grafana

Commit Graph

Author	SHA1	Message	Date
Jan-Otto Kröpke	e2bce38a79	App Plugins: Allow resource handle to define Cache-Control Header (#92559 )	9 months ago
Timur Olzhabayev	4761326568	Fix: Proper plugin logo loading depending on staging (#88247 ) * making logos respect the staging * making it work when served from subfolders * fixing helper test	1 year ago
Alex Khomenko	44e1bce55a	Feature toggles: Remove dashboardEmbed toggle (#86587 )	1 year ago
Ezequiel Victorero	864d91ed3e	Export: Remove no-store headers in pdf and image previews (#78844 )	2 years ago
Oscar Kilhed	4c4f11f4b3	Avatar: Allow browser caching of /avatar/ (#78314 ) don't set no-store headers to /avatar/	2 years ago
Alex Khomenko	420b19e0e4	Dashboards: Add dashboard embed route (#69596 ) * Dashboard embed: Set up route * Dashboard embed: Cleanup * Dashboard embed: Separate routes * Dashboard embed: Render dashboard page * Dashboard embed: Add toolbar * Dashboard embed: Send JSON on save * Dashboard embed: Add JSON param * Dashboard embed: Make the dashboard editable * Fix sending dashboard to remote server * Add notifications * Add "dashboardEmbed" feature toggle * Use the toggle * Update toggles * Add toggle on backend * Add get JSON endpoint * Add drawer * Close drawer on success * Update toggles * Cleanup * Update toggle * Allow embedding for the d-embed url * Allow embedding via custom X-Allow-Embedding header * Use callbackUrl * Cleanup * Update public/app/features/dashboard/containers/EmbeddedDashboardPage.tsx Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> * Use theme for spacing * Update toggles * Update public/app/features/dashboard/components/EmbeddedDashboard/SaveDashboardForm.tsx Co-authored-by: Polina Boneva <13227501+polibb@users.noreply.github.com> * Add select data source modal --------- Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com> Co-authored-by: Polina Boneva <13227501+polibb@users.noreply.github.com>	2 years ago
Michael Mandrus	5626461b3c	Caching: Refactor enterprise query caching middleware to a wire service (#65616 ) * define initial service and add to wire * update caching service interface * add skipQueryCache header handler and update metrics query function to use it * add caching service as a dependency to query service * working caching impl * propagate cache status to frontend in response * beginning of improvements suggested by Lean - separate caching logic from query logic. * more changes to simplify query function * Decided to revert renaming of function * Remove error status from cache request * add extra documentation * Move query caching duration metric to query package * add a little bit of documentation * wip: convert resource caching * Change return type of query service QueryData to a QueryDataResponse with Headers * update codeowners * change X-Cache value to const * use resource caching in endpoint handlers * write resource headers to response even if it's not a cache hit * fix panic caused by lack of nil check * update unit test * remove NONE header - shouldn't show up in OSS * Convert everything to use the plugin middleware * revert a few more things * clean up unused vars * start reverting resource caching, start to implement in plugin middleware * revert more, fix typo * Update caching interfaces - resource caching now has a separate cache method * continue wiring up new resource caching conventions - still in progress * add more safety to implementation * remove some unused objects * remove some code that I left in by accident * add some comments, fix codeowners, fix duplicate registration * fix source of panic in resource middleware * Update client decorator test to provide an empty response object * create tests for caching middleware * fix unit test * Update pkg/services/caching/service.go Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com> * improve error message in error log * quick docs update * Remove use of mockery. Update return signature to return an explicit hit/miss bool * create unit test for empty request context * rename caching metrics to make it clear they pertain to caching * Update pkg/services/pluginsintegration/clientmiddleware/caching_middleware.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Add clarifying comments to cache skip middleware func * Add comment pointing to the resource cache update call * fix unit tests (missing dependency) * try to fix mystery syntax error * fix a panic * Caching: Introduce feature toggle to caching service refactor (#66323) * introduce new feature toggle * hide calls to new service behind a feature flag * remove licensing flag from toggle (misunderstood what it was for) * fix unit tests * rerun toggle gen --------- Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	2 years ago
