feat: add embedded apisix dashboard ui (#12276)

Author: bzp2010

apisix/cli/config.lua

@@ -360,6 +360,7 @@ local _M = {
         }
       },
       enable_admin_cors = true,
+      enable_admin_ui = true,
       allow_admin = { "127.0.0.0/24" },
       admin_listen = {
         ip = "0.0.0.0",

apisix/cli/ngx_tpl.lua

@@ -632,20 +632,35 @@ http {
         set $upstream_host               $http_host;
         set $upstream_uri                '';
 
-        location /apisix/admin {
-            {%if allow_admin then%}
-                {% for _, allow_ip in ipairs(allow_admin) do %}
-                allow {*allow_ip*};
-                {% end %}
-                deny all;
-            {%else%}
-                allow all;
-            {%end%}
+        {%if allow_admin then%}
+        {% for _, allow_ip in ipairs(allow_admin) do %}
+        allow {*allow_ip*};
+        {% end %}
+        deny all;
+        {%else%}
+        allow all;
+        {%end%}
 
+        location /apisix/admin {
             content_by_lua_block {
                 apisix.http_admin()
             }
         }
+
+        {% if enable_admin_ui then %}
+        location = /ui {
+            return 301 /ui/;
+        }
+        location ^~ /ui/ {
+            rewrite ^/ui/(.*)$ /$1 break;
+            root {* apisix_lua_home *}/ui;
+            try_files $uri /index.html =404;
+            gzip on;
+            gzip_types text/css application/javascript application/json;
+            expires 7200s;
+            add_header Cache-Control "private,max-age=7200";
+        }
+        {% end %}
     }
     {% end %}
 

conf/config.yaml.example

@@ -674,6 +674,7 @@ deployment:                    # Deployment configurations
       #   role: viewer
 
     enable_admin_cors: true       # Enable Admin API CORS response header `Access-Control-Allow-Origin`.
+    enable_admin_ui: true         # Enable embedded APISIX Dashboard UI.
     allow_admin:                  # Limit Admin API access by IP addresses.
       - 127.0.0.0/24              # If not set, any IP address is allowed.
       # - "::/64"

t/cli/test_admin_ui.sh

@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+. ./t/cli/common.sh
+
+# check admin ui enabled
+
+git checkout conf/config.yaml
+
+make init
+
+grep "location ^~ /ui/" conf/nginx.conf > /dev/null
+if [ ! $? -eq 0 ]; then
+    echo "failed: failed to enable embedded admin ui"
+    exit 1
+fi
+
+make run
+
+## check /ui redirects to /ui/
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui)
+if [ ! $code -eq 301 ]; then
+    echo "failed: failed to redirect /ui to /ui/"
+    exit 1
+fi
+
+## check /ui/ accessible
+
+mkdir -p ui/assets
+echo "test_html" > ui/index.html
+echo "test_js" > ui/assets/test.js
+echo "test_css" > ui/assets/test.css
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/)
+if [ ! $code -eq 200 ]; then
+    echo "failed: /ui/ not accessible"
+    exit 1
+fi
+
+## check /ui/index.html accessible
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/index.html)
+if [ ! $code -eq 200 ]; then
+    echo "failed: /ui/index.html not accessible"
+    exit 1
+fi
+
+## check /ui/assets/test.js accessible
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/assets/test.js)
+if [ ! $code -eq 200 ]; then
+    echo "failed: /ui/assets/test.js not accessible"
+    exit 1
+fi
+
+## check /ui/assets/test.css accessible
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/assets/test.css)
+if [ ! $code -eq 200 ]; then
+    echo "failed: /ui/assets/test.css not accessible"
+    exit 1
+fi
+
+## check /ui/ single-page-application fallback
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/not_exist)
+if [ ! $code -eq 200 ]; then
+    echo "failed: /ui/not_exist not accessible"
+    exit 1
+fi
+
+make stop
+
+# test ip restriction
+
+git checkout conf/config.yaml
+
+echo "
+deployment:
+    admin:
+        enable_admin_ui: true
+        allow_admin:
+            - 1.1.1.1/32
+" > conf/config.yaml
+
+make run
+
+code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/)
+if [ ! $code -eq 403 ]; then
+    echo "failed: ip restriction not working, expected 403, got $code"
+    exit 1
+fi
+
+make stop
+
+# test admin ui disabled
+
+git checkout conf/config.yaml
+
+echo "
+deployment:
+    admin:
+        enable_admin_ui: false
+" > conf/config.yaml
+
+make init
+
+#### When grep cannot find the value, it uses 1 as the exit code.
+#### Due to the use of set -e, any non-zero exit will terminate the
+#### script, so grep is written inside the if statement here.
+if grep "location ^~ /ui/" conf/nginx.conf > /dev/null; then
+    echo "failed: failed to disable embedded admin ui"
+    exit 1
+fi
+
+# test admin UI explicitly enabled
+
+git checkout conf/config.yaml
+
+echo "
+deployment:
+    admin:
+        enable_admin_ui: true
+" > conf/config.yaml
+
+make init
+
+if ! grep "location ^~ /ui/" conf/nginx.conf > /dev/null; then
+    echo "failed: failed to explicitly enable embedded admin ui"
+    exit 1
+fi