budibase/packages/backend-core/src/utils/utils.ts

229 lines
6.1 KiB
TypeScript
Raw Normal View History

import { getAllApps, queryGlobalView } from "../db"
import { options } from "../middleware/passport/jwt"
import { Header, Cookie, MAX_VALID_DATE } from "../constants"
import env from "../environment"
import * as userCache from "../cache/user"
import { getSessionsForUser, invalidateSessions } from "../security/sessions"
import * as events from "../events"
import * as tenancy from "../tenancy"
import {
App,
BBContext,
PlatformLogoutOpts,
TenantResolutionStrategy,
} from "@budibase/types"
import { SetOption } from "cookies"
import { DocumentType, SEPARATOR, ViewName } from "../constants"
2021-04-11 12:35:55 +02:00
const jwt = require("jsonwebtoken")
const APP_PREFIX = DocumentType.APP + SEPARATOR
2022-03-23 17:45:06 +01:00
const PROD_APP_PREFIX = "/app/"
function confirmAppId(possibleAppId: string | undefined) {
return possibleAppId && possibleAppId.startsWith(APP_PREFIX)
? possibleAppId
: undefined
}
async function resolveAppUrl(ctx: BBContext) {
2022-03-23 17:45:06 +01:00
const appUrl = ctx.path.split("/")[2]
let possibleAppUrl = `/${appUrl.toLowerCase()}`
let tenantId: string | null = tenancy.getTenantId()
if (env.MULTI_TENANCY) {
// always use the tenant id from the subdomain in multi tenancy
// this ensures the logged-in user tenant id doesn't overwrite
// e.g. in the case of viewing a public app while already logged-in to another tenant
tenantId = tenancy.getTenantIDFromCtx(ctx, {
includeStrategies: [TenantResolutionStrategy.SUBDOMAIN],
})
2022-03-23 17:45:06 +01:00
}
// search prod apps for a url that matches
const apps: App[] = await tenancy.doInTenant(tenantId, () =>
2022-03-23 17:45:06 +01:00
getAllApps({ dev: false })
)
const app = apps.filter(
a => a.url && a.url.toLowerCase() === possibleAppUrl
)[0]
return app && app.appId ? app.appId : undefined
}
2022-09-06 13:25:57 +02:00
export function isServingApp(ctx: BBContext) {
2022-09-06 13:25:57 +02:00
// dev app
if (ctx.path.startsWith(`/${APP_PREFIX}`)) {
return true
}
// prod app
if (ctx.path.startsWith(PROD_APP_PREFIX)) {
return true
}
return false
}
2022-03-23 17:45:06 +01:00
/**
* Given a request tries to find the appId, which can be located in various places
* @param {object} ctx The main request body to look through.
* @returns {string|undefined} If an appId was found it will be returned.
*/
export async function getAppIdFromCtx(ctx: BBContext) {
2022-03-23 17:45:06 +01:00
// look in headers
const options = [ctx.headers[Header.APP_ID]]
let appId
for (let option of options) {
appId = confirmAppId(option as string)
if (appId) {
break
}
}
2022-03-23 17:45:06 +01:00
// look in body
if (!appId && ctx.request.body && ctx.request.body.appId) {
appId = confirmAppId(ctx.request.body.appId)
}
2022-03-23 17:45:06 +01:00
// look in the url - dev app
let appPath =
ctx.request.headers.referrer ||
ctx.path.split("/").filter(subPath => subPath.startsWith(APP_PREFIX))
2022-03-23 17:45:06 +01:00
if (!appId && appPath.length) {
appId = confirmAppId(appPath[0])
}
2022-03-23 17:45:06 +01:00
// look in the url - prod app
if (!appId && ctx.path.startsWith(PROD_APP_PREFIX)) {
appId = confirmAppId(await resolveAppUrl(ctx))
}
return appId
}
/**
* opens the contents of the specified encrypted JWT.
* @return {object} the contents of the token.
*/
export function openJwt(token: string) {
if (!token) {
return token
}
return jwt.verify(token, options.secretOrKey)
}
2021-04-11 12:35:55 +02:00
/**
* Get a cookie from context, and decrypt if necessary.
* @param {object} ctx The request which is to be manipulated.
* @param {string} name The name of the cookie to get.
*/
export function getCookie(ctx: BBContext, name: string) {
const cookie = ctx.cookies.get(name)
2021-04-11 12:35:55 +02:00
if (!cookie) {
return cookie
}
2021-04-11 12:35:55 +02:00
return openJwt(cookie)
2021-04-11 12:35:55 +02:00
}
/**
2021-07-06 19:10:04 +02:00
* Store a cookie for the request - it will not expire.
* @param {object} ctx The request which is to be manipulated.
* @param {string} name The name of the cookie to set.
* @param {string|object} value The value of cookie which will be set.
2021-12-03 13:39:20 +01:00
* @param {object} opts options like whether to sign.
*/
export function setCookie(
ctx: BBContext,
value: any,
name = "builder",
opts = { sign: true }
) {
2021-12-03 13:39:20 +01:00
if (value && opts && opts.sign) {
2021-07-06 19:10:04 +02:00
value = jwt.sign(value, options.secretOrKey)
2021-09-29 14:51:33 +02:00
}
2021-09-28 17:35:31 +02:00
const config: SetOption = {
2021-12-03 13:39:20 +01:00
expires: MAX_VALID_DATE,
2021-09-29 14:51:33 +02:00
path: "/",
httpOnly: false,
overwrite: true,
}
2021-09-28 17:35:31 +02:00
2022-04-08 02:28:22 +02:00
if (env.COOKIE_DOMAIN) {
config.domain = env.COOKIE_DOMAIN
}
2021-09-29 14:51:33 +02:00
ctx.cookies.set(name, value, config)
}
/**
* Utility function, simply calls setCookie with an empty string for value
*/
export function clearCookie(ctx: BBContext, name: string) {
setCookie(ctx, null, name)
}
/**
* Checks if the API call being made (based on the provided ctx object) is from the client. If
* the call is not from a client app then it is from the builder.
* @param {object} ctx The koa context object to be tested.
* @return {boolean} returns true if the call is from the client lib (a built app rather than the builder).
*/
export function isClient(ctx: BBContext) {
return ctx.headers[Header.TYPE] === "client"
}
async function getBuilders() {
const builders = await queryGlobalView(ViewName.USER_BY_BUILDERS, {
include_docs: false,
})
if (!builders) {
return []
}
if (Array.isArray(builders)) {
return builders
} else {
return [builders]
}
}
export async function getBuildersCount() {
const builders = await getBuilders()
2022-03-25 17:08:12 +01:00
return builders.length
}
/**
* Logs a user out from budibase. Re-used across account portal and builder.
*/
export async function platformLogout(opts: PlatformLogoutOpts) {
const ctx = opts.ctx
const userId = opts.userId
const keepActiveSession = opts.keepActiveSession
2021-10-13 13:26:26 +02:00
if (!ctx) throw new Error("Koa context must be supplied to logout.")
const currentSession = getCookie(ctx, Cookie.Auth)
let sessions = await getSessionsForUser(userId)
if (keepActiveSession) {
2021-10-13 13:26:26 +02:00
sessions = sessions.filter(
session => session.sessionId !== currentSession.sessionId
)
2021-10-12 20:49:34 +02:00
} else {
2021-10-13 13:26:26 +02:00
// clear cookies
clearCookie(ctx, Cookie.Auth)
clearCookie(ctx, Cookie.CurrentApp)
}
const sessionIds = sessions.map(({ sessionId }) => sessionId)
await invalidateSessions(userId, { sessionIds, reason: "logout" })
2022-05-23 23:14:44 +02:00
await events.auth.logout()
2022-03-03 08:20:30 +01:00
await userCache.invalidateUser(userId)
}
export function timeout(timeMs: number) {
return new Promise(resolve => setTimeout(resolve, timeMs))
}