From 34d4d1360f24cb77fb82d2c5078944c4baa78cc7 Mon Sep 17 00:00:00 2001
From: Shane Kilkelly <shane@kilkelly.me>
Date: Fri, 29 Sep 2017 15:54:55 +0100
Subject: [PATCH] Anon read-token: add an Authorization header to `$http`

---
 .../web/app/coffee/Features/Project/ProjectController.coffee  | 1 +
 .../coffee/Features/TokenAccess/TokenAccessController.coffee  | 1 +
 services/web/app/views/project/editor.pug                     | 1 +
 services/web/public/coffee/base.coffee                        | 4 +++-
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/web/app/coffee/Features/Project/ProjectController.coffee b/services/web/app/coffee/Features/Project/ProjectController.coffee
index 1150ccaccd..4feef49028 100644
--- a/services/web/app/coffee/Features/Project/ProjectController.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectController.coffee
@@ -303,6 +303,7 @@ module.exports = ProjectController =
 					privilegeLevel: privilegeLevel
 					chatUrl: Settings.apis.chat.url
 					anonymous: anonymous
+					anonToken: req._anonToken
 					languages: Settings.languages
 					themes: THEME_LIST
 					maxDocLength: Settings.max_doc_length
diff --git a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
index f51a03fabb..0dbe5dff99 100644
--- a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
@@ -61,6 +61,7 @@ module.exports = TokenAccessController =
 							"error adding user to project with readAndWrite token"
 						return next(err)
 					req.params.Project_id = project._id.toString()
+					req._anonToken = token
 					return ProjectController.loadEditor(req, res, next)
 
 
diff --git a/services/web/app/views/project/editor.pug b/services/web/app/views/project/editor.pug
index fb92510917..36fa910cfa 100644
--- a/services/web/app/views/project/editor.pug
+++ b/services/web/app/views/project/editor.pug
@@ -118,6 +118,7 @@ block requirejs
 		window.user = data.user;
 		window.csrfToken = "!{csrfToken}";
 		window.anonymous = #{anonymous};
+		window.anonToken = "#{anonToken}";
 		window.maxDocLength = #{maxDocLength};
 		window.trackChangesState = data.trackChangesState;
 		window.showTrackChangesOnboarding = #{!!showTrackChangesOnboarding};
diff --git a/services/web/public/coffee/base.coffee b/services/web/public/coffee/base.coffee
index 41ea0a981b..f2a71ea6f3 100644
--- a/services/web/public/coffee/base.coffee
+++ b/services/web/public/coffee/base.coffee
@@ -17,7 +17,9 @@ define [
 		"ErrorCatcher"
 		"localStorage"
 		"ngTagsInput"
-	]).config ($qProvider, sixpackProvider)->
+	]).config ($qProvider, sixpackProvider, $httpProvider)->
+		if window.anonToken
+			$httpProvider.defaults.headers.common['Authorization'] = window.anonToken
 		$qProvider.errorOnUnhandledRejections(false)
 		sixpackProvider.setOptions({
 			debug: false