sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-10 07:50:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #83 from sasjs/issue-52

Browse Source 
fix: added cookie for accessToken
This commit is contained in:
Muhammad Saad
2022-03-14 05:35:59 +05:00
committed by GitHub
parent 0f4e38d51d 3d583ff21d
commit a0c27ea8d3
15 changed files with 470 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
api/package-lock.json generated
View File

@@ -11,6 +11,7 @@
"@sasjs/core": "4.9.0", "@sasjs/core": "4.9.0",
"@sasjs/utils": "2.34.1", "@sasjs/utils": "2.34.1",
"bcryptjs": "^2.4.3", "bcryptjs": "^2.4.3",
"cookie-parser": "^1.4.6",
"cors": "^2.8.5", "cors": "^2.8.5",
"express": "^4.17.1", "express": "^4.17.1",
"joi": "^17.4.2", "joi": "^17.4.2",
@@ -27,6 +28,7 @@
}, },
"devDependencies": { "devDependencies": {
"@types/bcryptjs": "^2.4.2", "@types/bcryptjs": "^2.4.2",
"@types/cookie-parser": "^1.4.2",
"@types/cors": "^2.8.12", "@types/cors": "^2.8.12",
"@types/express": "^4.17.12", "@types/express": "^4.17.12",
"@types/jest": "^26.0.24", "@types/jest": "^26.0.24",
@@ -1794,6 +1796,15 @@
"@types/node": "*" "@types/node": "*"
} }
}, },
"node_modules/@types/cookie-parser": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/@types/cookie-parser/-/cookie-parser-1.4.2.tgz",
"integrity": "sha512-uwcY8m6SDQqciHsqcKDGbo10GdasYsPCYkH3hVegj9qAah6pX5HivOnOuI3WYmyQMnOATV39zv/Ybs0bC/6iVg==",
"dev": true,
"dependencies": {
"@types/express": "*"
}
},
"node_modules/@types/cookiejar": { "node_modules/@types/cookiejar": {
"version": "2.1.2", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/@types/cookiejar/-/cookiejar-2.1.2.tgz", "resolved": "https://registry.npmjs.org/@types/cookiejar/-/cookiejar-2.1.2.tgz",
@@ -3254,6 +3265,26 @@
"node": ">= 0.6" "node": ">= 0.6"
} }
}, },
"node_modules/cookie-parser": {
"version": "1.4.6",
"resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz",
"integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==",
"dependencies": {
"cookie": "0.4.1",
"cookie-signature": "1.0.6"
},
"engines": {
"node": ">= 0.8.0"
}
},
"node_modules/cookie-parser/node_modules/cookie": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz",
"integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/cookie-signature": { "node_modules/cookie-signature": {
"version": "1.0.6", "version": "1.0.6",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -11381,6 +11412,15 @@
"@types/node": "*" "@types/node": "*"
} }
}, },
"@types/cookie-parser": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/@types/cookie-parser/-/cookie-parser-1.4.2.tgz",
"integrity": "sha512-uwcY8m6SDQqciHsqcKDGbo10GdasYsPCYkH3hVegj9qAah6pX5HivOnOuI3WYmyQMnOATV39zv/Ybs0bC/6iVg==",
"dev": true,
"requires": {
"@types/express": "*"
}
},
"@types/cookiejar": { "@types/cookiejar": {
"version": "2.1.2", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/@types/cookiejar/-/cookiejar-2.1.2.tgz", "resolved": "https://registry.npmjs.org/@types/cookiejar/-/cookiejar-2.1.2.tgz",
@@ -12583,6 +12623,22 @@
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz", "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
"integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==" "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
}, },
"cookie-parser": {
"version": "1.4.6",
"resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz",
"integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==",
"requires": {
"cookie": "0.4.1",
"cookie-signature": "1.0.6"
},
"dependencies": {
"cookie": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz",
"integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA=="
}
}
},
"cookie-signature": { "cookie-signature": {
"version": "1.0.6", "version": "1.0.6",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",

