2022-03-09 05:31:07 +13:00
|
|
|
const {
|
|
|
|
getGlobalDB,
|
|
|
|
getTenantId,
|
|
|
|
isUserInAppTenant,
|
|
|
|
} = require("@budibase/backend-core/tenancy")
|
2022-02-12 11:24:48 +13:00
|
|
|
const { generateDevInfoID, SEPARATOR } = require("@budibase/backend-core/db")
|
2022-02-15 07:11:35 +13:00
|
|
|
const { user: userCache } = require("@budibase/backend-core/cache")
|
2022-03-09 05:31:07 +13:00
|
|
|
const {
|
|
|
|
hash,
|
|
|
|
platformLogout,
|
|
|
|
getCookie,
|
|
|
|
clearCookie,
|
|
|
|
} = require("@budibase/backend-core/utils")
|
2022-02-15 07:32:09 +13:00
|
|
|
const { encrypt } = require("@budibase/backend-core/encryption")
|
2022-02-11 08:06:49 +13:00
|
|
|
const { newid } = require("@budibase/backend-core/utils")
|
2022-02-15 07:11:35 +13:00
|
|
|
const { getUser } = require("../../utilities")
|
2022-03-09 05:31:07 +13:00
|
|
|
const { Cookies } = require("@budibase/backend-core/constants")
|
2022-02-11 08:06:49 +13:00
|
|
|
|
2022-02-12 11:24:48 +13:00
|
|
|
function newApiKey() {
|
2022-02-15 07:32:09 +13:00
|
|
|
return encrypt(`${getTenantId()}${SEPARATOR}${newid()}`)
|
2022-02-12 11:24:48 +13:00
|
|
|
}
|
|
|
|
|
2022-02-11 08:06:49 +13:00
|
|
|
function cleanupDevInfo(info) {
|
|
|
|
// user doesn't need to aware of dev doc info
|
|
|
|
delete info._id
|
|
|
|
delete info._rev
|
|
|
|
return info
|
|
|
|
}
|
|
|
|
|
2022-02-11 07:34:55 +13:00
|
|
|
exports.generateAPIKey = async ctx => {
|
2022-02-11 08:06:49 +13:00
|
|
|
const db = getGlobalDB()
|
|
|
|
const id = generateDevInfoID(ctx.user._id)
|
|
|
|
let devInfo
|
|
|
|
try {
|
|
|
|
devInfo = await db.get(id)
|
|
|
|
} catch (err) {
|
2022-02-12 11:24:48 +13:00
|
|
|
devInfo = { _id: id, userId: ctx.user._id }
|
2022-02-11 07:34:55 +13:00
|
|
|
}
|
2022-02-15 07:32:09 +13:00
|
|
|
devInfo.apiKey = await newApiKey()
|
2022-02-11 08:06:49 +13:00
|
|
|
await db.put(devInfo)
|
|
|
|
ctx.body = cleanupDevInfo(devInfo)
|
2022-02-11 07:34:55 +13:00
|
|
|
}
|
|
|
|
|
|
|
|
exports.fetchAPIKey = async ctx => {
|
2022-02-11 08:06:49 +13:00
|
|
|
const db = getGlobalDB()
|
|
|
|
const id = generateDevInfoID(ctx.user._id)
|
|
|
|
let devInfo
|
|
|
|
try {
|
|
|
|
devInfo = await db.get(id)
|
|
|
|
} catch (err) {
|
|
|
|
devInfo = {
|
|
|
|
_id: id,
|
2022-02-12 11:24:48 +13:00
|
|
|
userId: ctx.user._id,
|
2022-02-15 07:32:09 +13:00
|
|
|
apiKey: await newApiKey(),
|
2022-02-11 08:06:49 +13:00
|
|
|
}
|
|
|
|
await db.put(devInfo)
|
2022-02-11 07:34:55 +13:00
|
|
|
}
|
2022-02-11 08:06:49 +13:00
|
|
|
ctx.body = cleanupDevInfo(devInfo)
|
2022-02-11 07:34:55 +13:00
|
|
|
}
|
2022-02-15 07:11:35 +13:00
|
|
|
|
2022-03-09 05:31:07 +13:00
|
|
|
const checkCurrentApp = ctx => {
|
|
|
|
const appCookie = getCookie(ctx, Cookies.CurrentApp)
|
|
|
|
if (appCookie && !isUserInAppTenant(appCookie.appId)) {
|
|
|
|
// there is a currentapp cookie from another tenant
|
|
|
|
// remove the cookie as this is incompatible with the builder
|
|
|
|
// due to builder and admin permissions being removed
|
|
|
|
clearCookie(ctx, Cookies.CurrentApp)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-22 06:13:16 +13:00
|
|
|
/**
|
|
|
|
* Add the attributes that are session based to the current user.
