From c4a9d8c9f0b40ed27c21687a11c34b4f77fe54eb Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 12 Apr 2021 11:20:01 +0100 Subject: [PATCH] self endpoint, simple auth --- packages/builder/src/pages/builder/_layout.svelte | 2 ++ packages/builder/src/stores/backend/auth.js | 9 +++++++-- packages/server/src/middleware/authorized.js | 10 +++++----- packages/worker/src/api/controllers/auth.js | 4 ++-- packages/worker/src/api/routes/app.js | 2 +- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/packages/builder/src/pages/builder/_layout.svelte b/packages/builder/src/pages/builder/_layout.svelte index c02f9b414a..5aa378b0bc 100644 --- a/packages/builder/src/pages/builder/_layout.svelte +++ b/packages/builder/src/pages/builder/_layout.svelte @@ -13,6 +13,8 @@ import { auth } from "stores/backend" let modal + + console.log($auth.user) {#if $auth.user} diff --git a/packages/builder/src/stores/backend/auth.js b/packages/builder/src/stores/backend/auth.js index 6b83b098cb..e0a9496b94 100644 --- a/packages/builder/src/stores/backend/auth.js +++ b/packages/builder/src/stores/backend/auth.js @@ -1,11 +1,16 @@ import { writable, get } from "svelte/store" import api from "../../builderStore/api" +async function checkAuth() { + const response = await api.get("/api/self") + const user = await response.json() + if (json) return json +} + export function createAuthStore() { const { subscribe, set } = writable({}) - const user = localStorage.getItem("auth:user") - if (user) set({ user: JSON.parse(user) }) + checkAuth().then(user => set({ user })) return { subscribe, diff --git a/packages/server/src/middleware/authorized.js b/packages/server/src/middleware/authorized.js index 45af10338c..a124d396d6 100644 --- a/packages/server/src/middleware/authorized.js +++ b/packages/server/src/middleware/authorized.js @@ -51,11 +51,11 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => { // this may need to change in the future, right now only admins // can have access to builder features, this is hard coded into // our rules - // if (isAdmin && isAuthed) { - // return next() - // } else if (permType === PermissionTypes.BUILDER) { - // return ctx.throw(403, "Not Authorized") - // } + if (isAuthed) { + return next() + } else if (permType === PermissionTypes.BUILDER) { + return ctx.throw(403, "Not Authorized") + } if ( hasResource(ctx) && diff --git a/packages/worker/src/api/controllers/auth.js b/packages/worker/src/api/controllers/auth.js index 3fa6aef749..7a1262a9fe 100644 --- a/packages/worker/src/api/controllers/auth.js +++ b/packages/worker/src/api/controllers/auth.js @@ -10,8 +10,8 @@ exports.authenticate = async (ctx, next) => { expires.setDate(expires.getDate() + 1) if (!user) { - ctx.body = { success: false, user } - return + ctx.body = { success: false } + return next() } ctx.cookies.set(Cookies.Auth, user.token, { diff --git a/packages/worker/src/api/routes/app.js b/packages/worker/src/api/routes/app.js index 75fa7164b0..07120f63a5 100644 --- a/packages/worker/src/api/routes/app.js +++ b/packages/worker/src/api/routes/app.js @@ -1,6 +1,6 @@ const Router = require("@koa/router") const controller = require("../controllers/app") -const authenticated = require("../../middleware/authenticated") +const { authenticated } = require("@budibase/auth") const router = Router()