From 21e71546724444b350954785fed95096c289595c Mon Sep 17 00:00:00 2001 From: teddy Date: Fri, 15 Nov 2024 15:55:12 +0000 Subject: [PATCH] Fix: User login on production. --- app.py | 6 +- config.py | 15 ++- controllers/__pycache__/user.cpython-312.pyc | Bin 8900 -> 9706 bytes controllers/user.py | 90 +++++++++++++----- .../model_view_base.cpython-312.pyc | Bin 20438 -> 20496 bytes models/model_view_base.py | 1 + static/dist/js/main.bundle.js | 44 +++++---- static/js/api.js | 8 +- templates/layouts/layout.html | 4 +- 9 files changed, 115 insertions(+), 53 deletions(-) diff --git a/app.py b/app.py index 59175e18..57bd3e38 100644 --- a/app.py +++ b/app.py @@ -96,10 +96,12 @@ def internal_server_error(error): app.logger.error('Traceback: %s', traceback.format_exc()) return "Internal Server Error", 500 +@app.before_request +def make_session_permanent(): + session.permanent = True - -""" csrf = CSRFProtect() +""" cors = CORS() db = SQLAlchemy() mail = Mail() diff --git a/config.py b/config.py index dbb9213d..99c25b5a 100644 --- a/config.py +++ b/config.py @@ -32,6 +32,15 @@ class Config: SQLALCHEMY_DATABASE_URI = os.getenv('SQLALCHEMY_DATABASE_URI') SQLALCHEMY_TRACK_MODIFICATIONS = False # Auth0 + SESSION_COOKIE_SECURE = True + SESSION_COOKIE_HTTPONLY = True + # SESSION_COOKIE_SAMESITE = 'Lax' + # PERMANENT_SESSION_LIFETIME = 3600 + WTF_CSRF_ENABLED = True + # WTF_CSRF_CHECK_DEFAULT = False # We'll check it manually for API routes + # WTF_CSRF_HEADERS = ['X-CSRFToken'] # Accept CSRF token from this header + WTF_CSRF_TIME_LIMIT = None + WTF_CSRF_SSL_STRICT = False # Allows testing without HTTPS ID_AUTH0_CLIENT = os.getenv('ID_AUTH0_CLIENT') ID_AUTH0_CLIENT_SECRET = os.getenv('ID_AUTH0_CLIENT_SECRET') DOMAIN_AUTH0 = os.getenv('DOMAIN_AUTH0') @@ -71,9 +80,10 @@ class Config: class DevelopmentConfig(Config): is_development = True + # Add development-specific configuration variables DEBUG = True MAIL_DEBUG = True - # Add development-specific configuration variables + SESSION_COOKIE_SECURE = False class ProductionConfig(Config): is_production = True @@ -82,8 +92,9 @@ class ProductionConfig(Config): # Set the configuration class based on the environment # You can change 'development' to 'production' when deploying -config_env = os.getenv('FLASK_ENV', "production") +config_env = os.getenv('FLASK_ENV', "development") with open('app.log', 'a') as f: + print(f'config_env: {config_env}') f.write(f'config_env: {config_env}\n') # current_app.logger.error(f'config_env: {config_env}') # logger not yet initialised if config_env == 'development': diff --git a/controllers/__pycache__/user.cpython-312.pyc b/controllers/__pycache__/user.cpython-312.pyc index 0f09b25d3031026ddea1ae89fda272881cf49d05..69b00a52e42874db620e5393121e6d5c326f1460 100644 GIT binary patch delta 2925 zcmZ`*TTC0-89rw&_Kfj`_`=Nwn>&VJAR+67B%~#fk~AAA*=&lnTE{Shx!5>4Glax4 z%eLwRt8F*QPSqf#E3s0m(uQ5NODknnsokpkfYcXTumX)hyHcY*RBGjIkXn&G^qjHB zhKG*i|Ns8$`Oob?{(Ru?-){Mf#bN^ZJ2xAQUTFg0uSC#4HV_*b=LcH-sAEjiE+Ow#J&`&7o!u+hQ$of5@-lQta0nYK^yr+TzDU$2HxtSbIDW z3P3;s(epGvP^be-m4aRDd`jh1p)Rp&TGVh?