|
|
|
|
*/
|
|
|
|
const addSessionAttributesToUser = ctx => {
|
|
|
|
ctx.body.account = ctx.user.account
|
|
|
|
ctx.body.license = ctx.user.license
|
|
|
|
ctx.body.budibaseAccess = ctx.user.budibaseAccess
|
|
|
|
ctx.body.accountPortalAccess = ctx.user.accountPortalAccess
|
|
|
|
ctx.body.csrfToken = ctx.user.csrfToken
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove the attributes that are session based from the current user,
|
|
|
|
* so that stale values are not written to the db
|
|
|
|
*/
|
|
|
|
const removeSessionAttributesFromUser = ctx => {
|
|
|
|
delete ctx.request.body.csrfToken
|
|
|
|
delete ctx.request.body.account
|
|
|
|
delete ctx.request.body.accountPortalAccess
|
|
|
|
delete ctx.request.body.budibaseAccess
|
|
|
|
delete ctx.request.body.license
|
|
|
|
}
|
|
|
|
|
2022-02-15 07:11:35 +13:00
|
|
|
exports.getSelf = async ctx => {
|
|
|
|
if (!ctx.user) {
|
|
|
|
ctx.throw(403, "User not logged in")
|
|
|
|
}
|
|
|
|
const userId = ctx.user._id
|
|
|
|
ctx.params = {
|
|
|
|
id: userId,
|
|
|
|
}
|
2022-03-09 05:31:07 +13:00
|
|
|
|
|
|
|
checkCurrentApp(ctx)
|
|
|
|
|
2022-02-15 07:11:35 +13:00
|
|
|
// get the main body of the user
|
|
|
|
ctx.body = await getUser(userId)
|
2022-03-22 06:13:16 +13:00
|
|
|
addSessionAttributesToUser(ctx)
|
2022-02-15 07:11:35 +13:00
|
|
|
}
|
|
|
|
|
|
|
|
exports.updateSelf = async ctx => {
|
|
|
|
const db = getGlobalDB()
|
|
|
|
const user = await db.get(ctx.user._id)
|
|
|
|
if (ctx.request.body.password) {
|
|
|
|
// changing password
|
|
|
|
ctx.request.body.password = await hash(ctx.request.body.password)
|
|
|
|
// Log all other sessions out apart from the current one
|
|
|
|
await platformLogout({
|
|
|
|
ctx,
|
|
|
|
userId: ctx.user._id,
|
|
|
|
keepActiveSession: true,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
// don't allow sending up an ID/Rev, always use the existing one
|
|
|
|
delete ctx.request.body._id
|
|
|
|
delete ctx.request.body._rev
|
2022-03-22 06:13:16 +13:00
|
|
|
removeSessionAttributesFromUser(ctx)
|
|
|
|
|
2022-02-15 07:11:35 +13:00
|
|
|
const response = await db.put({
|
|
|
|
...user,
|
|
|
|
...ctx.request.body,
|
|
|
|
})
|
|
|
|
await userCache.invalidateUser(user._id)
|
|
|
|
ctx.body = {
|
|
|
|
_id: response.id,
|
|
|
|
_rev: response.rev,
|
|
|
|
}
|
|
|
|
}
|