sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-13 00:50:06 +00:00
Code Issues Projects Releases Wiki Activity

fix: consume swagger api with CSRF

Browse Source
This commit is contained in:
Saad Jutt
2022-05-01 06:07:17 +05:00
parent 6d34206bbc
commit 5aaac24080
6 changed files with 67 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/routes/api/index.ts
View File

@@ -36,12 +36,22 @@ router.use('/group', desktopRestrict, groupRouter)
router.use('/stp', authenticateAccessToken, stpRouter)
router.use('/code', authenticateAccessToken, codeRouter)
router.use('/user', desktopRestrict, userRouter)
router.use(
'/',
swaggerUi.serve,
swaggerUi.setup(undefined, {
swaggerOptions: {
url: '/swagger.yaml'
url: '/swagger.yaml',
requestInterceptor: (request: any) => {
request.credentials = 'include'
const cookie = document.cookie
const startIndex = cookie.indexOf('XSRF-TOKEN')
const csrf = cookie.slice(startIndex + 11).split('; ')[0]
request.headers['X-XSRF-TOKEN'] = csrf
return request
}
}
})
)

19
api/src/routes/web/web.ts
View File

@@ -1,21 +1,14 @@
import path from 'path'
import express from 'express'
import { readFile } from '@sasjs/utils'
import { WebController } from '../../controllers/web'
import { getWebBuildFolderPath, loginWebValidation } from '../../utils'
import { loginWebValidation } from '../../utils'
const webRouter = express.Router()
const controller = new WebController()
webRouter.get('/', async (req, res) => {
const indexHtmlPath = path.join(getWebBuildFolderPath(), 'index.html')
try {
// Attention! Cannot use fileExists here, due to limitation after building executable
const content = await readFile(indexHtmlPath)
res.cookie('XSRF-TOKEN', req.csrfToken())
res.setHeader('Content-Type', 'text/html')
return res.send(content)
const response = await controller.home(req)
return res.send(response)
} catch (_) {
return res.send('Web Build is not present')
}
@@ -25,7 +18,6 @@ webRouter.post('/login', async (req, res) => {
const { error, value: body } = loginWebValidation(req.body)
if (error) return res.status(400).send(error.details[0].message)
const controller = new WebController()
try {
const response = await controller.login(req, body)
res.send(response)
@@ -35,10 +27,9 @@ webRouter.post('/login', async (req, res) => {
})
webRouter.get('/logout', async (req, res) => {
const controller = new WebController()
try {
await controller.logout(req)
res.status(200).send()
res.status(200).send('OK!')
} catch (err: any) {
res.status(400).send(err.toString())
}