github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

feat: secure swagger endpoint 

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/4395/head
Pranav C 2 years ago
parent
1f26d5b9b0
commit
0e8fae87ab
3 changed files with 26 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      packages/nocodb/src/lib/meta/api/swagger/swaggerApis.ts
  2. 22
      packages/nocodb/src/lib/meta/api/swagger/swaggerHtml.ts
  3. 3
      packages/nocodb/src/lib/utils/projectAcl.ts

3
packages/nocodb/src/lib/meta/api/swagger/swaggerApis.ts
Unescape View File

@ -2,6 +2,7 @@
import catchError, { NcError } from '../../helpers/catchError'; import catchError, { NcError } from '../../helpers/catchError';
import { Router } from 'express'; import { Router } from 'express';
import Model from '../../../models/Model'; import Model from '../../../models/Model';
import ncMetaAclMw from '../../helpers/ncMetaAclMw'
import getSwaggerJSON from './helpers/getSwaggerJSON'; import getSwaggerJSON from './helpers/getSwaggerJSON';
import Project from '../../../models/Project'; import Project from '../../../models/Project';
import swaggerHtml from './swaggerHtml'; import swaggerHtml from './swaggerHtml';
@ -42,7 +43,7 @@ const router = Router({ mergeParams: true });
// todo: auth // todo: auth
router.get( router.get(
'/api/v1/db/meta/projects/:projectId/swagger.json', '/api/v1/db/meta/projects/:projectId/swagger.json',
catchError(swaggerJson) ncMetaAclMw(swaggerJson, 'swaggerJson')
); );
router.get('/api/v1/db/meta/projects/:projectId/swagger', (_req, res) => router.get('/api/v1/db/meta/projects/:projectId/swagger', (_req, res) =>
res.send(swaggerHtml) res.send(swaggerHtml)

22
packages/nocodb/src/lib/meta/api/swagger/swaggerHtml.ts
Unescape View File

@ -12,14 +12,34 @@ export default `<!DOCTYPE html>
</div> </div>
<script> <script>
let initialLocalStorage = {}
try {
initialLocalStorage = JSON.parse(localStorage.getItem('nocodb-gui-v2') || '{}');
} catch (e) {
console.error('Failed to parse local storage', e);
}
var xmlhttp = new XMLHttpRequest(); // new HttpRequest instance
xmlhttp.open("GET", "./swagger.json");
xmlhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
xmlhttp.setRequestHeader("xc-auth", initialLocalStorage && initialLocalStorage.token);
xmlhttp.onload = function () {
const ui = SwaggerUIBundle({ const ui = SwaggerUIBundle({
url: "./swagger.json", // url: ,
spec: JSON.parse(xmlhttp.responseText),
dom_id: '#app', dom_id: '#app',
presets: [ presets: [
SwaggerUIBundle.presets.apis, SwaggerUIBundle.presets.apis,
SwaggerUIBundle.SwaggerUIStandalonePreset SwaggerUIBundle.SwaggerUIStandalonePreset
], ],
}) })
}
xmlhttp.send();
console.log('%c🚀 We are Hiring!!! 🚀%c\\n%cJoin the forces http://careers.nocodb.com', 'color:#1348ba;font-size:3rem;padding:20px;', 'display:none', 'font-size:1.5rem;padding:20px'); console.log('%c🚀 We are Hiring!!! 🚀%c\\n%cJoin the forces http://careers.nocodb.com', 'color:#1348ba;font-size:3rem;padding:20px;', 'display:none', 'font-size:1.5rem;padding:20px');
const linkEl = document.createElement('a') const linkEl = document.createElement('a')
linkEl.setAttribute('href', "http://careers.nocodb.com") linkEl.setAttribute('href', "http://careers.nocodb.com")

3
packages/nocodb/src/lib/utils/projectAcl.ts
Unescape View File

@ -155,6 +155,7 @@ export default {
dataCount: true, dataCount: true,
upload: true, upload: true,
uploadViaURL: true, uploadViaURL: true,
swaggerJson:true
}, },
}, },
commenter: { commenter: {
@ -214,6 +215,7 @@ export default {
xcAuditModelCommentsCount: true, xcAuditModelCommentsCount: true,
xcExportAsCsv: true, xcExportAsCsv: true,
dataCount: true, dataCount: true,
swaggerJson:true
}, },
}, },
viewer: { viewer: {
@ -269,6 +271,7 @@ export default {
list: true, list: true,
xcExportAsCsv: true, xcExportAsCsv: true,
dataCount: true, dataCount: true,
swaggerJson:true
}, },
}, },
user_new: { user_new: {

Write Preview
Loading…
Cancel
Save