From 0482bc242cc458568cd545989de4c4cf14797071 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Wed, 3 Jun 2020 20:35:30 +0100
Subject: [PATCH] fix some other auth bugs

---
 .DS_Store                                     | Bin 6148 -> 6148 bytes
 .../builderStore/loadComponentLibraries.js    |   4 +++-
 .../userInterface/SettingsView.svelte         |   2 +-
 .../userInterface/temporaryPanelStructure.js  |  10 +++++++++-
 packages/client/src/state/bbComponentApi.js   |   1 +
 packages/server/src/api/controllers/auth.js   |   6 +-----
 packages/server/src/api/routes/auth.js        |   2 +-
 7 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/.DS_Store b/.DS_Store
index 0dfd56565a683ba47a6f3176a833a28980438122..363dbb1c4c7a5fb97895c6f471243558723a3be9 100644
GIT binary patch
delta 327
zcmZoMXfc=|#>B!ku~2NHo+2an#(>?7i&&T#xi|ALc`{B`WfrVYDlaZb%E?b+U|=|v
zRFIQdTw-8woso%|g_Vt+gM*8Mi<c`lI3vG2xFoTpwAd-JC>q2ING!=ng0e&M^K;<r
z#H6sy)be-%5$F88lElos)FQCv%#>81l9=$!yp;TMr~J~qlwz<s!SxUs4h~KZ&UgXI
z>S`k+Q&SxUQv-uq9ffLha|0a(6JxX5T22meRYP0Pgxt!i>YCcRSwQCk0V5-XX5fd?
zFlsiC!NE|#kjRkCkPRf$8B!UF%YuvYa`N-ifpQ>yoD4+_shgvi7c*{V=iui62Giz`
X%-@+O^NTog0OgrLW^IlTS;Gtf?om{s

delta 68
zcmZoMXfc=|#>B)qu~2NHo+2aX#(>?7jGUW!SUedw$Fr?q+}OayyqTSYp9837vmnQJ
W=E?jbjvNd?z{tSBvN=Lz4Kn~s9S?5+

diff --git a/packages/builder/src/builderStore/loadComponentLibraries.js b/packages/builder/src/builderStore/loadComponentLibraries.js
index ada00134f4..f7ceec303f 100644
--- a/packages/builder/src/builderStore/loadComponentLibraries.js
+++ b/packages/builder/src/builderStore/loadComponentLibraries.js
@@ -1,3 +1,5 @@
+import { get } from "builderStore/api";
+
 /**
  * Fetches the definitions for component library components. This includes
  * their props and other metadata from components.json.
@@ -6,7 +8,7 @@
 export const fetchComponentLibDefinitions = async appId => {
   const LIB_DEFINITION_URL = `/${appId}/components/definitions`
   try {
-    const libDefinitionResponse = await fetch(LIB_DEFINITION_URL)
+    const libDefinitionResponse = await get(LIB_DEFINITION_URL)
     return await libDefinitionResponse.json()
   } catch (err) {
     console.error(`Error fetching component definitions for ${appId}`, err)
diff --git a/packages/builder/src/components/userInterface/SettingsView.svelte b/packages/builder/src/components/userInterface/SettingsView.svelte
index 36b2ab9c75..99e704d1d9 100644
--- a/packages/builder/src/components/userInterface/SettingsView.svelte
+++ b/packages/builder/src/components/userInterface/SettingsView.svelte
@@ -16,7 +16,7 @@
   }
 </script>
 
-{#if panelDefinition.length > 0}
+{#if panelDefinition && panelDefinition.length > 0}
   {#each panelDefinition as definition}
     {#if propExistsOnComponentDef(definition.key)}
       <PropertyControl
diff --git a/packages/builder/src/components/userInterface/temporaryPanelStructure.js b/packages/builder/src/components/userInterface/temporaryPanelStructure.js
index 210e7f7aa0..305441654e 100644
--- a/packages/builder/src/components/userInterface/temporaryPanelStructure.js
+++ b/packages/builder/src/components/userInterface/temporaryPanelStructure.js
@@ -317,7 +317,15 @@ export default {
           icon: "ri-bar-chart-fill",
           properties: {
             design: { ...all },
-            settings: [{ label: "Model", key: "model", control: ModelSelect }],
+            settings: [
+              { label: "Model", key: "model", control: ModelSelect },
+              {
+                label: "Chart Type",
+                key: "type",
+                control: OptionSelect,
+                options: ["column2d", "password"],
+              },
+            ],
           },
           children: [],
         },
diff --git a/packages/client/src/state/bbComponentApi.js b/packages/client/src/state/bbComponentApi.js
index 9945d17b36..e7a0412012 100644
--- a/packages/client/src/state/bbComponentApi.js
+++ b/packages/client/src/state/bbComponentApi.js
@@ -27,6 +27,7 @@ export const bbFactory = ({
       method: method,
       headers: {
         "Content-Type": "application/json",
+        "x-user-agent": "Budibase Builder"
       },
       body: body && JSON.stringify(body),
     })
diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js
index fb00024d43..80547200e5 100644
--- a/packages/server/src/api/controllers/auth.js
+++ b/packages/server/src/api/controllers/auth.js
@@ -10,13 +10,9 @@ exports.authenticate = async ctx => {
   if (!username) ctx.throw(400, "Username Required.")
   if (!password) ctx.throw(400, "Password Required")
 
-  // TODO: Don't use this. It can't be relied on
-  const referer = ctx.request.headers.referer.split("/")
-  const appId = referer[3]
-
   // find the instance that the user is associated with
   const db = new CouchDB(ClientDb.name(env.CLIENT_ID))
-  const app = await db.get(appId)
+  const app = await db.get(ctx.params.appId)
   const instanceId = app.userInstanceMap[username]
 
   if (!instanceId)
diff --git a/packages/server/src/api/routes/auth.js b/packages/server/src/api/routes/auth.js
index b4b68e8929..fa95a3a5e6 100644
--- a/packages/server/src/api/routes/auth.js
+++ b/packages/server/src/api/routes/auth.js
@@ -3,6 +3,6 @@ const controller = require("../controllers/auth")
 
 const router = Router()
 
-router.post("/api/authenticate", controller.authenticate)
+router.post("/:appId/api/authenticate", controller.authenticate)
 
 module.exports = router