fix: url and request header fix

- now after getting a vaild token, auth code and session state in url will be removed. - token now can be set to put in the request header. - endpoint url fix.
cylab-tw · ppop123456 · Jan 17, 2023 · Dec 30, 2022 · Jan 2, 2023 · Jan 2, 2023
commit 8bdc77b1847e872b3b72e9f922ced9ce961f0004
diff --git a/bluelight/data/configOAuth.json b/bluelight/data/configOAuth.json
@@ -6,8 +6,9 @@
     "client_id":"account",
     "endpoints":
     {
-        "auth":"/TestRealm/protocol/openid-connect/auth",
-        "validation":"/TestRealm/protocol/openid-connect/userinfo", 
-        "token":"/TestRealm/protocol/openid-connect/token" 
-    }
+        "auth":"realms/TestRealm/protocol/openid-connect/auth",
+        "validation":"realms/TestRealm/protocol/openid-connect/userinfo", 
+        "token":"realms/TestRealm/protocol/openid-connect/token" 
+    },
+    "tokenInRequest":false
 }
diff --git a/bluelight/scripts/plugin/oauth.js b/bluelight/scripts/plugin/oauth.js
@@ -16,7 +16,7 @@ async function auth() {
         let authCode = searchParams.get("code");
         let session_state = searchParams.get("session_state");
         let thePort = OAuthConfig.port != "" ? `:${OAuthConfig.port}` : "";
-        keycloakAPI = `${OAuthConfig.http}://${OAuthConfig.hostname}${thePort}/realms`;
+        keycloakAPI = `${OAuthConfig.http}://${OAuthConfig.hostname}${thePort}/`;
 
         // No token but have auth code (usually when it's login complete and is redirecting back).
         if (theToken == "" && authCode != null) {
@@ -25,10 +25,24 @@ async function auth() {
         // Have token so let's see if it's vaild or not.
         let tokenVaild = await isTokenVaild(theToken);
         if (tokenVaild) {
+            if(window.location.href.indexOf(`code=`) != -1)
+            {
+                let originalUrl = removeURLParameter(window.location.href, "code");
+                originalUrl = removeURLParameter(originalUrl, "session_state");
+                window.location.href = originalUrl;
+            }
+            if(OAuthConfig.tokenInRequest == true)
+            {
+                ConfigLog.QIDO.token = "Bearer " + theToken;
+                ConfigLog.WADO.token = "Bearer " + theToken;
+                ConfigLog.STOW.token = "Bearer " + theToken;
+            }
+            console.log(ConfigLog);
             return true;
         }
         // No token or token is not vaild, redirect to keycloak login page and put current url in the Callback URL parameter.
         else {
+            setCookie("access_token","",7);
             let redirectUri = removeURLParameter(window.location.href, "code");
             redirectUri = removeURLParameter(redirectUri, "session_state");
             let loginPage = `${keycloakAPI}${OAuthConfig.endpoints.auth}?client_id=${OAuthConfig.client_id}&grant_type=authorization_code&response_type=code&redirect_uri=${redirectUri}`;
@@ -55,6 +69,19 @@ function getCookie(name) {
     }
 }
 
+/**
+ * Set a cookie.
+ */
+function setCookie(name,value,days) {
+    var expires = "";
+    if (days) {
+        var date = new Date();
+        date.setTime(date.getTime() + (days*24*60*60*1000));
+        expires = "; expires=" + date.toUTCString();
+    }
+    document.cookie = name + "=" + (value || "")  + expires + "; path=/";
+}
+
 /**
  * send token to the keycloak server to see if the token is vaild or not.
  */
@@ -103,6 +130,7 @@ function requestToken(code, session_state) {
         request.onload = function () {
             let result = request.response;
             responseToken = result.access_token;
+            setCookie("access_token",responseToken,7);
             resolve(responseToken);
         }
     });

diff --git a/search/data/configOAuth.json b/search/data/configOAuth.json
@@ -6,8 +6,9 @@
     "client_id":"account",
     "endpoints":
     {
-        "auth":"/TestRealm/protocol/openid-connect/auth",
-        "validation":"/TestRealm/protocol/openid-connect/userinfo", 
-        "token":"/TestRealm/protocol/openid-connect/token" 
-    }
+        "auth":"realms/TestRealm/protocol/openid-connect/auth",
+        "validation":"realms/TestRealm/protocol/openid-connect/userinfo", 
+        "token":"realms/TestRealm/protocol/openid-connect/token" 
+    },
+    "tokenInRequest":false
 }
diff --git a/search/html/start.html b/search/html/start.html
@@ -12,8 +12,8 @@
 
