Quick fix for redirect to COSV on authorization (#2749)

saveourtool · Oct 19, 2023 · 31a7a35 · 31a7a35
1 parent 959194b
commit 31a7a35
Show file tree

Hide file tree

Showing 10 changed files with 25 additions and 13 deletions.
diff --git a/api-gateway/src/main/resources/application.yml b/api-gateway/src/main/resources/application.yml
@@ -117,7 +117,7 @@ spring:
           huawei:
             provider: huawei
             # hardcoded as for gitee
-            redirect-uri: 'https://saveourtool.com/login/oauth2/code/huawei'
+            redirect-uri: '{baseUrl}/login/oauth2/code/huawei'
             authorization-grant-type: authorization_code
             client-authentication-method: client_secret_post
             # can be
@@ -130,7 +130,7 @@ spring:
             provider: gitee
             # it can be '${gateway.frontend.url}/{action}/oauth2/code/{registrationId}',
             # but for security reasons I would like to hardcode a domain name
-            redirect-uri: 'https://saveourtool.com/login/oauth2/code/gitee'
+            redirect-uri: '{baseUrl}/login/oauth2/code/gitee'
             authorization-grant-type: authorization_code
             scope:
               - user_info

diff --git a/save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/validation/FrontendRoutes.kt b/save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/validation/FrontendRoutes.kt
@@ -25,7 +25,6 @@ enum class FrontendRoutes(val path: String) {
     CREATE_CONTESTS_TEMPLATE("create-contest-template"),
     CREATE_ORGANIZATION("create-organization"),
     CREATE_PROJECT("create-project"),
-    CREATE_VULNERABILITY("vuln/create-vulnerability"),
     DEMO("demo"),
     ERROR_404("404"),
     INDEX(""),
@@ -42,13 +41,14 @@ enum class FrontendRoutes(val path: String) {
     SETTINGS_TOKEN("$SETTINGS/token"),
     TERMS_OF_USE("terms-of-use"),
     THANKS_FOR_REGISTRATION("thanks-for-registration"),
-    UPLOAD_VULNERABILITY("vuln/upload-vulnerability"),
     VULN("vuln"),
     VULNERABILITIES("$VULN/list"),
     VULNERABILITY_SINGLE("$VULN/collection"),
     VULN_COSV_SCHEMA("$VULN/schema"),
+    VULN_CREATE("$VULN/create-vulnerability"),
     VULN_PROFILE("$VULN/profile"),
     VULN_TOP_RATING("$VULN/top-rating"),
+    VULN_UPLOAD("$VULN/upload-vulnerability"),
     ;
 
     override fun toString(): String = path

diff --git a/...com/saveourtool/save/frontend/components/basic/table/filters/VulnerabilitiesFiltersRow.kt b/...com/saveourtool/save/frontend/components/basic/table/filters/VulnerabilitiesFiltersRow.kt
@@ -196,7 +196,7 @@ val vulnerabilitiesFiltersRow: FC<VulnerabilitiesFiltersProps> = FC { props ->
                         className = ClassName("col-2")
                         withNavigate { navigateContext ->
                             buttonBuilder(faPlus, style = "primary mr-1", title = "Add new vulnerability", classes = "icon-2-5rem", isOutline = true) {
-                                navigateContext.navigate("/${FrontendRoutes.CREATE_VULNERABILITY}")
+                                navigateContext.navigate("/${FrontendRoutes.VULN_CREATE}")
                             }
                         }
                         uploadCosvButton {

diff --git a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/components/topbar/TopBarLinks.kt b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/components/topbar/TopBarLinks.kt
@@ -41,7 +41,7 @@ val topBarLinks: FC<TopBarLinksProps> = FC { props ->
 
     @Suppress("MAGIC_NUMBER")
     val vulnTopbarLinks = sequenceOf(
-        TopBarLink(hrefAnchor = FrontendRoutes.CREATE_VULNERABILITY.path, text = "Propose vulnerability".t()),
+        TopBarLink(hrefAnchor = FrontendRoutes.VULN_CREATE.path, text = "Propose vulnerability".t()),
         TopBarLink(hrefAnchor = FrontendRoutes.VULNERABILITIES.path, text = "Vulnerabilities list".t()),
         TopBarLink(hrefAnchor = FrontendRoutes.VULN_TOP_RATING.path, text = "Top Rating".t()),
     )

diff --git a/...ontend/src/main/kotlin/com/saveourtool/save/frontend/components/topbar/TopBarUrlSplits.kt b/...ontend/src/main/kotlin/com/saveourtool/save/frontend/components/topbar/TopBarUrlSplits.kt
@@ -3,6 +3,7 @@
 package com.saveourtool.save.frontend.components.topbar
 
 import com.saveourtool.save.frontend.utils.TopBarUrl
+import com.saveourtool.save.frontend.utils.isCosvDomain
 import com.saveourtool.save.utils.URL_PATH_DELIMITER
 import com.saveourtool.save.validation.FrontendRoutes
 
@@ -19,6 +20,8 @@ import react.router.dom.Link
 import remix.run.router.Location
 import web.cssom.ClassName
 
