From 1904ec8bb4cd4bc693e8b9edaebe691b5bd4303e Mon Sep 17 00:00:00 2001
From: mike12345567 <me@michaeldrury.co.uk>
Date: Wed, 9 Dec 2020 17:10:53 +0000
Subject: [PATCH] Updating API key controller in self-host mode to return self
 host API key.

---
 packages/server/src/api/controllers/apikeys.js   | 13 ++++++++++---
 packages/server/src/middleware/authorized.js     |  6 ++----
 packages/server/src/selfhost/index.js            |  5 +++++
 packages/server/src/utilities/security/apikey.js | 13 +++++++------
 4 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/packages/server/src/api/controllers/apikeys.js b/packages/server/src/api/controllers/apikeys.js
index 96754f17cc..1cd69c54df 100644
--- a/packages/server/src/api/controllers/apikeys.js
+++ b/packages/server/src/api/controllers/apikeys.js
@@ -3,13 +3,20 @@ const { join } = require("../../utilities/centralPath")
 const readline = require("readline")
 const { budibaseAppsDir } = require("../../utilities/budibaseDir")
 const env = require("../../environment")
+const selfhost = require("../../selfhost")
 const ENV_FILE_PATH = "/.env"
 
 exports.fetch = async function(ctx) {
   ctx.status = 200
-  ctx.body = {
-    budibase: env.BUDIBASE_API_KEY,
-    userId: env.USERID_API_KEY,
+  if (env.SELF_HOSTED) {
+    ctx.body = {
+      selfhost: await selfhost.getSelfHostAPIKey(),
+    }
+  } else {
+    ctx.body = {
+      budibase: env.BUDIBASE_API_KEY,
+      userId: env.USERID_API_KEY,
+    }
   }
 }
 
diff --git a/packages/server/src/middleware/authorized.js b/packages/server/src/middleware/authorized.js
index fff66a68d6..ad2c4344fa 100644
--- a/packages/server/src/middleware/authorized.js
+++ b/packages/server/src/middleware/authorized.js
@@ -7,7 +7,7 @@ const {
   doesHavePermission,
 } = require("../utilities/security/permissions")
 const env = require("../environment")
-const { getAPIKey } = require("../utilities/security/apikey")
+const { isAPIKeyValid } = require("../utilities/security/apikey")
 const { AuthTypes } = require("../constants")
 
 const ADMIN_ROLES = [BUILTIN_ROLE_IDS.ADMIN, BUILTIN_ROLE_IDS.BUILDER]
@@ -21,9 +21,7 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
   }
   if (env.CLOUD && ctx.headers["x-api-key"] && ctx.headers["x-instanceid"]) {
     // api key header passed by external webhook
-    const apiKeyInfo = await getAPIKey(ctx.headers["x-api-key"])
-
-    if (apiKeyInfo) {
+    if (await isAPIKeyValid(ctx.headers["x-api-key"])) {
       ctx.auth = {
         authenticated: AuthTypes.EXTERNAL,
         apiKey: ctx.headers["x-api-key"],
diff --git a/packages/server/src/selfhost/index.js b/packages/server/src/selfhost/index.js
index 05c9bdc6b2..f77d1f0b6c 100644
--- a/packages/server/src/selfhost/index.js
+++ b/packages/server/src/selfhost/index.js
@@ -37,3 +37,8 @@ exports.getSelfHostInfo = async () => {
   const db = new CouchDB(SELF_HOST_DB)
   return db.get(SELF_HOST_DOC)
 }
+
+exports.getSelfHostAPIKey = async () => {
+  const info = await exports.getSelfHostInfo()
+  return info ? info.apiKeyId : null
+}
diff --git a/packages/server/src/utilities/security/apikey.js b/packages/server/src/utilities/security/apikey.js
index b2fd230130..c8965cee43 100644
--- a/packages/server/src/utilities/security/apikey.js
+++ b/packages/server/src/utilities/security/apikey.js
@@ -1,22 +1,23 @@
 const { apiKeyTable } = require("../../db/dynamoClient")
 const env = require("../../environment")
-const { getSelfHostInfo } = require("../../selfhost")
+const { getSelfHostAPIKey } = require("../../selfhost")
 
 /**
  * This file purely exists so that we can centralise all logic pertaining to API keys, as their usage differs
  * in our Cloud environment versus self hosted.
  */
 
-exports.getAPIKey = async apiKeyId => {
+exports.isAPIKeyValid = async apiKeyId => {
   if (env.CLOUD && !env.SELF_HOSTED) {
-    return apiKeyTable.get({
+    let apiKeyInfo = await apiKeyTable.get({
       primary: apiKeyId,
     })
+    return apiKeyInfo != null
   }
   if (env.SELF_HOSTED) {
-    const selfHostInfo = await getSelfHostInfo()
+    const selfHostKey = await getSelfHostAPIKey()
     // if the api key supplied is correct then return structure similar
-    return apiKeyId === selfHostInfo.apiKeyId ? { pk: apiKeyId } : null
+    return apiKeyId === selfHostKey ? { pk: apiKeyId } : null
   }
-  return null
+  return false
 }