Skip to content

Commit

Permalink
fix: convert in into json stringify
Browse files Browse the repository at this point in the history
Signed-off-by: bhavanakarwade <[email protected]>
  • Loading branch information
bhavanakarwade committed Dec 4, 2024
1 parent 6152f76 commit 4183b66
Show file tree
Hide file tree
Showing 8 changed files with 31 additions and 70 deletions.
2 changes: 1 addition & 1 deletion src/components/Authentication/SignInUserPasskey.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ const SignInUserPasskey = (signInUserProps: signInUserProps) => {

}
await setToLocalStorage(storageKeys.PERMISSIONS, permissionArray);
await setToLocalStorage(storageKeys.USER_PROFILE, userProfile);
await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(userProfile));
await setToLocalStorage(storageKeys.USER_EMAIL, data?.data?.email);
return {
role: role?.orgRole || ""
Expand Down
2 changes: 1 addition & 1 deletion src/components/Authentication/SignInUserPassword.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ const SignInUserPassword = (signInUserProps: SignInUser3Props) => {
id, profileImg, firstName, email,

}
await setToLocalStorage(storageKeys.USER_PROFILE, userProfile);
await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(userProfile));
await setToLocalStorage(storageKeys.USER_EMAIL, data?.data?.email);
return {
role: role?.orgRole ?? '',
Expand Down
2 changes: 1 addition & 1 deletion src/components/Profile/EditUserProfile.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ const EditUserProfile = ({ toggleEditProfile, userProfileInfo, updateProfile }:
}

updateProfile(userData);
await setToLocalStorage(storageKeys.USER_PROFILE, updatedUserData);
await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(updatedUserData));
window.location.reload();
setLoading(false)
}
Expand Down
2 changes: 1 addition & 1 deletion src/components/Profile/UserProfile.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ const UserProfile = ({ noBreadcrumb }: { noBreadcrumb?: boolean }) => {
const userProfile = {
id, profileImg, firstName, email,
}
await setToLocalStorage(storageKeys.USER_PROFILE, userProfile)
await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(userProfile))
await setToLocalStorage(storageKeys.USER_EMAIL, data?.data?.email)
}
} catch (error) {
Expand Down
2 changes: 1 addition & 1 deletion src/components/User/UserDashBoard.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,7 @@ const UserDashBoard = () => {
await setToLocalStorage(storageKeys.ORG_ID, org.id.toString());
const roles: string[] = org?.userOrgRoles.map((role) => role.orgRole.name);

await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString());
await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles));

const { id, name, description, logoUrl } = org || {};
const orgInfo = {
Expand Down
4 changes: 2 additions & 2 deletions src/components/organization/OrgDropDown.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ const OrgDropDown = () => {
? org?.userOrgRoles.map((role) => role?.orgRole?.name)
: [];
if (roles.length > 0) { // Added check
await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString());
await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles));
}
};

Expand All @@ -92,7 +92,7 @@ const OrgDropDown = () => {
setActiveOrg(activeOrgDetails);


await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString());
await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles));

}
if (activeOrgDetails) {
Expand Down
2 changes: 1 addition & 1 deletion src/components/organization/OrganizationsList.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ const OrganizationsList = () => {
id, name, description, logoUrl, roles
}
await setToLocalStorage(storageKeys.ORG_INFO, orgInfo)
await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString());
await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles));
window.location.href = pathRoutes.organizations.dashboard;
};
let content: React.JSX.Element = <></>;
Expand Down
85 changes: 23 additions & 62 deletions src/middleware.ts
Original file line number Diff line number Diff line change
@@ -1,75 +1,36 @@
// import { envConfig } from "./config/envConfig";
// import { pathRoutes } from "./config/pathRoutes";

import { envConfig } from "./config/envConfig";
import { pathRoutes } from "./config/pathRoutes";

// export const onRequest = async (context: any, next: any) => {
// const response = await next();
// const html = await response.text();

// const domains = envConfig.PUBLIC_ALLOW_DOMAIN;

