Skip to content

Commit

Permalink
Added checks to avoid frontend URL manipulation (#2601)
Browse files Browse the repository at this point in the history 
* Added checks to avoid frontend URL manipulation

Signed-off-by: Vansh Bhatia <[email protected]>
  • Loading branch information
@vanshBhatia-A4k9
vanshBhatia-A4k9 authored Mar 25, 2021
1 parent 2e2b309 commit 87e86fd
Showing 1 changed file with 137 additions and 101 deletions.
238 changes: 137 additions & 101 deletions litmus-portal/frontend/src/containers/app/App.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ import { LitmusThemeProvider } from 'litmus-ui';
import React, { lazy, Suspense, useEffect, useState } from 'react';
import { Redirect, Route, Router, Switch } from 'react-router-dom';
import Loader from '../../components/Loader';
import { LIST_PROJECTS } from '../../graphql';
import { Member, Projects } from '../../models/graphql/user';
import { GET_PROJECT, LIST_PROJECTS } from '../../graphql';
import { Member, ProjectDetail, Projects } from '../../models/graphql/user';
import useActions from '../../redux/actions';
import * as AnalyticsActions from '../../redux/actions/analytics';
import { history } from '../../redux/configureStore';
Expand Down Expand Up @@ -58,6 +58,7 @@ const Routes: React.FC = () => {
const projectRoleFromURL = getProjectRole();
const [projectID, setprojectID] = useState<string>(projectIDFromURL);
const [projectRole, setprojectRole] = useState<string>(projectRoleFromURL);
const [isProjectMember, setIsProjectMember] = useState<boolean>(false);
const userID = getUserId();

const { loading } = useQuery<Projects>(LIST_PROJECTS, {
Expand Down Expand Up @@ -88,6 +89,31 @@ const Routes: React.FC = () => {
}
});

const { loading: projectValidation } = useQuery<ProjectDetail>(GET_PROJECT, {
variables: { projectID },
onCompleted: (data) => {
if (data?.getProject) {
data.getProject.members.forEach((member: Member) => {
if (member.user_id === userID) {
setIsProjectMember(true);
setprojectID(data.getProject.id);
setprojectRole(member.role);
}
});
if (!isProjectMember) {
setprojectID('');
setprojectRole('');
}
}
},
onError: () => {
if (!isProjectMember) {
setprojectID('');
setprojectRole('');
}
},
});

if (getToken() === '') {
return (
<>
Expand Down Expand Up @@ -121,108 +147,118 @@ const Routes: React.FC = () => {
}

return (
<Switch>
<Route exact path="/home" component={HomePage} />
<Redirect exact path="/" to="/home" />
<Route exact path="/workflows" component={Workflows} />
<Route exact path="/analytics" component={AnalyticsDashboard} />
<Route
exact
path="/analytics/datasource/select"
component={DataSourceSelectPage}
/>
<Route
exact
path="/analytics/datasource/create"
component={() => <DataSourceConfigurePage configure={false} />}
/>
<Route
exact
path="/analytics/datasource/configure"
component={() => <DataSourceConfigurePage configure />}
/>
<Route
exact
path="/analytics/dashboard/select"
component={DashboardSelectPage}
/>
<Route
exact
path="/analytics/dashboard/create"
component={() => <DashboardConfigurePage configure={false} />}
/>
<Route
exact
path="/analytics/dashboard/configure"
component={() => <DashboardConfigurePage configure />}
/>
<Route
exact
path="/analytics/dashboard"
component={() => <DashboardPage />}
/>
<Route exact path="/create-workflow" component={CreateWorkflow} />

<Route
exact
path="/workflows/:workflowRunId"
component={WorkflowDetails}
/>
<Route
exact
path="/workflows/schedule/:scheduleProjectID/:workflowName" // Check
component={SchedulePage}
/>
<Route
exact
path="/workflows/template/:templateName"
component={BrowseTemplate}
/>
<Route
exact
path="/workflows/analytics/:workflowRunId"
component={AnalyticsPage}
/>
<Route exact path="/community" component={Community} />
<Route exact path="/targets" component={Targets} />
<Route exact path="/target-connect" component={ConnectTargets} />
<Route exact path="/myhub" component={MyHub} />
<Route exact path="/myhub/connect" component={MyHubConnect} />
<Route exact path="/myhub/edit/:hubname" component={MyHubEdit} />
<Route exact path="/myhub/:hubname" component={ChaosChart} />
<Route
exact
path="/myhub/:hubname/:chart/:experiment"
component={MyHubExperiment}
/>
<Route
exact
path="/create-workflow/custom"
component={CreateCustomWorkflow}
/>
{projectRole === 'Owner' ? (
<Route path="/settings" component={Settings} />
<>
{projectValidation && loading ? (
<Loader />
) : (
<Redirect
to={{
pathname: '/home',
search: `?projectID=${projectID}&projectRole=${projectRole}`,
}}
/>
)}
<Route exact path="/404" component={ErrorPage} />
<Switch>
<Route exact path="/home" component={HomePage} />
<Redirect exact path="/" to="/home" />
<Route exact path="/workflows" component={Workflows} />
<Route exact path="/analytics" component={AnalyticsDashboard} />
<Route
exact
path="/analytics/datasource/select"
component={DataSourceSelectPage}
/>
<Route
exact
path="/analytics/datasource/create"
component={() => <DataSourceConfigurePage configure={false} />}
/>
<Route
exact
path="/analytics/datasource/configure"
component={() => <DataSourceConfigurePage configure />}
/>
<Route
exact
path="/analytics/dashboard/select"
component={DashboardSelectPage}
/>
<Route
exact
path="/analytics/dashboard/create"
component={() => <DashboardConfigurePage configure={false} />}
/>
<Route
exact
path="/analytics/dashboard/configure"
component={() => <DashboardConfigurePage configure />}
/>
<Route
exact
path="/analytics/dashboard"
component={() => <DashboardPage />}
/>
<Route exact path="/create-workflow" component={CreateWorkflow} />

<Route
exact
path="/workflows/:workflowRunId"
component={WorkflowDetails}
/>
<Route
exact
path="/workflows/schedule/:scheduleProjectID/:workflowName" // Check
component={SchedulePage}
/>
<Route
exact
path="/workflows/template/:templateName"
component={BrowseTemplate}
/>
<Route
exact
path="/workflows/analytics/:workflowRunId"
component={AnalyticsPage}
/>
<Route exact path="/community" component={Community} />
<Route exact path="/targets" component={Targets} />
<Route exact path="/target-connect" component={ConnectTargets} />
<Route exact path="/myhub" component={MyHub} />
<Route exact path="/myhub/connect" component={MyHubConnect} />
<Route exact path="/myhub/edit/:hubname" component={MyHubEdit} />
<Route exact path="/myhub/:hubname" component={ChaosChart} />
<Route
exact
path="/myhub/:hubname/:chart/:experiment"
component={MyHubExperiment}
/>
<Route
exact
path="/create-workflow/custom"
component={CreateCustomWorkflow}
/>
{projectRole === 'Owner' ? (
<Route path="/settings" component={Settings} />
) : (
<Redirect
to={{
pathname: '/home',
search: `?projectID=${projectID}&projectRole=${projectRole}`,
}}
/>
)}
<Route exact path="/404" component={ErrorPage} />

{/* Redirects */}
<Redirect exact path="/workflows/schedule" to="/workflows" />
<Redirect exact path="/workflows/template" to="/workflows" />
{/* Redirects */}
<Redirect exact path="/workflows/schedule" to="/workflows" />
<Redirect exact path="/workflows/template" to="/workflows" />

<Redirect exact path="/analytics/overview" to="/analytics" />
<Redirect exact path="/analytics/litmusdashboard" to="/analytics" />
<Redirect exact path="/analytics/kubernetesdashborad" to="/analytics" />
<Redirect exact path="/analytics/datasource" to="/analytics" />
<Redirect exact path="/api-doc" to="/api-doc/index.html" />
<Redirect to="/404" />
</Switch>
<Redirect exact path="/analytics/overview" to="/analytics" />
<Redirect exact path="/analytics/litmusdashboard" to="/analytics" />
<Redirect
exact
path="/analytics/kubernetesdashborad"
to="/analytics"
/>
<Redirect exact path="/analytics/datasource" to="/analytics" />
<Redirect exact path="/api-doc" to="/api-doc/index.html" />
<Redirect to="/404" />
</Switch>
)}
</>
);
};

Expand Down

0 comments on commit 87e86fd

Please sign in to comment.