Merge pull request #4918 from Budibase/fix/public-api-errors

Fix for public API header error warnings

packages/server/src/api/routes/public/index.ts

@@ -5,6 +5,7 @@ import rowEndpoints from "./rows"
 import userEndpoints from "./users"
 import usage from "../../../middleware/usageQuota"
 import authorized from "../../../middleware/authorized"
+import publicApi from "../../../middleware/publicApi"
 import { paramResource, paramSubResource } from "../../../middleware/resourceId"
 import { CtxFn } from "./utils/Endpoint"
 import mapperMiddleware from "./middleware/mapper"
@@ -101,6 +102,12 @@ function applyRoutes(
   const paramMiddleware = subResource
     ? paramSubResource(resource, subResource)
     : paramResource(resource)
+  const publicApiMiddleware = publicApi({
+    requiresAppId:
+      permType !== PermissionTypes.APP && permType !== PermissionTypes.USER,
+  })
+  addMiddleware(endpoints.read, publicApiMiddleware)
+  addMiddleware(endpoints.write, publicApiMiddleware)
   // add the parameter capture middleware
   addMiddleware(endpoints.read, paramMiddleware)
   addMiddleware(endpoints.write, paramMiddleware)

packages/server/src/middleware/publicApi.js

@@ -0,0 +1,21 @@
+const { Headers } = require("@budibase/backend-core/constants")
+const { getAppId } = require("@budibase/backend-core/utils")
+
+module.exports = function ({ requiresAppId } = {}) {
+  return async (ctx, next) => {
+    const appId = getAppId(ctx)
+    if (requiresAppId && !appId) {
+      ctx.throw(
+        400,
+        `Invalid app ID provided, please check the ${Headers.APP_ID} header.`
+      )
+    }
+    if (!ctx.headers[Headers.API_KEY]) {
+      ctx.throw(
+        400,
+        `Invalid API key provided, please check the ${Headers.API_KEY} header.`
+      )
+    }
+    return next()
+  }
+}