From 4183b665f3d2d6966a7e44f760b538944a4c777c Mon Sep 17 00:00:00 2001 From: bhavanakarwade Date: Wed, 4 Dec 2024 18:53:34 +0530 Subject: [PATCH] fix: convert in into json stringify Signed-off-by: bhavanakarwade --- .../Authentication/SignInUserPasskey.tsx | 2 +- .../Authentication/SignInUserPassword.tsx | 2 +- src/components/Profile/EditUserProfile.tsx | 2 +- src/components/Profile/UserProfile.tsx | 2 +- src/components/User/UserDashBoard.tsx | 2 +- src/components/organization/OrgDropDown.tsx | 4 +- .../organization/OrganizationsList.tsx | 2 +- src/middleware.ts | 85 +++++-------------- 8 files changed, 31 insertions(+), 70 deletions(-) diff --git a/src/components/Authentication/SignInUserPasskey.tsx b/src/components/Authentication/SignInUserPasskey.tsx index f1aca8a2a..beb7b568f 100644 --- a/src/components/Authentication/SignInUserPasskey.tsx +++ b/src/components/Authentication/SignInUserPasskey.tsx @@ -89,7 +89,7 @@ const SignInUserPasskey = (signInUserProps: signInUserProps) => { } await setToLocalStorage(storageKeys.PERMISSIONS, permissionArray); - await setToLocalStorage(storageKeys.USER_PROFILE, userProfile); + await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(userProfile)); await setToLocalStorage(storageKeys.USER_EMAIL, data?.data?.email); return { role: role?.orgRole || "" diff --git a/src/components/Authentication/SignInUserPassword.tsx b/src/components/Authentication/SignInUserPassword.tsx index dec3d7768..ea85b1bfe 100644 --- a/src/components/Authentication/SignInUserPassword.tsx +++ b/src/components/Authentication/SignInUserPassword.tsx @@ -63,7 +63,7 @@ const SignInUserPassword = (signInUserProps: SignInUser3Props) => { id, profileImg, firstName, email, } - await setToLocalStorage(storageKeys.USER_PROFILE, userProfile); + await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(userProfile)); await setToLocalStorage(storageKeys.USER_EMAIL, data?.data?.email); return { role: role?.orgRole ?? '', diff --git a/src/components/Profile/EditUserProfile.tsx b/src/components/Profile/EditUserProfile.tsx index 8287afd8f..f83dca1ee 100644 --- a/src/components/Profile/EditUserProfile.tsx +++ b/src/components/Profile/EditUserProfile.tsx @@ -179,7 +179,7 @@ const EditUserProfile = ({ toggleEditProfile, userProfileInfo, updateProfile }: } updateProfile(userData); - await setToLocalStorage(storageKeys.USER_PROFILE, updatedUserData); + await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(updatedUserData)); window.location.reload(); setLoading(false) } diff --git a/src/components/Profile/UserProfile.tsx b/src/components/Profile/UserProfile.tsx index b894c29d8..9f789fc31 100644 --- a/src/components/Profile/UserProfile.tsx +++ b/src/components/Profile/UserProfile.tsx @@ -27,7 +27,7 @@ const UserProfile = ({ noBreadcrumb }: { noBreadcrumb?: boolean }) => { const userProfile = { id, profileImg, firstName, email, } - await setToLocalStorage(storageKeys.USER_PROFILE, userProfile) + await setToLocalStorage(storageKeys.USER_PROFILE, JSON.stringify(userProfile)) await setToLocalStorage(storageKeys.USER_EMAIL, data?.data?.email) } } catch (error) { diff --git a/src/components/User/UserDashBoard.tsx b/src/components/User/UserDashBoard.tsx index 045dfc18b..9c2b13608 100644 --- a/src/components/User/UserDashBoard.tsx +++ b/src/components/User/UserDashBoard.tsx @@ -354,7 +354,7 @@ const UserDashBoard = () => { await setToLocalStorage(storageKeys.ORG_ID, org.id.toString()); const roles: string[] = org?.userOrgRoles.map((role) => role.orgRole.name); - await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString()); + await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles)); const { id, name, description, logoUrl } = org || {}; const orgInfo = { diff --git a/src/components/organization/OrgDropDown.tsx b/src/components/organization/OrgDropDown.tsx index 2b6faeb3b..6217d961d 100644 --- a/src/components/organization/OrgDropDown.tsx +++ b/src/components/organization/OrgDropDown.tsx @@ -67,7 +67,7 @@ const OrgDropDown = () => { ? org?.userOrgRoles.map((role) => role?.orgRole?.name) : []; if (roles.length > 0) { // Added check - await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString()); + await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles)); } }; @@ -92,7 +92,7 @@ const OrgDropDown = () => { setActiveOrg(activeOrgDetails); - await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString()); + await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles)); } if (activeOrgDetails) { diff --git a/src/components/organization/OrganizationsList.tsx b/src/components/organization/OrganizationsList.tsx index 1d53a8f79..b3f35854f 100644 --- a/src/components/organization/OrganizationsList.tsx +++ b/src/components/organization/OrganizationsList.tsx @@ -123,7 +123,7 @@ const OrganizationsList = () => { id, name, description, logoUrl, roles } await setToLocalStorage(storageKeys.ORG_INFO, orgInfo) - await setToLocalStorage(storageKeys.ORG_ROLES, roles?.toString()); + await setToLocalStorage(storageKeys.ORG_ROLES, JSON.stringify(roles)); window.location.href = pathRoutes.organizations.dashboard; }; let content: React.JSX.Element = <>; diff --git a/src/middleware.ts b/src/middleware.ts index d52bec13b..c73dc4a46 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -1,75 +1,36 @@ -// import { envConfig } from "./config/envConfig"; -// import { pathRoutes } from "./config/pathRoutes"; - import { envConfig } from "./config/envConfig"; import { pathRoutes } from "./config/pathRoutes"; -// export const onRequest = async (context: any, next: any) => { -// const response = await next(); -// const html = await response.text(); - -// const domains = envConfig.PUBLIC_ALLOW_DOMAIN; - -// const allowedDomain = `${context.url.origin} ${domains}` - -// const nonce = "dynamicNONCE" + new Date().getTime().toString(); - -// response.headers.set('Content-Security-Policy',`default-src 'self'; script-src 'self' ${allowedDomain} 'nonce-${nonce}_scripts'; style-src 'unsafe-inline' ${allowedDomain}; font-src ${allowedDomain}; img-src 'self' data: ${allowedDomain}; frame-src 'self' ${allowedDomain}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomain}; form-action 'self'; frame-ancestors 'self'; `); -// response.headers.set('X-Frame-Options', "DENY"); -// response.headers.set('X-Content-Type-Options', 'nosniff'); -// response.headers.set('Access-Control-Allow-Origin', allowedDomain) -// response.headers.set('ServerTokens', 'dummy_server_name') -// response.headers.set('server_tokens', 'off') -// response.headers.set('server', 'dummy_server_name') -// response.headers.set('Server', 'dummy_server_name') -// response.headers.set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload") -// response.headers.set("X-XSS-Protection", "1; mode=block") - -// let updatedHtml = await html.split(" { const response = await next(); const html = await response.text(); - + const domains = envConfig.PUBLIC_ALLOW_DOMAIN; - const allowedDomain = `${context.url.origin} ${domains}`; - - // Generate a dynamic nonce - const nonce = `dynamicNONCE-${new Date().getTime()}`; + + const allowedDomain = `${context.url.origin} ${domains}` + + const nonce = "dynamicNONCE" + new Date().getTime().toString(); - // Update CSP headers - response.headers.set( - 'Content-Security-Policy', - `default-src 'self'; script-src 'self' ${allowedDomain} 'nonce-${nonce}'; style-src 'unsafe-inline' ${allowedDomain}; font-src ${allowedDomain}; img-src 'self' data: ${allowedDomain}; frame-src 'self' ${allowedDomain}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomain}; form-action 'self'; frame-ancestors 'self';` - ); - response.headers.set('X-Frame-Options', 'DENY'); + response.headers.set('Content-Security-Policy',`default-src 'self'; script-src 'self' ${allowedDomain} 'nonce-${nonce}_scripts'; style-src 'unsafe-inline' ${allowedDomain}; font-src ${allowedDomain}; img-src 'self' data: ${allowedDomain}; frame-src 'self' ${allowedDomain}; object-src 'none'; media-src 'self'; connect-src 'self' ${allowedDomain}; form-action 'self'; frame-ancestors 'self'; `); + response.headers.set('X-Frame-Options', "DENY"); response.headers.set('X-Content-Type-Options', 'nosniff'); - response.headers.set('Access-Control-Allow-Origin', allowedDomain); - response.headers.set('Server', 'SSI'); - response.headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload'); - response.headers.set('X-XSS-Protection', '1; mode=block'); - - // Safely modify HTML - const updatedHtml = html.replace(/