@vaadin/hilla-frontend 24.8.0-alpha5 → 24.8.0-alpha7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Authentication.js +35 -8
- package/Authentication.js.map +1 -1
- package/CsrfUtils.d.ts +1 -1
- package/CsrfUtils.js +17 -14
- package/CsrfUtils.js.map +1 -1
- package/index.js +1 -1
- package/index.js.map +1 -1
- package/package.json +1 -1
package/Authentication.js
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import CookieManager from "./CookieManager.js";
|
|
2
|
-
import { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from "./CsrfUtils.js";
|
|
2
|
+
import { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, getSpringCsrfTokenParametersForAuthRequest, VAADIN_CSRF_HEADER } from "./CsrfUtils.js";
|
|
3
3
|
const JWT_COOKIE_NAME = "jwt.headerAndPayload";
|
|
4
4
|
function getSpringCsrfTokenFromResponseBody(body) {
|
|
5
5
|
const doc = new DOMParser().parseFromString(body, "text/html");
|
|
6
6
|
return getSpringCsrfInfo(doc);
|
|
7
7
|
}
|
|
8
8
|
function clearSpringCsrfMetaTags() {
|
|
9
|
-
Array.from(document.head.querySelectorAll("meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]")).forEach((el) => el.remove());
|
|
9
|
+
Array.from(document.head.querySelectorAll("meta[name=\"_csrf\"], meta[name=\"_csrf_header\"], meta[name=\"_csrf_parameter\"]")).forEach((el) => el.remove());
|
|
10
10
|
}
|
|
11
11
|
function updateSpringCsrfMetaTags(springCsrfInfo) {
|
|
12
12
|
clearSpringCsrfMetaTags();
|
|
@@ -30,7 +30,7 @@ async function updateCsrfTokensBasedOnResponse(response) {
|
|
|
30
30
|
updateSpringCsrfMetaTags(springCsrfTokenInfo);
|
|
31
31
|
return token;
|
|
32
32
|
}
|
|
33
|
-
async function
|
|
33
|
+
async function doFetchLogout(logoutUrl, headers) {
|
|
34
34
|
const response = await fetch(logoutUrl, {
|
|
35
35
|
headers,
|
|
36
36
|
method: "POST"
|
|
@@ -41,6 +41,36 @@ async function doLogout(logoutUrl, headers) {
|
|
|
41
41
|
await updateCsrfTokensBasedOnResponse(response);
|
|
42
42
|
return response;
|
|
43
43
|
}
|
|
44
|
+
function doFormLogout(url, parameters) {
|
|
45
|
+
const logoutUrl = typeof url === "string" ? url : url.toString();
|
|
46
|
+
const form = document.createElement("form");
|
|
47
|
+
form.setAttribute("method", "POST");
|
|
48
|
+
form.setAttribute("action", logoutUrl);
|
|
49
|
+
form.style.display = "none";
|
|
50
|
+
for (const [name, value] of Object.entries(parameters)) {
|
|
51
|
+
const input = document.createElement("input");
|
|
52
|
+
input.setAttribute("type", "hidden");
|
|
53
|
+
input.setAttribute("name", name);
|
|
54
|
+
input.setAttribute("value", value);
|
|
55
|
+
form.appendChild(input);
|
|
56
|
+
}
|
|
57
|
+
document.body.appendChild(form);
|
|
58
|
+
form.submit();
|
|
59
|
+
}
|
|
60
|
+
async function doLogout(doc, options) {
|
|
61
|
+
const shouldSubmitFormLogout = !options?.navigate && !options?.onSuccess;
|
|
62
|
+
const logoutUrl = options?.logoutUrl ?? "logout";
|
|
63
|
+
if (shouldSubmitFormLogout) {
|
|
64
|
+
const parameters = getSpringCsrfTokenParametersForAuthRequest(doc);
|
|
65
|
+
doFormLogout(logoutUrl, parameters);
|
|
66
|
+
return new Response(undefined, {
|
|
67
|
+
status: 200,
|
|
68
|
+
statusText: "OK"
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);
|
|
72
|
+
return await doFetchLogout(logoutUrl, headers);
|
|
73
|
+
}
|
|
44
74
|
function normalizePath(url) {
|
|
45
75
|
const effectiveBaseURL = new URL(".", document.baseURI);
|
|
46
76
|
const effectiveBaseURI = effectiveBaseURL.toString();
|
|
@@ -128,18 +158,15 @@ export async function login(username, password, options) {
|
|
|
128
158
|
* @param options - defines additional options, e.g, the logoutUrl.
