implement #515, show message if alf.io is used in dev mode or in prod…

… mode not over https (#519)
alfio-event · Oct 2, 2018 · 78304e9 · 78304e9
1 parent c505817
commit 78304e9
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 3 deletions.
diff --git a/src/main/java/alfio/config/MvcConfiguration.java b/src/main/java/alfio/config/MvcConfiguration.java
@@ -182,6 +182,8 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
                         boolean demoModeEnabled = environment.acceptsProfiles(Initializer.PROFILE_DEMO);
 
                         modelMap.put("demoModeEnabled", demoModeEnabled);
+                        modelMap.put("devModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_DEV));
+                        modelMap.put("prodModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_LIVE));
 
                         Optional.ofNullable(request.getAttribute("ALFIO_EVENT_NAME")).map(Object::toString).ifPresent(eventName -> {
 

diff --git a/src/main/webapp/WEB-INF/templates/admin/index.ms b/src/main/webapp/WEB-INF/templates/admin/index.ms
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en" data-ng-app="adminApplication" data-ng-csp {{#basicConfigurationNeeded}}data-basic-configuration-needed{{/basicConfigurationNeeded}}>
+<html lang="en" data-ng-app="adminApplication" data-ng-csp {{#basicConfigurationNeeded}}data-basic-configuration-needed{{/basicConfigurationNeeded}} {{#devModeEnabled}}dev-mode-enabled{{/devModeEnabled}} {{#prodModeEnabled}}prod-mode-enabled{{/prodModeEnabled}}>
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -207,5 +207,6 @@
             </footer>
         </div>
     </div>
+    <script src="{{request.contextPath}}/resources/js/common/warning-msg.js" async="true"></script>
 </body>
 </html>
diff --git a/src/main/webapp/WEB-INF/templates/event/page-bottom.ms b/src/main/webapp/WEB-INF/templates/event/page-bottom.ms
@@ -8,5 +8,6 @@
     <script src="https://ssl.google-analytics.com/analytics.js"></script>
     <!-- End Google Analytics -->
 {{/analyticsEnabled}}
+    <script src="{{request.contextPath}}/resources/js/common/warning-msg.js" async="true"></script>
     </body>
 </html>
diff --git a/src/main/webapp/WEB-INF/templates/event/page-top.ms b/src/main/webapp/WEB-INF/templates/event/page-top.ms
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="{{#i18n}}locale{{/i18n}}" prefix="og: http://ogp.me/ns#">
+<html lang="{{#i18n}}locale{{/i18n}}" prefix="og: http://ogp.me/ns#"  {{#devModeEnabled}}dev-mode-enabled{{/devModeEnabled}} {{#prodModeEnabled}}prod-mode-enabled{{/prodModeEnabled}}>
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">

diff --git a/src/main/webapp/WEB-INF/templates/login/login.ms b/src/main/webapp/WEB-INF/templates/login/login.ms
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en" data-ng-app="adminApplication" data-ng-csp>
+<html lang="en" data-ng-app="adminApplication" data-ng-csp {{#devModeEnabled}}dev-mode-enabled{{/devModeEnabled}} {{#prodModeEnabled}}prod-mode-enabled{{/prodModeEnabled}}>
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -64,5 +64,6 @@
             </div>
         </div>
     </div>
+    <script src="{{request.contextPath}}/resources/js/common/warning-msg.js" async="true"></script>
 </body>
 </html>
diff --git a/src/main/webapp/resources/js/common/warning-msg.js b/src/main/webapp/resources/js/common/warning-msg.js
@@ -0,0 +1,49 @@
+(function() {
+
+
+    function buildContainer(lvl, msg, dismiss) {
+        var elem = document.createElement('div');
+        elem.setAttribute('class', 'alert alert-'+lvl+' ' + (dismiss ? 'alert-dismissible' : ''));
+        elem.setAttribute('style', 'position: fixed;bottom: 0;width: 100%;margin: 0;'
+            +'border-bottom: none;border-left: none;border-right: none;border-radius: 0;');
+
+        if(dismiss) {
+            //<button type = "button" class="close" data-dismiss = "alert">x</button>
+            var b = document.createElement('button');
+            b.setAttribute('type', 'button')
+            b.setAttribute('class', 'close')
+            b.textContent = 'x';
+            elem.appendChild(b);
+            b.addEventListener('click', function() {
+                if(elem.parentElement) {
+                    elem.parentElement.removeChild(elem);
+                }
+            });
+        }
+
+        elem.appendChild(document.createTextNode(msg));
+
+        return elem;
+    }
+
+    function handleCheckMsg() {
+
+        if(document.querySelector("html[dev-mode-enabled]")) {
+            // dev mode, display dev mode message
+            document.body.appendChild(buildContainer('info', 'You are running alf.io in development mode', true));
+        } else if(document.querySelector("html[prod-mode-enabled]") && location.protocol.indexOf('https:') === -1) {
+            //prod mode but we are in http mode, display warning message
+            document.body.appendChild(buildContainer('danger', 'You are running alf.io in production mode not over https. '
+                                        +'This is not a recommended configuration.', false));
+
+        }
+
+    }
+
+    if (document.readyState === "loading") {
+        document.addEventListener("DOMContentLoaded", handleCheckMsg);
+    } else {
+        handleCheckMsg();
+    }
+
+})();