Fixes from code review

Author: celdrake

libs/i18n/locales/en/translation.json

@@ -592,10 +592,7 @@
   "With the {{ brandName }} command line interface, you can manage your fleets, devices and repositories from a terminal.": "With the {{ brandName }} command line interface, you can manage your fleets, devices and repositories from a terminal.",
   "Command line tools are not available for download in this {{ brandName }} installation.": "Command line tools are not available for download in this {{ brandName }} installation.",
   "Login successful!": "Login successful!",
-  "Copy and run this command in your terminal to authenticate to {{ brandName }}:": "Copy and run this command in your terminal to authenticate to {{ brandName }}:",
   "Show more": "Show more",
-  "Show Less": "Show Less",
-  "Show More": "Show More",
   "Failed to obtain session token": "Failed to obtain session token",
   "This URL can only be used with a valid session ID": "This URL can only be used with a valid session ID",
   "The login command for this session is no longer available": "The login command for this session is no longer available",

libs/ui-components/src/components/Masthead/CopyLoginCommandPage.tsx

@@ -38,19 +38,16 @@ const LoginCommandCopy = ({ loginCommand, brandName }: { loginCommand: string; b
   const { t } = useTranslation();
   const [isExpanded, setIsExpanded] = React.useState(false);
 
-  // Truncate the command for initial display (show first part + ellipsis)
-  const truncatedCommand =
-    loginCommand.length > TRUNCATED_COMMAND_LENGTH
-      ? `${loginCommand.substring(0, TRUNCATED_COMMAND_LENGTH)}`
-      : loginCommand;
+  const hasShowMore = loginCommand.length > TRUNCATED_COMMAND_LENGTH;
+  const visibleCommand = hasShowMore ? `${loginCommand.substring(0, TRUNCATED_COMMAND_LENGTH)}...` : loginCommand;
 
   return (
     <Stack hasGutter className="fctl-login-command__copy-content">
       <StackItem>
         <Alert variant="success" isInline title={t('Login successful!')} />
       </StackItem>
       <StackItem>
-        {t('Copy and run this command in your terminal to authenticate to {{ brandName }}:', { brandName })}
+        {t('Copy and run this command in your terminal to authenticate with {{ brandName }}:', { brandName })}
       </StackItem>
       <StackItem>
         <CodeBlock
@@ -62,23 +59,27 @@ const LoginCommandCopy = ({ loginCommand, brandName }: { loginCommand: string; b
         >
           <CodeBlockCode className="fctl-login-command__codeblock">
             {/* When the full command is shown, hide the truncated command. This allows the full command to be copied using the keyboard */}
-            {isExpanded ? '' : `${truncatedCommand}...`}
-            <ExpandableSection
-              toggleText={isExpanded ? t('Show less') : t('Show more')}
-              isExpanded={isExpanded}
-              isDetached
-              contentId="code-block-expand"
-            >
-              {loginCommand}
-            </ExpandableSection>
-            <ExpandableSectionToggle
-              isExpanded={isExpanded}
-              onToggle={(isExpanded) => setIsExpanded(isExpanded)}
-              contentId="code-block-expand"
-              direction={isExpanded ? 'up' : 'down'}
-            >
-              {isExpanded ? t('Show Less') : t('Show More')}
-            </ExpandableSectionToggle>
+            {isExpanded ? '' : visibleCommand}
+            {hasShowMore && (
+              <>
+                <ExpandableSection
+                  toggleText={isExpanded ? t('Show less') : t('Show more')}
+                  isExpanded={isExpanded}
+                  isDetached
+                  contentId="code-block-expand"
+                >
+                  {loginCommand}
+                </ExpandableSection>
+                <ExpandableSectionToggle
+                  isExpanded={isExpanded}
+                  onToggle={(isExpanded) => setIsExpanded(isExpanded)}
+                  contentId="code-block-expand"
+                  direction={isExpanded ? 'up' : 'down'}
+                >
+                  {isExpanded ? t('Show less') : t('Show more')}
+                </ExpandableSectionToggle>
+              </>
+            )}
           </CodeBlockCode>
         </CodeBlock>
       </StackItem>
@@ -101,7 +102,7 @@ const CopyLoginCommandBody = ({ brandName }: { brandName: string }) => {
   const [loginCommand, setLoginCommand] = React.useState('');
   const [tokenNotFound, setTokenNotFound] = React.useState(false);
   const [errorMessage, setErrorMessage] = React.useState('');
-  const sessionId = window.location.search.split('sessionId=')[1];
+  const sessionId = new URLSearchParams(window.location.search).get('sessionId');
 
   React.useEffect(() => {
     const getSessionToken = async () => {

libs/ui-components/src/components/common/CopyButton.tsx

@@ -21,14 +21,16 @@ const CopyButton = ({ ariaLabel, text, variant }: CopyButtonProps) => {
   };
 
   React.useEffect(() => {
-    let timeout: NodeJS.Timeout;
+    let timeout: ReturnType<typeof setTimeout> | undefined;
     if (copied) {
       timeout = setTimeout(() => {
         setCopied(false);
       }, 1000);
     }
     return () => {
-      clearTimeout(timeout);
+      if (timeout) {
+        clearTimeout(timeout);
+      }
     };
   }, [copied]);
 
