From 94731e017aab19a39dbf4504ff13555f11b49a56 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 19:35:04 +0100 Subject: [PATCH 1/6] use custom user agent header --- packages/builder/src/builderStore/api.js | 2 +- packages/server/src/middleware/authenticated.js | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/packages/builder/src/builderStore/api.js b/packages/builder/src/builderStore/api.js index c132b01fc0..3fcd35ce28 100644 --- a/packages/builder/src/builderStore/api.js +++ b/packages/builder/src/builderStore/api.js @@ -3,7 +3,7 @@ const apiCall = method => async (url, body) => { method: method, headers: { "Content-Type": "application/json", - "User-Agent": "Budibase Builder", + "x-user-agent": "Budibase Builder", }, body: body && JSON.stringify(body), }) diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js index 4ce99f7d3a..d0ce1e2f30 100644 --- a/packages/server/src/middleware/authenticated.js +++ b/packages/server/src/middleware/authenticated.js @@ -15,19 +15,16 @@ module.exports = async (ctx, next) => { const appToken = ctx.cookies.get("budibase:token") const builderToken = ctx.cookies.get("builder:token") - const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder" + const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder" // all admin api access should auth with buildertoken and 'Budibase Builder user agent const shouldAuthAsBuilder = isBuilderAgent && builderToken if (shouldAuthAsBuilder) { - if (builderToken === env.ADMIN_SECRET) { - ctx.isAuthenticated = true - ctx.isBuilder = true - } else { - ctx.isAuthenticated = false - ctx.isBuilder = false - } + const builderTokenValid = builderToken === env.ADMIN_SECRET + + ctx.isAuthenticated = builderTokenValid + ctx.isBuilder = builderTokenValid await next() return From 227df203f99fb3db755d05a5b6bd23cfc3cf3758 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 19:39:53 +0100 Subject: [PATCH 2/6] fixing header in tests --- packages/server/src/api/routes/tests/couchTestUtils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/server/src/api/routes/tests/couchTestUtils.js b/packages/server/src/api/routes/tests/couchTestUtils.js index d292442165..d382a2108e 100644 --- a/packages/server/src/api/routes/tests/couchTestUtils.js +++ b/packages/server/src/api/routes/tests/couchTestUtils.js @@ -22,7 +22,7 @@ exports.supertest = async () => { exports.defaultHeaders = { Accept: "application/json", Cookie: ["builder:token=test-admin-secret"], - "user-agent": "Budibase Builder", + "x-user-agent": "Budibase Builder", } exports.createModel = async (request, instanceId, model) => { From 2cd309bfdc31e33b14f4ed60de635732c67e9c2e Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 20:35:30 +0100 Subject: [PATCH 3/6] fix some other auth bugs --- .DS_Store | Bin 6148 -> 6148 bytes .../builderStore/loadComponentLibraries.js | 4 +++- .../userInterface/SettingsView.svelte | 2 +- .../userInterface/temporaryPanelStructure.js | 10 +++++++++- packages/client/src/state/bbComponentApi.js | 1 + packages/server/src/api/controllers/auth.js | 6 +----- packages/server/src/api/routes/auth.js | 2 +- 7 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.DS_Store b/.DS_Store index 0dfd56565a683ba47a6f3176a833a28980438122..363dbb1c4c7a5fb97895c6f471243558723a3be9 100644 GIT binary patch delta 327 zcmZoMXfc=|#>B!ku~2NHo+2an#(>?7i&&T#xi|ALc`{B`WfrVYDlaZb%E?b+U|=|v zRFIQdTw-8woso%|g_Vt+gM*8Miq2ING!=ng0e&M^K;81l9=$!yp;TMr~J~qlwzS`k+Q&SxUQv-uq9ffLha|0a(6JxX5T22meRYP0Pgxt!i>YCcRSwQCk0V5-XX5fd? zFlsiC!NE|#kjRkCkPRf$8B!UF%YuvYa`N-ifpQ>yoD4+_shgvi7c*{V=iui62Giz` X%-@+O^NTog0OgrLW^IlTS;Gtf?om{s delta 68 zcmZoMXfc=|#>B)qu~2NHo+2aX#(>?7jGUW!SUedw$Fr?q+}OayyqTSYp9837vmnQJ W=E?jbjvNd?z{tSBvN=Lz4Kn~s9S?5+ diff --git a/packages/builder/src/builderStore/loadComponentLibraries.js b/packages/builder/src/builderStore/loadComponentLibraries.js index ada00134f4..f7ceec303f 100644 --- a/packages/builder/src/builderStore/loadComponentLibraries.js +++ b/packages/builder/src/builderStore/loadComponentLibraries.js @@ -1,3 +1,5 @@ +import { get } from "builderStore/api"; + /** * Fetches the definitions for component library components. This includes * their props and other metadata from components.json. @@ -6,7 +8,7 @@ export const fetchComponentLibDefinitions = async appId => { const LIB_DEFINITION_URL = `/${appId}/components/definitions` try { - const libDefinitionResponse = await fetch(LIB_DEFINITION_URL) + const libDefinitionResponse = await get(LIB_DEFINITION_URL) return await libDefinitionResponse.json() } catch (err) { console.error(`Error fetching component definitions for ${appId}`, err) diff --git a/packages/builder/src/components/userInterface/SettingsView.svelte b/packages/builder/src/components/userInterface/SettingsView.svelte index 36b2ab9c75..99e704d1d9 100644 --- a/packages/builder/src/components/userInterface/SettingsView.svelte +++ b/packages/builder/src/components/userInterface/SettingsView.svelte @@ -16,7 +16,7 @@ } -{#if panelDefinition.length > 0} +{#if panelDefinition && panelDefinition.length > 0} {#each panelDefinition as definition} {#if propExistsOnComponentDef(definition.key)} { if (!username) ctx.throw(400, "Username Required.") if (!password) ctx.throw(400, "Password