- files: ["*.config.*"]
rules:
import/no-unused-modules: [0]
+ - files: ["web_src/js/modules/fetch.js", "web_src/js/standalone/**/*"]
+ rules:
+ no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]
rules:
"@eslint-community/eslint-comments/disable-enable-pair": [2]
no-restricted-exports: [0]
no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
no-restricted-imports: [0]
- no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]
+ no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression, {selector: "CallExpression[callee.name='fetch']", message: "use modules/fetch.js instead"}]
no-return-assign: [0]
no-script-url: [2]
no-self-assign: [2, {props: true}]
### Fetching data
To fetch data, use the wrapper functions `GET`, `POST` etc. from `modules/fetch.js`. They
-accept a `data` option for the content, will automatically set CSFR token and return a
+accept a `data` option for the content, will automatically set CSRF token and return a
Promise for a [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response).
### HTML Attributes and `dataset`
import {createApp, nextTick} from 'vue';
import $ from 'jquery';
import {SvgIcon} from '../svg.js';
+import {GET} from '../modules/fetch.js';
const {appSubUrl, assetUrlPrefix, pageData} = window.config;
try {
if (!this.reposTotalCount) {
const totalCountSearchURL = `${this.subUrl}/repo/search?count_only=1&uid=${this.uid}&team_id=${this.teamId}&q=&page=1&mode=`;
- response = await fetch(totalCountSearchURL);
+ response = await GET(totalCountSearchURL);
this.reposTotalCount = response.headers.get('X-Total-Count');
}
- response = await fetch(searchedURL);
+ response = await GET(searchedURL);
json = await response.json();
} catch {
if (searchedURL === this.searchURL) {
<script>
import {SvgIcon} from '../svg.js';
+import {GET} from '../modules/fetch.js';
export default {
components: {SvgIcon},
},
/** Load the commits to show in this dropdown */
async fetchCommits() {
- const resp = await fetch(`${this.issueLink}/commits/list`);
+ const resp = await GET(`${this.issueLink}/commits/list`);
const results = await resp.json();
this.commits.push(...results.commits.map((x) => {
x.hovered = false;
import {SvgIcon} from '../svg.js';
import {pathEscapeSegments} from '../utils/url.js';
import {showErrorToast} from '../modules/toast.js';
+import {GET} from '../modules/fetch.js';
const sfc = {
components: {SvgIcon},
}
this.isLoading = true;
try {
- const reqUrl = `${this.repoLink}/${this.mode}/list`;
- const resp = await fetch(reqUrl);
+ const resp = await GET(`${this.repoLink}/${this.mode}/list`);
const {results} = await resp.json();
for (const result of results) {
let selected = false;
import {showTemporaryTooltip} from '../modules/tippy.js';
import {confirmModal} from './comp/ConfirmModal.js';
import {showErrorToast} from '../modules/toast.js';
+import {request} from '../modules/fetch.js';
const {appUrl, appSubUrl, csrfToken, i18n} = window.config;
async function fetchActionDoRequest(actionElem, url, opt) {
try {
- const resp = await fetch(url, opt);
+ const resp = await request(url, opt);
if (resp.status === 200) {
let {redirect} = await resp.json();
redirect = redirect || actionElem.getAttribute('data-redirect');
}
let reqUrl = formActionUrl;
- const reqOpt = {method: formMethod.toUpperCase(), headers: {'X-Csrf-Token': csrfToken}};
+ const reqOpt = {method: formMethod.toUpperCase()};
if (formMethod.toLowerCase() === 'get') {
const params = new URLSearchParams();
for (const [key, value] of formData) {
const url = el.getAttribute('data-url');
const doRequest = async () => {
el.disabled = true;
- await fetchActionDoRequest(el, url, {method: 'POST', headers: {'X-Csrf-Token': csrfToken}});
+ await fetchActionDoRequest(el, url, {method: 'POST'});
el.disabled = false;
};
import $ from 'jquery';
import {isElemHidden, onInputDebounce, toggleElem} from '../utils/dom.js';
-const {appSubUrl} = window.config;
+import {GET} from '../modules/fetch.js';
+const {appSubUrl} = window.config;
const reIssueIndex = /^(\d+)$/; // eg: "123"
const reIssueSharpIndex = /^#(\d+)$/; // eg: "#123"
const reIssueOwnerRepoIndex = /^([-.\w]+)\/([-.\w]+)#(\d+)$/; // eg: "{owner}/{repo}#{index}"
// try to check whether the parsed goto link is valid
let targetUrl = parseIssueListQuickGotoLink(repoLink, searchText);
if (targetUrl) {
- const res = await fetch(`${targetUrl}/info`);
+ const res = await GET(`${targetUrl}/info`);
if (res.status !== 200) targetUrl = '';
}
import $ from 'jquery';
-
-const {csrfToken} = window.config;
+import {POST} from '../../modules/fetch.js';
async function uploadFile(file, uploadUrl) {
const formData = new FormData();
formData.append('file', file, file.name);
- const res = await fetch(uploadUrl, {
