diff --git a/packages/client/src/render/getAppId.js b/packages/client/src/render/getAppId.js index d476eda44c..7da86a802d 100644 --- a/packages/client/src/render/getAppId.js +++ b/packages/client/src/render/getAppId.js @@ -1,3 +1,4 @@ export const getAppIdFromPath = () => { - return location.pathname.split("/")[1] + let appId = location.pathname.split("/")[1] + return appId.startsWith("app_") ? appId : undefined } diff --git a/packages/server/src/api/routes/tests/couchTestUtils.js b/packages/server/src/api/routes/tests/couchTestUtils.js index 07ff407e3d..02a75d77fd 100644 --- a/packages/server/src/api/routes/tests/couchTestUtils.js +++ b/packages/server/src/api/routes/tests/couchTestUtils.js @@ -27,15 +27,19 @@ exports.defaultHeaders = appId => { const builderUser = { userId: "BUILDER", accessLevelId: BUILDER_LEVEL_ID, - appId, } const builderToken = jwt.sign(builderUser, env.JWT_SECRET) - return { + const headers = { Accept: "application/json", - Cookie: [`budibase:builder=${builderToken}:local`], + Cookie: [`budibase:builder:local=${builderToken}`], } + if (appId) { + headers["x-budibase-app-id"] = appId + } + + return headers } exports.createTable = async (request, appId, table) => { @@ -209,7 +213,10 @@ const createUserWithPermissions = async ( const loginResult = await request .post(`/api/authenticate`) - .set({ Cookie: `budibase:${appId}:local=${anonToken}` }) + .set({ + Cookie: `budibase:${appId}:local=${anonToken}`, + "x-budibase-app-id": appId, + }) .send({ username, password }) // returning necessary request headers diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js index 5bdafa9dee..a29fa9f51c 100644 --- a/packages/server/src/middleware/authenticated.js +++ b/packages/server/src/middleware/authenticated.js @@ -20,10 +20,11 @@ module.exports = async (ctx, next) => { // do everything we can to make sure the appId is held correctly // we hold it in state as a let appId = getAppId(ctx) - if (appId) { + const cookieAppId = ctx.cookies.get(getCookieName("currentapp")) + if (appId && cookieAppId !== appId) { setCookie(ctx, "currentapp", appId) - } else { - appId = ctx.cookies.get(getCookieName("currentapp")) + } else if (cookieAppId) { + appId = cookieAppId } const appToken = ctx.cookies.get(getCookieName(appId))