Repo cleanup and updates
This commit is contained in:
Darren Clarke
GitHub
parent
3a1063e40e
commit
99f8d7e2eb
72 changed files with 11857 additions and 16439 deletions
|
|
@ -7,13 +7,11 @@ import { SetupModeWarning } from "./SetupModeWarning";
|
|||
|
||||
interface InternalLayoutProps extends PropsWithChildren {
|
||||
setupModeActive: boolean;
|
||||
leafcutterEnabled: boolean;
|
||||
}
|
||||
|
||||
export const InternalLayout: FC<InternalLayoutProps> = ({
|
||||
children,
|
||||
setupModeActive,
|
||||
leafcutterEnabled,
|
||||
}) => {
|
||||
const [open, setOpen] = useState(true);
|
||||
|
||||
|
|
@ -24,7 +22,6 @@ export const InternalLayout: FC<InternalLayoutProps> = ({
|
|||
<Sidebar
|
||||
open={open}
|
||||
setOpen={setOpen}
|
||||
leafcutterEnabled={leafcutterEnabled}
|
||||
/>
|
||||
<Grid
|
||||
item
|
||||
|
|
|
|||
|
|
@ -176,13 +176,11 @@ const MenuItem = ({
|
|||
interface SidebarProps {
|
||||
open: boolean;
|
||||
setOpen: (open: boolean) => void;
|
||||
leafcutterEnabled?: boolean;
|
||||
}
|
||||
|
||||
export const Sidebar: FC<SidebarProps> = ({
|
||||
open,
|
||||
setOpen,
|
||||
leafcutterEnabled = false,
|
||||
}) => {
|
||||
const pathname = usePathname();
|
||||
const { data: session } = useSession();
|
||||
|
|
@ -372,11 +370,11 @@ export const Sidebar: FC<SidebarProps> = ({
|
|||
}}
|
||||
>
|
||||
<MenuItem
|
||||
name="Dashboards"
|
||||
href="/dashboards"
|
||||
name="Dashboard"
|
||||
href="/"
|
||||
Icon={InsightsIcon}
|
||||
iconSize={20}
|
||||
selected={pathname.startsWith("/dashboards")}
|
||||
selected={pathname === "/"}
|
||||
open={open}
|
||||
/>
|
||||
<MenuItem
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ import { FC } from "react";
|
|||
import { Grid } from "@mui/material";
|
||||
import Iframe from "react-iframe";
|
||||
|
||||
const docsUrl = "https://digiresilience.org/docs/link/about/";
|
||||
|
||||
export const DocsWrapper: FC = () => (
|
||||
<Grid
|
||||
container
|
||||
|
|
@ -17,7 +19,7 @@ export const DocsWrapper: FC = () => (
|
|||
>
|
||||
<Iframe
|
||||
id="docs"
|
||||
url={"https://digiresilience.org/docs/link/about/"}
|
||||
url={docsUrl}
|
||||
width="100%"
|
||||
height="100%"
|
||||
frameBorder={0}
|
||||
|
|
|
|||
|
|
@ -12,12 +12,10 @@ type LayoutProps = {
|
|||
|
||||
export default function Layout({ children }: LayoutProps) {
|
||||
const setupModeActive = process.env.SETUP_MODE === "true";
|
||||
const leafcutterEnabled = process.env.LEAFCUTTER_ENABLED === "true";
|
||||
|
||||
return (
|
||||
<InternalLayout
|
||||
setupModeActive={setupModeActive}
|
||||
leafcutterEnabled={leafcutterEnabled}
|
||||
>
|
||||
{children}
|
||||
</InternalLayout>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import { Metadata } from "next";
|
|||
import { DefaultDashboard } from "./_components/DefaultDashboard";
|
||||
|
||||
export const metadata: Metadata = {
|
||||
title: "CDR Link - Home",
|
||||
title: "CDR Link - Dashboard",
|
||||
};
|
||||
|
||||
export default async function Page() {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import {
|
|||
import Google from "next-auth/providers/google";
|
||||
import Credentials from "next-auth/providers/credentials";
|
||||
import Apple from "next-auth/providers/apple";
|
||||
import { Redis } from "ioredis";
|
||||
import AzureADProvider from "next-auth/providers/azure-ad";
|
||||
import { createLogger } from "@link-stack/logger";
|
||||
|
||||
|
|
@ -30,7 +29,7 @@ const fetchRoles = async () => {
|
|||
};
|
||||
|
||||
const fetchUser = async (email: string) => {
|
||||
const url = `${process.env.ZAMMAD_URL}/api/v1/users/search?query=login:${email}&limit=1`;
|
||||
const url = `${process.env.ZAMMAD_URL}/api/v1/users/search?query=${encodeURIComponent(`login:${email}`)}&limit=1`;
|
||||
const res = await fetch(url, { headers });
|
||||
const users = await res.json();
