-
Notifications
You must be signed in to change notification settings - Fork 981
/
Copy pathlifecycle_handlers.ts
110 lines (96 loc) · 3.66 KB
/
lifecycle_handlers.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Any modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import { OnPostAuthHandler } from './lifecycle/on_post_auth';
import { OnPreResponseHandler } from './lifecycle/on_pre_response';
import { HttpConfig } from './http_config';
import { isSafeMethod } from './router';
import { Env } from '../config';
import { LifecycleRegistrar } from './http_server';
const VERSION_HEADER = 'osd-version';
const XSRF_HEADER = 'osd-xsrf';
const OPENSEARCH_DASHBOARDS_NAME_HEADER = 'osd-name';
export const createXsrfPostAuthHandler = (config: HttpConfig): OnPostAuthHandler => {
const { whitelist, disableProtection } = config.xsrf;
return (request, response, toolkit) => {
if (
disableProtection ||
whitelist.includes(request.route.path) ||
request.route.options.xsrfRequired === false
) {
return toolkit.next();
}
const hasVersionHeader = VERSION_HEADER in request.headers;
const hasXsrfHeader = XSRF_HEADER in request.headers;
if (!isSafeMethod(request.route.method) && !hasVersionHeader && !hasXsrfHeader) {
return response.badRequest({ body: `Request must contain a ${XSRF_HEADER} header.` });
}
return toolkit.next();
};
};
export const createVersionCheckPostAuthHandler = (
opensearchDashboardsVersion: string
): OnPostAuthHandler => {
return (request, response, toolkit) => {
const requestVersion = request.headers[VERSION_HEADER];
if (requestVersion && requestVersion !== opensearchDashboardsVersion) {
return response.badRequest({
body: {
message:
`Browser client is out of date, please refresh the page ` +
`("${VERSION_HEADER}" header was "${requestVersion}" but should be "${opensearchDashboardsVersion}")`,
attributes: {
expected: opensearchDashboardsVersion,
got: requestVersion,
},
},
});
}
return toolkit.next();
};
};
export const createCustomHeadersPreResponseHandler = (config: HttpConfig): OnPreResponseHandler => {
const serverName = config.name;
const customHeaders = config.customResponseHeaders;
return (request, response, toolkit) => {
const additionalHeaders = {
...customHeaders,
[OPENSEARCH_DASHBOARDS_NAME_HEADER]: serverName,
};
return toolkit.next({ headers: additionalHeaders });
};
};
export const registerCoreHandlers = (
registrar: LifecycleRegistrar,
config: HttpConfig,
env: Env
) => {
registrar.registerOnPreResponse(createCustomHeadersPreResponseHandler(config));
registrar.registerOnPostAuth(createXsrfPostAuthHandler(config));
registrar.registerOnPostAuth(createVersionCheckPostAuthHandler(env.packageInfo.version));
};