Gábor Farkas	4ded937c79	Show traceids for failing and successful requests (#64903 ) * tracing: show backend trace ids in frontend * better trace id naming Co-authored-by: Sven Grossmann <sven.grossmann@grafana.com> * better trace id naming Co-authored-by: Sven Grossmann <sven.grossmann@grafana.com> * better trace id naming Co-authored-by: Sven Grossmann <sven.grossmann@grafana.com> * added feature flag * bind functionality to the feature flag * use non-generic name for traceid header * fixed tests * loki: do not create empty fields * do not add empty fields * fixed graphite test mock data * added unit-tests to queryResponse * added unit-tests for backend_srv * more typescript-friendly check * added unit-tests for runRequest --------- Co-authored-by: Sven Grossmann <sven.grossmann@grafana.com>	2 years ago
Will Browne	88666f9bbd	Plugins: Fix Cache-Control header response for public/plugins/* assets API (#64051 ) * fix caching * fixeroo * simplify * undo changes * fix test	2 years ago
Galen Kistler	e58bef15ac	API: Cache-Control (browser caching) for datasource resources: part 2 (#63060 ) * Check if header string contains "public" or "private" target values	2 years ago
Kyle Brandt	27d429e3b1	API: Permit Cache-Control (browser caching) for datasource resources (#62033 ) * Start work on allowing certain resources to pass through Cache-Control headers. --------- Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Kyle Brandt	13de1afcbe	API: Change how Cache-Control and related headers are set (#62021 ) - change Cache-Control from no-cache to no-store - do not set (and remove if set) older Pragma/Expires	2 years ago
João Calisto	bba42b113c	Middleware: Add Custom Headers to HTTP responses (#59018 ) * Middleware: Add Custom Headers to HTTP responses * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update conf/defaults.ini Co-authored-by: Dave Henderson <dave.henderson@grafana.com> * Update conf/sample.ini Co-authored-by: Dave Henderson <dave.henderson@grafana.com> * Update _index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com>	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
Alex Vandiver	844b194f5b	Middleware: Don't require HTTPS for HSTS headers to be emitted (#35147 ) Grafana itself may not be serving content over HTTPS, but it may be behind a transparent proxy which does. Fixes #26770. Based on #26868.	3 years ago
Serge Zaitsev	57fcfd578d	Chore: replace macaron with web package (#40136 ) * replace macaron with web package * add web.go	4 years ago
Torkel Ödegaard	7428668835	Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516 ) * Profile: Fixes profile preferences page being available when anonymous access was enabled * Minor change * Renamed property	4 years ago
Arve Knudsen	50b649a869	Middleware: Add CSP support (#29740 ) * Middleware: Add support for CSP Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored by @iOrcohen	5 years ago
Arve Knudsen	ac09baae7d	Chore: Use Header.Set method instead of Header.Add (#29804 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Arve Knudsen	58dbf96a12	Middleware: Rewrite tests to use standard library (#29535 ) * middleware: Rewrite tests to use standard library Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	8d5b0084f1	Middleware: Simplifications (#29491 ) * Middleware: Simplify Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * middleware: Rename auth_proxy directory to authproxy Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
taciomcosta	10ff4eecef	Backend: fix IPv6 address parsing erroneous (#28585 ) * Backend: Fix parsing of client IP address Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	9593d57914	Chore: Enable errorlint linter (#29227 ) * Enable errorlint linter * Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	a078e40238	Settings: Rename constants/variables to follow Go naming standards (#28002 ) * settings: Rename constants/variables to follow Go naming standards Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Hansuuuuuuuuuu	8d971ab2f2	Auth: Replace maximum inactive/lifetime settings of days to duration (#27150 ) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Agnès Toulet	a9daaadd50	API: send Login actions (#27249 ) * API: first version to send events about login actions * API: improve login actions events * Login: update auth test with new behavior * Login: update auth test for auth module * Login OAuth: improve functions structure * API: make struct public to use for saml * API: add send login log tests for grafana and ldap login * API: remove log from tests * Login API: fix test linting * Update pkg/api/login_oauth.