This is an automated email from the ASF dual-hosted git repository.
nbonte pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
commit d17fc1a1d3a0637ddf94956ba0b6492b8e251ac3
Author: Nikhil Bonte <nikhil.bo...@freestoneinfotech.com>
AuthorDate: Fri Apr 23 17:56:54 2021 +0530
ATLAS-4259: Swagger: Improve Header validation
Signed-off-by: Nikhil Bonte <nbo...@apache.org>
(cherry picked from commit 07037d2f5328a85be7e106cbbe82ffc91c3ea77d)
---
build-tools/src/main/resources/ui-dist/index.html | 1 +
build-tools/src/main/resources/ui-dist/index.js | 138 +++++++++++++++-------
2 files changed, 96 insertions(+), 43 deletions(-)
diff --git a/build-tools/src/main/resources/ui-dist/index.html
b/build-tools/src/main/resources/ui-dist/index.html
index e743572..653c38b 100755
--- a/build-tools/src/main/resources/ui-dist/index.html
+++ b/build-tools/src/main/resources/ui-dist/index.html
@@ -47,6 +47,7 @@
<body>
<div id="swagger-ui"></div>
+ <script src="../js/libs/jquery/js/jquery.min.js" charset="UTF-8"> </script>
<script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
<script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
<script src="./index.js" charset="UTF-8"> </script>
diff --git a/build-tools/src/main/resources/ui-dist/index.js
b/build-tools/src/main/resources/ui-dist/index.js
index 60a8477..3ae4076 100644
--- a/build-tools/src/main/resources/ui-dist/index.js
+++ b/build-tools/src/main/resources/ui-dist/index.js
@@ -16,47 +16,99 @@
* limitations under the License.
*/
-var gatewayUrl;
-
-window.onload = function() {
- const ui = SwaggerUIBundle({
- url: getSwaggerBaseUrl(window.location.pathname) + "/swagger.json",
- dom_id: '#swagger-ui',
- deepLinking: true,
- presets: [
- SwaggerUIBundle.presets.apis,
- SwaggerUIStandalonePreset
- ],
- plugins: [
- SwaggerUIBundle.plugins.DownloadUrl
- ],
- layout: "StandaloneLayout",
- requestInterceptor: function(request) {
- if (!request.url.includes("swagger.json")) {
+(function () {
+ var gatewayUrl,
+ _csrfToken,
+ csrfEnabled = false,
+ restCsrfCustomHeader,
+ restCsrfMethodsToIgnore = [],
+ swaggerSpecFileName = "swagger.json";
+
+ window.onload = function() {
+ const ui = SwaggerUIBundle({
+ url: getSwaggerBaseUrl(window.location.pathname) + "/" +
swaggerSpecFileName,
+ dom_id: '#swagger-ui',
+ deepLinking: true,
+ presets: [
+ SwaggerUIBundle.presets.apis,
+ SwaggerUIStandalonePreset
+ ],
+ plugins: [
+ SwaggerUIBundle.plugins.DownloadUrl
+ ],
+ layout: "StandaloneLayout",
+ requestInterceptor: function(request) {
+ if (!request.url.includes(swaggerSpecFileName)) {
request.url = getAPIUrl(request.url);
- }
- request.headers['X-XSRF-HEADER'] = "valid";
- return request;
- },
- docExpansion: 'none',
- validatorUrl: 'none'
- })
- window.ui = ui;
-
-
document.getElementById("swagger-ui").getElementsByClassName("topbar-wrapper")[0].getElementsByTagName("img")[0].src
= gatewayUrl + "/img/atlas_logo.svg";
-}
-
-function getSwaggerBaseUrl(url) {
- var path = url.replace(/\/[\w-]+.(jsp|html)|\/+$/ig, '');
- splitPath = path.split("/");
- splitPath.pop();
- gatewayUrl = splitPath.join("/");
-
- return window.location.origin + path;
-};
-
-function getAPIUrl(url) {
- url = new URL(url);
- var path = url.origin + gatewayUrl + url.pathname + url.search;
- return path;
-};
+ setCsrfHeaderToRequest(request);
+ }
+
+ return request;
+ },
+ docExpansion: 'none',
+ validatorUrl: 'none'
+ })
+ window.ui = ui;
+
+ atlasLogo = gatewayUrl + "/img/atlas_logo.svg";
+ $('#swagger-ui img').attr("src", atlasLogo);
+
+ fetchCsrfHeader();
+ }
+
+ function getSwaggerBaseUrl(url) {
+ var path = url.replace(/\/[\w-]+.(jsp|html)|\/+$/ig, '');
+ splitPath = path.split("/");
+ splitPath.pop();
+ gatewayUrl = splitPath.join("/");
+
+ return window.location.origin + path;
+ };
+
+ function getAPIUrl(url) {
+ url = new URL(url);
+ var path = url.origin + gatewayUrl + url.pathname + url.search;
+ return path;
+ };
+
+ function fetchCsrfHeader() {
+ var response = getSessionDetails();
+
+ if (!csrfEnabled && response['atlas.rest-csrf.enabled']) {
+ var str = "" + response['atlas.rest-csrf.enabled'];
+ csrfEnabled = (str.toLowerCase() == 'true');
+ }
+
+ if (!restCsrfCustomHeader &&
response["atlas.rest-csrf.custom-header"]) {
+ restCsrfCustomHeader =
response["atlas.rest-csrf.custom-header"].trim();
+ }
+
+ if (restCsrfMethodsToIgnore == 0 &&
response["atlas.rest-csrf.methods-to-ignore"]) {
+ restCsrfMethodsToIgnore =
response["atlas.rest-csrf.methods-to-ignore"].split(",");
+ }
+
+ if (csrfEnabled) {
+ _csrfToken = response['_csrfToken'];
+ }
+ }
+
+ function setCsrfHeaderToRequest(request) {
+ if (csrfEnabled && !restCsrfMethodsToIgnore.includes(request.method)) {
+ request.headers[restCsrfCustomHeader] = _csrfToken;
+ }
+ }
+
+ function getSessionDetails() {
+ var response;
+ $.ajax({
+ async : false,
+ method: "GET",
+ url: gatewayUrl + "/api/atlas/admin/session",
+ dataType: 'json',
+ success: function(result){
+ response = result;
+ }
+ });
+ return response;
+ };
+})();
\ No newline at end of file
