Quick fix for #4914 - adding some checks in API middleware to confirm headers have been set correctly.
This commit is contained in:
parent
18d85fd4ac
commit
1dd2cf99d0
|
@ -5,6 +5,7 @@ import rowEndpoints from "./rows"
|
|||
import userEndpoints from "./users"
|
||||
import usage from "../../../middleware/usageQuota"
|
||||
import authorized from "../../../middleware/authorized"
|
||||
import publicApiMiddleware from "../../../middleware/publicApi"
|
||||
import { paramResource, paramSubResource } from "../../../middleware/resourceId"
|
||||
import { CtxFn } from "./utils/Endpoint"
|
||||
import mapperMiddleware from "./middleware/mapper"
|
||||
|
@ -101,17 +102,26 @@ function applyRoutes(
|
|||
const paramMiddleware = subResource
|
||||
? paramSubResource(resource, subResource)
|
||||
: paramResource(resource)
|
||||
function both(middleware: any, opts?: any) {
|
||||
addMiddleware(endpoints.read, middleware, opts)
|
||||
addMiddleware(endpoints.write, paramMiddleware, opts)
|
||||
}
|
||||
// add the public API headers check
|
||||
both(
|
||||
publicApiMiddleware({
|
||||
requiresAppId:
|
||||
permType !== PermissionTypes.APP && permType !== PermissionTypes.USER,
|
||||
})
|
||||
)
|
||||
// add the output mapper middleware
|
||||
both(mapperMiddleware, { output: true })
|
||||
// add the parameter capture middleware
|
||||
addMiddleware(endpoints.read, paramMiddleware)
|
||||
addMiddleware(endpoints.write, paramMiddleware)
|
||||
both(paramMiddleware)
|
||||
// add the authorization middleware, using the correct perm type
|
||||
addMiddleware(endpoints.read, authorized(permType, PermissionLevels.READ))
|
||||
addMiddleware(endpoints.write, authorized(permType, PermissionLevels.WRITE))
|
||||
// add the usage quota middleware
|
||||
addMiddleware(endpoints.write, usage)
|
||||
// add the output mapper middleware
|
||||
addMiddleware(endpoints.read, mapperMiddleware, { output: true })
|
||||
addMiddleware(endpoints.write, mapperMiddleware, { output: true })
|
||||
addToRouter(endpoints.read)
|
||||
addToRouter(endpoints.write)
|
||||
}
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
const { Headers } = require("../../../backend-core/src/constants")
|
||||
const { getAppId } = require("@budibase/backend-core/utils")
|
||||
|
||||
module.exports = function ({ requiresAppId } = {}) {
|
||||
return async (ctx, next) => {
|
||||
const appId = getAppId(ctx)
|
||||
if (requiresAppId && !appId) {
|
||||
ctx.throw(
|
||||
400,
|
||||
`Invalid app ID provided, please check the ${Headers.APP_ID} header.`
|
||||
)
|
||||
}
|
||||
if (!ctx.headers[Headers.API_KEY]) {
|
||||
ctx.throw(
|
||||
400,
|
||||
`Invalid API key provided, please check the ${Headers.API_KEY} header.`
|
||||
)
|
||||
}
|
||||
return next()
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue