fix: disable sending token when auth is disabled

Author: daanporon

.prettierrc

@@ -0,0 +1,40 @@
+{
+	"semi": true,
+	"singleQuote": true,
+	"trailingComma": "none",
+	"printWidth": 80,
+	"quoteProps": "as-needed",
+	"arrowParens": "always",
+	"tabWidth": 2,
+	"overrides": [
+			{
+					"files": "*.sol",
+					"options": {
+							"printWidth": 120,
+							"tabWidth": 2,
+							"useTabs": false,
+							"singleQuote": false,
+							"explicitTypes": "always"
+					}
+			},
+			{
+					"files": "*.json",
+					"options": {
+							"trailingComma": "none"
+					}
+			},
+			{
+					"files": "*.babelrc",
+					"options": {
+							"trailingComma": "none"
+					}
+			},
+			{
+					"files": "*.yaml",
+					"options": {
+							"singleQuote": false,
+							"tabWidth": 2
+					}
+			}
+	]
+}

app/Explorer.ts

@@ -20,6 +20,7 @@ import { authroutes } from './rest/authroutes';
 import { dbroutes } from './rest/dbroutes';
 import { platformroutes } from './rest/platformroutes';
 import swaggerDocument from './swagger.json';
+import { authCheckMiddleware } from './middleware/auth-check';
 
 /**
  *
@@ -57,7 +58,11 @@ export class Explorer {
 
 		this.app.use(passport.initialize());
 		if (process.env.NODE_ENV !== 'production') {
-			this.app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
+			this.app.use(
+				'/api-docs',
+				swaggerUi.serve,
+				swaggerUi.setup(swaggerDocument)
+			);
 		}
 		this.app.use(compression());
 		this.persistence = null;
@@ -110,7 +115,7 @@ export class Explorer {
 			// Make sure that platform instance will be referred after its initialization
 			passport.use('local-login', localLoginStrategy(platform));
 
-			// this.app.use('/api', authCheckMiddleware);
+			this.app.use('/api', authCheckMiddleware(platform));
 
 			const authrouter = Express.Router();
 

app/middleware/auth-check.ts

@@ -4,11 +4,25 @@
 
 import * as jwt from 'jsonwebtoken';
 import config from '../explorerconfig.json';
+import { Platform } from '../platform/fabric/Platform';
 
 /**
  *  The Auth Checker middleware function.
  */
-export const authCheckMiddleware = (req, res, next) => {
+export const authCheckMiddleware = (platform: Platform) => (req, res, next) => {
+	const networkId = req.headers['X-Network-ID'];
+	if (
+		networkId &&
+		!platform
+			.getClient(networkId)
+			.instance.fabricGateway.fabricConfig.getEnableAuthentication()
+	) {
+		req.requestUserId = 'dummy-user';
+		req.network = networkId;
+
+		return next();
+	}
+
 	if (!req.headers.authorization) {
 		return res.status(401).end();
 	}

client/src/components/Login/Login.js

@@ -26,7 +26,7 @@ import { shape, string } from 'prop-types';
 
 import { authSelectors, authOperations } from '../../state/redux/auth';
 
-const styles = theme => ({
+const styles = (theme) => ({
 	container: {
 		width: 'auto',
 		display: 'block', // Fix IE 11 issue.
@@ -114,7 +114,7 @@ export class Login extends Component {
 		}));
 	}
 
-	handleChange = event => {
+	handleChange = (event) => {
 		const { target } = event;
 		const value = target.type === 'checkbox' ? target.checked : target.value;
 		const { name } = target;
@@ -125,9 +125,9 @@ export class Login extends Component {
 		if (name === 'network') {
 			const { networks } = this.state;
 			newState.authEnabled = (
-				networks.find(n => n.name === value) || {}
+				networks.find((n) => n.name === value) || {}
 			).authEnabled;
-			newState.network.id = (networks.find(n => n.name === value) || {}).id;
+			newState.network.id = (networks.find((n) => n.name === value) || {}).id;
 		}
 
 		this.setState(newState);
@@ -142,7 +142,8 @@ export class Login extends Component {
 				user: authEnabled ? user : 'dummy-user',
 				password: authEnabled ? password : 'dummy-password'
 			},
-			network
+			network,
+			authEnabled
 		);
 
 		this.setState(() => ({ info }));
@@ -153,7 +154,7 @@ export class Login extends Component {
 		}
 	}
 
