random-mirrors
/
cosmos-explorer
mirror of https://github.com/Azure/cosmos-explorer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

walmart block query restricted account

This commit is contained in:
Asier Isayas 2023-10-25 12:55:50 -04:00
parent 3a703b0bd0
commit fd6b6f43e1
6 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Common/Constants.ts
View File

@ -177,6 +177,7 @@ export class HttpHeaders {
public static activityId: string = "x-ms-activity-id"; public static activityId: string = "x-ms-activity-id";
public static apiType: string = "x-ms-cosmos-apitype"; public static apiType: string = "x-ms-cosmos-apitype";
public static authorization: string = "authorization"; public static authorization: string = "authorization";
public static graphAuthorization: string = "graph-authorization";
public static collectionIndexTransformationProgress: string = public static collectionIndexTransformationProgress: string =
"x-ms-documentdb-collection-index-transformation-progress"; "x-ms-documentdb-collection-index-transformation-progress";
public static continuation: string = "x-ms-continuation"; public static continuation: string = "x-ms-continuation";

7
src/HostedExplorer.tsx
View File

@ -7,9 +7,6 @@ import "../less/hostedexplorer.less";
import { AuthType } from "./AuthType"; import { AuthType } from "./AuthType";
import { DatabaseAccount } from "./Contracts/DataModels"; import { DatabaseAccount } from "./Contracts/DataModels";
import "./Explorer/Menus/NavBar/MeControlComponent.less"; import "./Explorer/Menus/NavBar/MeControlComponent.less";
import { useAADAuth } from "./hooks/useAADAuth";
import { useConfig } from "./hooks/useConfig";
import { useTokenMetadata } from "./hooks/usePortalAccessToken";
import { HostedExplorerChildFrame } from "./HostedExplorerChildFrame"; import { HostedExplorerChildFrame } from "./HostedExplorerChildFrame";
import { AccountSwitcher } from "./Platform/Hosted/Components/AccountSwitcher"; import { AccountSwitcher } from "./Platform/Hosted/Components/AccountSwitcher";
import { ConnectExplorer } from "./Platform/Hosted/Components/ConnectExplorer"; import { ConnectExplorer } from "./Platform/Hosted/Components/ConnectExplorer";
@ -20,6 +17,9 @@ import { SignInButton } from "./Platform/Hosted/Components/SignInButton";
import "./Platform/Hosted/ConnectScreen.less"; import "./Platform/Hosted/ConnectScreen.less";
import { extractMasterKeyfromConnectionString } from "./Platform/Hosted/HostedUtils"; import { extractMasterKeyfromConnectionString } from "./Platform/Hosted/HostedUtils";
import "./Shared/appInsights"; import "./Shared/appInsights";
import { useAADAuth } from "./hooks/useAADAuth";
import { useConfig } from "./hooks/useConfig";
import { useTokenMetadata } from "./hooks/usePortalAccessToken";
initializeIcons(); initializeIcons();
@ -51,6 +51,7 @@ const App: React.FunctionComponent = () => {
authType: AuthType.AAD, authType: AuthType.AAD,
databaseAccount, databaseAccount,
authorizationToken: armToken, authorizationToken: armToken,
graphAuthorizationToken: graphToken
}; };
} else if (authType === AuthType.EncryptedToken) { } else if (authType === AuthType.EncryptedToken) {
frameWindow.hostedConfig = { frameWindow.hostedConfig = {

1
src/HostedExplorerChildFrame.ts
View File

@ -10,6 +10,7 @@ export interface AAD {
authType: AuthType.AAD; authType: AuthType.AAD;
databaseAccount: DatabaseAccount; databaseAccount: DatabaseAccount;
authorizationToken: string; authorizationToken: string;
graphAuthorizationToken: string;
} }
export interface ConnectionString { export interface ConnectionString {

2
src/UserContext.ts
View File

@ -79,6 +79,7 @@ interface UserContext {
collectionCreationDefaults: CollectionCreationDefaults; collectionCreationDefaults: CollectionCreationDefaults;
sampleDataConnectionInfo?: ParsedResourceTokenConnectionString; sampleDataConnectionInfo?: ParsedResourceTokenConnectionString;
readonly vcoreMongoConnectionParams?: VCoreMongoConnectionParams; readonly vcoreMongoConnectionParams?: VCoreMongoConnectionParams;
readonly accountRestrictedFromUser?: boolean;
} }
export type ApiType = "SQL" | "Mongo" | "Gremlin" | "Tables" | "Cassandra" | "Postgres" | "VCoreMongo"; export type ApiType = "SQL" | "Mongo" | "Gremlin" | "Tables" | "Cassandra" | "Postgres" | "VCoreMongo";
@ -171,3 +172,4 @@ function apiType(account: DatabaseAccount | undefined): ApiType {
} }
export { updateUserContext, userContext }; export { updateUserContext, userContext };

24
src/Utils/AuthorizationUtils.ts
View File

@ -60,3 +60,27 @@ export function getMsalInstance() {
const msalInstance = new msal.PublicClientApplication(config); const msalInstance = new msal.PublicClientApplication(config);
return msalInstance; return msalInstance;
} }
export async function isAccountRestrictedFromUser(accountName: string, graphToken: string): Promise<boolean> {
const checkUserAccessUrl: string = "https://localhost:12901/api/guest/accountrestrictions/accountrestrictedfromuser";
// const authorizationHeader = getAuthorizationHeader();
try {
const response: Response = await fetch(checkUserAccessUrl, {
method: "POST",
body: JSON.stringify({
accountName
}),
headers: {
// [authorizationHeader.header]: authorizationHeader.token,
[Constants.HttpHeaders.graphAuthorization]: graphToken,
[Constants.HttpHeaders.contentType]: "application/json",
}
});
const responseText: string = await response.text();
return responseText.toLowerCase() === "true";
} catch (e) {
console.log(e);
throw new Error(e);
}
}

4
src/hooks/useKnockoutExplorer.ts
View File

@ -36,7 +36,7 @@ import { extractFeatures } from "../Platform/Hosted/extractFeatures";
import { CollectionCreation } from "../Shared/Constants"; import { CollectionCreation } from "../Shared/Constants";
import { DefaultExperienceUtility } from "../Shared/DefaultExperienceUtility"; import { DefaultExperienceUtility } from "../Shared/DefaultExperienceUtility";
import { Node, PortalEnv, updateUserContext, userContext } from "../UserContext"; import { Node, PortalEnv, updateUserContext, userContext } from "../UserContext";
import { getAuthorizationHeader, getMsalInstance } from "../Utils/AuthorizationUtils"; import { getAuthorizationHeader, getMsalInstance, isAccountRestrictedFromUser } from "../Utils/AuthorizationUtils";
import { isInvalidParentFrameOrigin, shouldProcessMessage } from "../Utils/MessageValidation"; import { isInvalidParentFrameOrigin, shouldProcessMessage } from "../Utils/MessageValidation";
import { listKeys } from "../Utils/arm/generatedClients/cosmos/databaseAccounts"; import { listKeys } from "../Utils/arm/generatedClients/cosmos/databaseAccounts";
import { DatabaseAccountListKeysResult } from "../Utils/arm/generatedClients/cosmos/types"; import { DatabaseAccountListKeysResult } from "../Utils/arm/generatedClients/cosmos/types";
@ -227,9 +227,11 @@ async function configureHosted(): Promise<Explorer> {
async function configureHostedWithAAD(config: AAD): Promise<Explorer> { async function configureHostedWithAAD(config: AAD): Promise<Explorer> {
// TODO: Refactor. updateUserContext needs to be called twice because listKeys below depends on userContext.authorizationToken // TODO: Refactor. updateUserContext needs to be called twice because listKeys below depends on userContext.authorizationToken
const accountRestrictedFromUser: boolean = await isAccountRestrictedFromUser(config.databaseAccount.name, config.graphAuthorizationToken);
updateUserContext({ updateUserContext({
authType: AuthType.AAD, authType: AuthType.AAD,
authorizationToken: `Bearer ${config.authorizationToken}`, authorizationToken: `Bearer ${config.authorizationToken}`,
accountRestrictedFromUser
}); });
const account = config.databaseAccount; const account = config.databaseAccount;
const accountResourceId = account.id; const accountResourceId = account.id;