From 65380be2f3945bae559f1749064845b514447a53 Mon Sep 17 00:00:00 2001 From: Sabir Hassan Date: Wed, 22 Jun 2022 00:24:41 +0500 Subject: [PATCH 1/2] fix: update /logout route to /SASLogon/logout --- api/public/swagger.yaml | 14 +++++++------- api/src/controllers/web.ts | 4 ++-- api/src/routes/web/web.ts | 2 +- web/src/context/appContext.tsx | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/api/public/swagger.yaml b/api/public/swagger.yaml index 6acdb14..d8d6f7d 100644 --- a/api/public/swagger.yaml +++ b/api/public/swagger.yaml @@ -624,7 +624,7 @@ paths: application/json: schema: $ref: '#/components/schemas/AuthorizePayload' - /logout: + /SASLogon/logout: get: operationId: Logout responses: @@ -633,7 +633,7 @@ paths: content: application/json: schema: {} - summary: 'Accept a valid username/password' + summary: 'Destroy the session stored in cookies' tags: - Web security: [] @@ -763,7 +763,7 @@ paths: examples: 'Example 1': value: {status: failure, message: 'Deployment failed!'} - description: "Accepts JSON file and zipped compressed JSON file as well.\r\nCompressed file should only contain one JSON file and should have same name\r\nas of compressed file e.g. deploy.JSON should be compressed to deploy.JSON.zip\r\nAny other file or JSON file in zipped will be ignored!" + description: "Accepts JSON file and zipped compressed JSON file as well.\nCompressed file should only contain one JSON file and should have same name\nas of compressed file e.g. deploy.JSON should be compressed to deploy.JSON.zip\nAny other file or JSON file in zipped will be ignored!" summary: 'Creates/updates files within SASjs Drive using uploaded JSON/compressed JSON file.' tags: - Drive @@ -851,7 +851,7 @@ paths: examples: 'Example 1': value: {status: failure, message: 'File request failed.'} - description: "It's optional to either provide `_filePath` in url as query parameter\r\nOr provide `filePath` in body as form field.\r\nBut it's required to provide else API will respond with Bad Request." + description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provide else API will respond with Bad Request." summary: 'Create a file in SASjs Drive' tags: - Drive @@ -902,7 +902,7 @@ paths: examples: 'Example 1': value: {status: failure, message: 'File request failed.'} - description: "It's optional to either provide `_filePath` in url as query parameter\r\nOr provide `filePath` in body as form field.\r\nBut it's required to provide else API will respond with Bad Request." + description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provide else API will respond with Bad Request." summary: 'Modify a file in SASjs Drive' tags: - Drive @@ -1454,7 +1454,7 @@ paths: anyOf: - {type: string} - {type: string, format: byte} - description: "Trigger a SAS or JS program using the _program URL parameter.\r\n\r\nAccepts URL parameters and file uploads. For more details, see docs:\r\n\r\nhttps://server.sasjs.io/storedprograms" + description: "Trigger a SAS or JS program using the _program URL parameter.\n\nAccepts URL parameters and file uploads. For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms" summary: 'Execute a Stored Program, returns raw _webout content.' tags: - STP @@ -1482,7 +1482,7 @@ paths: examples: 'Example 1': value: {status: success, _webout: 'webout content', log: [], httpHeaders: {Content-type: application/zip, Cache-Control: 'public, max-age=1000'}} - description: "Trigger a SAS or JS program using the _program URL parameter.\r\n\r\nAccepts URL parameters and file uploads. For more details, see docs:\r\n\r\nhttps://server.sasjs.io/storedprograms\r\n\r\nThe response will be a JSON object with the following root attributes:\r\nlog, webout, headers.\r\n\r\nThe webout attribute will be nested JSON ONLY if the response-header\r\ncontains a content-type of application/json AND it is valid JSON.\r\nOtherwise it will be a stringified version of the webout content." + description: "Trigger a SAS or JS program using the _program URL parameter.\n\nAccepts URL parameters and file uploads. For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms\n\nThe response will be a JSON object with the following root attributes:\nlog, webout, headers.\n\nThe webout attribute will be nested JSON ONLY if the response-header\ncontains a content-type of application/json AND it is valid JSON.\nOtherwise it will be a stringified version of the webout content." summary: 'Execute a Stored Program, return a JSON object' tags: - STP diff --git a/api/src/controllers/web.ts b/api/src/controllers/web.ts index e64b3a4..7cef99d 100644 --- a/api/src/controllers/web.ts +++ b/api/src/controllers/web.ts @@ -49,10 +49,10 @@ export class WebController { } /** - * @summary Accept a valid username/password + * @summary Destroy the session stored in cookies * */ - @Get('/logout') + @Get('/SASLogon/logout') public async logout(@Request() req: express.Request) { return new Promise((resolve) => { req.session.destroy(() => { diff --git a/api/src/routes/web/web.ts b/api/src/routes/web/web.ts index c4d817c..0cd9283 100644 --- a/api/src/routes/web/web.ts +++ b/api/src/routes/web/web.ts @@ -48,7 +48,7 @@ webRouter.post( } ) -webRouter.get('/logout', desktopRestrict, async (req, res) => { +webRouter.get('/SASLogon/logout', desktopRestrict, async (req, res) => { try { await controller.logout(req) res.status(200).send('OK!') diff --git a/web/src/context/appContext.tsx b/web/src/context/appContext.tsx index 52c6a63..a91d8e3 100644 --- a/web/src/context/appContext.tsx +++ b/web/src/context/appContext.tsx @@ -88,7 +88,7 @@ const AppContextProvider = (props: { children: ReactNode }) => { }, []) const logout = useCallback(() => { - axios.get('/logout').then(() => { + axios.get('/SASLogon/logout').then(() => { setLoggedIn(false) setUsername('') setDisplayName('') From 1b5859ee37ae73c419115b9debfd5141a79733de Mon Sep 17 00:00:00 2001 From: Sabir Hassan Date: Wed, 22 Jun 2022 00:25:41 +0500 Subject: [PATCH 2/2] fix: make CA_ROOT optional in getCertificates method --- api/src/utils/getCertificates.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/api/src/utils/getCertificates.ts b/api/src/utils/getCertificates.ts index 8b59a26..6c295e0 100644 --- a/api/src/utils/getCertificates.ts +++ b/api/src/utils/getCertificates.ts @@ -4,17 +4,19 @@ import { fileExists, getString, readFile } from '@sasjs/utils' export const getCertificates = async () => { const { PRIVATE_KEY, CERT_CHAIN, CA_ROOT } = process.env + let ca + const keyPath = PRIVATE_KEY ?? (await getFileInput('Private Key (PEM)')) const certPath = CERT_CHAIN ?? (await getFileInput('Certificate Chain (PEM)')) - const caPath = CA_ROOT ?? (await getFileInput('CA ROOT (PEM)')) + const caPath = CA_ROOT console.log('keyPath: ', keyPath) console.log('certPath: ', certPath) - console.log('caPath: ', caPath) + if (caPath) console.log('caPath: ', caPath) const key = await readFile(keyPath) const cert = await readFile(certPath) - const ca = await readFile(caPath) + if (caPath) ca = await readFile(caPath) return { key, cert, ca } }