Artifact download

service/fling/src/main/java/net/friedl/fling/security/FlingWebSecurityConfigurer.java

@@ -52,6 +52,7 @@ public class FlingWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
          http
         .csrf().disable()
         .cors(withDefaults())
+        .headers().frameOptions().disable().and()
         
         /**********************************************/
         /** Authentication Interceptor Configuration **/

service/fling/src/main/java/net/friedl/fling/security/authentication/filter/TokenAuthenticationFilter.java

@@ -30,7 +30,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
   protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
       FilterChain filterChain) throws ServletException, IOException {
 
-    String derivedToken = request.getParameter("derivedtoken");
+    String derivedToken = request.getParameter("derivedToken");
     if (derivedToken == null) {
       log.info("No derived token in request for {} {}{}", request.getMethod(),
           request.getRequestURL(),

web/fling/package-lock.json

@@ -1129,7 +1129,7 @@
     "@fling/flingclient": {
       "version": "0.1.0-snapshot",
       "resolved": "https://nexus.friedl.net/repository/npm-private/@fling/flingclient/-/flingclient-0.1.0-snapshot.tgz",
-      "integrity": "sha512-L7csowwIzJx6A3Jgm/ejrgoClPyTimrMGM2ezChklgV/FI/4OJAuk3eYJ8IM9rkT59/Zm4B8z6xmM4GOquuncQ==",
+      "integrity": "sha512-P3JWlmnaYYpj5xS5EFp94OVZXSG9lJbraKlQE4SHnTctxLv3OaR4XOaO7j/FJFygJ3KhOLqVi0x8gQQEDnlMBQ==",
       "requires": {
         "@babel/cli": "^7.0.0",
         "superagent": "3.7.0"

web/fling/src/components/admin/FlingArtifacts.jsx

@@ -2,36 +2,31 @@ import log from 'loglevel';
 import React, { useState, useEffect, useRef } from 'react';
 import { useSelector } from 'react-redux';
 
-import { ArtifactClient, FlingClient } from '../../util/fc';
+import { ArtifactClient, FlingClient, AuthClient } from '../../util/fc';
 import { prettifyTimestamp } from '../../util/fn';
 
 function FlingArtifactControl(props) {
   let iframeContainer = useRef(null);
   const artifactClient = new ArtifactClient();
+  const authClient = new AuthClient();
 
   function handleDelete(ev) {
     artifactClient.deleteArtifact(props.artifact.id)
       .then(() => props.reloadArtifactsFn());
   }
 
-
   function handleDownload(ev) {
-    artifactClient.downloadArtifactWithHttpInfo(props.artifact.id)
-      .then(response => {
-          log.info(response.headers);
-          var blob = new Blob([response.data], {type: response.type});
-          if(window.navigator.msSaveOrOpenBlob) {
-              window.navigator.msSaveBlob(blob, response.name);
-          }
-          else{
-              var elem = window.document.createElement('a');
-              elem.href = window.URL.createObjectURL(blob);
-              elem.download = response.name;
-              document.body.appendChild(elem);
-              elem.click();
-              document.body.removeChild(elem);
-          }
-      });
+    authClient.deriveToken({ singleUse: true })
+      .then(token => {
+        // We need this iframe hack because with a regular href, while
+        // the browser downloads the file fine, it also reloads the page, hence
+        // loosing all logs and state
+        let frame = document.createElement("iframe");
+        let url = `${process.env.REACT_APP_API.replace(/\/+$/, '')}/api/artifacts/${props.artifact.id}/data?derivedToken=${token}`;
+        log.trace(`Generated download url: ${url}`);
+        frame.src = url;
+        iframeContainer.current.appendChild(frame);
+      })
   }
 
   return (

web/fling/src/util/fc.js

@@ -25,8 +25,8 @@ function ArtifactClient(token) {
   return new fc.ArtifactApi(clientConfig(token));
 }
 
-function AuthClient() {
-  return new fc.AuthApi(clientConfig());
+function AuthClient(token) {
+  return new fc.AuthApi(clientConfig(token));
 }
 
 export {FlingClient, ArtifactClient, AuthClient, fc};