ascribe/onion
1
0
Fork 0
mirror of https://github.com/ascribe/onion.git synced 2025-01-03 18:35:09 +01:00
Code Issues Releases Wiki Activity

Add csrf utils

Browse Source
This commit is contained in:
Brett Sun 2016-06-14 13:37:33 +02:00
parent c2eb37506a
commit fc153f4ab7
7 changed files with 36 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
js/components/ascribe_detail/further_details_fileuploader.js
View File

@ -9,7 +9,7 @@ import ReactS3FineUploader from './../ascribe_uploader/react_s3_fine_uploader';
import AppConstants from '../../constants/application_constants'; import AppConstants from '../../constants/application_constants';
import { validationTypes } from '../../constants/uploader_constants'; import { validationTypes } from '../../constants/uploader_constants';
import { getCookie } from '../../utils/fetch_api'; import { makeCsrfHeader } from '../../utils/csrf';
import { getLangText } from '../../utils/lang'; import { getLangText } from '../../utils/lang';
import { resolveUrl } from '../../utils/url_resolver'; import { resolveUrl } from '../../utils/url_resolver';
@ -82,9 +82,7 @@ let FurtherDetailsFileuploader = React.createClass({
enabled: true, enabled: true,
method: 'DELETE', method: 'DELETE',
endpoint: `${AppConstants.serverUrl}/s3/delete`, endpoint: `${AppConstants.serverUrl}/s3/delete`,
customHeaders: { customHeaders: makeCsrfHeader()
'X-CSRFToken': getCookie(AppConstants.csrftoken)
}
}} }}
isReadyForFormSubmission={isReadyForFormSubmission} isReadyForFormSubmission={isReadyForFormSubmission}
keyRoutine={{ keyRoutine={{
@ -97,9 +95,7 @@ let FurtherDetailsFileuploader = React.createClass({
setIsUploadReady={setIsUploadReady} setIsUploadReady={setIsUploadReady}
session={{ session={{
endpoint: `${AppConstants.serverUrl}/api/blob/otherdatas/fineuploader_session/`, endpoint: `${AppConstants.serverUrl}/api/blob/otherdatas/fineuploader_session/`,
customHeaders: { customHeaders: makeCsrfHeader(),
'X-CSRFToken': getCookie(AppConstants.csrftoken)
},
params: { params: {
'pk': otherDataIds 'pk': otherDataIds
}, },
@ -110,9 +106,7 @@ let FurtherDetailsFileuploader = React.createClass({
}} }}
signature={{ signature={{
endpoint: `${AppConstants.serverUrl}/s3/signature/`, endpoint: `${AppConstants.serverUrl}/s3/signature/`,
customHeaders: { customHeaders: makeCsrfHeader()
'X-CSRFToken': getCookie(AppConstants.csrftoken)
}
}} }}
submitFile={submitFile} submitFile={submitFile}
showErrorPrompt={showErrorPrompt} showErrorPrompt={showErrorPrompt}

10
js/components/ascribe_forms/input_fineuploader.js
View File

@ -7,7 +7,7 @@ import FileDragAndDrop from '../ascribe_uploader/ascribe_file_drag_and_drop/file
import AppConstants from '../../constants/application_constants'; import AppConstants from '../../constants/application_constants';
import { getCookie } from '../../utils/fetch_api'; import { makeCsrfHeader } from '../../utils/csrf';
const { func, bool, oneOf } = React.PropTypes; const { func, bool, oneOf } = React.PropTypes;
@ -122,17 +122,13 @@ const InputFineUploader = React.createClass({
showErrorPrompt={showErrorPrompt} showErrorPrompt={showErrorPrompt}
signature={{ signature={{
endpoint: `${AppConstants.serverUrl}/s3/signature/`, endpoint: `${AppConstants.serverUrl}/s3/signature/`,
customHeaders: { customHeaders: makeCsrfHeader()
'X-CSRFToken': getCookie(AppConstants.csrftoken)
}
}} }}
deleteFile={{ deleteFile={{
enabled: true, enabled: true,
method: 'DELETE', method: 'DELETE',
endpoint: `${AppConstants.serverUrl}/s3/delete`, endpoint: `${AppConstants.serverUrl}/s3/delete`,
customHeaders: { customHeaders: makeCsrfHeader()
'X-CSRFToken': getCookie(AppConstants.csrftoken)
}
}} }}
enableLocalHashing={enableLocalHashing} enableLocalHashing={enableLocalHashing}
uploadMethod={uploadMethod} uploadMethod={uploadMethod}

10
js/components/ascribe_settings/contract_settings_update_button.js
View File

@ -14,7 +14,7 @@ import AppConstants from '../../constants/application_constants';
import { validationTypes } from '../../constants/uploader_constants'; import { validationTypes } from '../../constants/uploader_constants';
import { formSubmissionValidation } from '../ascribe_uploader/react_s3_fine_uploader_utils'; import { formSubmissionValidation } from '../ascribe_uploader/react_s3_fine_uploader_utils';
import { getCookie } from '../../utils/fetch_api'; import { makeCsrfHeader } from '../../utils/csrf';
import { getLangText } from '../../utils/lang'; import { getLangText } from '../../utils/lang';
import { resolveUrl } from '../../utils/url_resolver'; import { resolveUrl } from '../../utils/url_resolver';
@ -76,17 +76,13 @@ let ContractSettingsUpdateButton = React.createClass({
setIsUploadReady={() =>{/* So that ReactS3FineUploader is not complaining */}} setIsUploadReady={() =>{/* So that ReactS3FineUploader is not complaining */}}
signature={{ signature={{
endpoint: `${AppConstants.serverUrl}/s3/signature/`, endpoint: `${AppConstants.serverUrl}/s3/signature/`,
customHeaders: { customHeaders: makeCsrfHeader()
'X-CSRFToken': getCookie(AppConstants.csrftoken)
}
}} }}
deleteFile={{ deleteFile={{
enabled: true, enabled: true,
method: 'DELETE', method: 'DELETE',
endpoint: `${AppConstants.serverUrl}/s3/delete`, endpoint: `${AppConstants.serverUrl}/s3/delete`,
customHeaders: { customHeaders: makeCsrfHeader()
'X-CSRFToken': getCookie(AppConstants.csrftoken)
}
}} }}
fileClassToUpload={{ fileClassToUpload={{
singular: getLangText('UPDATE'), singular: getLangText('UPDATE'),

