@backstage/plugin-app-backend 0.3.20 → 0.3.23-next.0

package/CHANGELOG.md

@@ -1,5 +1,81 @@
 # @backstage/plugin-app-backend
 
+## 0.3.23-next.0
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-common@0.10.6-next.0
+
+## 0.3.22
+
+### Patch Changes
+
+- f685e1398f: Loading of app configurations now reference the `@deprecated` construct from
+  JSDoc to determine if a property in-use has been deprecated. Users are notified
+  of deprecated keys in the format:
+
+  ```txt
+  The configuration key 'catalog.processors.githubOrg' of app-config.yaml is deprecated and may be removed soon. Configure a GitHub integration instead.
+  ```
+
+  When the `withDeprecatedKeys` option is set to `true` in the `process` method
+  of `loadConfigSchema`, the user will be notified that deprecated keys have been
+  identified in their app configuration.
+
+  The `backend-common` and `plugin-app-backend` packages have been updated to set
+  `withDeprecatedKeys` to true so that users are notified of deprecated settings
+  by default.
+
+- eb00e8af14: Updated the cache control headers for static assets to instruct clients to cache them for 14 days.
+- eb00e8af14: Added a new asset cache that stores static assets from previous deployments in the database. This fixes an issue where users have old browser tabs open and try to lazy-load static assets that no longer exist in the latest version.
+
+  The asset cache is enabled by passing the `database` option to `createRouter`.
+
+- Updated dependencies
+  - @backstage/backend-common@0.10.4
+  - @backstage/config@0.1.13
+  - @backstage/config-loader@0.9.3
+
+## 0.3.22-next.0
+
+### Patch Changes
+
+- f685e1398f: Loading of app configurations now reference the `@deprecated` construct from
+  JSDoc to determine if a property in-use has been deprecated. Users are notified
+  of deprecated keys in the format:
+
+  ```txt
+  The configuration key 'catalog.processors.githubOrg' of app-config.yaml is deprecated and may be removed soon. Configure a GitHub integration instead.
+  ```
+
+  When the `withDeprecatedKeys` option is set to `true` in the `process` method
+  of `loadConfigSchema`, the user will be notified that deprecated keys have been
+  identified in their app configuration.
+
+  The `backend-common` and `plugin-app-backend` packages have been updated to set
+  `withDeprecatedKeys` to true so that users are notified of deprecated settings
+  by default.
+
+- eb00e8af14: Updated the cache control headers for static assets to instruct clients to cache them for 14 days.
+- eb00e8af14: Added a new asset cache that stores static assets from previous deployments in the database. This fixes an issue where users have old browser tabs open and try to lazy-load static assets that no longer exist in the latest version.
+
+  The asset cache is enabled by passing the `database` option to `createRouter`.
+
+- Updated dependencies
+  - @backstage/backend-common@0.10.4-next.0
+  - @backstage/config@0.1.13-next.0
+  - @backstage/config-loader@0.9.3-next.0
+
+## 0.3.21
+
+### Patch Changes
+
+- 9d9cfc1b8a: Set `X-Frame-Options: deny` rather than the default `sameorigin` for all content served by the `app-backend`.`
+- Updated dependencies
+  - @backstage/backend-common@0.10.1
+  - @backstage/config-loader@0.9.1
+
 ## 0.3.20
 
 ### Patch Changes

package/dist/index.cjs.js

@@ -3,17 +3,24 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var backendCommon = require('@backstage/backend-common');
+var helmet = require('helmet');
 var express = require('express');
 var Router = require('express-promise-router');
 var fs = require('fs-extra');
 var path = require('path');
 var configLoader = require('@backstage/config-loader');
+var luxon = require('luxon');
+var partition = require('lodash/partition');
+var globby = require('globby');
 
 function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
 
+var helmet__default = /*#__PURE__*/_interopDefaultLegacy(helmet);
 var express__default = /*#__PURE__*/_interopDefaultLegacy(express);
 var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
 var fs__default = /*#__PURE__*/_interopDefaultLegacy(fs);
+var partition__default = /*#__PURE__*/_interopDefaultLegacy(partition);
+var globby__default = /*#__PURE__*/_interopDefaultLegacy(globby);
 
 async function injectConfig(options) {
   const { staticDir, logger, appConfigs } = options;
@@ -46,7 +53,7 @@ async function readConfigs(options) {
     const serializedSchema = await fs__default["default"].readJson(schemaPath);
     try {
       const schema = await configLoader.loadConfigSchema({ serialized: serializedSchema });
-      const frontendConfigs = await schema.process([{ data: config.get(), context: "app" }], { visibility: ["frontend"] });
+      const frontendConfigs = await schema.process([{ data: config.get(), context: "app" }], { visibility: ["frontend"], withDeprecatedKeys: true });
       appConfigs.push(...frontendConfigs);
     } catch (error) {
       throw new Error(`Invalid app bundle schema. If this error is unexpected you need to run \`yarn build\` in the app. If that doesn't help you should make sure your config schema is correct and rebuild the app bundle again. Caused by the following schema error, ${error}`);
@@ -55,6 +62,117 @@ async function readConfigs(options) {
   return appConfigs;
 }
 
+var __accessCheck = (obj, member, msg) => {
