budibase/packages/server/src/middleware/currentapp.js

const { getAppId, setCookie, getCookie, clearCookie } =
  require("@budibase/auth").utils
const { Cookies } = require("@budibase/auth").constants
const { getRole } = require("@budibase/auth/roles")
const { getGlobalSelf } = require("../utilities/workerRequests")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { generateUserMetadataID } = require("../db/utils")
const { dbExists } = require("@budibase/auth/db")
const CouchDB = require("../db")

module.exports = async (ctx, next) => {
  // try to get the appID from the request
  const requestAppId = getAppId(ctx)
  // get app cookie if it exists
  const appCookie = getCookie(ctx, Cookies.CurrentApp)
  if (!appCookie && !requestAppId) {
    return next()
  }
  // check the app exists referenced in cookie
  if (appCookie) {
    const appId = appCookie.appId
    const exists = await dbExists(CouchDB, appId)
    if (!exists) {
      clearCookie(ctx, Cookies.CurrentApp)
      return next()
    }
  }

  let updateCookie = false,
    appId,
    roleId = BUILTIN_ROLE_IDS.PUBLIC
  if (!ctx.user) {
    // not logged in, try to set a cookie for public apps
    updateCookie = true
    appId = requestAppId
  } else if (
    requestAppId != null &&
    (appCookie == null ||
      requestAppId !== appCookie.appId ||
      appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC ||
      !appCookie.roleId)
  ) {
    // Different App ID means cookie needs reset, or if the same public user has logged in
    const globalUser = await getGlobalSelf(ctx, requestAppId)
    updateCookie = true
    appId = requestAppId
    // retrieving global user gets the right role
    roleId = globalUser.roleId || BUILTIN_ROLE_IDS.BASIC
  } else if (appCookie != null) {
    appId = appCookie.appId
    roleId = appCookie.roleId || BUILTIN_ROLE_IDS.BASIC
  }
  // nothing more to do
  if (!appId) {
    return next()
  }

  ctx.appId = appId
  if (roleId) {
    ctx.roleId = roleId
    const userId = ctx.user ? generateUserMetadataID(ctx.user._id) : null
    ctx.user = {
      ...ctx.user,
      // override userID with metadata one
      _id: userId,
      userId,
      roleId,
      role: await getRole(appId, roleId),
    }
  }
  if (updateCookie) {
    setCookie(ctx, { appId, roleId }, Cookies.CurrentApp)
  }
  return next()
}
Lint with prettier 2021-06-16 06:39:40 +12:00			`const { getAppId, setCookie, getCookie, clearCookie } =`
			`require("@budibase/auth").utils`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00			`const { Cookies } = require("@budibase/auth").constants`
A general re-work of some parts of the auth lib, as well as moving roles/permissions around to make it possible to build an admin API which has role knowledge. 2021-05-15 02:43:41 +12:00			`const { getRole } = require("@budibase/auth/roles")`
Linting. 2021-05-28 01:55:48 +12:00			`const { getGlobalSelf } = require("../utilities/workerRequests")`
A general re-work of some parts of the auth lib, as well as moving roles/permissions around to make it possible to build an admin API which has role knowledge. 2021-05-15 02:43:41 +12:00			`const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")`
Updating test cases and some re-work of the email system. 2021-04-24 05:07:39 +12:00			`const { generateUserMetadataID } = require("../db/utils")`
Fixing a collection of issues, specifically users being exported/imported and issues with database import causing weirdness (metadata doc being wrong). 2021-06-09 05:06:16 +12:00			`const { dbExists } = require("@budibase/auth/db")`
			`const CouchDB = require("../db")`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00
			`module.exports = async (ctx, next) => {`
			`// try to get the appID from the request`
			`const requestAppId = getAppId(ctx)`
			`// get app cookie if it exists`
			`const appCookie = getCookie(ctx, Cookies.CurrentApp)`
			`if (!appCookie && !requestAppId) {`
			`return next()`
			`}`
Fixing a collection of issues, specifically users being exported/imported and issues with database import causing weirdness (metadata doc being wrong). 2021-06-09 05:06:16 +12:00			`// check the app exists referenced in cookie`
			`if (appCookie) {`
			`const appId = appCookie.appId`
			`const exists = await dbExists(CouchDB, appId)`
			`if (!exists) {`
			`clearCookie(ctx, Cookies.CurrentApp)`
			`return next()`
			`}`
			`}`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00
			`let updateCookie = false,`
			`appId,`
Getting most of the test auth working, adding in global builder configuration. 2021-04-14 05:12:35 +12:00			`roleId = BUILTIN_ROLE_IDS.PUBLIC`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`if (!ctx.user) {`
			`// not logged in, try to set a cookie for public apps`
			`updateCookie = true`
			`appId = requestAppId`
			`} else if (`
			`requestAppId != null &&`
ensuring public users can log in after being assigned a roleId 2021-04-14 03:56:45 +12:00			`(appCookie == null \|\|`
			`requestAppId !== appCookie.appId \|\|`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC \|\|`
			`!appCookie.roleId)`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`) {`
ensuring public users can log in after being assigned a roleId 2021-04-14 03:56:45 +12:00			`// Different App ID means cookie needs reset, or if the same public user has logged in`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`const globalUser = await getGlobalSelf(ctx, requestAppId)`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`updateCookie = true`
			`appId = requestAppId`
Fixing two issues which were blocking previews, one the user was no longer being updated as an admin (when first building/creating an app) and two, role was not being carried across from global user properly. 2021-05-14 05:10:09 +12:00			`// retrieving global user gets the right role`
make logged in users basic by default, prevent allowing users to be assigned as default in the UI 2021-07-07 05:43:04 +12:00			`roleId = globalUser.roleId \|\| BUILTIN_ROLE_IDS.BASIC`
Adding test cases for current app middleware as well as removing some old middlewares that were no longer used. 2021-04-14 00:32:09 +12:00			`} else if (appCookie != null) {`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`appId = appCookie.appId`
make logged in users basic by default, prevent allowing users to be assigned as default in the UI 2021-07-07 05:43:04 +12:00			`roleId = appCookie.roleId \|\| BUILTIN_ROLE_IDS.BASIC`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`}`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`// nothing more to do`
			`if (!appId) {`
			`return next()`
			`}`

			`ctx.appId = appId`
			`if (roleId) {`
			`ctx.roleId = roleId`
config specificity 2021-04-22 22:45:22 +12:00			`const userId = ctx.user ? generateUserMetadataID(ctx.user._id) : null`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`ctx.user = {`
			`...ctx.user,`
			`// override userID with metadata one`
			`_id: userId,`
			`userId,`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`roleId,`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`role: await getRole(appId, roleId),`
Updating current app to set up role in middleware. 2021-04-14 01:35:00 +12:00			`}`
			`}`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`if (updateCookie) {`
Updating current app to set up role in middleware. 2021-04-14 01:35:00 +12:00			`setCookie(ctx, { appId, roleId }, Cookies.CurrentApp)`
			`}`
			`return next()`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`}`