mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-05-05 17:18:14 -04:00
de26af0c2d
- Removed `unsafe-inline` for javascript from CSP. The admin interface now uses files instead of inline javascript. - Modified javascript to work not being inline. - Run eslint over javascript and fixed some items. - Added a `to_json` Handlebars helper. Used at the diagnostics page. - Changed `AdminTemplateData` struct to be smaller. The `config` was always added, but only used at one page. Same goes for `can_backup` and `version`. - Also inlined CSS. We can't remove the `unsafe-inline` from css, because that seems to break the web-vault currently. That might need some further checks. But for now the 404 page and all the admin pages are clear of inline scripts and styles.
65 lines
2.3 KiB
JavaScript
Vendored
65 lines
2.3 KiB
JavaScript
Vendored
"use strict";
|
|
|
|
function getBaseUrl() {
|
|
// If the base URL is `https://vaultwarden.example.com/base/path/`,
|
|
// `window.location.href` should have one of the following forms:
|
|
//
|
|
// - `https://vaultwarden.example.com/base/path/`
|
|
// - `https://vaultwarden.example.com/base/path/#/some/route[?queryParam=...]`
|
|
//
|
|
// We want to get to just `https://vaultwarden.example.com/base/path`.
|
|
const baseUrl = window.location.href;
|
|
const adminPos = baseUrl.indexOf("/admin");
|
|
return baseUrl.substring(0, adminPos != -1 ? adminPos : baseUrl.length);
|
|
}
|
|
const BASE_URL = getBaseUrl();
|
|
|
|
function reload() {
|
|
// Reload the page by setting the exact same href
|
|
// Using window.location.reload() could cause a repost.
|
|
window.location = window.location.href;
|
|
}
|
|
|
|
function msg(text, reload_page = true) {
|
|
text && alert(text);
|
|
reload_page && reload();
|
|
}
|
|
|
|
function _post(url, successMsg, errMsg, body, reload_page = true) {
|
|
fetch(url, {
|
|
method: "POST",
|
|
body: body,
|
|
mode: "same-origin",
|
|
credentials: "same-origin",
|
|
headers: { "Content-Type": "application/json" }
|
|
}).then( resp => {
|
|
if (resp.ok) { msg(successMsg, reload_page); return Promise.reject({error: false}); }
|
|
const respStatus = resp.status;
|
|
const respStatusText = resp.statusText;
|
|
return resp.text();
|
|
}).then( respText => {
|
|
try {
|
|
const respJson = JSON.parse(respText);
|
|
return respJson ? respJson.ErrorModel.Message : "Unknown error";
|
|
} catch (e) {
|
|
return Promise.reject({body:respStatus + " - " + respStatusText, error: true});
|
|
}
|
|
}).then( apiMsg => {
|
|
msg(errMsg + "\n" + apiMsg, reload_page);
|
|
}).catch( e => {
|
|
if (e.error === false) { return true; }
|
|
else { msg(errMsg + "\n" + e.body, reload_page); }
|
|
});
|
|
}
|
|
|
|
// onLoad events
|
|
document.addEventListener("DOMContentLoaded", (/*event*/) => {
|
|
// get current URL path and assign "active" class to the correct nav-item
|
|
const pathname = window.location.pathname;
|
|
if (pathname === "") return;
|
|
const navItem = document.querySelectorAll(`.navbar-nav .nav-item a[href="${pathname}"]`);
|
|
if (navItem.length === 1) {
|
|
navItem[0].className = navItem[0].className + " active";
|
|
navItem[0].setAttribute("aria-current", "page");
|
|
}
|
|
}); |