-	submitForm = async e => {
+	submitForm = async (e) => {
 		e.preventDefault();
 
 		const { user, password, network } = this.state;
@@ -217,7 +218,7 @@ export class Login extends Component {
 								label="Network"
 								disabled={isLoading}
 								value={network.value}
-								onChange={e => this.handleChange(e)}
+								onChange={(e) => this.handleChange(e)}
 								margin="normal"
 								InputProps={{
 									startAdornment: (
@@ -228,7 +229,7 @@ export class Login extends Component {
 									shrink: 'true'
 								}}
 							>
-								{networks.map(item => (
+								{networks.map((item) => (
 									<MenuItem key={item.name} value={item.name}>
 										{item.name}
 									</MenuItem>
@@ -251,7 +252,7 @@ export class Login extends Component {
 									label="User"
 									disabled={isLoading}
 									value={user.value}
-									onChange={e => this.handleChange(e)}
+									onChange={(e) => this.handleChange(e)}
 									margin="normal"
 									InputProps={{
 										startAdornment: (
@@ -281,7 +282,7 @@ export class Login extends Component {
 									label="Password"
 									disabled={isLoading}
 									value={password.value}
-									onChange={e => this.handleChange(e)}
+									onChange={(e) => this.handleChange(e)}
 									margin="normal"
 									InputProps={{
 										startAdornment: (
@@ -305,7 +306,10 @@ export class Login extends Component {
 							</FormHelperText>
 						)}
 						{info && (
-							<FormHelperText id="component-error-text" className={classes.errortext}>
+							<FormHelperText
+								id="component-error-text"
+								className={classes.errortext}
+							>
 								{info.message}
 							</FormHelperText>
 						)}
@@ -327,7 +331,7 @@ export class Login extends Component {
 
 const { authSelector, errorSelector, networkSelector } = authSelectors;
 
-const mapStateToProps = state => {
+const mapStateToProps = (state) => {
 	return {
 		auth: authSelector(state),
 		error: errorSelector(state),

client/src/services/request.js

@@ -17,10 +17,14 @@ export const post = (uri, payload) =>
 		if (token != null) {
 			request = request.set('Authorization', `bearer ${token}`);
 		}
+		const networkId = Auth.getNetworkId();
+		if (token != null) {
+			request = request.set('X-Network-ID', networkId);
+		}
 
 		request.end(withPromiseCallback(resolve, reject));
 	});
-export const get = uri =>
+export const get = (uri) =>
 	new Promise((resolve, reject) => {
 		let request = agent
 			.get(uri)
@@ -31,6 +35,10 @@ export const get = uri =>
 		if (token != null) {
 			request = request.set('Authorization', `bearer ${token}`);
 		}
+		const networkId = Auth.getNetworkId();
+		if (token != null) {
+			request = request.set('X-Network-ID', networkId);
+		}
 
 		request.end(withPromiseCallback(resolve, reject));
 	});
@@ -45,6 +53,10 @@ export const put = (uri, payload) =>
 		if (token != null) {
 			request = request.set('Authorization', `bearer ${token}`);
 		}
+		const networkId = Auth.getNetworkId();
+		if (token != null) {
+			request = request.set('X-Network-ID', networkId);
+		}
 
 		request.end(withPromiseCallback(resolve, reject));
 	});
@@ -59,6 +71,10 @@ export const deleteRequest = (uri, payload) =>
 		if (token != null) {
 			request = request.set('Authorization', `bearer ${token}`);
 		}
+		const networkId = Auth.getNetworkId();
+		if (token != null) {
+			request = request.set('X-Network-ID', networkId);
+		}
 
 		request.end(withPromiseCallback(resolve, reject));
 	});

client/src/state/Auth.js

@@ -5,8 +5,9 @@ export default class Auth {
 	 *
 	 * @param {string} token
 	 */
-	static authenticateUser(token) {
+	static authenticateUser(token, networkId) {
 		localStorage.setItem('token', token);
+		localStorage.setItem('networkId', networkId);
 	}
 
 	/**
@@ -15,7 +16,7 @@ export default class Auth {
 	 * @returns {boolean}
 	 */
 	static isUserAuthenticated() {
-		return localStorage.getItem('token') !== null;
+		return localStorage.getItem('networkId') !== null; // token can be null if auth is disabled
 	}
 
 	/**
@@ -24,6 +25,7 @@ export default class Auth {
 	 */
 	static deauthenticateUser() {
 		localStorage.removeItem('token');
+		localStorage.removeItem('networkId');
 	}
 
 	/**
@@ -33,7 +35,10 @@ export default class Auth {
 	 */
 
 	static getToken() {
-		return null;
-		//return localStorage.getItem('token');
+		return localStorage.getItem('token');
+	}
+
+	static getNetworkId() {
+		return localStorage.getItem('networkId');
 	}
 }