mirror of
https://github.com/HangarMC/Hangar.git
synced 2025-01-06 13:56:14 +08:00
also fix csrf in vue scope + fix user auth
This commit is contained in:
parent
6cea7d7c6e
commit
88951d9ee4
src/main
frontend/src
java/me/minidigger/hangar/controller/api
resources/templates/layout
@ -1,4 +1,7 @@
|
||||
import Vue from 'vue'
|
||||
import $ from "jquery";
|
||||
|
||||
$.ajaxSetup(window.ajaxSettings);
|
||||
|
||||
const root = require('../Home.vue').default;
|
||||
const app = new Vue({
|
||||
|
@ -45,7 +45,8 @@ function getApiSession() {
|
||||
return $.ajax({
|
||||
url: '/api/v2/authenticate/user',
|
||||
method: 'POST',
|
||||
dataType: 'json'
|
||||
dataType: 'json',
|
||||
contentType: 'application/json'
|
||||
}).done(function (data) {
|
||||
if (data.type !== 'user') {
|
||||
reject('Expected user session from user authentication');
|
||||
@ -65,7 +66,8 @@ function getApiSession() {
|
||||
$.ajax({
|
||||
url: '/api/v2/authenticate',
|
||||
method: 'POST',
|
||||
dataType: 'json'
|
||||
dataType: 'json',
|
||||
contentType: 'application/json'
|
||||
}).done(function (data) {
|
||||
if (data.type !== 'public') {
|
||||
reject('Expected public session from public authentication')
|
||||
|
@ -37,6 +37,6 @@ public interface AuthenticateApi {
|
||||
@PostMapping(value = "/authenticate/user",
|
||||
produces = MediaType.APPLICATION_JSON_VALUE,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
ResponseEntity<ApiSessionResponse> authenticateUser(@ApiParam(value = "") @Valid @RequestBody SessionProperties body
|
||||
ResponseEntity<ApiSessionResponse> authenticateUser(@ApiParam(value = "") @Valid @RequestBody(required = false) SessionProperties body
|
||||
);
|
||||
}
|
||||
|
@ -2,6 +2,7 @@ package me.minidigger.hangar.controller.api;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Controller;
|
||||
|
||||
@ -26,10 +27,10 @@ public class AuthenticateApiController implements AuthenticateApi {
|
||||
if (body != null && body.isFake() != null && body.isFake()) {
|
||||
return ResponseEntity.ok(service.authenticateDev());
|
||||
} else {
|
||||
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
if (principal instanceof HangarAuthentication) {
|
||||
return ResponseEntity.ok(service.authenticateKeyPublic(body, ((HangarAuthentication) principal).getUserId()));
|
||||
} else if (principal.equals("anonymousUser")) {
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (authentication instanceof HangarAuthentication) {
|
||||
return ResponseEntity.ok(service.authenticateKeyPublic(body, ((HangarAuthentication) authentication).getUserId()));
|
||||
} else if (authentication.getPrincipal().equals("anonymousUser")) {
|
||||
return ResponseEntity.ok(service.authenticatePublic());
|
||||
} else {
|
||||
throw AuthUtils.unAuth();
|
||||
@ -39,9 +40,9 @@ public class AuthenticateApiController implements AuthenticateApi {
|
||||
|
||||
@Override
|
||||
public ResponseEntity<ApiSessionResponse> authenticateUser(SessionProperties body) {
|
||||
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
if (principal instanceof HangarAuthentication) {
|
||||
return ResponseEntity.ok(service.authenticateUser(((HangarAuthentication) principal).getUserId()));
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (authentication instanceof HangarAuthentication) {
|
||||
return ResponseEntity.ok(service.authenticateUser(((HangarAuthentication) authentication).getUserId()));
|
||||
} else {
|
||||
throw AuthUtils.unAuth();
|
||||
}
|
||||
|
@ -97,8 +97,9 @@ showFooter: Boolean = true, noContainer: Boolean = false, additionalMeta: Html =
|
||||
<#if _csrf?? && _csrf.token??>
|
||||
<script>
|
||||
window.csrf = '${_csrf.token}';
|
||||
window.ajaxSettings = {"headers": { '${_csrf.headerName}': window.csrf}};
|
||||
window.isLoggedIn = ${headerData.hasUser()?c};
|
||||
$.ajaxSetup({headers: {'${_csrf.headerName}': csrf}});
|
||||
$.ajaxSetup(window.ajaxSettings);
|
||||
</script>
|
||||
</#if>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user