mirror of
https://github.com/Kingsrook/qqq-frontend-material-dashboard.git
synced 2025-07-18 05:10:45 +00:00
Remove Authorization: <accessToken> from all posts
This commit is contained in:
20
src/App.tsx
20
src/App.tsx
@ -73,6 +73,14 @@ export default function App()
|
|||||||
const [loggedInUser, setLoggedInUser] = useState({} as { name?: string, email?: string });
|
const [loggedInUser, setLoggedInUser] = useState({} as { name?: string, email?: string });
|
||||||
const [defaultRoute, setDefaultRoute] = useState("/no-apps");
|
const [defaultRoute, setDefaultRoute] = useState("/no-apps");
|
||||||
|
|
||||||
|
/////////////////////////////////////////////////////////
|
||||||
|
// tell the client how to do a logout if it sees a 401 //
|
||||||
|
/////////////////////////////////////////////////////////
|
||||||
|
Client.setUnauthorizedCallback(() =>
|
||||||
|
{
|
||||||
|
logout();
|
||||||
|
})
|
||||||
|
|
||||||
const shouldStoreNewToken = (newToken: string, oldToken: string): boolean =>
|
const shouldStoreNewToken = (newToken: string, oldToken: string): boolean =>
|
||||||
{
|
{
|
||||||
if (!cookies[SESSION_UUID_COOKIE_NAME])
|
if (!cookies[SESSION_UUID_COOKIE_NAME])
|
||||||
@ -167,18 +175,8 @@ export default function App()
|
|||||||
console.log("Using existing sessionUUID cookie");
|
console.log("Using existing sessionUUID cookie");
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// todo#authHeader - this is our quick rollback plan - if we feel the need to stop using the cookie approach. //
|
|
||||||
// we turn off the shouldStoreNewToken block above, and turn on these 2 lines. //
|
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
removeCookie(SESSION_UUID_COOKIE_NAME, {path: "/"});
|
|
||||||
localStorage.removeItem("accessToken");
|
|
||||||
*/
|
|
||||||
|
|
||||||
setIsFullyAuthenticated(true);
|
setIsFullyAuthenticated(true);
|
||||||
qController.setGotAuthentication();
|
qController.setGotAuthentication();
|
||||||
qController.setAuthorizationHeaderValue("Bearer " + accessToken);
|
|
||||||
|
|
||||||
setLoggedInUser(user);
|
setLoggedInUser(user);
|
||||||
console.log("Token load complete.");
|
console.log("Token load complete.");
|
||||||
@ -199,8 +197,8 @@ export default function App()
|
|||||||
// use a random token if anonymous or mock //
|
// use a random token if anonymous or mock //
|
||||||
/////////////////////////////////////////////
|
/////////////////////////////////////////////
|
||||||
console.log("Generating random token...");
|
console.log("Generating random token...");
|
||||||
qController.setAuthorizationHeaderValue(Md5.hashStr(`${new Date()}`));
|
|
||||||
setIsFullyAuthenticated(true);
|
setIsFullyAuthenticated(true);
|
||||||
|
qController.setGotAuthentication();
|
||||||
setCookie(SESSION_UUID_COOKIE_NAME, Md5.hashStr(`${new Date()}`), {path: "/"});
|
setCookie(SESSION_UUID_COOKIE_NAME, Md5.hashStr(`${new Date()}`), {path: "/"});
|
||||||
console.log("Token generation complete.");
|
console.log("Token generation complete.");
|
||||||
return;
|
return;
|
||||||
|
|||||||
@ -229,7 +229,7 @@ function ProcessRun({process, table, defaultProcessValues, isModal, isWidget, is
|
|||||||
const download = (url: string, fileName: string) =>
|
const download = (url: string, fileName: string) =>
|
||||||
{
|
{
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// todo - this could be simplified. //
|
// todo - this could be simplified, i think? //
|
||||||
// it was originally built like this when we had to submit full access token to backend... //
|
// it was originally built like this when we had to submit full access token to backend... //
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
let xhr = new XMLHttpRequest();
|
let xhr = new XMLHttpRequest();
|
||||||
@ -237,12 +237,6 @@ function ProcessRun({process, table, defaultProcessValues, isModal, isWidget, is
|
|||||||
xhr.responseType = "blob";
|
xhr.responseType = "blob";
|
||||||
let formData = new FormData();
|
let formData = new FormData();
|
||||||
|
|
||||||
////////////////////////////////////
|
|
||||||
// todo#authHeader - delete this. //
|
|
||||||
////////////////////////////////////
|
|
||||||
const qController = Client.getInstance();
|
|
||||||
formData.append("Authorization", qController.getAuthorizationHeaderValue());
|
|
||||||
|
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
xhr.send(formData);
|
xhr.send(formData);
|
||||||
|
|
||||||
|
|||||||
@ -1136,8 +1136,6 @@ function RecordQuery({table, launchProcess}: Props): JSX.Element
|
|||||||
<body>
|
<body>
|
||||||
Generating file <u>${filename}</u>${totalRecords ? " with " + totalRecords.toLocaleString() + " record" + (totalRecords == 1 ? "" : "s") : ""}...
|
Generating file <u>${filename}</u>${totalRecords ? " with " + totalRecords.toLocaleString() + " record" + (totalRecords == 1 ? "" : "s") : ""}...