+  if (!member.has(obj))
+    throw TypeError("Cannot " + msg);
+};
+var __privateGet = (obj, member, getter) => {
+  __accessCheck(obj, member, "read from private field");
+  return getter ? getter.call(obj) : member.get(obj);
+};
+var __privateAdd = (obj, member, value) => {
+  if (member.has(obj))
+    throw TypeError("Cannot add the same private member more than once");
+  member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+};
+var __privateSet = (obj, member, value, setter) => {
+  __accessCheck(obj, member, "write to private field");
+  setter ? setter.call(obj, value) : member.set(obj, value);
+  return value;
+};
+var _db, _logger;
+const migrationsDir = backendCommon.resolvePackagePath("@backstage/plugin-app-backend", "migrations");
+const _StaticAssetsStore = class {
+  constructor(options) {
+    __privateAdd(this, _db, void 0);
+    __privateAdd(this, _logger, void 0);
+    __privateSet(this, _db, options.database);
+    __privateSet(this, _logger, options.logger);
+  }
+  static async create(options) {
+    await options.database.migrate.latest({
+      directory: migrationsDir
+    });
+    return new _StaticAssetsStore(options);
+  }
+  async storeAssets(assets) {
+    const existingRows = await __privateGet(this, _db).call(this, "static_assets_cache").whereIn("path", assets.map((a) => a.path));
+    const existingAssetPaths = new Set(existingRows.map((r) => r.path));
+    const [modified, added] = partition__default["default"](assets, (asset) => existingAssetPaths.has(asset.path));
+    __privateGet(this, _logger).info(`Storing ${modified.length} updated assets and ${added.length} new assets`);
+    await __privateGet(this, _db).call(this, "static_assets_cache").update({
+      last_modified_at: __privateGet(this, _db).fn.now()
+    }).whereIn("path", modified.map((a) => a.path));
+    for (const asset of added) {
+      await __privateGet(this, _db).call(this, "static_assets_cache").insert({
+        path: asset.path,
+        content: await asset.content()
+      }).onConflict("path").ignore();
+    }
+  }
+  async getAsset(path) {
+    const [row] = await __privateGet(this, _db).call(this, "static_assets_cache").where({
+      path
+    });
+    if (!row) {
+      return void 0;
+    }
+    return {
+      path: row.path,
+      content: row.content,
+      lastModifiedAt: typeof row.last_modified_at === "string" ? luxon.DateTime.fromSQL(row.last_modified_at, { zone: "UTC" }).toJSDate() : row.last_modified_at
+    };
+  }
+  async trimAssets(options) {
+    const { maxAgeSeconds } = options;
+    await __privateGet(this, _db).call(this, "static_assets_cache").where("last_modified_at", "<=", __privateGet(this, _db).client.config.client === "sqlite3" ? __privateGet(this, _db).raw(`datetime('now', ?)`, [`-${maxAgeSeconds} seconds`]) : __privateGet(this, _db).raw(`now() + interval '${-maxAgeSeconds} seconds'`)).delete();
+  }
+};
+let StaticAssetsStore = _StaticAssetsStore;
+_db = new WeakMap();
+_logger = new WeakMap();
+
+async function findStaticAssets(staticDir) {
+  const assetPaths = await globby__default["default"]("**/*", {
+    ignore: ["**/*.map"],
+    cwd: staticDir,
+    dot: true
+  });
+  return assetPaths.map((path) => ({
+    path,
+    content: async () => fs__default["default"].readFile(backendCommon.resolveSafeChildPath(staticDir, path))
+  }));
+}
+
+const CACHE_CONTROL_NO_CACHE = "no-store, max-age=0";
+const CACHE_CONTROL_MAX_CACHE = "public, max-age=1209600";
+
+function createStaticAssetMiddleware(store) {
+  return (req, res, next) => {
+    if (req.method !== "GET" && req.method !== "HEAD") {
+      next();
+      return;
+    }
+    Promise.resolve((async () => {
+      const path$1 = req.path.startsWith("/") ? req.path.slice(1) : req.path;
+      const asset = await store.getAsset(path$1);
+      if (!asset) {
+        next();
+        return;
+      }
+      const ext = path.extname(asset.path);
+      if (ext) {
+        res.type(ext);
+      } else {
+        res.type("bin");
+      }
+      res.setHeader("Cache-Control", CACHE_CONTROL_MAX_CACHE);
+      res.setHeader("Last-Modified", asset.lastModifiedAt.toUTCString());
+      res.send(asset.content);
+    })()).catch(next);
+  };
+}
+
 async function createRouter(options) {
   const { config, logger, appPackageName, staticFallbackHandler } = options;
   const appDistDir = backendCommon.resolvePackagePath(appPackageName, "dist");
@@ -73,8 +191,23 @@ async function createRouter(options) {
     await injectConfig({ appConfigs, logger, staticDir });
   }
   const router = Router__default["default"]();
+  router.use(helmet__default["default"].frameguard({ action: "deny" }));
   const staticRouter = Router__default["default"]();
-  staticRouter.use(express__default["default"].static(path.resolve(appDistDir, "static")));
+  staticRouter.use(express__default["default"].static(path.resolve(appDistDir, "static"), {
+    setHeaders: (res) => {
+      res.setHeader("Cache-Control", CACHE_CONTROL_MAX_CACHE);
+    }
+  }));
+  if (options.database) {
+    const store = await StaticAssetsStore.create({
+      logger,
+      database: await options.database.getClient()
+    });
+    const assets = await findStaticAssets(staticDir);
+    await store.storeAssets(assets);
+    await store.trimAssets({ maxAgeSeconds: 60 * 60 * 24 * 7 });
+    staticRouter.use(createStaticAssetMiddleware(store));