2
api/package.json
View File

@@ -48,6 +48,7 @@
"@sasjs/core": "4.9.0", "@sasjs/core": "4.9.0",
"@sasjs/utils": "2.34.1", "@sasjs/utils": "2.34.1",
"bcryptjs": "^2.4.3", "bcryptjs": "^2.4.3",
"cookie-parser": "^1.4.6",
"cors": "^2.8.5", "cors": "^2.8.5",
"express": "^4.17.1", "express": "^4.17.1",
"joi": "^17.4.2", "joi": "^17.4.2",
@@ -61,6 +62,7 @@
}, },
"devDependencies": { "devDependencies": {
"@types/bcryptjs": "^2.4.2", "@types/bcryptjs": "^2.4.2",
"@types/cookie-parser": "^1.4.2",
"@types/cors": "^2.8.12", "@types/cors": "^2.8.12",
"@types/express": "^4.17.12", "@types/express": "^4.17.12",
"@types/jest": "^26.0.24", "@types/jest": "^26.0.24",

99
api/public/swagger.yaml
View File

@@ -233,21 +233,6 @@ components:
- status - status
type: object type: object
additionalProperties: false additionalProperties: false
FilePayload:
properties:
filePath:
type: string
description: 'Path of the file'
example: /Public/somefolder/some.file
fileContent:
type: string
description: 'Contents of the file'
example: 'Contents of the File'
required:
- filePath
- fileContent
type: object
additionalProperties: false
TreeNode: TreeNode:
properties: properties:
name: name:
@@ -600,6 +585,7 @@ paths:
responses: responses:
'204': '204':
description: 'No content' description: 'No content'
description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provide else API will respond with Bad Request."
summary: 'Get file from SASjs Drive' summary: 'Get file from SASjs Drive'
tags: tags:
- Drive - Drive
@@ -609,11 +595,57 @@ paths:
parameters: parameters:
- -
in: query in: query
name: filePath name: _filePath
required: true required: false
schema: schema:
type: string type: string
example: /Public/somefolder/some.file example: /Public/somefolder/some.file
requestBody:
required: false
content:
multipart/form-data:
schema:
type: object
properties:
filePath:
type: string
delete:
operationId: DeleteFile
responses:
'200':
description: Ok
content:
application/json:
schema:
properties:
status: {type: string}
required:
- status
type: object
description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provide else API will respond with Bad Request."
summary: 'Delete file from SASjs Drive'
tags:
- Drive
security:
-
bearerAuth: []
parameters:
-
in: query
name: _filePath
required: false
schema:
type: string
example: /Public/somefolder/some.file
requestBody:
required: false
content:
multipart/form-data:
schema:
type: object
properties:
filePath:
type: string
post: post:
operationId: SaveFile operationId: SaveFile
responses: responses:
@@ -626,7 +658,7 @@ paths:
examples: examples:
'Example 1': 'Example 1':
value: {status: success} value: {status: success}
'400': '403':
description: 'File already exists' description: 'File already exists'
content: content:
application/json: application/json:
@@ -635,7 +667,7 @@ paths:
examples: examples:
'Example 1': 'Example 1':
value: {status: failure, message: 'File request failed.'} value: {status: failure, message: 'File request failed.'}
description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provided else API will respond with Bad Request." description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provide else API will respond with Bad Request."
summary: 'Create a file in SASjs Drive' summary: 'Create a file in SASjs Drive'
tags: tags:
- Drive - Drive
@@ -677,8 +709,8 @@ paths:
examples: examples:
'Example 1': 'Example 1':
value: {status: success} value: {status: success}
'400': '403':
description: 'Unable to get File' description: ""
content: content:
application/json: application/json:
schema: schema:
@@ -686,19 +718,36 @@ paths:
examples: examples:
'Example 1': 'Example 1':
value: {status: failure, message: 'File request failed.'} value: {status: failure, message: 'File request failed.'}
description: "It's optional to either provide `_filePath` in url as query parameter\nOr provide `filePath` in body as form field.\nBut it's required to provide else API will respond with Bad Request."
summary: 'Modify a file in SASjs Drive' summary: 'Modify a file in SASjs Drive'
tags: tags:
- Drive - Drive
security: security:
- -
bearerAuth: [] bearerAuth: []
parameters: [] parameters:
-
description: 'Location of SAS program'
in: query
name: _filePath
required: false
schema:
type: string
example: /Public/somefolder/some.file.sas
requestBody: requestBody:
required: true required: true
content: content:
application/json: multipart/form-data:
schema: schema:
$ref: '#/components/schemas/FilePayload' type: object
properties:
file:
type: string
format: binary
filePath:
type: string
required:
- file
/SASjsApi/drive/filetree: /SASjsApi/drive/filetree:
get: get:
operationId: GetFileTree operationId: GetFileTree
@@ -1054,7 +1103,7 @@ paths:
anyOf: anyOf:
- {type: string} - {type: string}
- {type: string, format: byte} - {type: string, format: byte}
description: "Trigger a SAS program using it's location in the _program URL parameter.\nEnable debugging using the _debug URL parameter. Setting _debug=131 will\ncause the log to be streamed in the output.\n\nAdditional URL parameters are turned into SAS macro variables.\n\nAny files provided in the request body are placed into the SAS session with\ncorresponding _WEBIN_XXX variables created.\n\nThe response headers can be adjusted using the mfs_httpheader() macro. Any\nfile type can be returned, including binary files such as zip or xls.\n\nThis behaviour differs for POST requests, in which case the reponse is\nalways JSON." description: "Trigger a SAS program using it's location in the _program URL parameter.\nEnable debugging using the _debug URL parameter. Setting _debug=131 will\ncause the log to be streamed in the output.\n\nAdditional URL parameters are turned into SAS macro variables.\n\nAny files provided in the request body are placed into the SAS session with\ncorresponding _WEBIN_XXX variables created.\n\nThe response headers can be adjusted using the mfs_httpheader() macro. Any\nfile type can be returned, including binary files such as zip or xls.\n\nIf _debug is >= 131, response headers will contain Content-Type: 'text/plain'\n\nThis behaviour differs for POST requests, in which case the response is\nalways JSON."
summary: 'Execute Stored Program, return raw _webout content.' summary: 'Execute Stored Program, return raw _webout content.'
tags: tags:
- STP - STP