@@ -37,9 +39,10 @@ const CopyButton = ({ ariaLabel, text, variant }: CopyButtonProps) => {
       <Button
         variant={variant || 'plain'}
         isInline={variant === 'link'}
+        onClick={onCopy}
         icon={
           <Icon size="sm">
-            <CopyIcon onClick={onCopy} />
+            <CopyIcon />
           </Icon>
         }
         aria-label={ariaLabel || t('Copy text')}

libs/ui-components/src/components/common/CopyLoginCommandModal.tsx

@@ -23,7 +23,7 @@ const CopyLoginCommandModal = ({ onClose }: { onClose: VoidFunction }) => {
   const brandName = getBrandName(settings);
 
   const [serviceUrl, setServiceUrl] = React.useState('');
-  const loginCommand = String.raw`flightctl login ${serviceUrl || DEFAULT_API_URL} --token=$(oc whoami -t)`;
+  const loginCommand = serviceUrl ? String.raw`flightctl login ${serviceUrl} --token=$(oc whoami -t)` : '';
 
   React.useEffect(() => {
     const loadServiceUrl = async () => {
@@ -50,13 +50,17 @@ const CopyLoginCommandModal = ({ onClose }: { onClose: VoidFunction }) => {
           </StackItem>
           <StackItem>
             <CodeBlock
-              actions={[
-                <CodeBlockAction key="copy-command">
-                  <CopyButton text={loginCommand} ariaLabel={t('Copy login command')} />
-                </CodeBlockAction>,
-              ]}
+              actions={
+                loginCommand
+                  ? [
+                      <CodeBlockAction key="copy-command">
+                        <CopyButton text={loginCommand} ariaLabel={t('Copy login command')} />
+                      </CodeBlockAction>,
+                    ]
+                  : undefined
+              }
             >
-              <CodeBlockCode>{serviceUrl ? loginCommand : t('Loading...')}</CodeBlockCode>
+              <CodeBlockCode>{loginCommand || t('Loading...')}</CodeBlockCode>
             </CodeBlock>
           </StackItem>
           <StackItem>

libs/ui-components/src/types/extraTypes.ts

@@ -80,5 +80,5 @@ export enum AuthType {
   DISABLED = 'DISABLED',
   OIDC = 'OIDC',
   K8S = 'K8S',
-  AAP = 'AAP',
+  AAP = 'AAPGateway',
 }

proxy/auth/auth.go

@@ -16,6 +16,11 @@ import (
 	"github.com/flightctl/flightctl/api/v1alpha1"
 )
 
+const (
+	DefaultTokenCleanupInterval = 10 * time.Minute // How often to run cleanup
+	DefaultTokenMaxAge          = 15 * time.Minute // Max age before forced removal
+)
+
 type ExpiresInResp struct {
 	ExpiresIn *int64 `json:"expiresIn"`
 }
@@ -35,9 +40,10 @@ type RedirectResponse struct {
 }
 
 type AuthHandler struct {
-	provider     AuthProvider
-	sessionMutex sync.Mutex
-	apiTokenMap  map[string]*ApiToken
+	provider         AuthProvider
+	sessionMutex     sync.Mutex
+	apiTokenMap      map[string]*ApiToken
+	stopTokenCleanup chan struct{}
 }
 
 type ApiToken struct {
@@ -48,7 +54,8 @@ type ApiToken struct {
 
 func NewAuth(apiTlsConfig *tls.Config) (*AuthHandler, error) {
 	auth := AuthHandler{
-		apiTokenMap: make(map[string]*ApiToken),
+		apiTokenMap:      make(map[string]*ApiToken),
+		stopTokenCleanup: make(chan struct{}),
 	}
 	authConfig, internalAuthUrl, err := getAuthInfo(apiTlsConfig)
 	if err != nil {
@@ -68,6 +75,12 @@ func NewAuth(apiTlsConfig *tls.Config) (*AuthHandler, error) {
 	default:
 		err = fmt.Errorf("unknown auth type: %s", authConfig.AuthType)
 	}
+
+	if err == nil && auth.provider != nil {
+		// Start the cleanup routine for expired tokens
+		go auth.startTokenCleanup()
+	}
+
 	return &auth, err
 }
 
@@ -223,6 +236,61 @@ func (a *AuthHandler) getSingleUseApiTokenMapping(sessionId string) (*ApiToken,
 	return session, exists
 }
 
+// Cleans up expired and old tokens that were never retrieved through getSingleUseApiTokenMapping
+func (a *AuthHandler) startTokenCleanup() {
+	ticker := time.NewTicker(DefaultTokenCleanupInterval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			a.cleanupExpiredTokens()
+		case <-a.stopTokenCleanup:
+			return
+		}
+	}
+}
+
+// Removes expired tokens and tokens older than DefaultMaxTokenAge from the apiTokenMap
+func (a *AuthHandler) cleanupExpiredTokens() {
+	a.sessionMutex.Lock()
+	defer a.sessionMutex.Unlock()
+
+	now := time.Now()
+	deletedTokens := 0
+
+	for sessionId, token := range a.apiTokenMap {
+		shouldRemove := false
+
+		if now.Sub(token.CreatedAt) > DefaultTokenMaxAge {
+			// Remove tokens older than the directed max age
+			shouldRemove = true
+		} else if token.ExpiresIn != nil {
+			// Remove expired tokens (if ExpiresIn is set)
+			expiration := token.CreatedAt.Add(time.Duration(*token.ExpiresIn) * time.Second)
+			if now.After(expiration) {
+				shouldRemove = true
+			}
+		}
+
+		if shouldRemove {
+			delete(a.apiTokenMap, sessionId)
+			deletedTokens++
+		}
+	}
+
+	if deletedTokens > 0 {
+		log.GetLogger().WithFields(map[string]interface{}{
+			"deletedTokens":   deletedTokens,
+			"remainingTokens": len(a.apiTokenMap),
+		}).Info("Cleaned up expired API tokens")
+	}
+}
+
+func (a *AuthHandler) StopTokenCleanup() {
+	close(a.stopTokenCleanup)
+}
+
 func (a *AuthHandler) CreateSessionToken(w http.ResponseWriter, r *http.Request) {
 	if a.provider == nil {
 		w.WriteHeader(http.StatusTeapot)