- method: 'POST',
- headers: {'X-Csrf-Token': csrfToken},
- body: formData,
- });
+ const res = await POST(uploadUrl, {data: formData});
return await res.json();
}
import $ from 'jquery';
-
-const {csrfToken} = window.config;
+import {POST} from '../../modules/fetch.js';
export function initCompReactionSelector($parent) {
$parent.find(`.select-reaction .item.reaction, .comment-reaction-button`).on('click', async function (e) {
const reactionContent = $(this).attr('data-reaction-content');
const hasReacted = $(this).closest('.ui.segment.reactions').find(`a[data-reaction-content="${reactionContent}"]`).attr('data-has-reacted') === 'true';
- const res = await fetch(`${actionUrl}/${hasReacted ? 'unreact' : 'react'}`, {
- method: 'POST',
- headers: {
- 'content-type': 'application/x-www-form-urlencoded',
- },
- body: new URLSearchParams({
- _csrf: csrfToken,
- content: reactionContent,
- }),
+ const res = await POST(`${actionUrl}/${hasReacted ? 'unreact' : 'react'}`, {
+ data: new URLSearchParams({content: reactionContent}),
});
const data = await res.json();
import {clippie} from 'clippie';
import {showTemporaryTooltip} from '../modules/tippy.js';
import {convertImage} from '../utils.js';
+import {GET} from '../modules/fetch.js';
const {i18n} = window.config;
if (link) {
btn.classList.add('is-loading', 'small-loading-icon');
try {
- const res = await fetch(link, {credentials: 'include', redirect: 'follow'});
+ const res = await GET(link, {credentials: 'include', redirect: 'follow'});
const contentType = res.headers.get('content-type');
if (contentType.startsWith('image/') && !contentType.startsWith('image/svg')) {
import $ from 'jquery';
import {hideElem, showElem} from '../utils/dom.js';
+import {GET} from '../modules/fetch.js';
export function initInstall() {
const $page = $('.page-content.install');
const targetUrl = el.getAttribute('href');
let tid = setInterval(async () => {
try {
- const resp = await fetch(targetUrl);
+ const resp = await GET(targetUrl);
if (tid && resp.status === 200) {
clearInterval(tid);
tid = null;
import {diffTreeStore} from '../modules/stores.js';
import {setFileFolding} from './file-fold.js';
+import {POST} from '../modules/fetch.js';
-const {csrfToken, pageData} = window.config;
+const {pageData} = window.config;
const prReview = pageData.prReview || {};
const viewedStyleClass = 'viewed-file-checked-form';
const viewedCheckboxSelector = '.viewed-file-form'; // Selector under which all "Viewed" checkbox forms can be found
const data = {files};
const headCommitSHA = form.getAttribute('data-headcommit');
if (headCommitSHA) data.headCommitSHA = headCommitSHA;
- fetch(form.getAttribute('data-link'), {
- method: 'POST',
- headers: {'X-Csrf-Token': csrfToken},
- body: JSON.stringify(data),
- });
+ POST(form.getAttribute('data-link'), {data});
// Fold the file accordingly
const parentBox = form.closest('.diff-file-header');
import {hideElem, showElem, toggleElem} from '../utils/dom.js';
+import {GET} from '../modules/fetch.js';
async function loadBranchesAndTags(area, loadingButton) {
loadingButton.classList.add('disabled');
try {
- const res = await fetch(loadingButton.getAttribute('data-fetch-url'));
+ const res = await GET(loadingButton.getAttribute('data-fetch-url'));
const data = await res.json();
hideElem(loadingButton);
addTags(area, data.tags);
import {confirmModal} from './comp/ConfirmModal.js';
import {showErrorToast} from '../modules/toast.js';
import {createSortable} from '../modules/sortable.js';
+import {DELETE, POST} from '../modules/fetch.js';
function initRepoIssueListCheckboxes() {
const $issueSelectAll = $('.issue-checkbox-all');
const id = Number(el.getAttribute('data-issue-id'));
// Send the unpin request
- const response = await fetch(el.getAttribute('data-unpin-url'), {
- method: 'delete',
- headers: {
- 'X-Csrf-Token': window.config.csrfToken,
- 'Content-Type': 'application/json',
- },
- });
+ const response = await DELETE(el.getAttribute('data-unpin-url'));
if (response.ok) {
// Delete the tooltip
el._tippy.destroy();
async function pinMoveEnd(e) {
const url = e.item.getAttribute('data-move-url');
const id = Number(e.item.getAttribute('data-issue-id'));
- await fetch(url, {
- method: 'post',
- body: JSON.stringify({id, position: e.newIndex + 1}),
- headers: {
- 'X-Csrf-Token': window.config.csrfToken,
- 'Content-Type': 'application/json',
- },
- });
+ await POST(url, {data: {id, position: e.newIndex + 1}});
}
async function initIssuePinSort() {
import $ from 'jquery';
import {hideElem, showElem} from '../utils/dom.js';
+import {GET, POST} from '../modules/fetch.js';
-const {appSubUrl, csrfToken} = window.config;
+const {appSubUrl} = window.config;
