adding auth object to context rather than separate booleans

packages/server/src/api/controllers/static.js

@@ -136,7 +136,7 @@ exports.performLocalFileProcessing = async function(ctx) {
 }
 
 exports.serveApp = async function(ctx) {
-  const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"
+  const mainOrAuth = ctx.auth.authenticated ? "main" : "unauthenticated"
 
   // default to homedir
   const appPath = resolve(
@@ -154,7 +154,7 @@ exports.serveApp = async function(ctx) {
   // only set the appId cookie for /appId .. we COULD check for valid appIds
   // but would like to avoid that DB hit
   const looksLikeAppId = /^(app_)?[0-9a-f]{32}$/.test(appId)
-  if (looksLikeAppId && !ctx.isAuthenticated) {
+  if (looksLikeAppId && !ctx.auth.authenticated) {
     const anonUser = {
       userId: "ANON",
       accessLevelId: ANON_LEVEL_ID,
@@ -200,7 +200,7 @@ exports.serveAttachment = async function(ctx) {
 
 exports.serveAppAsset = async function(ctx) {
   // default to homedir
-  const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"
+  const mainOrAuth = ctx.auth.authenticated ? "main" : "unauthenticated"
 
   const appPath = resolve(
     budibaseAppsDir(),

packages/server/src/app.js

@@ -24,6 +24,7 @@ app.use(
 )
 
 app.context.eventEmitter = eventEmitter
+app.context.auth = {}
 
 // api routes
 app.use(api.routes())

packages/server/src/middleware/authenticated.js

@@ -20,8 +20,10 @@ module.exports = async (ctx, next) => {
   if (builderToken) {
     try {
       const jwtPayload = jwt.verify(builderToken, ctx.config.jwtSecret)
-      ctx.apiKey = jwtPayload.apiKey
-      ctx.isAuthenticated = jwtPayload.accessLevelId === BUILDER_LEVEL_ID
+      ctx.auth = {
+        apiKey: jwtPayload.apiKey,
+        authenticated: jwtPayload.accessLevelId === BUILDER_LEVEL_ID,
+      }
       ctx.user = {
         ...jwtPayload,
         accessLevel: await getAccessLevel(
@@ -38,14 +40,13 @@ module.exports = async (ctx, next) => {
   }
 
   if (!appToken) {
-    ctx.isAuthenticated = false
+    ctx.auth.authenticated = false
     await next()
     return
   }
 
   try {
     const jwtPayload = jwt.verify(appToken, ctx.config.jwtSecret)
-    ctx.apiKey = jwtPayload.apiKey
     ctx.user = {
       ...jwtPayload,
       accessLevel: await getAccessLevel(
@@ -53,7 +54,10 @@ module.exports = async (ctx, next) => {
         jwtPayload.accessLevelId
       ),
     }
-    ctx.isAuthenticated = ctx.user.accessLevelId !== ANON_LEVEL_ID
+    ctx.auth = {
+      authenticated: ctx.user.accessLevelId !== ANON_LEVEL_ID,
+      apiKey: jwtPayload.apiKey,
+    }
   } catch (err) {
     ctx.throw(err.status || STATUS_CODES.FORBIDDEN, err.text)
   }

packages/server/src/middleware/authorized.js

@@ -20,9 +20,11 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
     })
 
     if (apiKeyInfo) {
-      ctx.isAuthenticated = true
-      ctx.externalWebhook = true
-      ctx.apiKey = ctx.headers["x-api-key"]
+      ctx.auth = {
+        authenticated: true,
+        external: true,
+        apiKey: ctx.headers["x-api-key"],
+      }
       ctx.user = {
         instanceId: ctx.headers["x-instanceid"],
       }
@@ -32,7 +34,7 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
     ctx.throw(403, "API key invalid")
   }
 
-  if (!ctx.isAuthenticated) {
+  if (!ctx.auth.authenticated) {
     ctx.throw(403, "Session not authenticated")
   }
 

packages/server/src/middleware/usageQuota.js

@@ -55,7 +55,7 @@ module.exports = async (ctx, next) => {
     return next()
   }
   try {
-    await usageQuota.update(ctx.apiKey, property, usage)
+    await usageQuota.update(ctx.auth.apiKey, property, usage)
     return next()
   } catch (err) {
     ctx.throw(403, err)