+  }
   if (staticFallbackHandler) {
     staticRouter.use(staticFallbackHandler);
   }
@@ -83,14 +216,14 @@ async function createRouter(options) {
   router.use(express__default["default"].static(appDistDir, {
     setHeaders: (res, path) => {
       if (express__default["default"].static.mime.lookup(path) === "text/html") {
-        res.setHeader("Cache-Control", "no-store, max-age=0");
+        res.setHeader("Cache-Control", CACHE_CONTROL_NO_CACHE);
       }
     }
   }));
   router.get("/*", (_req, res) => {
     res.sendFile(path.resolve(appDistDir, "index.html"), {
       headers: {
-        "cache-control": "no-store, max-age=0"
+        "cache-control": CACHE_CONTROL_NO_CACHE
       }
     });
   });

package/dist/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../src/lib/config.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { Logger } from 'winston';\nimport { AppConfig, Config } from '@backstage/config';\nimport { JsonObject } from '@backstage/types';\nimport { loadConfigSchema, readEnvConfig } from '@backstage/config-loader';\n\ntype InjectOptions = {\n  appConfigs: AppConfig[];\n  // Directory of the static JS files to search for file to inject\n  staticDir: string;\n  logger: Logger;\n};\n\n/**\n * Injects configs into the app bundle, replacing any existing injected config.\n */\nexport async function injectConfig(options: InjectOptions) {\n  const { staticDir, logger, appConfigs } = options;\n\n  const files = await fs.readdir(staticDir);\n  const jsFiles = files.filter(file => file.endsWith('.js'));\n\n  const escapedData = JSON.stringify(appConfigs).replace(/(\"|'|\\\\)/g, '\\\\$1');\n  const injected = `/*__APP_INJECTED_CONFIG_MARKER__*/\"${escapedData}\"/*__INJECTED_END__*/`;\n\n  for (const jsFile of jsFiles) {\n    const path = resolvePath(staticDir, jsFile);\n\n    const content = await fs.readFile(path, 'utf8');\n    if (content.includes('__APP_INJECTED_RUNTIME_CONFIG__')) {\n      logger.info(`Injecting env config into ${jsFile}`);\n\n      const newContent = content.replace(\n        '\"__APP_INJECTED_RUNTIME_CONFIG__\"',\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return;\n    } else if (content.includes('__APP_INJECTED_CONFIG_MARKER__')) {\n      logger.info(`Replacing injected env config in ${jsFile}`);\n\n      const newContent = content.replace(\n        /\\/\\*__APP_INJECTED_CONFIG_MARKER__\\*\\/.*\\/\\*__INJECTED_END__\\*\\//,\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return;\n    }\n  }\n  logger.info('Env config not injected');\n}\n\ntype ReadOptions = {\n  env: { [name: string]: string | undefined };\n  appDistDir: string;\n  config: Config;\n};\n\n/**\n * Read config from environment and process the backend config using the\n * schema that is embedded in the frontend build.\n */\nexport async function readConfigs(options: ReadOptions): Promise<AppConfig[]> {\n  const { env, appDistDir, config } = options;\n\n  const appConfigs = readEnvConfig(env);\n\n  const schemaPath = resolvePath(appDistDir, '.config-schema.json');\n  if (await fs.pathExists(schemaPath)) {\n    const serializedSchema = await fs.readJson(schemaPath);\n\n    try {\n      const schema = await loadConfigSchema({ serialized: serializedSchema });\n\n      const frontendConfigs = await schema.process(\n        [{ data: config.get() as JsonObject, context: 'app' }],\n        { visibility: ['frontend'] },\n      );\n      appConfigs.push(...frontendConfigs);\n    } catch (error) {\n      throw new Error(\n        'Invalid app bundle schema. If this error is unexpected you need to run `yarn build` in the app. ' +\n          `If that doesn't help you should make sure your config schema is correct and rebuild the app bundle again. ` +\n          `Caused by the following schema error, ${error}`,\n      );\n    }\n  }\n\n  return appConfigs;\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { notFoundHandler, resolvePackagePath } from '@backstage/backend-common';\nimport { Config } from '@backstage/config';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { Logger } from 'winston';\nimport { injectConfig, readConfigs } from '../lib/config';\n\n// express uses mime v1 while we only have types for mime v2\ntype Mime = { lookup(arg0: string): string };\n\nexport interface RouterOptions {\n  config: Config;\n  logger: Logger;\n\n  /**\n   * The name of the app package that content should be served from. The same app package should be\n   * added as a dependency to the backend package in order for it to be accessible at runtime.\n   *\n   * In a typical setup with a single app package this would be set to 'app'.\n   */\n  appPackageName: string;\n\n  /**\n   * A request handler to handle requests for static content that are not present in the app bundle.\n   *\n   * This can be used to avoid issues with clients on older deployment versions trying to access lazy\n   * loaded content that is no longer present. Typically the requests would fall back to a long-term\n   * object store where all recently deployed versions of the app are present.\n   */\n  staticFallbackHandler?: express.Handler;\n\n  /**\n   * Disables the configuration injection. This can be useful if you're running in an environment\n   * with a read-only filesystem, or for some other reason don't want configuration to be injected.