Skip to content
Permalink
Browse files
feat: Improve security of access tokens (#279)
Closes #275
  • Loading branch information
SimonTagne committed Aug 9, 2022
1 parent dab38cb commit 7786533a90c454163d12fbdaa1898ba150ef117d
Show file tree
Hide file tree
Showing 40 changed files with 273 additions and 133 deletions.

Some generated files are not rendered by default. Learn more.

@@ -72,6 +72,7 @@
"i18next-browser-languagedetector": "^6.1.4",
"initials": "^3.1.2",
"js-cookie": "^3.0.1",
"jwt-decode": "^3.1.2",
"lodash": "^4.17.21",
"node-sass": "^7.0.1",
"photoswipe": "^5.3.0",
@@ -2,7 +2,7 @@ import http from './http';

/* Actions */

const createAccessToken = (data) => http.post('/access-tokens', data);
const createAccessToken = (data, headers) => http.post('/access-tokens', data, headers);

export default {
createAccessToken,
@@ -9,8 +9,8 @@ export const transformActivity = (activity) => ({

/* Actions */

const getActivities = (cardId, data) =>
socket.get(`/cards/${cardId}/actions`, data).then((body) => ({
const getActivities = (cardId, data, headers) =>
socket.get(`/cards/${cardId}/actions`, data, headers).then((body) => ({
...body,
items: body.items.map(transformActivity),
}));
@@ -10,20 +10,20 @@ export const transformAttachment = (attachment) => ({

/* Actions */

const createAttachment = (cardId, data, requestId) =>
http.post(`/cards/${cardId}/attachments?requestId=${requestId}`, data).then((body) => ({
const createAttachment = (cardId, data, requestId, headers) =>
http.post(`/cards/${cardId}/attachments?requestId=${requestId}`, data, headers).then((body) => ({
...body,
item: transformAttachment(body.item),
}));

const updateAttachment = (id, data) =>
socket.patch(`/attachments/${id}`, data).then((body) => ({
const updateAttachment = (id, data, headers) =>
socket.patch(`/attachments/${id}`, data, headers).then((body) => ({
...body,
item: transformAttachment(body.item),
}));

const deleteAttachment = (id) =>
socket.delete(`/attachments/${id}`).then((body) => ({
const deleteAttachment = (id, headers) =>
socket.delete(`/attachments/${id}`, undefined, headers).then((body) => ({
...body,
item: transformAttachment(body.item),
}));
@@ -2,10 +2,11 @@ import socket from './socket';

/* Actions */

const createBoardMembership = (boardId, data) =>
socket.post(`/boards/${boardId}/memberships`, data);
const createBoardMembership = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/memberships`, data, headers);

const deleteBoardMembership = (id) => socket.delete(`/board-memberships/${id}`);
const deleteBoardMembership = (id, headers) =>
socket.delete(`/board-memberships/${id}`, undefined, headers);

export default {
createBoardMembership,
@@ -4,10 +4,11 @@ import { transformAttachment } from './attachments';

/* Actions */

const createBoard = (projectId, data) => socket.post(`/projects/${projectId}/boards`, data);
const createBoard = (projectId, data, headers) =>
socket.post(`/projects/${projectId}/boards`, data, headers);

const getBoard = (id) =>
socket.get(`/boards/${id}`).then((body) => ({
const getBoard = (id, headers) =>
socket.get(`/boards/${id}`, undefined, headers).then((body) => ({
...body,
included: {
...body.included,
@@ -16,9 +17,9 @@ const getBoard = (id) =>
},
}));

const updateBoard = (id, data) => socket.patch(`/boards/${id}`, data);
const updateBoard = (id, data, headers) => socket.patch(`/boards/${id}`, data, headers);

const deleteBoard = (id) => socket.delete(`/boards/${id}`);
const deleteBoard = (id, headers) => socket.delete(`/boards/${id}`, undefined, headers);

export default {
createBoard,
@@ -2,9 +2,11 @@ import socket from './socket';

/* Actions */

const createCardLabel = (cardId, data) => socket.post(`/cards/${cardId}/labels`, data);
const createCardLabel = (cardId, data, headers) =>
socket.post(`/cards/${cardId}/labels`, data, headers);

const deleteCardLabel = (cardId, labelId) => socket.delete(`/cards/${cardId}/labels/${labelId}`);
const deleteCardLabel = (cardId, labelId, headers) =>
socket.delete(`/cards/${cardId}/labels/${labelId}`, undefined, headers);

export default {
createCardLabel,
@@ -2,10 +2,11 @@ import socket from './socket';

