From a26f939859b4380ad3b211aa671653e27eba2ed9 Mon Sep 17 00:00:00 2001 From: Darin Kelkhoff Date: Fri, 20 Oct 2023 19:34:51 -0500 Subject: [PATCH] Remove Authorization: from all posts --- src/App.tsx | 20 ++++++++--------- src/qqq/pages/processes/ProcessRun.tsx | 8 +------ src/qqq/pages/records/query/RecordQuery.tsx | 2 -- src/qqq/utils/HtmlUtils.ts | 24 +++++++-------------- src/qqq/utils/qqq/Client.ts | 14 +++++++++++- 5 files changed, 31 insertions(+), 37 deletions(-) diff --git a/src/App.tsx b/src/App.tsx index 5c73f54..3e547b2 100644 --- a/src/App.tsx +++ b/src/App.tsx @@ -73,6 +73,14 @@ export default function App() const [loggedInUser, setLoggedInUser] = useState({} as { name?: string, email?: string }); const [defaultRoute, setDefaultRoute] = useState("/no-apps"); + ///////////////////////////////////////////////////////// + // tell the client how to do a logout if it sees a 401 // + ///////////////////////////////////////////////////////// + Client.setUnauthorizedCallback(() => + { + logout(); + }) + const shouldStoreNewToken = (newToken: string, oldToken: string): boolean => { if (!cookies[SESSION_UUID_COOKIE_NAME]) @@ -167,18 +175,8 @@ export default function App() console.log("Using existing sessionUUID cookie"); } - /* - //////////////////////////////////////////////////////////////////////////////////////////////////////////////// - // todo#authHeader - this is our quick rollback plan - if we feel the need to stop using the cookie approach. // - // we turn off the shouldStoreNewToken block above, and turn on these 2 lines. // - //////////////////////////////////////////////////////////////////////////////////////////////////////////////// - removeCookie(SESSION_UUID_COOKIE_NAME, {path: "/"}); - localStorage.removeItem("accessToken"); - */ - setIsFullyAuthenticated(true); qController.setGotAuthentication(); - qController.setAuthorizationHeaderValue("Bearer " + accessToken); setLoggedInUser(user); console.log("Token load complete."); @@ -199,8 +197,8 @@ export default function App() // use a random token if anonymous or mock // ///////////////////////////////////////////// console.log("Generating random token..."); - qController.setAuthorizationHeaderValue(Md5.hashStr(`${new Date()}`)); setIsFullyAuthenticated(true); + qController.setGotAuthentication(); setCookie(SESSION_UUID_COOKIE_NAME, Md5.hashStr(`${new Date()}`), {path: "/"}); console.log("Token generation complete."); return; diff --git a/src/qqq/pages/processes/ProcessRun.tsx b/src/qqq/pages/processes/ProcessRun.tsx index d0e0a0b..97c11c4 100644 --- a/src/qqq/pages/processes/ProcessRun.tsx +++ b/src/qqq/pages/processes/ProcessRun.tsx @@ -229,7 +229,7 @@ function ProcessRun({process, table, defaultProcessValues, isModal, isWidget, is const download = (url: string, fileName: string) => { ///////////////////////////////////////////////////////////////////////////////////////////// - // todo - this could be simplified. // + // todo - this could be simplified, i think? // // it was originally built like this when we had to submit full access token to backend... // ///////////////////////////////////////////////////////////////////////////////////////////// let xhr = new XMLHttpRequest(); @@ -237,12 +237,6 @@ function ProcessRun({process, table, defaultProcessValues, isModal, isWidget, is xhr.responseType = "blob"; let formData = new FormData(); - //////////////////////////////////// - // todo#authHeader - delete this. // - //////////////////////////////////// - const qController = Client.getInstance(); - formData.append("Authorization", qController.getAuthorizationHeaderValue()); - // @ts-ignore xhr.send(formData); diff --git a/src/qqq/pages/records/query/RecordQuery.tsx b/src/qqq/pages/records/query/RecordQuery.tsx index 7328214..267ad79 100644 --- a/src/qqq/pages/records/query/RecordQuery.tsx +++ b/src/qqq/pages/records/query/RecordQuery.tsx @@ -1136,8 +1136,6 @@ function RecordQuery({table, launchProcess}: Props): JSX.Element Generating file ${filename}${totalRecords ? " with " + totalRecords.toLocaleString() + " record" + (totalRecords == 1 ? "" : "s") : ""}...
