budibase/packages/backend-core/src/middleware/authenticated.js

const { Cookies, Headers } = require("../constants")
const { getCookie, clearCookie, openJwt } = require("../utils")
const { getUser } = require("../cache/user")
const { getSession, updateSessionTTL } = require("../security/sessions")
const { buildMatcherRegex, matches } = require("./matchers")
const env = require("../environment")
const { SEPARATOR, ViewNames, queryGlobalView } = require("../../db")
const { getGlobalDB, doInTenant } = require("../tenancy")
const { decrypt } = require("../security/encryption")

function finalise(
  ctx,
  { authenticated, user, internal, version, publicEndpoint } = {}
) {
  ctx.publicEndpoint = publicEndpoint || false
  ctx.isAuthenticated = authenticated || false
  ctx.user = user
  ctx.internal = internal || false
  ctx.version = version
}

async function checkApiKey(apiKey, populateUser) {
  if (apiKey === env.INTERNAL_API_KEY) {
    return { valid: true }
  }
  const decrypted = decrypt(apiKey)
  const tenantId = decrypted.split(SEPARATOR)[0]
  return doInTenant(tenantId, async () => {
    const db = getGlobalDB()
    // api key is encrypted in the database
    const userId = await queryGlobalView(
      ViewNames.BY_API_KEY,
      {
        key: apiKey,
      },
      db
    )
    if (userId) {
      return {
        valid: true,
        user: await getUser(userId, tenantId, populateUser),
      }
    } else {
      throw "Invalid API key"
    }
  })
}

/**
 * This middleware is tenancy aware, so that it does not depend on other middlewares being used.
 * The tenancy modules should not be used here and it should be assumed that the tenancy context
 * has not yet been populated.
 */
module.exports = (
  noAuthPatterns = [],
  opts = { publicAllowed: false, populateUser: null }
) => {
  const noAuthOptions = noAuthPatterns ? buildMatcherRegex(noAuthPatterns) : []
  return async (ctx, next) => {
    let publicEndpoint = false
    const version = ctx.request.headers[Headers.API_VER]
    // the path is not authenticated
    const found = matches(ctx, noAuthOptions)
    if (found) {
      publicEndpoint = true
    }
    try {
      // check the actual user is authenticated first, try header or cookie
      const headerToken = ctx.request.headers[Headers.TOKEN]
      const authCookie = getCookie(ctx, Cookies.Auth) || openJwt(headerToken)
      let authenticated = false,
        user = null,
        internal = false
      if (authCookie) {
        let error = null
        const sessionId = authCookie.sessionId
        const userId = authCookie.userId