4
api/src/app.ts
View File

@@ -1,6 +1,7 @@
import path from 'path' import path from 'path'
import express, { ErrorRequestHandler } from 'express' import express, { ErrorRequestHandler } from 'express'
import morgan from 'morgan' import morgan from 'morgan'
import cookieParser from 'cookie-parser'
import dotenv from 'dotenv' import dotenv from 'dotenv'
import cors from 'cors' import cors from 'cors'
@@ -26,8 +27,9 @@ if (MODE?.trim() !== 'server' || CORS?.trim() === 'enable') {
app.use(cors({ credentials: true, origin: whiteList })) app.use(cors({ credentials: true, origin: whiteList }))
} }
app.use(express.json({ limit: '50mb' })) app.use(cookieParser())
app.use(morgan('tiny')) app.use(morgan('tiny'))
app.use(express.json({ limit: '50mb' }))
app.use(express.static(path.join(__dirname, '../public'))) app.use(express.static(path.join(__dirname, '../public')))
app.use(express.static(getWebBuildFolderPath())) app.use(express.static(getWebBuildFolderPath()))

132
api/src/controllers/drive.ts
View File

@@ -13,9 +13,15 @@ import {
Get, Get,
Patch, Patch,
UploadedFile, UploadedFile,
FormField FormField,
Delete
} from 'tsoa' } from 'tsoa'
import { fileExists, createFile, moveFile, createFolder } from '@sasjs/utils' import {
fileExists,
moveFile,
createFolder,
deleteFile as deleteFileOnSystem
} from '@sasjs/utils'
import { createFileTree, ExecutionController, getTreeExample } from './internal' import { createFileTree, ExecutionController, getTreeExample } from './internal'
import { FileTree, isFileTree, TreeNode } from '../types' import { FileTree, isFileTree, TreeNode } from '../types'
@@ -25,18 +31,6 @@ interface DeployPayload {
appLoc?: string appLoc?: string
fileTree: FileTree fileTree: FileTree
} }
interface FilePayload {
/**
* Path of the file
* @example "/Public/somefolder/some.file"
*/
filePath: string
/**
* Contents of the file
* @example "Contents of the File"
*/
fileContent: string
}
interface DeployResponse { interface DeployResponse {
status: string status: string
@@ -93,22 +87,45 @@ export class DriveController {
} }
/** /**
* It's optional to either provide `_filePath` in url as query parameter
* Or provide `filePath` in body as form field.
* But it's required to provide else API will respond with Bad Request.
*
* @summary Get file from SASjs Drive * @summary Get file from SASjs Drive
* @query filePath Location of SAS program * @query _filePath Location of SAS program
* @example filePath "/Public/somefolder/some.file" * @example _filePath "/Public/somefolder/some.file"
*/ */
@Get('/file') @Get('/file')
public async getFile( public async getFile(
@Request() request: express.Request, @Request() request: express.Request,
@Query() filePath: string
@Query() _filePath?: string,
@FormField() filePath?: string
) { ) {
return getFile(request, filePath) return getFile(request, (_filePath ?? filePath)!)
} }
/** /**
* It's optional to either provide `_filePath` in url as query parameter * It's optional to either provide `_filePath` in url as query parameter
* Or provide `filePath` in body as form field. * Or provide `filePath` in body as form field.
* But it's required to provided else API will respond with Bad Request. * But it's required to provide else API will respond with Bad Request.
*
* @summary Delete file from SASjs Drive
* @query _filePath Location of SAS program
* @example _filePath "/Public/somefolder/some.file"
*/
@Delete('/file')
public async deleteFile(
@Query() _filePath?: string,
@FormField() filePath?: string
) {
return deleteFile((_filePath ?? filePath)!)
}
/**
* It's optional to either provide `_filePath` in url as query parameter
* Or provide `filePath` in body as form field.
* But it's required to provide else API will respond with Bad Request.
* *
* @summary Create a file in SASjs Drive * @summary Create a file in SASjs Drive
* @param _filePath Location of SAS program * @param _filePath Location of SAS program
@@ -118,7 +135,7 @@ export class DriveController {
@Example<UpdateFileResponse>({ @Example<UpdateFileResponse>({
status: 'success' status: 'success'
}) })
@Response<UpdateFileResponse>(400, 'File already exists', { @Response<UpdateFileResponse>(403, 'File already exists', {
status: 'failure', status: 'failure',
message: 'File request failed.' message: 'File request failed.'
}) })
@@ -132,21 +149,29 @@ export class DriveController {
} }
/** /**
* It's optional to either provide `_filePath` in url as query parameter
* Or provide `filePath` in body as form field.
* But it's required to provide else API will respond with Bad Request.
*
* @summary Modify a file in SASjs Drive * @summary Modify a file in SASjs Drive
* @param _filePath Location of SAS program
* @example _filePath "/Public/somefolder/some.file.sas"
* *
*/ */
@Example<UpdateFileResponse>({ @Example<UpdateFileResponse>({
status: 'success' status: 'success'
}) })
@Response<UpdateFileResponse>(400, 'Unable to get File', { @Response<UpdateFileResponse>(403, `File doesn't exist`, {
status: 'failure', status: 'failure',
message: 'File request failed.' message: 'File request failed.'
}) })
@Patch('/file') @Patch('/file')
public async updateFile( public async updateFile(
@Body() body: FilePayload @UploadedFile() file: Express.Multer.File,
@Query() _filePath?: string,
@FormField() filePath?: string
): Promise<UpdateFileResponse> { ): Promise<UpdateFileResponse> {
return updateFile(body) return updateFile((_filePath ?? filePath)!, file)
} }
/** /**
@@ -194,7 +219,32 @@ const getFile = async (req: express.Request, filePath: string) => {
throw new Error('File does not exist.') throw new Error('File does not exist.')
} }
req.res?.download(filePathFull) const extension = path.extname(filePathFull).toLowerCase()
if (extension === '.sas') {
req.res?.setHeader('Content-type', 'text/plain')
}
req.res?.sendFile(path.resolve(filePathFull))
}
const deleteFile = async (filePath: string) => {
const driveFilesPath = getTmpFilesFolderPath()
const filePathFull = path
.join(getTmpFilesFolderPath(), filePath)
.replace(new RegExp('/', 'g'), path.sep)
if (!filePathFull.includes(driveFilesPath)) {
throw new Error('Cannot delete file outside drive.')
}
if (!(await fileExists(filePathFull))) {
throw new Error('File does not exist.')
}
await deleteFileOnSystem(filePathFull)
return { status: 'success' }
} }
const saveFile = async ( const saveFile = async (
@@ -222,25 +272,27 @@ const saveFile = async (
return { status: 'success' } return { status: 'success' }
} }
const updateFile = async (body: FilePayload): Promise<GetFileResponse> => { const updateFile = async (
const { filePath, fileContent } = body filePath: string,
try { multerFile: Express.Multer.File
const filePathFull = path ): Promise<GetFileResponse> => {
.join(getTmpFilesFolderPath(), filePath) const driveFilesPath = getTmpFilesFolderPath()
.replace(new RegExp('/', 'g'), path.sep)
await validateFilePath(filePathFull) const filePathFull = path
await createFile(filePathFull, fileContent) .join(driveFilesPath, filePath)
.replace(new RegExp('/', 'g'), path.sep)
return { status: 'success' } if (!filePathFull.includes(driveFilesPath)) {
} catch (err: any) { throw new Error('Cannot modify file outside drive.')
throw {
code: 400,
status: 'failure',
message: 'File request failed.',
error: typeof err === 'object' ? err.toString() : err
}
} }
if (!(await fileExists(filePathFull))) {
throw new Error(`File doesn't exist.`)
}
await moveFile(multerFile.path, filePathFull)
return { status: 'success' }
} }
const validateFilePath = async (filePath: string) => { const validateFilePath = async (filePath: string) => {

9
api/src/controllers/internal/Execution.ts
View File

@@ -14,6 +14,7 @@ import {
generateFileUploadSasCode, generateFileUploadSasCode,
getTmpFilesFolderPath, getTmpFilesFolderPath,
HTTPHeaders, HTTPHeaders,
isDebugOn,
sasJSCoreMacros sasJSCoreMacros
} from '../../utils' } from '../../utils'
@@ -160,9 +161,6 @@ ${program}`
: await readFile(weboutPath) : await readFile(weboutPath)
: '' : ''
const debugValue =
typeof vars._debug === 'string' ? parseInt(vars._debug) : vars._debug
// it should be deleted by scheduleSessionDestroy // it should be deleted by scheduleSessionDestroy
session.inUse = false session.inUse = false
@@ -170,8 +168,7 @@ ${program}`
return { return {
httpHeaders, httpHeaders,
webout, webout,
log: log: isDebugOn(vars) || session.crashed ? log : undefined
(debugValue && debugValue >= 131) || session.crashed ? log : undefined
} }
} }
@@ -179,7 +176,7 @@ ${program}`
httpHeaders, httpHeaders,
result: fileResponse result: fileResponse
? webout ? webout
: (debugValue && debugValue >= 131) || session.crashed : isDebugOn(vars) || session.crashed
? `<html><body>${webout}<div style="text-align:left"><hr /><h2>SAS Log</h2><pre>${log}</pre></div></body></html>` ? `<html><body>${webout}<div style="text-align:left"><hr /><h2>SAS Log</h2><pre>${log}</pre></div></body></html>`
: webout : webout
} }

