Add JWT token to the XHR requests

[medilies]

In my case, I have the token stored in local storage by the main SPA. How can I instruct this package SPA to use that token?

It would be cool if I could inject a script with a function like setTokenHeader and the package SPA calls it automatically if it exists.

So, Is this mechanism supported? Or are there alternatives? Or will it be supported?

[arukompas]

Hey @medilies

Why is that JWT token required in the first place?

Log Viewer uses cookie-based authentication and should already work out of the box. If it doesn't, you can try deleting config/log-viewer.php configuration file and re-publishing it.

[arukompas]

Hey @medilies , the feature is already out there, but I forgot to mention it to you here! Sorry 😅

Have a look at it here - https://log-viewer.opcodes.io/docs/2.x/configuration/access-to-log-viewer#configuring-how-the-front-end-makes-api-requests

All you need is publish the index.blade.php where you'll be able to set up the additional headers used by the XHR requests from the frontend. Hopefully that is enough to pull them from the localStorage :) This script is executed before the Vue app is loaded/mounted.

Hope this helps!

[medilies]

No worries XD, but was it tested? I tried it and I don't see an authorization header added.

<body class="h-full px-3 lg:px-5 bg-gray-100 dark:bg-gray-900">
    <div id="log-viewer" class="flex h-full max-h-screen max-w-full">
        <router-view></router-view>
    </div>

    <!-- Global LogViewer Object -->
    <script>
        window.LogViewer = @json($logViewerScriptVariables);
        const token = localStorage.getItem('OUR_TOKEN_KEY');

        console.log(token); // logs successfully 👍
        // Add additional headers for LogViewer requests like so:
        window.LogViewer.headers['Authorization'] = 'Bearer ' + token;
    </script>

    <script src="{{ asset(mix('app.js', 'vendor/log-viewer')) }}"
        onerror="alert('app.js failed to load. Please refresh the page, re-publish Log Viewer assets, or fix routing for vendor assets.')">
    </script>
</body>

Debug

Request headers

GET /log-viewer/api/folders?direction=asc HTTP/1.1
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fr-FR;q=0.8,fr;q=0.7,ar-DZ;q=0.6,ar;q=0.5
Cache-Control: no-cache
Connection: keep-alive
Cookie: XSRF-TOKEN=...; OUR_APP_session=...
Host: 127.0.0.1:8000
Pragma: no-cache
Referer: http://127.0.0.1:8000/log-viewer
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36
X-CSRF-TOKEN: ...
X-Requested-With: XMLHttpRequest
X-XSRF-TOKEN: ...
sec-ch-ua: "Google Chrome";v="111", "Not(A:Brand";v="8", "Chromium";v="111"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"

Browser console

[arukompas]

@medilies , yes, definitely tested :)

I just tested again, both while running on 127.0.0.1:8000 (artisan serve) like yours, and also on HTTPS using Valet, and the authorization header gets sent:

Have you published the new assets after updating the package?

php artisan log-viewer:publish

[medilies]

Aaaah yes, I completely forgot to update the frontend assets 💯. It works perfectly now, thank you for the awesome work :D

[arukompas]

Really happy it works, got me scared there for a minute xD