livebook/lib/livebook_web/router.ex

defmodule LivebookWeb.Router do
  use LivebookWeb, :router
  import Phoenix.LiveDashboard.Router

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_live_flash
    plug :put_root_layout, {LivebookWeb.Layouts, :root}
    # Because LIVEBOOK_SECRET_KEY_BASE authentication is randomly
    # generated, the odds of getting a CSRFProtection is quite high
    # and exceptions can lead to a poor user experience.
    #
    # During authentication, configure_session(renew: true) will
    # override the configure_session(ignore: true) but the session
    # will be cleared anyway. This means an attacker can authenticate
    # someone in a given Livebook instance but they wouldn't be able
    # to do anything once the authentication goes through.
    plug :protect_from_forgery, with: :clear_session
    plug :put_secure_browser_headers
    plug :within_iframe_secure_headers
  end

  pipeline :auth do
    plug LivebookWeb.AuthPlug
    plug LivebookWeb.UserPlug
  end

  pipeline :user do
    plug LivebookWeb.UserPlug
  end

  pipeline :js_view_assets do
    plug :put_secure_browser_headers
    plug :within_iframe_secure_headers
  end

  # The /public namespace includes routes with no authentication.
  # When exposing Livebook through an authentication proxy, this
  # namespace should be configured as publicly available, in order
  # for all features to work as expected.

  scope "/public", LivebookWeb do
    pipe_through :browser

    get "/health", HealthController, :index
  end

  # The following routes are public, but should be treated as opaque
  scope "/public", LivebookWeb do
    pipe_through [:js_view_assets]

    get "/sessions/assets/:hash/*file_parts", SessionController, :show_cached_asset
    get "/sessions/:id/assets/:hash/*file_parts", SessionController, :show_asset
  end

  live_session :default,
    on_mount: [LivebookWeb.AuthHook, LivebookWeb.UserHook, LivebookWeb.Confirm] do
    scope "/", LivebookWeb do
      pipe_through [:browser, :auth]

      live "/", HomeLive, :page
      live "/home/sessions/:session_id/close", HomeLive, :close_session
      live "/home/sessions/edit_sessions/:action", HomeLive, :edit_sessions

      live "/open/:tab", OpenLive, :page

      live "/settings", SettingsLive, :page
      live "/settings/add-file-system", SettingsLive, :add_file_system
      live "/settings/env-var/new", SettingsLive, :add_env_var
      live "/settings/env-var/edit/:env_var_id", SettingsLive, :edit_env_var

      live "/learn", LearnLive, :page
      live "/learn/notebooks/:slug", LearnLive, :notebook

      live "/apps", AppsLive, :page

      live "/hub", Hub.NewLive, :new, as: :hub
      live "/hub/:id", Hub.EditLive, :edit, as: :hub
      live "/hub/:id/env-var/new", Hub.EditLive, :add_env_var, as: :hub
      live "/hub/:id/env-var/edit/:env_var_id", Hub.EditLive, :edit_env_var, as: :hub
      live "/hub/:id/secrets/new", Hub.EditLive, :new_secret, as: :hub
      live "/hub/:id/secrets/edit/:secret_name", Hub.EditLive, :edit_secret, as: :hub

      live "/sessions/:id", SessionLive, :page
      live "/sessions/:id/shortcuts", SessionLive, :shortcuts
      live "/sessions/:id/secrets", SessionLive, :secrets
      live "/sessions/:id/settings/runtime", SessionLive, :runtime_settings
      live "/sessions/:id/settings/file", SessionLive, :file_settings
      live "/sessions/:id/settings/app", SessionLive, :app_settings
      live "/sessions/:id/bin", SessionLive, :bin
      get "/sessions/:id/export/download/:format", SessionController, :download_source
      live "/sessions/:id/export/:tab", SessionLive, :export
      live "/sessions/:id/cell-settings/:cell_id", SessionLive, :cell_settings
      live "/sessions/:id/cell-upload", SessionLive, :cell_upload
      live "/sessions/:id/delete-section/:section_id", SessionLive, :delete_section
      live "/sessions/:id/package-search", SessionLive, :package_search
      get "/sessions/:id/images/:image", SessionController, :show_image
      live "/sessions/:id/*path_parts", SessionLive, :catch_all
    end