- -
diff --git a/src/qqq/utils/HtmlUtils.ts b/src/qqq/utils/HtmlUtils.ts index 3d69e50..3960498 100644 --- a/src/qqq/utils/HtmlUtils.ts +++ b/src/qqq/utils/HtmlUtils.ts @@ -63,6 +63,10 @@ export default class HtmlUtils /******************************************************************************* ** Download a server-side generated file (or the contents of a data: url) + ** + ** todo - this could be simplified (i think?) + ** it was originally built like this when we had to submit full access token to backend... + ** *******************************************************************************/ static downloadUrlViaIFrame = (url: string, filename: string) => { @@ -95,18 +99,6 @@ export default class HtmlUtils form.setAttribute("target", "downloadIframe"); iframe.appendChild(form); - ///////////////////////////////////////////////////////////////////////////////////////////// - // todo#authHeader - remove after comfortable with sessionUUID // - // todo - this could be simplified (i think?) // - // it was originally built like this when we had to submit full access token to backend... // - ///////////////////////////////////////////////////////////////////////////////////////////// - const authorizationInput = document.createElement("input"); - authorizationInput.setAttribute("type", "hidden"); - authorizationInput.setAttribute("id", "authorizationInput"); - authorizationInput.setAttribute("name", "Authorization"); - authorizationInput.setAttribute("value", Client.getInstance().getAuthorizationHeaderValue()); - form.appendChild(authorizationInput); - const downloadInput = document.createElement("input"); downloadInput.setAttribute("type", "hidden"); downloadInput.setAttribute("name", "download"); @@ -118,15 +110,16 @@ export default class HtmlUtils /******************************************************************************* ** Open a server-side generated file from a url in a new window (or a data: url) + ** + ** todo - this could be simplified (i think?) + ** it was originally built like this when we had to submit full access token to backend... + ** *******************************************************************************/ static openInNewWindow = (url: string, filename: string) => { if(url.startsWith("data:")) { ///////////////////////////////////////////////////////////////////////////////////////////// - // todo#authHeader - remove the Authorization input after comfortable with sessionUUID // - // todo - this could be simplified (i think?) // - // it was originally built like this when we had to submit full access token to backend... // ///////////////////////////////////////////////////////////////////////////////////////////// const openInWindow = window.open("", "_blank"); openInWindow.document.write(` @@ -154,7 +147,6 @@ export default class HtmlUtils Opening ${filename}...
-
`); diff --git a/src/qqq/utils/qqq/Client.ts b/src/qqq/utils/qqq/Client.ts index 4875daa..d75aa08 100644 --- a/src/qqq/utils/qqq/Client.ts +++ b/src/qqq/utils/qqq/Client.ts @@ -29,11 +29,18 @@ import {QException} from "@kingsrook/qqq-frontend-core/lib/exceptions/QException class Client { private static qController: QController; + private static unauthorizedCallback: () => void; private static handleException(exception: QException) { - // todo - check for 401 and clear cookie et al & logout? console.log(`Caught Exception: ${JSON.stringify(exception)}`); + + if(exception && exception.status == "401" && Client.unauthorizedCallback) + { + console.log("This is a 401 - calling the unauthorized callback."); + Client.unauthorizedCallback(); + } + throw (exception); } @@ -46,6 +53,11 @@ class Client return this.qController; } + + static setUnauthorizedCallback(unauthorizedCallback: () => void) + { + Client.unauthorizedCallback = unauthorizedCallback; + } } export default Client;