|
|
129
159
|
*/
|
|
130
160
|
export async function logout(options) {
|
|
131
|
-
const logoutUrl = options?.logoutUrl ?? "logout";
|
|
132
161
|
let response;
|
|
133
162
|
try {
|
|
134
|
-
|
|
135
|
-
response = await doLogout(logoutUrl, headers);
|
|
163
|
+
response = await doLogout(document, options);
|
|
136
164
|
} catch {
|
|
137
165
|
try {
|
|
138
166
|
const noCacheResponse = await fetch("?nocache");
|
|
139
167
|
const responseText = await noCacheResponse.text();
|
|
140
168
|
const doc = new DOMParser().parseFromString(responseText, "text/html");
|
|
141
|
-
|
|
142
|
-
response = await doLogout(logoutUrl, headers);
|
|
169
|
+
response = await doLogout(doc, options);
|
|
143
170
|
} catch (error) {
|
|
144
171
|
clearSpringCsrfMetaTags();
|
|
145
172
|
throw error;
|
package/Authentication.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"mappings":"AACA,OAAO,uCAAwC;AAC/C,SAAS,mBAAmB,yCAAyC,0CAA2C;AAEhH,MAAM,kBAAkB;AAExB,SAAS,mCAAmCA,MAAsC;CAChF,MAAM,MAAM,IAAI,YAAY,gBAAgB,MAAM,YAAY;AAC9D,QAAO,kBAAkB,IAAI;AAC9B;AAED,SAAS,0BAA0B;AACjC,OAAM,KAAK,SAAS,KAAK,iBAAiB,oDAAgD,CAAC,CAAC,QAAQ,CAAC,OACnG,GAAG,QAAQ,CACZ;AACF;AAED,SAAS,yBAAyBC,gBAAwC;AACxE,0BAAyB;CACzB,MAAMC,iBAAkC,SAAS,cAAc,OAAO;AACtE,gBAAe,OAAO;AACtB,gBAAe,UAAU,eAAe;AACxC,UAAS,KAAK,YAAY,eAAe;CACzC,MAAMC,YAA6B,SAAS,cAAc,OAAO;AACjE,WAAU,OAAO;AACjB,WAAU,UAAU,eAAe;AACnC,UAAS,KAAK,YAAY,UAAU;AACrC;AAED,MAAM,qCAAqC,CAACH,SAAqC;CAC/E,MAAM,QAAQ,6EAA6E,KAAK,KAAK;AACrG,QAAO,QAAQ,MAAM,KAAK;AAC3B;AAED,eAAe,gCAAgCI,UAAiD;CAC9F,MAAM,eAAe,MAAM,SAAS,MAAM;CAC1C,MAAM,QAAQ,mCAAmC,aAAa;CAC9D,MAAM,sBAAsB,mCAAmC,aAAa;AAC5E,0BAAyB,oBAAoB;AAE7C,QAAO;AACR;AAED,eAAe,SAASC,WAAyBC,SAAiC;CAChF,MAAM,WAAW,MAAM,MAAM,WAAW;EAAE;EAAS,QAAQ;CAAQ,EAAC;AACpE,MAAK,SAAS,IAAI;AAChB,QAAM,IAAI,OAAO,iCAAiC,SAAS,OAAO;CACnE;AAED,OAAM,gCAAgC,SAAS;AAE/C,QAAO;AACR;AAmDD,SAAS,cAAcC,KAAqB;CAE1C,MAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS;CAC/C,MAAM,mBAAmB,iBAAiB,UAAU;CAEpD,IAAI,aAAa;AAGjB,KAAI,WAAW,WAAW,iBAAiB,SAAS,EAAE;AACpD,UAAQ,GAAG,WAAW,MAAM,iBAAiB,SAAS,OAAO,CAAC;CAC/D;AAGD,cAAa,WAAW,WAAW,iBAAiB,IAAI,GAAG,WAAW,MAAM,iBAAiB,OAAO,CAAC,IAAI;AAEzG,QAAO;AACR;;;;;;AAOD,SAAS,uBAAuBC,IAAY;CAE1C,MAAM,MAAM,GAAG,WAAW,IAAI,GAAG,IAAI,KAAK,GAAG,GAAG,GAAG,SAAS,WAAW;AACvE,QAAO,SAAS,QAAQ,IAAI;AAC7B;;;;;;;AAQD,OAAO,eAAe,MAAMC,UAAkBC,UAAkBC,SAA8C;AAC5G,KAAI;EACF,MAAM,OAAO,IAAI;AACjB,OAAK,OAAO,YAAY,SAAS;AACjC,OAAK,OAAO,YAAY,SAAS;EAEjC,MAAM,qBAAqB,SAAS,sBAAsB;EAC1D,MAAM,UAAU,wCAAwC,SAAS;AACjE,UAAQ,SAAS;EACjB,MAAM,WAAW,MAAM,MAAM,oBAAoB;GAC/C,MAAM;GACN;GACA,QAAQ;EACT,EAAC;EAKF,MAAM,SAAS,SAAS,QAAQ,IAAI,SAAS;EAC7C,MAAM,WAAW,SAAS,QAAQ,IAAI,YAAY,IAAI;EACtD,MAAM,aAAa,SAAS,QAAQ,IAAI,cAAc,IAAI;EAC1D,MAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,MAAI,iBAAiB;GACnB,MAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,IAAI;GAE/D,MAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB,IAAI;GACvE,MAAM,kBAAkB,SAAS,QAAQ,IAAI,oBAAoB,IAAI;AACrE,OAAI,oBAAoB,iBAAiB;IACvC,MAAMC,sBAA8C,CAAE;AACtD,wBAAoB,QAAQ;AAE5B,wBAAoB,eAAe;AACnC,6BAAyB,oBAAoB;GAC9C;AAED,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GAED,MAAM,MAAM,YAAY,cAAc,SAAS;GAC/C,MAAM,SAAS,cAAc,IAAI;GACjC,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;AAEhB,UAAO;IACL;IACA,OAAO;IACP,aAAa;IACb,OAAO;GACR;EACF;AACD,SAAO;GACL,OAAO;GACP,cAAc;GACd,YAAY;EACb;CACF,SAAQC,GAAY;AACnB,MAAI,aAAa,OAAO;AACtB,UAAO;IACL,OAAO;IACP,cAAc,EAAE;IAChB,YAAY,EAAE;GACf;EACF;AAED,QAAM;CACP;AACF;;;;;AAMD,OAAO,eAAe,OAAOC,SAAwC;CAEnE,MAAM,YAAY,SAAS,aAAa;CACxC,IAAIC;AACJ,KAAI;EACF,MAAM,UAAU,wCAAwC,SAAS;AACjE,aAAW,MAAM,SAAS,WAAW,QAAQ;CAC9C,QAAO;AACN,MAAI;GACF,MAAM,kBAAkB,MAAM,MAAM,WAAW;GAC/C,MAAM,eAAe,MAAM,gBAAgB,MAAM;GACjD,MAAM,MAAM,IAAI,YAAY,gBAAgB,cAAc,YAAY;GACtE,MAAM,UAAU,wCAAwC,IAAI;AAC5D,cAAW,MAAM,SAAS,WAAW,QAAQ;EAC9C,SAAQ,OAAO;AAEd,4BAAyB;AACzB,SAAM;EACP;CACF,UAAS;AACR,gBAAc,OAAO,gBAAgB;AACrC,MAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GACD,MAAM,SAAS,cAAc,SAAS,IAAI;GAC1C,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;EACjB;CACF;AACF;;;;;;AAeD,OAAO,MAAM,yBAAoD;CAC/D,AAAiB;CAEjB,YAAYC,0BAAoD;AAC9D,OAAK,2BAA2B;CACjC;CAED,MAAM,OAAOC,SAA4BC,MAAyC;EAChF,MAAM,gBAAgB,EAAE,GAAG,QAAS;AACpC,gBAAc,UAAU,QAAQ,QAAQ,OAAO;EAC/C,MAAM,WAAW,MAAM,KAAK,QAAQ;AACpC,MAAI,SAAS,WAAW,KAAK;GAC3B,MAAM,cAAc,MAAM,KAAK,0BAA0B;AACzD,OAAI,YAAY,OAAO;AACrB,kBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,MAAM;AACxE,WAAO,KAAK,cAAc;GAC3B;EACF;AACD,SAAO;CACR;AACF","names":["body: string","springCsrfInfo: Record<string, string>","headerNameMeta: HTMLMetaElement","tokenMeta: HTMLMetaElement","response: Response","logoutUrl: