[vchess.git] / client / src / utils / ajax.js

import params from "../parameters"; //for server URL

// TODO: replace by fetch API ?
// https://www.sitepoint.com/xmlhttprequest-vs-the-fetch-api-whats-best-for-ajax-in-2019/
// Problem: fetch() does not set req.xhr... see access/ajax() security especially for /whoami

// From JSON (encoded string values!) to "arg1=...&arg2=..."
function toQueryString(data)
{
  let data_str = "";
  Object.keys(data).forEach(k => {
    data_str += k + "=" + encodeURIComponent(data[k]) + "&";
  });
  return data_str.slice(0, -1); //remove last "&"
}

// data, error: optional
export function ajax(url, method, data, success, error)
{
  let xhr = new XMLHttpRequest();
  if (data === undefined || typeof(data) === "function") //no data
  {
    error = success;
    success = data;
    data = {};
  }
  if (!success)
    success = () => {}; //by default, do nothing
  if (!error)
    error = errmsg => { alert(errmsg); };
  xhr.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200)
    {
      let res_json = "";
      try {
        res_json = JSON.parse(xhr.responseText);
      } catch (e) {
        // Plain text (e.g. for rules retrieval)
        return success(xhr.responseText);
      }
      if (!res_json.errmsg && !res_json.errno)
        success(res_json);
      else
      {
        if (!!res_json.errmsg)
          error(res_json.errmsg);
        else
          error(res_json.code + ". errno = " + res_json.errno);
      }
    }
  };

  if (["GET","DELETE"].includes(method) && !!data)
  {
    // Append query params to URL
    url += "/?" + toQueryString(data);
  }
  xhr.open(method, params.serverUrl + url, true);
  xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest");
  // Next line to allow cross-domain cookies in dev mode
  if (params.cors)
    xhr.withCredentials = true;
  if (["POST","PUT"].includes(method))
  {
    xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
    xhr.send(JSON.stringify(data));
  }
  else
    xhr.send();
}
Commit	Line	Data
03470390 BA	1	import params from "../parameters"; //for server URL
03470390 BA	2
e64c6f67 BA	3	// TODO: replace by fetch API ?
e64c6f67 BA	4	// https://www.sitepoint.com/xmlhttprequest-vs-the-fetch-api-whats-best-for-ajax-in-2019/
317b8a56	5	// Problem: fetch() does not set req.xhr... see access/ajax() security especially for /whoami
e64c6f67	6
da06a6eb BA	7	// From JSON (encoded string values!) to "arg1=...&arg2=..."
	8	function toQueryString(data)
	9	{
dac39588 BA	10	let data_str = "";
	11	Object.keys(data).forEach(k => {
	12	data_str += k + "=" + encodeURIComponent(data[k]) + "&";
	13	});
	14	return data_str.slice(0, -1); //remove last "&"
da06a6eb BA	15	}
	16
	17	// data, error: optional
625022fd	18	export function ajax(url, method, data, success, error)
da06a6eb	19	{
dac39588 BA	20	let xhr = new XMLHttpRequest();
	21	if (data === undefined \|\| typeof(data) === "function") //no data
	22	{
	23	error = success;
	24	success = data;
	25	data = {};
	26	}
b4de2e73 BA	27	if (!success)
b4de2e73 BA	28	success = () => {}; //by default, do nothing
dac39588 BA	29	if (!error)
	30	error = errmsg => { alert(errmsg); };
	31	xhr.onreadystatechange = function() {
	32	if (this.readyState == 4 && this.status == 200)
	33	{
1aeed627	34	let res_json = "";
dac39588 BA	35	try {
dac39588 BA	36	res_json = JSON.parse(xhr.responseText);
1aeed627	37	} catch (e) {
dac39588 BA	38	// Plain text (e.g. for rules retrieval)
dac39588 BA	39	return success(xhr.responseText);
1aeed627	40	}
6f57a976	41	if (!res_json.errmsg && !res_json.errno)
1aeed627	42	success(res_json);
dac39588	43	else
6f57a976 BA	44	{
6f57a976 BA	45	if (!!res_json.errmsg)
dac39588	46	error(res_json.errmsg);
6f57a976 BA	47	else
	48	error(res_json.code + ". errno = " + res_json.errno);
	49	}
dac39588 BA	50	}
dac39588 BA	51	};
da06a6eb	52
dac39588 BA	53	if (["GET","DELETE"].includes(method) && !!data)
	54	{
	55	// Append query params to URL
	56	url += "/?" + toQueryString(data);
	57	}
	58	xhr.open(method, params.serverUrl + url, true);
	59	xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest");
4f298adb	60	// Next line to allow cross-domain cookies in dev mode
98f48579 BA	61	if (params.cors)
98f48579 BA	62	xhr.withCredentials = true;
1aeed627	63	if (["POST","PUT"].includes(method))
dac39588 BA	64	{
	65	xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
	66	xhr.send(JSON.stringify(data));
	67	}
	68	else
	69	xhr.send();
da06a6eb	70	}