budibase/packages/server/src/middleware/currentapp.js

const { getAppId, setCookie, getCookie, clearCookie } =
  require("@budibase/auth").utils
const { Cookies } = require("@budibase/auth").constants
const { getRole } = require("@budibase/auth/roles")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { generateUserMetadataID, isDevAppID } = require("../db/utils")
const { dbExists } = require("@budibase/auth/db")
const { isUserInAppTenant } = require("@budibase/auth/tenancy")
const { getCachedSelf } = require("../utilities/global")
const CouchDB = require("../db")
const env = require("../environment")
const { isWebhookEndpoint } = require("./utils")
const { Headers } = require("@budibase/auth/constants")

module.exports = async (ctx, next) => {
  // try to get the appID from the request
  let requestAppId = getAppId(ctx)
  // get app cookie if it exists
  let appCookie = null
  try {
    appCookie = getCookie(ctx, Cookies.CurrentApp)
  } catch (err) {
    clearCookie(ctx, Cookies.CurrentApp)
  }
  if (!appCookie && !requestAppId) {
    return next()
  }
  // check the app exists referenced in cookie
  if (appCookie) {
    const appId = appCookie.appId
    const exists = await dbExists(CouchDB, appId)
    if (!exists) {
      clearCookie(ctx, Cookies.CurrentApp)
      return next()
    }
    // if the request app ID wasn't set, update it with the cookie
    requestAppId = requestAppId || appId
  }

  // deny access to application preview
  if (
    isDevAppID(requestAppId) &&
    !isWebhookEndpoint(ctx) &&
    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
  ) {
    clearCookie(ctx, Cookies.CurrentApp)
    return ctx.redirect("/")
  }

  let appId,
    roleId = BUILTIN_ROLE_IDS.PUBLIC
  if (!ctx.user) {
    // not logged in, try to set a cookie for public apps
    appId = requestAppId
  } else if (requestAppId != null) {
    // Different App ID means cookie needs reset, or if the same public user has logged in
    const globalUser = await getCachedSelf(ctx, requestAppId)
    appId = requestAppId
    // retrieving global user gets the right role
    roleId = globalUser.roleId || roleId
  }

  // nothing more to do
  if (!appId) {
    return next()
  }

  // Allow builders to specify their role via a header
  const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
  const isDevApp = appId && isDevAppID(appId)
  const roleHeader = ctx.request.headers[Headers.PREVIEW_ROLE]
  if (isBuilder && isDevApp && roleHeader) {
    // Ensure the role is valid ensuring a definition exists
    try {
      await getRole(appId, roleHeader)
      roleId = roleHeader
    } catch (error) {
      // Swallow error and do nothing
    }
  }

  let noCookieSet = false
  // if the user not in the right tenant then make sure they have no permissions
  // need to judge this only based on the request app ID,
  if (
    env.MULTI_TENANCY &&
    ctx.user &&
    requestAppId &&
    !isUserInAppTenant(requestAppId)
  ) {
    // don't error, simply remove the users rights (they are a public user)
    delete ctx.user.builder
    delete ctx.user.admin
    delete ctx.user.roles
    roleId = BUILTIN_ROLE_IDS.PUBLIC
    noCookieSet = true
  }

  ctx.appId = appId
  if (roleId) {
    ctx.roleId = roleId
    const userId = ctx.user ? generateUserMetadataID(ctx.user._id) : null
    ctx.user = {
      ...ctx.user,
      // override userID with metadata one
      _id: userId,
      userId,
      roleId,
      role: await getRole(appId, roleId),
    }
  }
  if (
    (requestAppId !== appId ||
      appCookie == null ||
      appCookie.appId !== requestAppId) &&
    !noCookieSet
  ) {
    setCookie(ctx, { appId }, Cookies.CurrentApp)
  }

