budibase/packages/server/src/middleware/currentapp.ts

import {
  utils,
  constants,
  roles,
  tenancy,
  context,
  users,
  auth,
} from "@budibase/backend-core"
import { generateUserMetadataID, isDevAppID } from "../db/utils"
import { getCachedSelf } from "../utilities/global"
import env from "../environment"
import { isWebhookEndpoint } from "./utils"
import { UserCtx, ContextUser } from "@budibase/types"

export default async (ctx: UserCtx, next: any) => {
  // try to get the appID from the request
  let requestAppId = await utils.getAppIdFromCtx(ctx)
  if (!requestAppId) {
    return next()
  }

  // deny access to application preview
  if (!env.isTest()) {
    if (
      isDevAppID(requestAppId) &&
      !isWebhookEndpoint(ctx) &&
      !users.isBuilder(ctx.user, requestAppId)
    ) {
      return ctx.redirect("/")
    }
  }

  let appId: string | undefined,
    roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
  if (!ctx.user?._id) {
    // not logged in, try to set a cookie for public apps
    appId = requestAppId
  } else if (requestAppId != null) {
    // Different App ID means cookie needs reset, or if the same public user has logged in
    const globalUser = await getCachedSelf(ctx, requestAppId)
    appId = requestAppId
    // retrieving global user gets the right role
    roleId = globalUser.roleId || roleId

    // Allow builders to specify their role via a header
    const isBuilder = users.isBuilder(globalUser, appId)
    const isDevApp = appId && isDevAppID(appId)
    const roleHeader =
      ctx.request &&
      (ctx.request.headers[constants.Header.PREVIEW_ROLE] as string)
    if (isBuilder && isDevApp && roleHeader) {
      // Ensure the role is valid by ensuring a definition exists
      try {
        if (roleHeader) {
          await roles.getRole(roleHeader)
          roleId = roleHeader

          // Delete admin and builder flags so that the specified role is honoured
          ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser
        }
      } catch (error) {
        // Swallow error and do nothing
      }
    }
  }

  // nothing more to do
  if (!appId) {
    return next()
  }

  const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined

  // if the user is not in the right tenant then make sure to wipe their cookie
  // also cleanse any information about them that has been allocated
  // this avoids apps making calls to say the worker which are cross tenant,
  // we simply remove the authentication
  if (
    env.MULTI_TENANCY &&
    userId &&
    requestAppId &&
    !tenancy.isUserInAppTenant(requestAppId, ctx.user)
  ) {
    // clear out the user
    ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
    ctx.isAuthenticated = false
    roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
    // remove the cookie, so future calls are public
    await auth.platformLogout({
      ctx,
      userId,
    })
  }

  return context.doInAppContext(appId, async () => {
    ctx.appId = appId
    if (roleId) {
      ctx.roleId = roleId
      const globalId = ctx.user ? ctx.user._id : undefined
      ctx.user = {
        ...ctx.user!,
        // override userID with metadata one
        _id: userId,
        userId,
        globalId,
        roleId,
        role: await roles.getRole(roleId, { defaultPublic: true }),
      }
    }

    return next()
  })
}
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`import {`
			`utils,`
			`constants,`
			`roles,`
			`tenancy,`
			`context,`
Main body of work to handle the new approach of per app builders support. 2023-07-18 17:57:48 +02:00			`users,`
Adding cookie clearing/logout for when a cross tenant session is detected, make sure that the cookie cannot be used/considered valid after the call is made. 2023-12-04 17:47:41 +01:00			`auth,`
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`} from "@budibase/backend-core"`
			`import { generateUserMetadataID, isDevAppID } from "../db/utils"`
			`import { getCachedSelf } from "../utilities/global"`
			`import env from "../environment"`
			`import { isWebhookEndpoint } from "./utils"`
Main body of work to handle the new approach of per app builders support. 2023-07-18 17:57:48 +02:00			`import { UserCtx, ContextUser } from "@budibase/types"`
prevent cross tenant app access 2021-10-06 23:16:50 +02:00
Fix for currentapp build issue. 2023-03-22 18:46:37 +01:00			`export default async (ctx: UserCtx, next: any) => {`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`// try to get the appID from the request`
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`let requestAppId = await utils.getAppIdFromCtx(ctx)`
Remove all app cookie references (not really needed anymore) 2023-03-30 14:11:42 +02:00			`if (!requestAppId) {`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`return next()`
			`}`
Fix currentapp middleware to allow app_ parameters 2023-01-12 16:38:22 +01:00
Prevent non builder from accessing dev apps 2021-10-25 17:59:09 +02:00			`// deny access to application preview`
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`if (!env.isTest()) {`
			`if (`
			`isDevAppID(requestAppId) &&`
			`!isWebhookEndpoint(ctx) &&`
Moving user admin/builder functions to shared-core for frontend to use. 2023-07-19 17:19:34 +02:00			`!users.isBuilder(ctx.user, requestAppId)`
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`) {`
			`return ctx.redirect("/")`
			`}`
Prevent non builder from accessing dev apps 2021-10-25 17:59:09 +02:00			`}`

Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`let appId: string \| undefined,`
			`roleId = roles.BUILTIN_ROLE_IDS.PUBLIC`
Fix currentapp middleware to allow app_ parameters 2023-01-12 16:38:22 +01:00			`if (!ctx.user?._id) {`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`// not logged in, try to set a cookie for public apps`
			`appId = requestAppId`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`} else if (requestAppId != null) {`
ensuring public users can log in after being assigned a roleId 2021-04-13 17:56:45 +02:00			`// Different App ID means cookie needs reset, or if the same public user has logged in`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`const globalUser = await getCachedSelf(ctx, requestAppId)`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`appId = requestAppId`
Fixing two issues which were blocking previews, one the user was no longer being updated as an admin (when first building/creating an app) and two, role was not being carried across from global user properly. 2021-05-13 19:10:09 +02:00			`// retrieving global user gets the right role`
Fix unit tests 2021-10-12 15:03:47 +02:00			`roleId = globalUser.roleId \|\| roleId`
Merge branch 'develop' of github.com:Budibase/budibase into cheeks-lab-day-devtools 2022-02-24 15:03:29 +01:00
			`// Allow builders to specify their role via a header`
Main body of work to handle the new approach of per app builders support. 2023-07-18 17:57:48 +02:00			`const isBuilder = users.isBuilder(globalUser, appId)`
Merge branch 'develop' of github.com:Budibase/budibase into cheeks-lab-day-devtools 2022-02-24 15:03:29 +01:00			`const isDevApp = appId && isDevAppID(appId)`
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`const roleHeader =`
			`ctx.request &&`
Some major reworks towards higher levels of typescript. 2022-11-16 18:23:12 +01:00			`(ctx.request.headers[constants.Header.PREVIEW_ROLE] as string)`
Merge branch 'develop' of github.com:Budibase/budibase into cheeks-lab-day-devtools 2022-02-24 15:03:29 +01:00			`if (isBuilder && isDevApp && roleHeader) {`
Tidy up 2022-04-06 14:40:07 +02:00			`// Ensure the role is valid by ensuring a definition exists`
Merge branch 'develop' of github.com:Budibase/budibase into cheeks-lab-day-devtools 2022-02-24 15:03:29 +01:00			`try {`
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`if (roleHeader) {`
			`await roles.getRole(roleHeader)`
			`roleId = roleHeader`
Delete user builder and admin flags when specifying a custom role via dev tools 2022-06-09 15:26:56 +02:00
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`// Delete admin and builder flags so that the specified role is honoured`
Main body of work to handle the new approach of per app builders support. 2023-07-18 17:57:48 +02:00			`ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser`
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`}`
Merge branch 'develop' of github.com:Budibase/budibase into cheeks-lab-day-devtools 2022-02-24 15:03:29 +01:00			`} catch (error) {`
			`// Swallow error and do nothing`
			`}`
			`}`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`}`
prevent cross tenant app access 2021-10-06 23:16:50 +02:00
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`// nothing more to do`
			`if (!appId) {`
			`return next()`
			`}`

Adding cookie clearing/logout for when a cross tenant session is detected, make sure that the cookie cannot be used/considered valid after the call is made. 2023-12-04 17:47:41 +01:00			`const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined`
Add devtools to app preview and add ability to preview apps as different roles 2021-11-26 14:25:02 +01:00
Update packages/server/src/middleware/currentapp.ts Co-authored-by: Sam Rose <hello@samwho.dev> 2023-12-04 18:10:19 +01:00			`// if the user is not in the right tenant then make sure to wipe their cookie`
Adding cookie clearing/logout for when a cross tenant session is detected, make sure that the cookie cannot be used/considered valid after the call is made. 2023-12-04 17:47:41 +01:00			`// also cleanse any information about them that has been allocated`
			`// this avoids apps making calls to say the worker which are cross tenant,`
			`// we simply remove the authentication`
			`if (`
			`env.MULTI_TENANCY &&`
			`userId &&`
			`requestAppId &&`
			`!tenancy.isUserInAppTenant(requestAppId, ctx.user)`
			`) {`
			`// clear out the user`
			`ctx.user = users.cleanseUserObject(ctx.user) as ContextUser`
			`ctx.isAuthenticated = false`
			`roleId = roles.BUILTIN_ROLE_IDS.PUBLIC`
			`// remove the cookie, so future calls are public`
			`await auth.platformLogout({`
			`ctx,`
			`userId,`
			`})`
			`}`

			`return context.doInAppContext(appId, async () => {`
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`ctx.appId = appId`
			`if (roleId) {`
			`ctx.roleId = roleId`
Merge branch 'develop' into feature/day-pass-pricing 2022-08-19 15:08:03 +02:00			`const globalId = ctx.user ? ctx.user._id : undefined`
Some type updates and fixes for test case. 2023-06-13 15:45:33 +02:00			`ctx.user = {`
Typescript conversions, as well as updating context to just use an object map. 2022-11-10 18:38:26 +01:00			`...ctx.user!,`
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`// override userID with metadata one`
			`_id: userId,`
			`userId,`
Write users and activity to dynamo 2022-07-18 22:11:52 +02:00			`globalId,`
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`roleId,`
Fix for custom roles that have not been published causing users to be unable to access an app completely. They should instead be treated as public users as their role isn't valid. 2023-06-12 19:39:30 +02:00			`role: await roles.getRole(roleId, { defaultPublic: true }),`
Some type updates and fixes for test case. 2023-06-13 15:45:33 +02:00			`}`
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`}`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00
Tests updating, all now passing, fixed some issues discovered by them. 2022-01-28 16:43:51 +01:00			`return next()`
			`})`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`}`