\n   *\n   * Note that this will cause the configuration used when building the app bundle to be used, unless\n   * a separate configuration loading strategy is set up.\n   *\n   * This also disables configuration injection though `APP_CONFIG_` environment variables.\n   */\n  disableConfigInjection?: boolean;\n}\n\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const { config, logger, appPackageName, staticFallbackHandler } = options;\n\n  const appDistDir = resolvePackagePath(appPackageName, 'dist');\n  const staticDir = resolvePath(appDistDir, 'static');\n\n  if (!(await fs.pathExists(staticDir))) {\n    logger.warn(\n      `Can't serve static app content from ${staticDir}, directory doesn't exist`,\n    );\n\n    return Router();\n  }\n\n  logger.info(`Serving static app content from ${appDistDir}`);\n\n  if (!options.disableConfigInjection) {\n    const appConfigs = await readConfigs({\n      config,\n      appDistDir,\n      env: process.env,\n    });\n\n    await injectConfig({ appConfigs, logger, staticDir });\n  }\n\n  const router = Router();\n\n  // Use a separate router for static content so that a fallback can be provided by backend\n  const staticRouter = Router();\n  staticRouter.use(express.static(resolvePath(appDistDir, 'static')));\n  if (staticFallbackHandler) {\n    staticRouter.use(staticFallbackHandler);\n  }\n  staticRouter.use(notFoundHandler());\n\n  router.use('/static', staticRouter);\n  router.use(\n    express.static(appDistDir, {\n      setHeaders: (res, path) => {\n        // The Cache-Control header instructs the browser to not cache html files since it might\n        // link to static assets from recently deployed versions.\n        if (\n          (express.static.mime as unknown as Mime).lookup(path) === 'text/html'\n        ) {\n          res.setHeader('Cache-Control', 'no-store, max-age=0');\n        }\n      },\n    }),\n  );\n  router.get('/*', (_req, res) => {\n    res.sendFile(resolvePath(appDistDir, 'index.html'), {\n      headers: {\n        // The Cache-Control header instructs the browser to not cache the index.html since it might\n        // link to static assets from recently deployed versions.\n        'cache-control': 'no-store, max-age=0',\n      },\n    });\n  });\n\n  return router;\n}\n"],"names":["fs","path","resolvePath","readEnvConfig","loadConfigSchema","resolvePackagePath","Router","express","notFoundHandler"],"mappings":";;;;;;;;;;;;;;;;;4BAiCmC,SAAwB;AACzD,QAAM,EAAE,WAAW,QAAQ,eAAe;AAE1C,QAAM,QAAQ,MAAMA,uBAAG,QAAQ;AAC/B,QAAM,UAAU,MAAM,OAAO,UAAQ,KAAK,SAAS;AAEnD,QAAM,cAAc,KAAK,UAAU,YAAY,QAAQ,aAAa;AACpE,QAAM,WAAW,sCAAsC;AAEvD,aAAW,UAAU,SAAS;AAC5B,UAAMC,SAAOC,aAAY,WAAW;AAEpC,UAAM,UAAU,MAAMF,uBAAG,SAASC,QAAM;AACxC,QAAI,QAAQ,SAAS,oCAAoC;AACvD,aAAO,KAAK,6BAA6B;AAEzC,YAAM,aAAa,QAAQ,QACzB,qCACA;AAEF,YAAMD,uBAAG,UAAUC,QAAM,YAAY;AACrC;AAAA,eACS,QAAQ,SAAS,mCAAmC;AAC7D,aAAO,KAAK,oCAAoC;AAEhD,YAAM,aAAa,QAAQ,QACzB,oEACA;AAEF,YAAMD,uBAAG,UAAUC,QAAM,YAAY;AACrC;AAAA;AAAA;AAGJ,SAAO,KAAK;AAAA;2BAaoB,SAA4C;AAC5E,QAAM,EAAE,KAAK,YAAY,WAAW;AAEpC,QAAM,aAAaE,2BAAc;AAEjC,QAAM,aAAaD,aAAY,YAAY;AAC3C,MAAI,MAAMF,uBAAG,WAAW,aAAa;AACnC,UAAM,mBAAmB,MAAMA,uBAAG,SAAS;AAE3C,QAAI;AACF,YAAM,SAAS,MAAMI,8BAAiB,EAAE,YAAY;AAEpD,YAAM,kBAAkB,MAAM,OAAO,QACnC,CAAC,EAAE,MAAM,OAAO,OAAqB,SAAS,UAC9C,EAAE,YAAY,CAAC;AAEjB,iBAAW,KAAK,GAAG;AAAA,aACZ,OAAP;AACA,YAAM,IAAI,MACR,qPAE2C;AAAA;AAAA;AAKjD,SAAO;AAAA;;4BC3CP,SACyB;AACzB,QAAM,EAAE,QAAQ,QAAQ,gBAAgB,0BAA0B;AAElE,QAAM,aAAaC,iCAAmB,gBAAgB;AACtD,QAAM,YAAYH,aAAY,YAAY;AAE1C,MAAI,CAAE,MAAMF,uBAAG,WAAW,YAAa;AACrC,WAAO,KACL,uCAAuC;AAGzC,WAAOM;AAAA;AAGT,SAAO,KAAK,mCAAmC;AAE/C,MAAI,CAAC,QAAQ,wBAAwB;AACnC,UAAM,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,MACA;AAAA,MACA,KAAK,QAAQ;AAAA;AAGf,UAAM,aAAa,EAAE,YAAY,QAAQ;AAAA;AAG3C,QAAM,SAASA;AAGf,QAAM,eAAeA;AACrB,eAAa,IAAIC,4BAAQ,OAAOL,aAAY,YAAY;AACxD,MAAI,uBAAuB;AACzB,iBAAa,IAAI;AAAA;AAEnB,eAAa,IAAIM;AAEjB,SAAO,IAAI,WAAW;AACtB,SAAO,IACLD,4BAAQ,OAAO,YAAY;AAAA,IACzB,YAAY,CAAC,KAAK,SAAS;AAGzB,UACGA,4BAAQ,OAAO,KAAyB,OAAO,UAAU,aAC1D;AACA,YAAI,UAAU,iBAAiB;AAAA;AAAA;AAAA;AAKvC,SAAO,IAAI,MAAM,CAAC,MAAM,QAAQ;AAC9B,QAAI,SAASL,aAAY,YAAY,eAAe;AAAA,MAClD,SAAS;AAAA,QAGP,iBAAiB;AAAA;AAAA;AAAA;AAKvB,SAAO;AAAA;;;;"}
+{"version":3,"file":"index.cjs.js","sources":["../src/lib/config.ts","../src/lib/assets/StaticAssetsStore.ts","../src/lib/assets/findStaticAssets.ts","../src/lib/headers.ts","../src/lib/assets/createStaticAssetMiddleware.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { Logger } from 'winston';\nimport { AppConfig, Config } from '@backstage/config';\nimport { JsonObject } from '@backstage/types';\nimport { loadConfigSchema, readEnvConfig } from '@backstage/config-loader';\n\ntype InjectOptions = {\n  appConfigs: AppConfig[];\n  // Directory of the static JS files to search for file to inject\n  staticDir: string;\n  logger: Logger;\n};\n\n/**\n * Injects configs into the app bundle, replacing any existing injected config.