Required") - // TODO: Don't use this. It can't be relied on - const referer = ctx.request.headers.referer.split("/") - const appId = referer[3] - // find the instance that the user is associated with const db = new CouchDB(ClientDb.name(env.CLIENT_ID)) - const app = await db.get(appId) + const app = await db.get(ctx.params.appId) const instanceId = app.userInstanceMap[username] if (!instanceId) diff --git a/packages/server/src/api/routes/auth.js b/packages/server/src/api/routes/auth.js index b4b68e8929..fa95a3a5e6 100644 --- a/packages/server/src/api/routes/auth.js +++ b/packages/server/src/api/routes/auth.js @@ -3,6 +3,6 @@ const controller = require("../controllers/auth") const router = Router() -router.post("/api/authenticate", controller.authenticate) +router.post("/:appId/api/authenticate", controller.authenticate) module.exports = router From 1f64bf8d1674b43d57dc06b7388ae99172c05fd0 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 20:38:46 +0100 Subject: [PATCH 4/6] charttype prop for datachart --- .../userInterface/temporaryPanelStructure.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/packages/builder/src/components/userInterface/temporaryPanelStructure.js b/packages/builder/src/components/userInterface/temporaryPanelStructure.js index 305441654e..747a71f10a 100644 --- a/packages/builder/src/components/userInterface/temporaryPanelStructure.js +++ b/packages/builder/src/components/userInterface/temporaryPanelStructure.js @@ -323,7 +323,20 @@ export default { label: "Chart Type", key: "type", control: OptionSelect, - options: ["column2d", "password"], + options: [ + "column2d", + "column3d", + "line", + "area2d", + "bar2d", + "bar3d", + "pie2d", + "pie3d", + "doughnut2d", + "doughnut3d", + "pareto2d", + "pareto3d" + ] }, ], }, From 18ad679d21c78e06b1810c7693ce859304e4984d Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 20:44:35 +0100 Subject: [PATCH 5/6] lint --- packages/builder/src/builderStore/loadComponentLibraries.js | 2 +- .../src/components/userInterface/temporaryPanelStructure.js | 6 +++--- packages/client/src/state/bbComponentApi.js | 2 +- packages/server/src/api/controllers/auth.js | 3 ++- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/packages/builder/src/builderStore/loadComponentLibraries.js b/packages/builder/src/builderStore/loadComponentLibraries.js index f7ceec303f..9d534f86fe 100644 --- a/packages/builder/src/builderStore/loadComponentLibraries.js +++ b/packages/builder/src/builderStore/loadComponentLibraries.js @@ -1,4 +1,4 @@ -import { get } from "builderStore/api"; +import { get } from "builderStore/api" /** * Fetches the definitions for component library components. This includes diff --git a/packages/builder/src/components/userInterface/temporaryPanelStructure.js b/packages/builder/src/components/userInterface/temporaryPanelStructure.js index 747a71f10a..b1b4eaaa93 100644 --- a/packages/builder/src/components/userInterface/temporaryPanelStructure.js +++ b/packages/builder/src/components/userInterface/temporaryPanelStructure.js @@ -324,7 +324,7 @@ export default { key: "type", control: OptionSelect, options: [ - "column2d", + "column2d", "column3d", "line", "area2d", @@ -335,8 +335,8 @@ export default { "doughnut2d", "doughnut3d", "pareto2d", - "pareto3d" - ] + "pareto3d", + ], }, ], }, diff --git a/packages/client/src/state/bbComponentApi.js b/packages/client/src/state/bbComponentApi.js index e7a0412012..be918d3048 100644 --- a/packages/client/src/state/bbComponentApi.js +++ b/packages/client/src/state/bbComponentApi.js @@ -27,7 +27,7 @@ export const bbFactory = ({ method: method, headers: { "Content-Type": "application/json", - "x-user-agent": "Budibase Builder" + "x-user-agent": "Budibase Builder", }, body: body && JSON.stringify(body), }) diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js index 80547200e5..de88c29643 100644 --- a/packages/server/src/api/controllers/auth.js +++ b/packages/server/src/api/controllers/auth.js @@ -12,7 +12,8 @@ exports.authenticate = async ctx => { // find the instance that the user is associated with const db = new CouchDB(ClientDb.name(env.CLIENT_ID)) - const app = await db.get(ctx.params.appId) + const appId = ctx.params.appId + const app = await db.get(appId) const instanceId = app.userInstanceMap[username] if (!instanceId) From f5bcaa4ba08856b300b7e359025c36d170e16e44 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 20:54:17 +0100 Subject: [PATCH 6/6] fixing tests --- packages/server/src/api/routes/tests/couchTestUtils.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/server/src/api/routes/tests/couchTestUtils.js b/packages/server/src/api/routes/tests/couchTestUtils.js index d382a2108e..f70fc0ced1 100644 --- a/packages/server/src/api/routes/tests/couchTestUtils.js +++ b/packages/server/src/api/routes/tests/couchTestUtils.js @@ -176,8 +176,7 @@ const createUserWithPermissions = async ( const designDoc = await db.get("_design/database") const loginResult = await request - .post(`/api/authenticate`) - .set("Referer", `http://localhost:4001/${designDoc.metadata.applicationId}`) + .post(`/${designDoc.metadata.applicationId}/api/authenticate`) .send({ username, password }) // returning necessary request headers