From 07cf98b0de5410369e9ab2b6014e5f46e00bdce4 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 3 Jun 2020 19:35:04 +0100 Subject: [PATCH] use custom user agent header --- packages/builder/src/builderStore/api.js | 2 +- packages/server/src/middleware/authenticated.js | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/packages/builder/src/builderStore/api.js b/packages/builder/src/builderStore/api.js index c132b01fc0..3fcd35ce28 100644 --- a/packages/builder/src/builderStore/api.js +++ b/packages/builder/src/builderStore/api.js @@ -3,7 +3,7 @@ const apiCall = method => async (url, body) => { method: method, headers: { "Content-Type": "application/json", - "User-Agent": "Budibase Builder", + "x-user-agent": "Budibase Builder", }, body: body && JSON.stringify(body), }) diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js index 4ce99f7d3a..d0ce1e2f30 100644 --- a/packages/server/src/middleware/authenticated.js +++ b/packages/server/src/middleware/authenticated.js @@ -15,19 +15,16 @@ module.exports = async (ctx, next) => { const appToken = ctx.cookies.get("budibase:token") const builderToken = ctx.cookies.get("builder:token") - const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder" + const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder" // all admin api access should auth with buildertoken and 'Budibase Builder user agent const shouldAuthAsBuilder = isBuilderAgent && builderToken if (shouldAuthAsBuilder) { - if (builderToken === env.ADMIN_SECRET) { - ctx.isAuthenticated = true - ctx.isBuilder = true - } else { - ctx.isAuthenticated = false - ctx.isBuilder = false - } + const builderTokenValid = builderToken === env.ADMIN_SECRET + + ctx.isAuthenticated = builderTokenValid + ctx.isBuilder = builderTokenValid await next() return