scm-ui/ui-components/src/apiclient.ts

import { contextPath } from "./urls";
import { createBackendError, ForbiddenError, isBackendError, UnauthorizedError } from "./errors";
import { BackendErrorContent } from "./errors";

const sessionId = (
  Date.now().toString(36) +
  Math.random()
    .toString(36)
    .substr(2, 5)
).toUpperCase();

const extractXsrfTokenFromJwt = (jwt: string) => {
  const parts = jwt.split(".");
  if (parts.length === 3) {
    return JSON.parse(atob(parts[1])).xsrf;
  }
};

// @VisibleForTesting
export const extractXsrfTokenFromCookie = (cookieString?: string) => {
  if (cookieString) {
    const cookies = cookieString.split(";");
    for (const c of cookies) {
      const parts = c.trim().split("=");
      if (parts[0] === "X-Bearer-Token") {
        return extractXsrfTokenFromJwt(parts[1]);
      }
    }
  }
};

const extractXsrfToken = () => {
  return extractXsrfTokenFromCookie(document.cookie);
};

const applyFetchOptions: (p: RequestInit) => RequestInit = o => {
  if (!o.headers) {
    o.headers = {};
  }

  // @ts-ignore We are sure that here we only get headers of type Record<string, string>
  const headers: Record<string, string> = o.headers;
  headers["Cache"] = "no-cache";
  // identify the request as ajax request
  headers["X-Requested-With"] = "XMLHttpRequest";
  // identify the web interface
  headers["X-SCM-Client"] = "WUI";
  // identify the window session
  headers["X-SCM-Session-ID"] = sessionId

  const xsrf = extractXsrfToken();
  if (xsrf) {
    headers["X-XSRF-Token"] = xsrf;
  }

  o.credentials = "same-origin";
  o.headers = headers;
  return o;
};

function handleFailure(response: Response) {
  if (!response.ok) {
    if (isBackendError(response)) {
      return response.json().then((content: BackendErrorContent) => {
        throw createBackendError(content, response.status);
      });
    } else {
      if (response.status === 401) {
        throw new UnauthorizedError("Unauthorized", 401);
      } else if (response.status === 403) {
        throw new ForbiddenError("Forbidden", 403);
      }

      throw new Error("server returned status code " + response.status);
    }
  }
  return response;
}

export function createUrl(url: string) {
  if (url.includes("://")) {
    return url;
  }
  let urlWithStartingSlash = url;
  if (url.indexOf("/") !== 0) {
    urlWithStartingSlash = "/" + urlWithStartingSlash;
  }
  return `${contextPath}/api/v2${urlWithStartingSlash}`;
}

class ApiClient {
  get(url: string): Promise<Response> {
    return fetch(createUrl(url), applyFetchOptions({})).then(handleFailure);
  }

  post(url: string, payload?: any, contentType = "application/json", additionalHeaders: Record<string, string> = {}) {
    return this.httpRequestWithJSONBody("POST", url, contentType, additionalHeaders, payload);
  }

  postText(url: string, payload: string, additionalHeaders: Record<string, string> = {}) {
    return this.httpRequestWithTextBody("POST", url, additionalHeaders, payload);
  }

  putText(url: string, payload: string, additionalHeaders: Record<string, string> = {}) {
    return this.httpRequestWithTextBody("PUT", url, additionalHeaders, payload);
  }

  postBinary(url: string, fileAppender: (p: FormData) => void, additionalHeaders: Record<string, string> = {}) {
    const formData = new FormData();
    fileAppender(formData);

    const options: RequestInit = {
      method: "POST",
      body: formData,
      headers: additionalHeaders
    };
    return this.httpRequestWithBinaryBody(options, url);
  }

  put(url: string, payload: any, contentType = "application/json", additionalHeaders: Record<string, string> = {}) {
    return this.httpRequestWithJSONBody("PUT", url, contentType, additionalHeaders, payload);
  }

  head(url: string) {
    let options: RequestInit = {
      method: "HEAD"
    };
    options = applyFetchOptions(options);
    return fetch(createUrl(url), options).then(handleFailure);
  }

  delete(url: string): Promise<Response> {
    let options: RequestInit = {
      method: "DELETE"
    };
    options = applyFetchOptions(options);
    return fetch(createUrl(url), options).then(handleFailure);
  }

