chore(release): 0.0.69

Merge pull request #158 from sasjs/update-csp-policy
fix(upload): appStream uses CSRF + Session authentication
2025-12-10 19:34:34 +00:00 · 2022-05-02 15:24:56 +00:00 · 2022-05-02 18:22:35 +03:00 · 2022-05-02 18:01:28 +05:00 · 2022-05-02 05:57:10 +05:00 · 2022-05-02 05:57:03 +05:00
18 changed files with 222 additions and 340 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@

 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

+### [0.0.69](https://github.com/sasjs/server/compare/v0.0.68...v0.0.69) (2022-05-02)
+
+
+### Bug Fixes
+
+* **upload:** appStream uses CSRF + Session authentication ([1f89279](https://github.com/sasjs/server/commit/1f8927926405887f3d134c0a1dd6452ffa33876e))
+
+### [0.0.68](https://github.com/sasjs/server/compare/v0.0.67...v0.0.68) (2022-05-02)
+
+
+### Bug Fixes
+
+* using monaco editor locally ([2548c82](https://github.com/sasjs/server/commit/2548c82dfe1149e62a570a00546dddd9e30049b1))
+
+### [0.0.67](https://github.com/sasjs/server/compare/v0.0.66...v0.0.67) (2022-05-01)
+
 ### [0.0.66](https://github.com/sasjs/server/compare/v0.0.64...v0.0.66) (2022-05-01)


--- a/api/public/app-streams-script.js
+++ b/api/public/app-streams-script.js
@@ -0,0 +1,49 @@
+const inputElement = document.getElementById('fileId')
+
+document.getElementById('uploadButton').addEventListener('click', function () {
+  inputElement.click()
+})
+
+inputElement.addEventListener(
+  'change',
+  function () {
+    const fileList = this.files /* now you can work with the file list */
+
+    updateFileUploadMessage('Requesting ...')
+
+    const file = fileList[0]
+    const formData = new FormData()
+
+    formData.append('file', file)
+
+    axios
+      .post('/SASjsApi/drive/deploy/upload', formData)
+      .then((res) => res.data)
+      .then((data) => {
+        return (
+          data.message +
+          '\nstreamServiceName: ' +
+          data.streamServiceName +
+          '\nrefreshing page once alert box closes.'
+        )
+      })
+      .then((message) => {
+        alert(message)
+        location.reload()
+      })
+      .catch((error) => {
+        alert(error.response.data)
+        resetFileUpload()
+        updateFileUploadMessage('Upload New App')
+      })
+  },
+  false
+)
+
+function updateFileUploadMessage(message) {
+  document.getElementById('uploadMessage').innerHTML = message
+}
+
+function resetFileUpload() {
+  inputElement.value = null
+}
--- a/api/public/axios.min.js
+++ b/api/public/axios.min.js
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -41,7 +41,16 @@ export const csrfProtection = csrf({ cookie: cookieOptions })
 /***********************************
 *   Handle security and origin    *
 ***********************************/
-app.use(helmet())
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        ...helmet.contentSecurityPolicy.getDefaultDirectives(),
+        'script-src': ["'self'", "'unsafe-inline'"]
+      }
+    }
+  })
+)

 /***********************************
 *         Enabling CORS           *
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -14,8 +14,8 @@ export class WebController {
   *
   */
  @Get('/')
-  public async home(@Request() req: express.Request) {
-    return home(req)
+  public async home() {
+    return home()
  }

  /**
@@ -44,16 +44,13 @@ export class WebController {
  }
 }

-const home = async (req: express.Request) => {
+const home = async () => {
  const indexHtmlPath = path.join(getWebBuildFolderPath(), 'index.html')

  // Attention! Cannot use fileExists here,
  // due to limitation after building executable
  const content = await readFile(indexHtmlPath)

-  req.res?.cookie('XSRF-TOKEN', req.csrfToken())
-  req.res?.setHeader('Content-Type', 'text/html')
-
  return content
 }