12
api/src/controllers/stp.ts
View File

@@ -21,6 +21,7 @@ import { PreProgramVars } from '../types'
import { import {
getTmpFilesFolderPath, getTmpFilesFolderPath,
HTTPHeaders, HTTPHeaders,
isDebugOn,
LogLine, LogLine,
makeFilesNamesMap, makeFilesNamesMap,
parseLogToArray parseLogToArray
@@ -62,7 +63,9 @@ export class STPController {
* The response headers can be adjusted using the mfs_httpheader() macro. Any * The response headers can be adjusted using the mfs_httpheader() macro. Any
* file type can be returned, including binary files such as zip or xls. * file type can be returned, including binary files such as zip or xls.
* *
* This behaviour differs for POST requests, in which case the reponse is * If _debug is >= 131, response headers will contain Content-Type: 'text/plain'
*
* This behaviour differs for POST requests, in which case the response is
* always JSON. * always JSON.
* *
* @summary Execute Stored Program, return raw _webout content. * @summary Execute Stored Program, return raw _webout content.
@@ -140,6 +143,13 @@ const executeReturnRaw = async (
query query
)) as ExecuteReturnRaw )) as ExecuteReturnRaw
// Should over-ride response header for
// debug on GET request to see entire log
// rendering on browser.
if (isDebugOn(query)) {
httpHeaders['content-type'] = 'text/plain'
}
req.res?.set(httpHeaders) req.res?.set(httpHeaders)
if (result instanceof Buffer) { if (result instanceof Buffer) {

4
api/src/middlewares/authenticateToken.ts
View File

@@ -43,7 +43,9 @@ const authenticateToken = (
} }
const authHeader = req.headers['authorization'] const authHeader = req.headers['authorization']
const token = authHeader?.split(' ')[1] const token =
authHeader?.split(' ')[1] ??
(tokenType === 'accessToken' ? req.cookies.accessToken : '')
if (!token) return res.sendStatus(401) if (!token) return res.sendStatus(401)
jwt.verify(token, key, async (err: any, data: any) => { jwt.verify(token, key, async (err: any, data: any) => {

3
api/src/routes/api/auth.ts
View File

@@ -55,8 +55,9 @@ authRouter.post('/token', async (req, res) => {
const controller = new AuthController() const controller = new AuthController()
try { try {
const response = await controller.token(body) const response = await controller.token(body)
const { accessToken } = response
res.send(response) res.cookie('accessToken', accessToken).send(response)
} catch (err: any) { } catch (err: any) {
res.status(403).send(err.toString()) res.status(403).send(err.toString())
} }

67
api/src/routes/api/drive.ts
View File

@@ -3,12 +3,7 @@ import { deleteFile } from '@sasjs/utils'
import { multerSingle } from '../../middlewares/multer' import { multerSingle } from '../../middlewares/multer'
import { DriveController } from '../../controllers/' import { DriveController } from '../../controllers/'
import { import { fileBodyValidation, fileParamValidation } from '../../utils'
getFileDriveValidation,
updateFileDriveValidation,
uploadFileBodyValidation,
uploadFileParamValidation
} from '../../utils'
const controller = new DriveController() const controller = new DriveController()
@@ -28,11 +23,27 @@ driveRouter.post('/deploy', async (req, res) => {
}) })
driveRouter.get('/file', async (req, res) => { driveRouter.get('/file', async (req, res) => {
const { error, value: query } = getFileDriveValidation(req.query) const { error: errQ, value: query } = fileParamValidation(req.query)
if (error) return res.status(400).send(error.details[0].message) const { error: errB, value: body } = fileBodyValidation(req.body)
if (errQ && errB) return res.status(400).send(errB.details[0].message)
try { try {
await controller.getFile(req, query.filePath) await controller.getFile(req, query._filePath, body.filePath)
} catch (err: any) {
res.status(403).send(err.toString())
}
})
driveRouter.delete('/file', async (req, res) => {
const { error: errQ, value: query } = fileParamValidation(req.query)
const { error: errB, value: body } = fileBodyValidation(req.body)
if (errQ && errB) return res.status(400).send(errB.details[0].message)
try {
const response = await controller.deleteFile(query._filePath, body.filePath)
res.send(response)
} catch (err: any) { } catch (err: any) {
res.status(403).send(err.toString()) res.status(403).send(err.toString())
} }
@@ -42,8 +53,8 @@ driveRouter.post(
'/file', '/file',
(...arg) => multerSingle('file', arg), (...arg) => multerSingle('file', arg),
async (req, res) => { async (req, res) => {
const { error: errQ, value: query } = uploadFileParamValidation(req.query) const { error: errQ, value: query } = fileParamValidation(req.query)
const { error: errB, value: body } = uploadFileBodyValidation(req.body) const { error: errB, value: body } = fileBodyValidation(req.body)
if (errQ && errB) { if (errQ && errB) {
if (req.file) await deleteFile(req.file.path) if (req.file) await deleteFile(req.file.path)
@@ -66,21 +77,33 @@ driveRouter.post(
} }
) )
driveRouter.patch('/file', async (req, res) => { driveRouter.patch(
const { error, value: body } = updateFileDriveValidation(req.body) '/file',
if (error) return res.status(400).send(error.details[0].message) (...arg) => multerSingle('file', arg),
async (req, res) => {
const { error: errQ, value: query } = fileParamValidation(req.query)
const { error: errB, value: body } = fileBodyValidation(req.body)
try { if (errQ && errB) {
const response = await controller.updateFile(body) if (req.file) await deleteFile(req.file.path)
res.send(response) return res.status(400).send(errB.details[0].message)
} catch (err: any) { }
const statusCode = err.code
delete err.code if (!req.file) return res.status(400).send('"file" is not present.')
res.status(statusCode).send(err) try {
const response = await controller.updateFile(
req.file,
query._filePath,
body.filePath
)
res.send(response)
} catch (err: any) {
await deleteFile(req.file.path)
res.status(403).send(err.toString())
}
} }
}) )
driveRouter.get('/fileTree', async (req, res) => { driveRouter.get('/fileTree', async (req, res) => {
try { try {

