From 636301e664416fb085f704d83deb7f39ee0a91a7 Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Sun, 8 May 2022 02:49:16 +0500
Subject: [PATCH 1/3] fix: reqHeadrs.txt will contain headers to access APIs

---
 api/src/controllers/code.ts               | 15 +--------------
 api/src/controllers/internal/Execution.ts |  4 ++--
 api/src/controllers/stp.ts                | 15 +--------------
 api/src/types/PreProgramVars.ts           |  2 +-
 api/src/utils/getPreProgramVariables.ts   | 23 +++++++++++++++++++++++
 api/src/utils/index.ts                    |  1 +
 restClient/session.rest                   |  3 ++-
 7 files changed, 31 insertions(+), 32 deletions(-)
 create mode 100644 api/src/utils/getPreProgramVariables.ts

diff --git a/api/src/controllers/code.ts b/api/src/controllers/code.ts
index a2e7bd3..80d1837 100644
--- a/api/src/controllers/code.ts
+++ b/api/src/controllers/code.ts
@@ -3,7 +3,7 @@ import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
 import { ExecuteReturnJson, ExecutionController } from './internal'
 import { PreProgramVars } from '../types'
 import { ExecuteReturnJsonResponse } from '.'
-import { parseLogToArray } from '../utils'
+import { getPreProgramVariables, parseLogToArray } from '../utils'
 
 interface ExecuteSASCodePayload {
   /**
@@ -56,16 +56,3 @@ const executeSASCode = async (req: any, { code }: ExecuteSASCodePayload) => {
     }
   }
 }
-
-const getPreProgramVariables = (req: any): PreProgramVars => {
-  const host = req.get('host')
-  const protocol = req.protocol + '://'
-  const { user, accessToken } = req
-  return {
-    username: user.username,
-    userId: user.userId,
-    displayName: user.displayName,
-    serverUrl: protocol + host,
-    accessToken
-  }
-}
diff --git a/api/src/controllers/internal/Execution.ts b/api/src/controllers/internal/Execution.ts
index f0a828d..c7fde8e 100644
--- a/api/src/controllers/internal/Execution.ts
+++ b/api/src/controllers/internal/Execution.ts
@@ -75,12 +75,12 @@ export class ExecutionController {
     const logPath = path.join(session.path, 'log.log')
     const headersPath = path.join(session.path, 'stpsrv_header.txt')
     const weboutPath = path.join(session.path, 'webout.txt')
-    const tokenFile = path.join(session.path, 'accessToken.txt')
+    const tokenFile = path.join(session.path, 'reqHeaders.txt')
 
     await createFile(weboutPath, '')
     await createFile(
       tokenFile,
-      preProgramVariables?.accessToken ?? 'accessToken'
+      preProgramVariables?.httpHeaders.join('\n') ?? ''
     )
 
     const varStatments = Object.keys(vars).reduce(
diff --git a/api/src/controllers/stp.ts b/api/src/controllers/stp.ts
index 4a72c5d..0d25ff0 100644
--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -17,8 +17,8 @@ import {
   ExecutionController,
   ExecutionVars
 } from './internal'
-import { PreProgramVars } from '../types'
 import {
+  getPreProgramVariables,
   getTmpFilesFolderPath,
   HTTPHeaders,
   isDebugOn,
@@ -210,16 +210,3 @@ const executeReturnJson = async (
     }
   }
 }
-
-const getPreProgramVariables = (req: any): PreProgramVars => {
-  const host = req.get('host')
-  const protocol = req.protocol + '://'
-  const { user, accessToken } = req
-  return {
-    username: user.username,
-    userId: user.userId,
-    displayName: user.displayName,
-    serverUrl: protocol + host,
-    accessToken
-  }
-}
diff --git a/api/src/types/PreProgramVars.ts b/api/src/types/PreProgramVars.ts
index 2010432..1304aa9 100644
--- a/api/src/types/PreProgramVars.ts
+++ b/api/src/types/PreProgramVars.ts
@@ -3,5 +3,5 @@ export interface PreProgramVars {
   userId: number
   displayName: string
   serverUrl: string
-  accessToken: string
+  httpHeaders: string[]
 }
diff --git a/api/src/utils/getPreProgramVariables.ts b/api/src/utils/getPreProgramVariables.ts
new file mode 100644
index 0000000..e8a8fa8
--- /dev/null
+++ b/api/src/utils/getPreProgramVariables.ts
@@ -0,0 +1,23 @@
+import { PreProgramVars } from '../types'
+
+export const getPreProgramVariables = (req: any): PreProgramVars => {
+  const host = req.get('host')
+  const protocol = req.protocol + '://'
+  const { user, accessToken } = req
+  const csrfToken = req.headers['x-xsrf-token']
+  const sessionId = req.cookies['connect.sid']
+
+  const httpHeaders: string[] = []
+
+  if (accessToken) httpHeaders.push(`Authorization: Bearer ${accessToken}`)
+  if (csrfToken) httpHeaders.push(`x-xsrf-token: ${csrfToken}`)
+  if (sessionId) httpHeaders.push(`cookie: connect.sid=${sessionId}`)
+
+  return {
+    username: user.username,
+    userId: user.userId,
+    displayName: user.displayName,
+    serverUrl: protocol + host,
+    httpHeaders
+  }
+}
diff --git a/api/src/utils/index.ts b/api/src/utils/index.ts
index 76a646e..77dfc05 100644
--- a/api/src/utils/index.ts
+++ b/api/src/utils/index.ts
@@ -8,6 +8,7 @@ export * from './generateAuthCode'
 export * from './generateRefreshToken'
 export * from './getCertificates'
 export * from './getDesktopFields'
+export * from './getPreProgramVariables'
 export * from './isDebugOn'
 export * from './parseLogToArray'
 export * from './removeTokensInDB'
diff --git a/restClient/session.rest b/restClient/session.rest
index 31b96fc..d1bfed1 100644
--- a/restClient/session.rest
+++ b/restClient/session.rest
@@ -1,2 +1,3 @@
-### Get current user's info via access token
+### Get current user's info via session ID
 GET http://localhost:5000/SASjsApi/session
+cookie: connect.sid=s:G2DeFdKuWhnmTOsTHmTWrxAXPx2P6TLD.JyNLxfACC1w3NlFQFfL5chyxtrqbPYmS6iButRc1goE
\ No newline at end of file

