Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (
responseType === c.RESPONSE_TYPE_ID_TOKEN_TOKEN ||
responseType === c.RESPONSE_TYPE_ID_TOKEN
) {
const nonce = Math.floor(Math.random() * 9999999999999) + 1;
params.push({ name: c.P_NONCE, value: nonce });
}
redirectUri && params.push({ name: c.P_REDIRECT_URI, value: redirectUri });
scope && params.push({ name: c.P_SCOPE, value: scope });
state && params.push({ name: c.P_STATE, value: state });
audience && params.push({ name: c.P_AUDIENCE, value: audience });
// Add query params to URL
const qs = buildQueryStringFromParams(params);
const finalUrl = joinUrlAndQueryString(authorizationUrl, qs);
const redirectedTo = await authorizeUserInWindow(
finalUrl,
/(access_token=|id_token=)/,
/(error=)/,
);
const fragment = redirectedTo.split('#')[1];
if (fragment) {
const results = responseToObject(fragment, [
c.P_ACCESS_TOKEN,
c.P_ID_TOKEN,
c.P_TOKEN_TYPE,
c.P_EXPIRES_IN,
c.P_SCOPE,
c.P_STATE,
) {
const params = [
{ name: c.P_RESPONSE_TYPE, value: c.RESPONSE_TYPE_CODE },
{ name: c.P_CLIENT_ID, value: clientId },
];
// Add optional params
redirectUri && params.push({ name: c.P_REDIRECT_URI, value: redirectUri });
scope && params.push({ name: c.P_SCOPE, value: scope });
state && params.push({ name: c.P_STATE, value: state });
audience && params.push({ name: c.P_AUDIENCE, value: audience });
resource && params.push({ name: c.P_RESOURCE, value: resource });
// Add query params to URL
const qs = buildQueryStringFromParams(params);
const finalUrl = joinUrlAndQueryString(url, qs);
const successRegex = new RegExp(`${escapeRegex(redirectUri)}.*(code=)`, 'i');
const failureRegex = new RegExp(`${escapeRegex(redirectUri)}.*(error=)`, 'i');
const redirectedTo = await authorizeUserInWindow(finalUrl, successRegex, failureRegex);
console.log('[oauth2] Detected redirect ' + redirectedTo);
const { query } = urlParse(redirectedTo);
return responseToObject(query, [
c.P_CODE,
c.P_STATE,
c.P_ERROR,
c.P_ERROR_DESCRIPTION,
c.P_ERROR_URI,
]);
}
const enabledParameters = request.parameters.filter(p => !p.disabled);
let result;
try {
result = await props.handleRender({
url: request.url,
parameters: enabledParameters,
});
} catch (err) {
// Just ignore failures
}
if (result) {
const { url, parameters } = result;
const qs = buildQueryStringFromParams(parameters);
const fullUrl = joinUrlAndQueryString(url, qs);
this.setState({
string: smartEncodeUrl(fullUrl, request.settingEncodeUrl),
});
}
}
// Don't show cookie setting because this will display every domain in the jar
if (infoType === Curl.info.debug.TEXT && content.indexOf('Added cookie') === 0) {
return 0;
}
addTimeline(name, content);
return 0; // Must be here
});
// Set the headers (to be modified as we go)
const headers = clone(renderedRequest.headers);
// Set the URL, including the query parameters
const qs = buildQueryStringFromParams(renderedRequest.parameters);
const url = joinUrlAndQueryString(renderedRequest.url, qs);
const isUnixSocket = url.match(/https?:\/\/unix:\//);
const finalUrl = smartEncodeUrl(url, renderedRequest.settingEncodeUrl);
if (isUnixSocket) {
// URL prep will convert "unix:/path" hostname to "unix/path"
const match = finalUrl.match(/(https?:)\/\/unix:?(\/[^:]+):\/(.+)/);
const protocol = (match && match[1]) || '';
const socketPath = (match && match[2]) || '';
const socketUrl = (match && match[3]) || '';
curl.setUrl(`${protocol}//${socketUrl}`);
setOpt(Curl.option.UNIX_SOCKET_PATH, socketPath);
} else {
curl.setUrl(finalUrl);
}
addTimelineText('Preparing request to ' + finalUrl);
addTimelineText(`Using ${Curl.getVersion()}`);
addTimelineText('Current time is ' + new Date().toISOString());
async function _sendToGoogle (params: Array) {
let settings = await models.settings.getOrCreate();
if (settings.disableAnalyticsTracking) {
return;
}
const baseParams = await _getDefaultParams();
const allParams = [...baseParams, ...params];
const qs = buildQueryStringFromParams(allParams);
const baseUrl = isDevelopment()
? 'https://www.google-analytics.com/debug/collect'
: 'https://www.google-analytics.com/collect';
const url = joinUrlAndQueryString(baseUrl, qs);
const net = (electron.remote || electron).net;
const request = net.request(url);
request.once('error', err => {
console.warn('[ga] Network error', err);
});
request.once('response', response => {
const {statusCode} = response;
if (statusCode < 200 && statusCode >= 300) {
console.warn('[ga] Bad status code ' + statusCode);
}
const chunks = [];
const [contentType] = response.headers['content-type'] || [];
if (platform === 'win32') {
updateUrl = UPDATE_URL_WINDOWS;
} else if (platform === 'darwin') {
updateUrl = UPDATE_URL_MAC;
} else {
return null;
}
const params = [
{ name: 'v', value: getAppVersion() },
{ name: 'app', value: getAppId() },
{ name: 'channel', value: settings.updateChannel },
];
const qs = buildQueryStringFromParams(params);
const fullUrl = joinUrlAndQueryString(updateUrl, qs);
console.log(`[updater] Using url ${fullUrl}`);
if (process.env.INSOMNIA_DISABLE_AUTOMATIC_UPDATES) {
console.log(`[updater] Disabled by INSOMNIA_DISABLE_AUTOMATIC_UPDATES environment variable`);
return null;
}
if (isDevelopment()) {
return null;
}
if (!force && !settings.updateAutomatically) {
return null;
}
return fullUrl;
render() {
const { email, body, subject, children } = this.props;
const params = [];
if (subject) {
params.push({ name: 'subject', value: subject });
}
if (body) {
params.push({ name: 'body', value: body });
}
const qs = buildQueryStringFromParams(params);
const href = joinUrlAndQueryString(`mailto:${email}`, qs);
return {children || email};
}
}
async function getRequestUrl(context, request) {
const url = await context.util.render(request.url);
const parameters = [];
for (const p of request.parameters) {
parameters.push({
name: await context.util.render(p.name),
value: await context.util.render(p.value),
});
}
const qs = buildQueryStringFromParams(parameters);
const finalUrl = joinUrlAndQueryString(url, qs);
return smartEncodeUrl(finalUrl, request.settingEncodeUrl);
}