We don't presently have a way to cleanly distinguish between auth attempts with
query string vs. credentials from localStorage, particularly with respect to
one kind failing vs. the other. This can create confusing behavior when
e.g. copy/pasting an old/wrong URL+token, but then it works when refreshing the
window/tab with URL minus the token.
So, this commit simplifies the situation somewhat by triggering a logout
if there's an auth failure. That will affect all open tabs/windows of the
same browser but not other browsers, e.g. if one has embark-ui open in Chrome
and Firefox.
display last line on tx
fix debugger call
listen to source event only after jumping to the end
keep track of last tx; add minimal debug feature; fix ast issue
initial debugger apis & ui integration
prevent crash when step is out of bounds; send all all available data in websocket
add debugger commands
fix line number tracking in editor; toggle breakpoints
replace timeouts with callbacks
add debugger manager & refactor
refactor debugger api
refactor cmd line debugger
reduce debugger decoupling
reduce debugger decoupling
fix debug buttons
trigger source update so api triggers ws event to update source location
move locals and contracts vars to a json view
improve debugger icons
simplify debugger data
update debug package
add command handler to get a contract given a tx; update debugger so it can get a contract by its tx instead of tracking latest txs only
update debugger package
Rename overview to detail
React to save file for local storage
Add switch for hidden files
move units to ether instead of wei
separate description from link itself which makes UI cleaner
remove unneded explorer header
switch nav menu color to white
replace contract address table with simple paragraph instead
improve contract functions page
improve contract functions view
style/fix functions tab
fix rebase issue
re-style contracts sidebar
improve contract detail sidebar
In 9097f31c83 we ensured to send query parameters
along with GET requests done by our API service. This resulted in weird behaviour
where query parameters have been attached as `params` in a serialized format of our API requests.
So instead of sending sth. like:
```
/embark-api?token=foo-bar
```
Requests looked like:
```
/embark-api?params=...
```
This has even been patched accordingly on the server like here 043697bddc,
while still being unpatched in other places on the server.
It turns out however, that the reason this `params` parameter appears, is that all of our GET requests,
already send their payload as `params`.
This commit now ensures that GET parameters are sent in the correct format.
Ever since we moved to using Axios in 20831179fc,
we haven't properly sent GET parameters along with the requests.
This is because Axios exposes two different properties to send params
along different http verb methods.
In https://github.com/status-im/embark-area-51/commit/62964c8ce we've introduced a
regression where are two errors are thrown when `Layout` component is rendered:
- one for NavItem not having a key property
- one for margin-top not being a supported style property on Container
This commits fixes both.
Cockpit allows for authentication via a `token` query parameter a la
```
http://localhost:8000/embark?token=xxxx-xxxx-xxxx-xxxx
```
So far, this was the only query parameter cockpit knew about, which is
why the algorithm during bootstrap always assumed that, if we have
query parameters, there has to be a `token` query parameter.
However, since 20831179fc, this turns out to be a problem. The hashing algorithm
for the request headers will throw, when `token` is not defined, which
can be possible with future features that add new query parameters.
This can be easily reproduced by bootstrapping/refreshing Cockpit using
any arbitrary query string parameter that is not `token`.
With this commit we ensure that we only perform query string authentication
when a `token` parameter is available.
Prior to this commit it wasn't possible to authenticate using the
`token` query param as the `host` used for authentication doesn't
match the one of the Embark host.
This commit adds a new component to decode and analyze transactions.
It's similar to the transaction component that's already available,
with the difference that it takes advantage of the ReactJson tree
view for better analysis experience.
This introduces a new dark-theme file for the login screen
and ensures that it keeps the contrast ratio in tact when
switching themes.
Notice that it simply overrides the component styles which are
expected to be light-theme by default. That's because we don't
maintain equivalent SCSS files for the light-theme at the moment.
Fixes#114
Instead, we want to hash a header to sign a request with a client nonce,
http method and URL. This is a first step towards protecting the backend
against eavesdropping.
Please note that this will still be susceptible to replay attacks.