URL | string","headers: Record<string, string>","url: string","to: string","username: string","password: string","options?: LoginOptions","springCsrfTokenInfo: Record<string, string>","e: unknown","options?: LogoutOptions","response: Response | undefined","onInvalidSessionCallback: OnInvalidSessionCallback","context: MiddlewareContext","next: MiddlewareNext"],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/Authentication.ts"],"sourcesContent":["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n const doc = new DOMParser().parseFromString(body, 'text/html');\n return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n Array.from(document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]')).forEach((el) =>\n el.remove(),\n );\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n clearSpringCsrfMetaTags();\n const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n headerNameMeta.name = '_csrf_header';\n headerNameMeta.content = springCsrfInfo._csrf_header;\n document.head.appendChild(headerNameMeta);\n const tokenMeta: HTMLMetaElement = document.createElement('meta');\n tokenMeta.name = '_csrf';\n tokenMeta.content = springCsrfInfo._csrf;\n document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n const responseText = await response.text();\n const token = getVaadinCsrfTokenFromResponseBody(responseText);\n const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n return token;\n}\n\nasync function doLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n const response = await fetch(logoutUrl, { headers, method: 'POST' });\n if (!response.ok) {\n throw new Error(`failed to logout with response ${response.status}`);\n }\n\n await updateCsrfTokensBasedOnResponse(response);\n\n return response;\n}\n\nexport interface LoginResult {\n error: boolean;\n token?: string;\n errorTitle?: string;\n errorMessage?: string;\n redirectUrl?: string;\n defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n /**\n * The URL for login request, defaults to `/login`.\n */\n loginProcessingUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful login. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n /**\n * The URL for logout request, defaults to `/logout`.\n */\n logoutUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful logout. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n // URL with context path\n const effectiveBaseURL = new URL('.', document.baseURI);\n const effectiveBaseURI = effectiveBaseURL.toString();\n\n let normalized = url;\n\n // Strip context path prefix\n if (normalized.startsWith(effectiveBaseURL.pathname)) {\n return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n }\n\n // Strip base URI\n normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n // Consider absolute path to be within application context\n const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n try {\n const data = new FormData();\n data.append('username', username);\n data.append('password', password);\n\n const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n headers.source = 'typescript';\n const response = await fetch(loginProcessingUrl, {\n body: data,\n headers,\n method: 'POST',\n });\n\n // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n // setting these header values based on the \"source=typescript\" header set above\n\n const result = response.headers.get('Result');\n const savedUrl = response.headers.get('Saved-url') ?? undefined;\n const defaultUrl = response.headers.get('Default-url') ?? undefined;\n const loginSuccessful = response.ok && result === 'success';\n\n if (loginSuccessful) {\n const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n if (springCsrfHeader && springCsrfToken) {\n const springCsrfTokenInfo: Record<string, string> = {};\n springCsrfTokenInfo._csrf = springCsrfToken;\n // eslint-disable-next-line camelcase\n springCsrfTokenInfo._csrf_header = springCsrfHeader;\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n }\n\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n\n const url = savedUrl ?? defaultUrl ?? document.baseURI;\n const toPath = normalizePath(url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n\n return {\n defaultUrl,\n error: false,\n redirectUrl: savedUrl,\n token: vaadinCsrfToken,\n };\n }\n return {\n error: true,\n errorMessage: 'Check that you have entered the correct username and password and try again.',\n errorTitle: 'Incorrect username or password.',\n };\n } catch (e: unknown) {\n if (e instanceof Error) {\n return {\n error: true,\n errorMessage: e.message,\n errorTitle: e.name,\n };\n }\n\n throw e;\n }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n // this assumes the default Spring Security logout configuration (handler URL)\n const logoutUrl = options?.logoutUrl ?? 