  httpRequestWithJSONBody(
    method: string,
    url: string,
    contentType: string,
    additionalHeaders: Record<string, string>,
    payload?: any
  ): Promise<Response> {
    const options: RequestInit = {
      method: method,
      headers: additionalHeaders
    };
    if (payload) {
      options.body = JSON.stringify(payload);
    }
    return this.httpRequestWithBinaryBody(options, url, contentType);
  }

  httpRequestWithTextBody(
    method: string,
    url: string,
    additionalHeaders: Record<string, string> = {},
    payload: string
  ) {
    const options: RequestInit = {
      method: method,
      headers: additionalHeaders
    };
    options.body = payload;
    return this.httpRequestWithBinaryBody(options, url, "text/plain");
  }

  httpRequestWithBinaryBody(options: RequestInit, url: string, contentType?: string) {
    options = applyFetchOptions(options);
    if (contentType) {
      if (!options.headers) {
        options.headers = {};
      }
      // @ts-ignore We are sure that here we only get headers of type Record<string, string>
      options.headers["Content-Type"] = contentType;
    }

    return fetch(createUrl(url), options).then(handleFailure);
  }
}

export const apiClient = new ApiClient();
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`import { contextPath } from "./urls";`
apply eslint and prettier rules 2019-10-21 10:57:56 +02:00			`import { createBackendError, ForbiddenError, isBackendError, UnauthorizedError } from "./errors";`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`import { BackendErrorContent } from "./errors";`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00
implement ui client session id This changeset introduces a client side session id, which is generated once by the client (ui: apiClient) and is send with each request to server. The server makes the session id available by the PrincipalCollection of the subject. 2019-11-13 14:03:48 +01:00			`const sessionId = (`
			`Date.now().toString(36) +`
			`Math.random()`
			`.toString(36)`
			`.substr(2, 5)`
			`).toUpperCase();`

implement client side xsrf protection 2019-11-18 11:45:48 +01:00			`const extractXsrfTokenFromJwt = (jwt: string) => {`
			`const parts = jwt.split(".");`
			`if (parts.length === 3) {`
			`return JSON.parse(atob(parts[1])).xsrf;`
			`}`
			`};`

			`// @VisibleForTesting`
			`export const extractXsrfTokenFromCookie = (cookieString?: string) => {`
			`if (cookieString) {`
			`const cookies = cookieString.split(";");`
			`for (const c of cookies) {`
			`const parts = c.trim().split("=");`
			`if (parts[0] === "X-Bearer-Token") {`
			`return extractXsrfTokenFromJwt(parts[1]);`
			`}`
			`}`
			`}`
			`};`

			`const extractXsrfToken = () => {`
			`return extractXsrfTokenFromCookie(document.cookie);`
			`};`

migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`const applyFetchOptions: (p: RequestInit) => RequestInit = o => {`
Do not overwrite existing headers in applyFetchOptions 2019-11-20 11:12:22 +01:00			`if (!o.headers) {`
			`o.headers = {};`
			`}`

			`// @ts-ignore We are sure that here we only get headers of type Record<string, string>`
			`const headers: Record<string, string> = o.headers;`
			`headers["Cache"] = "no-cache";`
			`// identify the request as ajax request`
			`headers["X-Requested-With"] = "XMLHttpRequest";`
			`// identify the web interface`
			`headers["X-SCM-Client"] = "WUI";`
merge with default branch 2019-12-05 16:14:44 +01:00			`// identify the window session`
			`headers["X-SCM-Session-ID"] = sessionId`
implement client side xsrf protection 2019-11-18 11:45:48 +01:00
			`const xsrf = extractXsrfToken();`
			`if (xsrf) {`
			`headers["X-XSRF-Token"] = xsrf;`
			`}`

migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`o.credentials = "same-origin";`
implement client side xsrf protection 2019-11-18 11:45:48 +01:00			`o.headers = headers;`
Fix content type of requests Without this fix, a content type would be stored in the headers array of the constant fetchOptions once they are set. This way they will be used whenever no explicit content type is set, which is (and mus be) the case for multipart form data. 2019-09-04 14:47:13 +02:00			`return o;`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`};`