|
||||
const user = users?.[0];
|
||||
|
|
@ -124,9 +123,9 @@ if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
|
|||
|
||||
export const authOptions: NextAuthOptions = {
|
||||
pages: {
|
||||
signIn: "/link/login",
|
||||
error: "/link/login",
|
||||
signOut: "/link/logout",
|
||||
signIn: "/login",
|
||||
error: "/login",
|
||||
signOut: "/logout",
|
||||
},
|
||||
providers,
|
||||
session: {
|
||||
|
|
@ -139,11 +138,6 @@ export const authOptions: NextAuthOptions = {
|
|||
return roles.includes("admin") || roles.includes("agent");
|
||||
},
|
||||
session: async ({ session, token }) => {
|
||||
// const redis = new Redis(process.env.REDIS_URL);
|
||||
// const isInvalidated = await redis.get(`invalidated:${token.sub}`);
|
||||
// if (isInvalidated) {
|
||||
// return null;
|
||||
// }
|
||||
// @ts-ignore
|
||||
session.user.roles = token.roles ?? [];
|
||||
// @ts-ignore
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
import { createLogger } from "@link-stack/logger";
|
||||
|
||||
const logger = createLogger('link-utils');
|
||||
|
||||
export const fetchLeafcutter = async (url: string, options: any) => {
|
||||
/*
|
||||
|
||||
const headers = {
|
||||
'X-Opensearch-Username': process.env.OPENSEARCH_USER!,
|
||||
'X-Opensearch-Password': process.env.OPENSEARCH_PASSWORD!,
|
||||
'X-Leafcutter-User': token.email.toLowerCase()
|
||||
};
|
||||
*/
|
||||
const fetchData = async (url: string, options: any) => {
|
||||
try {
|
||||
const res = await fetch(url, options);
|
||||
const json = await res.json();
|
||||
return json;
|
||||
} catch (error) {
|
||||
logger.error({ error }, "Error occurred");
|
||||
return null;
|
||||
}
|
||||
};
|
||||
|
||||
const data = await fetchData(url, options);
|
||||
|
||||
if (!data) {
|
||||
const csrfURL = `${process.env.NEXT_PUBLIC_LEAFCUTTER_URL}/api/auth/csrf`;
|
||||
const csrfData = await fetchData(csrfURL, {});
|
||||
const authURL = `${process.env.NEXT_PUBLIC_LEAFCUTTER_URL}/api/auth/callback/credentials`;
|
||||
const authData = await fetchData(authURL, { method: "POST" });
|
||||
if (!authData) {
|
||||
return null;
|
||||
} else {
|
||||
return await fetchData(url, options);
|
||||
}
|
||||
} else {
|
||||
return data;
|
||||
}
|
||||
};
|
||||
|
|
@ -1 +1,4 @@
|
|||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
export { receiveMessage as POST } from "@link-stack/bridge-ui";
|
||||
|
|
|
|||
|
|
@ -1 +1,4 @@
|
|||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
export { relinkBot as POST } from "@link-stack/bridge-ui";
|
||||
|
|
|
|||
|
|
@ -1 +1,4 @@
|
|||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
export { getBot as GET } from "@link-stack/bridge-ui";
|
||||
|
|
|
|||
|
|
@ -1 +1,4 @@
|
|||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
export { sendMessage as POST } from "@link-stack/bridge-ui";
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
import { handleWebhook } from "@link-stack/bridge-ui";
|
||||
|
||||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
export { handleWebhook as GET, handleWebhook as POST };
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
import NextAuth from "next-auth";
|
||||
import { authOptions } from "@/app/_lib/authentication";
|
||||
|
||||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
const handler = NextAuth(authOptions);
|
||||
|
||||
export { handler as GET, handler as POST };
|
||||
|
|
|
|||
|
|
@ -1,11 +1,17 @@
|
|||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { createLogger } from "@link-stack/logger";
|
||||
import { getWorkerUtils } from "@link-stack/bridge-common";
|
||||
import { timingSafeEqual } from "crypto";
|
||||
|
||||
// Force this route to be dynamic (not statically generated at build time)
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
const logger = createLogger('formstack-webhook');
