From b947ed61619d218851a198ef3df6c4d3e5f7de17 Mon Sep 17 00:00:00 2001
From: artrejo <ato9000@users.noreply.github.com>
Date: Mon, 24 Jan 2022 12:08:52 -0800
Subject: [PATCH] Use updateConfigContext when updating from external configs

---
 src/ConfigContext.ts            | 36 ++++-----------------------------
 src/Utils/EndpointValidation.ts | 24 +++++++++++++++++++++-
 src/Utils/MessageValidation.ts  |  6 +++---
 3 files changed, 30 insertions(+), 36 deletions(-)

diff --git a/src/ConfigContext.ts b/src/ConfigContext.ts
index e5544c3d4..85524f540 100644
--- a/src/ConfigContext.ts
+++ b/src/ConfigContext.ts
@@ -1,4 +1,3 @@
-import { JunoEndpoints } from "Common/Constants";
 import {
   allowedAadEndpoints,
   allowedArcadiaEndpoints,
@@ -7,6 +6,7 @@ import {
   allowedEmulatorEndpoints,
   allowedGraphEndpoints,
   allowedHostedExplorerEndpoints,
+  allowedJunoOrigins,
   allowedMongoBackendEndpoints,
   allowedMsalRedirectEndpoints,
   validateEndpoint,
@@ -20,7 +20,6 @@ export enum Platform {
 
 export interface ConfigContext {
   platform: Platform;
-  allowedParentFrameOrigins: string[];
   gitSha?: string;
   proxyPath?: string;
   AAD_ENDPOINT: string;
@@ -42,21 +41,12 @@ export interface ConfigContext {
   isTerminalEnabled: boolean;
   hostedExplorerURL: string;
   armAPIVersion?: string;
-  allowedJunoOrigins: string[];
   msalRedirectURI?: string;
 }
 
 // Default configuration
 let configContext: Readonly<ConfigContext> = {
   platform: Platform.Portal,
-  allowedParentFrameOrigins: [
-    `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`,
-    `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`,
-    `^https:\\/\\/[\\.\\w]*portal\\.microsoftazure.de$`,
-    `^https:\\/\\/[\\.\\w]*ext\\.azure\\.(com|cn|us)$`,
-    `^https:\\/\\/[\\.\\w]*\\.ext\\.microsoftazure\\.de$`,
-    `^https://cosmos-db-dataexplorer-germanycentral.azurewebsites.de$`,
-  ],
   // Webpack injects this at build time
   gitSha: process.env.GIT_SHA,
   hostedExplorerURL: "https://cosmos.azure.com/",
@@ -73,14 +63,6 @@ let configContext: Readonly<ConfigContext> = {
   JUNO_ENDPOINT: "https://tools.cosmos.azure.com",
   BACKEND_ENDPOINT: "https://main.documentdb.ext.azure.com",
   isTerminalEnabled: false,
-  allowedJunoOrigins: [
-    JunoEndpoints.Test,
-    JunoEndpoints.Test2,
-    JunoEndpoints.Test3,
-    JunoEndpoints.Prod,
-    JunoEndpoints.Stage,
-    "https://localhost",
-  ],
 };
 
 export function resetConfigContext(): void {
@@ -123,7 +105,7 @@ export function updateConfigContext(newContext: Partial<ConfigContext>): void {
     delete newContext.MONGO_BACKEND_ENDPOINT;
   }
 
-  if (!validateEndpoint(newContext.JUNO_ENDPOINT, configContext.allowedJunoOrigins)) {
+  if (!validateEndpoint(newContext.JUNO_ENDPOINT, allowedJunoOrigins)) {
     delete newContext.JUNO_ENDPOINT;
   }
 
@@ -158,18 +140,8 @@ export async function initializeConfiguration(): Promise<ConfigContext> {
     });
     if (response.status === 200) {
       try {
-        const { allowedParentFrameOrigins, allowedJunoOrigins, ...externalConfig } = await response.json();
-        Object.assign(configContext, externalConfig);
-        if (allowedParentFrameOrigins && allowedParentFrameOrigins.length > 0) {
-          updateConfigContext({
-            allowedParentFrameOrigins: [...configContext.allowedParentFrameOrigins, ...allowedParentFrameOrigins],
-          });
-        }
-        if (allowedJunoOrigins && allowedJunoOrigins.length > 0) {
-          updateConfigContext({
-            allowedJunoOrigins: [...configContext.allowedJunoOrigins, ...allowedJunoOrigins],
-          });
-        }
+        const { ...externalConfig } = await response.json();
+        updateConfigContext(externalConfig);
       } catch (error) {
         console.error("Unable to parse json in config file");
         console.error(error);
diff --git a/src/Utils/EndpointValidation.ts b/src/Utils/EndpointValidation.ts
index 5328a72d6..f9c13599f 100644
--- a/src/Utils/EndpointValidation.ts
+++ b/src/Utils/EndpointValidation.ts
@@ -1,3 +1,4 @@
+import { JunoEndpoints } from "Common/Constants";
 import * as Logger from "../Common/Logger";
 
 export function validateEndpoint(
@@ -16,7 +17,10 @@ export function validateEndpoint(
   }
 }
 
-function validateEndpointInternal(endpointToValidate: string | undefined, allowedEndpoints: string[]): boolean {
+function validateEndpointInternal(
+  endpointToValidate: string | undefined,
+  allowedEndpoints: ReadonlyArray<string>
+): boolean {
   if (endpointToValidate === undefined) {
     return false;
   }
@@ -67,4 +71,22 @@ export const allowedMsalRedirectEndpoints: ReadonlyArray<string> = [
   "https://cosmos-explorer-preview.azurewebsites.net/",
 ];
 
+export const allowedParentFrameOrigins: ReadonlyArray<string> = [
+  `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`,
+  `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`,
+  `^https:\\/\\/[\\.\\w]*portal\\.microsoftazure.de$`,
+  `^https:\\/\\/[\\.\\w]*ext\\.azure\\.(com|cn|us)$`,
+  `^https:\\/\\/[\\.\\w]*\\.ext\\.microsoftazure\\.de$`,
+  `^https://cosmos-db-dataexplorer-germanycentral.azurewebsites.de$`,
+];
+
+export const allowedJunoOrigins: ReadonlyArray<string> = [
+  JunoEndpoints.Test,
+  JunoEndpoints.Test2,
+  JunoEndpoints.Test3,
+  JunoEndpoints.Prod,
+  JunoEndpoints.Stage,
+  "https://localhost",
+];
+
 export const allowedNotebookServerUrls: ReadonlyArray<string> = [];
diff --git a/src/Utils/MessageValidation.ts b/src/Utils/MessageValidation.ts
index 06aaee206..fa601755f 100644
--- a/src/Utils/MessageValidation.ts
+++ b/src/Utils/MessageValidation.ts
@@ -1,10 +1,10 @@
-import { configContext } from "../ConfigContext";
+import { allowedParentFrameOrigins } from "Utils/EndpointValidation";
 
 export function isInvalidParentFrameOrigin(event: MessageEvent): boolean {
-  return !isValidOrigin(configContext.allowedParentFrameOrigins, event);
+  return !isValidOrigin(allowedParentFrameOrigins, event);
 }
 
-function isValidOrigin(allowedOrigins: string[], event: MessageEvent): boolean {
+function isValidOrigin(allowedOrigins: ReadonlyArray<string>, event: MessageEvent): boolean {
   const eventOrigin = (event && event.origin) || "";
   const windowOrigin = (window && window.origin) || "";
   if (eventOrigin === windowOrigin) {