forked from steveworley/decoupledkit-react
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsrcServer.js
166 lines (143 loc) · 5.37 KB
/
srcServer.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
// This file configures the development web server
// which supports hot reloading and synchronized testing.
// Require Browsersync along with webpack and middleware for it
import browserSync from 'browser-sync';
// Required for react-router browserHistory
// see https://github.com/BrowserSync/browser-sync/issues/204#issuecomment-102623643
import historyApiFallback from 'connect-history-api-fallback';
import webpack from 'webpack';
import webpackDevMiddleware from 'webpack-dev-middleware';
import webpackHotMiddleware from 'webpack-hot-middleware';
import config from '../webpack.config.dev';
import fetch from 'cross-fetch';
require('dotenv').config();
const bundler = webpack(config);
// Run Browsersync and use middleware for Hot Module Replacement
browserSync({
port: 8080,
ui: {
port: 8081
},
server: {
baseDir: 'src',
middleware: [
// This middleware dynamically generates the apitoken.js file that will be
// used to authenticate against Drupals API. For the demo this will lease a
// token for every page request and will the tokens are leased indefinitely
// for production it would make sense to have these use a low lease time so
// if the token is compromised the API can only be accessed for a short duration.
//
// Ideally this would be injected to index.html rather than another script file
// to reduce the ability for people to remote request it.
{
route: '/apitoken.js',
handle: async (req, res) => { // , next
const body = Object.entries({
grant_type: 'password',
client_id: process.env.CLIENT_ID,
client_secret: process.env.CLIENT_SECRET,
username: process.env.DRUPAL_USER,
password: process.env.DRUPAL_PASSWORD
}).map(([key, val]) => `${key}=${val}`).join('&')
const response = await fetch(process.env.DRUPAL_URL + '/oauth/token', {
method: 'post',
body,
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
})
if (response.ok) {
const token = await response.json()
res.setHeader('Content-Type', 'text/javascript')
res.end(`window.apiToken = ${JSON.stringify(token)}`)
}
res.end('window.apiToken = { token_type: null, access_token: null }')
}
},
/**
* OAuth callback.
*
* This handles receiving a response from an oauth server and is intended to convert the
* authorization code into an oauth token which can then be used by the application to
* make requests on behalf of the user.
*/
{
route: "/oauth2/callback",
handle: async (req, res) => {
if (req.url.indexOf('?') == -1) {
res.statusCode = 400
return res.end('Unable to process the oauth callback.')
}
const params = req.url.slice(req.url.indexOf('?') + 1).split('&').reduce((result, item, index, array) => {
item = item.split('=')
if (item.length > 0) {
result[item[0]] = item[1]
}
return result;
}, {})
if (!params.code) {
res.statusCode = 400;
return res.end('Invalid redirect.')
}
const body = Object.entries({
'grant_type': 'authorization_code',
'client_id': '22fb4284-ddb3-42c6-b1b0-b522ef0dd1b5',
'client_secret': 'premium',
'code': params.code
}).map(([key, val]) => `${key}=${val}`).join('&')
const response = await fetch(process.env.DRUPAL_URL + '/oauth/token', {
method: 'post',
body,
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
})
if (response.ok) {
let token = await response.json()
token = JSON.stringify(token);
return res.end(`
<body>
<script type="text/javascript">
window.localStorage.setItem('code_token', '${token}')
setTimeout(function() {
window.location = '/uac'
}, 500)
</script>
</body>
`)
}
res.end(response)
}
},
historyApiFallback(),
// The order of serverProxy is important. It will not work if it is indexed
// after the webpackDevMiddleware in this array.
// serverProxy,
webpackDevMiddleware(bundler, {
// Dev middleware can't access config, so we provide publicPath
publicPath: config.output.publicPath,
// These settings suppress noisy webpack output so only errors are displayed to the console.
noInfo: true,
quiet: false,
stats: {
assets: false,
colors: true,
version: false,
hash: false,
timings: false,
chunks: false,
chunkModules: false
},
// for other settings see
// https://webpack.js.org/guides/development/#using-webpack-dev-middleware
}),
// bundler should be the same as above
webpackHotMiddleware(bundler)
]
},
// no need to watch '*.js' here, webpack will take care of it for us,
// including full page reloads if HMR won't work
files: [
'src/*.html'
]
});