  return next()
}
Lint with prettier 2021-06-16 06:39:40 +12:00			`const { getAppId, setCookie, getCookie, clearCookie } =`
			`require("@budibase/auth").utils`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00			`const { Cookies } = require("@budibase/auth").constants`
A general re-work of some parts of the auth lib, as well as moving roles/permissions around to make it possible to build an admin API which has role knowledge. 2021-05-15 02:43:41 +12:00			`const { getRole } = require("@budibase/auth/roles")`
			`const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")`
Prevent non builder from accessing dev apps 2021-10-26 04:59:09 +13:00			`const { generateUserMetadataID, isDevAppID } = require("../db/utils")`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`const { dbExists } = require("@budibase/auth/db")`
			`const { isUserInAppTenant } = require("@budibase/auth/tenancy")`
WIP - first version of user sessions. 2021-07-07 05:10:04 +12:00			`const { getCachedSelf } = require("../utilities/global")`
Fixing a collection of issues, specifically users being exported/imported and issues with database import causing weirdness (metadata doc being wrong). 2021-06-09 05:06:16 +12:00			`const CouchDB = require("../db")`
prevent cross tenant app access 2021-10-07 10:16:50 +13:00			`const env = require("../environment")`
Fixing an issue with webhooks, couldn't use them in development (like getting schema) and making sure trigger will always use production app #3143. 2021-11-04 03:08:47 +13:00			`const { isWebhookEndpoint } = require("./utils")`
Add devtools to app preview and add ability to preview apps as different roles 2021-11-27 02:25:02 +13:00			`const { Headers } = require("@budibase/auth/constants")`
prevent cross tenant app access 2021-10-07 10:16:50 +13:00
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`module.exports = async (ctx, next) => {`
			`// try to get the appID from the request`
Fixing issue #2193, also fixing the name of the file on export, as well as fixing an issue with the exporters not handling relationships. 2021-08-05 05:20:51 +12:00			`let requestAppId = getAppId(ctx)`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`// get app cookie if it exists`
Updating internal search to disable features were required. 2021-07-24 00:29:50 +12:00			`let appCookie = null`
			`try {`
			`appCookie = getCookie(ctx, Cookies.CurrentApp)`
			`} catch (err) {`
			`clearCookie(ctx, Cookies.CurrentApp)`
			`}`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`if (!appCookie && !requestAppId) {`
			`return next()`
			`}`
Fixing a collection of issues, specifically users being exported/imported and issues with database import causing weirdness (metadata doc being wrong). 2021-06-09 05:06:16 +12:00			`// check the app exists referenced in cookie`
			`if (appCookie) {`
			`const appId = appCookie.appId`
			`const exists = await dbExists(CouchDB, appId)`
			`if (!exists) {`
			`clearCookie(ctx, Cookies.CurrentApp)`
			`return next()`
			`}`
Fixing issue #2193, also fixing the name of the file on export, as well as fixing an issue with the exporters not handling relationships. 2021-08-05 05:20:51 +12:00			`// if the request app ID wasn't set, update it with the cookie`
			`requestAppId = requestAppId \|\| appId`
Fixing a collection of issues, specifically users being exported/imported and issues with database import causing weirdness (metadata doc being wrong). 2021-06-09 05:06:16 +12:00			`}`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00
Prevent non builder from accessing dev apps 2021-10-26 04:59:09 +13:00			`// deny access to application preview`
Linting 2021-10-26 21:42:19 +13:00			`if (`
			`isDevAppID(requestAppId) &&`
Fixing an issue with webhooks, couldn't use them in development (like getting schema) and making sure trigger will always use production app #3143. 2021-11-04 03:08:47 +13:00			`!isWebhookEndpoint(ctx) &&`
Linting 2021-10-26 21:42:19 +13:00			`(!ctx.user \|\| !ctx.user.builder \|\| !ctx.user.builder.global)`
			`) {`
Prevent non builder from accessing dev apps 2021-10-26 04:59:09 +13:00			`clearCookie(ctx, Cookies.CurrentApp)`
			`return ctx.redirect("/")`
			`}`

