status-im
/
embark-area-51
mirror of https://github.com/status-im/embark-area-51.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

authorize each request through header

This commit is contained in:
Jonathan Rainville 2018-09-06 16:06:07 -04:00
parent 4ac0d39889
commit 925c5c1065
5 changed files with 43 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
embark-ui/src/containers/AppContainer.js
View File

@ -22,8 +22,7 @@ class AppContainer extends Component {
this.state = { this.state = {
authenticateError: null authenticateError: null
}; };
}
componentDidMount() {
let token; let token;
if (this.props.location.search) { if (this.props.location.search) {
token = queryString.parse(this.props.location.search).token; token = queryString.parse(this.props.location.search).token;
@ -37,6 +36,8 @@ class AppContainer extends Component {
} }
this.setState({authenticateError: null}); this.setState({authenticateError: null});
}); });
}
componentDidMount() {
this.props.initBlockHeader(); this.props.initBlockHeader();
this.props.fetchProcesses(); this.props.fetchProcesses();
this.props.fetchVersions(); this.props.fetchVersions();

2
embark-ui/src/sagas/index.js
View File

@ -39,7 +39,7 @@ export const fetchFile = doRequest.bind(null, actions.file, api.fetchFile);
export const postFile = doRequest.bind(null, actions.saveFile, api.postFile); export const postFile = doRequest.bind(null, actions.saveFile, api.postFile);
export const deleteFile = doRequest.bind(null, actions.removeFile, api.deleteFile); export const deleteFile = doRequest.bind(null, actions.removeFile, api.deleteFile);
export const fetchEthGas = doRequest.bind(null, actions.gasOracle, api.getEthGasAPI); export const fetchEthGas = doRequest.bind(null, actions.gasOracle, api.getEthGasAPI);
export const authenticate = doRequest.bind(null, actions.authenticate, api.authenticate); export const authenticate = doRequest.bind(null, actions.authenticate, api.authorize);
export const fetchCurrentFile = doRequest.bind(null, actions.currentFile, storage.fetchCurrentFile); export const fetchCurrentFile = doRequest.bind(null, actions.currentFile, storage.fetchCurrentFile);
export const postCurrentFile = doRequest.bind(null, actions.saveCurrentFile, storage.postCurrentFile); export const postCurrentFile = doRequest.bind(null, actions.saveCurrentFile, storage.postCurrentFile);

8
embark-ui/src/services/api.js
View File

@ -1,7 +1,9 @@
import axios from "axios"; import axios from "axios";
import constants from '../constants'; import constants from '../constants';
import {get as cacheGet} from '../services/cache';
function get(path, params = {}, endpoint) { function get(path, params = {}, endpoint) {
axios.defaults.headers.common['Authorization'] = cacheGet('token');
const callback = params.callback || function(){}; const callback = params.callback || function(){};
return axios.get((endpoint || constants.httpEndpoint) + path, params) return axios.get((endpoint || constants.httpEndpoint) + path, params)
.then((response) => { .then((response) => {
@ -16,6 +18,7 @@ function get(path, params = {}, endpoint) {
} }
function post(path, params = {}) { function post(path, params = {}) {
axios.defaults.headers.common['Authorization'] = cacheGet('token');
const callback = params.callback || function(){}; const callback = params.callback || function(){};
delete params.callback; delete params.callback;
return axios.post(constants.httpEndpoint + path, params) return axios.post(constants.httpEndpoint + path, params)
@ -32,6 +35,7 @@ function post(path, params = {}) {
} }
function destroy(path, params = {}) { function destroy(path, params = {}) {
axios.defaults.headers.common['Authorization'] = cacheGet('token');
const callback = params.callback || function(){}; const callback = params.callback || function(){};
return axios.delete(constants.httpEndpoint + path, params) return axios.delete(constants.httpEndpoint + path, params)
.then((response) => { .then((response) => {
@ -154,8 +158,8 @@ export function deleteFile(payload) {
return destroy('/file', {params: payload}); return destroy('/file', {params: payload});
} }
export function authenticate(payload) { export function authorize(payload) {
return post('/authenticate', payload); return post('/authorize', payload);
} }
export function listenToChannel(channel) { export function listenToChannel(channel) {

