2020-05-07 11:53:34 +02:00
|
|
|
const jwt = require("jsonwebtoken")
|
2020-05-14 16:12:30 +02:00
|
|
|
const STATUS_CODES = require("../utilities/statusCodes")
|
|
|
|
|
const env = require("../environment")
|
2020-05-27 18:23:01 +02:00
|
|
|
const accessLevelController = require("../api/controllers/accesslevel")
|
|
|
|
|
const {
|
|
|
|
|
ADMIN_LEVEL_ID,
|
|
|
|
|
POWERUSER_LEVEL_ID,
|
|
|
|
|
} = require("../utilities/accessLevels")
|
2020-04-23 15:37:08 +02:00
|
|
|
|
|
|
|
|
module.exports = async (ctx, next) => {
|
2020-05-18 12:53:04 +02:00
|
|
|
if (ctx.path === "/_builder") {
|
2020-05-14 16:12:30 +02:00
|
|
|
await next()
|
2020-05-07 15:04:32 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-27 18:23:01 +02:00
|
|
|
if (ctx.cookies.get("builder:token") === env.ADMIN_SECRET) {
|
2020-05-18 07:40:29 +02:00
|
|
|
ctx.isAuthenticated = true
|
2020-05-27 18:23:01 +02:00
|
|
|
ctx.isBuilder = true
|
2020-05-18 07:40:29 +02:00
|
|
|
await next()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-07 11:53:34 +02:00
|
|
|
const token = ctx.cookies.get("budibase:token")
|
2020-05-06 21:29:47 +02:00
|
|
|
|
|
|
|
|
if (!token) {
|
2020-05-04 18:13:57 +02:00
|
|
|
ctx.isAuthenticated = false
|
2020-05-07 11:53:34 +02:00
|
|
|
await next()
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-23 15:37:08 +02:00
|
|
|
|
|
|
|
|
try {
|
2020-05-27 18:23:01 +02:00
|
|
|
const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
|
|
|
|
|
|
|
|
|
|
ctx.user = {
|
|
|
|
|
...jwtPayload,
|
|
|
|
|
accessLevel: await getAccessLevel(
|
|
|
|
|
jwtPayload.instanceId,
|
|
|
|
|
jwtPayload.accessLevelId
|
|
|
|
|
),
|
|
|
|
|
}
|
2020-05-07 11:53:34 +02:00
|
|
|
ctx.isAuthenticated = true
|
2020-04-23 15:37:08 +02:00
|
|
|
} catch (err) {
|
2020-05-07 15:04:32 +02:00
|
|
|
ctx.throw(err.status || STATUS_CODES.FORBIDDEN, err.text)
|
2020-04-23 15:37:08 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-07 11:53:34 +02:00
|
|
|
await next()
|
|
|
|
|
}
|
2020-05-27 18:23:01 +02:00
|
|
|
|
|
|
|
|
const getAccessLevel = async (instanceId, accessLevelId) => {
|
|
|
|
|
if (
|
|
|
|
|
accessLevelId === POWERUSER_LEVEL_ID ||
|
|
|
|
|
accessLevelId === ADMIN_LEVEL_ID
|
|
|
|
|
) {
|
|
|
|
|
return {
|
|
|
|
|
_id: accessLevelId,
|
|
|
|
|
name: accessLevelId,
|
|
|
|
|
permissions: [],
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const findAccessContext = {
|
|
|
|
|
params: {
|
|
|
|
|
levelId: accessLevelId,
|
|
|
|
|
instanceId,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
await accessLevelController.find(findAccessContext)
|
|
|
|
|
return findAccessContext.body
|
|
|
|
|
}
|
