open-nomad/ui/app/services/token.js

import Service, { inject as service } from '@ember/service';
import { computed } from '@ember/object';
import { alias } from '@ember/object/computed';
import { getOwner } from '@ember/application';
import { assign } from '@ember/polyfills';
import { task } from 'ember-concurrency';
import queryString from 'query-string';
import fetch from 'nomad-ui/utils/fetch';

export default Service.extend({
  store: service(),
  system: service(),

  aclEnabled: true,

  secret: computed({
    get() {
      return window.localStorage.nomadTokenSecret;
    },
    set(key, value) {
      if (value == null) {
        window.localStorage.removeItem('nomadTokenSecret');
      } else {
        window.localStorage.nomadTokenSecret = value;
      }

      return value;
    },
  }),

  fetchSelfToken: task(function*() {
    const TokenAdapter = getOwner(this).lookup('adapter:token');
    try {
      return yield TokenAdapter.findSelf();
    } catch (e) {
      const errors = e.errors ? e.errors.mapBy('detail') : [];
      if (errors.find(error => error === 'ACL support disabled')) {
        this.set('aclEnabled', false);
      }
      return null;
    }
  }),

  selfToken: computed('secret', 'fetchSelfToken.lastSuccessful.value', function() {
    if (this.secret) return this.get('fetchSelfToken.lastSuccessful.value');
  }),

  fetchSelfTokenPolicies: task(function*() {
    try {
      if (this.selfToken) {
        return yield this.selfToken.get('policies');
      } else {
        let policy = yield this.store.findRecord('policy', 'anonymous');
        return [policy];
      }
    } catch (e) {
      return [];
    }
  }),

  selfTokenPolicies: alias('fetchSelfTokenPolicies.lastSuccessful.value'),

  fetchSelfTokenAndPolicies: task(function*() {
    yield this.fetchSelfToken.perform();
    if (this.aclEnabled) {
      yield this.fetchSelfTokenPolicies.perform();
    }
  }),

  // All non Ember Data requests should go through authorizedRequest.
  // However, the request that gets regions falls into that category.
  // This authorizedRawRequest is necessary in order to fetch data
  // with the guarantee of a token but without the automatic region
  // param since the region cannot be known at this point.
  authorizedRawRequest(url, options = { credentials: 'include' }) {
    const headers = {};
    const token = this.secret;

    if (token) {
      headers['X-Nomad-Token'] = token;
    }

    return fetch(url, assign(options, { headers }));
  },

  authorizedRequest(url, options) {
    if (this.get('system.shouldIncludeRegion')) {
      const region = this.get('system.activeRegion');
      if (region) {
        url = addParams(url, { region });
      }
    }

    return this.authorizedRawRequest(url, options);
  },

  reset() {
    this.fetchSelfToken.cancelAll({ resetState: true });
    this.fetchSelfTokenPolicies.cancelAll({ resetState: true });
    this.fetchSelfTokenAndPolicies.cancelAll({ resetState: true });
  },
});

function addParams(url, params) {
  const paramsStr = queryString.stringify(params);
  const delimiter = url.includes('?') ? '&' : '?';
  return `${url}${delimiter}${paramsStr}`;
}
Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00			`import Service, { inject as service } from '@ember/service';`
Use the new ember modules imports Generated with a codemode: https://github.com/ember-cli/ember-modules-codemod 2017-12-15 21:39:18 +00:00			`import { computed } from '@ember/object';`
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00			`import { alias } from '@ember/object/computed';`
			`import { getOwner } from '@ember/application';`
Use the new ember modules imports Generated with a codemode: https://github.com/ember-cli/ember-modules-codemod 2017-12-15 21:39:18 +00:00			`import { assign } from '@ember/polyfills';`
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00			`import { task } from 'ember-concurrency';`
Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00			`import queryString from 'query-string';`
Prefer native fetch 2017-11-14 18:50:29 +00:00			`import fetch from 'nomad-ui/utils/fetch';`
sync 2017-09-19 14:47:10 +00:00
			`export default Service.extend({`
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00			`store: service(),`
Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00			`system: service(),`

