budibase/packages/auth/src/utils.js

const {
  DocumentTypes,
  SEPARATOR,
  ViewNames,
  StaticDatabases,
} = require("./db/utils")
const jwt = require("jsonwebtoken")
const { options } = require("./middleware/passport/jwt")
const { createUserEmailView } = require("./db/views")
const { getDB } = require("./db")

const APP_PREFIX = DocumentTypes.APP + SEPARATOR

function confirmAppId(possibleAppId) {
  return possibleAppId && possibleAppId.startsWith(APP_PREFIX)
    ? possibleAppId
    : undefined
}

/**
 * Given a request tries to find the appId, which can be located in various places
 * @param {object} ctx The main request body to look through.
 * @returns {string|undefined} If an appId was found it will be returned.
 */
exports.getAppId = ctx => {
  const options = [ctx.headers["x-budibase-app-id"], ctx.params.appId]
  if (ctx.subdomains) {
    options.push(ctx.subdomains[1])
  }
  let appId
  for (let option of options) {
    appId = confirmAppId(option)
    if (appId) {
      break
    }
  }

  // look in body if can't find it in subdomain
  if (!appId && ctx.request.body && ctx.request.body.appId) {
    appId = confirmAppId(ctx.request.body.appId)
  }
  let appPath =
    ctx.request.headers.referrer ||
    ctx.path.split("/").filter(subPath => subPath.startsWith(APP_PREFIX))
  if (!appId && appPath.length !== 0) {
    appId = confirmAppId(appPath[0])
  }
  return appId
}

/**
 * Get a cookie from context, and decrypt if necessary.
 * @param {object} ctx The request which is to be manipulated.
 * @param {string} name The name of the cookie to get.
 */
exports.getCookie = (ctx, name) => {
  const cookie = ctx.cookies.get(name)

  if (!cookie) {
    return cookie
  }

  return jwt.verify(cookie, options.secretOrKey)
}

/**
 * Store a cookie for the request, has a hardcoded expiry.
 * @param {object} ctx The request which is to be manipulated.
 * @param {string} name The name of the cookie to set.
 * @param {string|object} value The value of cookie which will be set.
 */
exports.setCookie = (ctx, value, name = "builder") => {
  const expires = new Date()
  expires.setDate(expires.getDate() + 1)

  if (!value) {
    ctx.cookies.set(name)
  } else {
    value = jwt.sign(value, options.secretOrKey, {
      expiresIn: "1 day",
    })
    ctx.cookies.set(name, value, {
      expires,
      path: "/",
      httpOnly: false,
      overwrite: true,
    })
  }
}

/**
 * Utility function, simply calls setCookie with an empty string for value
 */
exports.clearCookie = (ctx, name) => {
  exports.setCookie(ctx, null, name)
}

/**
 * Checks if the API call being made (based on the provided ctx object) is from the client. If
 * the call is not from a client app then it is from the builder.
 * @param {object} ctx The koa context object to be tested.
 * @return {boolean} returns true if the call is from the client lib (a built app rather than the builder).
 */
exports.isClient = ctx => {
  return ctx.headers["x-budibase-type"] === "client"
}

exports.getGlobalUserByEmail = async email => {
  const db = getDB(StaticDatabases.GLOBAL.name)
  try {
    let users = (
      await db.query(`database/${ViewNames.USER_BY_EMAIL}`, {
        key: email,
        include_docs: true,
      })
    ).rows
    users = users.map(user => user.doc)
    return users.length <= 1 ? users[0] : users
  } catch (err) {
    if (err != null && err.name === "not_found") {
      await createUserEmailView()
      return exports.getGlobalUserByEmail(email)
    } else {
      throw err
    }
  }
}
Linting and formatting. 2021-04-20 18:33:44 +02:00			`const {`
			`DocumentTypes,`
			`SEPARATOR,`
			`ViewNames,`
			`StaticDatabases,`
			`} = require("./db/utils")`
login page 2021-04-11 12:35:55 +02:00			`const jwt = require("jsonwebtoken")`
			`const { options } = require("./middleware/passport/jwt")`
Updating auth package to remove use of email address (bar logging in). 2021-04-19 18:31:47 +02:00			`const { createUserEmailView } = require("./db/views")`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`const { getDB } = require("./db")`
encapsulate more auth functionality into shared module and use in worker 2021-04-08 12:20:37 +02:00
			`const APP_PREFIX = DocumentTypes.APP + SEPARATOR`

			`function confirmAppId(possibleAppId) {`
			`return possibleAppId && possibleAppId.startsWith(APP_PREFIX)`
			`? possibleAppId`
			`: undefined`
			`}`

