From 3e2da638225b802dd9e65ab9ce712ec5a03f4c64 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Wed, 28 Apr 2021 18:13:21 +0100 Subject: [PATCH] Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. --- packages/auth/src/middleware/authenticated.js | 36 +++++++++++++++---- packages/server/src/api/index.js | 13 +++---- .../src/api/controllers/{ => admin}/auth.js | 6 ++-- packages/worker/src/api/index.js | 20 ++++++++--- .../worker/src/api/routes/{ => admin}/auth.js | 4 +-- packages/worker/src/api/routes/index.js | 2 +- 6 files changed, 57 insertions(+), 24 deletions(-) rename packages/worker/src/api/controllers/{ => admin}/auth.js (94%) rename packages/worker/src/api/routes/{ => admin}/auth.js (86%) diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js index 007ebe229d..5d8d4e7e13 100644 --- a/packages/auth/src/middleware/authenticated.js +++ b/packages/auth/src/middleware/authenticated.js @@ -3,15 +3,35 @@ const database = require("../db") const { getCookie, clearCookie } = require("../utils") const { StaticDatabases } = require("../db/utils") -function makeRegex() { +const PARAM_REGEX = /\/:(.*?)\//g +function buildNoAuthRegex(patterns) { + return patterns.map(pattern => { + const isObj = typeof pattern === "object" && pattern.route + const method = isObj ? pattern.method : "GET" + let route = isObj ? pattern.route : pattern + + const matches = route.match(PARAM_REGEX) + if (matches) { + for (let match of matches) { + route = route.replace(match, "/.*/") + } + } + return { regex: new RegExp(route), method } + }) } -module.exports = (noAuthPatterns = []) => { - const regex = new RegExp(noAuthPatterns.join("|")) +module.exports = (noAuthPatterns = [], opts) => { + const noAuthOptions = noAuthPatterns ? buildNoAuthRegex(noAuthPatterns) : [] return async (ctx, next) => { // the path is not authenticated - if (regex.test(ctx.request.url)) { + const found = noAuthOptions.find(({ regex, method }) => { + return ( + regex.test(ctx.request.url) && + ctx.request.method.toLowerCase() === method.toLowerCase() + ) + }) + if (found != null) { return next() } try { @@ -34,10 +54,14 @@ module.exports = (noAuthPatterns = []) => { if (ctx.isAuthenticated !== true) { ctx.isAuthenticated = false } - return next() } catch (err) { - ctx.throw(err.status || 403, err) + // allow configuring for public access + if (opts && opts.publicAllowed) { + ctx.isAuthenticated = false + } else { + ctx.throw(err.status || 403, err) + } } } } diff --git a/packages/server/src/api/index.js b/packages/server/src/api/index.js index 369578d05e..8dfd2f5c6a 100644 --- a/packages/server/src/api/index.js +++ b/packages/server/src/api/index.js @@ -9,13 +9,6 @@ const pkg = require("../../package.json") const router = new Router() const env = require("../environment") -const NO_AUTH_ENDPOINTS = [ - "/health", - "/version", - "webhooks/trigger", - "webhooks/schema", -] - router .use( compress({ @@ -38,7 +31,11 @@ router }) .use("/health", ctx => (ctx.status = 200)) .use("/version", ctx => (ctx.body = pkg.version)) - .use(buildAuthMiddleware(NO_AUTH_ENDPOINTS)) + .use( + buildAuthMiddleware(null, { + publicAllowed: true, + }) + ) .use(currentApp) // error handling middleware diff --git a/packages/worker/src/api/controllers/auth.js b/packages/worker/src/api/controllers/admin/auth.js similarity index 94% rename from packages/worker/src/api/controllers/auth.js rename to packages/worker/src/api/controllers/admin/auth.js index 18ee2d64e8..94fb8e0ece 100644 --- a/packages/worker/src/api/controllers/auth.js +++ b/packages/worker/src/api/controllers/admin/auth.js @@ -1,8 +1,8 @@ const authPkg = require("@budibase/auth") const { google } = require("@budibase/auth/src/middleware") -const { Configs } = require("../../constants") -const CouchDB = require("../../db") -const { sendEmail } = require("../../utilities/email") +const { Configs } = require("../../../constants") +const CouchDB = require("../../../db") +const { sendEmail } = require("../../../utilities/email") const { clearCookie, getGlobalUserByEmail } = authPkg.utils const { Cookies } = authPkg.constants const { passport } = authPkg.auth diff --git a/packages/worker/src/api/index.js b/packages/worker/src/api/index.js index d0e60ffcd2..c4877beabf 100644 --- a/packages/worker/src/api/index.js +++ b/packages/worker/src/api/index.js @@ -5,10 +5,22 @@ const { routes } = require("./routes") const { buildAuthMiddleware } = require("@budibase/auth").auth const NO_AUTH_ENDPOINTS = [ - "/api/admin/users/first", - "/api/admin/auth", - "/api/admin/auth/google", - "/api/admin/auth/google/callback", + { + route: "/api/admin/users/first", + method: "POST", + }, + { + route: "/api/admin/auth", + method: "POST", + }, + { + route: "/api/admin/auth/google", + method: "GET", + }, + { + route: "/api/admin/auth/google/callback", + method: "GET", + }, ] const router = new Router() diff --git a/packages/worker/src/api/routes/auth.js b/packages/worker/src/api/routes/admin/auth.js similarity index 86% rename from packages/worker/src/api/routes/auth.js rename to packages/worker/src/api/routes/admin/auth.js index e914f334d7..60d2f4ae7d 100644 --- a/packages/worker/src/api/routes/auth.js +++ b/packages/worker/src/api/routes/admin/auth.js @@ -1,6 +1,6 @@ const Router = require("@koa/router") -const authController = require("../controllers/auth") -const joiValidator = require("../../middleware/joi-validator") +const authController = require("../../controllers/admin/auth") +const joiValidator = require("../../../middleware/joi-validator") const Joi = require("joi") const router = Router() diff --git a/packages/worker/src/api/routes/index.js b/packages/worker/src/api/routes/index.js index 412d8c255a..90fafffa2a 100644 --- a/packages/worker/src/api/routes/index.js +++ b/packages/worker/src/api/routes/index.js @@ -3,7 +3,7 @@ const configRoutes = require("./admin/configs") const groupRoutes = require("./admin/groups") const templateRoutes = require("./admin/templates") const emailRoutes = require("./admin/email") -const authRoutes = require("./auth") +const authRoutes = require("./admin/auth") const appRoutes = require("./app") exports.routes = [