chore: attach csrf header to write-based ui service functions

finos · Apr 18, 2024 · 9de9012 · 9de9012
1 parent d6d2c91
commit 9de9012
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 27 deletions.
diff --git a/src/ui/services/git-push.js b/src/ui/services/git-push.js
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import { getCookie } from '../utils.jsx';
 
 const baseUrl = import.meta.env.VITE_API_URI
   ? `${import.meta.env.VITE_API_URI}/api/v1`
@@ -84,7 +85,7 @@ const authorisePush = async (id, setMessage, setUserAllowedToApprove, attestatio
           attestation,
         },
       },
-      { withCredentials: true },
+      { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } },
     )
     .catch((error) => {
       if (error.response && error.response.status === 401) {
@@ -100,25 +101,29 @@ const rejectPush = async (id, setMessage, setUserAllowedToReject) => {
   const url = `${baseUrl}/push/${id}/reject`;
   let errorMsg = '';
   let isUserAllowedToReject = true;
-  await axios.post(url, {}, { withCredentials: true }).catch((error) => {
-    if (error.response && error.response.status === 401) {
-      errorMsg = 'You are not authorised to reject...';
-      isUserAllowedToReject = false;
-    }
-  });
+  await axios
+    .post(url, {}, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
+    .catch((error) => {
+      if (error.response && error.response.status === 401) {
+        errorMsg = 'You are not authorised to reject...';
+        isUserAllowedToReject = false;
+      }
+    });
   await setMessage(errorMsg);
   await setUserAllowedToReject(isUserAllowedToReject);
 };
 
 const cancelPush = async (id, setAuth, setIsError) => {
   const url = `${baseUrl}/push/${id}/cancel`;
-  await axios.post(url, {}, { withCredentials: true }).catch((error) => {
-    if (error.response && error.response.status === 401) {
-      setAuth(false);
-    } else {
-      setIsError(true);
-    }
-  });
+  await axios
+    .post(url, {}, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
+    .catch((error) => {
+      if (error.response && error.response.status === 401) {
+        setAuth(false);
+      } else {
+        setIsError(true);
+      }
+    });
 };
 
 export { getPush, getPushes, authorisePush, rejectPush, cancelPush, getUser };
diff --git a/src/ui/services/repo.js b/src/ui/services/repo.js
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import { getCookie } from '../utils.jsx';
 
 const baseUrl = import.meta.env.VITE_API_URI
   ? `${import.meta.env.VITE_API_URI}/api/v1`
@@ -76,7 +77,7 @@ const getRepo = async (setIsLoading, setData, setAuth, setIsError, id) => {
 const addRepo = async (onClose, setError, data) => {
   const url = new URL(`${baseUrl}/repo`);
   axios
-    .post(url, data, { withCredentials: true })
+    .post(url, data, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
     .then(() => {
       onClose();
     })
@@ -91,10 +92,12 @@ const addUser = async (repoName, user, action) => {
   if (canAdd) {
     const url = new URL(`${baseUrl}/repo/${repoName}/user/${action}`);
     const data = { username: user };
-    await axios.patch(url, data, { withCredentials: true }).catch((error) => {
-      console.log(error.response.data.message);
-      throw error;
-    });
+    await axios
+      .patch(url, data, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
+      .catch((error) => {
+        console.log(error.response.data.message);
+        throw error;
+      });
   } else {
     console.log('Duplicate user can not be added');
     throw new DupUserValidationError();
@@ -104,10 +107,12 @@ const addUser = async (repoName, user, action) => {
 const deleteUser = async (user, repoName, action) => {
   const url = new URL(`${baseUrl}/repo/${repoName}/user/${action}/${user}`);
 
-  await axios.delete(url, { withCredentials: true }).catch((error) => {
-    console.log(error.response.data.message);
-    throw error;
-  });
+  await axios
+    .delete(url, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
+    .catch((error) => {
+      console.log(error.response.data.message);
+      throw error;
+    });
 };
 
 const deleteRepo = async (repoName) => {

diff --git a/src/ui/services/user.js b/src/ui/services/user.js
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import { getCookie } from '../utils.jsx';
 
 const baseUrl = import.meta.env.VITE_API_URI
   ? `${import.meta.env.VITE_API_URI}`
@@ -67,10 +68,12 @@ const getUsers = async (setIsLoading, setData, setAuth, setIsError, query = {})
 const updateUser = async (data) => {
   console.log(data);
   const url = new URL(`${baseUrl}/api/auth/gitAccount`);
-  await axios.post(url, data, { withCredentials: true }).catch((error) => {
-    console.log(error.response.data.message);
-    throw error;
-  });
+  await axios
+    .post(url, data, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
+    .catch((error) => {
+      console.log(error.response.data.message);
+      throw error;
+    });
 };
 
 const getUserLoggedIn = async (setIsLoading, setIsAdmin, setIsError, setAuth) => {