Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

请求TOKEN前带上当前环境变量的域 #50

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

请求TOKEN前带上当前环境变量的域 #50

wants to merge 4 commits into from

Conversation

hjb2722404
Copy link

在实际使用过程中发现,如果yapi与接口没有部署在同一个域或服务器下时,无论是校验token请求地址,还是定时刷新Token时,都没有带上当前环境变量的域,导致请求失败。

修改:

  1. 修改了模型,增加了domain字段,存储当前环境变量的域;
  2. 修改了前端配置保存方法,将当前环境变量的域也存入数据库;
  3. 修改了校验方法,在请求地址前加上了当前环境变量的域
  4. 修改了定时刷新获取Token的方法,在请求地址前加上了当前环境变量的域

@shouldnotappearcalm
Copy link
Owner

我有空看一下哦,非常感谢您的 PR

@shouldnotappearcalm
Copy link
Owner

Preparing review...

1 similar comment
@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

PR Review

⏱️ Estimated effort to review [1-5]

3, because the PR involves changes across multiple JavaScript files and a model file, affecting both front-end and back-end components. The logic of domain handling and URL construction is critical and needs careful review to ensure it doesn't introduce bugs or affect existing functionalities.

🧪 Relevant tests

No

🔍 Possible issues

Possible Bug: The concatenation of domain and get_token_url might not handle edge cases where domain does not end with a slash ('/') and get_token_url does not start with one, potentially leading to malformed URLs.

🔒 Security concerns

No
Code feedback:
relevant filecomponent/oauth2Content/oauth2Content.js
suggestion      

Ensure that the URL concatenation between domain and get_token_url handles cases where either or both might not include a trailing or leading slash, respectively. This can be achieved by using a utility function to safely concatenate URLs. [important]
relevant lineurl: this.props.envMsg.domain + get_token_url,
relevant fileutils/syncTokenUtil.js
suggestion      

Similar to the previous suggestion, ensure safe URL concatenation in the backend utility file to prevent potential issues with malformed URLs. Consider implementing or using an existing URL builder utility. [important]
relevant linelet getTokenUrl = oauthData.domain + oauthData.get_token_url;
✨ Review tool usage guide:

Overview:
The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

  • When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:
/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

[pr_reviewer]
some_config1=...
some_config2=...

See the review usage page for a comprehensive guide on using this tool.

@shouldnotappearcalm
Copy link
Owner

Preparing review...

7 similar comments
@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

Preparing review...

@shouldnotappearcalm
Copy link
Owner

Preparing review...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Review effort [1-5]: 3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hjb2722404 @shouldnotappearcalm