npm - @mapcreator/api - Versions diffs - 5.0.0-alpha.49 → 5.0.0-alpha.50 - Mend

@mapcreator/api 5.0.0-alpha.49 → 5.0.0-alpha.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/cjs/api/choropleth.d.ts +1 -6
package/cjs/api/choropleth.d.ts.map +1 -1
package/cjs/api/choropleth.js +3 -3
package/cjs/api/choropleth.js.map +1 -1
package/cjs/oauth.d.ts +1 -4
package/cjs/oauth.d.ts.map +1 -1
package/cjs/oauth.js +23 -198
package/cjs/oauth.js.map +1 -1
package/cjs/utils.d.ts.map +1 -1
package/cjs/utils.js +11 -4
package/cjs/utils.js.map +1 -1
package/esm/api/choropleth.d.ts +1 -6
package/esm/api/choropleth.d.ts.map +1 -1
package/esm/api/choropleth.js +3 -3
package/esm/api/choropleth.js.map +1 -1
package/esm/oauth.d.ts +1 -4
package/esm/oauth.d.ts.map +1 -1
package/esm/oauth.js +23 -197
package/esm/oauth.js.map +1 -1
package/esm/utils.d.ts.map +1 -1
package/esm/utils.js +11 -4
package/esm/utils.js.map +1 -1
package/package.json +1 -1
package/src/api/choropleth.ts +2 -13
package/src/oauth.ts +22 -252
package/src/utils.ts +10 -3

package/src/oauth.ts CHANGED Viewed

@@ -8,27 +8,19 @@ export let token: {
   toString: () => string;
 } | null = null;
-let apiClientId = '';
 let callbackUrl = '';
-let oauthScopes = ['*'];
-const anchorParams = ['access_token', 'token_type', 'expires_in', 'state'];
-const storagePrefix = '_m4n_';
-const statePrefix = 'oauth_state_';
-const storageName = 'api_token';
-const dummyTokenExpires = new Date('2100-01-01T01:00:00');
+/**
+ * Cleanup of previously used data. The code part can be removed in a while.
+ */
+for (let i = 0; i < window.localStorage.length; ++i) {
+  const key = window.localStorage.key(i);
-interface AnchorToken {
-  access_token: string;
-  token_type: string;
-  expires_in: string;
-  state: string;
+  if (key?.startsWith('_m4n_')) {
+    window.localStorage.removeItem(key);
+  }
 }
-const titleCase = (str: unknown): string => String(str).toLowerCase().replace(/\b\w/g, c => c.toUpperCase());
 /**
  * Setup internal structures to use dummy authentication flow
  *
@@ -40,9 +32,9 @@ export function initDummyFlow(apiUrl: string, oauthToken: string): void {
   apiHost = apiUrl.replace(/\/+$/, '');
   token = {
-    type: titleCase(parts[0]),
+    type: parts[0].toLowerCase().replace(/\b\w/g, c => c.toUpperCase()),
     token: parts[1],
-    expires: dummyTokenExpires,
+    expires: new Date('2100-01-01T01:00:00'),
     toString(): string {
       return `${this.type} ${this.token}`;
@@ -54,261 +46,39 @@ export function initDummyFlow(apiUrl: string, oauthToken: string): void {
  * Setup internal structures to use implicit authentication flow
  *
  * @param {string} apiUrl - Full API URL
- * @param {string} clientId - OAuth client id
  * @param {string} [redirectUrl] - Callback URL
- * @param {string[]} [scopes] - A list of required scopes
  */
-export function initImplicitFlow(apiUrl: string, clientId: string, redirectUrl = '', scopes = ['*']): void {
+export function initImplicitFlow(apiUrl: string, redirectUrl = ''): void {
   apiHost = apiUrl.replace(/\/+$/, '');
-  apiClientId = String(clientId);
   callbackUrl = String(redirectUrl || window.location.href.split('#')[0]);
-  oauthScopes = scopes;
-  {
-    const key = `${storagePrefix}${storageName}`;
-    const data = window.localStorage.getItem(key);
-    if (data) {
-      try {
-        const obj = JSON.parse(data) as { type?: unknown; token?: unknown; expires?: unknown };
-        if (
-          typeof obj.type === 'string' &&
-          typeof obj.token === 'string' &&
-          typeof obj.expires === 'string' &&
-          new Date(obj.expires) > new Date()
-        ) {
-          token = {
-            type: titleCase(obj.type),
-            token: obj.token,
-            expires: new Date(obj.expires),
-            toString(): string {
-              return `${this.type} ${this.token}`;
-            },
-          };
-        } else {
-          window.localStorage.removeItem(key);
-        }
-      } catch (e) {
-        /* */
-      }
-    }
-  }
-  {
-    const obj = getAnchorToken();
-    if (isAnchorToken(obj)) {
-      // We'll not go there if anchor contains error and/or message
-      // This means that anchor parameters will be preserved for the next processing
-      cleanAnchorParams();
-      const expires = new Date(Date.now() + Number(obj.expires_in) * 1000);
-      if (isValidState(obj.state) && expires > new Date()) {
-        token = {
-          type: titleCase(obj.token_type),
-          token: obj.access_token,
-          expires,
-          toString(): string {
-            return `${this.type} ${this.token}`;
-          },
-        };
-        const key = `${storagePrefix}${storageName}`;
-        const data = { type: token.type, token: token.token, expires: expires.toUTCString() };
-        window.localStorage.setItem(key, JSON.stringify(data));
-      } else {
-        // TODO: add some logic to handle this
-        // throw Error('Invalid state in url');
-      }
-    }
-  }
-  if (authenticated()) {
-    const href = sessionStorage.getItem('redirect-url');
+  const href = sessionStorage.getItem('redirect-url');
-    if (href) {
-      sessionStorage.removeItem('redirect-url');
-      window.history.replaceState(null, document.title, href);
-    }
+  if (href) {
+    sessionStorage.removeItem('redirect-url');
+    window.history.replaceState(null, document.title, href);
   }
 }
 export async function authenticate(): Promise<string> | never {
   return new Promise(() => {
-    if (anchorContainsError()) {
-      console.error(getError());
-      cleanAnchorParams();
-    }
-    forget();
     sessionStorage.setItem('redirect-url', window.location.href);
-    window.location.assign(buildRedirectUrl());
+    window.location.assign(`${apiHost}/login?${new URLSearchParams({ redirect_uri: callbackUrl })}`);
   });
 }
-export function authenticated(): boolean {
-  return token != null && token.expires > new Date() && (
-    token.expires.valueOf() === dummyTokenExpires.valueOf() ||
-    !!window.localStorage.getItem(`${storagePrefix}${storageName}`)
-  );
-}
 export async function logout(): Promise<void> {
-  if (token) {
-    await fetch(`${apiHost}/oauth/logout`, {
+  if (!token) {
+    const cookie = document.cookie.split(/ *; */).find(pair => pair.startsWith('XSRF-TOKEN'))?.split('=')[1];
+    await fetch(`${apiHost}/logout`, {
       method: 'POST',
       headers: {
         Accept: 'application/json',
-        Authorization: token.toString(),
+        ...cookie && { 'X-XSRF-Token': decodeURIComponent(cookie) },
       },
+      credentials: 'include',
     });
   }
-  forget();
-}
-function forget(): void {
-  for (let i = 0; i < window.localStorage.length; ++i) {
-    const key = window.localStorage.key(i);
-    if (key?.startsWith(storagePrefix)) {
-      window.localStorage.removeItem(key);
-    }
-  }
-  token = null;
-}
-function buildRedirectUrl(): string {
-  const queryParams = new URLSearchParams({
-    client_id: apiClientId,
-    redirect_uri: callbackUrl,
-    response_type: 'token',
-    scope: oauthScopes.join(' '),
-    state: generateState(),
-  });
-  return `${apiHost}/oauth/authorize?${queryParams}`;
-}
-function getAnchorQuery(): string {
-  return window.location.hash.replace(/^#\/?/, '');
-}
-function getAnchorParams(): Record<string, unknown> {
-  const query = getAnchorQuery();
-  // eslint-disable-next-line @stylistic/padding-line-between-statements,@typescript-eslint/no-unsafe-return
-  return Object.fromEntries(query.split('&').map(pair => pair.split('=').map(decodeURIComponent)));
-}
-function getAnchorToken(): Partial<AnchorToken> {
-  const params = getAnchorParams();
-  return Object.fromEntries(Object.entries(params).filter(([key]) => anchorParams.includes(key)));
-}
-function isAnchorToken(anchorToken: Partial<AnchorToken>): anchorToken is AnchorToken {
-  const queryKeys = Object.keys(anchorToken);
-  return anchorParams.every(key => queryKeys.includes(key));
-}
-function cleanAnchorParams(): void {
-  const query = window.location.hash.replace(/^#\/?/, '');
-  const targets = [...anchorParams, 'error', 'message'];
-  const newHash = query
-    .split('&')
-    .filter(pair => !targets.includes(decodeURIComponent(pair.split('=')[0])))
-    .join('&');
-  if (newHash) {
-    window.location.hash = newHash;
-  } else {
-    const { origin, pathname, search } = window.location;
-    window.history.replaceState(null, document.title, `${origin}${pathname}${search}`);
-  }
-}
-function isValidState(state: string): boolean {
-  const key = `${storagePrefix}${statePrefix}${state}`;
-  const found = window.localStorage.getItem(key) != null;
-  if (found) {
-    window.localStorage.removeItem(key);
-  }
-  return found;
-}
-function anchorContainsError(): boolean {
-  return 'error' in getAnchorParams();
-}
-function generateState(): string {
-  // @ts-expect-error TS2365
-  // eslint-disable-next-line @typescript-eslint/restrict-plus-operands
-  const state = (([1e7] + -1e3 + -4e3 + -8e3 + -1e11) as string).replace(
-    /[018]/g, // @ts-expect-error TS2362
-    c => (c ^ ((Math.random() * 256) & (0x0f >>> (c >>> 2)))).toString(16),
-  );
-  const key = `${storagePrefix}${statePrefix}${state}`;
-  window.localStorage.setItem(key, `${Date.now()}`);
-  return state;
-}
-class OAuthError extends Error {
-  error: string;
-  constructor(message: string, error: unknown) {
-    super(message);
-    this.error = String(error);
-  }
-  toString(): string {
-    let error = this.error;
-    if (error.includes('_')) {
-      error = error.replace('_', ' ').replace(/^./, c => c.toUpperCase());
-    }
-    return this.message ? `${error}: ${this.message}` : error;
-  }
-}
-function getError(): OAuthError {
-  const params = getAnchorParams();
-  return params.message
-    ? new OAuthError(params.message as string, params.error)
-    : new OAuthError(titleCase(params.error), params.error);
-}
-/**
- * Our goal is to support even obsolete platforms (ES2017+ / Node.js 8.10+).
- * This is a small polyfill for possibly missing method used in our codebase.
- */
-if (!Object.fromEntries) { // eslint-disable-next-line arrow-body-style
-  Object.fromEntries = <T = never>(entries: Iterable<readonly [string | number, T]>): { [k: string]: T } => {
-    return Array.from(entries).reduce<{ [k: string]: T }>(
-      (object, entry) => {
-        if (!Array.isArray(entry)) {
-          throw new TypeError(`Iterator value ${entry as unknown as string} is not an entry object.`);
-        }
-        object[`${entry[0]}`] = entry[1];
-        return object;
-      }, {}
-    );
-  };
 }