'logout';\n let response: Response | undefined;\n try {\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n response = await doLogout(logoutUrl, headers);\n } catch {\n try {\n const noCacheResponse = await fetch('?nocache');\n const responseText = await noCacheResponse.text();\n const doc = new DOMParser().parseFromString(responseText, 'text/html');\n const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n response = await doLogout(logoutUrl, headers);\n } catch (error) {\n // clear the token if the call fails\n clearSpringCsrfMetaTags();\n throw error;\n }\n } finally {\n CookieManager.remove(JWT_COOKIE_NAME);\n if (response && response.ok && response.redirected) {\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n const toPath = normalizePath(response.url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n }\n }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n this.onInvalidSessionCallback = onInvalidSessionCallback;\n }\n\n async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n const clonedContext = { ...context };\n clonedContext.request = context.request.clone();\n const response = await next(context);\n if (response.status === 401) {\n const loginResult = await this.onInvalidSessionCallback();\n if (loginResult.token) {\n clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n return next(clonedContext) as Promise<Response>;\n }\n }\n return response;\n }\n}\n"],"version":3}
|
|
1
|
+
{"mappings":"AACA,OAAO,uCAAwC;AAC/C,SACE,mBACA,yCACA,4CACA,0CACsB;AAExB,MAAM,kBAAkB;AAExB,SAAS,mCAAmCA,MAAsC;CAChF,MAAM,MAAM,IAAI,YAAY,gBAAgB,MAAM,YAAY;AAC9D,QAAO,kBAAkB,IAAI;AAC9B;AAED,SAAS,0BAA0B;AACjC,OAAM,KACJ,SAAS,KAAK,iBAAiB,oFAA8E,CAC9G,CAAC,QAAQ,CAAC,OAAO,GAAG,QAAQ,CAAC;AAC/B;AAED,SAAS,yBAAyBC,gBAAwC;AACxE,0BAAyB;CACzB,MAAMC,iBAAkC,SAAS,cAAc,OAAO;AACtE,gBAAe,OAAO;AACtB,gBAAe,UAAU,eAAe;AACxC,UAAS,KAAK,YAAY,eAAe;CACzC,MAAMC,YAA6B,SAAS,cAAc,OAAO;AACjE,WAAU,OAAO;AACjB,WAAU,UAAU,eAAe;AACnC,UAAS,KAAK,YAAY,UAAU;AACrC;AAED,MAAM,qCAAqC,CAACH,SAAqC;CAC/E,MAAM,QAAQ,6EAA6E,KAAK,KAAK;AACrG,QAAO,QAAQ,MAAM,KAAK;AAC3B;AAED,eAAe,gCAAgCI,UAAiD;CAC9F,MAAM,eAAe,MAAM,SAAS,MAAM;CAC1C,MAAM,QAAQ,mCAAmC,aAAa;CAC9D,MAAM,sBAAsB,mCAAmC,aAAa;AAC5E,0BAAyB,oBAAoB;AAE7C,QAAO;AACR;AAED,eAAe,cAAcC,WAAyBC,SAAiC;CACrF,MAAM,WAAW,MAAM,MAAM,WAAW;EAAE;EAAS,QAAQ;CAAQ,EAAC;AACpE,MAAK,SAAS,IAAI;AAChB,QAAM,IAAI,OAAO,iCAAiC,SAAS,OAAO;CACnE;AAED,OAAM,gCAAgC,SAAS;AAE/C,QAAO;AACR;AAED,SAAS,aAAaC,KAAmBC,YAAoC;CAC3E,MAAM,mBAAmB,QAAQ,WAAW,MAAM,IAAI,UAAU;CAGhE,MAAM,OAAO,SAAS,cAAc,OAAO;AAC3C,MAAK,aAAa,UAAU,OAAO;AACnC,MAAK,aAAa,UAAU,UAAU;AACtC,MAAK,MAAM,UAAU;AAGrB,MAAK,MAAM,CAAC,MAAM,MAAM,IAAI,OAAO,QAAQ,WAAW,EAAE;EACtD,MAAM,QAAQ,SAAS,cAAc,QAAQ;AAC7C,QAAM,aAAa,QAAQ,SAAS;AACpC,QAAM,aAAa,QAAQ,KAAK;AAChC,QAAM,aAAa,SAAS,MAAM;AAElC,OAAK,YAAY,MAAM;CACxB;AAGD,UAAS,KAAK,YAAY,KAAK;AAC/B,MAAK,QAAQ;AACd;AAED,eAAe,SAASC,KAAeC,SAA4C;CAGjF,MAAM,0BAA0B,SAAS,aAAa,SAAS;CAE/D,MAAM,YAAY,SAAS,aAAa;AACxC,KAAI,wBAAwB;EAC1B,MAAM,aAAa,2CAA2C,IAAI;AAClE,eAAa,WAAW,WAAW;AACnC,SAAO,IAAI,SAAS,WAAW;GAAE,QAAQ;GAAK,YAAY;EAAM;CACjE;CACD,MAAM,UAAU,wCAAwC,IAAI;AAC5D,QAAO,MAAM,cAAc,WAAW,QAAQ;AAC/C;AAmDD,SAAS,cAAcC,KAAqB;CAE1C,MAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS;CAC/C,MAAM,mBAAmB,iBAAiB,UAAU;CAEpD,IAAI,aAAa;AAGjB,KAAI,WAAW,WAAW,iBAAiB,SAAS,EAAE;AACpD,UAAQ,GAAG,WAAW,MAAM,iBAAiB,SAAS,OAAO,CAAC;CAC/D;AAGD,cAAa,WAAW,WAAW,iBAAiB,IAAI,GAAG,WAAW,MAAM,iBAAiB,OAAO,CAAC,IAAI;AAEzG,QAAO;AACR;;;;;;AAOD,SAAS,uBAAuBC,IAAY;CAE1C,MAAM,MAAM,GAAG,WAAW,IAAI,GAAG,IAAI,KAAK,GAAG,GAAG,GAAG,SAAS,WAAW;AACvE,QAAO,SAAS,QAAQ,IAAI;AAC7B;;;;;;;AAQD,OAAO,eAAe,MAAMC,UAAkBC,UAAkBC,SAA8C;AAC5G,KAAI;EACF,MAAM,OAAO,IAAI;AACjB,OAAK,OAAO,YAAY,SAAS;AACjC,OAAK,OAAO,YAAY,SAAS;EAEjC,MAAM,qBAAqB,SAAS,sBAAsB;EAC1D,MAAM,UAAU,wCAAwC,SAAS;AACjE,UAAQ,SAAS;EACjB,MAAM,WAAW,MAAM,MAAM,oBAAoB;GAC/C,MAAM;GACN;GACA,QAAQ;EACT,EAAC;EAKF,MAAM,SAAS,SAAS,QAAQ,IAAI,SAAS;EAC7C,MAAM,WAAW,SAAS,QAAQ,IAAI,YAAY,IAAI;EACtD,MAAM,aAAa,SAAS,QAAQ,IAAI,cAAc,IAAI;EAC1D,MAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,MAAI,iBAAiB;GACnB,MAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,IAAI;GAE/D,MAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB,IAAI;GACvE,MAAM,kBAAkB,SAAS,QAAQ,IAAI,oBAAoB,IAAI;AACrE,OAAI,oBAAoB,iBAAiB;IACvC,MAAMC,sBAA8C,CAAE;AACtD,wBAAoB,QAAQ;AAE5B,wBAAoB,eAAe;AACnC,6BAAyB,oBAAoB;GAC9C;AAED,