11
js/components/ascribe_uploader/react_s3_fine_uploader.js
View File

@ -15,12 +15,11 @@ import ErrorQueueStore from '../../stores/error_queue_store';
import GlobalNotificationModel from '../../models/global_notification_model'; import GlobalNotificationModel from '../../models/global_notification_model';
import GlobalNotificationActions from '../../actions/global_notification_actions'; import GlobalNotificationActions from '../../actions/global_notification_actions';
import AppConstants from '../../constants/application_constants';
import { ErrorClasses, testErrorAgainstAll } from '../../constants/error_constants'; import { ErrorClasses, testErrorAgainstAll } from '../../constants/error_constants';
import { RETRY_ATTEMPT_TO_SHOW_CONTACT_US, ENDPOINTS } from '../../constants/uploader_constants'; import { RETRY_ATTEMPT_TO_SHOW_CONTACT_US, ENDPOINTS } from '../../constants/uploader_constants';
import { displayValidFilesFilter, FileStatus, transformAllowedExtensionsToInputAcceptProp } from './react_s3_fine_uploader_utils'; import { displayValidFilesFilter, FileStatus, transformAllowedExtensionsToInputAcceptProp } from './react_s3_fine_uploader_utils';
import { getCookie } from '../../utils/fetch_api'; import { getCsrfToken, makeCsrfHeader } from '../../utils/csrf';
import { computeHashOfFile, extractFileExtensionFromString } from '../../utils/file'; import { computeHashOfFile, extractFileExtensionFromString } from '../../utils/file';
import { getLangText } from '../../utils/lang'; import { getLangText } from '../../utils/lang';
@ -215,7 +214,7 @@ const ReactS3FineUploader = React.createClass({
return { return {
filesToUpload: [], filesToUpload: [],
uploader: this.createNewFineUploader(), uploader: this.createNewFineUploader(),
csrfToken: getCookie(AppConstants.csrftoken), csrfToken: getCsrfToken(),
errorState: { errorState: {
manualRetryAttempt: 0, manualRetryAttempt: 0,
errorClass: null errorClass: null
@ -235,7 +234,7 @@ const ReactS3FineUploader = React.createClass({
// since the csrf header is defined in this component's props, // since the csrf header is defined in this component's props,
// everytime the csrf cookie is changed we'll need to reinitalize // everytime the csrf cookie is changed we'll need to reinitalize
// fineuploader and update the actual csrf token // fineuploader and update the actual csrf token
let potentiallyNewCSRFToken = getCookie(AppConstants.csrftoken); let potentiallyNewCSRFToken = getCsrfToken();
if(this.state.csrfToken !== potentiallyNewCSRFToken) { if(this.state.csrfToken !== potentiallyNewCSRFToken) {
this.setState({ this.setState({
uploader: this.createNewFineUploader(), uploader: this.createNewFineUploader(),
@ -318,7 +317,7 @@ const ReactS3FineUploader = React.createClass({
headers: { headers: {
'Accept': 'application/json', 'Accept': 'application/json',
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': getCookie(AppConstants.csrftoken) ...makeCsrfHeader()
}, },
credentials: 'include', credentials: 'include',
body: JSON.stringify({ body: JSON.stringify({
@ -361,7 +360,7 @@ const ReactS3FineUploader = React.createClass({
headers: { headers: {
'Accept': 'application/json', 'Accept': 'application/json',
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': getCookie(AppConstants.csrftoken) ...makeCsrfHeader()
}, },
credentials: 'include', credentials: 'include',
body: JSON.stringify({ body: JSON.stringify({

1
js/constants/application_constants.js
View File

@ -13,7 +13,6 @@ const constants = {
'acl_withdraw_transfer', 'acl_wallet_submit'], 'acl_withdraw_transfer', 'acl_wallet_submit'],
'version': 0.1, 'version': 0.1,
'csrftoken': 'csrftoken2',
'subdomains': [ 'subdomains': [
{ {
'subdomain': 'cc', 'subdomain': 'cc',

7
js/constants/csrf_constants.js Normal file
View File

@ -0,0 +1,7 @@
export const CSRF_COOKIE_NAME = 'csrftoken2';
export const CSRF_CUSTOM_HEADER_NAME = 'X-CSRFToken';
export default {
CSRF_COOKIE_NAME,
CSRF_CUSTOM_HEADER_NAME
};

14
js/utils/csrf.js Normal file
View File

@ -0,0 +1,14 @@
import { getCookie } from './cookie.js';
import { CSRF_COOKIE_NAME, CSRF_CUSTOM_HEADER_NAME } from '../constants/csrf_constants';
export function getCsrfToken() {
return getCookie(CSRF_COOKIE_NAME);
}
export function makeCsrfHeader(csrfToken = getCsrfToken()) {
return csrfToken ? {
[CSRF_CUSTOM_HEADER_NAME]: csrfToken
} : {};
}