    # Public authenticated URLs that people may be directed to
    scope "/", LivebookWeb do
      pipe_through [:browser, :auth]

      live "/import", OpenLive, :public_import
      live "/open", OpenLive, :public_open
    end
  end

  live_session :apps,
    on_mount: [LivebookWeb.AppAuthHook, LivebookWeb.UserHook, LivebookWeb.Confirm] do
    scope "/", LivebookWeb do
      pipe_through [:browser, :user]

      live "/apps/:slug", AppLive, :page
      live "/apps/:slug/authenticate", AppAuthLive, :page

      live "/apps/:slug/:id", AppSessionLive, :page
      live "/apps/:slug/:id/source", AppSessionLive, :source
    end
  end

  scope "/" do
    pipe_through [:browser, :auth]

    live_dashboard "/dashboard",
      metrics: LivebookWeb.Telemetry,
      home_app: {"Livebook", :livebook},
      ecto_repos: []
  end

  scope "/authenticate", LivebookWeb do
    pipe_through :browser

    get "/", AuthController, :index
    post "/", AuthController, :authenticate
  end

  defp within_iframe_secure_headers(conn, _opts) do
    if Livebook.Config.within_iframe?() do
      delete_resp_header(conn, "x-frame-options")
    else
      conn
    end
  end
end
Rename project (#68) * Rename references * Update file and directory names * Fix homepage tests 2021-03-04 05:56:28 +08:00			`defmodule LivebookWeb.Router do`
			`use LivebookWeb, :router`
Add live dashboard (#183) 2021-04-15 02:10:25 +08:00			`import Phoenix.LiveDashboard.Router`
Initial commit 2021-01-08 03:55:45 +08:00
			`pipeline :browser do`
			`plug :accepts, ["html"]`
			`plug :fetch_session`
Add LiveView 2021-01-08 04:16:54 +08:00			`plug :fetch_live_flash`
Update to Phoenix 1.7 (#1720) 2023-02-23 02:34:54 +08:00			`plug :put_root_layout, {LivebookWeb.Layouts, :root}`
Use with: :clear_session on bad CSRF tokens 2022-11-22 23:38:49 +08:00			`# Because LIVEBOOK_SECRET_KEY_BASE authentication is randomly`
			`# generated, the odds of getting a CSRFProtection is quite high`
			`# and exceptions can lead to a poor user experience.`
			`#`
			`# During authentication, configure_session(renew: true) will`
			`# override the configure_session(ignore: true) but the session`
			`# will be cleared anyway. This means an attacker can authenticate`
			`# someone in a given Livebook instance but they wouldn't be able`
			`# to do anything once the authentication goes through.`
			`plug :protect_from_forgery, with: :clear_session`
Initial commit 2021-01-08 03:55:45 +08:00			`plug :put_secure_browser_headers`
Allow Livebook to run inside iframes (#1520) 2022-11-10 23:02:59 +08:00			`plug :within_iframe_secure_headers`
Password access (#187) 2021-04-15 20:15:56 +08:00			`end`

			`pipeline :auth do`
Introduce token auth and add basic cli configuration (#148) * Add token authentication * Restructure CLI * Allow port configuration * Further refactoring * Make sure livebook node starts with unique name * Improve startup error handling * Further refactoring * Add authentication tests * Add authentication view for entering the token * Fix auth tests * Always use random Livebook name for distribution * Don't enable ANSI on Windows * Define CLI Task behaviour and move generic logic to the main module * Generalize convertion from cli arguments to configuration * Randomly generate secret key base * Update test/livebook_web/plugs/auth_plug_test.exs Co-authored-by: José Valim <jose.valim@dashbit.co> * Override app config in persistent manner * Update lib/litebook_cli.ex Co-authored-by: José Valim <jose.valim@dashbit.co> * Move auth error to ErrorView * Unify node name configuration and allow it via CLI * Set all applications configs at once * Move token generation to application.ex to work outside CLI * Clean up overriding configuration * Store auth token in separate cookies * Update lib/livebook_cli/server.ex Co-authored-by: José Valim <jose.valim@dashbit.co> * Update lib/livebook_web/endpoint.ex Co-authored-by: José Valim <jose.valim@dashbit.co> * Update lib/livebook_web/plugs/auth_plug.ex Co-authored-by: José Valim <jose.valim@dashbit.co> Co-authored-by: José Valim <jose.valim@dashbit.co> 2021-04-08 17:41:52 +08:00			`plug LivebookWeb.AuthPlug`
Setup user profiles (#253) * Add initial user config modal * Assign user ids * Update session data to hold user ids * Get users list for specific ids * Render user avatar * User update * Refactor user changes * Subscribe to individual user updates * Show users in side panel * Add sidebar to homepage * Don't generate the same color twice in a row * Add documentation notes * Fix tests * Add tests * Keep users in session data * Rename color to hex_color 2021-05-04 02:03:19 +08:00			`plug LivebookWeb.UserPlug`
Initial commit 2021-01-08 03:55:45 +08:00			`end`