-YLffhu{=kQEIJBcNNNi01Amtk}%~N z^t0U>`Wy5|P8Cue&E$Cs^Es;zWq9TPc-IuXy@$Mm_ljNawI7d6{jBJp5XT&4$o9A8BfegiI^CUC8EeoG=^N&Dl;u5W>qdK%3*?(B;RTv zHwcw0Kj*zp5AiiliV;CX5+cVF)hIjsHx^Y+pP|YR+#45f%TqWHEy>8wsSH^O)pBGZ zRP!8~3ghWdA#q$*X^hYrlHGJWf+SH0&!L!V#ytkz4`WRvE~!wINcCh{$agSyvFD8& z5-#KoQMqsW?jmX=^$>#lK9El0j{7!v&RDmZsti-L9Nc2+cMHp8ZVTD!;m9-Zuc=vCY+FxSExkUz=Co zN_%^^xC_rYdtOdxMu;~;K&+)vu4}Tka0Am?TstfSF5)DJsE#by5;P%D}NmNbSQoH zY8Jp(A-}^rmdsf|x!hm5o0kKNSnKDr7NgI+4~)EJzZ8^~FY_ziYu;^tf5zYcd1Cw0 zSmx5$R`l+_0hojX)Ymzd1t1D9QJ7t(h6$_q4)p?n(h-9B5$Zo#5kkIf$KiUn|7Dhf ztbNCJ>|N&Nz5s#Q^)CSNitpMc%T}6yJN~S8eIiqSe$&?b8J)IW{DQmqGD{PO1L+(- z8Gk4pw1Pj`oP!MbGd%zXE5HWB43^LvoBH zOYWGK6BJZFa=K0En*{e^qU<>D!d_*_6=u<8BLBv9AxH+$Qc9%XX-B_6&=sswty)Qi z9)l*ZGO^xVW@llu(&HXBjF1$S%0qWG>{LE>SKGBP0}e~f$>=t=ezd-ajf+=_Bl(wv z!i12PsdWsb6;3(@x<&|1$W20CB}AJ*2|>Mtj1m&U#Lu8x1Q({D%}Qdhj!Yp}y)9P; zDZfSQkx0h&-{YU;zyx366336fmG%TSogJGcooS{M-BCWQ-iMO%lbY907Z%S?qr2E& zpLiSLYu1TaM4AcD%M$_e7YC6SUvd>zXT^T t;KUwqzh75ZyE>I_Je`L2O?c*OY5>B1_<{yhPd10M!<5on_kD&8_CJ-psZ{^~ delta 2048 zcmY*aYfMvD96#qi+R_KN51>Gcw$LKwDayn#MZf_*Dsyw1(Kwshdxb(D?%c~%QUW7e zHg$`dlO-g^q$W$|)Md#?-1ccRGyAZ8SR2S74aU7bEc;Xg$rh6(JLmQxoTUHr`@jF^ zfA0VE@1u_fn|?Bx^nfhGUDw!G+X484GR4Ie!1`bCM$_F>F?YZXfe1xov_94lXi%{! z>WO&+UKN)|x5pX-jj8nb5`zC!yQI9`{Rs7Bp_dVe{FKK8T*u^{W%e9+i9& zZuLll2?KsdV}nL~+vYSX#$td8GyYAm845j_Ve$dYnk2I&0DfTJ?MXtVrs$U}m2+QP zO3xP3>yqpiZ;)gsYVlKRg^v2qaCx)c`Xsm2OsOk{=ZdGD;T7^>fF5?Nm3FygDVJORnP~6pBfTgybGqR(oP99F}C+ zXGgT6EH@!1;z&oKA)JWIiKrBeCdQDNO4u<;K`ce4A%FjH@L<2+KhS^hDE`o3>8hl1 zJ~X9_@61~1mOzndDTpL7f~2s5YN=j3E`>yr894}tocI?*U#m}><>)!H#wipj*=J2# z&YNXPAk=|R8|!#kOPuk%aWa(UNo|oh+D`-xD!mRqh(UY=ZN z&XjxShS#|ALLH;23#mxjv2&U0T(i_H>{znY&mCE_ITntrI9oH$)+JlpoWEc`%hl!p z>k@JrV6I&eTp7WYE_bJFslbYNPsY0^?dkqn|E=(iknTQ|1Mo29S9xL1p974={;R#= zdYlNoe9okG>NbFuFWWE!qwV_P1?7|AinlN0?R(U*GH@m{aArA-{sH9m>t~+kw;TXr zIPd~P_Cdx^w~AxTIsnEIiun=d-`sx4TUQ0kRqmN=AQv!i9&&;ooZL{uqAVQK*6$^< zX(PQ!S44Kj6LAT7sYoj;Aw}wOp$7bW)hKMn`|Q1DIxy;0BKj?%HhjhIFlWmKFNUS_ zN+c1_va*8k7xuSd7jCQ$vRNqME7b=yGzs$JpR4V)`v}aIs~<&aRM2T69R9M#%0oA{ zZ9A?RruKFm*;WUA`2B5lR@F;Gyb@CiI!CncEj}R1*#p#&r{r}?nkk{9fz(Rryr6zc z=tv+xC4H0(QbN0dx+oc;5+c+8AUeNDEknqcL8~{Yla3~c9^*G% zPB@0AT^lfh6Yf)c)g(hi$fjk+bdRLr9iT6|qNl8rzLKJ(YNy#{{c!tEX|CKC$XR7v`9< zF>0s_2IJ&$2?h~;X0tpZ9hLHTN^e1Ju6iJ~qR#*tqf&bCXS#i{gg6zIdeJ;#>EEEN z$3J>{&CVyF{V~}67<4}YyE0%Gc6;lcsW;Nlx&+&wGHy7+th0dW$f+/ def login_callback(): diff --git a/models/__pycache__/model_view_base.cpython-312.pyc b/models/__pycache__/model_view_base.cpython-312.pyc index 03807932de5a494782446ea6da41b5e3c28d62b0..f1ff842812fd149012f0f34ed57884b7c236b1bc 100644 GIT binary patch delta 3290 zcmZvedvH|M9mn_VZnC@Pu?b63LLMgICfQ9kB%2VD5E3Df1d^CkGa|=^HRRreg=`kj zZa`@5f}$2}Nbrb)4@ecM2o+>o)cP1_I@3RNT2X4PYs<6@)9E-$!HN$a((^rgiFYUN z%zo~ND*%Whe`%OHERf zb40IdQR;Y}rDSD&BhF0gZbweyhnDH08xW@~q~$u-sO8ecJe=_dEe#Q639ZzHw`k#O zriariUEESR)H3STxmGQA@CS0Mb#ZMnx1H7q$D6H1Zl#mf>iWC1IwRBT@Q1DYGL$~r ztP5YwJ8dPz$HRhm@uzJix&2y!2d5W^zGFK^bgKaf(AJFaD&n4ZNyNGWzJ zoc8IG9@E0#_<`^_sr#~(19VUq{=5ty;-97#qG