diff --git a/embark-ui/src/containers/AppContainer.js b/embark-ui/src/containers/AppContainer.js index b7b354ae..ce80f5e3 100644 --- a/embark-ui/src/containers/AppContainer.js +++ b/embark-ui/src/containers/AppContainer.js @@ -22,8 +22,7 @@ class AppContainer extends Component { this.state = { authenticateError: null }; - } - componentDidMount() { + let token; if (this.props.location.search) { token = queryString.parse(this.props.location.search).token; @@ -37,6 +36,8 @@ class AppContainer extends Component { } this.setState({authenticateError: null}); }); + } + componentDidMount() { this.props.initBlockHeader(); this.props.fetchProcesses(); this.props.fetchVersions(); diff --git a/embark-ui/src/sagas/index.js b/embark-ui/src/sagas/index.js index f0b860b2..48580706 100644 --- a/embark-ui/src/sagas/index.js +++ b/embark-ui/src/sagas/index.js @@ -39,7 +39,7 @@ export const fetchFile = doRequest.bind(null, actions.file, api.fetchFile); export const postFile = doRequest.bind(null, actions.saveFile, api.postFile); export const deleteFile = doRequest.bind(null, actions.removeFile, api.deleteFile); export const fetchEthGas = doRequest.bind(null, actions.gasOracle, api.getEthGasAPI); -export const authenticate = doRequest.bind(null, actions.authenticate, api.authenticate); +export const authenticate = doRequest.bind(null, actions.authenticate, api.authorize); export const fetchCurrentFile = doRequest.bind(null, actions.currentFile, storage.fetchCurrentFile); export const postCurrentFile = doRequest.bind(null, actions.saveCurrentFile, storage.postCurrentFile); diff --git a/embark-ui/src/services/api.js b/embark-ui/src/services/api.js index 7bc64365..c4de0403 100644 --- a/embark-ui/src/services/api.js +++ b/embark-ui/src/services/api.js @@ -1,7 +1,9 @@ import axios from "axios"; import constants from '../constants'; +import {get as cacheGet} from '../services/cache'; function get(path, params = {}, endpoint) { + axios.defaults.headers.common['Authorization'] = cacheGet('token'); const callback = params.callback || function(){}; return axios.get((endpoint || constants.httpEndpoint) + path, params) .then((response) => { @@ -16,6 +18,7 @@ function get(path, params = {}, endpoint) { } function post(path, params = {}) { + axios.defaults.headers.common['Authorization'] = cacheGet('token'); const callback = params.callback || function(){}; delete params.callback; return axios.post(constants.httpEndpoint + path, params) @@ -32,6 +35,7 @@ function post(path, params = {}) { } function destroy(path, params = {}) { + axios.defaults.headers.common['Authorization'] = cacheGet('token'); const callback = params.callback || function(){}; return axios.delete(constants.httpEndpoint + path, params) .then((response) => { @@ -154,8 +158,8 @@ export function deleteFile(payload) { return destroy('/file', {params: payload}); } -export function authenticate(payload) { - return post('/authenticate', payload); +export function authorize(payload) { + return post('/authorize', payload); } export function listenToChannel(channel) { diff --git a/lib/modules/authenticator/index.js b/lib/modules/authenticator/index.js index b68d2491..45fdf2b7 100644 --- a/lib/modules/authenticator/index.js +++ b/lib/modules/authenticator/index.js @@ -1,29 +1,28 @@ const uuid = require('uuid/v1'); -class Authenticator { +const ERROR_OBJ = {error: __('Wrong authentication token. Get your token from the Embark console by typing `token`')}; +class Authenticator { constructor(embark, _options) { this.authToken = uuid(); this.embark = embark; this.logger = embark.logger; + this.events = embark.events; this.registerCalls(); - embark.events.once('outputDone', () => { - embark.logger.info(__('Access the web backend with the following url: %s', - ('http://localhost:8000/embark?token=' + this.authToken).underline)); - }); + this.registerEvents(); } registerCalls() { this.embark.registerAPICall( 'post', - '/embark-api/authenticate', + '/embark-api/authorize', (req, res) => { if (req.body.token !== this.authToken) { - this.logger.warn(__('Someone tried and failed to authenticate to the backend')); + this.logger.warn(__('Someone tried and failed to authorize to the backend')); this.logger.warn(__('- User-Agent: %s', req.headers['user-agent'])); this.logger.warn(__('- Referer: %s', req.headers.referer)); - return res.send({error: __('Wrong authentication token. Get your token from the Embark console by typing `token`')}); + return res.send(ERROR_OBJ); } res.send(); } @@ -38,6 +37,20 @@ class Authenticator { }; }); } + + registerEvents() { + this.events.once('outputDone', () => { + this.logger.info(__('Access the web backend with the following url: %s', + ('http://localhost:8000/embark?token=' + this.authToken).underline)); + }); + + this.events.setCommandHandler('api:authorize', (token, cb) => { + if (token !== this.authToken) { + return cb(ERROR_OBJ); + } + cb(); + }); + } } module.exports = Authenticator; diff --git a/lib/modules/webserver/server.js b/lib/modules/webserver/server.js index 90bad893..5d089d23 100644 --- a/lib/modules/webserver/server.js +++ b/lib/modules/webserver/server.js @@ -49,13 +49,13 @@ class Server { for (let apiCall of apiCalls) { console.dir("adding " + apiCall.method + " " + apiCall.endpoint); - app[apiCall.method].apply(app, [apiCall.endpoint, apiCall.cb]); + app[apiCall.method].apply(app, [apiCall.endpoint, this.applyAPIFunction.bind(this, apiCall.cb)]); } } this.events.on('plugins:register:api', (apiCall) => { console.dir("adding " + apiCall.method + " " + apiCall.endpoint); - app[apiCall.method].apply(app, [apiCall.endpoint, apiCall.cb]); + app[apiCall.method].apply(app, [apiCall.endpoint, this.applyAPIFunction.bind(this, apiCall.cb)]); }); app.get('/embark/*', function(req, res) { @@ -78,6 +78,16 @@ class Server { ":" + this.port).bold.underline.green); } + applyAPIFunction (cb, req, res) { + this.events.request('api:authorize', req.headers.authorization, (err) => { + if (err) { + const send = res.send ? res.send.bind(res) : req.send.bind(req); // WS only has the first params + return send(err); + } + cb(req, res); + }); + } + stop(callback) { callback = callback || function () {}; if (!this.server || !this.server.listening) {