Some more logging, moving middlewares to backend-core.

2024-06-26 18:10:51 +12:00 · 2022-08-04 19:03:50 +01:00 · 2022-08-04 19:03:50 +01:00 · 65e8af01f5
parent a05e21ee4b
commit 65e8af01f5
12 changed files with 28 additions and 52 deletions
--- a/packages/backend-core/src/auth.js
+++ b/packages/backend-core/src/auth.js
@ -19,6 +19,8 @@ const {
  csrf,
  internalApi,
  adminOnly,
+  builderOnly,
+  builderOrAdmin,
  joiValidator,
 } = require("./middleware")

@ -176,5 +178,7 @@ module.exports = {
  updateUserOAuth,
  ssoCallbackUrl,
  adminOnly,
+  builderOnly,
+  builderOrAdmin,
  joiValidator,
 }
--- a/packages/backend-core/src/middleware/authenticated.js
+++ b/packages/backend-core/src/middleware/authenticated.js
@ -81,7 +81,7 @@ module.exports = (

        const session = await getSession(userId, sessionId)
        if (!session) {
-          error = "No session found"
+          error = `Session not found - ${userId} - ${sessionId}`
        } else {
          try {
            if (opts && opts.populateUser) {
--- a/packages/backend-core/src/middleware/builderOnly.js
+++ b/packages/backend-core/src/middleware/builderOnly.js
--- a/packages/backend-core/src/middleware/builderOrAdmin.js
+++ b/packages/backend-core/src/middleware/builderOrAdmin.js
--- a/packages/backend-core/src/middleware/index.js
+++ b/packages/backend-core/src/middleware/index.js
@ -10,6 +10,8 @@ const internalApi = require("./internalApi")
 const datasourceGoogle = require("./passport/datasource/google")
 const csrf = require("./csrf")
 const adminOnly = require("./adminOnly")
+const builderOrAdmin = require("./builderOrAdmin")
+const builderOnly = require("./builderOnly")
 const joiValidator = require("./joi-validator")
 module.exports = {
  google,
@ -27,5 +29,7 @@ module.exports = {
  },
  csrf,
  adminOnly,
+  builderOnly,
+  builderOrAdmin,
  joiValidator,
 }
--- a/packages/backend-core/src/security/sessions.js
+++ b/packages/backend-core/src/security/sessions.js
@ -1,6 +1,7 @@
 const redis = require("../redis/init")
 const { v4: uuidv4 } = require("uuid")
 const { logWarn } = require("../logging")
+const env = require("../environment")

 // a week in seconds
 const EXPIRY_SECONDS = 86400 * 7
@ -34,17 +35,21 @@ async function invalidateSessions(userId, sessionIds = null) {
      }))
    }

-    const client = await redis.getSessionClient()
-    const promises = []
-    for (let session of sessions) {
-      promises.push(client.delete(session.key))
+    if (sessions && sessions.length > 0) {
+      const client = await redis.getSessionClient()
+      const promises = []
+      for (let session of sessions) {
+        promises.push(client.delete(session.key))
+      }
+      if (!env.isTest()) {
+        logWarn(
+          `Invalidating sessions for ${userId} - ${sessions
+            .map(session => session.key)
+            .join(", ")}`
+        )
+      }
+      await Promise.all(promises)
    }
-    logWarn(
-      `Invalidating sessions for ${userId} - ${sessions
-        .map(session => session.key)
-        .join(", ")}`
-    )
-    await Promise.all(promises)
  } catch (err) {
    console.error(`Error invalidating sessions: ${err}`)
  }
--- a/packages/worker/src/api/routes/global/roles.js
+++ b/packages/worker/src/api/routes/global/roles.js
@ -1,6 +1,6 @@
 const Router = require("@koa/router")
 const controller = require("../../controllers/global/roles")
-const builderOrAdmin = require("../../../middleware/builderOrAdmin")
+const { builderOrAdmin } = require("@budibase/backend-core/auth")

 const router = Router()

--- a/packages/worker/src/api/routes/global/self.js
+++ b/packages/worker/src/api/routes/global/self.js
@ -1,6 +1,6 @@
 const Router = require("@koa/router")
 const controller = require("../../controllers/global/self")
-const builderOnly = require("../../../middleware/builderOnly")
+const { builderOnly } = require("@budibase/backend-core/auth")
 const { users } = require("../validation")

 const router = Router()
--- a/packages/worker/src/api/routes/global/users.js
+++ b/packages/worker/src/api/routes/global/users.js
@ -6,7 +6,7 @@ const Joi = require("joi")
 const cloudRestricted = require("../../../middleware/cloudRestricted")
 const { users } = require("../validation")
 const selfController = require("../../controllers/global/self")
-const builderOrAdmin = require("../../../middleware/builderOrAdmin")
+const { builderOrAdmin } = require("@budibase/backend-core/auth")

 const router = Router()

--- a/packages/worker/src/api/routes/validation/users.ts
+++ b/packages/worker/src/api/routes/validation/users.ts
@ -1,4 +1,4 @@
-import joiValidator from "../../../middleware/joi-validator"
+const { joiValidator } = require("@budibase/backend-core/auth")
 import Joi from "joi"

 let schema: any = {
--- a/packages/worker/src/middleware/adminOnly.js
+++ b/packages/worker/src/middleware/adminOnly.js
@ -1,9 +0,0 @@
-module.exports = async (ctx, next) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
-  ) {
-    ctx.throw(403, "Admin user only endpoint.")
-  }
-  return next()
-}
--- a/packages/worker/src/middleware/joi-validator.js
+++ b/packages/worker/src/middleware/joi-validator.js
@ -1,28 +0,0 @@
-function validate(schema, property) {
-  // Return a Koa middleware function
-  return (ctx, next) => {
-    if (!schema) {
-      return next()
-    }
-    let params = null
-    if (ctx[property] != null) {
-      params = ctx[property]
-    } else if (ctx.request[property] != null) {
-      params = ctx.request[property]
-    }
-    const { error } = schema.validate(params)
-    if (error) {
-      ctx.throw(400, `Invalid ${property} - ${error.message}`)
-      return
-    }
-    return next()
-  }
-}
-
-module.exports.body = schema => {
-  return validate(schema, "body")
-}
-
-module.exports.params = schema => {
-  return validate(schema, "params")
-}