scratchfoundation/scratch-www
1
0
Fork 0
mirror of https://github.com/scratchfoundation/scratch-www.git synced 2024-12-02 11:59:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
scratch-www/src/lib/api.js

95 lines
3.3 KiB
JavaScript
Raw Normal View History

Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
var defaults = require('lodash.defaults');
check street number range for address rather than exact address, so that we can more flexibly allow outdate post office data
2016-08-10 15:33:17 -04:00
var defaultsDeep = require('lodash.defaultsdeep');
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
var xhr = require('xhr');
var jar = require('./jar');
var log = require('./log');
var urlParams = require('./url-params');
/**
* Helper method that constructs requests to the scratch api.
* Custom arguments:
* - useCsrf [boolean] handles unique csrf token retrieval for POST requests. This prevents
* CSRF forgeries (see: https://www.squarefree.com/securitytips/web-developers.html#CSRF)
*
* It also takes in other arguments specified in the xhr library spec.
*/
module.exports = function (opts, callback) {
check street number range for address rather than exact address, so that we can more flexibly allow outdate post office data
2016-08-10 15:33:17 -04:00
defaultsDeep(opts, {
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
host: process.env.API_HOST,
Only apply `X-Requested-With` to same domain it breaks on cross domain
2016-08-11 14:54:13 -04:00
headers: {},
Add method to api for submitting forms Some of our legacy endpoints expect this style rather than json. Also clean up the way useCsrf works — don't always set json attribute to an empty object.
2016-06-16 17:24:31 -04:00
responseType: 'json',
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
useCsrf: false
});
opts.uri = opts.host + opts.uri;
if (opts.params) {
opts.uri = [opts.uri, urlParams(opts.params)]
.join(opts.uri.indexOf('?') === -1 ? '?' : '&');
}
Add method to api for submitting forms Some of our legacy endpoints expect this style rather than json. Also clean up the way useCsrf works — don't always set json attribute to an empty object.
2016-06-16 17:24:31 -04:00
if (opts.formData) {
opts.body = urlParams(opts.formData);
opts.headers['Content-Type'] = 'application/x-www-form-urlencoded';
}
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
var apiRequest = function (opts) {
if (opts.host !== '') {
// For IE < 10, we must use XDR for cross-domain requests. XDR does not support
// custom headers.
defaults(opts, {useXDR: true});
check street number range for address rather than exact address, so that we can more flexibly allow outdate post office data
2016-08-10 15:33:17 -04:00
if (opts.useXDR) {
delete opts.headers;
}
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
if (opts.authentication) {
var authenticationParams = ['x-token=' + opts.authentication];
var parts = opts.uri.split('?');
var qs = (parts[1] || '').split('&').concat(authenticationParams).join('&');
opts.uri = parts[0] + '?' + qs;
}
Only apply `X-Requested-With` to same domain it breaks on cross domain
2016-08-11 14:54:13 -04:00
} else {
opts['X-Requested-With'] = 'XMLHttpRequest';
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
}
xhr(opts, function (err, res, body) {
if (err) log.error(err);
Fix JSON response parsing in IE Fixes #654 IE does not honor responseType: 'json', and will not parse responses as JSON unless json data is present in the request. For some reason this issue can also be solved by including a `json` attribute on the xhr request, but if that's present, url encoded form data is overwritten with the contents of the json. So just try to parse the response ourselves if it looks like it wasn't parsed. See https://github.com/Raynos/xhr/issues/123
2016-07-03 15:54:37 -04:00
if (opts.responseType === 'json' && typeof body === 'string') {
// IE doesn't parse responses as JSON without the json attribute,
// even with responseType: 'json'.
// See https://github.com/Raynos/xhr/issues/123
try {
body = JSON.parse(body);
} catch (e) {
// Not parseable anyway, don't worry about it
}
}
Move api mixin to lib, remove mixin The mixin doesn't gain us anything except complexity
2016-06-06 10:09:01 -04:00
// Legacy API responses come as lists, and indicate to redirect the client like
// [{success: true, redirect: "/location/to/redirect"}]
try {
if ('redirect' in body[0]) window.location = body[0].redirect;
} catch (err) {
// do nothing
}
callback(err, body, res);
});
}.bind(this);
if (typeof jar.get('scratchlanguage') !== 'undefined') {
opts.headers['Accept-Language'] = jar.get('scratchlanguage') + ', en;q=0.8';
}
if (opts.authentication) {
opts.headers['X-Token'] = opts.authentication;
}
if (opts.useCsrf) {
jar.use('scratchcsrftoken', '/csrf_token/', function (err, csrftoken) {
if (err) return log.error('Error while retrieving CSRF token', err);
opts.headers['X-CSRFToken'] = csrftoken;
apiRequest(opts);
}.bind(this));
} else {
apiRequest(opts);
}
};
Reference in a new issue Copy permalink