This PR is part of a series adding JWT based authorization to the scrape service. The authentication is primarily aimed at API access, but we need to consider access for the root path as well, which provides a tool to spot check scrape results for individual urls or RSS feeds. The ACLs for this page will likely be a little different than for the API, in the sense that we'll want access to this to be more permissive, for convenience. Parts of that are still TBD; this PR provides the hook that we'll use to pass an authentication token from this page back to the relevant endpoints.
What's here
This PR changes the way the root page's form is submitted; it's now being submitted via a Javascript event handler, so that we can, in the future, submit an authorization token as a header along with that request. Authorization itself is not changed here. (There are a couple of minor cosmetic changes)
One backend change was needed to make this work - when submitting an HTML form without JS the default content type is application/x-www-form-urlencoded. When doing that same operation with the JS fetch() call, the content type is multipart-form-data. A function that was checking the inbound content type needed to be updated for this case (tests were added here too).
Steps to test
From the root folder of this branch:
make (if you don't have go installed, you can alternately make docker-build followed by make docker-run
Background
This PR is part of a series adding JWT based authorization to the scrape service. The authentication is primarily aimed at API access, but we need to consider access for the root path as well, which provides a tool to spot check scrape results for individual urls or RSS feeds. The ACLs for this page will likely be a little different than for the API, in the sense that we'll want access to this to be more permissive, for convenience. Parts of that are still TBD; this PR provides the hook that we'll use to pass an authentication token from this page back to the relevant endpoints.
What's here
This PR changes the way the root page's form is submitted; it's now being submitted via a Javascript event handler, so that we can, in the future, submit an authorization token as a header along with that request. Authorization itself is not changed here. (There are a couple of minor cosmetic changes)
One backend change was needed to make this work - when submitting an HTML form without JS the default content type is
application/x-www-form-urlencoded. When doing that same operation with the JSfetch()call, the content type ismultipart-form-data. A function that was checking the inbound content type needed to be updated for this case (tests were added here too).Steps to test
From the root folder of this branch:
make(if you don't have go installed, you can alternatelymake docker-buildfollowed bymake docker-run