|
||||||
<form id="exportForm" method="post" action="${url}" >
|
<form id="exportForm" method="post" action="${url}" >
|
||||||
<!-- todo#authHeader - remove this. -->
|
|
||||||
<input type="hidden" name="Authorization" value="${qController.getAuthorizationHeaderValue()}">
|
|
||||||
<input type="hidden" name="fields" value="${visibleFields.join(",")}">
|
<input type="hidden" name="fields" value="${visibleFields.join(",")}">
|
||||||
<input type="hidden" name="filter" id="filter">
|
<input type="hidden" name="filter" id="filter">
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -63,6 +63,10 @@ export default class HtmlUtils
|
|||||||
|
|
||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
** Download a server-side generated file (or the contents of a data: url)
|
** Download a server-side generated file (or the contents of a data: url)
|
||||||
|
**
|
||||||
|
** todo - this could be simplified (i think?)
|
||||||
|
** it was originally built like this when we had to submit full access token to backend...
|
||||||
|
**
|
||||||
*******************************************************************************/
|
*******************************************************************************/
|
||||||
static downloadUrlViaIFrame = (url: string, filename: string) =>
|
static downloadUrlViaIFrame = (url: string, filename: string) =>
|
||||||
{
|
{
|
||||||
@ -95,18 +99,6 @@ export default class HtmlUtils
|
|||||||
form.setAttribute("target", "downloadIframe");
|
form.setAttribute("target", "downloadIframe");
|
||||||
iframe.appendChild(form);
|
iframe.appendChild(form);
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// todo#authHeader - remove after comfortable with sessionUUID //
|
|
||||||
// todo - this could be simplified (i think?) //
|
|
||||||
// it was originally built like this when we had to submit full access token to backend... //
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
const authorizationInput = document.createElement("input");
|
|
||||||
authorizationInput.setAttribute("type", "hidden");
|
|
||||||
authorizationInput.setAttribute("id", "authorizationInput");
|
|
||||||
authorizationInput.setAttribute("name", "Authorization");
|
|
||||||
authorizationInput.setAttribute("value", Client.getInstance().getAuthorizationHeaderValue());
|
|
||||||
form.appendChild(authorizationInput);
|
|
||||||
|
|
||||||
const downloadInput = document.createElement("input");
|
const downloadInput = document.createElement("input");
|
||||||
downloadInput.setAttribute("type", "hidden");
|
downloadInput.setAttribute("type", "hidden");
|
||||||
downloadInput.setAttribute("name", "download");
|
downloadInput.setAttribute("name", "download");
|
||||||
@ -118,15 +110,16 @@ export default class HtmlUtils
|
|||||||
|
|
||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
** Open a server-side generated file from a url in a new window (or a data: url)
|
** Open a server-side generated file from a url in a new window (or a data: url)
|
||||||
|
**
|
||||||
|
** todo - this could be simplified (i think?)
|
||||||
|
** it was originally built like this when we had to submit full access token to backend...
|
||||||
|
**
|
||||||
*******************************************************************************/
|
*******************************************************************************/
|
||||||
static openInNewWindow = (url: string, filename: string) =>
|
static openInNewWindow = (url: string, filename: string) =>
|
||||||
{
|
{
|
||||||
if(url.startsWith("data:"))
|
if(url.startsWith("data:"))
|
||||||
{
|
{
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// todo#authHeader - remove the Authorization input after comfortable with sessionUUID //
|
|
||||||
// todo - this could be simplified (i think?) //
|
|
||||||
// it was originally built like this when we had to submit full access token to backend... //
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
const openInWindow = window.open("", "_blank");
|
const openInWindow = window.open("", "_blank");
|
||||||
openInWindow.document.write(`<html lang="en">
|
openInWindow.document.write(`<html lang="en">
|
||||||
@ -154,7 +147,6 @@ export default class HtmlUtils
|
|||||||
<body>
|
<body>
|
||||||
Opening ${filename}...
|
Opening ${filename}...
|
||||||
<form id="exportForm" method="post" action="${url}" >
|
<form id="exportForm" method="post" action="${url}" >
|
||||||
<input type="hidden" name="Authorization" value="${Client.getInstance().getAuthorizationHeaderValue()}">
|
|
||||||
</form>
|
</form>
|
||||||
</body>
|
</body>
|
||||||
</html>`);
|
</html>`);
|
||||||
|
|||||||
@ -29,11 +29,18 @@ import {QException} from "@kingsrook/qqq-frontend-core/lib/exceptions/QException
|
|||||||
class Client
|
class Client
|
||||||
{
|
{
|
||||||
private static qController: QController;
|
private static qController: QController;
|
||||||
|
private static unauthorizedCallback: () => void;
|
||||||
|
|
||||||
private static handleException(exception: QException)
|
private static handleException(exception: QException)
|
||||||
{
|
{
|
||||||
// todo - check for 401 and clear cookie et al & logout?
|
|
||||||
console.log(`Caught Exception: ${JSON.stringify(exception)}`);
|
console.log(`Caught Exception: ${JSON.stringify(exception)}`);
|
||||||
|
|
||||||
|
if(exception && exception.status == "401" && Client.unauthorizedCallback)
|
||||||
|
{
|
||||||
|
console.log("This is a 401 - calling the unauthorized callback.");
|
||||||
|
Client.unauthorizedCallback();
|
||||||
|
}
|
||||||
|
|
||||||
throw (exception);
|
throw (exception);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,6 +53,11 @@ class Client
|
|||||||
|
|
||||||
return this.qController;
|
return this.qController;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static setUnauthorizedCallback(unauthorizedCallback: () => void)
|
||||||
|
{
|
||||||
|
Client.unauthorizedCallback = unauthorizedCallback;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export default Client;
|
export default Client;
|
||||||
|
|||||||
Reference in New Issue
Block a user