   <script src="../scripts/toolfunction.js"></script>
   <script src="../scripts/readsome.js"></script>
-  <script src="../scripts/oauth.js"></script>
   <script src="../scripts/onload.js"></script>
+  <script src="../scripts/oauth.js"></script>
 
   <link rel="stylesheet" href="../css/bootstrap.min.css"
     integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">

diff --git a/search/scripts/oauth.js b/search/scripts/oauth.js
@@ -1,10 +1,10 @@
 var OAuthConfig = {};
 var keycloakAPI = "";
 
+//auth();
 window.addEventListener("load", function(event) {
     auth();
 });
-
 /**
  * Login Auth Check
  */
@@ -16,7 +16,7 @@ async function auth() {
         let authCode = searchParams.get("code");
         let session_state = searchParams.get("session_state");
         let thePort = OAuthConfig.port != "" ? `:${OAuthConfig.port}` : "";
-        keycloakAPI = `${OAuthConfig.http}://${OAuthConfig.hostname}${thePort}/realms`;
+        keycloakAPI = `${OAuthConfig.http}://${OAuthConfig.hostname}${thePort}/`;
 
         // No token but have auth code (usually when it's login complete and is redirecting back).
         if (theToken == "" && authCode != null) {
@@ -25,10 +25,24 @@ async function auth() {
         // Have token so let's see if it's vaild or not.
         let tokenVaild = await isTokenVaild(theToken);
         if (tokenVaild) {
+            if(window.location.href.indexOf(`code=`) != -1)
+            {
+                let originalUrl = removeURLParameter(window.location.href, "code");
+                originalUrl = removeURLParameter(originalUrl, "session_state");
+                window.location.href = originalUrl;
+            }
+            if(OAuthConfig.tokenInRequest == true)
+            {
+                ConfigLog.QIDO.token = "Bearer " + theToken;
+                ConfigLog.WADO.token = "Bearer " + theToken;
+                ConfigLog.STOW.token = "Bearer " + theToken;
+            }
+            console.log(ConfigLog);
             return true;
         }
         // No token or token is not vaild, redirect to keycloak login page and put current url in the Callback URL parameter.
         else {
+            setCookie("access_token","",7);
             let redirectUri = removeURLParameter(window.location.href, "code");
             redirectUri = removeURLParameter(redirectUri, "session_state");
             let loginPage = `${keycloakAPI}${OAuthConfig.endpoints.auth}?client_id=${OAuthConfig.client_id}&grant_type=authorization_code&response_type=code&redirect_uri=${redirectUri}`;
@@ -55,6 +69,19 @@ function getCookie(name) {
     }
 }
 
+/**
+ * Set a cookie.
+ */
+function setCookie(name,value,days) {
+    var expires = "";
+    if (days) {
+        var date = new Date();
+        date.setTime(date.getTime() + (days*24*60*60*1000));
+        expires = "; expires=" + date.toUTCString();
+    }
+    document.cookie = name + "=" + (value || "")  + expires + "; path=/";
+}
+
 /**
  * send token to the keycloak server to see if the token is vaild or not.
  */
@@ -103,6 +130,7 @@ function requestToken(code, session_state) {
         request.onload = function () {
             let result = request.response;
             responseToken = result.access_token;
+            setCookie("access_token",responseToken,7);
             resolve(responseToken);
         }
     });

diff --git a/search/scripts/onload.js b/search/scripts/onload.js
@@ -2,6 +2,7 @@ window.onload = function () {
   //setInterval(function () { createTable() }, 1000);
   function onLosdSerch() {
     getByid("searchButton").onclick();
+    auth();
   }
   loadLdcmview(onLosdSerch);
 }