Insert control-cache headers to every resource and reload index.html

Author: MarcialRosales

deps/rabbitmq_management/priv/www/index.html

@@ -21,9 +21,8 @@
     <link href="css/main.css" rel="stylesheet" type="text/css"/>
     <link href="favicon.ico" rel="shortcut icon" type="image/x-icon"/>    
 
-    <script type="module">
-      window.oauth = oauth_initialize_if_required();
-      
+    <script type="module">      
+      window.oauth = oauth_initialize_if_required()      
     </script>
 
 

deps/rabbitmq_management/priv/www/js/main.js

@@ -127,7 +127,7 @@ function check_login () {
     }
     return false;
   }
-
+  check_version()
   hide_popup_warn()
   replace_content('outer', format('layout', {}))
   var user_login_session_timeout = parseInt(user.login_session_timeout)
@@ -1862,3 +1862,12 @@ function get_chart_range_type(arg) {
     console.log('[WARNING]: range type not found for arg: ' + arg);
     return 'basic';
 }
+
+function check_version() {
+    let curVersion = sync_get('/version')
+    let storedVersion = get_pref('version')    
+    if (!storedVersion || storedVersion != curVersion) {
+        store_pref('version', curVersion)
+        location.reload()
+    }
+}

deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js

@@ -290,18 +290,21 @@ export function oauth_completeLogin() {
 
 export function oauth_initiateLogout() {
   if (oauth.sp_initiated) {
-    mgr.metadataService.getEndSessionEndpoint().then(endpoint => {
-      if (endpoint == undefined) {
-        // Logout only from management UI
-        mgr.removeUser().then(res => {
-          clear_auth()
-          oauth_redirectToLogin()
-        })
-      }else {
-        // OpenId Connect RP-Initiated Logout
-        mgr.signoutRedirect()
-      }
+    return mgr.getUser().then(User => {
+      mgr.metadataService.getEndSessionEndpoint().then(endpoint => {
+        if (endpoint == undefined) {
+          // Logout only from management UI
+          mgr.removeUser().then(res => {
+            clear_auth()
+            oauth_redirectToLogin()
+          })
+        }else {
+          // OpenId Connect RP-Initiated Logout
+          mgr.signoutRedirect()
+        }
+      })
     })
+
   } else {
     go_to_authority()
   }

deps/rabbitmq_management/src/rabbit_mgmt_dispatcher.erl

@@ -208,5 +208,6 @@ dispatcher() ->
      {"/auth/attempts/:node/source",                           rabbit_mgmt_wm_auth_attempts, [by_source]},
      {"/login",                                                rabbit_mgmt_wm_login, []},
      {"/config/effective",                                     rabbit_mgmt_wm_environment, []},
-     {"/auth/hash_password/:password",                         rabbit_mgmt_wm_hash_password, []}
+     {"/auth/hash_password/:password",                         rabbit_mgmt_wm_hash_password, []},
+     {"/version",                                              rabbit_mgmt_wm_version, []}
     ].

deps/rabbitmq_management/src/rabbit_mgmt_headers.erl

@@ -55,14 +55,18 @@ set_common_permission_headers(ReqData0, EndpointModule) ->
     lists:foldl(fun(Fun, ReqData) ->
                         Fun(ReqData, EndpointModule)
                 end, ReqData0,
-               [fun set_csp_headers/2,
+               [fun set_etag_based_cache_headers/2,
+                fun set_csp_headers/2,
                 fun set_hsts_headers/2,
                 fun set_cors_headers/2,
                 fun set_content_type_options_header/2,
                 fun set_xss_protection_header/2,
                 fun set_frame_options_header/2]).
 
+set_etag_based_cache_headers(ReqData0, _Module) ->
+    cowboy_req:set_resp_header(<<"cache-control">>, <<"public, max-age=0, must-revalidate">>, ReqData0).
+
 set_no_cache_headers(ReqData0, _Module) ->
-    ReqData1 = cowboy_req:set_resp_header(<<"cache-control">>, <<"no-cache, no-store, must-revalidate">>, ReqData0),
+    ReqData1 = cowboy_req:set_resp_header(<<"cache-control">>, <<"no-cache, no-store, max-age=0, must-revalidate">>, ReqData0),
     ReqData2 = cowboy_req:set_resp_header(<<"pragma">>, <<"no-cache">>, ReqData1),
     cowboy_req:set_resp_header(<<"expires">>, rabbit_data_coercion:to_binary(0), ReqData2).