			`/**`
			`* Given a request tries to find the appId, which can be located in various places`
			`* @param {object} ctx The main request body to look through.`
			`* @returns {string\|undefined} If an appId was found it will be returned.`
			`*/`
			`exports.getAppId = ctx => {`
			`const options = [ctx.headers["x-budibase-app-id"], ctx.params.appId]`
			`if (ctx.subdomains) {`
			`options.push(ctx.subdomains[1])`
			`}`
			`let appId`
			`for (let option of options) {`
			`appId = confirmAppId(option)`
			`if (appId) {`
			`break`
			`}`
			`}`

			`// look in body if can't find it in subdomain`
			`if (!appId && ctx.request.body && ctx.request.body.appId) {`
			`appId = confirmAppId(ctx.request.body.appId)`
			`}`
			`let appPath =`
			`ctx.request.headers.referrer \|\|`
			`ctx.path.split("/").filter(subPath => subPath.startsWith(APP_PREFIX))`
			`if (!appId && appPath.length !== 0) {`
			`appId = confirmAppId(appPath[0])`
			`}`
			`return appId`
			`}`

login page 2021-04-11 12:35:55 +02:00			`/**`
			`* Get a cookie from context, and decrypt if necessary.`
			`* @param {object} ctx The request which is to be manipulated.`
			`* @param {string} name The name of the cookie to get.`
			`*/`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`exports.getCookie = (ctx, name) => {`
			`const cookie = ctx.cookies.get(name)`
login page 2021-04-11 12:35:55 +02:00
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`if (!cookie) {`
			`return cookie`
			`}`
login page 2021-04-11 12:35:55 +02:00
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`return jwt.verify(cookie, options.secretOrKey)`
login page 2021-04-11 12:35:55 +02:00			`}`

encapsulate more auth functionality into shared module and use in worker 2021-04-08 12:20:37 +02:00			`/**`
			`* Store a cookie for the request, has a hardcoded expiry.`
			`* @param {object} ctx The request which is to be manipulated.`
			`* @param {string} name The name of the cookie to set.`
			`* @param {string\|object} value The value of cookie which will be set.`
			`*/`
			`exports.setCookie = (ctx, value, name = "builder") => {`
			`const expires = new Date()`
			`expires.setDate(expires.getDate() + 1)`

			`if (!value) {`
			`ctx.cookies.set(name)`
			`} else {`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-12 19:31:58 +02:00			`value = jwt.sign(value, options.secretOrKey, {`
			`expiresIn: "1 day",`
			`})`
encapsulate more auth functionality into shared module and use in worker 2021-04-08 12:20:37 +02:00			`ctx.cookies.set(name, value, {`
			`expires,`
			`path: "/",`
			`httpOnly: false,`
			`overwrite: true,`
			`})`
			`}`
			`}`

			`/**`
			`* Utility function, simply calls setCookie with an empty string for value`
			`*/`
			`exports.clearCookie = (ctx, name) => {`
Updating test cases and some re-work of the email system. 2021-04-23 19:07:39 +02:00			`exports.setCookie(ctx, null, name)`
encapsulate more auth functionality into shared module and use in worker 2021-04-08 12:20:37 +02:00			`}`

			`/**`
			`* Checks if the API call being made (based on the provided ctx object) is from the client. If`
			`* the call is not from a client app then it is from the builder.`
			`* @param {object} ctx The koa context object to be tested.`
			`* @return {boolean} returns true if the call is from the client lib (a built app rather than the builder).`
			`*/`
			`exports.isClient = ctx => {`
			`return ctx.headers["x-budibase-type"] === "client"`
			`}`
Updating auth package to remove use of email address (bar logging in). 2021-04-19 18:31:47 +02:00
			`exports.getGlobalUserByEmail = async email => {`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`const db = getDB(StaticDatabases.GLOBAL.name)`
Updating auth package to remove use of email address (bar logging in). 2021-04-19 18:31:47 +02:00			`try {`
Linting and formatting. 2021-04-20 18:33:44 +02:00			`let users = (`
			await db.query(`database/${ViewNames.USER_BY_EMAIL}`, {
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`key: email,`
			`include_docs: true,`
Updating auth package to remove use of email address (bar logging in). 2021-04-19 18:31:47 +02:00			`})`
			`).rows`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`users = users.map(user => user.doc)`
Updating auth package to remove use of email address (bar logging in). 2021-04-19 18:31:47 +02:00			`return users.length <= 1 ? users[0] : users`
			`} catch (err) {`
			`if (err != null && err.name === "not_found") {`
			`await createUserEmailView()`
			`return exports.getGlobalUserByEmail(email)`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`} else {`
			`throw err`
Updating auth package to remove use of email address (bar logging in). 2021-04-19 18:31:47 +02:00			`}`
			`}`
			`}`