From 78304e930d2b187c00ff816992744510a973ca26 Mon Sep 17 00:00:00 2001
From: Sylvain Jermini <sylvain.jermini@syjer.com>
Date: Tue, 2 Oct 2018 18:24:56 +0200
Subject: [PATCH] implement #515, show message if alf.io is used in dev mode or
 in prod mode not over https (#519)

---
 .../java/alfio/config/MvcConfiguration.java   |  2 +
 .../webapp/WEB-INF/templates/admin/index.ms   |  3 +-
 .../WEB-INF/templates/event/page-bottom.ms    |  1 +
 .../WEB-INF/templates/event/page-top.ms       |  2 +-
 .../webapp/WEB-INF/templates/login/login.ms   |  3 +-
 .../webapp/resources/js/common/warning-msg.js | 49 +++++++++++++++++++
 6 files changed, 57 insertions(+), 3 deletions(-)
 create mode 100644 src/main/webapp/resources/js/common/warning-msg.js

diff --git a/src/main/java/alfio/config/MvcConfiguration.java b/src/main/java/alfio/config/MvcConfiguration.java
index ab496fed87..3e9393d5ef 100644
--- a/src/main/java/alfio/config/MvcConfiguration.java
+++ b/src/main/java/alfio/config/MvcConfiguration.java
@@ -182,6 +182,8 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
                         boolean demoModeEnabled = environment.acceptsProfiles(Initializer.PROFILE_DEMO);
 
                         modelMap.put("demoModeEnabled", demoModeEnabled);
+                        modelMap.put("devModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_DEV));
+                        modelMap.put("prodModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_LIVE));
 
                         Optional.ofNullable(request.getAttribute("ALFIO_EVENT_NAME")).map(Object::toString).ifPresent(eventName -> {
 
diff --git a/src/main/webapp/WEB-INF/templates/admin/index.ms b/src/main/webapp/WEB-INF/templates/admin/index.ms
index 894cbb90aa..600138d77c 100644
--- a/src/main/webapp/WEB-INF/templates/admin/index.ms
+++ b/src/main/webapp/WEB-INF/templates/admin/index.ms
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en" data-ng-app="adminApplication" data-ng-csp {{#basicConfigurationNeeded}}data-basic-configuration-needed{{/basicConfigurationNeeded}}>
+<html lang="en" data-ng-app="adminApplication" data-ng-csp {{#basicConfigurationNeeded}}data-basic-configuration-needed{{/basicConfigurationNeeded}} {{#devModeEnabled}}dev-mode-enabled{{/devModeEnabled}} {{#prodModeEnabled}}prod-mode-enabled{{/prodModeEnabled}}>
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -207,5 +207,6 @@
             </footer>
         </div>
     </div>
+    <script src="{{request.contextPath}}/resources/js/common/warning-msg.js" async="true"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/templates/event/page-bottom.ms b/src/main/webapp/WEB-INF/templates/event/page-bottom.ms
index ef0c980f54..6a62cbee45 100644
--- a/src/main/webapp/WEB-INF/templates/event/page-bottom.ms
+++ b/src/main/webapp/WEB-INF/templates/event/page-bottom.ms
@@ -8,5 +8,6 @@
     <script src="https://ssl.google-analytics.com/analytics.js"></script>
     <!-- End Google Analytics -->
 {{/analyticsEnabled}}
+    <script src="{{request.contextPath}}/resources/js/common/warning-msg.js" async="true"></script>
     </body>
 </html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/templates/event/page-top.ms b/src/main/webapp/WEB-INF/templates/event/page-top.ms
index 1ffdf7a5a9..868d581401 100644
--- a/src/main/webapp/WEB-INF/templates/event/page-top.ms
+++ b/src/main/webapp/WEB-INF/templates/event/page-top.ms
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="{{#i18n}}locale{{/i18n}}" prefix="og: http://ogp.me/ns#">
+<html lang="{{#i18n}}locale{{/i18n}}" prefix="og: http://ogp.me/ns#"  {{#devModeEnabled}}dev-mode-enabled{{/devModeEnabled}} {{#prodModeEnabled}}prod-mode-enabled{{/prodModeEnabled}}>
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
diff --git a/src/main/webapp/WEB-INF/templates/login/login.ms b/src/main/webapp/WEB-INF/templates/login/login.ms
index 997e0527a4..e26b1cb026 100644
--- a/src/main/webapp/WEB-INF/templates/login/login.ms
+++ b/src/main/webapp/WEB-INF/templates/login/login.ms
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en" data-ng-app="adminApplication" data-ng-csp>
+<html lang="en" data-ng-app="adminApplication" data-ng-csp {{#devModeEnabled}}dev-mode-enabled{{/devModeEnabled}} {{#prodModeEnabled}}prod-mode-enabled{{/prodModeEnabled}}>
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -64,5 +64,6 @@
             </div>
         </div>
     </div>
+    <script src="{{request.contextPath}}/resources/js/common/warning-msg.js" async="true"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/src/main/webapp/resources/js/common/warning-msg.js b/src/main/webapp/resources/js/common/warning-msg.js
new file mode 100644
index 0000000000..f5393bd115
--- /dev/null
+++ b/src/main/webapp/resources/js/common/warning-msg.js
@@ -0,0 +1,49 @@
+(function() {
+
+
+    function buildContainer(lvl, msg, dismiss) {
+        var elem = document.createElement('div');
+        elem.setAttribute('class', 'alert alert-'+lvl+' ' + (dismiss ? 'alert-dismissible' : ''));
+        elem.setAttribute('style', 'position: fixed;bottom: 0;width: 100%;margin: 0;'
+            +'border-bottom: none;border-left: none;border-right: none;border-radius: 0;');
+
+        if(dismiss) {
+            //<button type = "button" class="close" data-dismiss = "alert">x</button>
+            var b = document.createElement('button');
+            b.setAttribute('type', 'button')
+            b.setAttribute('class', 'close')
+            b.textContent = 'x';
+            elem.appendChild(b);
+            b.addEventListener('click', function() {
+                if(elem.parentElement) {
+                    elem.parentElement.removeChild(elem);
+                }
+            });
+        }
+
+        elem.appendChild(document.createTextNode(msg));
+
+        return elem;
+    }
+
+    function handleCheckMsg() {
+
+        if(document.querySelector("html[dev-mode-enabled]")) {
+            // dev mode, display dev mode message
+            document.body.appendChild(buildContainer('info', 'You are running alf.io in development mode', true));
+        } else if(document.querySelector("html[prod-mode-enabled]") && location.protocol.indexOf('https:') === -1) {
+            //prod mode but we are in http mode, display warning message
+            document.body.appendChild(buildContainer('danger', 'You are running alf.io in production mode not over https. '
+                                        +'This is not a recommended configuration.', false));
+
+        }
+
+    }
+
+    if (document.readyState === "loading") {
+        document.addEventListener("DOMContentLoaded", handleCheckMsg);
+    } else {
+        handleCheckMsg();
+    }
+
+})();
\ No newline at end of file