Some fixes after testing dynamic variables in rest a bit more.
This commit is contained in:
mike12345567
parent
c2a7c53b87
commit
d61cb6c037
|
|
@ -16,6 +16,7 @@ exports.Headers = {
|
||||||
APP_ID: "x-budibase-app-id",
|
APP_ID: "x-budibase-app-id",
|
||||||
TYPE: "x-budibase-type",
|
TYPE: "x-budibase-type",
|
||||||
TENANT_ID: "x-budibase-tenant-id",
|
TENANT_ID: "x-budibase-tenant-id",
|
||||||
|
TOKEN: "x-budibase-token",
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.GlobalRoles = {
|
exports.GlobalRoles = {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
const { Cookies, Headers } = require("../constants")
|
const { Cookies, Headers } = require("../constants")
|
||||||
const { getCookie, clearCookie } = require("../utils")
|
const { getCookie, clearCookie, openJwt } = require("../utils")
|
||||||
const { getUser } = require("../cache/user")
|
const { getUser } = require("../cache/user")
|
||||||
const { getSession, updateSessionTTL } = require("../security/sessions")
|
const { getSession, updateSessionTTL } = require("../security/sessions")
|
||||||
const { buildMatcherRegex, matches } = require("./matchers")
|
const { buildMatcherRegex, matches } = require("./matchers")
|
||||||
|
|
@ -35,8 +35,9 @@ module.exports = (
|
||||||
publicEndpoint = true
|
publicEndpoint = true
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
// check the actual user is authenticated first
|
// check the actual user is authenticated first, try header or cookie
|
||||||
const authCookie = getCookie(ctx, Cookies.Auth)
|
const headerToken = ctx.request.headers[Headers.TOKEN]
|
||||||
|
const authCookie = getCookie(ctx, Cookies.Auth) || openJwt(headerToken)
|
||||||
let authenticated = false,
|
let authenticated = false,
|
||||||
user = null,
|
user = null,
|
||||||
internal = false
|
internal = false
|
||||||
|
|
|
||||||
|
|
@ -63,6 +63,17 @@ exports.getAppId = ctx => {
|
||||||
return appId
|
return appId
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* opens the contents of the specified encrypted JWT.
|
||||||
|
* @return {object} the contents of the token.
|
||||||
|
*/
|
||||||
|
exports.openJwt = token => {
|
||||||
|
if (!token) {
|
||||||
|
return token
|
||||||
|
}
|
||||||
|
return jwt.verify(token, options.secretOrKey)
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a cookie from context, and decrypt if necessary.
|
* Get a cookie from context, and decrypt if necessary.
|
||||||
* @param {object} ctx The request which is to be manipulated.
|
* @param {object} ctx The request which is to be manipulated.
|
||||||
|
|
@ -75,7 +86,7 @@ exports.getCookie = (ctx, name) => {
|
||||||
return cookie
|
return cookie
|
||||||
}
|
}
|
||||||
|
|
||||||
return jwt.verify(cookie, options.secretOrKey)
|
return exports.openJwt(cookie)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,7 @@ export function createQueriesStore() {
|
||||||
{}
|
{}
|
||||||
),
|
),
|
||||||
datasourceId: query.datasourceId,
|
datasourceId: query.datasourceId,
|
||||||
|
queryId: query._id || undefined,
|
||||||
})
|
})
|
||||||
|
|
||||||
if (response.status !== 200) {
|
if (response.status !== 200) {
|
||||||
|
|
|
||||||
|
|
@ -104,8 +104,10 @@ exports.preview = async function (ctx) {
|
||||||
const db = new CouchDB(ctx.appId)
|
const db = new CouchDB(ctx.appId)
|
||||||
|
|
||||||
const datasource = await db.get(ctx.request.body.datasourceId)
|
const datasource = await db.get(ctx.request.body.datasourceId)
|
||||||
|
// preview may not have a queryId as it hasn't been saved, but if it does
|
||||||
const { fields, parameters, queryVerb, transformer } = ctx.request.body
|
// this stops dynamic variables from calling the same query
|
||||||
|
const { fields, parameters, queryVerb, transformer, queryId } =
|
||||||
|
ctx.request.body
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const { rows, keys, info, extra } = await Runner.run({
|
const { rows, keys, info, extra } = await Runner.run({
|
||||||