zvznPPWu8-qWQ=3V98jN^W+sf$pdJ*JvnI%q?88Kex#CNIt-hch68cBm4Tr@!KG%=* zMVo=2&YXpL=59C8muy&3xA^95C-kV+&KK=t>dWG+;QJEvxHLEFOjMdeo%yXaMLP34 zY3At631K2cnX6N;$e^2a=2dB&I`f(|#X9qQX-ahFb!kd<<_&3FI`ifP*_>`HEsLI; z;WQO&Nx8$*a@(z~y}|YBNX*{axwy@Tb6;2PF7rRR zddL-C;Lavj`Fyvh@S0fOSgJqd8x9T)sfy1(!oCyAWoF6Zj<0KCR zM+W^vEJ@^r#Mgl6Gv)IN=R#x&vDNT5yJP&G9ruh!c0~4UdEf3nX>~J{>2;e#kju!d zB8;WS+j5SXNWMO}XtQ*F)Z-+@{6o(iF@vIcckA_|b~2 z_|@g}cPiYZm0zqVlR1YQW$gmgyHOyPIXdDGhkOCGKQzkJfI1Rpg%~&qmw^wHt29Tr zEiV3EMGk*$UIyvl-pX=O&{sJq*6fd!WpcDw9{-nj7PnV<$&dMxs<7yKrK&o+81=*# z%OVcUjaoIlzkU|?RAul_s#1%35#o>wb=L0q$X@rpz3$b#Q}))A)>dW{oqSt$Hec^; zi?0@mS%%bbe>ltznHb8)OzYLntOQj|@rjE&@OSUsWF^0)`p8Y%5|@j9<^((mk>Vug z6;sdWk(w;tQ?r!N=nQZWy)GK-0-hm7&DY{50_d;`P%p^*Oe#O8|%9-d!k<)+#; z(#Jb$2hDQof37)R$ErmsS2C+X#reQ&QIS<848Ur|X+q70sac`!#|t`>2N1HF_taMM zJL|mS7VNBhxFmjkF|$~Nki0;bF=kf$17TL7ugIJ0yNEwJR$o9`j)cr2F8*ln3k`i_n0GH66*Jk;l*3OiY^u2# z1s4Nm0hcLe7Bxb#G(lfrbU5rE_K&E{A^LPTtEaJ9fqMZFYhc@e`+*05hkzZxBfuCi4(tLrup4*+*b6)b zJOk_#Xkq)&oCKZ)o&yd52Z0xW7l9+dOTaPUI1mMrcoCW?3{0I0H_zXA)oCm%Dz68Dkz6QPlz6CA;*u&Wjz+n(?CA%t`F*CM* z`J2J;TY^pX_9bNzt9US23Xl!V2C!+fd;q&-EHxx{CjUS{4X+I;T%HV={%X)Ux^`T)|BwCTIh(ic*mLM;l**ejTp=Cq`=O*si5UECJHt@nwMi;;>M9(NQG1EypvpQV|7tJBEZ>?WX`?Pl zs_-Lnwqw-8d;8y?B)m@-{yf6DNuGBUSx&0d7h;*tw~di+w1;(J7gX23wF5eLQMpUn zL7ls-+_%~xo%>F?@3pATT~Y1_?Gc^(5zc1t|3^E_(<2jm?Y}DYswQ=zKPh)jJEC(x zD|cOcROfzyi!#4KJ9@*?HA{M<_E?HHC4HI}c|4^fJ=tN_o=EYQq_=8Mrg&S@Ptl%A z@pgEdft$I7rr}6NIkl(xGsIxSRQcv8dnNm2MuI-t3;ad?64~i{3@;~C_ISgfjoGk-Gxiv?-^y>M&g`A%p1zgRwj~|@)@P( z=z`8FGgoKcRK}$VUa~fT$39- z-ooqXbOb`afnZ-B_xl1v;%8FsG?7jNiK}wVHN3JZlf8|V{h zR47D$21MGt6>PR_@FpU2Q4`a<35nxlP+K_Vd9RDPad*EV8^*_W;`<#r$5H;wSUZR991`+bn8Opca@(1w>^^JyA!OH%gpa@DST1 z+w1$N#2fYdOOpF2jqWO>CQ6$s%^&Cq3vWtZZ$mrV9DBVXpOvfI$-qbsjD%$n!vxy5 zYK82>f^QG-9X{HdqWEy*3^SHGK1Z!kf1_P4YOG^h3D|xiY<}#omfii&Q;% zd($l$nbf?o!g5DbE88Z|HnpjgRjgGmZ=OfL?{Kr1-6uzzvE$A)uPR5GkqlR-*EQ&M z`PaEtEOfPtl_cFPZu57Cxi1_T`kDy; zs->vtK}^g+_I|@ZrcRHBAG+@^);wV)D^%tmrMtD3Wy*V6PeoQxn79pC1*`^c2ReW| zfVIG{fb{@gnnWjXH?R@#0bRf*053a&1AV||pdY~7ix>iez_5YNNr5dT1P}(c1NQ z7=Zsa;&;HSz-a)lMFOXTh{=vytJt691GjEo{}IG_;A0>Td_1^bOYJRnTG8X} zNIc}l)En9tt8bfTl)IMX#X?JWnc0W2ORN6Im^Joc`=8m&)ZDAqroo_p+W>D71M*Zy Tdsa_6n-vWl&$?njOAYcr_E4n( diff --git a/models/model_view_base.py b/models/model_view_base.py index be0ca7a5..48f266b7 100644 --- a/models/model_view_base.py +++ b/models/model_view_base.py @@ -71,6 +71,7 @@ class Model_View_Base(BaseModel, ABC): FLAG_CONTAINER_ICON_AND_LABEL: ClassVar[str] = 'container-icon-label' FLAG_CONTAINER_INPUT: ClassVar[str] = FLAG_CONTAINER + '-input' FLAG_COUNTY: ClassVar[str] = Base.FLAG_COUNTY + FLAG_CSRF_TOKEN: ClassVar[str] = 'X-CSRFToken' FLAG_CURRENCY: ClassVar[str] = 'currency' FLAG_DATA: ClassVar[str] = 'data' FLAG_DATE_FROM: ClassVar[str] = Base.FLAG_DATE_FROM diff --git a/static/dist/js/main.bundle.js b/static/dist/js/main.bundle.js index 47405187..331d48ad 100644 --- a/static/dist/js/main.bundle.js +++ b/static/dist/js/main.bundle.js @@ -527,6 +527,9 @@ var LocalStorage = /*#__PURE__*/function () { ;// CONCATENATED MODULE: ./static/js/api.js function