Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(server/v2): Add Swagger UI support for server/v2 #23092

Open
wants to merge 30 commits into
base: main
Choose a base branch
from
+260 −0
Open

feat(server/v2): Add Swagger UI support for server/v2 #23092

Show file tree
Hide file tree
Changes from 25 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
4ed5650
Create handler.go
crStiv Dec 25, 2024
2ac2555
feat(server): add swagger UI configuration
crStiv Dec 25, 2024
8930230
feat(server): integrate swagger UI setup
crStiv Dec 25, 2024
c812722
Create server.go
crStiv Dec 26, 2024
d0c20bc
Update config.go
crStiv Dec 26, 2024
ac5982a
Update config.go
crStiv Dec 26, 2024
f96dafe
Update handler.go
crStiv Dec 26, 2024
9859c38
Update server.go
crStiv Dec 26, 2024
e96e5bb
return original code
crStiv Dec 26, 2024
e733362
Update handler.go
crStiv Jan 6, 2025
34eab36
Update server.go
crStiv Jan 6, 2025
eec89d7
Update config.go
crStiv Jan 6, 2025
654cc99
Update app.go
crStiv Jan 6, 2025
c9d6544
Create doc.go
crStiv Jan 6, 2025
16556c1
Update commands.go
crStiv Jan 6, 2025
2021911
Update app.go
crStiv Jan 6, 2025
93dc4b6
Update handler.go
crStiv Jan 6, 2025
446c0f8
Update handler.go
crStiv Jan 7, 2025
c038d6c
Update doc.go
crStiv Jan 7, 2025
0938d61
Update config.go
crStiv Jan 7, 2025
2466ab5
Update handler.go
crStiv Jan 7, 2025
8a042b2
Update commands.go
crStiv Jan 7, 2025
8ccb884
Update doc.go
crStiv Jan 7, 2025
9659ba7
Update server.go
crStiv Jan 7, 2025
8f3017c
Merge branch 'main' into feat/add-swagger-ui
crStiv Jan 7, 2025
0fa0b6b
Update server.go
crStiv Jan 8, 2025
35f2fad
Update handler.go
crStiv Jan 8, 2025
44da58f
Update server.go
crStiv Jan 8, 2025
98f2d85
Update server.go
crStiv Jan 11, 2025
a3dbbe8
Merge branch 'main' into feat/add-swagger-ui
crStiv Jan 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions server/v2/api/swagger/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package swagger

import (
"fmt"
"net/http"

"cosmossdk.io/core/server"
)

const ServerName = "swagger"

// Config defines the configuration for the Swagger UI server
type Config struct {
// Enable enables/disables the Swagger UI server
Enable bool `toml:"enable,omitempty" mapstructure:"enable"`
// Address defines the server address to bind to
Address string `toml:"address,omitempty" mapstructure:"address"`
// SwaggerUI defines the file system for serving Swagger UI files
SwaggerUI http.FileSystem `toml:"-" mapstructure:"-"`
}

// DefaultConfig returns the default configuration
func DefaultConfig() *Config {
return &Config{
Enable: true,
Address: "localhost:8090",
}
}

// Validate returns an error if the config is invalid
func (c *Config) Validate() error {
if !c.Enable {
return nil
}

if c.Address == "" {
return fmt.Errorf("address is required when swagger UI is enabled")
}

return nil
}

// CfgOption defines a function for configuring the settings
type CfgOption func(*Config)
16 changes: 16 additions & 0 deletions server/v2/api/swagger/doc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
/*
Package swagger provides Swagger UI support for server/v2.

Example usage in commands.go:

// Create Swagger server
swaggerServer, err := swaggerv2.New[T](
logger.With(log.ModuleKey, "swagger"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto

deps.GlobalConfig,
)

Configuration options:
- enable: Enable/disable the Swagger UI server (default: true)
- address: Server address (default: localhost:8090)
*/
package swagger
77 changes: 77 additions & 0 deletions server/v2/api/swagger/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
package swagger

import (
"io"
"net/http"
"path/filepath"
"strings"
"time"
)

type swaggerHandler struct {
swaggerFS http.FileSystem
}

func (h *swaggerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Set minimal CORS headers
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET")

if r.Method == http.MethodOptions {
return
}

// Process and validate the path
urlPath := strings.TrimPrefix(r.URL.Path, "/swagger")
if urlPath == "" || urlPath == "/" {
urlPath = "/index.html"
}

// Basic path validation
if strings.Contains(urlPath, "..") || strings.Contains(urlPath, "//") {
http.Error(w, "Invalid path", http.StatusBadRequest)
return
}

// Clean the path
urlPath = filepath.Clean(urlPath)

// Open the file
file, err := h.swaggerFS.Open(urlPath)
Fixed Show fixed Hide fixed
if err != nil {
http.Error(w, "File not found", http.StatusNotFound)
return
}
defer file.Close()

// Set the content-type
ext := filepath.Ext(urlPath)
if ct := getContentType(ext); ct != "" {
w.Header().Set("Content-Type", ct)
}

// Serve the file
http.ServeContent(w, r, urlPath, time.Now(), file.(io.ReadSeeker))

Check warning

Code scanning / CodeQL

Calling the system time Warning

Calling the system time may be a possible source of non-determinism
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Strengthen path validation and add security headers.