|
|
@ -115,6 +117,7 @@ exports.preview = async function (ctx) {
|
||||||
fields,
|
fields,
|
||||||
parameters,
|
parameters,
|
||||||
transformer,
|
transformer,
|
||||||
|
queryId,
|
||||||
})
|
})
|
||||||
|
|
||||||
ctx.body = {
|
ctx.body = {
|
||||||
|
|
@ -143,6 +146,7 @@ async function execute(ctx, opts = { rowsOnly: false }) {
|
||||||
fields: query.fields,
|
fields: query.fields,
|
||||||
parameters: ctx.request.body.parameter,
|
parameters: ctx.request.body.parameter,
|
||||||
transformer: query.transformer,
|
transformer: query.transformer,
|
||||||
|
queryId: ctx.params.queryId,
|
||||||
})
|
})
|
||||||
if (opts && opts.rowsOnly) {
|
if (opts && opts.rowsOnly) {
|
||||||
ctx.body = rows
|
ctx.body = rows
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,7 @@ exports.generateQueryPreviewValidation = () => {
|
||||||
extra: Joi.object().optional(),
|
extra: Joi.object().optional(),
|
||||||
datasourceId: Joi.string().required(),
|
datasourceId: Joi.string().required(),
|
||||||
transformer: Joi.string().optional(),
|
transformer: Joi.string().optional(),
|
||||||
parameters: Joi.object({}).required().unknown(true)
|
parameters: Joi.object({}).required().unknown(true),
|
||||||
|
queryId: Joi.string().optional(),
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ class QueryRunner {
|
||||||
this.fields = input.fields
|
this.fields = input.fields
|
||||||
this.parameters = input.parameters
|
this.parameters = input.parameters
|
||||||
this.transformer = input.transformer
|
this.transformer = input.transformer
|
||||||
|
this.queryId = input.queryId
|
||||||
this.noRecursiveQuery = flags.noRecursiveQuery
|
this.noRecursiveQuery = flags.noRecursiveQuery
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -108,6 +109,10 @@ class QueryRunner {
|
||||||
// need to see if this uses any variables
|
// need to see if this uses any variables
|
||||||
const stringFields = JSON.stringify(fields)
|
const stringFields = JSON.stringify(fields)
|
||||||
const foundVars = dynamicVars.filter(variable => {
|
const foundVars = dynamicVars.filter(variable => {
|
||||||
|
// don't allow a query to use its own dynamic variable (loop)
|
||||||
|
if (variable.queryId === this.queryId) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
// look for {{ variable }} but allow spaces between handlebars
|
// look for {{ variable }} but allow spaces between handlebars
|
||||||
const regex = new RegExp(`{{[ ]*${variable.name}[ ]*}}`)
|
const regex = new RegExp(`{{[ ]*${variable.name}[ ]*}}`)
|
||||||
return regex.test(stringFields)
|
return regex.test(stringFields)
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ const {
|
||||||
hash,
|
hash,
|
||||||
platformLogout,
|
platformLogout,
|
||||||
} = authPkg.utils
|
} = authPkg.utils
|
||||||
const { Cookies } = authPkg.constants
|
const { Cookies, Headers } = authPkg.constants
|
||||||
const { passport } = authPkg.auth
|
const { passport } = authPkg.auth
|
||||||
const { checkResetPasswordCode } = require("../../../utilities/redis")
|
const { checkResetPasswordCode } = require("../../../utilities/redis")
|
||||||
const {
|
const {
|
||||||
|
|
@ -60,7 +60,10 @@ async function authInternal(ctx, user, err = null, info = null) {
|
||||||
return ctx.throw(403, info ? info : "Unauthorized")
|
return ctx.throw(403, info ? info : "Unauthorized")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// set a cookie for browser access
|
||||||
setCookie(ctx, user.token, Cookies.Auth, { sign: false })
|
setCookie(ctx, user.token, Cookies.Auth, { sign: false })
|
||||||
|
// set the token in a header as well for APIs
|
||||||
|
ctx.set(Headers.TOKEN, user.token)
|
||||||
// get rid of any app cookies on login
|
// get rid of any app cookies on login
|
||||||
// have to check test because this breaks cypress
|
// have to check test because this breaks cypress
|
||||||
if (!env.isTest()) {
|
if (!env.isTest()) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue