mirror of
https://github.com/apache/superset.git
synced 2026-05-12 19:35:17 +00:00
feat: embedded dashboard core (#17530)
* feat(dashboard): embedded dashboard UI configuration (#17175) (#17450) * setup embedded provider * update ui configuration * fix test * feat: Guest token (for embedded dashboard auth) (#17517) * generate an embed token * improve existing tests * add some auth setup, and rename token * fix the stuff for compatibility with external request loaders * docs, standard jwt claims, tweaks * black * lint * tests, and safer token decoding * linting * type annotation * prettier * add feature flag * quiet pylint * apparently typing is a problem again * Make guest role name configurable * fake being a non-anonymous user * just one log entry * customizable algo * lint * lint again * 403 works now! * get guest token from header instead of cookie * Revert "403 works now!" This reverts commitdf2f49a6d4. * fix tests * Revert "Revert "403 works now!"" This reverts commit883dff38f1. * rename method * correct import * feat: entry for embedded dashboard (#17529) * create entry for embedded dashboard in webpack * add cookies * lint * token message handshake * guestTokenHeaderName * use setupClient instead of calling configure * rename the webpack chunk * simplified handshake * embedded entrypoint: render a proper app * make the embedded page accept anonymous connections * format * lint * fix test # Conflicts: # superset-frontend/src/embedded/index.tsx # superset/views/core.py * lint * Update superset-frontend/src/embedded/index.tsx Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com> * comment out origins checks * move embedded for core to dashboard * pylint * isort Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com> Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com> * feat: Authorizing guest access to embedded dashboards (#17757) * helper methods and dashboard access * guest token dashboard authz * adjust csrf exempt list * eums don't work that way * Remove unnecessary import * move row level security tests to their own file * a bit of refactoring * add guest token security tests * refactor tests * clean imports * variable names can be too long apparently * missing argument to get_user_roles * don't redefine builtins * remove unused imports * fix test import * default to global user when getting roles * missing import * mock it * test get_user_roles * infer g.user for ease of tests * remove redundant check * tests for guest user security manager fns * use algo to get rid of warning messages * tweaking access checks * fix guest token security tests * missing imports * more tests * more testing and also some small refactoring * move validation out of parsing * fix dashboard access check again * add more test Co-authored-by: Lily Kuang <lily@preset.io> * feat: Row Level Security rules for guest tokens (#17836) * helper methods and dashboard access * guest token dashboard authz * adjust csrf exempt list * eums don't work that way * Remove unnecessary import * move row level security tests to their own file * a bit of refactoring * add guest token security tests * refactor tests * clean imports * variable names can be too long apparently * missing argument to get_user_roles * don't redefine builtins * remove unused imports * fix test import * default to global user when getting roles * missing import * mock it * test get_user_roles * infer g.user for ease of tests * remove redundant check * tests for guest user security manager fns * use algo to get rid of warning messages * tweaking access checks * fix guest token security tests * missing imports * more tests * more testing and also some small refactoring * move validation out of parsing * fix dashboard access check again * rls rules for guest tokens * test guest token rls rules * more flexible rls rules * lint * fix tests * fix test * defaults * fix some tests * fix some tests * lint Co-authored-by: Lily Kuang <lily@preset.io> * SupersetClient guest token test * Apply suggestions from code review Co-authored-by: Lily Kuang <lily@preset.io> Co-authored-by: Lily Kuang <lily@preset.io>
This commit is contained in:
David Aaron Suddjian
committed by
GitHub
GitHub
parent
62009773a6
commit
4ad5ad045a
@@ -16,22 +16,29 @@
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
import { SupersetClient, logging } from '@superset-ui/core';
|
||||
import { SupersetClient, logging, ClientConfig } from '@superset-ui/core';
|
||||
import parseCookie from 'src/utils/parseCookie';
|
||||
|
||||
export default function setupClient() {
|
||||
function getDefaultConfiguration(): ClientConfig {
|
||||
const csrfNode = document.querySelector<HTMLInputElement>('#csrf_token');
|
||||
const csrfToken = csrfNode?.value;
|
||||
|
||||
// when using flask-jwt-extended csrf is set in cookies
|
||||
const cookieCSRFToken = parseCookie().csrf_access_token || '';
|
||||
|
||||
SupersetClient.configure({
|
||||
return {
|
||||
protocol: ['http:', 'https:'].includes(window?.location?.protocol)
|
||||
? (window?.location?.protocol as 'http:' | 'https:')
|
||||
: undefined,
|
||||
host: (window.location && window.location.host) || '',
|
||||
csrfToken: csrfToken || cookieCSRFToken,
|
||||
};
|
||||
}
|
||||
|
||||
export default function setupClient(customConfig: Partial<ClientConfig> = {}) {
|
||||
SupersetClient.configure({
|
||||
...getDefaultConfiguration(),
|
||||
...customConfig,
|
||||
})
|
||||
.init()
|
||||
.catch(error => {
|
||||
|
||||
Reference in New Issue
Block a user