160
api/src/routes/api/spec/drive.spec.ts
View File

@@ -321,6 +321,166 @@ describe('files', () => {
expect(res.body).toEqual({}) expect(res.body).toEqual({})
}) })
}) })
describe('update', () => {
it('should update a SAS file on drive having filePath as form field', async () => {
const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
const pathToUpload = '/my/path/code.sas'
const pathToCopy = path.join(
fileUtilModules.getTmpFilesFolderPath(),
pathToUpload
)
await copy(fileToAttachPath, pathToCopy)
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.attach('file', fileToAttachPath)
expect(res.statusCode).toEqual(200)
expect(res.body).toEqual({
status: 'success'
})
})
it('should update a SAS file on drive having _filePath as query param', async () => {
const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
const pathToUpload = '/my/path/code.sas'
const pathToCopy = path.join(
fileUtilModules.getTmpFilesFolderPath(),
pathToUpload
)
await copy(fileToAttachPath, pathToCopy)
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.attach('file', fileToAttachPath)
expect(res.statusCode).toEqual(200)
expect(res.body).toEqual({
status: 'success'
})
})
it('should respond with Unauthorized if access token is not present', async () => {
const res = await request(app)
.patch('/SASjsApi/drive/file')
.field('filePath', '/my/path/code.sas')
.attach('file', path.join(__dirname, 'files', 'sample.sas'))
.expect(401)
expect(res.text).toEqual('Unauthorized')
expect(res.body).toEqual({})
})
it('should respond with Forbidden if file is not present', async () => {
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', `/my/path/code-${generateTimestamp()}.sas`)
.attach('file', path.join(__dirname, 'files', 'sample.sas'))
.expect(403)
expect(res.text).toEqual(`Error: File doesn't exist.`)
expect(res.body).toEqual({})
})
it('should respond with Forbidden if filePath outside Drive', async () => {
const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
const pathToUpload = '/../path/code.sas'
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.attach('file', fileToAttachPath)
.expect(403)
expect(res.text).toEqual('Error: Cannot modify file outside drive.')
expect(res.body).toEqual({})
})
it('should respond with Bad Request if filePath is missing', async () => {
const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.attach('file', fileToAttachPath)
.expect(400)
expect(res.text).toEqual(`"filePath" is required`)
expect(res.body).toEqual({})
})
it("should respond with Bad Request if filePath doesn't has correct extension", async () => {
const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
const pathToUpload = '/my/path/code.oth'
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.attach('file', fileToAttachPath)
.expect(400)
expect(res.text).toEqual('Valid extensions for filePath: .sas')
expect(res.body).toEqual({})
})
it('should respond with Bad Request if file is missing', async () => {
const pathToUpload = '/my/path/code.sas'
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.expect(400)
expect(res.text).toEqual('"file" is not present.')
expect(res.body).toEqual({})
})
it("should respond with Bad Request if attached file doesn't has correct extension", async () => {
const fileToAttachPath = path.join(__dirname, 'files', 'sample.oth')
const pathToUpload = '/my/path/code.sas'
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.attach('file', fileToAttachPath)
.expect(400)
expect(res.text).toEqual(
`File extension '.oth' not acceptable. Valid extension(s): .sas`
)
expect(res.body).toEqual({})
})
it('should respond with Bad Request if attached file exceeds file limit', async () => {
const pathToUpload = '/my/path/code.sas'
const attachedFile = Buffer.from('.'.repeat(20 * 1024 * 1024))
const res = await request(app)
.patch('/SASjsApi/drive/file')
.auth(accessToken, { type: 'bearer' })
.field('filePath', pathToUpload)
.attach('file', attachedFile, 'another.sas')
.expect(400)
expect(res.text).toEqual(
'File size is over limit. File limit is: 10 MB'
)
expect(res.body).toEqual({})
})
})
}) })
}) })

