fix(ui): redirect to admin on init error (#366)

botpress · Jul 14, 2022 · 323c5ee · 323c5ee
1 parent 2cb27fc
commit 323c5ee
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 41 deletions.
diff --git a/packages/studio-be/src/studio/studio-router.ts b/packages/studio-be/src/studio/studio-router.ts
@@ -11,7 +11,7 @@ import { ConfigProvider } from 'core/config/config-loader'
 import { FlowService } from 'core/dialog'
 import { MediaServiceProvider } from 'core/media'
 import { CustomRouter } from 'core/routers/customRouter'
-import { AuthService, TOKEN_AUDIENCE, checkTokenHeader, checkBotVisibility } from 'core/security'
+import { AuthService, TOKEN_AUDIENCE, checkTokenHeader, checkBotVisibility, needPermissions } from 'core/security'
 import { ActionServersService, ActionService, HintsService } from 'core/user-code'
 import { WorkspaceService } from 'core/users'
 import express, { RequestHandler, Router } from 'express'
@@ -164,17 +164,10 @@ export class StudioRouter extends CustomRouter {
     this.router.use('/hints', this.checkTokenHeader, this.hintsRouter.router)
     this.router.use('/libraries', this.checkTokenHeader, this.libsRouter.router)
 
-    this.setupUnauthenticatedRoutes(app)
-    this.setupStaticRoutes(app)
-  }
-
-  setupUnauthenticatedRoutes(app) {
-    /**
-     * UNAUTHENTICATED ROUTES
-     * Do not return sensitive information there. These must be accessible by unauthenticated users
-     */
     this.router.get(
       '/env',
+      this.checkTokenHeader,
+      needPermissions(this.workspaceService)('read', 'bot.*'),
       this.asyncMiddleware(async (req, res) => {
         const { botId } = req.params
 
@@ -213,6 +206,15 @@ export class StudioRouter extends CustomRouter {
       })
     )
 
+    this.setupUnauthenticatedRoutes(app)
+    this.setupStaticRoutes(app)
+  }
+
+  setupUnauthenticatedRoutes(app) {
+    /**
+     * UNAUTHENTICATED ROUTES
+     * Do not return sensitive information there. These must be accessible by unauthenticated users
+     */
     this.router.get(
       '/branding.js',
       this.asyncMiddleware(async (req, res) => {

diff --git a/packages/studio-ui/src/web/index.jsx b/packages/studio-ui/src/web/index.jsx
@@ -36,41 +36,48 @@ import 'bootstrap/dist/css/bootstrap.css'
 import 'storm-react-diagrams/dist/style.min.css'
 import './theme.scss'
 
-axios.get(`${window.location.pathname || ''}/env`).then(({ data }) => {
-  for (const [key, value] of Object.entries(data)) {
-    window[key] = value
-  }
+function redirectToAdmin() {
+  window.location.href = `${window.ROOT_PATH}/admin`
+}
 
-  const token = auth.getToken()
-  if (token) {
-    if (window.USE_JWT_COOKIES) {
-      axios.defaults.headers.common[CSRF_TOKEN_HEADER] = token
-    } else {
-      axios.defaults.headers.common['Authorization'] = `Bearer ${token}`
+axios
+  .get(`${window.location.pathname || ''}/env`)
+  .then(({ data }) => {
+    for (const [key, value] of Object.entries(data)) {
+      window[key] = value
     }
 
-    axios.defaults.headers.common['X-BP-Workspace'] = window.WORKSPACE_ID
-  }
+    const token = auth.getToken()
+    if (token) {
+      if (window.USE_JWT_COOKIES) {
+        axios.defaults.headers.common[CSRF_TOKEN_HEADER] = token
+      } else {
+        axios.defaults.headers.common['Authorization'] = `Bearer ${token}`
+      }
 
-  if (!window.BOT_ID) {
-    console.error(`This bot doesn't exist. Redirecting to admin `)
-    window.location.href = `${window.ROOT_PATH}/admin`
-  } else {
-    initializeTranslations()
+      axios.defaults.headers.common['X-BP-Workspace'] = window.WORKSPACE_ID
+    }
 
-    // Do not use "import App from ..." as hoisting will screw up styling
-    const App = require('./components/App').default
+    if (!window.BOT_ID) {
+      console.error(`This bot doesn't exist. Redirecting to admin `)
+      redirectToAdmin()
+    } else {
+      initializeTranslations()
 
-    ReactDOM.render(
-      <Provider store={store}>
-        <HotKeys keyMap={utils.keyMap}>
-          <App />
-        </HotKeys>
-      </Provider>,
-      document.getElementById('app')
-    )
-  }
+      // Do not use "import App from ..." as hoisting will screw up styling
+      const App = require('./components/App').default
+
+      ReactDOM.render(
+        <Provider store={store}>
+          <HotKeys keyMap={utils.keyMap}>
+            <App />
+          </HotKeys>
+        </Provider>,
+        document.getElementById('app')
+      )
+    }
 
-  // TODO: what ?
-  // telemetry.startFallback(axios.create({ baseURL: window.API_PATH })).catch()
-})
+    // TODO: what ?
+    // telemetry.startFallback(axios.create({ baseURL: window.API_PATH })).catch()
+  })
+  .catch(redirectToAdmin)