+import kotlinx.browser.window
+
 /**
  * Displays the URL split with "/".
  */
@@ -36,7 +39,7 @@ val topBarUrlSplits: FC<TopBarUrlSplitsProps> = FC { props ->
                     // if we are on welcome page right now - need to highlight SAVE in menu
                     val textColor = if (props.location.pathname == "/") "text-warning" else "text-light"
                     className = ClassName(textColor)
-                    +"SaveOurTool!"
+                    +if (window.location.isCosvDomain()) "COSV" else "SaveOurTool!"
                 }
             }
             props.location.pathname

diff --git a/...rontend/src/main/kotlin/com/saveourtool/save/frontend/components/views/index/IndexView.kt b/...rontend/src/main/kotlin/com/saveourtool/save/frontend/components/views/index/IndexView.kt
@@ -23,7 +23,7 @@ import kotlinx.browser.window
 val indexView: FC<IndexViewProps> = FC { props ->
     val navigate = useNavigate()
     useEffect {
-        if (window.location.run { hostname in setOf("cosv.dev", "cosv.gitlink.org.cn") && pathname == "/" }) {
+        if (window.location.run { isCosvDomain() && pathname == "/" }) {
             navigate("/vuln")
         }
     }

diff --git a/.../kotlin/com/saveourtool/save/frontend/components/views/vuln/component/UploadCosvButton.kt b/.../kotlin/com/saveourtool/save/frontend/components/views/vuln/component/UploadCosvButton.kt
@@ -17,11 +17,11 @@ val uploadCosvButton: FC<UploadCosvButtonProps> = FC { props ->
 
         if (props.isImage) {
             buttonBuilder(faFile, style = "primary", title = "Add new vulnerability from json", classes = "icon-2-5rem", isOutline = true) {
-                navigateContext.navigate("/${FrontendRoutes.UPLOAD_VULNERABILITY}")
+                navigateContext.navigate("/${FrontendRoutes.VULN_UPLOAD}")
             }
         } else {
             buttonBuilder("Upload COSV files".t(), style = "primary", isOutline = true) {
-                navigateContext.navigate("/${FrontendRoutes.UPLOAD_VULNERABILITY}")
+                navigateContext.navigate("/${FrontendRoutes.VULN_UPLOAD}")
             }
         }
     }

diff --git a/...kotlin/com/saveourtool/save/frontend/components/views/welcome/VulnerabilityWelcomeView.kt b/...kotlin/com/saveourtool/save/frontend/components/views/welcome/VulnerabilityWelcomeView.kt
@@ -100,7 +100,7 @@ val vulnWelcomeView: FC<WelcomeProps> = FC { props ->
                             welcomeUserMenu(props.userInfo, Colors.VULN_PRIMARY, t) {
                                 menuTextAndLink("Vulnerability database".t(), FrontendRoutes.VULNERABILITIES, faCode)
                                 hrNoMargin()
-                                menuTextAndLink("Propose vulnerability".t(), FrontendRoutes.CREATE_VULNERABILITY, faPlus)
+                                menuTextAndLink("Propose vulnerability".t(), FrontendRoutes.VULN_CREATE, faPlus)
                                 hrNoMargin()
                                 menuTextAndLink("Top rating".t(), FrontendRoutes.VULN_TOP_RATING, faTrophy)
                             }

diff --git a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/routing/BasicRouting.kt b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/routing/BasicRouting.kt
@@ -202,8 +202,8 @@ val basicRouting: FC<AppProps> = FC { props ->
             cpgView.create() to "$DEMO/cpg",
             testExecutionDetailsView.create() to "/:organization/:project/history/execution/:executionId/test/:testId",
             vulnerabilityCollectionView.create() to "$VULN/list/:params?",
-            createVulnerabilityView.create() to CREATE_VULNERABILITY,
-            uploadVulnerabilityView.create() to UPLOAD_VULNERABILITY,
+            createVulnerabilityView.create() to VULN_CREATE,
+            uploadVulnerabilityView.create() to VULN_UPLOAD,
             vulnerabilityView.create() to "$VULNERABILITY_SINGLE/:identifier",
             demoCollectionView.create() to DEMO,
             userProfileView.create() to "$VULN_PROFILE/:name",

diff --git a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/utils/Utils.kt b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/utils/Utils.kt
@@ -8,6 +8,7 @@ import com.saveourtool.save.domain.Role
 import com.saveourtool.save.domain.Role.SUPER_ADMIN
 import com.saveourtool.save.info.UserInfo
 
+import org.w3c.dom.Location
 import org.w3c.files.Blob
 import org.w3c.files.BlobPropertyBag
 import org.w3c.xhr.FormData
@@ -135,6 +136,14 @@ fun String.dateStringToLocalDateTime(time: LocalTime = LocalTime(0, 0, 0)) = Loc
     time,
 )
 
+/**
+ * Dirty hack for the COSV location
+ * Should be removed in future
+ *
+ * @return true if we are in COSV domains range
+ */
+fun Location.isCosvDomain() = this.hostname in setOf("cosv.dev", "cosv.gitlink.org.cn")
+
 /**
  * @return `true` if this user is a super-admin, `false` otherwise.
  * @see Role.isSuperAdmin