From 4a8e32dd20b540b6dc92d749fad90d6c7fc69376 Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Sun, 8 May 2022 03:18:04 +0500
Subject: [PATCH 2/3] fix: added more cookies to req

---
 api/src/utils/getPreProgramVariables.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/api/src/utils/getPreProgramVariables.ts b/api/src/utils/getPreProgramVariables.ts
index e8a8fa8..5a9e512 100644
--- a/api/src/utils/getPreProgramVariables.ts
+++ b/api/src/utils/getPreProgramVariables.ts
@@ -6,12 +6,18 @@ export const getPreProgramVariables = (req: any): PreProgramVars => {
   const { user, accessToken } = req
   const csrfToken = req.headers['x-xsrf-token']
   const sessionId = req.cookies['connect.sid']
+  const { _csrf } = req.cookies
 
   const httpHeaders: string[] = []
 
   if (accessToken) httpHeaders.push(`Authorization: Bearer ${accessToken}`)
   if (csrfToken) httpHeaders.push(`x-xsrf-token: ${csrfToken}`)
-  if (sessionId) httpHeaders.push(`cookie: connect.sid=${sessionId}`)
+
+  const cookies: string[] = []
+  if (sessionId) cookies.push(`connect.sid=${sessionId}`)
+  if (_csrf) cookies.push(`_csrf=${_csrf}`)
+
+  if (cookies.length) httpHeaders.push(`cookie: ${cookies.join('; ')}`)
 
   return {
     username: user.username,

From c0b57b9e76d6db33fc64a68556a8be979dd69e40 Mon Sep 17 00:00:00 2001
From: Allan Bowe <allnbwe@gmail.com>
Date: Sat, 7 May 2022 22:31:44 +0000
Subject: [PATCH 3/3] fix: bumping core

---
 api/package-lock.json | 14 +++++++-------
 api/package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/api/package-lock.json b/api/package-lock.json
index f925f4b..e9ab549 100644
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -8,7 +8,7 @@
       "name": "api",
       "version": "0.0.2",
       "dependencies": {
-        "@sasjs/core": "^4.19.0",
+        "@sasjs/core": "^4.23.1",
         "@sasjs/utils": "2.42.1",
         "bcryptjs": "^2.4.3",
         "connect-mongo": "^4.6.0",
@@ -1385,9 +1385,9 @@
       }
     },
     "node_modules/@sasjs/core": {
-      "version": "4.19.0",
-      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.19.0.tgz",
-      "integrity": "sha512-vG2YHJveQUQqN0YBhapXb8y+Qp4OniHzRedlqKRxyL0Pc+kwXx5co4Vo+dcOI5/MX0p+8oERP2aCR77s4FEUJg=="
+      "version": "4.23.1",
+      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.23.1.tgz",
+      "integrity": "sha512-9d6yEPJRRvPLMUkpyaiQ62SXNMMyt2l815jxWgFjnVOxKeUQv9TPyZqZ0FpmWdVe6EY8dv8GLlyaBpOLDnY6Vg=="
     },
     "node_modules/@sasjs/utils": {
       "version": "2.42.1",
@@ -11358,9 +11358,9 @@
       }
     },
     "@sasjs/core": {
-      "version": "4.19.0",
-      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.19.0.tgz",
-      "integrity": "sha512-vG2YHJveQUQqN0YBhapXb8y+Qp4OniHzRedlqKRxyL0Pc+kwXx5co4Vo+dcOI5/MX0p+8oERP2aCR77s4FEUJg=="
+      "version": "4.23.1",
+      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.23.1.tgz",
+      "integrity": "sha512-9d6yEPJRRvPLMUkpyaiQ62SXNMMyt2l815jxWgFjnVOxKeUQv9TPyZqZ0FpmWdVe6EY8dv8GLlyaBpOLDnY6Vg=="
     },
     "@sasjs/utils": {
       "version": "2.42.1",
diff --git a/api/package.json b/api/package.json
index bc78d95..663da85 100644
--- a/api/package.json
+++ b/api/package.json
@@ -47,7 +47,7 @@
   },
   "author": "4GL Ltd",
   "dependencies": {
-    "@sasjs/core": "^4.19.0",
+    "@sasjs/core": "^4.23.1",
     "@sasjs/utils": "2.42.1",
     "bcryptjs": "^2.4.3",
     "connect-mongo": "^4.6.0",