2021-03-04 05:56:28 +08:00
|
|
|
defmodule LivebookWeb.Router do
|
|
|
|
use LivebookWeb, :router
|
2021-04-15 02:10:25 +08:00
|
|
|
import Phoenix.LiveDashboard.Router
|
2021-01-08 03:55:45 +08:00
|
|
|
|
|
|
|
pipeline :browser do
|
|
|
|
plug :accepts, ["html"]
|
|
|
|
plug :fetch_session
|
2021-01-08 04:16:54 +08:00
|
|
|
plug :fetch_live_flash
|
2021-03-04 05:56:28 +08:00
|
|
|
plug :put_root_layout, {LivebookWeb.LayoutView, :root}
|
2022-11-22 23:38:49 +08:00
|
|
|
# Because LIVEBOOK_SECRET_KEY_BASE authentication is randomly
|
|
|
|
# generated, the odds of getting a CSRFProtection is quite high
|
|
|
|
# and exceptions can lead to a poor user experience.
|
|
|
|
#
|
|
|
|
# During authentication, configure_session(renew: true) will
|
|
|
|
# override the configure_session(ignore: true) but the session
|
|
|
|
# will be cleared anyway. This means an attacker can authenticate
|
|
|
|
# someone in a given Livebook instance but they wouldn't be able
|
|
|
|
# to do anything once the authentication goes through.
|
|
|
|
plug :protect_from_forgery, with: :clear_session
|
2021-01-08 03:55:45 +08:00
|
|
|
plug :put_secure_browser_headers
|
2022-11-10 23:02:59 +08:00
|
|
|
plug :within_iframe_secure_headers
|
2021-04-15 20:15:56 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
pipeline :auth do
|
2021-04-08 17:41:52 +08:00
|
|
|
plug LivebookWeb.AuthPlug
|
2021-05-04 02:03:19 +08:00
|
|
|
plug LivebookWeb.UserPlug
|
2021-01-08 03:55:45 +08:00
|
|
|
end
|
|
|
|
|
2022-02-28 20:53:33 +08:00
|
|
|
pipeline :js_view_assets do
|
2021-12-24 21:18:34 +08:00
|
|
|
plug :put_secure_browser_headers
|
2022-11-10 23:02:59 +08:00
|
|
|
plug :within_iframe_secure_headers
|
2021-12-24 21:18:34 +08:00
|
|
|
end
|
|
|
|
|
2022-02-04 00:48:16 +08:00
|
|
|
# The /public namespace includes routes with no authentication.
|
|
|
|
# When exposing Livebook through an authentication proxy, this
|
|
|
|
# namespace should be configured as publicly available, in order
|
|
|
|
# for all features to work as expected.
|
|
|
|
|
|
|
|
scope "/public", LivebookWeb do
|
|
|
|
pipe_through :browser
|
|
|
|
|
|
|
|
get "/health", HealthController, :index
|
|
|
|
end
|
|
|
|
|
|
|
|
# The following routes are public, but should be treated as opaque
|
|
|
|
scope "/public", LivebookWeb do
|
2022-02-28 20:53:33 +08:00
|
|
|
pipe_through [:js_view_assets]
|
2021-12-24 21:18:34 +08:00
|
|
|
|
|
|
|
get "/sessions/assets/:hash/*file_parts", SessionController, :show_cached_asset
|
|
|
|
get "/sessions/:id/assets/:hash/*file_parts", SessionController, :show_asset
|
|
|
|
end
|
|
|
|
|
2022-04-28 19:01:53 +08:00
|
|
|
live_session :default,
|
|
|
|
on_mount: [LivebookWeb.AuthHook, LivebookWeb.UserHook, {LivebookWeb.PolicyHook, :private}] do
|
2021-11-02 02:33:43 +08:00
|
|
|
scope "/", LivebookWeb do
|
|
|
|
pipe_through [:browser, :auth]
|
2021-01-08 03:55:45 +08:00
|
|
|
|
2021-11-02 02:33:43 +08:00
|
|
|
live "/", HomeLive, :page
|
|
|
|
live "/home/import/:tab", HomeLive, :import
|
|
|
|
live "/home/sessions/:session_id/close", HomeLive, :close_session
|
2022-01-29 04:45:04 +08:00
|
|
|
live "/home/sessions/edit_sessions/:action", HomeLive, :edit_sessions
|
2021-07-09 01:35:11 +08:00
|
|
|
|
2021-11-02 02:33:43 +08:00
|
|
|