        const session = await getSession(userId, sessionId)
        if (!session) {
          error = "No session found"
        } else {
          try {
            if (opts && opts.populateUser) {
              user = await getUser(
                userId,
                session.tenantId,
                opts.populateUser(ctx)
              )
            } else {
              user = await getUser(userId, session.tenantId)
            }
            user.csrfToken = session.csrfToken
            delete user.password
            authenticated = true
          } catch (err) {
            error = err
          }
        }
        if (error) {
          console.error("Auth Error", error)
          // remove the cookie as the user does not exist anymore
          clearCookie(ctx, Cookies.Auth)
        } else {
          // make sure we denote that the session is still in use
          await updateSessionTTL(session)
        }
      }
      const apiKey = ctx.request.headers[Headers.API_KEY]
      const tenantId = ctx.request.headers[Headers.TENANT_ID]
      // this is an internal request, no user made it
      if (!authenticated && apiKey) {
        const populateUser = opts.populateUser ? opts.populateUser(ctx) : null
        const { valid, user: foundUser } = await checkApiKey(
          apiKey,
          populateUser
        )
        if (valid && foundUser) {
          authenticated = true
          user = foundUser
        } else if (valid) {
          authenticated = true
          internal = true
        }
      }
      if (!user && tenantId) {
        user = { tenantId }
      }
      // be explicit
      if (authenticated !== true) {
        authenticated = false
      }
      // isAuthenticated is a function, so use a variable to be able to check authed state
      finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
      return next()
    } catch (err) {
      // invalid token, clear the cookie
      if (err && err.name === "JsonWebTokenError") {
        clearCookie(ctx, Cookies.Auth)
      }
      // allow configuring for public access
      if ((opts && opts.publicAllowed) || publicEndpoint) {
        finalise(ctx, { authenticated: false, version, publicEndpoint })
        return next()
      } else {
        ctx.throw(err.status || 403, err)
      }
    }
  }
}
Adding concept of version to APIs. 2021-07-23 16:29:14 +02:00			`const { Cookies, Headers } = require("../constants")`
Some fixes after testing dynamic variables in rest a bit more. 2021-12-17 15:08:48 +01:00			`const { getCookie, clearCookie, openJwt } = require("../utils")`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`const { getUser } = require("../cache/user")`
			`const { getSession, updateSessionTTL } = require("../security/sessions")`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`const { buildMatcherRegex, matches } = require("./matchers")`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`const env = require("../environment")`
Adding tenancy to the API key, making the authenticated middleware aware of new user API keys, using a view to lookup the user by API key. 2022-02-11 23:24:48 +01:00			`const { SEPARATOR, ViewNames, queryGlobalView } = require("../../db")`
Fixing an issue with the public API loading for the first time in a multi-tenant environment, also fixing an issue in self host when switching between environments with different secrets. 2022-03-14 20:05:02 +01:00			`const { getGlobalDB, doInTenant } = require("../tenancy")`
Adding basic encrypt/decrypt pathway. 2022-02-14 19:32:09 +01:00			`const { decrypt } = require("../security/encryption")`
login page 2021-04-11 12:35:55 +02:00
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`function finalise(`
			`ctx,`
			`{ authenticated, user, internal, version, publicEndpoint } = {}`
			`) {`
			`ctx.publicEndpoint = publicEndpoint \|\| false`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`ctx.isAuthenticated = authenticated \|\| false`
			`ctx.user = user`
			`ctx.internal = internal \|\| false`
Adding concept of version to APIs. 2021-07-23 16:29:14 +02:00			`ctx.version = version`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`}`

Adding tenancy to the API key, making the authenticated middleware aware of new user API keys, using a view to lookup the user by API key. 2022-02-11 23:24:48 +01:00			`async function checkApiKey(apiKey, populateUser) {`
			`if (apiKey === env.INTERNAL_API_KEY) {`
			`return { valid: true }`
			`}`
Using 10K iteration string stretching for encryption. 2022-02-14 22:37:40 +01:00			`const decrypted = decrypt(apiKey)`
			`const tenantId = decrypted.split(SEPARATOR)[0]`
Fixing an issue with the public API loading for the first time in a multi-tenant environment, also fixing an issue in self host when switching between environments with different secrets. 2022-03-14 20:05:02 +01:00			`return doInTenant(tenantId, async () => {`
			`const db = getGlobalDB()`
			`// api key is encrypted in the database`
			`const userId = await queryGlobalView(`
			`ViewNames.BY_API_KEY,`
			`{`
			`key: apiKey,`
			`},`
			`db`
			`)`
			`if (userId) {`
			`return {`
			`valid: true,`
			`user: await getUser(userId, tenantId, populateUser),`
			`}`
			`} else {`
			`throw "Invalid API key"`
			`}`
			`})`
Adding tenancy to the API key, making the authenticated middleware aware of new user API keys, using a view to lookup the user by API key. 2022-02-11 23:24:48 +01:00			`}`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`/**`
			`* This middleware is tenancy aware, so that it does not depend on other middlewares being used.`
			`* The tenancy modules should not be used here and it should be assumed that the tenancy context`
			`* has not yet been populated.`
			`*/`
Configurable user cache population in auth middleware 2021-09-13 18:38:12 +02:00			`module.exports = (`
			`noAuthPatterns = [],`
			`opts = { publicAllowed: false, populateUser: null }`
			`) => {`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`const noAuthOptions = noAuthPatterns ? buildMatcherRegex(noAuthPatterns) : []`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-21 17:42:44 +02:00			`return async (ctx, next) => {`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`let publicEndpoint = false`
Adding concept of version to APIs. 2021-07-23 16:29:14 +02:00			`const version = ctx.request.headers[Headers.API_VER]`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-21 17:42:44 +02:00			`// the path is not authenticated`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`const found = matches(ctx, noAuthOptions)`
			`if (found) {`
			`publicEndpoint = true`
login page 2021-04-11 12:35:55 +02:00			`}`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-21 17:42:44 +02:00			`try {`
Some fixes after testing dynamic variables in rest a bit more. 2021-12-17 15:08:48 +01:00			`// check the actual user is authenticated first, try header or cookie`
			`const headerToken = ctx.request.headers[Headers.TOKEN]`
			`const authCookie = getCookie(ctx, Cookies.Auth) \|\| openJwt(headerToken)`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`let authenticated = false,`
			`user = null,`
			`internal = false`
			`if (authCookie) {`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`let error = null`
SSL support for digitalocean, started utility function for BB logout, bunch of minor bug fixes 2021-10-12 17:13:54 +02:00			`const sessionId = authCookie.sessionId`
			`const userId = authCookie.userId`

WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`const session = await getSession(userId, sessionId)`
			`if (!session) {`
			`error = "No session found"`
			`} else {`
			`try {`
Configurable user cache population in auth middleware 2021-09-13 18:38:12 +02:00			`if (opts && opts.populateUser) {`
			`user = await getUser(`
			`userId,`
			`session.tenantId,`
			`opts.populateUser(ctx)`
			`)`
			`} else {`
			`user = await getUser(userId, session.tenantId)`
			`}`
Add CSRF Token 2022-01-25 23:54:50 +01:00			`user.csrfToken = session.csrfToken`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`delete user.password`
			`authenticated = true`
			`} catch (err) {`
			`error = err`
			`}`
			`}`
			`if (error) {`
adding log to authenticated middleware for K8S env 2021-08-04 11:38:49 +02:00			`console.error("Auth Error", error)`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`// remove the cookie as the user does not exist anymore`
Updating test cases and some re-work of the email system. 2021-04-23 19:07:39 +02:00			`clearCookie(ctx, Cookies.Auth)`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`} else {`
			`// make sure we denote that the session is still in use`
Adding sessions API. 2021-07-08 00:29:19 +02:00			`await updateSessionTTL(session)`
Updating test cases and some re-work of the email system. 2021-04-23 19:07:39 +02:00			`}`
			`}`
Adding concept of version to APIs. 2021-07-23 16:29:14 +02:00			`const apiKey = ctx.request.headers[Headers.API_KEY]`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`const tenantId = ctx.request.headers[Headers.TENANT_ID]`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`// this is an internal request, no user made it`
Adding tenancy to the API key, making the authenticated middleware aware of new user API keys, using a view to lookup the user by API key. 2022-02-11 23:24:48 +01:00			`if (!authenticated && apiKey) {`
			`const populateUser = opts.populateUser ? opts.populateUser(ctx) : null`
			`const { valid, user: foundUser } = await checkApiKey(`
			`apiKey,`
			`populateUser`
			`)`
			`if (valid && foundUser) {`
			`authenticated = true`
			`user = foundUser`
			`} else if (valid) {`
			`authenticated = true`
			`internal = true`
			`}`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`}`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`if (!user && tenantId) {`
			`user = { tenantId }`
			`}`
Updating test cases and some re-work of the email system. 2021-04-23 19:07:39 +02:00			`// be explicit`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`if (authenticated !== true) {`
			`authenticated = false`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-21 17:42:44 +02:00			`}`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`// isAuthenticated is a function, so use a variable to be able to check authed state`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`finalise(ctx, { authenticated, user, internal, version, publicEndpoint })`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-21 17:42:44 +02:00			`return next()`
			`} catch (err) {`
Fix for cypress test issues, when metadata is updated rapidly it could get into a bad state - this should resolve it. 2021-11-16 21:56:24 +01:00			`// invalid token, clear the cookie`
			`if (err && err.name === "JsonWebTokenError") {`
			`clearCookie(ctx, Cookies.Auth)`
			`}`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-28 19:13:21 +02:00			`// allow configuring for public access`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 10:59:08 +02:00			`if ((opts && opts.publicAllowed) \|\| publicEndpoint) {`
			`finalise(ctx, { authenticated: false, version, publicEndpoint })`
Starting to fix up test cases. 2022-02-25 16:55:19 +01:00			`return next()`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-28 19:13:21 +02:00			`} else {`
			`ctx.throw(err.status \|\| 403, err)`
			`}`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-21 17:42:44 +02:00			`}`
login page 2021-04-11 12:35:55 +02:00			`}`
			`}`