api_typeof(o) { "@babel/helpers - typeof"; return api_typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, api_typeof(o); } function _regeneratorRuntime() { "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ _regeneratorRuntime = function _regeneratorRuntime() { return e; }; var t, e = {}, r = Object.prototype, n = r.hasOwnProperty, o = Object.defineProperty || function (t, e, r) { t[e] = r.value; }, i = "function" == typeof Symbol ? Symbol : {}, a = i.iterator || "@@iterator", c = i.asyncIterator || "@@asyncIterator", u = i.toStringTag || "@@toStringTag"; function define(t, e, r) { return Object.defineProperty(t, e, { value: r, enumerable: !0, configurable: !0, writable: !0 }), t[e]; } try { define({}, ""); } catch (t) { define = function define(t, e, r) { return t[e] = r; }; } function wrap(t, e, r, n) { var i = e && e.prototype instanceof Generator ? e : Generator, a = Object.create(i.prototype), c = new Context(n || []); return o(a, "_invoke", { value: makeInvokeMethod(t, r, c) }), a; } function tryCatch(t, e, r) { try { return { type: "normal", arg: t.call(e, r) }; } catch (t) { return { type: "throw", arg: t }; } } e.wrap = wrap; var h = "suspendedStart", l = "suspendedYield", f = "executing", s = "completed", y = {}; function Generator() {} function GeneratorFunction() {} function GeneratorFunctionPrototype() {} var p = {}; define(p, a, function () { return this; }); var d = Object.getPrototypeOf, v = d && d(d(values([]))); v && v !== r && n.call(v, a) && (p = v); var g = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(p); function defineIteratorMethods(t) { ["next", "throw", "return"].forEach(function (e) { define(t, e, function (t) { return this._invoke(e, t); }); }); } function AsyncIterator(t, e) { function invoke(r, o, i, a) { var c = tryCatch(t[r], t, o); if ("throw" !== c.type) { var u = c.arg, h = u.value; return h && "object" == api_typeof(h) && n.call(h, "__await") ? e.resolve(h.__await).then(function (t) { invoke("next", t, i, a); }, function (t) { invoke("throw", t, i, a); }) : e.resolve(h).then(function (t) { u.value = t, i(u); }, function (t) { return invoke("throw", t, i, a); }); } a(c.arg); } var r; o(this, "_invoke", { value: function value(t, n) { function callInvokeWithMethodAndArg() { return new e(function (e, r) { invoke(t, n, e, r); }); } return r = r ? r.then(callInvokeWithMethodAndArg, callInvokeWithMethodAndArg) : callInvokeWithMethodAndArg(); } }); } function makeInvokeMethod(e, r, n) { var o = h; return function (i, a) { if (o === f) throw Error("Generator is already running"); if (o === s) { if ("throw" === i) throw a; return { value: t, done: !0 }; } for (n.method = i, n.arg = a;;) { var c = n.delegate; if (c) { var u = maybeInvokeDelegate(c, n); if (u) { if (u === y) continue; return u; } } if ("next" === n.method) n.sent = n._sent = n.arg;else if ("throw" === n.method) { if (o === h) throw o = s, n.arg; n.dispatchException(n.arg); } else "return" === n.method && n.abrupt("return", n.arg); o = f; var p = tryCatch(e, r, n); if ("normal" === p.type) { if (o = n.done ? s : l, p.arg === y) continue; return { value: p.arg, done: n.done }; } "throw" === p.type && (o = s, n.method = "throw", n.arg = p.arg); } }; } function maybeInvokeDelegate(e, r) { var n = r.method, o = e.iterator[n]; if (o === t) return r.delegate = null, "throw" === n && e.iterator["return"] && (r.method = "return", r.arg = t, maybeInvokeDelegate(e, r), "throw" === r.method) || "return" !