Refresh CSTR token

Author: Andrea Bonomi

airflow_code_editor/app_builder_view.py

@@ -77,6 +77,11 @@ def tree_base(self, path=None):
         def tree(self, path=None):
             return self._tree(path, args=request.args)
 
+        @expose("/ping", methods=["GET"])
+        @auth.has_access(PERMISSIONS)
+        def ping(self):
+            return self._ping()
+
         def _render(self, template, *args, **kargs):
             return self.render_template(
                 template + "_appbuilder.html",

airflow_code_editor/code_editor_view.py

@@ -20,6 +20,7 @@
 import logging
 import mimetypes
 from flask import abort, request, send_file
+from flask_wtf.csrf import generate_csrf
 from airflow.version import version
 from airflow_code_editor.commons import HTTP_404_NOT_FOUND
 from airflow_code_editor.tree import get_tree
@@ -134,3 +135,6 @@ def _format(self):
 
     def _tree(self, path, args = {}):
         return {'value': get_tree(path, args)}
+
+    def _ping(self):
+        return {'value': generate_csrf()}

airflow_code_editor/flask_admin_view.py

@@ -65,7 +65,7 @@ def save(self, path=None):
         def load(self, path=None):
             return self._load(path)
 
-        @expose("/format", methods=["GET"])
+        @expose("/format", methods=["POST"])
         @login_required
         def format(self, path=None):
             return self._load(path)
@@ -80,6 +80,11 @@ def tree_base(self, path=None):
         def tree(self, path=None):
             return self._tree(path, args=request.args)
 
+        @expose("/ping", methods=["GET"])
+        @login_required
+        def ping(self):
+            return self._ping()
+
         def _render(self, template, *args, **kargs):
             return self.render(
                 template + "_admin.html",

airflow_code_editor/static/vue_components.js

@@ -8,6 +8,9 @@
 })(function(webui) {
     "use strict";
 
+    var csrfToken = null;
+    var CSRF_REFRESH = 1000 * 60 * 10;
+
     function prepareHref(path) {
         // Return the full path of the URL
         return document.location.pathname + path;
@@ -47,6 +50,24 @@
         }
     }
 
+    function beforeSend(xhr, settings) {
+        if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) {
+            xhr.setRequestHeader("X-CSRFToken", csrfToken);
+        }
+    }
+
+    function refreshCsrfToken() {
+        // Refresh CSRF Token
+        jQuery.get(prepareHref('ping'))
+              .done(function(data) {
+                  csrfToken = data.value;
+                  setTimeout(refreshCsrfToken, CSRF_REFRESH);
+              })
+              .fail(function(jqXHR, textStatus, errorThrown) {
+                  setTimeout(refreshCsrfToken, CSRF_REFRESH);
+              });
+    }
+
     function TreeEntry(data, isGit, path) {
         var self = this;
         if (data) {
@@ -696,19 +717,17 @@
     });
 
 
-    webui.init = function(csrfToken) {
+    webui.init = function(csrfTokenParam) {
         // Init
         CodeMirror.modeURL = '/static/code_editor/mode/%N/%N.js';
         // Disable animation
         BootstrapDialog.configDefaultOptions({ animate: false });
         // CSRF Token setup
+        csrfToken = csrfTokenParam;
         jQuery.ajaxSetup({
-            beforeSend: function(xhr, settings) {
-                if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) {
-                    xhr.setRequestHeader("X-CSRFToken", csrfToken);
-                }
-            }
+            beforeSend: beforeSend
         });
+        setTimeout(refreshCsrfToken, CSRF_REFRESH);
         // Append global container to body
         jQuery('#global-container').appendTo(jQuery("body"));
         // Init app