Add access control to apps (#1715) Co-authored-by: José Valim <jose.valim@dashbit.co> 2023-02-18 08:16:42 +08:00			`pipeline :user do`
			`plug LivebookWeb.UserPlug`
			`end`

Introduce smart cells (#1029) * Introduce smart cells * Apply review comments 2022-02-28 20:53:33 +08:00			`pipeline :js_view_assets do`
Add support for JS output widgets (#818) * Add support for JS output widgets * Don't block session when fetching assets and batch calls * Improve path component sanitisation * Move fetching check to session caller * Attach origin to connect and event messages 2021-12-24 21:18:34 +08:00			`plug :put_secure_browser_headers`
Allow Livebook to run inside iframes (#1520) 2022-11-10 23:02:59 +08:00			`plug :within_iframe_secure_headers`
Add support for JS output widgets (#818) * Add support for JS output widgets * Don't block session when fetching assets and batch calls * Improve path component sanitisation * Move fetching check to session caller * Attach origin to connect and event messages 2021-12-24 21:18:34 +08:00			`end`

Group public routes under a common prefix (#974) 2022-02-04 00:48:16 +08:00			`# The /public namespace includes routes with no authentication.`
			`# When exposing Livebook through an authentication proxy, this`
			`# namespace should be configured as publicly available, in order`
			`# for all features to work as expected.`

			`scope "/public", LivebookWeb do`
			`pipe_through :browser`

			`get "/health", HealthController, :index`
			`end`

			`# The following routes are public, but should be treated as opaque`
			`scope "/public", LivebookWeb do`
Introduce smart cells (#1029) * Introduce smart cells * Apply review comments 2022-02-28 20:53:33 +08:00			`pipe_through [:js_view_assets]`
Add support for JS output widgets (#818) * Add support for JS output widgets * Don't block session when fetching assets and batch calls * Improve path component sanitisation * Move fetching check to session caller * Attach origin to connect and event messages 2021-12-24 21:18:34 +08:00
			`get "/sessions/assets/:hash/*file_parts", SessionController, :show_cached_asset`
			`get "/sessions/:id/assets/:hash/*file_parts", SessionController, :show_asset`
			`end`

Rebuild confirmation modal system (#1903) 2023-05-11 00:23:08 +08:00			`live_session :default,`
			`on_mount: [LivebookWeb.AuthHook, LivebookWeb.UserHook, LivebookWeb.Confirm] do`
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`scope "/", LivebookWeb do`
			`pipe_through [:browser, :auth]`
Initial commit 2021-01-08 03:55:45 +08:00
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live "/", HomeLive, :page`
			`live "/home/sessions/:session_id/close", HomeLive, :close_session`
Bulk actions for sessions (#939) * Initial implementation to close multiple sessions * Sessions: bulk actions with components * Rename Disconnect sessions to Disconnect runtime * Select all and disabled when nothing is selected * Styled checkbox * Renames toggle events * Warning about not persisted notebooks * Adds disconnect runtime option for a single session * Edit sessions on right * Fix: typos and plural * Minor adjustments * Removes the loop for rendering the menu * Menus with fixed width * Minor adjustments * Pluralize as global helper * Bulk actions form on client side * Track bulk actions buttons state * Fix: home live tests * Doctests for pluralize * Fix: bulk actions buttons losing state on session update * Fix: format * Minor adjustment on toggle_edit * Review-based adjustments * Reset the Edit state after single-session actions * Minor adjustments * Fixes bulk action events * Submit the bulk action form directly * Tests for bulk actions * Indentation * Update lib/livebook_web/live/home_live/close_session_component.ex Co-authored-by: José Valim <jose.valim@gmail.com> Co-authored-by: José Valim <jose.valim@gmail.com> 2022-01-29 04:45:04 +08:00			`live "/home/sessions/edit_sessions/:action", HomeLive, :edit_sessions`
Implement relative navigation between notebooks (#441) * Use live redirect for local links in rendered markdown * Resolve relative notebook URLs * Bump LV * Adds tests * Handle nested relative path * Handle child nested paths 2021-07-09 01:35:11 +08:00
Add open page and track starred/recent notebooks (#1639) Co-authored-by: Jonatan Kłosko <jonatanklosko@gmail.com> 2023-03-07 01:14:33 +08:00			`live "/open/:tab", OpenLive, :page`

Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live "/settings", SettingsLive, :page`
			`live "/settings/add-file-system", SettingsLive, :add_file_system`
Implement global Environment Variables from Settings page (#1387) 2022-09-12 22:34:39 +08:00			`live "/settings/env-var/new", SettingsLive, :add_env_var`
			`live "/settings/env-var/edit/:env_var_id", SettingsLive, :edit_env_var`
Introduce file system abstraction and an S3 implementation (#492) * Introduce file system abstraction and an S3 implementation * Support arbitrary absolute paths and delegate resolution to file system * Remove accidental notebook file * Apply suggestions from code review Co-authored-by: José Valim <jose.valim@dashbit.co> * Apply review comments * Add missing path assertions * Apply review comments * Fix test saving notebook in project root Co-authored-by: José Valim <jose.valim@dashbit.co> 2021-08-14 03:17:43 +08:00
Rename the Explore section to Learn (#1424) Co-authored-by: José Valim <jose.valim@gmail.com> 2022-09-21 18:06:22 +08:00			`live "/learn", LearnLive, :page`
			`live "/learn/notebooks/:slug", LearnLive, :notebook`
Implement relative navigation between notebooks (#441) * Use live redirect for local links in rendered markdown * Resolve relative notebook URLs * Bump LV * Adds tests * Handle nested relative path * Handle child nested paths 2021-07-09 01:35:11 +08:00
Add page listing apps (#1733) 2023-02-28 22:08:49 +08:00			`live "/apps", AppsLive, :page`

Migrate HubLive to Phoenix format (#1373) 2022-08-30 22:32:48 +08:00			`live "/hub", Hub.NewLive, :new, as: :hub`
			`live "/hub/:id", Hub.EditLive, :edit, as: :hub`
Unify styling environment variables forms (#1403) 2022-09-15 00:24:32 +08:00			`live "/hub/:id/env-var/new", Hub.EditLive, :add_env_var, as: :hub`
			`live "/hub/:id/env-var/edit/:env_var_id", Hub.EditLive, :edit_env_var, as: :hub`
Add hub secrets list to Personal Hub page (#1763) 2023-03-09 23:04:47 +08:00			`live "/hub/:id/secrets/new", Hub.EditLive, :new_secret, as: :hub`
			`live "/hub/:id/secrets/edit/:secret_name", Hub.EditLive, :edit_secret, as: :hub`
Add Livebook Hub with Fly.IO integration (#1319) 2022-08-18 21:34:27 +08:00
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live "/sessions/:id", SessionLive, :page`
			`live "/sessions/:id/shortcuts", SessionLive, :shortcuts`
Livebook secrets (#1348) * Add secrets to the sidebar * Get and put secrets (naive) * Secrets list - shortcut * Validates secret name * Livebook secrets as environment variables * Restores secrets when necessary * Minor adjustments * Implements add_system_envs for NoopRuntime * Moves secrets to session data * Granular operations for secrets * Minor adjustments * Applying suggestions * Test for add secrets * Type for secret * Applying suggestions * Prevents duplicates * Refactor to live_render * Update lib/livebook/session/data.ex Co-authored-by: Jonatan Kłosko <jonatanklosko@gmail.com> * Sort secrets * Applying suggestions Co-authored-by: Jonatan Kłosko <jonatanklosko@gmail.com> 2022-08-26 04:24:24 +08:00			`live "/sessions/:id/secrets", SessionLive, :secrets`
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live "/sessions/:id/settings/runtime", SessionLive, :runtime_settings`
			`live "/sessions/:id/settings/file", SessionLive, :file_settings`
Move app settings to a modal and add explanations (#1914) Co-authored-by: José Valim <jose.valim@dashbit.co> 2023-05-22 03:21:10 +08:00			`live "/sessions/:id/settings/app", SessionLive, :app_settings`
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live "/sessions/:id/bin", SessionLive, :bin`
			`get "/sessions/:id/export/download/:format", SessionController, :download_source`
			`live "/sessions/:id/export/:tab", SessionLive, :export`
			`live "/sessions/:id/cell-settings/:cell_id", SessionLive, :cell_settings`
Make image a block item instead of a button in the Markdown editor (#1439) Co-authored-by: Jonatan Kłosko <jonatanklosko@gmail.com> 2022-12-30 05:32:52 +08:00			`live "/sessions/:id/cell-upload", SessionLive, :cell_upload`
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live "/sessions/:id/delete-section/:section_id", SessionLive, :delete_section`
Update wording around dependencies and packages (#1151) 2022-04-30 23:14:10 +08:00			`live "/sessions/:id/package-search", SessionLive, :package_search`
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`get "/sessions/:id/images/:image", SessionController, :show_image`
			`live "/sessions/:id/*path_parts", SessionLive, :catch_all`
			`end`
Add live dashboard (#183) 2021-04-15 02:10:25 +08:00
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`# Public authenticated URLs that people may be directed to`
			`scope "/", LivebookWeb do`
			`pipe_through [:browser, :auth]`

