mirror/Hangar
2
0
Fork 0
mirror of https://github.com/HangarMC/Hangar.git synced 2025-01-24 14:24:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

also fix csrf in vue scope + fix user auth

Browse Source
This commit is contained in:
MiniDigger 2020-07-29 19:53:39 +02:00
parent 6cea7d7c6e
commit 88951d9ee4
5 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/frontend/src/entries/home.js
View File

@ -1,4 +1,7 @@
import Vue from 'vue' import Vue from 'vue'
import $ from "jquery";
$.ajaxSetup(window.ajaxSettings);
const root = require('../Home.vue').default; const root = require('../Home.vue').default;
const app = new Vue({ const app = new Vue({

6
src/main/frontend/src/javascripts/apiRequests.js
View File

@ -45,7 +45,8 @@ function getApiSession() {
return $.ajax({ return $.ajax({
url: '/api/v2/authenticate/user', url: '/api/v2/authenticate/user',
method: 'POST', method: 'POST',
dataType: 'json' dataType: 'json',
contentType: 'application/json'
}).done(function (data) { }).done(function (data) {
if (data.type !== 'user') { if (data.type !== 'user') {
reject('Expected user session from user authentication'); reject('Expected user session from user authentication');
@ -65,7 +66,8 @@ function getApiSession() {
$.ajax({ $.ajax({
url: '/api/v2/authenticate', url: '/api/v2/authenticate',
method: 'POST', method: 'POST',
dataType: 'json' dataType: 'json',
contentType: 'application/json'
}).done(function (data) { }).done(function (data) {
if (data.type !== 'public') { if (data.type !== 'public') {
reject('Expected public session from public authentication') reject('Expected public session from public authentication')

2
src/main/java/me/minidigger/hangar/controller/api/AuthenticateApi.java
View File

@ -37,6 +37,6 @@ public interface AuthenticateApi {
@PostMapping(value = "/authenticate/user", @PostMapping(value = "/authenticate/user",
produces = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE,
consumes = MediaType.APPLICATION_JSON_VALUE) consumes = MediaType.APPLICATION_JSON_VALUE)
ResponseEntity<ApiSessionResponse> authenticateUser(@ApiParam(value = "") @Valid @RequestBody SessionProperties body ResponseEntity<ApiSessionResponse> authenticateUser(@ApiParam(value = "") @Valid @RequestBody(required = false) SessionProperties body
); );
} }

15
src/main/java/me/minidigger/hangar/controller/api/AuthenticateApiController.java
View File

@ -2,6 +2,7 @@ package me.minidigger.hangar.controller.api;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
@ -26,10 +27,10 @@ public class AuthenticateApiController implements AuthenticateApi {
if (body != null && body.isFake() != null && body.isFake()) { if (body != null && body.isFake() != null && body.isFake()) {
return ResponseEntity.ok(service.authenticateDev()); return ResponseEntity.ok(service.authenticateDev());
} else { } else {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (principal instanceof HangarAuthentication) { if (authentication instanceof HangarAuthentication) {
return ResponseEntity.ok(service.authenticateKeyPublic(body, ((HangarAuthentication) principal).getUserId())); return ResponseEntity.ok(service.authenticateKeyPublic(body, ((HangarAuthentication) authentication).getUserId()));
} else if (principal.equals("anonymousUser")) { } else if (authentication.getPrincipal().equals("anonymousUser")) {
return ResponseEntity.ok(service.authenticatePublic()); return ResponseEntity.ok(service.authenticatePublic());
} else { } else {
throw AuthUtils.unAuth(); throw AuthUtils.unAuth();
@ -39,9 +40,9 @@ public class AuthenticateApiController implements AuthenticateApi {
@Override @Override
public ResponseEntity<ApiSessionResponse> authenticateUser(SessionProperties body) { public ResponseEntity<ApiSessionResponse> authenticateUser(SessionProperties body) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (principal instanceof HangarAuthentication) { if (authentication instanceof HangarAuthentication) {
return ResponseEntity.ok(service.authenticateUser(((HangarAuthentication) principal).getUserId())); return ResponseEntity.ok(service.authenticateUser(((HangarAuthentication) authentication).getUserId()));
} else { } else {
throw AuthUtils.unAuth(); throw AuthUtils.unAuth();
} }

3
src/main/resources/templates/layout/base.ftlh
View File

@ -97,8 +97,9 @@ showFooter: Boolean = true, noContainer: Boolean = false, additionalMeta: Html =
<#if _csrf?? && _csrf.token??> <#if _csrf?? && _csrf.token??>
<script> <script>
window.csrf = '${_csrf.token}'; window.csrf = '${_csrf.token}';
window.ajaxSettings = {"headers": { '${_csrf.headerName}': window.csrf}};
window.isLoggedIn = ${headerData.hasUser()?c}; window.isLoggedIn = ${headerData.hasUser()?c};
$.ajaxSetup({headers: {'${_csrf.headerName}': csrf}}); $.ajaxSetup(window.ajaxSettings);
</script> </script>
</#if> </#if>