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Login API: refactor using defer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	4c56eb3991	Chore: Enable goprintffuncname and nakedret linters (#26376 ) * Chore: Enable goprintffuncname linter * Chore: Enable nakedret linter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Marcus Efraimsson	d0a80c59f3	Rendering: Store render key in remote cache (#22031 ) By storing render key in remote cache it will enable image renderer to use public facing url or load balancer url to render images and thereby remove the requirement of image renderer having to use the url of the originating Grafana instance when running HA setup (multiple Grafana instances). Fixes #17704 Ref grafana/grafana-image-renderer#91	5 years ago
Marcus Efraimsson	fd52570b7f	API: Improve recovery middleware when response already been written (#22256 ) Suppresses stacktrace in recovery middleware if error is http.ErrAbortHandler. Skips writing response error in recovery middleware if resoonse have already been written. Skips try rotate of auth token if response have already been written. Skips adding default response headers if response have already been written. Fixes #15728 Ref #18082 Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Carl Bergquist	fe16028e02	Auth: Don't rotate auth token when requests are cancelled by client (#22106 ) if the client closes the connection we should not rotate token since the client will never receive the new token. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Anthony Woods	f56f54b1a3	Auth: Rotate auth tokens at the end of requests (#21347 ) By rotating the auth tokens at the end of the request we ensure that there is minimum delay between a new token being generated and the client receiving it. Adds auth token slow load test which uses random latency for all tsdb queries.. Cleans up datasource proxy response handling. DefaultHandler in middleware tests should write a response, the responseWriter BeforeFuncs wont get executed unless a response is written. Fixes #18644 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Jeffrey Descan	c5f906f472	Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787 ) * Refactor redirect_to cookie with secure flag in middleware * Refactor redirect_to cookie with secure flag in api/login * Refactor redirect_to cookie with secure flag in api/login_oauth * Removed the deletion of 'Set-Cookie' header to prevent logout * Removed the deletion of 'Set-Cookie' at top of api/login.go * Add HttpOnly flag on redirect_to cookies where missing * Refactor duplicated code * Add tests * Refactor cookie options * Replace local function for deleting cookie * Delete redundant calls Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	6 years ago
Arve Knudsen	35e0e078b7	pkg/util: Check errors (#19832 ) * pkg/util: Check errors * pkg/services: DRY up code	6 years ago
kay delaney	fb0cec5591	Backend: Adds support for HTTP/2 (#18358 ) * Backend: Adds support for HTTP/2 * Adds mozilla recommended ciphers * Updates sample.ini and config documentation	6 years ago
Sofia Papagiannaki	4e29357d15	Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462 ) * Do not set SameSite login_error cookie attribute if cookie_samesite is none * Do not set SameSite grafana_session cookie attribute if cookie_samesite is none * Update middleware tests	6 years ago
Oleg Gaidarenko	d88fdc86fc	Auth: Do not search for the user twice (#18366 ) * Auth: Do not search for the user twice Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing `GetUserByLoginQuery` only i.e. looking user in DB only, things changed when this function started to check LDAP provider via `LoginUserQuery` (#6940), however, this request was placed after `GetUserByLoginQuery`, so we first looking in DB then in the LDAP - if LDAP user hasn't logged in we will not find it in DB, so `LoginUserQuery` will never be reached. `LoginUserQuery` request already performs `GetUserByLoginQuery` request in correct sequence. So we can just remove redundant request. * Correct sequence execution during authentification & introduce tests for it * Move basic auth tests to separate test file, since main test file already pretty large * Introduce `testing.go` for the middleware module * Remove redundant test helper function * Make handler names more explicit Ref `5777f65d05` Fixes #18329 * Auth: address review comment	6 years ago
