
| 35 | +[Known issues](#known-issues) section; and they shall be addressed in a separate |
| 36 | +software design document. |
| 37 | + |
| 38 | +## 3. Design Details |
| 39 | + |
| 40 | +We introduced a backend layer to address the above mentioned issues and the |
| 41 | +landscape looks like this. |
| 42 | + |
| 43 | +<p style="text-align:center"> |
| 44 | +<img src="proposedDeployment.png" style="width:500px; height:auto"> |
| 45 | +</p> |
| 46 | + |
| 47 | +1. Secret and configuration values need not be sent to the browser because the |
| 48 | + backend is making the Azure Dev-Op API calls. |
| 49 | +2. We do not have CORS issue because these HTTP calls are made from the backend. |
| 50 | + |
| 51 | +### 3.1 Building and Running the Express App |
| 52 | + |
| 53 | +The frontend and backend are hosted by an Express app. This is how this |
| 54 | +application is built in the workspace. |
| 55 | + |
| 56 | +1. Building react frontend app `react-scripts-ts build` |
| 57 | +2. Building backend app `tsc src/backend/** --outDir build/backend/` |
| 58 | +3. Building Express app `tsc src/server.ts --outDir build/` |
| 59 | + |
| 60 | +All the resources and code for the Express app is in the build folder; and the |
| 61 | +app runs from the folder. All backend calls are prefixed with `api/`. |
| 62 | + |
| 63 | +Secret and configuration values are exposed to the Express app via environment |
| 64 | +parameters. |
| 65 | + |
| 66 | +### 3.2 Running React Service Worker |
| 67 | + |
| 68 | +<p style="text-align:center"> |
| 69 | +<img src="devSetup.png" style="width:500px;height:auto"> |
| 70 | +</p> |
| 71 | + |
| 72 | +In order to faciliate code development (mainly in frontend), the react's worker |
| 73 | +service is used. And it proxies all requests with `api/` prefix to an Express |
| 74 | +application running at port 8001. This proxy is enabled by React's service |
| 75 | +worker. We need a value |
| 76 | + |
| 77 | +``` |
| 78 | +"http://localhost:8001" |
| 79 | +``` |
| 80 | + |
| 81 | +in `package.json`. |
| 82 | + |
| 83 | +Similarly, secret and configuration values are exposed to the Express app via |
| 84 | +environment parameters. |
| 85 | + |
| 86 | +## 4. Dependencies |
| 87 | + |
| 88 | +None. All the implementations are within |
| 89 | +[spektate](https://github.com/microsoft/spektate). |
| 90 | + |
| 91 | +## 5. Known issues |
| 92 | + |
| 93 | +### 5.1 Too many calls to Azure Dev-Op API server. |
| 94 | + |
| 95 | +Every call from the frontend to the backend layer shall result in a call to the |
| 96 | +Azure Dev-Op API server. This can be a huge overhead and this can be resolved by |
| 97 | +having a caching mechanism in the backend. |
| 98 | + |
| 99 | +### 5.2 Multiple HTTP calls from frontend to backend API |
| 100 | + |
| 101 | +The frontend layer is making multiple HTTP calls to the backend in order to |
| 102 | +render a complete view. For instance, one call to get deployments; other call to |
| 103 | +get author for each deployment; etc. This result in poor user experience. |
| 104 | + |
| 105 | +### 5.3 Access Control of Dashboard |
| 106 | + |
| 107 | +Once the dashboard is deployed in kubernetes or docker swarm, anyone who has |
| 108 | +access to the IP address and port is able to see the content of the dashboard. |
| 109 | + |
| 110 | +## 6. Risks & Mitigations |
| 111 | + |
| 112 | +None |
| 113 | + |
| 114 | +## 7. Documentation |
| 115 | +All documentation are covered as sprint tasks |
| 116 | + |
| 117 | +## A. Appendix |
| 118 | + |
| 119 | +### A.1 References |
| 120 | + |
| 121 | +1. https://daveceddia.com/create-react-app-express-backend/ |
| 122 | +2. https://daveceddia.com/deploy-react-express-app-heroku/ |
| 123 | +3. https://docs.docker.com/engine/reference/commandline/run/ |
| 124 | + |
| 125 | +\- end - |
0 commit comments