Handle the case where ACLs aren't enabled in abilities 2020-01-31 00:07:43 +00:00			`aclEnabled: true,`

sync 2017-09-19 14:47:10 +00:00			`secret: computed({`
			`get() {`
Switch token storage to localStorage from sessionStorage 2018-08-28 17:05:15 +00:00			`return window.localStorage.nomadTokenSecret;`
sync 2017-09-19 14:47:10 +00:00			`},`
			`set(key, value) {`
			`if (value == null) {`
Switch token storage to localStorage from sessionStorage 2018-08-28 17:05:15 +00:00			`window.localStorage.removeItem('nomadTokenSecret');`
sync 2017-09-19 14:47:10 +00:00			`} else {`
Switch token storage to localStorage from sessionStorage 2018-08-28 17:05:15 +00:00			`window.localStorage.nomadTokenSecret = value;`
sync 2017-09-19 14:47:10 +00:00			`}`

			`return value;`
			`},`
			`}),`
Make sure to qualify requests made outside of adapters 2017-10-07 00:14:08 +00:00
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00			`fetchSelfToken: task(function*() {`
			`const TokenAdapter = getOwner(this).lookup('adapter:token');`
			`try {`
			`return yield TokenAdapter.findSelf();`
			`} catch (e) {`
Handle the case where ACLs aren't enabled in abilities 2020-01-31 00:07:43 +00:00			`const errors = e.errors ? e.errors.mapBy('detail') : [];`
			`if (errors.find(error => error === 'ACL support disabled')) {`
			`this.set('aclEnabled', false);`
			`}`
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00			`return null;`
			`}`
			`}),`

Fix token referencing from the token controller, as well as resetting 2020-01-31 00:06:35 +00:00			`selfToken: computed('secret', 'fetchSelfToken.lastSuccessful.value', function() {`
			`if (this.secret) return this.get('fetchSelfToken.lastSuccessful.value');`
			`}),`
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00
			`fetchSelfTokenPolicies: task(function*() {`
			`try {`
			`if (this.selfToken) {`
			`return yield this.selfToken.get('policies');`
			`} else {`
			`let policy = yield this.store.findRecord('policy', 'anonymous');`
			`return [policy];`
			`}`
			`} catch (e) {`
			`return [];`
			`}`
			`}),`

			`selfTokenPolicies: alias('fetchSelfTokenPolicies.lastSuccessful.value'),`

			`fetchSelfTokenAndPolicies: task(function*() {`
			`yield this.fetchSelfToken.perform();`
Handle the case where ACLs aren't enabled in abilities 2020-01-31 00:07:43 +00:00			`if (this.aclEnabled) {`
			`yield this.fetchSelfTokenPolicies.perform();`
			`}`
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list. 2020-01-20 20:57:01 +00:00			`}),`

Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00			`// All non Ember Data requests should go through authorizedRequest.`
			`// However, the request that gets regions falls into that category.`
			`// This authorizedRawRequest is necessary in order to fetch data`
			`// with the guarantee of a token but without the automatic region`
			`// param since the region cannot be known at this point.`
			`authorizedRawRequest(url, options = { credentials: 'include' }) {`
Make sure to qualify requests made outside of adapters 2017-10-07 00:14:08 +00:00			`const headers = {};`
ES5 getters codemod 2019-03-26 07:46:44 +00:00			`const token = this.secret;`
Make sure to qualify requests made outside of adapters 2017-10-07 00:14:08 +00:00
			`if (token) {`
			`headers['X-Nomad-Token'] = token;`
			`}`

			`return fetch(url, assign(options, { headers }));`
			`},`
Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00
			`authorizedRequest(url, options) {`
Only deal with the region param (in the app and in api calls) when necessary 2018-08-09 02:39:32 +00:00			`if (this.get('system.shouldIncludeRegion')) {`
			`const region = this.get('system.activeRegion');`
			`if (region) {`
			`url = addParams(url, { region });`
			`}`
Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00			`}`

			`return this.authorizedRawRequest(url, options);`
			`},`
Fix token referencing from the token controller, as well as resetting 2020-01-31 00:06:35 +00:00
			`reset() {`
			`this.fetchSelfToken.cancelAll({ resetState: true });`
			`this.fetchSelfTokenPolicies.cancelAll({ resetState: true });`
			`this.fetchSelfTokenAndPolicies.cancelAll({ resetState: true });`
			`},`
sync 2017-09-19 14:47:10 +00:00			`});`
Add the region qp to all requests made through the token service 2018-08-08 23:10:22 +00:00
			`function addParams(url, params) {`
			`const paramsStr = queryString.stringify(params);`
			`const delimiter = url.includes('?') ? '&' : '?';`
			return `${url}${delimiter}${paramsStr}`;
			`}`