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GAED,MAAM,MAAM,YAAY,cAAc,SAAS;GAC/C,MAAM,SAAS,cAAc,IAAI;GACjC,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;AAEhB,UAAO;IACL;IACA,OAAO;IACP,aAAa;IACb,OAAO;GACR;EACF;AACD,SAAO;GACL,OAAO;GACP,cAAc;GACd,YAAY;EACb;CACF,SAAQC,GAAY;AACnB,MAAI,aAAa,OAAO;AACtB,UAAO;IACL,OAAO;IACP,cAAc,EAAE;IAChB,YAAY,EAAE;GACf;EACF;AAED,QAAM;CACP;AACF;;;;;AAMD,OAAO,eAAe,OAAOP,SAAwC;CACnE,IAAIQ;AACJ,KAAI;AACF,aAAW,MAAM,SAAS,UAAU,QAAQ;CAC7C,QAAO;AACN,MAAI;GACF,MAAM,kBAAkB,MAAM,MAAM,WAAW;GAC/C,MAAM,eAAe,MAAM,gBAAgB,MAAM;GACjD,MAAM,MAAM,IAAI,YAAY,gBAAgB,cAAc,YAAY;AACtE,cAAW,MAAM,SAAS,KAAK,QAAQ;EACxC,SAAQ,OAAO;AAEd,4BAAyB;AACzB,SAAM;EACP;CACF,UAAS;AACR,gBAAc,OAAO,gBAAgB;AACrC,MAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GACD,MAAM,SAAS,cAAc,SAAS,IAAI;GAC1C,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;EACjB;CACF;AACF;;;;;;AAeD,OAAO,MAAM,yBAAoD;CAC/D,AAAiB;CAEjB,YAAYC,0BAAoD;AAC9D,OAAK,2BAA2B;CACjC;CAED,MAAM,OAAOC,SAA4BC,MAAyC;EAChF,MAAM,gBAAgB,EAAE,GAAG,QAAS;AACpC,gBAAc,UAAU,QAAQ,QAAQ,OAAO;EAC/C,MAAM,WAAW,MAAM,KAAK,QAAQ;AACpC,MAAI,SAAS,WAAW,KAAK;GAC3B,MAAM,cAAc,MAAM,KAAK,0BAA0B;AACzD,OAAI,YAAY,OAAO;AACrB,kBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,MAAM;AACxE,WAAO,KAAK,cAAc;GAC3B;EACF;AACD,SAAO;CACR;AACF","names":["body: string","springCsrfInfo: Record<string, string>","headerNameMeta: HTMLMetaElement","tokenMeta: HTMLMetaElement","response: Response","logoutUrl: URL | string","headers: Record<string, string>","url: URL | string","parameters: Record<string, string>","doc: Document","options?: LogoutOptions","url: string","to: string","username: string","password: string","options?: LoginOptions","springCsrfTokenInfo: Record<string, string>","e: unknown","response: Response | undefined","onInvalidSessionCallback: OnInvalidSessionCallback","context: MiddlewareContext","next: MiddlewareNext"],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/Authentication.ts"],"sourcesContent":["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport {\n getSpringCsrfInfo,\n getSpringCsrfTokenHeadersForAuthRequest,\n getSpringCsrfTokenParametersForAuthRequest,\n VAADIN_CSRF_HEADER,\n} from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n const doc = new DOMParser().parseFromString(body, 'text/html');\n return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n Array.from(\n document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"], meta[name=\"_csrf_parameter\"]'),\n ).forEach((el) => el.remove());\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n clearSpringCsrfMetaTags();\n const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n headerNameMeta.name = '_csrf_header';\n headerNameMeta.content = springCsrfInfo._csrf_header;\n document.head.appendChild(headerNameMeta);\n const tokenMeta: HTMLMetaElement = document.createElement('meta');\n tokenMeta.name = '_csrf';\n tokenMeta.content = springCsrfInfo._csrf;\n document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n const responseText = await response.text();\n const token = getVaadinCsrfTokenFromResponseBody(responseText);\n const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n return token;\n}\n\nasync function doFetchLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n const response = await fetch(logoutUrl, { headers, method: 'POST' });\n if (!response.ok) {\n throw new Error(`failed to logout with response ${response.status}`);\n }\n\n await updateCsrfTokensBasedOnResponse(response);\n\n return response;\n}\n\nfunction doFormLogout(url: URL | string, parameters: Record<string, string>) {\n const logoutUrl = typeof url === 'string' ? url : url.toString();\n\n // Create form to send POST request\n const form = document.createElement('form');\n form.setAttribute('method', 'POST');\n form.setAttribute('action', logoutUrl);\n form.style.display = 'none';\n\n // Add data to form as hidden input fields\n for (const [name, value] of Object.entries(parameters)) {\n const input = document.createElement('input');\n input.setAttribute('type', 'hidden');\n input.setAttribute('name', name);\n input.setAttribute('value', value);\n\n form.appendChild(input);\n }\n\n // Append form to page and submit it to perform logout and redirect\n document.body.appendChild(form);\n form.submit();\n}\n\nasync function doLogout(doc: Document, options?: LogoutOptions): Promise<Response> {\n // performing fetch logout only makes sense if at least one of the 'navigate'\n // or 'onSuccess' is defined, otherwise we can just do a form logout:\n const shouldSubmitFormLogout = !options?.navigate && !options?.onSuccess;\n // this assumes the default Spring Security logout configuration (handler URL)\n const logoutUrl = options?.logoutUrl ?? 