29
lib/modules/authenticator/index.js
View File

@ -1,29 +1,28 @@
const uuid = require('uuid/v1'); const uuid = require('uuid/v1');
class Authenticator { const ERROR_OBJ = {error: __('Wrong authentication token. Get your token from the Embark console by typing `token`')};
class Authenticator {
constructor(embark, _options) { constructor(embark, _options) {
this.authToken = uuid(); this.authToken = uuid();
this.embark = embark; this.embark = embark;
this.logger = embark.logger; this.logger = embark.logger;
this.events = embark.events;
this.registerCalls(); this.registerCalls();
embark.events.once('outputDone', () => { this.registerEvents();
embark.logger.info(__('Access the web backend with the following url: %s',
('http://localhost:8000/embark?token=' + this.authToken).underline));
});
} }
registerCalls() { registerCalls() {
this.embark.registerAPICall( this.embark.registerAPICall(
'post', 'post',
'/embark-api/authenticate', '/embark-api/authorize',
(req, res) => { (req, res) => {
if (req.body.token !== this.authToken) { if (req.body.token !== this.authToken) {
this.logger.warn(__('Someone tried and failed to authenticate to the backend')); this.logger.warn(__('Someone tried and failed to authorize to the backend'));
this.logger.warn(__('- User-Agent: %s', req.headers['user-agent'])); this.logger.warn(__('- User-Agent: %s', req.headers['user-agent']));
this.logger.warn(__('- Referer: %s', req.headers.referer)); this.logger.warn(__('- Referer: %s', req.headers.referer));
return res.send({error: __('Wrong authentication token. Get your token from the Embark console by typing `token`')}); return res.send(ERROR_OBJ);
} }
res.send(); res.send();
} }
@ -38,6 +37,20 @@ class Authenticator {
}; };
}); });
} }
registerEvents() {
this.events.once('outputDone', () => {
this.logger.info(__('Access the web backend with the following url: %s',
('http://localhost:8000/embark?token=' + this.authToken).underline));
});
this.events.setCommandHandler('api:authorize', (token, cb) => {
if (token !== this.authToken) {
return cb(ERROR_OBJ);
}
cb();
});
}
} }
module.exports = Authenticator; module.exports = Authenticator;

14
lib/modules/webserver/server.js
View File

@ -49,13 +49,13 @@ class Server {
for (let apiCall of apiCalls) { for (let apiCall of apiCalls) {
console.dir("adding " + apiCall.method + " " + apiCall.endpoint); console.dir("adding " + apiCall.method + " " + apiCall.endpoint);
app[apiCall.method].apply(app, [apiCall.endpoint, apiCall.cb]); app[apiCall.method].apply(app, [apiCall.endpoint, this.applyAPIFunction.bind(this, apiCall.cb)]);
} }
} }
this.events.on('plugins:register:api', (apiCall) => { this.events.on('plugins:register:api', (apiCall) => {
console.dir("adding " + apiCall.method + " " + apiCall.endpoint); console.dir("adding " + apiCall.method + " " + apiCall.endpoint);
app[apiCall.method].apply(app, [apiCall.endpoint, apiCall.cb]); app[apiCall.method].apply(app, [apiCall.endpoint, this.applyAPIFunction.bind(this, apiCall.cb)]);
}); });
app.get('/embark/*', function(req, res) { app.get('/embark/*', function(req, res) {
@ -78,6 +78,16 @@ class Server {
":" + this.port).bold.underline.green); ":" + this.port).bold.underline.green);
} }
applyAPIFunction (cb, req, res) {
this.events.request('api:authorize', req.headers.authorization, (err) => {
if (err) {
const send = res.send ? res.send.bind(res) : req.send.bind(req); // WS only has the first params
return send(err);
}
cb(req, res);
});
}
stop(callback) { stop(callback) {
callback = callback || function () {}; callback = callback || function () {};
if (!this.server || !this.server.listening) { if (!this.server || !this.server.listening) {