package/src/utils.ts CHANGED Viewed

@@ -233,7 +233,6 @@ function getRequestInit<I extends ApiCommon, O extends Record<string, unknown>>(
   extraHeaders?: Record<string, string> | null,
   extraOptions?: ExtraOptions<I, O>,
 ): RequestInit {
-  const authorization = token ? { Authorization: token.toString() } : null;
   let contentType = null as { 'Content-Type': string } | null;
   if (body !== undefined) {
@@ -259,10 +258,18 @@ function getRequestInit<I extends ApiCommon, O extends Record<string, unknown>>(
     }
   }
-  const headers = { Accept: 'application/json', ...authorization, ...contentType, ...extraHeaders };
   const method = extraOptions?.method ?? (body != null ? 'POST' : 'GET'); // don't touch `!=` please
+  const cookie = !token && method === 'POST'
+    ? document.cookie.split(/ *; */).find(pair => pair.startsWith('XSRF-TOKEN'))?.split('=')[1]
+    : null;
+  const authorization = token
+    ? { Authorization: token.toString() }
+    : cookie
+      ? { 'X-XSRF-Token': decodeURIComponent(cookie) }
+      : null;
+  const headers = { Accept: 'application/json', ...authorization, ...contentType, ...extraHeaders };
-  return { body, headers, method } as RequestInit;
+  return { body, headers, method, ...!token && { credentials: 'include' } } as RequestInit;
 }
 interface Context<I extends ApiCommon, O extends Record<string, unknown>> {