Oleg Gaidarenko	82661b9f69	Auth: consistently return same basic auth errors (#18310 ) * Auth: consistently return same basic auth errors * Put repeated errors in consts and return only those consts as error strings * Add tests for errors basic auth cases and moves tests to separate test-case. Also names test cases consistently * Add more error logs and makes their messages consistent * A bit of code style * Add additional test helper * Auth: do not expose even incorrect password * Auth: address review comments Use `Debug` for the cases when it's an user error	6 years ago
gotjosh	332920954e	SAML: Show SAML login button even if OAuth is disabled (#17993 ) * Move the SAML button outside of the oauth div * Don't attempt to search cookies with an empty name	6 years ago
Sofia Papagiannaki	dc9ec7dc91	Auth: Allow expiration of API keys (#17678 ) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire.	6 years ago
Kyle Brandt	bd08d8ce8e	middleware: fix Strict-Transport-Security header (#17644 ) fixes #17641	6 years ago
Yann Verry	ed613194ac	HTTPServer: Fix X-XSS-Protection header formatting (#17620 ) Fixes #17619	6 years ago
Oleg Gaidarenko	1b1d951495	LDAP: refactoring (#17479 ) * LDAP: use only one struct * Use only models.ExternalUserInfo * Add additional helper method :/ * Move all the helpers to one module * LDAP: refactoring * Rename some of the public methods and change their behaviour * Remove outdated methods * Simplify logic * More tests There is no and never were tests for settings.go, added tests for helper methods (cover is now about 100% for them). Added tests for the main LDAP logic, but there is some stuff to add. Dial() is not tested and not decoupled. It might be a challenge to do it properly * Restructure tests: * they wouldn't depend on external modules * more consistent naming * logical division * More guards for erroneous paths * Login: make login service an explicit dependency * LDAP: remove no longer needed test helper fns * LDAP: remove useless import * LDAP: Use new interface in multildap module * LDAP: corrections for the groups of multiple users * In case there is several users their groups weren't detected correctly * Simplify helpers module	6 years ago
Kyle Brandt	599514ad68	middleware: add security related HTTP(S) response headers (#17522 ) * x_xss_protection * strict_transport_security (HSTS) * x_content_type_options these are currently defaulted to false (off) until the next minor release. fixes #17509	6 years ago
Oleg Gaidarenko	35f227de11	Feature: LDAP refactoring (#16950 ) * incapsulates multipleldap logic under one module * abstracts users upsert and get logic * changes some of the text error messages and import sort sequence * heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour * integrates affected auth_proxy module and their tests * refactoring of the auth_proxy logic	6 years ago
zhulongcheng	2fff8f77dc	move log package to /infra (#17023 ) ref #14679 Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>	6 years ago
Marcus Efraimsson	1c1427520d	Security: Add new setting allow_embedding (#16853 ) When allow_embedding is false (default) the Grafana backend will set the http header `X-Frame-Options: deny` in all responses to non-static content which will instruct browser to not allow Grafana to be embedded in `<frame>`, `<iframe>`, `<embed>` or `<object>`. Closes #14189	6 years ago
Marcus Efraimsson	f778c1d971	Security: Responses from backend should not be cached (#16848 ) Currently all API requests set Cache-control: no-cache to avoid browsers caching sensitive data. This fixes so that all responses returned from backend not are cached using http headers. The exception is the data proxy where we don't add these http headers in case datasource backend needs to control whether data can be cached or not. Fixes #16845	6 years ago
Carl Bergquist	9660356638	Auth: Enable retries and transaction for some db calls for auth tokens (#16785 ) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it.	6 years ago

1 2 3

141 Commits (b32ddb5750cae9c576d284b583b4285ccf0fc038)