improve error handling in the ui 2018-11-15 21:39:08 +01:00			`function handleFailure(response: Response) {`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`if (!response.ok) {`
improve error handling in the ui 2018-11-15 21:39:08 +01:00			`if (isBackendError(response)) {`
use reflow to migrate from flow to typescript 2019-10-19 16:38:07 +02:00			`return response.json().then((content: BackendErrorContent) => {`
			`throw createBackendError(content, response.status);`
			`});`
improve error handling in the ui 2018-11-15 21:39:08 +01:00			`} else {`
Fixed 401 message on login 2019-02-25 17:40:53 +01:00			`if (response.status === 401) {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`throw new UnauthorizedError("Unauthorized", 401);`
Added ui error handling for 403 errors 2019-03-04 11:49:12 +01:00			`} else if (response.status === 403) {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`throw new ForbiddenError("Forbidden", 403);`
Fixed 401 message on login 2019-02-25 17:40:53 +01:00			`}`
Added ui error handling for 403 errors 2019-03-04 11:49:12 +01:00
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`throw new Error("server returned status code " + response.status);`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`
			`}`
			`return response;`
			`}`

fix bug in createUrl of apiclient and added tests 2018-07-12 08:22:27 +02:00			`export function createUrl(url: string) {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`if (url.includes("://")) {`
Improved flow coverage, fixed bugs and enabled deleting users 2018-07-11 12:02:53 +02:00			`return url;`
			`}`
fix bug in createUrl of apiclient and added tests 2018-07-12 08:22:27 +02:00			`let urlWithStartingSlash = url;`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`if (url.indexOf("/") !== 0) {`
			`urlWithStartingSlash = "/" + urlWithStartingSlash;`
improve module unit tests 2018-07-11 22:01:36 +02:00			`}`
remove the rest/ path from endpoints 2018-10-01 17:22:03 +02:00			return `${contextPath}/api/v2${urlWithStartingSlash}`;
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`

			`class ApiClient {`
Improved flow coverage, fixed bugs and enabled deleting users 2018-07-11 12:02:53 +02:00			`get(url: string): Promise<Response> {`
do not use function as fetch argument, use the resulting object This should fix the login problem "Error: e._links.me is undefined" on older firefox browsers such as 56.0.2 2019-09-26 15:42:21 +02:00			`return fetch(createUrl(url), applyFetchOptions({})).then(handleFailure);`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`

Fix types 2019-11-20 10:44:11 +01:00			`post(url: string, payload?: any, contentType = "application/json", additionalHeaders: Record<string, string> = {}) {`
Add optional heades for api client push and put 2019-11-20 08:29:05 +01:00			`return this.httpRequestWithJSONBody("POST", url, contentType, additionalHeaders, payload);`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`

Fix types 2019-11-20 10:44:11 +01:00			`postText(url: string, payload: string, additionalHeaders: Record<string, string> = {}) {`
Add post and put with text 2019-11-20 08:59:57 +01:00			`return this.httpRequestWithTextBody("POST", url, additionalHeaders, payload);`
			`}`

Fix types 2019-11-20 10:44:11 +01:00			`putText(url: string, payload: string, additionalHeaders: Record<string, string> = {}) {`
Add post and put with text 2019-11-20 08:59:57 +01:00			`return this.httpRequestWithTextBody("PUT", url, additionalHeaders, payload);`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`

Fix types 2019-11-20 10:44:11 +01:00			`postBinary(url: string, fileAppender: (p: FormData) => void, additionalHeaders: Record<string, string> = {}) {`
apply eslint and prettier rules 2019-10-21 10:57:56 +02:00			`const formData = new FormData();`
Add upload api for files 2019-08-30 09:11:14 +02:00			`fileAppender(formData);`
Add method to upload files to api client 2019-08-29 16:37:57 +02:00
apply eslint and prettier rules 2019-10-21 10:57:56 +02:00			`const options: RequestInit = {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`method: "POST",`
Add optional heades for api client push and put 2019-11-20 08:29:05 +01:00			`body: formData,`
			`headers: additionalHeaders`
Add method to upload files to api client 2019-08-29 16:37:57 +02:00			`};`
Add upload api for files 2019-08-30 09:11:14 +02:00			`return this.httpRequestWithBinaryBody(options, url);`
Add method to upload files to api client 2019-08-29 16:37:57 +02:00			`}`