'logout';\n if (shouldSubmitFormLogout) {\n const parameters = getSpringCsrfTokenParametersForAuthRequest(doc);\n doFormLogout(logoutUrl, parameters);\n return new Response(undefined, { status: 200, statusText: 'OK' } as ResponseInit);\n }\n const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n return await doFetchLogout(logoutUrl, headers);\n}\n\nexport interface LoginResult {\n error: boolean;\n token?: string;\n errorTitle?: string;\n errorMessage?: string;\n redirectUrl?: string;\n defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n /**\n * The URL for login request, defaults to `/login`.\n */\n loginProcessingUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful login. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n /**\n * The URL for logout request, defaults to `/logout`.\n */\n logoutUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful logout. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n // URL with context path\n const effectiveBaseURL = new URL('.', document.baseURI);\n const effectiveBaseURI = effectiveBaseURL.toString();\n\n let normalized = url;\n\n // Strip context path prefix\n if (normalized.startsWith(effectiveBaseURL.pathname)) {\n return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n }\n\n // Strip base URI\n normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n // Consider absolute path to be within application context\n const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n try {\n const data = new FormData();\n data.append('username', username);\n data.append('password', password);\n\n const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n headers.source = 'typescript';\n const response = await fetch(loginProcessingUrl, {\n body: data,\n headers,\n method: 'POST',\n });\n\n // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n // setting these header values based on the \"source=typescript\" header set above\n\n const result = response.headers.get('Result');\n const savedUrl = response.headers.get('Saved-url') ?? undefined;\n const defaultUrl = response.headers.get('Default-url') ?? undefined;\n const loginSuccessful = response.ok && result === 'success';\n\n if (loginSuccessful) {\n const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n if (springCsrfHeader && springCsrfToken) {\n const springCsrfTokenInfo: Record<string, string> = {};\n springCsrfTokenInfo._csrf = springCsrfToken;\n // eslint-disable-next-line camelcase\n springCsrfTokenInfo._csrf_header = springCsrfHeader;\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n }\n\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n\n const url = savedUrl ?? defaultUrl ?? document.baseURI;\n const toPath = normalizePath(url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n\n return {\n defaultUrl,\n error: false,\n redirectUrl: savedUrl,\n token: vaadinCsrfToken,\n };\n }\n return {\n error: true,\n errorMessage: 'Check that you have entered the correct username and password and try again.',\n errorTitle: 'Incorrect username or password.',\n };\n } catch (e: unknown) {\n if (e instanceof Error) {\n return {\n error: true,\n errorMessage: e.message,\n errorTitle: e.name,\n };\n }\n\n throw e;\n }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n let response: Response | undefined;\n try {\n response = await doLogout(document, options);\n } catch {\n try {\n const noCacheResponse = await fetch('?nocache');\n const responseText = await noCacheResponse.text();\n const doc = new DOMParser().parseFromString(responseText, 'text/html');\n response = await doLogout(doc, options);\n } catch (error) {\n // clear the token if the call fails\n clearSpringCsrfMetaTags();\n throw error;\n }\n } finally {\n CookieManager.remove(JWT_COOKIE_NAME);\n if (response && response.ok && response.redirected) {\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n const toPath = normalizePath(response.url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n }\n }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n this.onInvalidSessionCallback = onInvalidSessionCallback;\n }\n\n async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n const clonedContext = { ...context };\n clonedContext.request = context.request.clone();\n const response = await next(context);\n if (response.status === 401) {\n const loginResult = await this.onInvalidSessionCallback();\n if (loginResult.token) {\n clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n return next(clonedContext) as Promise<Response>;\n }\n }\n return response;\n }\n}\n"],"version":3}
