support for external webhooks

2020-10-12 11:57:37 +01:00 · 2020-10-12 11:57:37 +01:00 · 1f92c9cd14
parent 25a91b62f0
commit 1f92c9cd14
2 changed files with 36 additions and 1 deletions
--- a/packages/builder/src/components/settings/tabs/APIKeys.svelte
+++ b/packages/builder/src/components/settings/tabs/APIKeys.svelte
@ -1,6 +1,7 @@
 <script>
-  import { Input } from "@budibase/bbui"
+  import { Input, Label } from "@budibase/bbui"
  import api from "builderStore/api"
+  import { backendUiStore } from "builderStore"
  import analytics from "analytics"

  let keys = { budibase: "" }
@ -38,6 +39,10 @@
    edit
    value={keys.budibase}
    label="Budibase API Key" />
+  <div>
+    <Label extraSmall grey>Instance ID (Webhooks)</Label>
+    <span>{$backendUiStore.selectedDatabase._id}</span>
+  </div>
 </div>

 <style>
@ -45,4 +50,9 @@
    display: grid;
    grid-gap: var(--spacing-xl);
  }
+
+  span {
+    font-size: var(--font-size-xs);
+    font-weight: 500;
+  }
 </style>
--- a/packages/server/src/middleware/authorized.js
+++ b/packages/server/src/middleware/authorized.js
@ -5,8 +5,33 @@ const {
  BUILDER_LEVEL_ID,
  BUILDER,
 } = require("../utilities/accessLevels")
+const environment = require("../environment")
+const { apiKeyTable } = require("../db/dynamoClient")

 module.exports = (permName, getItemId) => async (ctx, next) => {
+  if (
+    environment.CLOUD &&
+    ctx.headers["x-api-key"] &&
+    ctx.headers["x-instanceid"]
+  ) {
+    // api key header passed by external webhook
+    const apiKeyInfo = await apiKeyTable.get({
+      primary: ctx.headers["x-api-key"],
+    })
+
+    if (apiKeyInfo) {
+      ctx.isAuthenticated = true
+      ctx.externalWebhook = true
+      ctx.apiKey = ctx.headers["x-api-key"]
+      ctx.user = {
+        instanceId: ctx.headers["x-instanceid"],
+      }
+      return next()
+    }
+
+    ctx.throw(403, "API key invalid")
+  }
+
  if (!ctx.isAuthenticated) {
    ctx.throw(403, "Session not authenticated")
  }