update Daml Hub auth in create-daml-app (#9973)

* update Daml Hub auth in create-daml-app Current documentation says the token is passed as a cookie. This is a little bit more secure than passing it as a URL param, as it used to be. Note that while it is no longer documented behaviour, the token is actually still passed as a param (in addition to the cookie), so existing users are not broken (yet). Still, better if the code we generate for them matches our current docs. CHANGELOG_BEGIN CHANGELOG_END * review comment
2024-09-17 15:57:21 +03:00 · 2021-06-11 18:55:13 +02:00 · 2021-06-11 18:55:13 +02:00 · 0adbbdcd58
commit 0adbbdcd58
parent 997a7d449c
2 changed files with 7 additions and 5 deletions
--- a/templates/create-daml-app/ui/.gitignore
+++ b/templates/create-daml-app/ui/.gitignore
@ -0,0 +1 @@
+node_modules
--- a/templates/create-daml-app/ui/src/components/LoginScreen.tsx.template
+++ b/templates/create-daml-app/ui/src/components/LoginScreen.tsx.template
@ -43,18 +43,19 @@ const LoginScreen: React.FC<Props> = ({onLogin}) => {
    window.location.assign(`https://login.projectdabl.com/auth/login?ledgerId=${ledgerId}`);
  }

+  const getCookieValue = (name: string): string => (
+    document.cookie.match('(^|;)\\s*' + name + '\\s*=\\s*([^;]+)')?.pop() || ''
+  )
+
  useEffect(() => {
    const url = new URL(window.location.toString());
-    const token = url.searchParams.get('token');
-    if (token === null) {
-      return;
-    }
    const party = url.searchParams.get('party');
    if (party === null) {
-      throw Error("When 'token' is passed via URL, 'party' must be passed too.");
+      return;
    }
    url.search = '';
    window.history.replaceState(window.history.state, '', url.toString());
+    const token = getCookieValue('DAMLHUB_LEDGER_ACCESS_TOKEN');
    login({token, party, ledgerId});
  }, [login]);