export function initRepoMigrationStatusChecker() {
const $repoMigrating = $('#repo_migrating');
// returns true if the refresh still need to be called after a while
const refresh = async () => {
- const res = await fetch(`${appSubUrl}/user/task/${task}`);
+ const res = await GET(`${appSubUrl}/user/task/${task}`);
if (res.status !== 200) return true; // continue to refresh if network error occurs
const data = await res.json();
}
async function doMigrationRetry(e) {
- await fetch($(e.target).attr('data-migrating-task-retry-url'), {
- method: 'post',
- headers: {
- 'X-Csrf-Token': csrfToken,
- 'Content-Type': 'application/json',
- },
- });
+ await POST($(e.target).attr('data-migrating-task-retry-url'));
window.location.reload();
}
import {encodeURLEncodedBase64, decodeURLEncodedBase64} from '../utils.js';
import {showElem} from '../utils/dom.js';
+import {GET, POST} from '../modules/fetch.js';
-const {appSubUrl, csrfToken} = window.config;
+const {appSubUrl} = window.config;
export async function initUserAuthWebAuthn() {
const elPrompt = document.querySelector('.user.signin.webauthn-prompt');
return;
}
- const res = await fetch(`${appSubUrl}/user/webauthn/assertion`);
+ const res = await GET(`${appSubUrl}/user/webauthn/assertion`);
if (res.status !== 200) {
webAuthnError('unknown');
return;
const sig = new Uint8Array(assertedCredential.response.signature);
const userHandle = new Uint8Array(assertedCredential.response.userHandle);
- const res = await fetch(`${appSubUrl}/user/webauthn/assertion`, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/json; charset=utf-8'
- },
- body: JSON.stringify({
+ const res = await POST(`${appSubUrl}/user/webauthn/assertion`, {
+ data: {
id: assertedCredential.id,
rawId: encodeURLEncodedBase64(rawId),
type: assertedCredential.type,
signature: encodeURLEncodedBase64(sig),
userHandle: encodeURLEncodedBase64(userHandle),
},
- }),
+ },
});
if (res.status === 500) {
webAuthnError('unknown');
const clientDataJSON = new Uint8Array(newCredential.response.clientDataJSON);
const rawId = new Uint8Array(newCredential.rawId);
- const res = await fetch(`${appSubUrl}/user/settings/security/webauthn/register`, {
- method: 'POST',
- headers: {
- 'X-Csrf-Token': csrfToken,
- 'Content-Type': 'application/json; charset=utf-8',
- },
- body: JSON.stringify({
+ const res = await POST(`${appSubUrl}/user/settings/security/webauthn/register`, {
+ data: {
id: newCredential.id,
rawId: encodeURLEncodedBase64(rawId),
type: newCredential.type,
attestationObject: encodeURLEncodedBase64(attestationObject),
clientDataJSON: encodeURLEncodedBase64(clientDataJSON),
},
- }),
+ },
});
if (res.status === 409) {
async function webAuthnRegisterRequest() {
const elNickname = document.getElementById('nickname');
- const body = new FormData();
- body.append('name', elNickname.value);
+ const formData = new FormData();
+ formData.append('name', elNickname.value);
- const res = await fetch(`${appSubUrl}/user/settings/security/webauthn/request_register`, {
- method: 'POST',
- headers: {
- 'X-Csrf-Token': csrfToken,
- },
- body,
+ const res = await POST(`${appSubUrl}/user/settings/security/webauthn/request_register`, {
+ data: formData,
});
if (res.status === 409) {
const {csrfToken} = window.config;
+// safe HTTP methods that don't need a csrf token
+const safeMethods = new Set(['GET', 'HEAD', 'OPTIONS', 'TRACE']);
+
// fetch wrapper, use below method name functions and the `data` option to pass in data
-// which will automatically set an appropriate content-type header. For json content,
-// only object and array types are currently supported.
-function request(url, {headers, data, body, ...other} = {}) {
+// which will automatically set an appropriate headers. For json content, only object
+// and array types are currently supported.
+export function request(url, {method = 'GET', headers = {}, data, body, ...other} = {}) {
let contentType;
if (!body) {
if (data instanceof FormData) {
- contentType = 'multipart/form-data';
body = data;
} else if (data instanceof URLSearchParams) {
- contentType = 'application/x-www-form-urlencoded';
body = data;
} else if (isObject(data) || Array.isArray(data)) {
contentType = 'application/json';
}
}
+ const headersMerged = new Headers({
+ ...(!safeMethods.has(method.toUpperCase()) && {'x-csrf-token': csrfToken}),
+ ...(contentType && {'content-type': contentType}),
+ });
+
+ for (const [name, value] of Object.entries(headers)) {
+ headersMerged.set(name, value);
+ }
+
return fetch(url, {
- headers: {
- 'x-csrf-token': csrfToken,
- ...(contentType && {'content-type': contentType}),
- ...headers,
- },
+ method,
+ headers: headersMerged,
...(body && {body}),
...other,
});
projects / gitea.git / commitdiff