|
package/CsrfUtils.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export
|
|
1
|
+
export declare function getSpringCsrfInfo(doc: Document): Record<string, string>;
|
package/CsrfUtils.js
CHANGED
|
@@ -5,7 +5,8 @@ export const VAADIN_CSRF_HEADER = "X-CSRF-Token";
|
|
|
5
5
|
export const VAADIN_CSRF_COOKIE_NAME = "csrfToken";
|
|
6
6
|
/** @internal */
|
|
7
7
|
export const SPRING_CSRF_COOKIE_NAME = "XSRF-TOKEN";
|
|
8
|
-
function extractContentFromMetaTag(
|
|
8
|
+
function extractContentFromMetaTag(doc, metaTag) {
|
|
9
|
+
const element = doc.head.querySelector(`meta[name="${metaTag}"]`);
|
|
9
10
|
if (element) {
|
|
10
11
|
const value = element.content;
|
|
11
12
|
if (value && value.toLowerCase() !== "undefined") {
|
|
@@ -14,27 +15,20 @@ function extractContentFromMetaTag(element) {
|
|
|
14
15
|
}
|
|
15
16
|
return undefined;
|
|
16
17
|
}
|
|
17
|
-
/** @internal */
|
|
18
|
-
function getSpringCsrfHeaderFromMetaTag(doc) {
|
|
19
|
-
const csrfHeader = doc.head.querySelector("meta[name=\"_csrf_header\"]");
|
|
20
|
-
return extractContentFromMetaTag(csrfHeader);
|
|
21
|
-
}
|
|
22
|
-
/** @internal */
|
|
23
|
-
function getSpringCsrfTokenFromMetaTag(doc) {
|
|
24
|
-
const csrfToken = doc.head.querySelector("meta[name=\"_csrf\"]");
|
|
25
|
-
return extractContentFromMetaTag(csrfToken);
|
|
26
|
-
}
|
|
27
|
-
/** @internal */
|
|
28
18
|
export function getSpringCsrfInfo(doc) {
|
|
29
|
-
const csrfHeader = getSpringCsrfHeaderFromMetaTag(doc);
|
|
30
19
|
let csrf = CookieManager.get(SPRING_CSRF_COOKIE_NAME);
|
|
31
20
|
if (!csrf || csrf.length === 0) {
|
|
32
|
-
csrf =
|
|
21
|
+
csrf = extractContentFromMetaTag(doc, "_csrf");
|
|
33
22
|
}
|
|
23
|
+
const csrfHeader = extractContentFromMetaTag(doc, "_csrf_header");
|
|
34
24
|
const headers = {};
|
|
35
25
|
if (csrf && csrfHeader) {
|
|
36
26
|
headers._csrf = csrf;
|
|
37
27
|
headers._csrf_header = csrfHeader;
|
|
28
|
+
const csrfParameter = extractContentFromMetaTag(doc, "_csrf_parameter");
|
|
29
|
+
if (csrfParameter) {
|
|
30
|
+
headers._csrf_parameter = csrfParameter;
|
|
31
|
+
}
|
|
38
32
|
}
|
|
39
33
|
return headers;
|
|
40
34
|
}
|
|
@@ -58,4 +52,13 @@ export function getCsrfTokenHeadersForEndpointRequest(doc) {
|
|
|
58
52
|
}
|
|
59
53
|
return headers;
|
|
60
54
|
}
|
|
55
|
+
/** @internal */
|
|
56
|
+
export function getSpringCsrfTokenParametersForAuthRequest(doc) {
|
|
57
|
+
const csrfInfo = getSpringCsrfInfo(doc);
|
|
58
|
+
const parameters = {};
|
|
59
|
+
if (csrfInfo._csrf && csrfInfo._csrf_parameter) {
|
|
60
|
+
parameters[csrfInfo._csrf_parameter] = csrfInfo._csrf;
|
|
61
|
+
}
|
|
62
|
+
return parameters;
|
|
63
|
+
}
|
|
61
64
|
//# sourceMappingURL=./CsrfUtils.js.map
|
package/CsrfUtils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"mappings":"AAAA,OAAO,uCAAwC;;AAG/C,OAAO,MAAM,qBAAqB;;AAElC,OAAO,MAAM,0BAA0B;;AAEvC,OAAO,MAAM,0BAA0B;AAEvC,SAAS,0BAA0BA,
|
|
1
|
+
{"mappings":"AAAA,OAAO,uCAAwC;;AAG/C,OAAO,MAAM,qBAAqB;;AAElC,OAAO,MAAM,0BAA0B;;AAEvC,OAAO,MAAM,0BAA0B;AAEvC,SAAS,0BAA0BA,KAAeC,SAAqC;CACrF,MAAM,UAAU,IAAI,KAAK,eAAgC,aAAa,QAAQ,IAAI;AAClF,KAAI,SAAS;EACX,MAAM,QAAQ,QAAQ;AACtB,MAAI,SAAS,MAAM,aAAa,KAAK,aAAa;AAChD,UAAO;EACR;CACF;AACD,QAAO;AACR;AAED,OAAO,SAAS,kBAAkBD,KAAuC;CACvE,IAAI,OAAO,cAAc,IAAI,wBAAwB;AACrD,MAAK,QAAQ,KAAK,WAAW,GAAG;AAC9B,SAAO,0BAA0B,KAAK,QAAQ;CAC/C;CACD,MAAM,aAAa,0BAA0B,KAAK,eAAe;CAEjE,MAAME,UAAkC,CAAE;AAC1C,KAAI,QAAQ,YAAY;AACtB,UAAQ,QAAQ;AAEhB,UAAQ,eAAe;EAEvB,MAAM,gBAAgB,0BAA0B,KAAK,kBAAkB;AACvE,MAAI,eAAe;AAEjB,WAAQ,kBAAkB;EAC3B;CACF;AACD,QAAO;AACR;;AAGD,OAAO,SAAS,wCAAwCF,KAAuC;CAC7F,MAAM,WAAW,kBAAkB,IAAI;CACvC,MAAME,UAAkC,CAAE;AAC1C,KAAI,SAAS,SAAS,SAAS,cAAc;AAC3C,UAAQ,SAAS,gBAAgB,SAAS;CAC3C;AACD,QAAO;AACR;;AAGD,OAAO,SAAS,sCAAsCF,KAAuC;CAC3F,MAAME,UAAkC,CAAE;CAE1C,MAAM,WAAW,kBAAkB,IAAI;AACvC,KAAI,SAAS,SAAS,SAAS,cAAc;AAC3C,UAAQ,SAAS,gBAAgB,SAAS;CAC3C,OAAM;AACL,UAAQ,sBAAsB,cAAc,IAAI,wBAAwB,IAAI;CAC7E;AAED,QAAO;AACR;;AAGD,OAAO,SAAS,2CAA2CF,KAAuC;CAChG,MAAM,WAAW,kBAAkB,IAAI;CACvC,MAAMG,aAAqC,CAAE;AAC7C,KAAI,SAAS,SAAS,SAAS,iBAAiB;AAC9C,aAAW,SAAS,mBAAmB,SAAS;CACjD;AACD,QAAO;AACR","names":["doc: Document","metaTag: string","headers: Record<string, string>","parameters: Record<string, string>"],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/CsrfUtils.ts"],"sourcesContent":["import CookieManager from './CookieManager.js';\n\n/** @internal */\nexport const VAADIN_CSRF_HEADER = 'X-CSRF-Token';\n/** @internal */\nexport const VAADIN_CSRF_COOKIE_NAME = 'csrfToken';\n/** @internal */\nexport const SPRING_CSRF_COOKIE_NAME = 'XSRF-TOKEN';\n\nfunction extractContentFromMetaTag(doc: Document, metaTag: string): string | undefined {\n const element = doc.head.querySelector<HTMLMetaElement>(`meta[name=\"${metaTag}\"]`);\n if (element) {\n const value = element.content;\n if (value && value.toLowerCase() !