budibase/packages/server/src/api/controllers/auth.js

const CouchDB = require("../../db")
const { outputProcessing } = require("../../utilities/rowProcessor")
const { InternalTables } = require("../../db/utils")
const { getFullUser } = require("../../utilities/users")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")

exports.fetchSelf = async ctx => {
  const appId = ctx.appId
  let userId = ctx.user.userId || ctx.user._id
  /* istanbul ignore next */
  if (!userId) {
    ctx.body = {}
    return
  }

  const user = await getFullUser(ctx, userId)

  if (appId) {
    const db = new CouchDB(appId)
    // remove the full roles structure
    delete user.roles
    try {
      const userTable = await db.get(InternalTables.USER_METADATA)
      const metadata = await db.get(userId)
      // specifically needs to make sure is enriched
      ctx.body = await outputProcessing(ctx, userTable, {
        ...user,
        ...metadata,
      })
    } catch (err) {
      let response
      // user didn't exist in app, don't pretend they do
      if (user.roleId === BUILTIN_ROLE_IDS.PUBLIC) {
        response = {}
      }
      // user has a role of some sort, return them
      else if (err.status === 404) {
        const metadata = {
          _id: userId,
        }
        const dbResp = await db.put(metadata)
        user._rev = dbResp.rev
        response = user
      } else {
        response = user
      }
      ctx.body = response
    }
  } else {
    ctx.body = user
  }
}
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const CouchDB = require("../../db")`
Updating the self auth endpoint to use the row processor. 2021-02-19 23:32:24 +13:00			`const { outputProcessing } = require("../../utilities/rowProcessor")`
Updating some test cases to work with new system. 2021-04-10 04:33:21 +12:00			`const { InternalTables } = require("../../db/utils")`
Updating fetch self to get the global user as well as local metadata. 2021-04-13 02:54:14 +12:00			`const { getFullUser } = require("../../utilities/users")`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")`
correct resource paths 2020-04-08 07:34:21 +12:00
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`exports.fetchSelf = async ctx => {`
Fixing some issues with the ctx.user, this was previously filled in by the old auth middleware. 2021-04-14 02:27:47 +12:00			`const appId = ctx.appId`
Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps. 2021-06-04 23:13:29 +12:00			`let userId = ctx.user.userId \|\| ctx.user._id`
Adding auth tests. 2021-03-11 01:20:07 +13:00			`/* istanbul ignore next */`
Authentication working on builder homepage, integration with currentapp middleware 2021-04-13 22:56:57 +12:00			`if (!userId) {`
Add current user bindings, and current user relationships as data sources 2021-01-29 03:29:35 +13:00			`ctx.body = {}`
Updating the self auth endpoint to use the row processor. 2021-02-19 23:32:24 +13:00			`return`
			`}`
Authentication working on builder homepage, integration with currentapp middleware 2021-04-13 22:56:57 +12:00
Updating the server to remove use of the email in the user ID. 2021-04-20 03:26:33 +12:00			`const user = await getFullUser(ctx, userId)`
Removing the lookup of _id in usage quota when in dev/self host for performance reasons as part of usage quota, re-writing some bits of fetch self for cleaner implementation, fixing some issues with updating/saving users from within app. 2021-04-14 04:11:55 +12:00
			`if (appId) {`
			`const db = new CouchDB(appId)`
			`// remove the full roles structure`
			`delete user.roles`
			`try {`
			`const userTable = await db.get(InternalTables.USER_METADATA)`
			`const metadata = await db.get(userId)`
			`// specifically needs to make sure is enriched`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`ctx.body = await outputProcessing(ctx, userTable, {`
Removing the lookup of _id in usage quota when in dev/self host for performance reasons as part of usage quota, re-writing some bits of fetch self for cleaner implementation, fixing some issues with updating/saving users from within app. 2021-04-14 04:11:55 +12:00			`...user,`
			`...metadata,`
			`})`
			`} catch (err) {`
Fixing an issue with user metadata not always being present when user accessing app, causing weird issues. 2021-10-22 05:23:10 +13:00			`let response`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`// user didn't exist in app, don't pretend they do`
			`if (user.roleId === BUILTIN_ROLE_IDS.PUBLIC) {`
Fixing an issue with user metadata not always being present when user accessing app, causing weird issues. 2021-10-22 05:23:10 +13:00			`response = {}`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`}`
			`// user has a role of some sort, return them`
Fixing an issue with user metadata not always being present when user accessing app, causing weird issues. 2021-10-22 05:23:10 +13:00			`else if (err.status === 404) {`
			`const metadata = {`
			`_id: userId,`
			`}`
			`const dbResp = await db.put(metadata)`
			`user._rev = dbResp.rev`
			`response = user`
			`} else {`
			`response = user`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`}`
Fixing an issue with user metadata not always being present when user accessing app, causing weird issues. 2021-10-22 05:23:10 +13:00			`ctx.body = response`
Removing the lookup of _id in usage quota when in dev/self host for performance reasons as part of usage quota, re-writing some bits of fetch self for cleaner implementation, fixing some issues with updating/saving users from within app. 2021-04-14 04:11:55 +12:00			`}`
			`} else {`
			`ctx.body = user`
Add current user bindings, and current user relationships as data sources 2021-01-29 03:29:35 +13:00			`}`
			`}`