Use accessTokens instead of username/password

author: Johannes Zellner <johannes@cloudron.io> 2017-02-09 12:40:40 +0100
committer: Johannes Zellner <johannes@cloudron.io> 2017-02-09 12:40:40 +0100
commit: 4a27fce742a75881cd84607f4237624d8c0a0a22 (patch)
tree: 231baf61d87005c807803b37aed57147630a0501 /frontend
parent: 3422a21b8eb26682772867e1fd997ef806229459 (diff)
download: Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.gz
Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.zst
Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.zip
1 files changed, 37 insertions, 20 deletions
diff --git a/frontend/js/app.js b/frontend/js/app.js
index 33346aa..b07560a 100644
--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -1,37 +1,54 @@
 (function () {
 'use strict';
+function getProfile(accessToken, callback) {
+    callback = callback || function (error) { if (error) console.error(error); };
+    superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {
+        app.busy = false;
+        if (error && !error.response) return callback(error);
+        if (result.statusCode !== 200) {
+            delete localStorage.accessToken;
+            return callback('Invalid access token');
+        }
+        localStorage.accessToken = accessToken;
+        app.session.username = result.body.username;
+        app.session.valid = true;
+        callback();
+    });
+}
 function login(username, password) {
    username = username || app.loginData.username;
    password = password || app.loginData.password;
    app.busy = true;
-    superagent.get('/api/files/').query({ username: username, password: password }).end(function (error, result) {
+    superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) {
        app.busy = false;
        if (error) return console.error(error);
        if (result.statusCode === 401) return console.error('Invalid credentials');
-        app.session.valid = true;
+        getProfile(result.body.accessToken, function (error) {
-        app.session.username = username;
+            if (error) return console.error(error);
-        app.session.password = password;
-        // clearly not the best option
-        localStorage.username = username;
-        localStorage.password = password;
-        loadDirectory(window.location.hash.slice(1));
+            loadDirectory(window.location.hash.slice(1));
+        });
    });
 }
 function logout() {
-    app.session.valid = false;
+    superagent.post('/api/logout').query({ access_token: localStorage.accessToken }).end(function (error) {
-    app.session.username = null;
+        if (error) console.error(error);
-    app.session.password = null;
+        app.session.valid = false;
-    delete localStorage.username;
+        delete localStorage.accessToken;
-    delete localStorage.password;
+    });
 }
 function sanitize(filePath) {
@@ -77,7 +94,7 @@ function loadDirectory(filePath) {
    filePath = filePath ? sanitize(filePath) : '/';
-    superagent.get('/api/files/' + encode(filePath)).query({ username: app.session.username, password: app.session.password }).end(function (error, result) {
+    superagent.get('/api/files/' + encode(filePath)).query({ access_token: localStorage.accessToken }).end(function (error, result) {
        app.busy = false;
        if (result && result.statusCode === 401) return logout();
@@ -138,7 +155,7 @@ function uploadFiles(files) {
        var formData = new FormData();
        formData.append('file', file);
-        superagent.post('/api/files' + path).query({ username: app.session.username, password: app.session.password }).send(formData).end(function (error, result) {
+        superagent.post('/api/files' + path).query({ access_token: localStorage.accessToken }).send(formData).end(function (error, result) {
            if (result && result.statusCode === 401) return logout();
            if (result && result.statusCode !== 201) console.error('Error uploading file: ', result.statusCode);
            if (error) console.error(error);
@@ -189,7 +206,7 @@ function del(entry) {
    var path = encode(sanitize(app.path + '/' + entry.filePath));
-    superagent.del('/api/files' + path).query({ username: app.session.username, password: app.session.password, recursive: true }).end(function (error, result) {
+    superagent.del('/api/files' + path).query({ access_token: localStorage.accessToken, recursive: true }).end(function (error, result) {
