2
0
mirror of https://github.com/HangarMC/Hangar.git synced 2025-01-06 13:56:14 +08:00

also fix csrf in vue scope + fix user auth

This commit is contained in:
MiniDigger 2020-07-29 19:53:39 +02:00
parent 6cea7d7c6e
commit 88951d9ee4
5 changed files with 18 additions and 11 deletions
src/main
frontend/src
entries
javascripts
java/me/minidigger/hangar/controller/api
resources/templates/layout

View File

@ -1,4 +1,7 @@
import Vue from 'vue'
import $ from "jquery";
$.ajaxSetup(window.ajaxSettings);
const root = require('../Home.vue').default;
const app = new Vue({

View File

@ -45,7 +45,8 @@ function getApiSession() {
return $.ajax({
url: '/api/v2/authenticate/user',
method: 'POST',
dataType: 'json'
dataType: 'json',
contentType: 'application/json'
}).done(function (data) {
if (data.type !== 'user') {
reject('Expected user session from user authentication');
@ -65,7 +66,8 @@ function getApiSession() {
$.ajax({
url: '/api/v2/authenticate',
method: 'POST',
dataType: 'json'
dataType: 'json',
contentType: 'application/json'
}).done(function (data) {
if (data.type !== 'public') {
reject('Expected public session from public authentication')

View File

@ -37,6 +37,6 @@ public interface AuthenticateApi {
@PostMapping(value = "/authenticate/user",
produces = MediaType.APPLICATION_JSON_VALUE,
consumes = MediaType.APPLICATION_JSON_VALUE)
ResponseEntity<ApiSessionResponse> authenticateUser(@ApiParam(value = "") @Valid @RequestBody SessionProperties body
ResponseEntity<ApiSessionResponse> authenticateUser(@ApiParam(value = "") @Valid @RequestBody(required = false) SessionProperties body
);
}

View File

@ -2,6 +2,7 @@ package me.minidigger.hangar.controller.api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
@ -26,10 +27,10 @@ public class AuthenticateApiController implements AuthenticateApi {
if (body != null && body.isFake() != null && body.isFake()) {
return ResponseEntity.ok(service.authenticateDev());
} else {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof HangarAuthentication) {
return ResponseEntity.ok(service.authenticateKeyPublic(body, ((HangarAuthentication) principal).getUserId()));
} else if (principal.equals("anonymousUser")) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof HangarAuthentication) {
return ResponseEntity.ok(service.authenticateKeyPublic(body, ((HangarAuthentication) authentication).getUserId()));
} else if (authentication.getPrincipal().equals("anonymousUser")) {
return ResponseEntity.ok(service.authenticatePublic());
} else {
throw AuthUtils.unAuth();
@ -39,9 +40,9 @@ public class AuthenticateApiController implements AuthenticateApi {
@Override
public ResponseEntity<ApiSessionResponse> authenticateUser(SessionProperties body) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof HangarAuthentication) {
return ResponseEntity.ok(service.authenticateUser(((HangarAuthentication) principal).getUserId()));
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof HangarAuthentication) {
return ResponseEntity.ok(service.authenticateUser(((HangarAuthentication) authentication).getUserId()));
} else {
throw AuthUtils.unAuth();
}

View File

@ -97,8 +97,9 @@ showFooter: Boolean = true, noContainer: Boolean = false, additionalMeta: Html =
<#if _csrf?? && _csrf.token??>
<script>
window.csrf = '${_csrf.token}';
window.ajaxSettings = {"headers": { '${_csrf.headerName}': window.csrf}};
window.isLoggedIn = ${headerData.hasUser()?c};
$.ajaxSetup({headers: {'${_csrf.headerName}': csrf}});
$.ajaxSetup(window.ajaxSettings);
</script>
</#if>