== 'undefined') {\n return value;\n }\n }\n return undefined;\n}\n\nexport function getSpringCsrfInfo(doc: Document): Record<string, string> {\n let csrf = CookieManager.get(SPRING_CSRF_COOKIE_NAME);\n if (!csrf || csrf.length === 0) {\n csrf = extractContentFromMetaTag(doc, '_csrf');\n }\n const csrfHeader = extractContentFromMetaTag(doc, '_csrf_header');\n\n const headers: Record<string, string> = {};\n if (csrf && csrfHeader) {\n headers._csrf = csrf;\n // eslint-disable-next-line camelcase\n headers._csrf_header = csrfHeader;\n\n const csrfParameter = extractContentFromMetaTag(doc, '_csrf_parameter');\n if (csrfParameter) {\n // eslint-disable-next-line camelcase\n headers._csrf_parameter = csrfParameter;\n }\n }\n return headers;\n}\n\n/** @internal */\nexport function getSpringCsrfTokenHeadersForAuthRequest(doc: Document): Record<string, string> {\n const csrfInfo = getSpringCsrfInfo(doc);\n const headers: Record<string, string> = {};\n if (csrfInfo._csrf && csrfInfo._csrf_header) {\n headers[csrfInfo._csrf_header] = csrfInfo._csrf;\n }\n return headers;\n}\n\n/** @internal */\nexport function getCsrfTokenHeadersForEndpointRequest(doc: Document): Record<string, string> {\n const headers: Record<string, string> = {};\n\n const csrfInfo = getSpringCsrfInfo(doc);\n if (csrfInfo._csrf && csrfInfo._csrf_header) {\n headers[csrfInfo._csrf_header] = csrfInfo._csrf;\n } else {\n headers[VAADIN_CSRF_HEADER] = CookieManager.get(VAADIN_CSRF_COOKIE_NAME) ?? '';\n }\n\n return headers;\n}\n\n/** @internal */\nexport function getSpringCsrfTokenParametersForAuthRequest(doc: Document): Record<string, string> {\n const csrfInfo = getSpringCsrfInfo(doc);\n const parameters: Record<string, string> = {};\n if (csrfInfo._csrf && csrfInfo._csrf_parameter) {\n parameters[csrfInfo._csrf_parameter] = csrfInfo._csrf;\n }\n return parameters;\n}\n"],"version":3}
|
package/index.js
CHANGED
|
@@ -6,7 +6,7 @@ export { ActionOnLostSubscription, FluxConnection, State } from "./FluxConnectio
|
|
|
6
6
|
vaadinObj.registrations ??= [];
|
|
7
7
|
vaadinObj.registrations.push({
|
|
8
8
|
is: feature ? `@vaadin/hilla-frontend/${feature}` : "@vaadin/hilla-frontend",
|
|
9
|
-
version: "24.8.0-
|
|
9
|
+
version: "24.8.0-alpha7"
|
|
10
10
|
});
|
|
11
11
|
})();
|
|
12
12
|
//# sourceMappingURL=./index.js.map
|
package/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"mappings":"AAAA;AACA;AACA;AACA,SAAS,0BAA0B,gBAAgB;AAInD,CAAC,CAAC,SAAS,YAAa,OAAO,WAAW,CAAE,MAAM;AAChD,WAAU,kBAAkB,CAAE;AAC9B,WAAU,cAAc,KAAK;EAC3B,IAAI,WAAW,yBAAyB,QAAQ,IAAI;EACpD,SAAS;CACV,EAAC;AACH,IAAG","names":[],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/index.ts"],"sourcesContent":["export * from './Authentication.js';\nexport * from './Connect.js';\nexport * from './EndpointErrors.js';\nexport { ActionOnLostSubscription, FluxConnection, State } from './FluxConnection.js';\n\n// @ts-expect-error: esbuild injection\n// eslint-disable-next-line @typescript-eslint/no-unsafe-call\n((feature, vaadinObj = (window.Vaadin ??= {})) => {\n vaadinObj.registrations ??= [];\n vaadinObj.registrations.push({\n is: feature ? `@vaadin/hilla-frontend/${feature}` : '@vaadin/hilla-frontend',\n version: '24.8.0-
|
|
1
|
+
{"mappings":"AAAA;AACA;AACA;AACA,SAAS,0BAA0B,gBAAgB;AAInD,CAAC,CAAC,SAAS,YAAa,OAAO,WAAW,CAAE,MAAM;AAChD,WAAU,kBAAkB,CAAE;AAC9B,WAAU,cAAc,KAAK;EAC3B,IAAI,WAAW,yBAAyB,QAAQ,IAAI;EACpD,SAAS;CACV,EAAC;AACH,IAAG","names":[],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/index.ts"],"sourcesContent":["export * from './Authentication.js';\nexport * from './Connect.js';\nexport * from './EndpointErrors.js';\nexport { ActionOnLostSubscription, FluxConnection, State } from './FluxConnection.js';\n\n// @ts-expect-error: esbuild injection\n// eslint-disable-next-line @typescript-eslint/no-unsafe-call\n((feature, vaadinObj = (window.Vaadin ??= {})) => {\n vaadinObj.registrations ??= [];\n vaadinObj.registrations.push({\n is: feature ? `@vaadin/hilla-frontend/${feature}` : '@vaadin/hilla-frontend',\n version: '24.8.0-alpha7',\n });\n})();\n"],"version":3}
|