CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-06-30 03:50:37 +12:00
Code Issues Projects Releases Wiki Activity

Minor update to make use of new client header to state the request is from the client, not the builder.

Browse source
This commit is contained in:
Michael Drury 2020-11-19 20:16:37 +00:00
parent c541cd078b
commit c03923360b
4 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
packages/server/src/api/controllers/routing.js
View file

@ -62,11 +62,10 @@ exports.fetch = async ctx => {
exports.clientFetch = async ctx => { exports.clientFetch = async ctx => {
const routing = await getRoutingStructure(ctx.appId) const routing = await getRoutingStructure(ctx.appId)
const accessLevelId = ctx.user.accessLevel._id let accessLevelId = ctx.user.accessLevel._id
// builder is a special case, always return the full routing structure // builder is a special case, always return the full routing structure
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) { if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
ctx.body = routing accessLevelId = BUILTIN_LEVEL_IDS.ADMIN
return
} }
const accessLevelIds = await getUserAccessLevelHierarchy( const accessLevelIds = await getUserAccessLevelHierarchy(
ctx.appId, ctx.appId,

19
packages/server/src/middleware/authenticated.js
View file

@ -1,9 +1,9 @@
const jwt = require("jsonwebtoken") const jwt = require("jsonwebtoken")
const STATUS_CODES = require("../utilities/statusCodes") const STATUS_CODES = require("../utilities/statusCodes")
const { getAccessLevel } = require("../utilities/security/accessLevels") const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
const env = require("../environment") const env = require("../environment")
const { AuthTypes } = require("../constants") const { AuthTypes } = require("../constants")
const { getAppId, getCookieName, setCookie } = require("../utilities") const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")
module.exports = async (ctx, next) => { module.exports = async (ctx, next) => {
if (ctx.path === "/_builder") { if (ctx.path === "/_builder") {
@ -21,17 +21,13 @@ module.exports = async (ctx, next) => {
appId = cookieAppId appId = cookieAppId
} }
const appToken = ctx.cookies.get(getCookieName(appId))
const builderToken = ctx.cookies.get(getCookieName())
let token let token
// if running locally in the builder itself if (isClient(ctx)) {
if (!env.CLOUD && !appToken) {
token = builderToken
ctx.auth.authenticated = AuthTypes.BUILDER
} else {
token = appToken
ctx.auth.authenticated = AuthTypes.APP ctx.auth.authenticated = AuthTypes.APP
token = ctx.cookies.get(getCookieName(appId))
} else {
ctx.auth.authenticated = AuthTypes.BUILDER
token = ctx.cookies.get(getCookieName())
} }
if (!token) { if (!token) {
@ -39,6 +35,7 @@ module.exports = async (ctx, next) => {
ctx.appId = appId ctx.appId = appId
ctx.user = { ctx.user = {
appId, appId,
accessLevel: BUILTIN_LEVELS.PUBLIC,
} }
await next() await next()
return return

4
packages/server/src/utilities/index.js
View file

@ -70,3 +70,7 @@ exports.setCookie = (ctx, name, value) => {
overwrite: true, overwrite: true,
}) })
} }
exports.isClient = ctx => {
return ctx.headers["x-budibase-type"] === "client"
}

2
packages/server/src/utilities/security/accessLevels.js
View file

@ -21,7 +21,7 @@ exports.BUILTIN_LEVELS = {
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER), ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC), POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC), BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"), PUBLIC: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"), BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
} }