live "/settings", SettingsLive, :page
|
|
|
|
live "/settings/add-file-system", SettingsLive, :add_file_system
|
2022-09-12 22:34:39 +08:00
|
|
|
live "/settings/env-var/new", SettingsLive, :add_env_var
|
|
|
|
live "/settings/env-var/edit/:env_var_id", SettingsLive, :edit_env_var
|
2021-08-14 03:17:43 +08:00
|
|
|
|
2022-09-21 18:06:22 +08:00
|
|
|
live "/learn", LearnLive, :page
|
|
|
|
live "/learn/notebooks/:slug", LearnLive, :notebook
|
2021-07-09 01:35:11 +08:00
|
|
|
|
2022-08-30 22:32:48 +08:00
|
|
|
live "/hub", Hub.NewLive, :new, as: :hub
|
|
|
|
live "/hub/:id", Hub.EditLive, :edit, as: :hub
|
2022-09-15 00:24:32 +08:00
|
|
|
live "/hub/:id/env-var/new", Hub.EditLive, :add_env_var, as: :hub
|
|
|
|
live "/hub/:id/env-var/edit/:env_var_id", Hub.EditLive, :edit_env_var, as: :hub
|
2022-08-18 21:34:27 +08:00
|
|
|
|
2021-11-02 02:33:43 +08:00
|
|
|
live "/sessions/:id", SessionLive, :page
|
|
|
|
live "/sessions/:id/shortcuts", SessionLive, :shortcuts
|
2022-08-26 04:24:24 +08:00
|
|
|
live "/sessions/:id/secrets", SessionLive, :secrets
|
2021-11-02 02:33:43 +08:00
|
|
|
live "/sessions/:id/settings/runtime", SessionLive, :runtime_settings
|
|
|
|
live "/sessions/:id/settings/file", SessionLive, :file_settings
|
|
|
|
live "/sessions/:id/bin", SessionLive, :bin
|
|
|
|
get "/sessions/:id/export/download/:format", SessionController, :download_source
|
|
|
|
live "/sessions/:id/export/:tab", SessionLive, :export
|
|
|
|
live "/sessions/:id/cell-settings/:cell_id", SessionLive, :cell_settings
|
|
|
|
live "/sessions/:id/cell-upload/:cell_id", SessionLive, :cell_upload
|
|
|
|
live "/sessions/:id/delete-section/:section_id", SessionLive, :delete_section
|
2022-04-30 23:14:10 +08:00
|
|
|
live "/sessions/:id/package-search", SessionLive, :package_search
|
2021-11-02 02:33:43 +08:00
|
|
|
get "/sessions/:id/images/:image", SessionController, :show_image
|
|
|
|
live "/sessions/:id/*path_parts", SessionLive, :catch_all
|
|
|
|
end
|
2021-04-15 02:10:25 +08:00
|
|
|
|
2021-11-02 02:33:43 +08:00
|
|
|
# Public authenticated URLs that people may be directed to
|
|
|
|
scope "/", LivebookWeb do
|
|
|
|
pipe_through [:browser, :auth]
|
|
|
|
|
|
|
|
live "/import", HomeLive, :public_import
|
2022-02-04 03:26:18 +08:00
|
|
|
live "/open", HomeLive, :public_open
|
2021-11-02 02:33:43 +08:00
|
|
|
end
|
2021-01-08 03:55:45 +08:00
|
|
|
end
|
2021-04-15 20:15:56 +08:00
|
|
|
|
2021-11-02 02:33:43 +08:00
|
|
|
scope "/" do
|
2021-10-16 18:23:08 +08:00
|
|
|
pipe_through [:browser, :auth]
|
|
|
|
|
2021-11-02 02:33:43 +08:00
|
|
|
live_dashboard "/dashboard",
|
|
|
|
metrics: LivebookWeb.Telemetry,
|
2021-12-25 02:05:19 +08:00
|
|
|
home_app: {"Livebook", :livebook},
|
|
|
|
ecto_repos: []
|
2021-10-16 18:23:08 +08:00
|
|
|
end
|
|
|
|
|
2021-04-15 20:15:56 +08:00
|
|
|
scope "/authenticate", LivebookWeb do
|
|
|
|
pipe_through :browser
|
|
|
|
|
|
|
|
get "/", AuthController, :index
|
|
|
|
post "/", AuthController, :authenticate
|
|
|
|
end
|
2022-11-10 23:02:59 +08:00
|
|
|
|
|
|
|
defp within_iframe_secure_headers(conn, _opts) do
|
|
|
|
if Livebook.Config.within_iframe?() do
|
|
|
|
delete_resp_header(conn, "x-frame-options")
|
|
|
|
else
|
|
|
|
conn
|
|
|
|
end
|
|
|
|
end
|
2021-01-08 03:55:45 +08:00
|
|
|
end
|