deps/rabbitmq_management/src/rabbit_mgmt_wm_version.erl

@@ -0,0 +1,38 @@
+%% This Source Code Form is subject to the terms of the Mozilla Public
+%% License, v. 2.0. If a copy of the MPL was not distributed with this
+%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
+%%
+%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
+%%
+
+-module(rabbit_mgmt_wm_version).
+
+-export([init/2]).
+-export([to_json/2, content_types_provided/2]).
+-export([variances/2]).
+
+-include_lib("rabbit_common/include/rabbit.hrl").
+-include_lib("rabbitmq_management_agent/include/rabbit_mgmt_records.hrl").
+
+%%--------------------------------------------------------------------
+
+init(Req, _State) ->
+    {cowboy_rest, rabbit_mgmt_headers:set_no_cache_headers(
+        rabbit_mgmt_headers:set_common_permission_headers(Req, ?MODULE), ?MODULE), 
+        #context{}}.
+
+variances(Req, Context) ->
+    {[<<"accept-encoding">>, <<"origin">>], Req, Context}.
+
+content_types_provided(ReqData, Context) ->
+   {rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
+
+to_json(ReqData, Context) ->   
+    Version = case rabbit:product_version() of
+        undefined -> rabbit:base_product_version();
+        V -> V
+    end,
+    rabbit_mgmt_util:reply(list_to_binary(Version), ReqData, Context).
+
+%%--------------------------------------------------------------------
+

deps/rabbitmq_management/test/rabbit_mgmt_http_SUITE.erl

@@ -56,7 +56,7 @@ all() ->
     ].
 
 groups() ->
-    [
+    [        
         {all_tests_with_prefix, [], some_tests() ++ all_tests()},
         {all_tests_without_prefix, [], some_tests()},
         %% We have several groups because their interference is
@@ -104,7 +104,6 @@ definitions_group4_tests() ->
         definitions_vhost_test
     ].
 
-
 all_tests() -> [
     cli_redirect_test,
     api_redirect_test,
@@ -205,7 +204,8 @@ all_tests() -> [
     amqp_sessions,
     amqpl_sessions,
     enable_plugin_amqp,
-    cluster_and_node_tags_test
+    cluster_and_node_tags_test,
+    version_test
 ].
 
 %% -------------------------------------------------------------------
@@ -3896,6 +3896,13 @@ oauth_test(Config) ->
     %% cleanup
     rpc(Config, application, unset_env, [rabbitmq_management, oauth_enabled]).
 
+version_test(Config) ->
+    ActualVersion = http_get(Config, "/version"),
+    ct:log("ActualVersion : ~p", [ActualVersion]),
+    ExpectedVersion = rpc(Config, rabbit, base_product_version, []),
+    ct:log("ExpectedVersion : ~p", [ExpectedVersion]),
+    ?assertEqual(ExpectedVersion, binary_to_list(ActualVersion)).
+
 login_test(Config) ->
     http_put(Config, "/users/myuser", [{password, <<"myuser">>},
                                        {tags,     <<"management">>}], {group, '2xx'}),

selenium/README.md

@@ -62,6 +62,9 @@ not see any browser interaction, everything happens in the background, i.e. rabb
 
 **The interactive mode** - This mode is convenient when we are still working on RabbitMQ source code and/or in the selenium tests. In this mode, you run RabbitMQ and tests directly from source to speed things up. The components, such as, UAA or keycloak, run in docker.
 
+**IMPORTANT** - If you intend to switch between version of RabbitMQ, make sure
+you run `./clean.sh` to clear any state left from the last test run. 
+
 
 ## Run tests in headless-mode
 

selenium/clean.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+rm -r $TMPDIR/rabbitmq-test-instances

selenium/test/basic-auth/unauthorized.js

@@ -19,9 +19,8 @@ describe('An user without management tag', function () {
     overview = new OverviewPage(driver)
     captureScreen = captureScreensFor(driver, __filename)
 
-    assert.ok(!await login.isPopupWarningDisplayed())
-    await login.login('rabbit_no_management', 'rabbit_no_management')
-    await !overview.isLoaded()
+    //assert.ok(!await login.isPopupWarningDisplayed())
+    await login.login('rabbit_no_management', 'guest')    
   })
 
   it('cannot log in into the management ui', async function () {    
@@ -35,7 +34,7 @@ describe('An user without management tag', function () {
 
   it('should get popup warning dialog', async function(){
     assert.ok(login.isPopupWarningDisplayed())
-    assert.equal('Not_Authorized', await login.getPopupWarning())
+    assert.equal('Not management user', await login.getPopupWarning())
   })
 
   describe("After clicking on popup warning dialog button", function() {