While basic path validation exists, it could be enhanced:

  1. Use filepath.Clean before validation to prevent bypass attempts.
  2. Add security headers to protect against common web vulnerabilities.

Apply this diff:

 func (h *swaggerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
     // Set minimal CORS headers
     w.Header().Set("Access-Control-Allow-Origin", "*")
     w.Header().Set("Access-Control-Allow-Methods", "GET")
+    // Add security headers
+    w.Header().Set("X-Content-Type-Options", "nosniff")
+    w.Header().Set("X-Frame-Options", "DENY")
+    w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'")

     if r.Method == http.MethodOptions {
         return
     }

     // Process and validate the path
     urlPath := strings.TrimPrefix(r.URL.Path, "/swagger")
+    urlPath = filepath.Clean(urlPath)
+    
+    // Validate path before any operations
+    if strings.Contains(urlPath, "..") || strings.Contains(urlPath, "//") || strings.Contains(urlPath, "\x00") {
         http.Error(w, "Invalid path", http.StatusBadRequest)
         return
     }
-
-    // Clean the path
-    urlPath = filepath.Clean(urlPath)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func (h *swaggerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Set minimal CORS headers
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET")
if r.Method == http.MethodOptions {
return
}
// Process and validate the path
urlPath := strings.TrimPrefix(r.URL.Path, "/swagger")
if urlPath == "" || urlPath == "/" {
urlPath = "/index.html"
}
// Basic path validation
if strings.Contains(urlPath, "..") || strings.Contains(urlPath, "//") {
http.Error(w, "Invalid path", http.StatusBadRequest)
return
}
// Clean the path
urlPath = filepath.Clean(urlPath)
// Open the file
file, err := h.swaggerFS.Open(urlPath)
if err != nil {
http.Error(w, "File not found", http.StatusNotFound)
return
}
defer file.Close()
// Set the content-type
ext := filepath.Ext(urlPath)
if ct := getContentType(ext); ct != "" {
w.Header().Set("Content-Type", ct)
}
// Serve the file
http.ServeContent(w, r, urlPath, time.Now(), file.(io.ReadSeeker))
}
func (h *swaggerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Set minimal CORS headers
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET")
// Add security headers
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'")
if r.Method == http.MethodOptions {
return
}
// Process and validate the path
urlPath := strings.TrimPrefix(r.URL.Path, "/swagger")
urlPath = filepath.Clean(urlPath)
// Validate path before any operations
if strings.Contains(urlPath, "..") || strings.Contains(urlPath, "//") || strings.Contains(urlPath, "\x00") {
http.Error(w, "Invalid path", http.StatusBadRequest)
return
}
if urlPath == "" || urlPath == "/" {
urlPath = "/index.html"
}
// Open the file
file, err := h.swaggerFS.Open(urlPath)
if err != nil {
http.Error(w, "File not found", http.StatusNotFound)
return
}
defer file.Close()
// Set the content-type
ext := filepath.Ext(urlPath)
if ct := getContentType(ext); ct != "" {
w.Header().Set("Content-Type", ct)
}
// Serve the file
http.ServeContent(w, r, urlPath, time.Now(), file.(io.ReadSeeker))
}

Comment on lines +44 to +60
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve file serving and error handling.

The current implementation has two issues:

  1. Using time.Now() in ServeContent is non-deterministic
  2. Error handling could be more informative
 // Open the file
 file, err := h.swaggerFS.Open(urlPath)
 if err != nil {
-    http.Error(w, "File not found", http.StatusNotFound)
+    msg := fmt.Sprintf("Swagger file not found: %s", urlPath)
+    h.logger.Debug("swagger file not found", "path", urlPath, "error", err)
+    http.Error(w, msg, http.StatusNotFound)
     return
 }
 defer file.Close()

 // Set the content-type
 ext := filepath.Ext(urlPath)
 if ct := getContentType(ext); ct != "" {
     w.Header().Set("Content-Type", ct)
 }

 // Serve the file
-http.ServeContent(w, r, urlPath, time.Now(), file.(io.ReadSeeker))
+// Use a fixed timestamp for deterministic behavior
+http.ServeContent(w, r, urlPath, time.Unix(0, 0), file.(io.ReadSeeker))

Committable suggestion skipped: line range outside the PR's diff.