1
api/src/utils/index.ts
View File

@@ -4,6 +4,7 @@ export * from './file'
export * from './generateAccessToken' export * from './generateAccessToken'
export * from './generateAuthCode' export * from './generateAuthCode'
export * from './generateRefreshToken' export * from './generateRefreshToken'
export * from './isDebugOn'
export * from './getCertificates' export * from './getCertificates'
export * from './getDesktopFields' export * from './getDesktopFields'
export * from './parseLogToArray' export * from './parseLogToArray'

8
api/src/utils/isDebugOn.ts Normal file
View File

@@ -0,0 +1,8 @@
import { ExecutionVars } from '../controllers/internal'
export const isDebugOn = (vars: ExecutionVars) => {
const debugValue =
typeof vars._debug === 'string' ? parseInt(vars._debug) : vars._debug
return !!(debugValue && debugValue >= 131)
}

15
api/src/utils/validation.ts
View File

@@ -66,25 +66,14 @@ export const registerClientValidation = (data: any): Joi.ValidationResult =>
clientSecret: Joi.string().required() clientSecret: Joi.string().required()
}).validate(data) }).validate(data)
export const getFileDriveValidation = (data: any): Joi.ValidationResult => export const fileBodyValidation = (data: any): Joi.ValidationResult =>
Joi.object({
filePath: Joi.string().required()
}).validate(data)
export const updateFileDriveValidation = (data: any): Joi.ValidationResult =>
Joi.object({
filePath: Joi.string().required(),
fileContent: Joi.string().required()
}).validate(data)
export const uploadFileBodyValidation = (data: any): Joi.ValidationResult =>
Joi.object({ Joi.object({
filePath: Joi.string().pattern(/.sas$/).required().messages({ filePath: Joi.string().pattern(/.sas$/).required().messages({
'string.pattern.base': `Valid extensions for filePath: .sas` 'string.pattern.base': `Valid extensions for filePath: .sas`
}) })
}).validate(data) }).validate(data)
export const uploadFileParamValidation = (data: any): Joi.ValidationResult => export const fileParamValidation = (data: any): Joi.ValidationResult =>
Joi.object({ Joi.object({
_filePath: Joi.string().pattern(/.sas$/).required().messages({ _filePath: Joi.string().pattern(/.sas$/).required().messages({
'string.pattern.base': `Valid extensions for filePath: .sas` 'string.pattern.base': `Valid extensions for filePath: .sas`

12
web/src/containers/Drive/main.tsx
View File

@@ -42,11 +42,15 @@ const Main = (props: any) => {
setEditMode(true) setEditMode(true)
} else { } else {
setIsLoading(true) setIsLoading(true)
const formData = new FormData()
const stringBlob = new Blob([fileContent], { type: 'text/plain' })
formData.append('file', stringBlob, 'filename.sas')
formData.append('filePath', props.selectedFilePath)
axios axios
.patch(`/SASjsApi/drive/file`, { .patch(`/SASjsApi/drive/file`, formData)
filePath: props.selectedFilePath,
fileContent: fileContent
})
.then((res) => { .then((res) => {
setEditMode(false) setEditMode(false)
}) })