== n && (r.method = "throw", r.arg = new TypeError("The iterator does not provide a '" + n + "' method")), y; var i = tryCatch(o, e.iterator, r.arg); if ("throw" === i.type) return r.method = "throw", r.arg = i.arg, r.delegate = null, y; var a = i.arg; return a ? a.done ? (r[e.resultName] = a.value, r.next = e.nextLoc, "return" !== r.method && (r.method = "next", r.arg = t), r.delegate = null, y) : a : (r.method = "throw", r.arg = new TypeError("iterator result is not an object"), r.delegate = null, y); } function pushTryEntry(t) { var e = { tryLoc: t[0] }; 1 in t && (e.catchLoc = t[1]), 2 in t && (e.finallyLoc = t[2], e.afterLoc = t[3]), this.tryEntries.push(e); } function resetTryEntry(t) { var e = t.completion || {}; e.type = "normal", delete e.arg, t.completion = e; } function Context(t) { this.tryEntries = [{ tryLoc: "root" }], t.forEach(pushTryEntry, this), this.reset(!0); } function values(e) { if (e || "" === e) { var r = e[a]; if (r) return r.call(e); if ("function" == typeof e.next) return e; if (!isNaN(e.length)) { var o = -1, i = function next() { for (; ++o < e.length;) if (n.call(e, o)) return next.value = e[o], next.done = !1, next; return next.value = t, next.done = !0, next; }; return i.next = i; } } throw new TypeError(api_typeof(e) + " is not iterable"); } return GeneratorFunction.prototype = GeneratorFunctionPrototype, o(g, "constructor", { value: GeneratorFunctionPrototype, configurable: !0 }), o(GeneratorFunctionPrototype, "constructor", { value: GeneratorFunction, configurable: !0 }), GeneratorFunction.displayName = define(GeneratorFunctionPrototype, u, "GeneratorFunction"), e.isGeneratorFunction = function (t) { var e = "function" == typeof t && t.constructor; return !!e && (e === GeneratorFunction || "GeneratorFunction" === (e.displayName || e.name)); }, e.mark = function (t) { return Object.setPrototypeOf ? Object.setPrototypeOf(t, GeneratorFunctionPrototype) : (t.__proto__ = GeneratorFunctionPrototype, define(t, u, "GeneratorFunction")), t.prototype = Object.create(g), t; }, e.awrap = function (t) { return { __await: t }; }, defineIteratorMethods(AsyncIterator.prototype), define(AsyncIterator.prototype, c, function () { return this; }), e.AsyncIterator = AsyncIterator, e.async = function (t, r, n, o, i) { void 0 === i && (i = Promise); var a = new AsyncIterator(wrap(t, r, n, o), i); return e.isGeneratorFunction(r) ? a : a.next().then(function (t) { return t.done ? t.value : a.next(); }); }, defineIteratorMethods(g), define(g, u, "Generator"), define(g, a, function () { return this; }), define(g, "toString", function () { return "[object Generator]"; }), e.keys = function (t) { var e = Object(t), r = []; for (var n in e) r.push(n); return r.reverse(), function next() { for (; r.length;) { var t = r.pop(); if (t in e) return next.value = t, next.done = !1, next; } return next.done = !0, next; }; }, e.values = values, Context.prototype = { constructor: Context, reset: function reset(e) { if (this.prev = 0, this.next = 0, this.sent = this._sent = t, this.done = !1, this.delegate = null, this.method = "next", this.arg = t, this.tryEntries.forEach(resetTryEntry), !e) for (var r in this) "t" === r.charAt(0) && n.call(this, r) && !isNaN(+r.slice(1)) && (this[r] = t); }, stop: function stop() { this.done = !0; var t = this.tryEntries[0].completion; if ("throw" === t.type) throw t.arg; return this.rval; }, dispatchException: function dispatchException(e) { if (this.done) throw e; var r = this; function handle(n, o) { return a.type = "throw", a.arg = e, r.next = n, o && (r.method = "next", r.arg = t), !!o; } for (var o = this.tryEntries.length - 1; o >= 0; --o) { var i = this.tryEntries[o], a = i.completion; if ("root" === i.tryLoc) return handle("end"); if (i.tryLoc <= this.prev) { var c = n.call(i, "catchLoc"), u = n.call(i, "finallyLoc"); if (c && u) { if (this.prev < i.catchLoc) return handle(i.catchLoc, !0); if (this.prev < i.finallyLoc) return handle(i.finallyLoc); } else if (c) { if (this.prev < i.catchLoc) return handle(i.catchLoc, !0); } else { if (!u) throw Error("try statement without catch or finally"); if (this.prev < i.finallyLoc) return handle(i.finallyLoc); } } } }, abrupt: function abrupt(t, e) { for (var r = this.tryEntries.length - 1; r >= 0; --r) { var o = this.tryEntries[r]; if (o.tryLoc <= this.prev && n.call(o, "finallyLoc") && this.prev < o.finallyLoc) { var i = o; break; } } i && ("break" === t || "continue" === t) && i.tryLoc <= e && e <= i.finallyLoc && (i = null); var a = i ? i.completion : {}; return a.type = t, a.arg = e, i ? (this.method = "next", this.next = i.finallyLoc, y) : this.complete(a); }, complete: function complete(t, e) { if ("throw" === t.type) throw t.arg; return "break" === t.type || "continue" === t.type ? this.next = t.arg : "return" === t.type ? (this.rval = this.arg = t.arg, this.method = "return", this.next = "end") : "normal" === t.type && e && (this.next = e), y; }, finish: function finish(t) { for (var e = this.tryEntries.length - 1; e >= 0; --e) { var r = this.tryEntries[e]; if (r.finallyLoc === t) return this.complete(r.completion, r.afterLoc), resetTryEntry(r), y; } }, "catch": function _catch(t) { for (var e = this.tryEntries.length - 1; e >= 0; --e) { var r = this.tryEntries[e]; if (r.tryLoc === t) { var n = r.completion; if ("throw" === n.type) { var o = n.arg; resetTryEntry(r); } return o; } } throw Error("illegal catch attempt"); }, delegateYield: function delegateYield(e, r, n) { return this.delegate = { iterator: values(e), resultName: r, nextLoc: n }, "next" === this.method && (this.arg = t), y; } }, e; } +function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; } +function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { