From 86ad0b38dd5ee34f345772d81df456b051219227 Mon Sep 17 00:00:00 2001
From: padmanto <padmanto@gmail.com>
Date: Tue, 29 Apr 2025 09:42:53 +0700
Subject: [PATCH] Monkey Patch XMLHttpRequest -- inject bearer token and verify
 response

---
 platform/app/public/config/default.js |  6 ++++-
 platform/app/src/App.tsx              | 32 +++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/platform/app/public/config/default.js b/platform/app/public/config/default.js
index a87cfcb..99b0c2a 100644
--- a/platform/app/public/config/default.js
+++ b/platform/app/public/config/default.js
@@ -1,6 +1,10 @@
 /** @type {AppTypes.Config} */
-
+function sas_get_token() {
+  //implement token here
+  return "kris-check-token-is-here";
+}
 window.config = {
+  sasGetToken: sas_get_token,
   routerBasename: '/',
   // whiteLabeling: {},
   extensions: [],
diff --git a/platform/app/src/App.tsx b/platform/app/src/App.tsx
index 253080b..e796f1d 100644
--- a/platform/app/src/App.tsx
+++ b/platform/app/src/App.tsx
@@ -37,6 +37,38 @@ import appInit from './appInit.js';
 import OpenIdConnectRoutes from './utils/OpenIdConnectRoutes';
 import { ShepherdJourneyProvider } from 'react-shepherd';
 
+function injectAuth() {
+  console.log("---> Inject Auth");
+  const originalXHROpen = XMLHttpRequest.prototype.open;
+  const originalXHRSend = XMLHttpRequest.prototype.send;
+
+  //take from local storage for the token
+  // let authToken = '--kris-auth-token-check--';
+  let authToken = window.config.sasGetToken();
+
+  XMLHttpRequest.prototype.open = function (method, url, async, user, password) {
+    this._url = url; // Save URL if you want conditional logic
+    return originalXHROpen.apply(this, arguments);
+  };
+
+  XMLHttpRequest.prototype.send = function (body) {
+    this.setRequestHeader('Authorization', `Bearer ${authToken}`);
+    this.addEventListener('readystatechange', function () {
+      if (this.readyState === 4) { // DONE
+        try {
+          //check responseType ie json, and then check the auth response status
+          //redirect to custom login page if needed
+          console.log("response type :", this.responseType);
+          console.log("response :", this.response);
+          console.log("responseText :", this.responseText);
+        } catch (e) { }
+      }
+    });
+    return originalXHRSend.apply(this, arguments);
+  };
+}
+
+injectAuth();
 let commandsManager: CommandsManager,
   extensionManager: ExtensionManager,
   servicesManager: AppTypes.ServicesManager,