Authentication working on builder homepage, integration with currentapp middleware

packages/auth/src/middleware/authenticated.js

@@ -11,7 +11,7 @@ module.exports = async (ctx, next) => {
       ctx.isAuthenticated = true
       ctx.user = authCookie
       // make sure email is correct from ID
-      ctx.user.email = getEmailFromUserID(authCookie._id)
+      ctx.user.email = getEmailFromUserID(authCookie.userId)
     }
 
     await next()

packages/auth/src/middleware/passport/jwt.js

@@ -1,5 +1,10 @@
+const { Cookies } = require("../../constants")
+
 exports.options = {
   secretOrKey: process.env.JWT_SECRET,
+  jwtFromRequest: function(ctx) {
+    return ctx.cookies.get(Cookies.Auth)
+  },
 }
 
 exports.authenticate = async function(jwt, done) {

packages/auth/src/middleware/passport/local.js

@@ -38,7 +38,7 @@ exports.authenticate = async function(username, password, done) {
   // authenticate
   if (await compare(password, dbUser.password)) {
     const payload = {
-      _id: dbUser._id,
+      userId: dbUser._id,
     }
 
     const token = jwt.sign(payload, process.env.JWT_SECRET, {

packages/builder/src/components/login/LoginForm.svelte

@@ -12,7 +12,11 @@
         username,
         password,
       })
-      notifier.success("Logged in successfully.")
+      if (json.success) {
+        notifier.success("Logged in successfully.")
+      } else {
+        notifier.danger("Invalid credentials")
+      }
     } catch (err) {
       console.error(err)
       notifier.danger(`Error logging in: ${err}`)

packages/builder/src/stores/backend/auth.js

@@ -3,8 +3,7 @@ import api from "../../builderStore/api"
 
 async function checkAuth() {
   const response = await api.get("/api/self")
-  const user = await response.json()
-  if (json) return json
+  return await response.json()
 }
 
 export function createAuthStore() {
@@ -21,6 +20,7 @@ export function createAuthStore() {
         localStorage.setItem("auth:user", JSON.stringify(json.user))
         set({ user: json.user })
       }
+      return json
     },
     logout: async () => {
       const response = await api.post(`/api/auth/logout`)

packages/server/src/api/controllers/application.js

@@ -145,7 +145,7 @@ exports.fetchAppPackage = async function(ctx) {
     layouts,
     clientLibPath: clientLibraryPath(ctx.params.appId),
   }
-  await setBuilderToken(ctx, ctx.params.appId, application.version)
+  // await setBuilderToken(ctx, ctx.params.appId, application.version)
 }
 
 exports.create = async function(ctx) {
@@ -184,7 +184,7 @@ exports.create = async function(ctx) {
     await createApp(appId)
   }
 
-  await setBuilderToken(ctx, appId, version)
+  // await setBuilderToken(ctx, appId, version)
   ctx.status = 200
   ctx.body = newApplication
   ctx.message = `Application ${ctx.request.body.name} created successfully`

packages/server/src/api/controllers/auth.js

@@ -7,7 +7,7 @@ const { generateUserMetadataID } = require("../../db/utils")
 const { setCookie } = require("../../utilities")
 const { outputProcessing } = require("../../utilities/rowProcessor")
 const { InternalTables } = require("../../db/utils")
-const { UserStatus } = require("@budibase/auth")
+const { UserStatus, StaticDatabases } = require("@budibase/auth")
 const { getFullUser } = require("../../utilities/users")
 
 const INVALID_ERR = "Invalid Credentials"
@@ -73,10 +73,19 @@ exports.authenticate = async ctx => {
 exports.fetchSelf = async ctx => {
   const { userId, appId } = ctx.user
   /* istanbul ignore next */
-  if (!userId || !appId) {
+  if (!userId) {
     ctx.body = {}
     return
   }
+
+  if (!appId) {
+    const db = new CouchDB(StaticDatabases.USER.name)
+    const user = await db.get(userId)
+    delete user.password
+    ctx.body = { user }
+    return
+  }
+
   const db = new CouchDB(appId)
   const user = await getFullUser({ ctx, userId: userId })
   const userTable = await db.get(InternalTables.USER_METADATA)

packages/server/src/api/controllers/static/index.js

@@ -9,7 +9,6 @@ const { processString } = require("@budibase/string-templates")
 const { budibaseTempDir } = require("../../../utilities/budibaseDir")
 const { getDeployedApps } = require("../../../utilities/builder/hosting")
 const CouchDB = require("../../../db")
-const setBuilderToken = require("../../../utilities/builder/setBuilderToken")
 const {
   loadHandlebarsFile,
   NODE_MODULES_PATH,
@@ -35,9 +34,9 @@ const COMP_LIB_BASE_APP_VERSION = "0.2.5"
 
 exports.serveBuilder = async function(ctx) {
   let builderPath = resolve(TOP_LEVEL_PATH, "builder")
-  if (ctx.file === "index.html") {
-    // await setBuilderToken(ctx)
-  }
+  // if (ctx.file === "index.html") {
+  //   // await setBuilderToken(ctx)
+  // }
   await send(ctx, ctx.file, { root: builderPath })
 }
 

packages/server/src/api/routes/auth.js

@@ -4,7 +4,6 @@ const controller = require("../controllers/auth")
 const router = Router()
 
 // TODO: needs removed
-router.post("/api/authenticate", controller.authenticate)
 router.get("/api/self", controller.fetchSelf)
 
 module.exports = router

packages/server/src/middleware/currentapp.js

@@ -15,7 +15,7 @@ function finish(ctx, next, { appId, roleId, cookie = false }) {
     ctx.roleId = roleId
   }
   if (cookie && appId) {
-    setCookie(ctx, new CurrentAppCookie(appId, roleId))
+    setCookie(ctx, new CurrentAppCookie(appId, roleId), Cookies.CurrentApp)
   }
   return next()
 }

packages/server/src/utilities/users.js

@@ -1,9 +1,9 @@
-const CouchDB = require("../../db")
+const CouchDB = require("../db")
 const {
   generateUserMetadataID,
   getEmailFromUserMetadataID,
 } = require("../db/utils")
-const { getGlobalUsers } = require("../../utilities/workerRequests")
+const { getGlobalUsers } = require("../utilities/workerRequests")
 
 exports.getFullUser = async ({ ctx, email, userId }) => {
   if (!email) {