Fixing session issues after testing a bit. 2021-07-08 04:15:53 +12:00			`let appId,`
			`roleId = BUILTIN_ROLE_IDS.PUBLIC`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`if (!ctx.user) {`
			`// not logged in, try to set a cookie for public apps`
			`appId = requestAppId`
WIP - first version of user sessions. 2021-07-07 05:10:04 +12:00			`} else if (requestAppId != null) {`
ensuring public users can log in after being assigned a roleId 2021-04-14 03:56:45 +12:00			`// Different App ID means cookie needs reset, or if the same public user has logged in`
WIP - first version of user sessions. 2021-07-07 05:10:04 +12:00			`const globalUser = await getCachedSelf(ctx, requestAppId)`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`appId = requestAppId`
Fixing two issues which were blocking previews, one the user was no longer being updated as an admin (when first building/creating an app) and two, role was not being carried across from global user properly. 2021-05-14 05:10:09 +12:00			`// retrieving global user gets the right role`
Fix unit tests 2021-10-13 02:03:47 +13:00			`roleId = globalUser.roleId \|\| roleId`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`}`
prevent cross tenant app access 2021-10-07 10:16:50 +13:00
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`// nothing more to do`
			`if (!appId) {`
			`return next()`
			`}`

Add devtools to app preview and add ability to preview apps as different roles 2021-11-27 02:25:02 +13:00			`// Allow builders to specify their role via a header`
			`const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global`
			`const isDevApp = appId && isDevAppID(appId)`
			`const roleHeader = ctx.request.headers[Headers.PREVIEW_ROLE]`
			`if (isBuilder && isDevApp && roleHeader) {`
			`// Ensure the role is valid ensuring a definition exists`
			`try {`
			`await getRole(appId, roleHeader)`
			`roleId = roleHeader`
			`} catch (error) {`
			`// Swallow error and do nothing`
			`}`
			`}`

Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`let noCookieSet = false`
			`// if the user not in the right tenant then make sure they have no permissions`
			`// need to judge this only based on the request app ID,`
			`if (`
			`env.MULTI_TENANCY &&`
			`ctx.user &&`
			`requestAppId &&`
			`!isUserInAppTenant(requestAppId)`
			`) {`
			`// don't error, simply remove the users rights (they are a public user)`
			`delete ctx.user.builder`
			`delete ctx.user.admin`
			`delete ctx.user.roles`
			`roleId = BUILTIN_ROLE_IDS.PUBLIC`
			`noCookieSet = true`
prevent cross tenant app access 2021-10-07 10:16:50 +13:00			`}`

Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`ctx.appId = appId`
			`if (roleId) {`
			`ctx.roleId = roleId`
config specificity 2021-04-22 22:45:22 +12:00			`const userId = ctx.user ? generateUserMetadataID(ctx.user._id) : null`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`ctx.user = {`
			`...ctx.user,`
			`// override userID with metadata one`
			`_id: userId,`
			`userId,`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`roleId,`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`role: await getRole(appId, roleId),`
Updating current app to set up role in middleware. 2021-04-14 01:35:00 +12:00			`}`
			`}`
Fixing test cases. 2021-07-08 11:30:55 +12:00			`if (`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`(requestAppId !== appId \|\|`
			`appCookie == null \|\|`
			`appCookie.appId !== requestAppId) &&`
			`!noCookieSet`
Fixing test cases. 2021-07-08 11:30:55 +12:00			`) {`
WIP - first version of user sessions. 2021-07-07 05:10:04 +12:00			`setCookie(ctx, { appId }, Cookies.CurrentApp)`
Updating current app to set up role in middleware. 2021-04-14 01:35:00 +12:00			`}`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00
Updating current app to set up role in middleware. 2021-04-14 01:35:00 +12:00			`return next()`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`}`