\n */\nexport async function injectConfig(options: InjectOptions) {\n  const { staticDir, logger, appConfigs } = options;\n\n  const files = await fs.readdir(staticDir);\n  const jsFiles = files.filter(file => file.endsWith('.js'));\n\n  const escapedData = JSON.stringify(appConfigs).replace(/(\"|'|\\\\)/g, '\\\\$1');\n  const injected = `/*__APP_INJECTED_CONFIG_MARKER__*/\"${escapedData}\"/*__INJECTED_END__*/`;\n\n  for (const jsFile of jsFiles) {\n    const path = resolvePath(staticDir, jsFile);\n\n    const content = await fs.readFile(path, 'utf8');\n    if (content.includes('__APP_INJECTED_RUNTIME_CONFIG__')) {\n      logger.info(`Injecting env config into ${jsFile}`);\n\n      const newContent = content.replace(\n        '\"__APP_INJECTED_RUNTIME_CONFIG__\"',\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return;\n    } else if (content.includes('__APP_INJECTED_CONFIG_MARKER__')) {\n      logger.info(`Replacing injected env config in ${jsFile}`);\n\n      const newContent = content.replace(\n        /\\/\\*__APP_INJECTED_CONFIG_MARKER__\\*\\/.*\\/\\*__INJECTED_END__\\*\\//,\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return;\n    }\n  }\n  logger.info('Env config not injected');\n}\n\ntype ReadOptions = {\n  env: { [name: string]: string | undefined };\n  appDistDir: string;\n  config: Config;\n};\n\n/**\n * Read config from environment and process the backend config using the\n * schema that is embedded in the frontend build.\n */\nexport async function readConfigs(options: ReadOptions): Promise<AppConfig[]> {\n  const { env, appDistDir, config } = options;\n\n  const appConfigs = readEnvConfig(env);\n\n  const schemaPath = resolvePath(appDistDir, '.config-schema.json');\n  if (await fs.pathExists(schemaPath)) {\n    const serializedSchema = await fs.readJson(schemaPath);\n\n    try {\n      const schema = await loadConfigSchema({ serialized: serializedSchema });\n\n      const frontendConfigs = await schema.process(\n        [{ data: config.get() as JsonObject, context: 'app' }],\n        { visibility: ['frontend'], withDeprecatedKeys: true },\n      );\n      appConfigs.push(...frontendConfigs);\n    } catch (error) {\n      throw new Error(\n        'Invalid app bundle schema. If this error is unexpected you need to run `yarn build` in the app. ' +\n          `If that doesn't help you should make sure your config schema is correct and rebuild the app bundle again. ` +\n          `Caused by the following schema error, ${error}`,\n      );\n    }\n  }\n\n  return appConfigs;\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { resolvePackagePath } from '@backstage/backend-common';\nimport { Knex } from 'knex';\nimport { Logger } from 'winston';\nimport { DateTime } from 'luxon';\nimport partition from 'lodash/partition';\nimport { StaticAsset, StaticAssetInput, StaticAssetProvider } from './types';\n\nconst migrationsDir = resolvePackagePath(\n  '@backstage/plugin-app-backend',\n  'migrations',\n);\n\ninterface StaticAssetRow {\n  path: string;\n  content: Buffer;\n  last_modified_at: Date;\n}\n\n/** @internal */\nexport interface StaticAssetsStoreOptions {\n  database: Knex;\n  logger: Logger;\n}\n\n/**\n * A storage for static assets that are assumed to be immutable.\n *\n * @internal\n */\nexport class StaticAssetsStore implements StaticAssetProvider {\n  #db: Knex;\n  #logger: Logger;\n\n  static async create(options: StaticAssetsStoreOptions) {\n    await options.database.migrate.latest({\n      directory: migrationsDir,\n    });\n    return new StaticAssetsStore(options);\n  }\n\n  private constructor(options: StaticAssetsStoreOptions) {\n    this.#db = options.database;\n    this.#logger = options.logger;\n  }\n\n  /**\n   * Store the provided assets.\n   *\n   * If an asset for a given path already exists the modification time will be\n   * updated, but the contents will not.\n   */\n  async storeAssets(assets: StaticAssetInput[]) {\n    const existingRows = await this.#db<StaticAssetRow>(\n      'static_assets_cache',\n    ).whereIn(\n      'path',\n      assets.map(a => a.path),\n    );\n    const existingAssetPaths = new Set(existingRows.map(r => r.path));\n\n    const [modified, added] = partition(assets, asset =>\n      existingAssetPaths.has(asset.path),\n    );\n\n    this.#logger.info(\n      `Storing ${modified.length} updated assets and ${added.length} new assets`,\n    );\n\n    await this.#db('static_assets_cache')\n      .update({\n        last_modified_at: this.#db.fn.now(),\n      })\n      .whereIn(\n        'path',\n        modified.map(a => a.path),\n      );\n\n    for (const asset of added) {\n      // We ignore conflicts with other nodes, it doesn't matter if someone else\n      // added the same asset just before us.\n      await this.#db('static_assets_cache')\n        .insert({\n          path: asset.path,\n          content: await asset.content(),\n        })\n        .onConflict('path')\n        .ignore();\n    }\n  }\n\n  /**\n   * Retrieve an asset from the store with the given path.\n   */\n  async getAsset(path: string): Promise<StaticAsset | undefined> {\n    const [row] = await this.#db<StaticAssetRow>('static_assets_cache').where({\n      path,\n    });\n    if (!row) {\n      return undefined;\n    }\n    return {\n      path: row.path,\n      content: row.content,\n      lastModifiedAt:\n        typeof row.last_modified_at === 'string'\n          ? DateTime.fromSQL(row.last_modified_at, { zone: 'UTC' }).toJSDate()\n          : row.last_modified_at,\n    };\n  }\n\n  /**\n   * Delete any assets from the store whose modification time is older than the max age.\n   */\n  async trimAssets(options: { maxAgeSeconds: number }) {\n    const { maxAgeSeconds } = options;\n    await this.#db<StaticAssetRow>('static_assets_cache')\n      .where(\n        'last_modified_at',\n        '<=',\n        this.#db.client.config.client === 'sqlite3'\n          ? this.#db.raw(`datetime('now', ?)`, [`-${maxAgeSeconds} seconds`])\n          : this.#db.raw(`now() + interval '${-maxAgeSeconds} seconds'`),\n      )\n      .delete();\n  }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport globby from 'globby';\nimport { StaticAssetInput } from './types';\nimport { resolveSafeChildPath } from '@backstage/backend-common';\n\n/**\n * Finds all static assets within a directory\n *\n * @internal\n */\nexport async function findStaticAssets(\n  staticDir: string,\n): Promise<StaticAssetInput[]> {\n  const assetPaths = await globby('**/*', {\n    ignore: ['**/*.map'], // Ignore source maps since they're quite large\n    cwd: staticDir,\n    dot: true,\n  });\n\n  return assetPaths.map(path => ({\n    path,\n    content: async () => fs.readFile(resolveSafeChildPath(staticDir, path)),\n  }));\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport const CACHE_CONTROL_NO_CACHE = 'no-store, max-age=0';\nexport const CACHE_CONTROL_MAX_CACHE = 'public, max-age=1209600'; // 14 days\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { extname } from 'path';\nimport { RequestHandler } from 'express';\nimport { StaticAssetProvider } from './types';\nimport { CACHE_CONTROL_MAX_CACHE } from '../headers';\n\n/**\n * Creates a middleware that serves static assets from a static asset provider\n *\n * @internal\n */\nexport function createStaticAssetMiddleware(\n  store: StaticAssetProvider,\n): RequestHandler {\n  return (req, res, next) => {\n    if (req.method !== 'GET' && req.method !== 'HEAD') {\n      next();\n      return;\n    }\n\n    // Let's not assume we're in promise-router\n    Promise.resolve(\n      (async () => {\n        // Drop leading slashes from the incoming path\n        const path = req.path.startsWith('/') ? req.path.slice(1) : req.path;\n\n        const asset = await store.getAsset(path);\n        if (!asset) {\n          next();\n          return;\n        }\n\n        // Set the Content-Type header, falling back to octet-stream\n        const ext = extname(asset.path);\n        if (ext) {\n          res.type(ext);\n        } else {\n          res.type('bin');\n        }\n\n        // Same as our express.static override\n        res.setHeader('Cache-Control', CACHE_CONTROL_MAX_CACHE);\n        res.setHeader('Last-Modified', asset.lastModifiedAt.toUTCString());\n\n        res.send(asset.content);\n      })(),\n    ).catch(next);\n  };\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  notFoundHandler,\n  PluginDatabaseManager,\n  resolvePackagePath,\n} from '@backstage/backend-common';\nimport { Config } from '@backstage/config';\nimport helmet from 'helmet';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { Logger } from 'winston';\nimport { injectConfig, readConfigs } from '../lib/config';\nimport {\n  StaticAssetsStore,\n  findStaticAssets,\n  createStaticAssetMiddleware,\n} from '../lib/assets';\nimport {\n  CACHE_CONTROL_MAX_CACHE,\n  CACHE_CONTROL_NO_CACHE,\n} from '../lib/headers';\n\n// express uses mime v1 while we only have types for mime v2\ntype Mime = { lookup(arg0: string): string };\n\nexport interface RouterOptions {\n  config: Config;\n  logger: Logger;\n\n  /**\n   * If a database is provided it will be used to cache previously deployed static assets.\n   *\n   * This is a built-in alternative to using a `staticFallbackHandler`.\n   */\n  database?: PluginDatabaseManager;\n\n  /**\n   * The name of the app package that content should be served from. The same app package should be\n   * added as a dependency to the backend package in order for it to be accessible at runtime.\n   *\n   * In a typical setup with a single app package this would be set to 'app'.\n   */\n  appPackageName: string;\n\n  /**\n   * A request handler to handle requests for static content that are not present in the app bundle.\n   *\n   * This can be used to avoid issues with clients on older deployment versions trying to access lazy\n   * loaded content that is no longer present. Typically the requests would fall back to a long-term\n   * object store where all recently deployed versions of the app are present.\n   *\n   * Another option is to provide a `database` that will take care of storing the static assets instead.\n   *\n   * If both `database` and `staticFallbackHandler` are provided, the `database` will attempt to serve\n   * static assets first, and if they are not found, the `staticFallbackHandler` will be called.\n   */\n  staticFallbackHandler?: express.Handler;\n\n  /**\n   * Disables the configuration injection. This can be useful if you're running in an environment\n   * with a read-only filesystem, or for some other reason don't want configuration to be injected.\n   *\n   * Note that this will cause the configuration used when building the app bundle to be used, unless\n   * a separate configuration loading strategy is set up.\n   *\n   * This also disables configuration injection though `APP_CONFIG_` environment variables.\n   */\n  disableConfigInjection?: boolean;\n}\n\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const { config, logger, appPackageName, staticFallbackHandler } = options;\n\n  const appDistDir = resolvePackagePath(appPackageName, 'dist');\n  const staticDir = resolvePath(appDistDir, 'static');\n\n  if (!(await fs.pathExists(staticDir))) {\n    logger.warn(\n      `Can't serve static app content from ${staticDir}, directory doesn't exist`,\n    );\n\n    return Router();\n  }\n\n  logger.info(`Serving static app content from ${appDistDir}`);\n\n  if (!options.disableConfigInjection) {\n    const appConfigs = await readConfigs({\n      config,\n      appDistDir,\n      env: process.env,\n    });\n\n    await injectConfig({ appConfigs, logger, staticDir });\n  }\n\n  const router = Router();\n\n  router.use(helmet.frameguard({ action: 'deny' }));\n\n  // Use a separate router for static content so that a fallback can be provided by backend\n  const staticRouter = Router();\n  staticRouter.use(\n    express.static(resolvePath(appDistDir, 'static'), {\n      setHeaders: res => {\n        res.setHeader('Cache-Control', CACHE_CONTROL_MAX_CACHE);\n      },\n    }),\n  );\n\n  if (options.database) {\n    const store = await StaticAssetsStore.create({\n      logger,\n      database: await options.database.getClient(),\n    });\n\n    const assets = await findStaticAssets(staticDir);\n    await store.storeAssets(assets);\n    // Remove any assets that are older than 7 days\n    await store.trimAssets({ maxAgeSeconds: 60 * 60 * 24 * 7 });\n\n    staticRouter.use(createStaticAssetMiddleware(store));\n  }\n\n  if (staticFallbackHandler) {\n    staticRouter.use(staticFallbackHandler);\n  }\n  staticRouter.use(notFoundHandler());\n\n  router.use('/static', staticRouter);\n  router.use(\n    express.static(appDistDir, {\n      setHeaders: (res, path) => {\n        // The Cache-Control header instructs the browser to not cache html files since it might\n        // link to static assets from recently deployed versions.\n        if (\n          (express.static.mime as unknown as Mime).lookup(path) === 'text/html'\n        ) {\n          res.setHeader('Cache-Control', CACHE_CONTROL_NO_CACHE);\n        }\n      },\n    }),\n  );\n  router.get('/*', (_req, res) => {\n    res.sendFile(resolvePath(appDistDir, 'index.html'), {\n      headers: {\n        // The Cache-Control header instructs the browser to not cache the index.html since it might\n        // link to static assets from recently deployed versions.\n        'cache-control': CACHE_CONTROL_NO_CACHE,\n      },\n    });\n  });\n\n  return router;\n}\n"],"names":["fs","path","resolvePath","readEnvConfig","loadConfigSchema","resolvePackagePath","partition","DateTime","globby","resolveSafeChildPath","extname","Router","helmet","express","notFoundHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;4BAiCmC,SAAwB;AACzD,QAAM,EAAE,WAAW,QAAQ,eAAe;AAE1C,QAAM,QAAQ,MAAMA,uBAAG,QAAQ;AAC/B,QAAM,UAAU,MAAM,OAAO,UAAQ,KAAK,SAAS;AAEnD,QAAM,cAAc,KAAK,UAAU,YAAY,QAAQ,aAAa;AACpE,QAAM,WAAW,sCAAsC;AAEvD,aAAW,UAAU,SAAS;AAC5B,UAAMC,SAAOC,aAAY,WAAW;AAEpC,UAAM,UAAU,MAAMF,uBAAG,SAASC,QAAM;AACxC,QAAI,QAAQ,SAAS,oCAAoC;AACvD,aAAO,KAAK,6BAA6B;AAEzC,YAAM,aAAa,QAAQ,QACzB,qCACA;AAEF,YAAMD,uBAAG,UAAUC,QAAM,YAAY;AACrC;AAAA,eACS,QAAQ,SAAS,mCAAmC;AAC7D,aAAO,KAAK,oCAAoC;AAEhD,YAAM,aAAa,QAAQ,QACzB,oEACA;AAEF,YAAMD,uBAAG,UAAUC,QAAM,YAAY;AACrC;AAAA;AAAA;AAGJ,SAAO,KAAK;AAAA;2BAaoB,SAA4C;AAC5E,QAAM,EAAE,KAAK,YAAY,WAAW;AAEpC,QAAM,aAAaE,2BAAc;AAEjC,QAAM,aAAaD,aAAY,YAAY;AAC3C,MAAI,MAAMF,uBAAG,WAAW,aAAa;AACnC,UAAM,mBAAmB,MAAMA,uBAAG,SAAS;AAE3C,QAAI;AACF,YAAM,SAAS,MAAMI,8BAAiB,EAAE,YAAY;AAEpD,YAAM,kBAAkB,MAAM,OAAO,QACnC,CAAC,EAAE,MAAM,OAAO,OAAqB,SAAS,UAC9C,EAAE,YAAY,CAAC,aAAa,oBAAoB;AAElD,iBAAW,KAAK,GAAG;AAAA,aACZ,OAAP;AACA,YAAM,IAAI,MACR,qPAE2C;AAAA;AAAA;AAKjD,SAAO;AAAA;;;;;;;;;;;;;;;;;;;;ACzGT;AAuBA,MAAM,gBAAgBC,iCACpB,iCACA;AAoBK,iCAAuD;AAAA,EAWpD,YAAY,SAAmC;AAVvD;AACA;AAUE,uBAAK,KAAM,QAAQ;AACnB,uBAAK,SAAU,QAAQ;AAAA;AAAA,eATZ,OAAO,SAAmC;AACrD,UAAM,QAAQ,SAAS,QAAQ,OAAO;AAAA,MACpC,WAAW;AAAA;AAEb,WAAO,IAAI,mBAAkB;AAAA;AAAA,QAczB,YAAY,QAA4B;AAC5C,UAAM,eAAe,MAAM,mBAAK,KAAL,WACzB,uBACA,QACA,QACA,OAAO,IAAI,OAAK,EAAE;AAEpB,UAAM,qBAAqB,IAAI,IAAI,aAAa,IAAI,OAAK,EAAE;AAE3D,UAAM,CAAC,UAAU,SAASC,8BAAU,QAAQ,WAC1C,mBAAmB,IAAI,MAAM;AAG/B,uBAAK,SAAQ,KACX,WAAW,SAAS,6BAA6B,MAAM;AAGzD,UAAM,mBAAK,KAAL,WAAS,uBACZ,OAAO;AAAA,MACN,kBAAkB,mBAAK,KAAI,GAAG;AAAA,OAE/B,QACC,QACA,SAAS,IAAI,OAAK,EAAE;AAGxB,eAAW,SAAS,OAAO;AAGzB,YAAM,mBAAK,KAAL,WAAS,uBACZ,OAAO;AAAA,QACN,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM,MAAM;AAAA,SAEtB,WAAW,QACX;AAAA;AAAA;AAAA,QAOD,SAAS,MAAgD;AAC7D,UAAM,CAAC,OAAO,MAAM,mBAAK,KAAL,WAAyB,uBAAuB,MAAM;AAAA,MACxE;AAAA;AAEF,QAAI,CAAC,KAAK;AACR,aAAO;AAAA;AAET,WAAO;AAAA,MACL,MAAM,IAAI;AAAA,MACV,SAAS,IAAI;AAAA,MACb,gBACE,OAAO,IAAI,qBAAqB,WAC5BC,eAAS,QAAQ,IAAI,kBAAkB,EAAE,MAAM,SAAS,aACxD,IAAI;AAAA;AAAA;AAAA,QAOR,WAAW,SAAoC;AACnD,UAAM,EAAE,kBAAkB;AAC1B,UAAM,mBAAK,KAAL,WAAyB,uBAC5B,MACC,oBACA,MACA,mBAAK,KAAI,OAAO,OAAO,WAAW,YAC9B,mBAAK,KAAI,IAAI,sBAAsB,CAAC,IAAI,4BACxC,mBAAK,KAAI,IAAI,qBAAqB,CAAC,2BAExC;AAAA;AAAA;;AA7FL;AACA;;gCCpBA,WAC6B;AAC7B,QAAM,aAAa,MAAMC,2BAAO,QAAQ;AAAA,IACtC,QAAQ,CAAC;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AAAA;AAGP,SAAO,WAAW,IAAI;AAAS,IAC7B;AAAA,IACA,SAAS,YAAYR,uBAAG,SAASS,mCAAqB,WAAW;AAAA;AAAA;;MCrBxD,yBAAyB;MACzB,0BAA0B;;qCCUrC,OACgB;AAChB,SAAO,CAAC,KAAK,KAAK,SAAS;AACzB,QAAI,IAAI,WAAW,SAAS,IAAI,WAAW,QAAQ;AACjD;AACA;AAAA;AAIF,YAAQ,QACL,aAAY;AAEX,YAAMR,SAAO,IAAI,KAAK,WAAW,OAAO,IAAI,KAAK,MAAM,KAAK,IAAI;AAEhE,YAAM,QAAQ,MAAM,MAAM,SAASA;AACnC,UAAI,CAAC,OAAO;AACV;AACA;AAAA;AAIF,YAAM,MAAMS,aAAQ,MAAM;AAC1B,UAAI,KAAK