🎨 add separate uri and origin into two secrets

equinor · Nov 13, 2024 · ecafa02 · ecafa02
1 parent f12d4b8
commit ecafa02
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 11 deletions.
diff --git a/.github/workflows/DEV-studio-v3.yml b/.github/workflows/DEV-studio-v3.yml
@@ -126,6 +126,7 @@ jobs:
           fotowareClientId: ${{ secrets.SANITY_STUDIO_FOTOWARE_CLIENT_ID }}
           fotowareTenantUrl: ${{ secrets.SANITY_STUDIO_FOTOWARE_TENANT_URL }}
           fotowareRedirectOrigin: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN }}
+          fotowareRedirectUri: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_URI }}
           fotowareAfExportUrl: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL }}
           fotowareAfExportKey: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY }}
           screen9accountId: ${{ secrets.SANITY_STUDIO_SCREEN9_ACCOUNT_ID }}

diff --git a/.github/workflows/PREPROD-studios-v3.yaml b/.github/workflows/PREPROD-studios-v3.yaml
@@ -112,6 +112,7 @@ jobs:
           fotowareClientId: ${{ secrets.SANITY_STUDIO_FOTOWARE_CLIENT_ID }}
           fotowareTenantUrl: ${{ secrets.SANITY_STUDIO_FOTOWARE_TENANT_URL }}
           fotowareRedirectOrigin: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN }}
+          fotowareRedirectUri: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_URI }}
           fotowareAfExportUrl: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL }}
           fotowareAfExportKey: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY }}
           screen9accountId: ${{ secrets.SANITY_STUDIO_SCREEN9_ACCOUNT_ID }}

diff --git a/.github/workflows/PROD-all-studios-v3.yaml b/.github/workflows/PROD-all-studios-v3.yaml
@@ -19,6 +19,7 @@ jobs:
       SANITY_STUDIO_FOTOWARE_CLIENT_ID: ${{ secrets.SANITY_STUDIO_FOTOWARE_CLIENT_ID }}
       SANITY_STUDIO_FOTOWARE_TENANT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_TENANT_URL }}
       SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN }}
+      SANITY_STUDIO_FOTOWARE_REDIRECT_URI: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_URI }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY }}
       SANITY_STUDIO_SCREEN9_ACCOUNT_ID: ${{ secrets.SANITY_STUDIO_SCREEN9_ACCOUNT_ID }}
@@ -101,6 +102,7 @@ jobs:
       SANITY_STUDIO_FOTOWARE_CLIENT_ID: ${{ secrets.SANITY_STUDIO_FOTOWARE_CLIENT_ID }}
       SANITY_STUDIO_FOTOWARE_TENANT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_TENANT_URL }}
       SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN }}
+      SANITY_STUDIO_FOTOWARE_REDIRECT_URI: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_URI }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY }}
       SANITY_STUDIO_SCREEN9_ACCOUNT_ID: ${{ secrets.SANITY_STUDIO_SCREEN9_ACCOUNT_ID }}

diff --git a/.github/workflows/deploy-v3/action.yaml b/.github/workflows/deploy-v3/action.yaml
@@ -29,6 +29,9 @@ inputs:
     description: 'Tenant URL for Fotoware application'
     required: true
   fotowareRedirectOrigin:
+    description: 'Redirect Origin for Fotoware auth'
+    required: true
+  fotowareRedirectUri:
     description: 'Redirect URL for Fotoware auth'
     required: true
   fotowareAfExportUrl:
@@ -105,6 +108,7 @@ runs:
           --build-arg ARG_FOTOWARE_CLIENT_ID="${{ inputs.fotowareClientId }}" \
           --build-arg ARG_FOTOWARE_TENANT_URL="${{ inputs.fotowareTenantUrl }}" \
           --build-arg ARG_FOTOWARE_REDIRECT_ORIGIN="${{ inputs.fotowareRedirectOrigin }}" \
+          --build-arg ARG_FOTOWARE_REDIRECT_URI="${{ inputs.fotowareRedirectUri }}" \
           --build-arg ARG_FOTOWARE_AF_EXPORT_URL="${{ inputs.fotowareAfExportUrl }}" \
           --build-arg ARG_FOTOWARE_AF_EXPORT_KEY="${{ inputs.fotowareAfExportKey }}" \
           --build-arg ARG_SCREEN9_ACCOUNT_ID="${{ inputs.screen9accountId }}" \

diff --git a/.github/workflows/studios-rollback.yaml b/.github/workflows/studios-rollback.yaml
@@ -80,6 +80,7 @@ jobs:
       SANITY_STUDIO_FOTOWARE_CLIENT_ID: ${{ secrets.SANITY_STUDIO_FOTOWARE_CLIENT_ID }}
       SANITY_STUDIO_FOTOWARE_TENANT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_TENANT_URL }}
       SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN }}
+      SANITY_STUDIO_FOTOWARE_REDIRECT_URI: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_URI }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY }}
       DOCKER_BUILDKIT: 1
@@ -148,6 +149,7 @@ jobs:
       SANITY_STUDIO_FOTOWARE_CLIENT_ID: ${{ secrets.SANITY_STUDIO_FOTOWARE_CLIENT_ID }}
       SANITY_STUDIO_FOTOWARE_TENANT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_TENANT_URL }}
       SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN }}
+      SANITY_STUDIO_FOTOWARE_REDIRECT_URI: ${{ secrets.SANITY_STUDIO_FOTOWARE_REDIRECT_URI }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL }}
       SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY: ${{ secrets.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY }}
       DOCKER_BUILDKIT: 1

diff --git a/sanityv3/Dockerfile b/sanityv3/Dockerfile
@@ -26,6 +26,7 @@ ARG ARG_BRANDMASTER_PLUGIN
 ARG ARG_FOTOWARE_CLIENT_ID
 ARG ARG_FOTOWARE_TENANT_URL
 ARG ARG_FOTOWARE_REDIRECT_ORIGIN
+ARG ARG_FOTOWARE_REDIRECT_URI
 ARG ARG_FOTOWARE_AF_EXPORT_URL
 ARG ARG_FOTOWARE_AF_EXPORT_KEY
 ARG ARG_SCREEN9_ACCOUNT_ID
@@ -42,6 +43,7 @@ ENV SANITY_STUDIO_BRANDMASTER_PLUGIN_SOURCE ${ARG_BRANDMASTER_PLUGIN}
 ENV SANITY_STUDIO_FOTOWARE_CLIENT_ID ${ARG_FOTOWARE_CLIENT_ID}
 ENV SANITY_STUDIO_FOTOWARE_TENANT_URL ${ARG_FOTOWARE_TENANT_URL}
 ENV SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN ${ARG_FOTOWARE_REDIRECT_ORIGIN}
+ENV SANITY_STUDIO_FOTOWARE_REDIRECT_URI ${ARG_FOTOWARE_REDIRECT_URI}
 ENV SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL ${ARG_FOTOWARE_AF_EXPORT_URL}
 ENV SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY ${ARG_FOTOWARE_AF_EXPORT_KEY}
 ENV SANITY_STUDIO_SCREEN9_ACCOUNT_ID ${ARG_SCREEN9_ACCOUNT_ID}

diff --git a/sanityv3/plugins/asset-source-fotoware/src/FotowareAssetSource.tsx b/sanityv3/plugins/asset-source-fotoware/src/FotowareAssetSource.tsx
@@ -40,13 +40,9 @@ const FotowareAssetSource = forwardRef<HTMLDivElement>((props: any, ref) => {
   const handleAuthEvent = useCallback(
     (event: any) => {
       const validateAuthEvent = () => {
-        console.log('handleAuthEvent', event)
-        //the origin here seems to be the studio domain url. for prod this can be the radix url for studio or the equinor.sanity.studio.
-        //For dev this would be localhost or the staging radix studio url.
-        // Is this step necessary?
-        /*         if (event.origin !== REDIRECT_ORIGIN) {
+        if (event.origin !== REDIRECT_ORIGIN) {
           return handleRequestError(`Invalid event origin: ${event.origin}`, setError, 'auth', newWindow)
-        } */
+        }
 
         if (event.data?.error) {
           const { error, error_description } = event.data
@@ -78,7 +74,6 @@ const FotowareAssetSource = forwardRef<HTMLDivElement>((props: any, ref) => {
       if (!validateAuthEvent()) return false
 
       storeAccessToken(event.data)
-      console.log('SETTING ACCESSTOKEN, CLOSING CURRENT WINDOW')
       setAccessToken(event.data.access_token)
       newWindow.current.close()
     },
@@ -87,11 +82,9 @@ const FotowareAssetSource = forwardRef<HTMLDivElement>((props: any, ref) => {
 
   const handleWidgetEvent = useCallback(
     (event: any) => {
-      console.log('handleWidgetEvent', event)
       if (!event || !event.data || event.origin === REDIRECT_ORIGIN) return false
 
       if (event.origin !== TENANT_URL) {
-        console.log('origin is different than tenant')
         console.log('Fotoware: invalid event origin', event.origin)
         return false
       }

diff --git a/sanityv3/plugins/asset-source-fotoware/src/utils.ts b/sanityv3/plugins/asset-source-fotoware/src/utils.ts
@@ -2,6 +2,7 @@ export const HAS_ENV_VARS =
   process.env.SANITY_STUDIO_FOTOWARE_CLIENT_ID &&
   process.env.SANITY_STUDIO_FOTOWARE_TENANT_URL &&
   process.env.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN &&
+  process.env.SANITY_STUDIO_FOTOWARE_REDIRECT_URI &&
   process.env.SANITY_STUDIO_FOTOWARE_AF_EXPORT_URL &&
   process.env.SANITY_STUDIO_FOTOWARE_AF_EXPORT_KEY
 
@@ -15,7 +16,7 @@ export const getAuthURL = (requestState: string): string | false => {
 
   const CLIENT_ID = process.env.SANITY_STUDIO_FOTOWARE_CLIENT_ID
   const TENANT_URL = process.env.SANITY_STUDIO_FOTOWARE_TENANT_URL
-  const REDIRECT_URI = process.env.SANITY_STUDIO_FOTOWARE_REDIRECT_ORIGIN
+  const REDIRECT_URI = process.env.SANITY_STUDIO_FOTOWARE_REDIRECT_URI
   return `${TENANT_URL}/fotoweb/oauth2/authorize?response_type=token&client_id=${CLIENT_ID}&state=${requestState}&redirect_uri=${REDIRECT_URI}`
 }
 
@@ -44,7 +45,6 @@ type FotowareAuthData = {
 }
 
 export const storeAccessToken = (data: FotowareAuthData): void => {
-  console.log('storeAccessToken', data.access_token)
   const now = Math.floor(new Date().getTime() / 1000.0)
 
   const tokenData = {