oauth disabling API

packages/web/src/App.svelte

@@ -24,12 +24,8 @@
 
   let loadedApi = false;
   let loadedPlugins = false;
-  const isOauthCallback = handleOauthCallback();
 
   async function loadApi() {
-    if (isOauthCallback) {
-      return;
-    }
     // if (shouldWaitForElectronInitialize()) {
     //   setTimeout(loadApi, 100);
     //   return;
@@ -80,7 +76,7 @@
 
 <ErrorHandler />
 
-{#if loadedApi && !isOauthCallback}
+{#if loadedApi}
   <DataGridRowHeightMeter />
   <CommandListener />
   <PluginsProvider />

packages/web/src/clientAuth.ts

@@ -1,38 +1,38 @@
-import { apiCall } from './utility/api';
+import { apiCall, disableApi } from './utility/api';
 import { getConfig } from './utility/metadataLoaders';
 
-export function handleOauthCallback() {
+export function isOauthCallback() {
   const params = new URLSearchParams(location.search);
   const sentCode = params.get('code');
   const sentState = params.get('state');
 
-  if (
+  return (
-    sentCode &&
+    sentCode && sentState && sentState.startsWith('dbg-oauth:') && sentState == sessionStorage.getItem('oauthState')
-    sentState &&
+  );
-    sentState.startsWith('dbg-oauth:') &&
+}
-    sentState == sessionStorage.getItem('oauthState')
+
-  ) {
+export function handleOauthCallback() {
+  const params = new URLSearchParams(location.search);
+  const sentCode = params.get('code');
+
+  if (isOauthCallback()) {
     sessionStorage.removeItem('oauthState');
     apiCall('auth/oauth-token', {
       code: sentCode,
       redirectUri: location.origin,
     }).then(authResp => {
       const { accessToken } = authResp;
-      console.log('Got new access token:', accessToken);
       localStorage.setItem('accessToken', accessToken);
       location.replace('/');
     });
 
-    console.log('handleOauthCallback TRUE');
     return true;
   }
 
-  console.log('handleOauthCallback FALSE');
   return false;
 }
 
 export async function handleAuthOnStartup(config) {
-  console.log('********************* handleAuthOnStartup');
   if (config.oauth) {
     if (localStorage.getItem('accessToken')) {
       return;

packages/web/src/main.ts

@@ -5,12 +5,16 @@ import './commands/stdCommands';
 import localStorageGarbageCollector from './utility/localStorageGarbageCollector';
 import { handleOauthCallback } from './clientAuth';
 
+const isOauthCallback = handleOauthCallback();
+
 localStorageGarbageCollector();
 
-const app = new App({
+const app = isOauthCallback
-  target: document.body,
+  ? null
-  props: {},
+  : new App({
-});
+      target: document.body,
+      props: {},
+    });
 
 // const app = null;
 

packages/web/src/utility/api.ts

@@ -4,16 +4,17 @@ import { writable } from 'svelte/store';
 import getElectron from './getElectron';
 // import socket from './socket';
 import { showSnackbarError } from '../utility/snackbar';
-import { redirectToLogin } from '../clientAuth';
+import { isOauthCallback, redirectToLogin } from '../clientAuth';
 
 let eventSource;
 let apiLogging = false;
 // let cacheCleanerRegistered;
 let apiDisabled = false;
+const disabledOnOauth = isOauthCallback();
 
-// export function disableApi() {
+export function disableApi() {
-//   apiDisabled = true;
+  apiDisabled = true;
-// }
+}
 
 function wantEventSource() {
   if (!eventSource) {
@@ -45,6 +46,10 @@ export async function apiCall(route: string, args: {} = undefined) {
     console.log('API disabled!!', route);
     return;
   }
+  if (disabledOnOauth && route != 'auth/oauth-token') {
+    console.log('API disabled because oauth callback!!', route);
+    return;
+  }
 
   const electron = getElectron();
   if (electron) {
@@ -62,7 +67,7 @@ export async function apiCall(route: string, args: {} = undefined) {
     });
 
     if (resp.status == 401 && !apiDisabled) {
-      apiDisabled = true;
+      disableApi();
       console.log('Disabling API', route);
       // unauthorized
       redirectToLogin();