--- a/api/src/routes/appStream/appStreamHtml.ts
+++ b/api/src/routes/appStream/appStreamHtml.ts
@@ -1,5 +1,4 @@
 import { AppStreamConfig } from '../../types'
-import { script } from './script'
 import { style } from './style'

 const defaultAppLogo = '/sasjs-logo.svg'
@@ -39,6 +38,7 @@ export const appStreamHtml = (appStreamConfig: AppStreamConfig) => `
          <span id="uploadMessage">Upload New App</span>
        </a>
    </div>
-    ${script}
+    <script src="/axios.min.js"></script>
+    <script src="/app-streams-script.js"></script>
  </body>
 </html>`
--- a/api/src/routes/appStream/index.ts
+++ b/api/src/routes/appStream/index.ts
@@ -7,9 +7,11 @@ import { appStreamHtml } from './appStreamHtml'

 const router = express.Router()

-router.get('/', async (_, res) => {
+router.get('/', async (req, res) => {
  const content = appStreamHtml(process.appStreamConfig)

+  res.cookie('XSRF-TOKEN', req.csrfToken())
+
  return res.send(content)
 })

--- a/api/src/routes/appStream/script.ts
+++ b/api/src/routes/appStream/script.ts
@@ -1,58 +0,0 @@
-export const script = `<script>
-  const inputElement = document.getElementById('fileId')
-
-  document
-    .getElementById('uploadButton')
-    .addEventListener('click', function () {
-      inputElement.click()
-    })
-
-  inputElement.addEventListener(
-    'change',
-    function () {
-      const fileList = this.files /* now you can work with the file list */
-
-      updateFileUploadMessage('Requesting ...')
-
-      const file = fileList[0]
-      const formData = new FormData()
-
-      formData.append('file', file)
-      fetch('/SASjsApi/drive/deploy/upload', {
-        method: 'POST',
-        body: formData
-      })
-        .then(async (res) => {
-          const { status, ok } = res
-          if (status === 200 && ok) {
-            const data = await res.json()
-            return (
-              data.message +
-              '\\nstreamServiceName: ' +
-              data.streamServiceName +
-              '\\nrefreshing page once alert box closes.'
-            )
-          }
-          throw await res.text()
-        })
-        .then((message) => {
-          alert(message)
-          location.reload()
-        })
-        .catch((error) => {
-          alert(error)
-          resetFileUpload()
-          updateFileUploadMessage('Upload New App')
-        })
-    },
-    false
-  )
-
-  function updateFileUploadMessage(message) {
-    document.getElementById('uploadMessage').innerHTML = message
-  }
-
-  function resetFileUpload() {
-    inputElement.value = null
-  }
-</script>`
--- a/api/src/routes/setupRoutes.ts
+++ b/api/src/routes/setupRoutes.ts
@@ -4,14 +4,16 @@ import webRouter from './web'
 import apiRouter from './api'
 import appStreamRouter from './appStream'

+import { csrfProtection } from '../app'
+
 export const setupRoutes = (app: Express) => {
  app.use('/SASjsApi', apiRouter)

-  app.use('/AppStream', function (req, res, next) {
+  app.use('/AppStream', csrfProtection, function (req, res, next) {
    // this needs to be a function to hook on
    // whatever the current router is
    appStreamRouter(req, res, next)
  })

-  app.use('/', webRouter)
+  app.use('/', csrfProtection, webRouter)
 }
--- a/api/src/routes/web/index.ts
+++ b/api/src/routes/web/index.ts
@@ -1,11 +1,8 @@
 import express from 'express'
-import { csrfProtection } from '../../app'
 import webRouter from './web'

 const router = express.Router()

-router.use(csrfProtection)
-
 router.use('/', webRouter)

 export default router
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -7,7 +7,10 @@ const controller = new WebController()

 webRouter.get('/', async (req, res) => {
  try {
-    const response = await controller.home(req)
+    const response = await controller.home()
+
+    res.cookie('XSRF-TOKEN', req.csrfToken())
+
    return res.send(response)
  } catch (_) {
    return res.send('Web Build is not present')
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "server",
-  "version": "0.0.66",
+  "version": "0.0.69",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "server",
-      "version": "0.0.66",
+      "version": "0.0.69",
      "devDependencies": {
        "prettier": "^2.3.1",
        "standard-version": "^9.3.2"
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "server",
-  "version": "0.0.66",
+  "version": "0.0.69",
  "description": "NodeJS wrapper for calling the SAS binary executable",
  "repository": "https://github.com/sasjs/server",
  "scripts": {
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -9,7 +9,6 @@
  "dependencies": {
    "@emotion/react": "^11.4.1",
    "@emotion/styled": "^11.3.0",
-    "@monaco-editor/react": "^4.3.1",
    "@mui/icons-material": "^5.0.3",
    "@mui/lab": "^5.0.0-alpha.50",
    "@mui/material": "^5.0.3",
@@ -21,8 +20,10 @@
    "@types/node": "^12.20.28",
    "@types/react": "^17.0.27",
    "axios": "^0.24.0",
+    "monaco-editor-webpack-plugin": "^7.0.1",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
+    "react-monaco-editor": "^0.48.0",
    "react-router-dom": "^5.3.0"
  },
  "devDependencies": {
--- a/web/src/containers/Drive/main.tsx
+++ b/web/src/containers/Drive/main.tsx
@@ -2,7 +2,7 @@ import React, { useState, useEffect } from 'react'
 import { Link } from 'react-router-dom'
 import axios from 'axios'

-import Editor from '@monaco-editor/react'
+import Editor from 'react-monaco-editor'

 import Box from '@mui/material/Box'
 import Paper from '@mui/material/Paper'
@@ -125,6 +125,7 @@ const Main = (props: Props) => {
        {!isLoading && props?.selectedFilePath && editMode && (
          <Editor
            height="95%"
+            language="sas"
            value={fileContent}
            onChange={(val) => {
              if (val) setFileContent(val)
--- a/web/src/containers/Studio/index.tsx
+++ b/web/src/containers/Studio/index.tsx
@@ -4,7 +4,7 @@ import axios from 'axios'
 import Box from '@mui/material/Box'
 import { Button, Paper, Stack, Tab, Tooltip } from '@mui/material'
 import { makeStyles } from '@mui/styles'
-import Editor, { OnMount } from '@monaco-editor/react'
+import Editor, { EditorDidMount } from 'react-monaco-editor'
 import { useLocation } from 'react-router-dom'
 import { TabContext, TabList, TabPanel } from '@mui/lab'

@@ -42,7 +42,7 @@ const Studio = () => {
  }

  const editorRef = useRef(null as any)
-  const handleEditorDidMount: OnMount = (editor) => {
+  const handleEditorDidMount: EditorDidMount = (editor) => {
    editor.focus()
    editorRef.current = editor
  }
@@ -141,6 +141,7 @@ const Studio = () => {
            <Tooltip title="CTRL+ENTER will also run SAS code">
              <Button onClick={handleRunBtnClick} className={classes.runButton}>
                <img
+                  alt=""
                  draggable="false"
                  style={{ width: '25px' }}
                  src="/running-sas.png"
@@ -161,8 +162,9 @@ const Studio = () => {
          >
            <Editor
              height="98%"
+              language="sas"
              value={fileContent}
-              onMount={handleEditorDidMount}
+              editorDidMount={handleEditorDidMount}
              options={{ readOnly: ctrlPressed }}
              onChange={(val) => {
                if (val) setFileContent(val)
--- a/web/webpack.common.ts
+++ b/web/webpack.common.ts
@@ -1,4 +1,5 @@
 import path from 'path'
+import MonacoWebpackPlugin from 'monaco-editor-webpack-plugin'
 import { Configuration } from 'webpack'
 import HtmlWebpackPlugin from 'html-webpack-plugin'
 import CopyPlugin from 'copy-webpack-plugin'
@@ -53,7 +54,8 @@ const config: Configuration = {
    new CopyPlugin({
      patterns: [{ from: 'public' }]
    }),
-    new dotenv()
+    new dotenv(),
+    new MonacoWebpackPlugin()
  ]
 }
Author	SHA1	Message	Date
Allan Bowe	8065727b9b	chore(release): 0.0.69	2022-05-02 15:24:56 +00:00
Allan Bowe	e1223ec3f8	Merge pull request #158 from sasjs/update-csp-policy fix(upload): appStream uses CSRF + Session authentication	2022-05-02 18:22:35 +03:00
Saad Jutt	1f89279264	fix(upload): appStream uses CSRF + Session authentication	2022-05-02 18:01:28 +05:00
Saad Jutt	a07f47a1ba	chore(release): 0.0.68	2022-05-02 05:57:10 +05:00
Saad Jutt	2548c82dfe	fix: using monaco editor locally	2022-05-02 05:57:03 +05:00
Saad Jutt	238aa1006f	chore(release): 0.0.67	2022-05-02 03:41:07 +05:00
Saad Jutt	35cba97611	chore: commented helmet middleware	2022-05-02 03:40:14 +05:00