Fix types 2019-11-20 10:44:11 +01:00			`put(url: string, payload: any, contentType = "application/json", additionalHeaders: Record<string, string> = {}) {`
Add optional heades for api client push and put 2019-11-20 08:29:05 +01:00			`return this.httpRequestWithJSONBody("PUT", url, contentType, additionalHeaders, payload);`
Added user add functionality 2018-07-11 17:02:38 +02:00			`}`

get contextType 2018-10-25 13:45:52 +02:00			`head(url: string) {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`let options: RequestInit = {`
			`method: "HEAD"`
get contextType 2018-10-25 13:45:52 +02:00			`};`
Fix content type of requests Without this fix, a content type would be stored in the headers array of the constant fetchOptions once they are set. This way they will be used whenever no explicit content type is set, which is (and mus be) the case for multipart form data. 2019-09-04 14:47:13 +02:00			`options = applyFetchOptions(options);`
improve error handling in the ui 2018-11-15 21:39:08 +01:00			`return fetch(createUrl(url), options).then(handleFailure);`
add head request 2018-10-15 16:45:44 +02:00			`}`

Improved flow coverage, fixed bugs and enabled deleting users 2018-07-11 12:02:53 +02:00			`delete(url: string): Promise<Response> {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`let options: RequestInit = {`
			`method: "DELETE"`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`};`
Fix content type of requests Without this fix, a content type would be stored in the headers array of the constant fetchOptions once they are set. This way they will be used whenever no explicit content type is set, which is (and mus be) the case for multipart form data. 2019-09-04 14:47:13 +02:00			`options = applyFetchOptions(options);`
improve error handling in the ui 2018-11-15 21:39:08 +01:00			`return fetch(createUrl(url), options).then(handleFailure);`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`

Add optional heades for api client push and put 2019-11-20 08:29:05 +01:00			`httpRequestWithJSONBody(`
			`method: string,`
			`url: string,`
			`contentType: string,`
Fix types 2019-11-20 10:44:11 +01:00			`additionalHeaders: Record<string, string>,`
Add optional heades for api client push and put 2019-11-20 08:29:05 +01:00			`payload?: any`
			`): Promise<Response> {`
apply eslint and prettier rules 2019-10-21 10:57:56 +02:00			`const options: RequestInit = {`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`method: method,`
Add optional heades for api client push and put 2019-11-20 08:29:05 +01:00			`headers: additionalHeaders`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`};`
Make payload parameter optional 2019-11-05 16:10:41 +01:00			`if (payload) {`
			`options.body = JSON.stringify(payload);`
			`}`
Add upload api for files 2019-08-30 09:11:14 +02:00			`return this.httpRequestWithBinaryBody(options, url, contentType);`
Add method to upload files to api client 2019-08-29 16:37:57 +02:00			`}`

Fix types 2019-11-20 10:44:11 +01:00			`httpRequestWithTextBody(`
			`method: string,`
			`url: string,`
			`additionalHeaders: Record<string, string> = {},`
			`payload: string`
			`) {`
Add post and put with text 2019-11-20 08:59:57 +01:00			`const options: RequestInit = {`
			`method: method,`
			`headers: additionalHeaders`
			`};`
			`options.body = payload;`
			`return this.httpRequestWithBinaryBody(options, url, "text/plain");`
			`}`

apply eslint and prettier rules 2019-10-21 10:57:56 +02:00			`httpRequestWithBinaryBody(options: RequestInit, url: string, contentType?: string) {`
Fix content type of requests Without this fix, a content type would be stored in the headers array of the constant fetchOptions once they are set. This way they will be used whenever no explicit content type is set, which is (and mus be) the case for multipart form data. 2019-09-04 14:47:13 +02:00			`options = applyFetchOptions(options);`
Add upload api for files 2019-08-30 09:11:14 +02:00			`if (contentType) {`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`if (!options.headers) {`
Do not overwrite existing headers in applyFetchOptions 2019-11-20 11:12:22 +01:00			`options.headers = {};`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`}`
Fix types 2019-11-20 10:44:11 +01:00			`// @ts-ignore We are sure that here we only get headers of type Record<string, string>`
migrate ui-components from flow to typescript 2019-10-20 16:59:02 +02:00			`options.headers["Content-Type"] = contentType;`
Add upload api for files 2019-08-30 09:11:14 +02:00			`}`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00
improve error handling in the ui 2018-11-15 21:39:08 +01:00			`return fetch(createUrl(url), options).then(handleFailure);`
add restentpoint for login/logout, restructuring of modules and components, add flow usage 2018-07-04 16:43:46 +02:00			`}`
			`}`

apply eslint and prettier rules 2019-10-21 10:57:56 +02:00			`export const apiClient = new ApiClient();`