diff options
| author | Varun Patil <varunpatil@ucla.edu> | 2023-10-30 10:52:08 -0700 |
|---|---|---|
| committer | skjnldsv <skjnldsv@protonmail.com> | 2024-02-28 19:23:47 +0100 |
| commit | b03fd6e363ef75ec69c5150b8992a838f724ce45 (patch) | |
| tree | ebe8428c555863fbdcb3d477726995a661d66be8 /apps/files/src | |
| parent | dfd42307f04148f09a9f9811323178d4657fcc0a (diff) | |
| download | nextcloud-server-b03fd6e363ef75ec69c5150b8992a838f724ce45.tar.gz nextcloud-server-b03fd6e363ef75ec69c5150b8992a838f724ce45.zip | |
fix(dav): multiple fixes in usage of webdav library
1. Refresh token on update
2. Fix some very weird imports
3. Patch fetch instead of request to prevent accessing impl details
Signed-off-by: Varun Patil <varunpatil@ucla.edu>
Diffstat (limited to 'apps/files/src')
| -rw-r--r-- | apps/files/src/services/WebdavClient.ts | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/apps/files/src/services/WebdavClient.ts b/apps/files/src/services/WebdavClient.ts index ae2ab27b9db..6c98b299703 100644 --- a/apps/files/src/services/WebdavClient.ts +++ b/apps/files/src/services/WebdavClient.ts @@ -19,22 +19,30 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ -import type { RequestOptions, Response } from 'webdav' import { createClient, getPatcher } from 'webdav' import { generateRemoteUrl } from '@nextcloud/router' -import { getCurrentUser, getRequestToken } from '@nextcloud/auth' -import { request } from 'webdav/dist/node/request.js' +import { getCurrentUser, getRequestToken, onRequestTokenUpdate } from '@nextcloud/auth' export const rootPath = `/files/${getCurrentUser()?.uid}` export const defaultRootUrl = generateRemoteUrl('dav' + rootPath) export const getClient = (rootUrl = defaultRootUrl) => { - const client = createClient(rootUrl, { - headers: { - requesttoken: getRequestToken() || '', - }, - }) + const client = createClient(rootUrl) + + // set CSRF token header + const setHeaders = (token: string | null) => { + client?.setHeaders({ + // Add this so the server knows it is an request from the browser + 'X-Requested-With': 'XMLHttpRequest', + // Inject user auth + requesttoken: token ?? '', + }); + } + + // refresh headers when request token changes + onRequestTokenUpdate(setHeaders) + setHeaders(getRequestToken()) /** * Allow to override the METHOD to support dav REPORT @@ -45,12 +53,14 @@ export const getClient = (rootUrl = defaultRootUrl) => { // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-ignore // https://github.com/perry-mitchell/hot-patcher/issues/6 - patcher.patch('request', (options: RequestOptions): Promise<Response> => { - if (options.headers?.method) { - options.method = options.headers.method - delete options.headers.method + patcher.patch('fetch', (url: string, options: RequestInit): Promise<Response> => { + const headers = options.headers as Record<string, string> + if (headers?.method) { + options.method = headers.method + delete headers.method } - return request(options) + return fetch(url, options) }) - return client + + return client; } |