        app.busy = false;
        if (result && result.statusCode === 401) return logout();
@@ -216,7 +233,7 @@ function rename(data) {
    var path = encode(sanitize(app.path + '/' + data.entry.filePath));
    var newFilePath = sanitize(app.path + '/' + data.newFilePath);
-    superagent.put('/api/files' + path).query({ username: app.session.username, password: app.session.password }).send({ newFilePath: newFilePath }).end(function (error, result) {
+    superagent.put('/api/files' + path).query({ access_token: localStorage.accessToken }).send({ newFilePath: newFilePath }).end(function (error, result) {
        app.busy = false;
        if (result && result.statusCode === 401) return logout();
@@ -241,7 +258,7 @@ function createDirectory(name) {
    var path = encode(sanitize(app.path + '/' + name));
-    superagent.post('/api/files' + path).query({ username: app.session.username, password: app.session.password, directory: true }).end(function (error, result) {
+    superagent.post('/api/files' + path).query({ access_token: localStorage.accessToken, directory: true }).end(function (error, result) {
        app.busy = false;
        if (result && result.statusCode === 401) return logout();
@@ -327,7 +344,7 @@ var app = new Vue({
 window.app = app;
-login(localStorage.username, localStorage.password);
+getProfile(localStorage.accessToken);
 $(window).on('hashchange', function () {
    loadDirectory(window.location.hash.slice(1));
author	Johannes Zellner <johannes@cloudron.io>	2017-02-09 12:40:40 +0100
committer	Johannes Zellner <johannes@cloudron.io>	2017-02-09 12:40:40 +0100
commit	4a27fce742a75881cd84607f4237624d8c0a0a22 (patch)
tree	231baf61d87005c807803b37aed57147630a0501 /frontend
parent	3422a21b8eb26682772867e1fd997ef806229459 (diff)
download	Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.gz Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.zst Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.zip

diff --git a/frontend/js/app.js b/frontend/js/app.js index 33346aa..b07560a 100644 --- a/frontend/js/app.js +++ b/frontend/js/app.js
@@ -1,37 +1,54 @@
1	(function () {	1	(function () {
2	'use strict';	2	'use strict';
3		3
		4	function getProfile(accessToken, callback) {
		5	callback = callback \|\| function (error) { if (error) console.error(error); };
		6
		7	superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {
		8	app.busy = false;
		9
		10	if (error && !error.response) return callback(error);
		11	if (result.statusCode !== 200) {
		12	delete localStorage.accessToken;
		13	return callback('Invalid access token');
		14	}
		15
		16	localStorage.accessToken = accessToken;
		17	app.session.username = result.body.username;
		18	app.session.valid = true;
		19
		20	callback();
		21	});
		22	}
		23
4	function login(username, password) {	24	function login(username, password) {
5	username = username \|\| app.loginData.username;	25	username = username \|\| app.loginData.username;
6	password = password \|\| app.loginData.password;	26	password = password \|\| app.loginData.password;
7		27
8	app.busy = true;	28	app.busy = true;
9		29
10	superagent.get('/api/files/').query({ username: username, password: password }).end(function (error, result) {	30	superagent.post('/api/login').query({ username: username, password: password }).end(function (error, result) {
11	app.busy = false;	31	app.busy = false;
12		32
13	if (error) return console.error(error);	33	if (error) return console.error(error);
14	if (result.statusCode === 401) return console.error('Invalid credentials');	34	if (result.statusCode === 401) return console.error('Invalid credentials');
15		35
16	app.session.valid = true;	36	getProfile(result.body.accessToken, function (error) {
17	app.session.username = username;	37	if (error) return console.error(error);
18	app.session.password = password;
19
20	// clearly not the best option
21	localStorage.username = username;
22	localStorage.password = password;
23		38
24	loadDirectory(window.location.hash.slice(1));	39	loadDirectory(window.location.hash.slice(1));
		40	});
25	});	41	});
26	}	42	}
27		43
28	function logout() {	44	function logout() {
29	app.session.valid = false;	45	superagent.post('/api/logout').query({ access_token: localStorage.accessToken }).end(function (error) {
30	app.session.username = null;	46	if (error) console.error(error);
31	app.session.password = null;	47
		48	app.session.valid = false;
32		49
33	delete localStorage.username;	50	delete localStorage.accessToken;
34	delete localStorage.password;	51	});
35	}	52	}
36		53
37	function sanitize(filePath) {	54	function sanitize(filePath) {
@@ -77,7 +94,7 @@ function loadDirectory(filePath) {
77		94
78	filePath = filePath ? sanitize(filePath) : '/';	95	filePath = filePath ? sanitize(filePath) : '/';
79		96
80	superagent.get('/api/files/' + encode(filePath)).query({ username: app.session.username, password: app.session.password }).end(function (error, result) {	97	superagent.get('/api/files/' + encode(filePath)).query({ access_token: localStorage.accessToken }).end(function (error, result) {
81	app.busy = false;	98	app.busy = false;
82		99
83	if (result && result.statusCode === 401) return logout();	100	if (result && result.statusCode === 401) return logout();
@@ -138,7 +155,7 @@ function uploadFiles(files) {
138	var formData = new FormData();	155	var formData = new FormData();
139	formData.append('file', file);	156	formData.append('file', file);
140		157
141	superagent.post('/api/files' + path).query({ username: app.session.username, password: app.session.password }).send(formData).end(function (error, result) {	158	superagent.post('/api/files' + path).query({ access_token: localStorage.accessToken }).send(formData).end(function (error, result) {
142	if (result && result.statusCode === 401) return logout();	159	if (result && result.statusCode === 401) return logout();
143	if (result && result.statusCode !== 201) console.error('Error uploading file: ', result.statusCode);	160	if (result && result.statusCode !== 201) console.error('Error uploading file: ', result.statusCode);
144	if (error) console.error(error);	161	if (error) console.error(error);
@@ -189,7 +206,7 @@ function del(entry) {
189		206
190	var path = encode(sanitize(app.path + '/' + entry.filePath));	207	var path = encode(sanitize(app.path + '/' + entry.filePath));
191		208
192	superagent.del('/api/files' + path).query({ username: app.session.username, password: app.session.password, recursive: true }).end(function (error, result) {	209	superagent.del('/api/files' + path).query({ access_token: localStorage.accessToken, recursive: true }).end(function (error, result) {
193	app.busy = false;	210	app.busy = false;
194		211
195	if (result && result.statusCode === 401) return logout();	212	if (result && result.statusCode === 401) return logout();
@@ -216,7 +233,7 @@ function rename(data) {
216	var path = encode(sanitize(app.path + '/' + data.entry.filePath));	233	var path = encode(sanitize(app.path + '/' + data.entry.filePath));
217	var newFilePath = sanitize(app.path + '/' + data.newFilePath);	234	var newFilePath = sanitize(app.path + '/' + data.newFilePath);
218		235
219	superagent.put('/api/files' + path).query({ username: app.session.username, password: app.session.password }).send({ newFilePath: newFilePath }).end(function (error, result) {	236	superagent.put('/api/files' + path).query({ access_token: localStorage.accessToken }).send({ newFilePath: newFilePath }).end(function (error, result) {
220	app.busy = false;	237	app.busy = false;
221		238
222	if (result && result.statusCode === 401) return logout();	239	if (result && result.statusCode === 401) return logout();
@@ -241,7 +258,7 @@ function createDirectory(name) {
241		258
242	var path = encode(sanitize(app.path + '/' + name));	259	var path = encode(sanitize(app.path + '/' + name));
243		260
244	superagent.post('/api/files' + path).query({ username: app.session.username, password: app.session.password, directory: true }).end(function (error, result) {	261	superagent.post('/api/files' + path).query({ access_token: localStorage.accessToken, directory: true }).end(function (error, result) {
245	app.busy = false;	262	app.busy = false;
246		263
247	if (result && result.statusCode === 401) return logout();	264	if (result && result.statusCode === 401) return logout();
@@ -327,7 +344,7 @@ var app = new Vue({
327		344
328	window.app = app;	345	window.app = app;
329		346
330	login(localStorage.username, localStorage.password);	347	getProfile(localStorage.accessToken);
331		348
332	$(window).on('hashchange', function () {	349	$(window).on('hashchange', function () {
333	loadDirectory(window.location.hash.slice(1));	350	loadDirectory(window.location.hash.slice(1));