merge with default branch

2025-11-10 23:45:44 +01:00 · 2019-12-05 16:14:44 +01:00
parent 42ab81cf50 149ea73e00
commit 33833994d3
166 changed files with 2566 additions and 704 deletions
--- a/scm-ui/ui-components/src/apiclient.ts
+++ b/scm-ui/ui-components/src/apiclient.ts
@@ -9,14 +9,52 @@ const sessionId = (
    .substr(2, 5)
 ).toUpperCase();

+const extractXsrfTokenFromJwt = (jwt: string) => {
+  const parts = jwt.split(".");
+  if (parts.length === 3) {
+    return JSON.parse(atob(parts[1])).xsrf;
+  }
+};
+
+// @VisibleForTesting
+export const extractXsrfTokenFromCookie = (cookieString?: string) => {
+  if (cookieString) {
+    const cookies = cookieString.split(";");
+    for (const c of cookies) {
+      const parts = c.trim().split("=");
+      if (parts[0] === "X-Bearer-Token") {
+        return extractXsrfTokenFromJwt(parts[1]);
+      }
+    }
+  }
+};
+
+const extractXsrfToken = () => {
+  return extractXsrfTokenFromCookie(document.cookie);
+};
+
 const applyFetchOptions: (p: RequestInit) => RequestInit = o => {
+  if (!o.headers) {
+    o.headers = {};
+  }
+
+  // @ts-ignore We are sure that here we only get headers of type Record<string, string>
+  const headers: Record<string, string> = o.headers;
+  headers["Cache"] = "no-cache";
+  // identify the request as ajax request
+  headers["X-Requested-With"] = "XMLHttpRequest";
+  // identify the web interface
+  headers["X-SCM-Client"] = "WUI";
+  // identify the window session
+  headers["X-SCM-Session-ID"] = sessionId
+
+  const xsrf = extractXsrfToken();
+  if (xsrf) {
+    headers["X-XSRF-Token"] = xsrf;
+  }
+
  o.credentials = "same-origin";
-  o.headers = {
-    Cache: "no-cache",
-    // identify the request as ajax request
-    "X-Requested-With": "XMLHttpRequest",
-    "X-SCM-Session-ID": sessionId
-  };
+  o.headers = headers;
  return o;
 };

@@ -55,23 +93,32 @@ class ApiClient {
    return fetch(createUrl(url), applyFetchOptions({})).then(handleFailure);
  }

-  post(url: string, payload: any, contentType = "application/json") {
-    return this.httpRequestWithJSONBody("POST", url, contentType, payload);
+  post(url: string, payload?: any, contentType = "application/json", additionalHeaders: Record<string, string> = {}) {
+    return this.httpRequestWithJSONBody("POST", url, contentType, additionalHeaders, payload);
  }

-  postBinary(url: string, fileAppender: (p: FormData) => void) {
+  postText(url: string, payload: string, additionalHeaders: Record<string, string> = {}) {
+    return this.httpRequestWithTextBody("POST", url, additionalHeaders, payload);
+  }
+
+  putText(url: string, payload: string, additionalHeaders: Record<string, string> = {}) {
+    return this.httpRequestWithTextBody("PUT", url, additionalHeaders, payload);
+  }
+
+  postBinary(url: string, fileAppender: (p: FormData) => void, additionalHeaders: Record<string, string> = {}) {
    const formData = new FormData();
    fileAppender(formData);

    const options: RequestInit = {
      method: "POST",
-      body: formData
+      body: formData,
+      headers: additionalHeaders
    };
    return this.httpRequestWithBinaryBody(options, url);
  }

-  put(url: string, payload: any, contentType = "application/json") {
-    return this.httpRequestWithJSONBody("PUT", url, contentType, payload);
+  put(url: string, payload: any, contentType = "application/json", additionalHeaders: Record<string, string> = {}) {
+    return this.httpRequestWithJSONBody("PUT", url, contentType, additionalHeaders, payload);
  }

  head(url: string) {
@@ -90,21 +137,44 @@ class ApiClient {
    return fetch(createUrl(url), options).then(handleFailure);
  }

-  httpRequestWithJSONBody(method: string, url: string, contentType: string, payload: any): Promise<Response> {
+  httpRequestWithJSONBody(
+    method: string,
+    url: string,
+    contentType: string,
+    additionalHeaders: Record<string, string>,
+    payload?: any
+  ): Promise<Response> {
    const options: RequestInit = {
      method: method,
-      body: JSON.stringify(payload)
+      headers: additionalHeaders
    };
+    if (payload) {
+      options.body = JSON.stringify(payload);
+    }
    return this.httpRequestWithBinaryBody(options, url, contentType);
  }

+  httpRequestWithTextBody(
+    method: string,
+    url: string,
+    additionalHeaders: Record<string, string> = {},
+    payload: string
+  ) {
+    const options: RequestInit = {
+      method: method,
+      headers: additionalHeaders
+    };
+    options.body = payload;
+    return this.httpRequestWithBinaryBody(options, url, "text/plain");
+  }
+
  httpRequestWithBinaryBody(options: RequestInit, url: string, contentType?: string) {
    options = applyFetchOptions(options);
    if (contentType) {
      if (!options.headers) {
-        options.headers = new Headers();
+        options.headers = {};
      }
-      // @ts-ignore
+      // @ts-ignore We are sure that here we only get headers of type Record<string, string>
      options.headers["Content-Type"] = contentType;
    }