// getContentType returns the content-type for a file extension
func getContentType(ext string) string {
switch strings.ToLower(ext) {
case ".html":
return "text/html"
case ".css":
return "text/css"
case ".js":
return "application/javascript"
case ".json":
return "application/json"
case ".png":
return "image/png"
case ".jpg", ".jpeg":
return "image/jpeg"
case ".svg":
return "image/svg+xml"
default:
return ""
}
}
110 changes: 110 additions & 0 deletions server/v2/api/swagger/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
package swagger

import (
"context"
"fmt"
"net/http"

"cosmossdk.io/core/server"
"cosmossdk.io/core/transaction"
"cosmossdk.io/log"
serverv2 "cosmossdk.io/server/v2"
)

var (
_ serverv2.ServerComponent[transaction.Tx] = (*Server[transaction.Tx])(nil)
_ serverv2.HasConfig = (*Server[transaction.Tx])(nil)
)

// Server represents a Swagger UI server
type Server[T transaction.Tx] struct {
logger log.Logger
config *Config
cfgOptions []CfgOption
server *http.Server
}

// New creates a new Swagger UI server
func New[T transaction.Tx](
logger log.Logger,
cfg server.ConfigMap,
cfgOptions ...CfgOption,
) (*Server[T], error) {
srv := &Server[T]{
logger: logger.With(log.ModuleKey, ServerName),
cfgOptions: cfgOptions,
}

serverCfg := srv.Config().(*Config)
julienrbrt marked this conversation as resolved.
Show resolved Hide resolved
if len(cfg) > 0 {
if err := serverv2.UnmarshalSubConfig(cfg, srv.Name(), &serverCfg); err != nil {
return nil, fmt.Errorf("failed to unmarshal config: %w", err)
}
}
srv.config = serverCfg

if err := srv.config.Validate(); err != nil {
return nil, err
}

mux := http.NewServeMux()
mux.Handle("/swagger", &swaggerHandler{
swaggerFS: srv.config.SwaggerUI,
})

srv.server = &http.Server{
Addr: srv.config.Address,
Handler: mux,
}

return srv, nil
}

// NewWithConfigOptions creates a new server with configuration options
func NewWithConfigOptions[T transaction.Tx](opts ...CfgOption) *Server[T] {
return &Server[T]{
cfgOptions: opts,
}
}

// Name returns the server's name
func (s *Server[T]) Name() string {
return ServerName
}

// Config returns the server configuration
func (s *Server[T]) Config() any {
if s.config == nil || s.config.Address == "" {
cfg := DefaultConfig()
for _, opt := range s.cfgOptions {
opt(cfg)
}
return cfg
}
return s.config
}

// Start starts the server
func (s *Server[T]) Start(ctx context.Context) error {
if !s.config.Enable {
s.logger.Info(fmt.Sprintf("%s server is disabled via config", s.Name()))
return nil
}

s.logger.Info("starting swagger server...", "address", s.config.Address)
if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
return fmt.Errorf("failed to start swagger server: %w", err)
}

return nil
}

// Stop stops the server
func (s *Server[T]) Stop(ctx context.Context) error {
if !s.config.Enable {
return nil
}

s.logger.Info("stopping swagger server...", "address", s.config.Address)
return s.server.Shutdown(ctx)
}
1 change: 1 addition & 0 deletions simapp/v2/app.go
View file
Open in desktop
julienrbrt marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,7 @@ func NewSimApp[T transaction.Tx](
if err = app.LoadLatest(); err != nil {
return nil, err
}

return app, nil
}

Expand Down
12 changes: 12 additions & 0 deletions simapp/v2/simdv2/cmd/commands.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
grpcserver "cosmossdk.io/server/v2/api/grpc"
"cosmossdk.io/server/v2/api/grpcgateway"
"cosmossdk.io/server/v2/api/rest"
swaggerv2 "cosmossdk.io/server/v2/api/swagger"
"cosmossdk.io/server/v2/api/telemetry"
"cosmossdk.io/server/v2/cometbft"
serverstore "cosmossdk.io/server/v2/store"
Expand Down Expand Up @@ -91,6 +92,7 @@ func InitRootCmd[T transaction.Tx](
&telemetry.Server[T]{},
&rest.Server[T]{},
&grpcgateway.Server[T]{},
&swaggerv2.Server[T]{},
)
}

Expand Down Expand Up @@ -163,6 +165,15 @@ func InitRootCmd[T transaction.Tx](
}
registerGRPCGatewayRoutes[T](deps, grpcgatewayServer)

// Create Swagger server
swaggerServer, err := swaggerv2.New[T](
logger.With(log.ModuleKey, "swagger"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can just pass the litter here, the key is added in the constrictor

deps.GlobalConfig,
)
if err != nil {
return nil, err
}

// wire server commands
return serverv2.AddCommands[T](
rootCmd,
Expand All @@ -176,6 +187,7 @@ func InitRootCmd[T transaction.Tx](
telemetryServer,
restServer,
grpcgatewayServer,
swaggerServer,
)
}

Expand Down
Loading