|
||||
|
||||
export async function POST(req: NextRequest): Promise<NextResponse> {
|
||||
try {
|
||||
const clientIp = req.headers.get('x-forwarded-for') || req.headers.get('x-real-ip') || 'unknown';
|
||||
|
||||
// Get the shared secret from environment variable
|
||||
const expectedSecret = process.env.FORMSTACK_SHARED_SECRET;
|
||||
|
||||
|
|
@ -21,19 +27,47 @@ export async function POST(req: NextRequest): Promise<NextResponse> {
|
|||
const body = await req.json();
|
||||
const receivedSecret = body.HandshakeKey;
|
||||
|
||||
// Verify the shared secret
|
||||
if (receivedSecret !== expectedSecret) {
|
||||
logger.warn({ receivedSecret }, 'Invalid shared secret received');
|
||||
// Validate that secret is provided
|
||||
if (!receivedSecret || typeof receivedSecret !== 'string') {
|
||||
logger.warn({ clientIp }, 'Missing or invalid HandshakeKey');
|
||||
return NextResponse.json(
|
||||
{ error: "Unauthorized" },
|
||||
{ status: 401 }
|
||||
);
|
||||
}
|
||||
|
||||
// Log the entire webhook payload to see the data structure
|
||||
// Use timing-safe comparison to prevent timing attacks
|
||||
const expectedBuffer = Buffer.from(expectedSecret);
|
||||
const receivedBuffer = Buffer.from(receivedSecret);
|
||||
|
||||
let secretsMatch = false;
|
||||
if (expectedBuffer.length === receivedBuffer.length) {
|
||||
try {
|
||||
secretsMatch = timingSafeEqual(expectedBuffer, receivedBuffer);
|
||||
} catch (e) {
|
||||
secretsMatch = false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!secretsMatch) {
|
||||
logger.warn({
|
||||
secretMatch: false,
|
||||
timestamp: new Date().toISOString(),
|
||||
userAgent: req.headers.get('user-agent'),
|
||||
clientIp
|
||||
}, 'Invalid shared secret received');
|
||||
return NextResponse.json(
|
||||
{ error: "Unauthorized" },
|
||||
{ status: 401 }
|
||||
);
|
||||
}
|
||||
|
||||
// Log webhook receipt with non-PII metadata only
|
||||
logger.info({
|
||||
payload: body,
|
||||
headers: Object.fromEntries(req.headers.entries()),
|
||||
formId: body.FormID,
|
||||
uniqueId: body.UniqueID,
|
||||
timestamp: new Date().toISOString(),
|
||||
fieldCount: Object.keys(body).length
|
||||
}, 'Received Formstack webhook');
|
||||
|
||||
// Enqueue a bridge-worker task to process this form submission
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { Redis } from "ioredis";
|
||||
import { getToken } from "next-auth/jwt";
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
const token = await getToken({
|
||||
req: request,
|
||||
secret: process.env.NEXTAUTH_SECRET,
|
||||
});
|
||||
const allCookies = request.cookies.getAll();
|
||||
const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
|
||||
const signOutURL = `${zammadURL}/api/v1/signout`;
|
||||
|
|
@ -18,7 +12,21 @@ export async function POST(request: NextRequest) {
|
|||
.join("; "),
|
||||
};
|
||||
|
||||
await fetch(signOutURL, { headers });
|
||||
// Add timeout to prevent hanging requests
|
||||
const controller = new AbortController();
|
||||
const timeout = setTimeout(() => controller.abort(), 5000); // 5 second timeout
|
||||
|
||||
try {
|
||||
await fetch(signOutURL, {
|
||||
headers,
|
||||
signal: controller.signal
|
||||
});
|
||||
} catch (error) {
|
||||
// Log but don't fail logout if Zammad signout fails
|
||||
console.error('Zammad signout failed:', error);
|
||||
} finally {
|
||||
clearTimeout(timeout);
|
||||
}
|
||||
|
||||
const cookiePrefixesToRemove = ["_zammad"];
|
||||
const response = NextResponse.json({ message: "ok" });
|
||||
|
|
@ -31,8 +39,5 @@ export async function POST(request: NextRequest) {
|
|||
}
|
||||
}
|
||||
|
||||
const redis = new Redis(process.env.REDIS_URL);
|
||||
await redis.setex(`invalidated:${token.sub}`, 24 * 60 * 60, "1");
|
||||
|
||||
return response;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue