Merge pull request #10039 from Budibase/fix/api-key-error
Improve invalid API key error messaging
This commit is contained in:
commit
02d4fc2d31
|
@ -16,6 +16,7 @@ export abstract class BudibaseError extends Error {
|
||||||
export enum ErrorCode {
|
export enum ErrorCode {
|
||||||
USAGE_LIMIT_EXCEEDED = "usage_limit_exceeded",
|
USAGE_LIMIT_EXCEEDED = "usage_limit_exceeded",
|
||||||
FEATURE_DISABLED = "feature_disabled",
|
FEATURE_DISABLED = "feature_disabled",
|
||||||
|
INVALID_API_KEY = "invalid_api_key",
|
||||||
HTTP = "http",
|
HTTP = "http",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,3 +86,14 @@ export class FeatureDisabledError extends HTTPError {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AUTH
|
||||||
|
|
||||||
|
export class InvalidAPIKeyError extends BudibaseError {
|
||||||
|
constructor() {
|
||||||
|
super(
|
||||||
|
"Invalid API key - may need re-generated, or user doesn't exist",
|
||||||
|
ErrorCode.INVALID_API_KEY
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -14,6 +14,7 @@ import { decrypt } from "../security/encryption"
|
||||||
import * as identity from "../context/identity"
|
import * as identity from "../context/identity"
|
||||||
import env from "../environment"
|
import env from "../environment"
|
||||||
import { Ctx, EndpointMatcher } from "@budibase/types"
|
import { Ctx, EndpointMatcher } from "@budibase/types"
|
||||||
|
import { InvalidAPIKeyError, ErrorCode } from "../errors"
|
||||||
|
|
||||||
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
|
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
|
||||||
? parseInt(env.SESSION_UPDATE_PERIOD)
|
? parseInt(env.SESSION_UPDATE_PERIOD)
|
||||||
|
@ -48,22 +49,27 @@ async function checkApiKey(apiKey: string, populateUser?: Function) {
|
||||||
const decrypted = decrypt(apiKey)
|
const decrypted = decrypt(apiKey)
|
||||||
const tenantId = decrypted.split(SEPARATOR)[0]
|
const tenantId = decrypted.split(SEPARATOR)[0]
|
||||||
return doInTenant(tenantId, async () => {
|
return doInTenant(tenantId, async () => {
|
||||||
|
let userId
|
||||||
|
try {
|
||||||
const db = getGlobalDB()
|
const db = getGlobalDB()
|
||||||
// api key is encrypted in the database
|
// api key is encrypted in the database
|
||||||
const userId = (await queryGlobalView(
|
userId = (await queryGlobalView(
|
||||||
ViewName.BY_API_KEY,
|
ViewName.BY_API_KEY,
|
||||||
{
|
{
|
||||||
key: apiKey,
|
key: apiKey,
|
||||||
},
|
},
|
||||||
db
|
db
|
||||||
)) as string
|
)) as string
|
||||||
|
} catch (err) {
|
||||||
|
userId = undefined
|
||||||
|
}
|
||||||
if (userId) {
|
if (userId) {
|
||||||
return {
|
return {
|
||||||
valid: true,
|
valid: true,
|
||||||
user: await getUser(userId, tenantId, populateUser),
|
user: await getUser(userId, tenantId, populateUser),
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
throw "Invalid API key"
|
throw new InvalidAPIKeyError()
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -164,8 +170,10 @@ export default function (
|
||||||
console.error(`Auth Error: ${err.message}`)
|
console.error(`Auth Error: ${err.message}`)
|
||||||
console.error(err)
|
console.error(err)
|
||||||
// invalid token, clear the cookie
|
// invalid token, clear the cookie
|
||||||
if (err && err.name === "JsonWebTokenError") {
|
if (err?.name === "JsonWebTokenError") {
|
||||||
clearCookie(ctx, Cookie.Auth)
|
clearCookie(ctx, Cookie.Auth)
|
||||||
|
} else if (err?.code === ErrorCode.INVALID_API_KEY) {
|
||||||
|
ctx.throw(403, err.message)
|
||||||
}
|
}
|
||||||
// allow configuring for public access
|
// allow configuring for public access
|
||||||
if ((opts && opts.publicAllowed) || publicEndpoint) {
|
if ((opts && opts.publicAllowed) || publicEndpoint) {
|
||||||
|
|
Loading…
Reference in New Issue