// const allowedDomain = `${context.url.origin} ${domains}`

// const nonce = "dynamicNONCE" + new Date().getTime().toString();

// response.headers.set('Content-Security-Policy',`default-src 'self'; script-src 'self' ${allowedDomain} 'nonce-${nonce}_scripts'; style-src 'unsafe-inline' ${allowedDomain}; font-src ${allowedDomain}; img-src 'self' data: ${allowedDomain}; frame-src 'self' ${allowedDomain}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomain}; form-action 'self'; frame-ancestors 'self'; `);
// response.headers.set('X-Frame-Options', "DENY");
// response.headers.set('X-Content-Type-Options', 'nosniff');
// response.headers.set('Access-Control-Allow-Origin', allowedDomain)
// response.headers.set('ServerTokens', 'dummy_server_name')
// response.headers.set('server_tokens', 'off')
// response.headers.set('server', 'dummy_server_name')
// response.headers.set('Server', 'dummy_server_name')
// response.headers.set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
// response.headers.set("X-XSS-Protection", "1; mode=block")

// let updatedHtml = await html.split("<script").join(`<script nonce="${nonce}_scripts" `)

// // If Access token and refresh token is not valid then redirect user to login page
// if(response.status === 302){
// return context.redirect(pathRoutes.auth.sinIn)
// }

// return new Response(updatedHtml, {
// status: 200,
// headers: response.headers
// });
// };

export const onRequest = async (context: any, next: any) => {
const response = await next();
const html = await response.text();

const domains = envConfig.PUBLIC_ALLOW_DOMAIN;
const allowedDomain = `${context.url.origin} ${domains}`;

// Generate a dynamic nonce
const nonce = `dynamicNONCE-${new Date().getTime()}`;

const allowedDomain = `${context.url.origin} ${domains}`

const nonce = "dynamicNONCE" + new Date().getTime().toString();

// Update CSP headers
response.headers.set(
'Content-Security-Policy',
`default-src 'self'; script-src 'self' ${allowedDomain} 'nonce-${nonce}'; style-src 'unsafe-inline' ${allowedDomain}; font-src ${allowedDomain}; img-src 'self' data: ${allowedDomain}; frame-src 'self' ${allowedDomain}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomain}; form-action 'self'; frame-ancestors 'self';`
);
response.headers.set('X-Frame-Options', 'DENY');
response.headers.set('Content-Security-Policy',`default-src 'self'; script-src 'self' ${allowedDomain} 'nonce-${nonce}_scripts'; style-src 'unsafe-inline' ${allowedDomain}; font-src ${allowedDomain}; img-src 'self' data: ${allowedDomain}; frame-src 'self' ${allowedDomain}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomain}; form-action 'self'; frame-ancestors 'self'; `);
response.headers.set('X-Frame-Options', "DENY");
response.headers.set('X-Content-Type-Options', 'nosniff');
response.headers.set('Access-Control-Allow-Origin', allowedDomain);
response.headers.set('Server', 'SSI');
response.headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
response.headers.set('X-XSS-Protection', '1; mode=block');

// Safely modify HTML
const updatedHtml = html.replace(/<script/g, `<script nonce="${nonce}"`);

// Redirect to login if unauthorized (status 302)
if (response.status === 302) {
return context.redirect(pathRoutes.auth.sinIn);
response.headers.set('Access-Control-Allow-Origin', allowedDomain)
response.headers.set('ServerTokens', 'dummy_server_name')
response.headers.set('server_tokens', 'off')
response.headers.set('server', 'dummy_server_name')
response.headers.set('Server', 'dummy_server_name')
response.headers.set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
response.headers.set("X-XSS-Protection", "1; mode=block")

let updatedHtml = await html.split("<script").join(`<script nonce="${nonce}_scripts" `)

// If Access token and refresh token is not valid then redirect user to login page
if(response.status === 302){
return context.redirect(pathRoutes.auth.sinIn)
}

return new Response(updatedHtml, {
status: 200,
headers: response.headers,
headers: response.headers
});
};
};

0 comments on commit 4183b66

Please sign in to comment.