/* Actions */

const createCardMembership = (cardId, data) => socket.post(`/cards/${cardId}/memberships`, data);
const createCardMembership = (cardId, data, headers) =>
socket.post(`/cards/${cardId}/memberships`, data, headers);

const deleteCardMembership = (cardId, userId) =>
socket.delete(`/cards/${cardId}/memberships?userId=${userId}`);
const deleteCardMembership = (cardId, userId, headers) =>
socket.delete(`/cards/${cardId}/memberships?userId=${userId}`, undefined, headers);

export default {
createCardMembership,
@@ -35,8 +35,8 @@ export const transformCardData = (data) => ({

/* Actions */

const getCards = (boardId, data) =>
socket.get(`/board/${boardId}/cards`, data).then((body) => ({
const getCards = (boardId, data, headers) =>
socket.get(`/board/${boardId}/cards`, data, headers).then((body) => ({
...body,
items: body.items.map(transformCard),
included: {
@@ -45,26 +45,26 @@ const getCards = (boardId, data) =>
},
}));

const createCard = (boardId, data) =>
socket.post(`/boards/${boardId}/cards`, transformCardData(data)).then((body) => ({
const createCard = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/cards`, transformCardData(data), headers).then((body) => ({
...body,
item: transformCard(body.item),
}));

const getCard = (id) =>
socket.get(`/cards/${id}`).then((body) => ({
const getCard = (id, headers) =>
socket.get(`/cards/${id}`, undefined, headers).then((body) => ({
...body,
item: transformCard(body.item),
}));

const updateCard = (id, data) =>
socket.patch(`/cards/${id}`, transformCardData(data)).then((body) => ({
const updateCard = (id, data, headers) =>
socket.patch(`/cards/${id}`, transformCardData(data), headers).then((body) => ({
...body,
item: transformCard(body.item),
}));

const deleteCard = (id) =>
socket.delete(`/cards/${id}`).then((body) => ({
const deleteCard = (id, headers) =>
socket.delete(`/cards/${id}`, undefined, headers).then((body) => ({
...body,
item: transformCard(body.item),
}));
@@ -3,20 +3,20 @@ import { transformActivity } from './activities';

/* Actions */

const createCommentActivity = (cardId, data) =>
socket.post(`/cards/${cardId}/comment-actions`, data).then((body) => ({
const createCommentActivity = (cardId, data, headers) =>
socket.post(`/cards/${cardId}/comment-actions`, data, headers).then((body) => ({
...body,
item: transformActivity(body.item),
}));

const updateCommentActivity = (id, data) =>
socket.patch(`/comment-actions/${id}`, data).then((body) => ({
const updateCommentActivity = (id, data, headers) =>
socket.patch(`/comment-actions/${id}`, data, headers).then((body) => ({
...body,
item: transformActivity(body.item),
}));

const deleteCommentActivity = (id) =>
socket.delete(`/comment-actions/${id}`).then((body) => ({
const deleteCommentActivity = (id, headers) =>
socket.delete(`/comment-actions/${id}`, undefined, headers).then((body) => ({
...body,
item: transformActivity(body.item),
}));
@@ -6,7 +6,7 @@ const http = {};

// TODO: add all methods
['POST'].forEach((method) => {
http[method.toLowerCase()] = (url, data) => {
http[method.toLowerCase()] = (url, data, headers) => {
const formData = Object.keys(data).reduce((result, key) => {
result.append(key, data[key]);

@@ -15,8 +15,8 @@ const http = {};

return fetch(`${Config.SERVER_BASE_URL}/api${url}`, {
method,
headers,
body: formData,
...Config.FETCH_OPTIONS,
})
.then((response) =>
response.json().then((body) => ({
@@ -2,11 +2,12 @@ import socket from './socket';

/* Actions */

const createLabel = (boardId, data) => socket.post(`/boards/${boardId}/labels`, data);
const createLabel = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/labels`, data, headers);

const updateLabel = (id, data) => socket.patch(`/labels/${id}`, data);
const updateLabel = (id, data, headers) => socket.patch(`/labels/${id}`, data, headers);

const deleteLabel = (id) => socket.delete(`/labels/${id}`);
const deleteLabel = (id, headers) => socket.delete(`/labels/${id}`, undefined, headers);

export default {
createLabel,
@@ -2,11 +2,12 @@ import socket from './socket';