api_defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; } +function api_defineProperty(e, r, t) { return (r = api_toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; } function asyncGeneratorStep(n, t, e, r, o, a, c) { try { var i = n[a](c), u = i.value; } catch (n) { return void e(n); } i.done ? t(u) : Promise.resolve(u).then(r, o); } function _asyncToGenerator(n) { return function () { var t = this, e = arguments; return new Promise(function (r, o) { var a = n.apply(t, e); function _next(n) { asyncGeneratorStep(a, r, o, _next, _throw, "next", n); } function _throw(n) { asyncGeneratorStep(a, r, o, _next, _throw, "throw", n); } _next(void 0); }); }; } function api_classCallCheck(a, n) { if (!(a instanceof n)) throw new TypeError("Cannot call a class as a function"); } @@ -544,7 +547,6 @@ var api_API = /*#__PURE__*/function () { return api_createClass(API, null, [{ key: "getCsrfToken", value: function getCsrfToken() { - // return document.querySelectorAll('meta[name=' + nameCSRFToken + ']').getAttribute('content'); return document.querySelector(idCSRFToken).getAttribute('content'); } }, { @@ -555,6 +557,7 @@ var api_API = /*#__PURE__*/function () { data, params, url, + csrfToken, options, response, _args = arguments; @@ -565,41 +568,42 @@ var api_API = /*#__PURE__*/function () { data = _args.length > 2 && _args[2] !== undefined ? _args[2] : null; params = _args.length > 3 && _args[3] !== undefined ? _args[3] : null; url = API.getUrlFromHash(hashEndpoint, params); + csrfToken = API.getCsrfToken(); options = { method: method, - headers: { - 'Content-Type': 'application/json', - 'X-CSRFToken': API.getCsrfToken() - } + headers: api_defineProperty({ + 'Content-Type': 'application/json' + }, flagCsrfToken, csrfToken) }; if (data && (method === 'POST' || method === 'PUT' || method === 'PATCH')) { + data = _objectSpread(_objectSpread({}, data), {}, api_defineProperty({}, flagCsrfToken, csrfToken)); options.body = JSON.stringify(data); } - _context.prev = 6; - _context.next = 9; + _context.prev = 7; + _context.next = 10; return fetch(url, options); - case 9: + case 10: response = _context.sent; if (response.ok) { - _context.next = 12; + _context.next = 13; break; } throw new Error("HTTP error! status: ".concat(response.status)); - case 12: - _context.next = 14; + case 13: + _context.next = 15; return response.json(); - case 14: + case 15: return _context.abrupt("return", _context.sent); - case 17: - _context.prev = 17; - _context.t0 = _context["catch"](6); + case 18: + _context.prev = 18; + _context.t0 = _context["catch"](7); console.error('API request failed:', _context.t0); throw _context.t0; - case 21: + case 22: case "end": return _context.stop(); } - }, _callee, null, [[6, 17]]); + }, _callee, null, [[7, 18]]); })); function request(_x) { return _request.apply(this, arguments); @@ -3203,8 +3207,8 @@ function mixin_typeof(o) { "@babel/helpers - typeof"; return mixin_typeof = "fun function