From 7b269414d83363fc8ed415485a284f14998b1e74 Mon Sep 17 00:00:00 2001
From: NGPixel <github@ngpixel.com>
Date: Sun, 28 Jan 2018 00:40:25 -0500
Subject: [PATCH] fix: auth cookie set + graphQL http link

---
 client/js/app.js    |  33 +++++++++++++++++++++++++++++----
 package.json        |   3 +++
 server/app/data.yml |   6 ++++++
 server/master.js    |   4 ++++
 yarn.lock           | Bin 401457 -> 403172 bytes
 5 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/client/js/app.js b/client/js/app.js
index 283c7f67..03a5cb27 100644
--- a/client/js/app.js
+++ b/client/js/app.js
@@ -9,7 +9,9 @@ import VueResource from 'vue-resource'
 import VueClipboards from 'vue-clipboards'
 import VeeValidate from 'vee-validate'
 import { ApolloClient } from 'apollo-client'
-import { HttpLink } from 'apollo-link-http'
+import { ApolloLink } from 'apollo-link'
+import { createApolloFetch } from 'apollo-fetch'
+import { BatchHttpLink } from 'apollo-link-batch-http'
 import { InMemoryCache } from 'apollo-cache-inmemory'
 import store from './store'
 
@@ -71,10 +73,33 @@ window.CONSTANTS = CONSTANTS
 // Initialize Apollo Client (GraphQL)
 // ====================================
 
+const graphQLEndpoint = window.location.protocol + '//' + window.location.host + siteConfig.path + 'graphql'
+
+const apolloFetch = createApolloFetch({
+  uri: graphQLEndpoint,
+  constructOptions: (requestOrRequests, options) => ({
+    ...options,
+    method: 'POST',
+    body: JSON.stringify(requestOrRequests),
+    credentials: 'include'
+  })
+})
+
 window.graphQL = new ApolloClient({
-  link: new HttpLink({
-    uri: window.location.protocol + '//' + window.location.host + siteConfig.path + 'graphql'
-  }),
+  link: ApolloLink.from([
+    new ApolloLink((operation, forward) => {
+      operation.setContext({
+        headers: {
+          'Content-Type': 'application/json'
+        }
+      })
+
+      return forward(operation)
+    }),
+    new BatchHttpLink({
+      fetch: apolloFetch
+    })
+  ]),
   cache: new InMemoryCache(),
   connectToDevTools: (process.env.node_env === 'development')
 })
diff --git a/package.json b/package.json
index 21fff9ef..88a15ba1 100644
--- a/package.json
+++ b/package.json
@@ -53,6 +53,7 @@
     "connect-flash": "0.1.1",
     "connect-redis": "3.3.3",
     "cookie-parser": "1.4.3",
+    "cors": "2.8.4",
     "diff2html": "2.3.3",
     "dotize": "^0.2.0",
     "execa": "0.9.0",
@@ -139,6 +140,8 @@
     "@glimpse/glimpse": "0.22.15",
     "@panter/vue-i18next": "0.9.1",
     "apollo-client-preset": "1.0.6",
+    "apollo-fetch": "0.7.0",
+    "apollo-link-batch-http": "1.0.4",
     "autoprefixer": "7.2.5",
     "babel-cli": "6.26.0",
     "babel-core": "6.26.0",
diff --git a/server/app/data.yml b/server/app/data.yml
index 01044a63..dd3daecc 100644
--- a/server/app/data.yml
+++ b/server/app/data.yml
@@ -45,6 +45,12 @@ defaults:
       path: ''
       rtl: false
       title: Wiki.js
+    # System defaults
+    cors:
+      credentials: true
+      maxAge: 600
+      methods: 'GET,POST'
+      origin: true
 configNamespaces:
   - auth
   - features
diff --git a/server/master.js b/server/master.js
index 1050a69d..36533eb8 100644
--- a/server/master.js
+++ b/server/master.js
@@ -22,6 +22,7 @@ module.exports = async () => {
   const bodyParser = require('body-parser')
   const compression = require('compression')
   const cookieParser = require('cookie-parser')
+  const cors = require('cors')
   const express = require('express')
   const favicon = require('serve-favicon')
   const flash = require('connect-flash')
@@ -48,6 +49,9 @@ module.exports = async () => {
   // ----------------------------------------
 
   app.use(mw.security)
+  app.use(cors(wiki.config.cors))
+  app.options('*', cors(wiki.config.cors))
+  app.enable('trust proxy')
 
   // ----------------------------------------
   // Public Assets
diff --git a/yarn.lock b/yarn.lock
index 1339135f06319ab476e74f2d21eacf3db32b9db2..8607530ca6ce82c5640ab7537879c4531195c284 100644
GIT binary patch
delta 1051
zcmZuwJ!lj`6lOQML}CyxiQX9$&RAG@yUy><t}&WKqd_s1f>mH<b~ZUZ?#|qyXd%HA
zX@xDOu+T!mLLrC66&5PCT0{{PR3cbuBMR2e?%f$tcNy4ykN4j9eeav*)BNX``L)O6
zyCT()i<7`*E+`gwty(TuoiwJGN9^PA##H}_^!K21@XxH1R=ACYYx_Jb5v3eRDWD*d
zFia5%{U{I=dm%#v`y#|jXYX1$eRIg}+n+WpjLkzAxL|BxpwqZqs$6sgH+Y=IMx!>V
z@06|S1VOz0aOT`*ViU?=6;9HSq@YwleNLb`z(X`3n0o;FVdMo=N`o~b6tRG%pyD$V
z{ad@346pdhq0v)pY@lGCf1q_>lXiMxiPsh{l}!-15dEKww!BPUe;c%lT`s3nF8`&m
z$v`R~v5$ZfMneuM<^hEOvWP*WHwq&PA@fB%wI?6XO=K<hs5$=5jxS6M#NTI!boG62
zcV2J2J~8aDR2PC|h<(m5^D#z|#EL+UAc-Q6dx|OsFsIauvtM)Zll+zyaHIu}Sog>K
zk?XspSZKYzYTe(`o2aGN&)Ye@+|0OoZN=)F>DojtRqOS(hs;8fH*ra*Lgo1$<qCrc
zGsTsMxC{(E!9>U<07wAJ<7PdlpA1@=!OlXUaVFNa=hn!u(bvVsF6{yJ8oyG}&4<?U
zWc+CB;|=S@{5Dw)OO=JmWF0Pq`qd8m=uD*@G<vJfr*W@IqZAl5_Vm06D+5S|kP8Zx
z#K=e=gfI$-4<sW(#c(>Ocm2!^_Fqpt265}&Cu{fZY_ZVsKswVvY&~1HR}YL73nf{t
zTz1N(hMMe_%s#Ni$sRMjb?b+H`r~MN_fm$3jN2}&rFyAaDU6wj=5H)VZ@lfv9P8>@
zsfOyetVWa+ec*%0ix>)hiXh|^6DB=@goM7N!Y5|If-wDQD3i~2*|*)A$g}r~z0-oL
QAJ%)!>1};j&zzn61qg&mH2?qr

delta 73
zcmV-P0Ji_+%^0!37_hrLv#37L0)vA>w}V0fPCK{VeF38gw_b+<FJHG#=K&X=w|0gC
fhby-cvI1g9w}trvJl=<y*aL@|*aWwk*ab^Y)GQ#@