;AACP,YAAI,KAAK;AAAA,aACJ;AACL,YAAI,KAAK;AAAA;AAIX,UAAI,UAAU,iBAAiB;AAC/B,UAAI,UAAU,iBAAiB,MAAM,eAAe;AAEpD,UAAI,KAAK,MAAM;AAAA,UAEjB,MAAM;AAAA;AAAA;;4BC2BV,SACyB;AACzB,QAAM,EAAE,QAAQ,QAAQ,gBAAgB,0BAA0B;AAElE,QAAM,aAAaL,iCAAmB,gBAAgB;AACtD,QAAM,YAAYH,aAAY,YAAY;AAE1C,MAAI,CAAE,MAAMF,uBAAG,WAAW,YAAa;AACrC,WAAO,KACL,uCAAuC;AAGzC,WAAOW;AAAA;AAGT,SAAO,KAAK,mCAAmC;AAE/C,MAAI,CAAC,QAAQ,wBAAwB;AACnC,UAAM,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,MACA;AAAA,MACA,KAAK,QAAQ;AAAA;AAGf,UAAM,aAAa,EAAE,YAAY,QAAQ;AAAA;AAG3C,QAAM,SAASA;AAEf,SAAO,IAAIC,2BAAO,WAAW,EAAE,QAAQ;AAGvC,QAAM,eAAeD;AACrB,eAAa,IACXE,4BAAQ,OAAOX,aAAY,YAAY,WAAW;AAAA,IAChD,YAAY,SAAO;AACjB,UAAI,UAAU,iBAAiB;AAAA;AAAA;AAKrC,MAAI,QAAQ,UAAU;AACpB,UAAM,QAAQ,MAAM,kBAAkB,OAAO;AAAA,MAC3C;AAAA,MACA,UAAU,MAAM,QAAQ,SAAS;AAAA;AAGnC,UAAM,SAAS,MAAM,iBAAiB;AACtC,UAAM,MAAM,YAAY;AAExB,UAAM,MAAM,WAAW,EAAE,eAAe,KAAK,KAAK,KAAK;AAEvD,iBAAa,IAAI,4BAA4B;AAAA;AAG/C,MAAI,uBAAuB;AACzB,iBAAa,IAAI;AAAA;AAEnB,eAAa,IAAIY;AAEjB,SAAO,IAAI,WAAW;AACtB,SAAO,IACLD,4BAAQ,OAAO,YAAY;AAAA,IACzB,YAAY,CAAC,KAAK,SAAS;AAGzB,UACGA,4BAAQ,OAAO,KAAyB,OAAO,UAAU,aAC1D;AACA,YAAI,UAAU,iBAAiB;AAAA;AAAA;AAAA;AAKvC,SAAO,IAAI,MAAM,CAAC,MAAM,QAAQ;AAC9B,QAAI,SAASX,aAAY,YAAY,eAAe;AAAA,MAClD,SAAS;AAAA,QAGP,iBAAiB;AAAA;AAAA;AAAA;AAKvB,SAAO;AAAA;;;;"}

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+import { PluginDatabaseManager } from '@backstage/backend-common';
 import { Config } from '@backstage/config';
 import express from 'express';
 import { Logger } from 'winston';
@@ -5,6 +6,12 @@ import { Logger } from 'winston';
 interface RouterOptions {
     config: Config;
     logger: Logger;
+    /**
+     * If a database is provided it will be used to cache previously deployed static assets.
+     *
+     * This is a built-in alternative to using a `staticFallbackHandler`.
+     */
+    database?: PluginDatabaseManager;
     /**
      * The name of the app package that content should be served from. The same app package should be
      * added as a dependency to the backend package in order for it to be accessible at runtime.
@@ -18,6 +25,11 @@ interface RouterOptions {
      * This can be used to avoid issues with clients on older deployment versions trying to access lazy
      * loaded content that is no longer present. Typically the requests would fall back to a long-term
      * object store where all recently deployed versions of the app are present.
+     *
+     * Another option is to provide a `database` that will take care of storing the static assets instead.
+     *
+     * If both `database` and `staticFallbackHandler` are provided, the `database` will attempt to serve
+     * static assets first, and if they are not found, the `staticFallbackHandler` will be called.
      */
     staticFallbackHandler?: express.Handler;
     /**

package/migrations/20211229105307_init.js

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2021 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// @ts-check
+
+/**
+ * @param {import('knex').Knex} knex
+ */
+exports.up = async function up(knex) {
+  return knex.schema.createTable('static_assets_cache', table => {
+    table.comment(
+      'A cache of static assets that where previously deployed and may still be lazy-loaded by clients',
+    );
+    table.text('path').primary().notNullable().comment('The path of the file');
+    table
+      .dateTime('last_modified_at')
+      .defaultTo(knex.fn.now())
+      .notNullable()
+      .comment(
+        'Timestamp of when the asset was most recently seen in a deployment',
+      );
+    table.binary('content').notNullable().comment('The asset content');
+    table.index('last_modified_at', 'static_asset_cache_last_modified_at_idx');
+  });
+};
+
+/**
+ * @param {import('knex').Knex} knex
+ */
+exports.down = async function down(knex) {
+  await knex.schema.alterTable('static_assets_cache', table => {
+    table.dropIndex([], 'static_asset_cache_last_modified_at_idx');
+  });
+  await knex.schema.dropTable('static_assets_cache');
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-app-backend",
   "description": "A Backstage backend plugin that serves the Backstage frontend app",
-  "version": "0.3.20",
+  "version": "0.3.23-next.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -30,27 +30,35 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.0",
-    "@backstage/config": "^0.1.11",
-    "@backstage/config-loader": "^0.9.0",
+    "@backstage/backend-common": "^0.10.6-next.0",
+    "@backstage/config": "^0.1.13",
+    "@backstage/config-loader": "^0.9.3",
     "@backstage/types": "^0.1.1",
     "@types/express": "^4.17.6",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0",
     "fs-extra": "9.1.0",
+    "globby": "^11.0.0",
+    "helmet": "^4.0.0",
+    "knex": "^0.95.1",
+    "lodash": "^4.17.21",
+    "luxon": "^2.0.2",
     "winston": "^3.2.1",
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.10.3",
+    "@backstage/backend-test-utils": "^0.1.16-next.1",
+    "@backstage/cli": "^0.13.1-next.1",
     "@backstage/types": "^0.1.1",
     "@types/supertest": "^2.0.8",
+    "mock-fs": "^5.1.0",
     "msw": "^0.35.0",
     "supertest": "^6.1.3"
   },
   "files": [
     "dist",
+    "migrations/**/*.{js,d.ts}",
     "static"
   ],
-  "gitHead": "b315430f9dfcfa19ab0dd90f5b4ac6904938fba7"
+  "gitHead": "d6da97a1edeb21fcefc682d91916987ba9f3d89a"
 }