autoDetectCORS option for proxy config (geosolutions-it#3675)

mbarto · web-flow · commit 82ca81aa5bbf · 2019-04-08T15:17:36.000+02:00
* autoDetectCORS option for proxy config

* Updated axios version to support automatic CORS detection
diff --git a/package.json b/package.json
@@ -87,7 +87,7 @@
     "@turf/polygon-to-linestring": "4.1.0",
     "ag-grid": "3.3.3",
     "ag-grid-react": "3.3.1",
-    "axios": "0.11.1",
+    "axios": "0.18.0",
     "b64-to-blob": "1.2.19",
     "babel-polyfill": "6.8.0",
     "babel-standalone": "6.7.7",
diff --git a/web/client/libs/__tests__/ajax-test.js b/web/client/libs/__tests__/ajax-test.js
@@ -11,6 +11,8 @@ const axios = require('../ajax');
 const SecurityUtils = require('../../utils/SecurityUtils');
 const assign = require('object-assign');
 const urlUtil = require('url');
+const MockAdapter = require("axios-mock-adapter");
+let mockAxios;
 
 const userA = {
     User: {
@@ -79,6 +81,10 @@ const authenticationRules = [
 
 describe('Tests ajax library', () => {
     afterEach(() => {
+        if (mockAxios) {
+            mockAxios.restore();
+            mockAxios = null;
+        }
         expect.restoreSpies();
     });
 
@@ -379,7 +385,6 @@ describe('Tests ajax library', () => {
     it('does not set withCredentials on the request', (done)=> {
         expect.spyOn(SecurityUtils, 'isAuthenticationActivated').andReturn(true);
         expect.spyOn(SecurityUtils, 'getAuthenticationRules').andReturn(authenticationRules);
-
         axios.get('http://www.skipBrowserCredentials.com/geoserver?parameter1=value1&parameter2=value2').then(() => {
             done();
         }).catch( (exception) => {
@@ -388,4 +393,42 @@ describe('Tests ajax library', () => {
             done();
         });
     });
+
+    it('does test for CORS if autoDetectCORS is true', (done) => {
+        mockAxios = new MockAdapter(axios);
+        mockAxios.onGet().reply(200, {}, {
+            "allow-control-allow-origin": "*"
+        });
+        axios
+            .get("http://testcors/", {
+                proxyUrl: {
+                    url: "/proxy/?url=",
+                    useCORS: [],
+                    autoDetectCORS: true
+                }
+            })
+            .then(response => {
+                expect(response.config).toExist();
+                expect(response.config.url).toExist();
+                expect(response.config.url).toNotContain("proxy/?url=");
+                done();
+            });
+    });
+
+    it('revert to proxy if autoDetectCORS is true but CORS is not enabled on server', (done) => {
+        mockAxios = new MockAdapter(axios);
+        axios.get('http://testcors/', {
+            timeout: 1,
+            proxyUrl: {
+                url: '/proxy/?url=',
+                useCORS: [],
+                autoDetectCORS: true
+            }
+        }).catch((response) => {
+            expect(response.config).toExist();
+            expect(response.config.url).toExist();
+            expect(response.config.url).toContain('proxy/?url=');
+            done();
+        });
+    });
 });
diff --git a/web/client/libs/ajax.js b/web/client/libs/ajax.js
@@ -7,6 +7,7 @@
  */
 
 const axios = require('axios');
+const url = require('url');
 const ConfigUtils = require('../utils/ConfigUtils');
 
 const SecurityUtils = require('../utils/SecurityUtils');
@@ -31,6 +32,8 @@ function addHeaderToAxiosConfig(axiosConfig, headerName, headerValue) {
     axiosConfig.headers = assign({}, axiosConfig.headers, {[headerName]: headerValue});
 }
 
+const corsDisabled = [];
+
 /**
  * Internal helper that will add to the axios config object the correct
  * authentication method based on the request URL.
@@ -107,12 +110,15 @@ axios.interceptors.request.use(config => {
         let proxyUrl = ConfigUtils.getProxyUrl(config);
         if (proxyUrl) {
             let useCORS = [];
+            let autoDetectCORS = false;
             if (isObject(proxyUrl)) {
                 useCORS = proxyUrl.useCORS || [];
+                autoDetectCORS = proxyUrl.autoDetectCORS || false;
                 proxyUrl = proxyUrl.url;
             }
             const isCORS = useCORS.reduce((found, current) => found || uri.indexOf(current) === 0, false);
-            if (!isCORS) {
+            const cannotUseCORS = corsDisabled.reduce((found, current) => found || uri.indexOf(current) === 0, false);
+            if (!isCORS && (!autoDetectCORS || cannotUseCORS)) {
                 const parsedUri = urlUtil.parse(uri, true, true);
                 config.url = proxyUrl + encodeURIComponent(
                     urlUtil.format(
@@ -123,10 +129,26 @@ axios.interceptors.request.use(config => {
                     )
                 );
                 config.params = undefined;
+            } else if (autoDetectCORS) {
+                config.autoDetectCORS = true;
             }
         }
     }
     return config;
 });
 
+axios.interceptors.response.use(response => response, (error) => {
+    if (error.config && error.config.autoDetectCORS) {
+        const urlParts = url.parse(error.config.url);
+        const baseUrl = urlParts.protocol + "//" + urlParts.host + urlParts.pathname;
+        if (corsDisabled.indexOf(baseUrl) === -1) {
+            corsDisabled.push(baseUrl);
+            return new Promise((resolve, reject) => {
+                axios({ ...error.config, autoDetectCORS: false}).then(resolve).catch(reject);
+            });
+        }
+    }
+    return Promise.reject(error.response ? {...error.response, originalError: error} : error);
+});
+
 module.exports = axios;
diff --git a/web/client/plugins/MetadataExplorer.jsx b/web/client/plugins/MetadataExplorer.jsx
@@ -51,7 +51,7 @@ const catalogSelector = createSelector([
     format: newformat,
     newService,
     currentLocale,
-    records: CatalogUtils.getCatalogRecords(selectedFormat, result, options)
+    records: result && CatalogUtils.getCatalogRecords(selectedFormat, result, options) || []
 }));
 
 const catalogClose = () => {
diff --git a/web/client/utils/SecurityUtils.js b/web/client/utils/SecurityUtils.js
@@ -27,7 +27,7 @@ const SecurityUtils = {
      * Gets security state form the store.
      */
     getSecurityInfo() {
-        return this.store.getState().security;
+        return this.store && this.store.getState().security || {};
     },
 
     /**
