Merge pull request #10039 from Budibase/fix/api-key-error

Improve invalid API key error messaging
This commit is contained in:
Michael Drury 2023-03-16 17:11:46 +00:00 committed by GitHub
commit 02d4fc2d31
2 changed files with 31 additions and 11 deletions

View File

@ -16,6 +16,7 @@ export abstract class BudibaseError extends Error {
export enum ErrorCode { export enum ErrorCode {
USAGE_LIMIT_EXCEEDED = "usage_limit_exceeded", USAGE_LIMIT_EXCEEDED = "usage_limit_exceeded",
FEATURE_DISABLED = "feature_disabled", FEATURE_DISABLED = "feature_disabled",
INVALID_API_KEY = "invalid_api_key",
HTTP = "http", HTTP = "http",
} }
@ -85,3 +86,14 @@ export class FeatureDisabledError extends HTTPError {
} }
} }
} }
// AUTH
export class InvalidAPIKeyError extends BudibaseError {
constructor() {
super(
"Invalid API key - may need re-generated, or user doesn't exist",
ErrorCode.INVALID_API_KEY
)
}
}

View File

@ -14,6 +14,7 @@ import { decrypt } from "../security/encryption"
import * as identity from "../context/identity" import * as identity from "../context/identity"
import env from "../environment" import env from "../environment"
import { Ctx, EndpointMatcher } from "@budibase/types" import { Ctx, EndpointMatcher } from "@budibase/types"
import { InvalidAPIKeyError, ErrorCode } from "../errors"
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
? parseInt(env.SESSION_UPDATE_PERIOD) ? parseInt(env.SESSION_UPDATE_PERIOD)
@ -48,22 +49,27 @@ async function checkApiKey(apiKey: string, populateUser?: Function) {
const decrypted = decrypt(apiKey) const decrypted = decrypt(apiKey)
const tenantId = decrypted.split(SEPARATOR)[0] const tenantId = decrypted.split(SEPARATOR)[0]
return doInTenant(tenantId, async () => { return doInTenant(tenantId, async () => {
let userId
try {
const db = getGlobalDB() const db = getGlobalDB()
// api key is encrypted in the database // api key is encrypted in the database
const userId = (await queryGlobalView( userId = (await queryGlobalView(
ViewName.BY_API_KEY, ViewName.BY_API_KEY,
{ {
key: apiKey, key: apiKey,
}, },
db db
)) as string )) as string
} catch (err) {
userId = undefined
}
if (userId) { if (userId) {
return { return {
valid: true, valid: true,
user: await getUser(userId, tenantId, populateUser), user: await getUser(userId, tenantId, populateUser),
} }
} else { } else {
throw "Invalid API key" throw new InvalidAPIKeyError()
} }
}) })
} }
@ -164,8 +170,10 @@ export default function (
console.error(`Auth Error: ${err.message}`) console.error(`Auth Error: ${err.message}`)
console.error(err) console.error(err)
// invalid token, clear the cookie // invalid token, clear the cookie
if (err && err.name === "JsonWebTokenError") { if (err?.name === "JsonWebTokenError") {
clearCookie(ctx, Cookie.Auth) clearCookie(ctx, Cookie.Auth)
} else if (err?.code === ErrorCode.INVALID_API_KEY) {
ctx.throw(403, err.message)
} }
// allow configuring for public access // allow configuring for public access
if ((opts && opts.publicAllowed) || publicEndpoint) { if ((opts && opts.publicAllowed) || publicEndpoint) {