/* Actions */

const createList = (boardId, data) => socket.post(`/boards/${boardId}/lists`, data);
const createList = (boardId, data, headers) =>
socket.post(`/boards/${boardId}/lists`, data, headers);

const updateList = (id, data) => socket.patch(`/lists/${id}`, data);
const updateList = (id, data, headers) => socket.patch(`/lists/${id}`, data, headers);

const deleteList = (id) => socket.delete(`/lists/${id}`);
const deleteList = (id, headers) => socket.delete(`/lists/${id}`, undefined, headers);

export default {
createList,
@@ -13,8 +13,8 @@ export const transformNotification = (notification) => ({

/* Actions */

const getNotifications = () =>
socket.get('/notifications').then((body) => ({
const getNotifications = (headers) =>
socket.get('/notifications', undefined, headers).then((body) => ({
...body,
items: body.items.map(transformNotification),
included: {
@@ -24,8 +24,8 @@ const getNotifications = () =>
},
}));

const getNotification = (id) =>
socket.get(`/notifications/${id}`).then((body) => ({
const getNotification = (id, headers) =>
socket.get(`/notifications/${id}`, undefined, headers).then((body) => ({
...body,
item: transformNotification(body.item),
included: {
@@ -35,8 +35,8 @@ const getNotification = (id) =>
},
}));

const updateNotifications = (ids, data) =>
socket.patch(`/notifications/${ids.join(',')}`, data).then((body) => ({
const updateNotifications = (ids, data, headers) =>
socket.patch(`/notifications/${ids.join(',')}`, data, headers).then((body) => ({
...body,
items: body.items.map(transformNotification),
}));
@@ -2,10 +2,11 @@ import socket from './socket';

/* Actions */

const createProjectManager = (projectId, data) =>
socket.post(`/projects/${projectId}/managers`, data);
const createProjectManager = (projectId, data, headers) =>
socket.post(`/projects/${projectId}/managers`, data, headers);

const deleteProjectManager = (id) => socket.delete(`/project-managers/${id}`);
const deleteProjectManager = (id, headers) =>
socket.delete(`/project-managers/${id}`, undefined, headers);

export default {
createProjectManager,
@@ -3,18 +3,18 @@ import socket from './socket';

/* Actions */

const getProjects = () => socket.get('/projects');
const getProjects = (headers) => socket.get('/projects', undefined, headers);

const createProject = (data) => socket.post('/projects', data);
const createProject = (data, headers) => socket.post('/projects', data, headers);

const getProject = (id) => socket.get(`/projects/${id}`);
const getProject = (id, headers) => socket.get(`/projects/${id}`, undefined, headers);

const updateProject = (id, data) => socket.patch(`/projects/${id}`, data);
const updateProject = (id, data, headers) => socket.patch(`/projects/${id}`, data, headers);

const updateProjectBackgroundImage = (id, data) =>
http.post(`/projects/${id}/background-image`, data);
const updateProjectBackgroundImage = (id, data, headers) =>
http.post(`/projects/${id}/background-image`, data, headers);

const deleteProject = (id) => socket.delete(`/projects/${id}`);
const deleteProject = (id, headers) => socket.delete(`/projects/${id}`, undefined, headers);

export default {
getProjects,
@@ -16,12 +16,13 @@ const { socket } = io;
socket.connect = socket._connect; // eslint-disable-line no-underscore-dangle

['GET', 'POST', 'PUT', 'PATCH', 'DELETE'].forEach((method) => {
socket[method.toLowerCase()] = (url, data) =>
socket[method.toLowerCase()] = (url, data, headers) =>
new Promise((resolve, reject) => {
socket.request(
{
method,
data,
headers,
url: `/api${url}`,
},
(_, { body, error }) => {
@@ -2,11 +2,11 @@ import socket from './socket';

/* Actions */

const createTask = (cardId, data) => socket.post(`/cards/${cardId}/tasks`, data);
const createTask = (cardId, data, headers) => socket.post(`/cards/${cardId}/tasks`, data, headers);

const updateTask = (id, data) => socket.patch(`/tasks/${id}`, data);
const updateTask = (id, data, headers) => socket.patch(`/tasks/${id}`, data, headers);

const deleteTask = (id) => socket.delete(`/tasks/${id}`);
const deleteTask = (id, headers) => socket.delete(`/tasks/${id}`, undefined, headers);

export default {
createTask,

0 comments on commit 7786533

Please sign in to comment.