Add open page and track starred/recent notebooks (#1639) Co-authored-by: Jonatan Kłosko <jonatanklosko@gmail.com> 2023-03-07 01:14:33 +08:00			`live "/import", OpenLive, :public_import`
			`live "/open", OpenLive, :public_open`
Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`end`
Initial commit 2021-01-08 03:55:45 +08:00			`end`
Password access (#187) 2021-04-15 20:15:56 +08:00
Rebuild confirmation modal system (#1903) 2023-05-11 00:23:08 +08:00			`live_session :apps,`
			`on_mount: [LivebookWeb.AppAuthHook, LivebookWeb.UserHook, LivebookWeb.Confirm] do`
Add access control to apps (#1715) Co-authored-by: José Valim <jose.valim@dashbit.co> 2023-02-18 08:16:42 +08:00			`scope "/", LivebookWeb do`
			`pipe_through [:browser, :user]`

			`live "/apps/:slug", AppLive, :page`
			`live "/apps/:slug/authenticate", AppAuthLive, :page`
Add support for multi-instance apps (#1913) 2023-05-20 01:40:56 +08:00
			`live "/apps/:slug/:id", AppSessionLive, :page`
			`live "/apps/:slug/:id/source", AppSessionLive, :source`
Add access control to apps (#1715) Co-authored-by: José Valim <jose.valim@dashbit.co> 2023-02-18 08:16:42 +08:00			`end`
			`end`

Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`scope "/" do`
Add support for importing notebook from URL query parameter (#598) * Add support for importing notebook from URL query * Update desc * Update URL and redirect to import form on error * Update tests * Remove URL scope 2021-10-16 18:23:08 +08:00			`pipe_through [:browser, :auth]`

Update Phoenix LV (#656) * Wrap live routes in live_session * Update Phoenix LV * Migrate to live_component component call * render_block -> render_slot * phx-disconnected -> phx-loading * phx-capture-click -> phx-click-away * Add hook dealing with current user * Bump LV * Bump LV 2021-11-02 02:33:43 +08:00			`live_dashboard "/dashboard",`
			`metrics: LivebookWeb.Telemetry,`
Disable Ecto stats in Phoenix Live Dashboard (#824) Livebook does not use Ecto, so disable Ecto stats. 2021-12-25 02:05:19 +08:00			`home_app: {"Livebook", :livebook},`
			`ecto_repos: []`
Add support for importing notebook from URL query parameter (#598) * Add support for importing notebook from URL query * Update desc * Update URL and redirect to import form on error * Update tests * Remove URL scope 2021-10-16 18:23:08 +08:00			`end`

Password access (#187) 2021-04-15 20:15:56 +08:00			`scope "/authenticate", LivebookWeb do`
			`pipe_through :browser`

			`get "/", AuthController, :index`
			`post "/", AuthController, :authenticate`
			`end`
Allow Livebook to run inside iframes (#1520) 2022-11-10 23:02:59 +08:00
			`defp within_iframe_secure_headers(conn, _opts) do`
			`if Livebook.Config.within_iframe?() do`
			`delete_resp_header(conn, "x-frame-options")`
			`else`
			`conn`
			`end`
			`end`
Initial commit 2021-01-08 03:55:45 +08:00			`end`