2022-04-08 12:28:22 +12:00
|
|
|
const { DocumentTypes, SEPARATOR, ViewNames } = require("./db/utils")
|
2021-04-11 22:35:55 +12:00
|
|
|
const jwt = require("jsonwebtoken")
|
|
|
|
const { options } = require("./middleware/passport/jwt")
|
2022-02-12 11:24:48 +13:00
|
|
|
const { queryGlobalView } = require("./db/views")
|
2022-04-08 12:28:22 +12:00
|
|
|
const { Headers, Cookies, MAX_VALID_DATE } = require("./constants")
|
2021-10-07 03:15:46 +13:00
|
|
|
const env = require("./environment")
|
2022-04-08 12:28:22 +12:00
|
|
|
const userCache = require("./cache/user")
|
2021-10-13 08:19:32 +13:00
|
|
|
const { getUserSessions, invalidateSessions } = require("./security/sessions")
|
2022-04-06 03:56:28 +12:00
|
|
|
const events = require("./events")
|
2021-04-08 22:20:37 +12:00
|
|
|
|
|
|
|
const APP_PREFIX = DocumentTypes.APP + SEPARATOR
|
|
|
|
|
|
|
|
function confirmAppId(possibleAppId) {
|
|
|
|
return possibleAppId && possibleAppId.startsWith(APP_PREFIX)
|
|
|
|
? possibleAppId
|
|
|
|
: undefined
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Given a request tries to find the appId, which can be located in various places
|
|
|
|
* @param {object} ctx The main request body to look through.
|
|
|
|
* @returns {string|undefined} If an appId was found it will be returned.
|
|
|
|
*/
|
|
|
|
exports.getAppId = ctx => {
|
2021-07-24 02:29:14 +12:00
|
|
|
const options = [ctx.headers[Headers.APP_ID], ctx.params.appId]
|
2021-04-08 22:20:37 +12:00
|
|
|
if (ctx.subdomains) {
|
|
|
|
options.push(ctx.subdomains[1])
|
|
|
|
}
|
|
|
|
let appId
|
|
|
|
for (let option of options) {
|
|
|
|
appId = confirmAppId(option)
|
|
|
|
if (appId) {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// look in body if can't find it in subdomain
|
|
|
|
if (!appId && ctx.request.body && ctx.request.body.appId) {
|
|
|
|
appId = confirmAppId(ctx.request.body.appId)
|
|
|
|
}
|
|
|
|
let appPath =
|
|
|
|
ctx.request.headers.referrer ||
|
|
|
|
ctx.path.split("/").filter(subPath => subPath.startsWith(APP_PREFIX))
|
|
|
|
if (!appId && appPath.length !== 0) {
|
|
|
|
appId = confirmAppId(appPath[0])
|
|
|
|
}
|
|
|
|
return appId
|
|
|
|
}
|
|
|
|
|
2021-12-18 03:08:48 +13:00
|
|
|
/**
|
|
|
|
* opens the contents of the specified encrypted JWT.
|
|
|
|
* @return {object} the contents of the token.
|
|
|
|
*/
|
|
|
|
exports.openJwt = token => {
|
|
|
|
if (!token) {
|
|
|
|
return token
|
|
|
|
}
|
|
|
|
return jwt.verify(token, options.secretOrKey)
|
|
|
|
}
|
|
|
|
|
2021-04-11 22:35:55 +12:00
|
|
|
/**
|
|
|
|
* Get a cookie from context, and decrypt if necessary.
|
|
|
|
* @param {object} ctx The request which is to be manipulated.
|
|
|
|
* @param {string} name The name of the cookie to get.
|
|
|
|
*/
|
2021-04-13 05:31:58 +12:00
|
|
|
exports.getCookie = (ctx, name) => {
|
|
|
|
const cookie = ctx.cookies.get(name)
|
2021-04-11 22:35:55 +12:00
|
|
|
|
2021-04-13 05:31:58 +12:00
|
|
|
if (!cookie) {
|
|
|
|
return cookie
|
|
|
|
}
|
2021-04-11 22:35:55 +12:00
|
|
|
|
2021-12-18 03:08:48 +13:00
|
|
|
return exports.openJwt(cookie)
|
2021-04-11 22:35:55 +12:00
|
|
|
}
|
|
|
|
|
2021-04-08 22:20:37 +12:00
|
|
|
/**
|
2021-07-07 05:10:04 +12:00
|
|
|
* Store a cookie for the request - it will not expire.
|
2021-04-08 22:20:37 +12:00
|
|
|
* @param {object} ctx The request which is to be manipulated.
|
|
|
|
* @param {string} name The name of the cookie to set.
|
|
|
|
* @param {string|object} value The value of cookie which will be set.
|
2021-12-04 01:39:20 +13:00
|
|
|
* @param {object} opts options like whether to sign.
|
2021-04-08 22:20:37 +12:00
|
|
|
*/
|
2022-01-26 22:33:14 +13:00
|
|
|
exports.setCookie = (ctx, value, name = "builder", opts = { sign: true }) => {
|
2021-12-04 01:39:20 +13:00
|
|
|
if (value && opts && opts.sign) {
|
2021-07-07 05:10:04 +12:00
|
|
|
value = jwt.sign(value, options.secretOrKey)
|
2021-09-30 01:51:33 +13:00
|
|
|
}
|
2021-09-29 04:35:31 +13:00
|
|
|
|
2021-09-30 01:51:33 +13:00
|
|
|
const config = {
|
2021-12-04 01:39:20 +13:00
|
|
|
expires: MAX_VALID_DATE,
|
2021-09-30 01:51:33 +13:00
|
|
|
path: "/",
|
|
|
|
httpOnly: false,
|
|
|
|
overwrite: true,
|
|
|
|
}
|
2021-09-29 04:35:31 +13:00
|
|
|
|
2022-04-08 12:28:22 +12:00
|
|
|
if (env.COOKIE_DOMAIN) {
|
|
|
|
config.domain = env.COOKIE_DOMAIN
|
2021-04-08 22:20:37 +12:00
|
|
|
}
|
2021-09-30 01:51:33 +13:00
|
|
|
|
|
|
|
ctx.cookies.set(name, value, config)
|
2021-04-08 22:20:37 +12:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Utility function, simply calls setCookie with an empty string for value
|
|
|
|
*/
|
|
|
|
exports.clearCookie = (ctx, name) => {
|
2021-04-24 05:07:39 +12:00
|
|
|
exports.setCookie(ctx, null, name)
|
2021-04-08 22:20:37 +12:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks if the API call being made (based on the provided ctx object) is from the client. If
|
|
|
|
* the call is not from a client app then it is from the builder.
|
|
|
|
* @param {object} ctx The koa context object to be tested.
|
|
|
|
* @return {boolean} returns true if the call is from the client lib (a built app rather than the builder).
|
|
|
|
*/
|
|
|
|
exports.isClient = ctx => {
|
2021-07-24 02:29:14 +12:00
|
|
|
return ctx.headers[Headers.TYPE] === "client"
|
2021-04-08 22:20:37 +12:00
|
|
|
}
|
2021-04-20 04:31:47 +12:00
|
|
|
|
2022-03-05 02:42:50 +13:00
|
|
|
exports.getBuildersCount = async () => {
|
2022-03-22 13:23:22 +13:00
|
|
|
const builders = await queryGlobalView(ViewNames.USER_BY_BUILDERS, {
|
|
|
|
include_docs: false,
|
|
|
|
})
|
2022-03-26 05:08:12 +13:00
|
|
|
return builders.length
|
2022-03-05 02:42:50 +13:00
|
|
|
}
|
|
|
|
|
2021-10-13 04:13:54 +13:00
|
|
|
/**
|
|
|
|
* Logs a user out from budibase. Re-used across account portal and builder.
|
|
|
|
*/
|
2021-10-14 00:26:26 +13:00
|
|
|
exports.platformLogout = async ({ ctx, userId, keepActiveSession }) => {
|
|
|
|
if (!ctx) throw new Error("Koa context must be supplied to logout.")
|
|
|
|
|
2022-02-05 06:35:45 +13:00
|
|
|
const currentSession = exports.getCookie(ctx, Cookies.Auth)
|
2021-10-13 08:19:32 +13:00
|
|
|
let sessions = await getUserSessions(userId)
|
2021-10-13 04:13:54 +13:00
|
|
|
|
|
|
|
if (keepActiveSession) {
|
2021-10-14 00:26:26 +13:00
|
|
|
sessions = sessions.filter(
|
|
|
|
session => session.sessionId !== currentSession.sessionId
|
|
|
|
)
|
2021-10-13 07:49:34 +13:00
|
|
|
} else {
|
2021-10-14 00:26:26 +13:00
|
|
|
// clear cookies
|
2022-02-05 06:35:45 +13:00
|
|
|
exports.clearCookie(ctx, Cookies.Auth)
|
|
|
|
exports.clearCookie(ctx, Cookies.CurrentApp)
|
2021-10-13 04:13:54 +13:00
|
|
|
}
|
|
|
|
|
|
|
|
await invalidateSessions(
|
|
|
|
userId,
|
|
|
|
sessions.map(({ sessionId }) => sessionId)
|
|
|
|
)
|
2022-04-06 03:56:28 +12:00
|
|
|
events.auth.logout()
|
2022-03-03 20:20:30 +13:00
|
|
|
await userCache.invalidateUser(userId)
|
2021-10-13 04:13:54 +13:00
|
|
|
}
|