mixin_createForOfIteratorHelper(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = mixin_unsupportedIterableToArray(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n = 0, F = function F() {}; return { s: F, n: function n() { return _n >= r.length ? { done: !0 } : { done: !1, value: r[_n++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; } function mixin_unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return mixin_arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? mixin_arrayLikeToArray(r, a) : void 0; } } function mixin_arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; } -function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; } -function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { mixin_defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; } +function mixin_ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; } +function mixin_objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? mixin_ownKeys(Object(t), !0).forEach(function (r) { mixin_defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : mixin_ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; } function mixin_defineProperty(e, r, t) { return (r = mixin_toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; } function mixin_classCallCheck(a, n) { if (!(a instanceof n)) throw new TypeError("Cannot call a class as a function"); } function mixin_defineProperties(e, r) { for (var t = 0; t < r.length; t++) { var o = r[t]; o.enumerable = o.enumerable || !1, o.configurable = !0, "value" in o && (o.writable = !0), Object.defineProperty(e, mixin_toPropertyKey(o.key), o); } } @@ -3692,7 +3696,7 @@ var StoreMixinPage = /*#__PURE__*/function () { }, { key: "mergeBaskets", value: function mergeBaskets(basketPrimary, basketSecondary) { - var basket = _objectSpread(_objectSpread({}, basketSecondary), basketPrimary); + var basket = mixin_objectSpread(mixin_objectSpread({}, basketSecondary), basketPrimary); var items = {}; var _iterator = mixin_createForOfIteratorHelper(basketSecondary[keyItems]), _step; diff --git a/static/js/api.js b/static/js/api.js index 6b281dbc..ece66adb 100644 --- a/static/js/api.js +++ b/static/js/api.js @@ -4,21 +4,25 @@ import DOM from './dom.js'; export default class API { static getCsrfToken() { - // return document.querySelectorAll('meta[name=' + nameCSRFToken + ']').getAttribute('content'); return document.querySelector(idCSRFToken).getAttribute('content'); } static async request(hashEndpoint, method = 'GET', data = null, params = null) { const url = API.getUrlFromHash(hashEndpoint, params); + const csrfToken = API.getCsrfToken(); const options = { method, headers: { 'Content-Type': 'application/json', - 'X-CSRFToken': API.getCsrfToken() + [flagCsrfToken]: csrfToken, } }; if (data && (method === 'POST' || method === 'PUT' || method === 'PATCH')) { + data = { + ...data, + [flagCsrfToken]: csrfToken, + }; options.body = JSON.stringify(data); } diff --git a/templates/layouts/layout.html b/templates/layouts/layout.html index 93e500f3..57c2647b 100644 --- a/templates/layouts/layout.html +++ b/templates/layouts/layout.html @@ -33,7 +33,7 @@ } - +