github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge pull request #4395 from nocodb/feat/secure-swagger-endpoint 

Feat: Secure swagger endpoint
pull/4297/merge
navi 2 years ago committed by GitHub
parent
4943c1daf1 0e8fae87ab
commit
c8ca2871fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      packages/nocodb/src/lib/meta/api/swagger/swaggerApis.ts
  2. 22
      packages/nocodb/src/lib/meta/api/swagger/swaggerHtml.ts
  3. 3
      packages/nocodb/src/lib/utils/projectAcl.ts

3
packages/nocodb/src/lib/meta/api/swagger/swaggerApis.ts
Unescape View File

@ -2,6 +2,7 @@
import catchError, { NcError } from '../../helpers/catchError';
import { Router } from 'express';
import Model from '../../../models/Model';
import ncMetaAclMw from '../../helpers/ncMetaAclMw'
import getSwaggerJSON from './helpers/getSwaggerJSON';
import Project from '../../../models/Project';
import swaggerHtml from './swaggerHtml';
@ -42,7 +43,7 @@ const router = Router({ mergeParams: true });
// todo: auth
router.get(
'/api/v1/db/meta/projects/:projectId/swagger.json',
catchError(swaggerJson)
ncMetaAclMw(swaggerJson, 'swaggerJson')
);
router.get('/api/v1/db/meta/projects/:projectId/swagger', (_req, res) =>
res.send(swaggerHtml)

22
packages/nocodb/src/lib/meta/api/swagger/swaggerHtml.ts
Unescape View File

@ -12,14 +12,34 @@ export default `<!DOCTYPE html>
</div>
<script>
let initialLocalStorage = {}
try {
initialLocalStorage = JSON.parse(localStorage.getItem('nocodb-gui-v2') || '{}');
} catch (e) {
console.error('Failed to parse local storage', e);
}
var xmlhttp = new XMLHttpRequest(); // new HttpRequest instance
xmlhttp.open("GET", "./swagger.json");
xmlhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
xmlhttp.setRequestHeader("xc-auth", initialLocalStorage && initialLocalStorage.token);
xmlhttp.onload = function () {
const ui = SwaggerUIBundle({
url: "./swagger.json",
// url: ,
spec: JSON.parse(xmlhttp.responseText),
dom_id: '#app',
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIBundle.SwaggerUIStandalonePreset
],
})
}
xmlhttp.send();
console.log('%c🚀 We are Hiring!!! 🚀%c\\n%cJoin the forces http://careers.nocodb.com', 'color:#1348ba;font-size:3rem;padding:20px;', 'display:none', 'font-size:1.5rem;padding:20px');
const linkEl = document.createElement('a')
linkEl.setAttribute('href', "http://careers.nocodb.com")

3
packages/nocodb/src/lib/utils/projectAcl.ts
Unescape View File

@ -157,6 +157,7 @@ export default {
dataCount: true,
upload: true,
uploadViaURL: true,
swaggerJson:true
},
},
commenter: {
@ -216,6 +217,7 @@ export default {
xcAuditModelCommentsCount: true,
xcExportAsCsv: true,
dataCount: true,
swaggerJson:true
},
},
viewer: {
@ -271,6 +273,7 @@ export default {
list: true,
xcExportAsCsv: true,
dataCount: true,
swaggerJson:true
},
},
[OrgUserRoles.VIEWER]: {

Write Preview
Loading…
Cancel
Save