MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removing tenancy validity check, instead depending on the PLATFORM_URL environment variable for determining tenant ID.

This commit is contained in:
mike12345567 2023-03-29 16:19:35 +01:00
parent 0257617ba1
commit 26aeac357d
10 changed files with 16 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
packages/builder/src/pages/builder/_layout.svelte
View File

@ -1,6 +1,6 @@
<script> <script>
import { isActive, redirect, params } from "@roxi/routify" import { isActive, redirect, params } from "@roxi/routify"
import { admin, auth, licensing, tenants } from "stores/portal" import { admin, auth, licensing } from "stores/portal"
import { onMount } from "svelte" import { onMount } from "svelte"
import { CookieUtils, Constants } from "@budibase/frontend-core" import { CookieUtils, Constants } from "@budibase/frontend-core"
import { API } from "api" import { API } from "api"
@ -10,24 +10,27 @@
$: multiTenancyEnabled = $admin.multiTenancy $: multiTenancyEnabled = $admin.multiTenancy
$: hasAdminUser = $admin?.checklist?.adminUser?.checked $: hasAdminUser = $admin?.checklist?.adminUser?.checked
$: baseUrl = $admin?.baseUrl
$: tenantSet = $auth.tenantSet $: tenantSet = $auth.tenantSet
$: cloud = $admin.cloud $: cloud = $admin?.cloud
$: user = $auth.user $: user = $auth.user
$: useAccountPortal = cloud && !$admin.disableAccountPortal $: useAccountPortal = cloud && !$admin.disableAccountPortal
const validateTenantId = async () => { const validateTenantId = async () => {
const host = window.location.host const host = window.location.host
if (host.includes("localhost:")) { if (host.includes("localhost:") || !baseUrl) {
// ignore local dev // ignore local dev
return return
} }
// e.g. ['tenant', 'budibase', 'app'] vs ['budibase', 'app'] const mainHost = new URL(baseUrl).host
let urlTenantId let urlTenantId
const hostParts = host.split(".") // remove the main host part
if (hostParts.length > 2) { const hostParts = host.split(mainHost).filter(part => part !== "")
urlTenantId = hostParts[0] // if there is a part left, it has to be the tenant ID subdomain
if (hostParts.length === 1) {
urlTenantId = hostParts[0].replace(/\./g, "")
} }
if (user && user.tenantId) { if (user && user.tenantId) {
@ -41,16 +44,15 @@
return return
} }
// check if real tenant if (urlTenantId && user.tenantId !== urlTenantId) {
const { exists: tenantExists } = await tenants.info(urlTenantId)
if (tenantExists && user.tenantId !== urlTenantId) {
// user should not be here - play it safe and log them out // user should not be here - play it safe and log them out
try { try {
await auth.logout() await auth.logout()
await auth.setOrganisation(null) await auth.setOrganisation(null)
} catch (error) { } catch (error) {
console.error("Tenant mis-match, logout.") console.error(
`Tenant mis-match - "${urlTenantId}" and "${user.tenantId}" - logout`
)
} }
} }
} else { } else {

1
packages/builder/src/stores/portal/admin.js
View File

@ -53,6 +53,7 @@ export function createAdminStore() {
store.disableAccountPortal = environment.disableAccountPortal store.disableAccountPortal = environment.disableAccountPortal
store.accountPortalUrl = environment.accountPortalUrl store.accountPortalUrl = environment.accountPortalUrl
store.isDev = environment.isDev store.isDev = environment.isDev
store.baseUrl = environment.baseUrl
return store return store
}) })
} }

1
packages/builder/src/stores/portal/index.js
View File

@ -14,4 +14,3 @@ export { overview } from "./overview"
export { environment } from "./environment" export { environment } from "./environment"
export { menu } from "./menu" export { menu } from "./menu"
export { auditLogs } from "./auditLogs" export { auditLogs } from "./auditLogs"
export { tenants } from "./tenants"

27
packages/builder/src/stores/portal/tenants.js
View File

@ -1,27 +0,0 @@
import { writable, get } from "svelte/store"
import { API } from "api"
export function tenantsStore() {
const store = writable({ tenantInfo: {} })
return {
info: async tenantId => {
if (!tenantId) {
return { exists: false }
}
const contents = get(store)
const found = contents.tenantInfo[tenantId]
if (found) {
return found
}
const tenantInfo = await API.getTenantInfo(tenantId)
store.update(state => {
state.tenantInfo[tenantId] = tenantInfo
return state
})
return tenantInfo
},
}
}
export const tenants = tenantsStore()

2
packages/frontend-core/src/api/index.js
View File

@ -29,7 +29,6 @@ import { buildBackupsEndpoints } from "./backups"
import { buildEnvironmentVariableEndpoints } from "./environmentVariables" import { buildEnvironmentVariableEndpoints } from "./environmentVariables"
import { buildEventEndpoints } from "./events" import { buildEventEndpoints } from "./events"
import { buildAuditLogsEndpoints } from "./auditLogs" import { buildAuditLogsEndpoints } from "./auditLogs"
import { buildTenantEndpoints } from "./tenants"
const defaultAPIClientConfig = { const defaultAPIClientConfig = {
/** /**
@ -254,6 +253,5 @@ export const createAPIClient = config => {
...buildEnvironmentVariableEndpoints(API), ...buildEnvironmentVariableEndpoints(API),
...buildEventEndpoints(API), ...buildEventEndpoints(API),
...buildAuditLogsEndpoints(API), ...buildAuditLogsEndpoints(API),
...buildTenantEndpoints(API),
} }
} }

8
packages/frontend-core/src/api/tenants.js
View File

@ -1,8 +0,0 @@
export const buildTenantEndpoints = API => ({
/**
* Get information about a tenant
*/
getTenantInfo: async tenantId => {
return await API.get({ url: `/api/system/tenants/${tenantId}/info` })
},
})

1
packages/worker/src/api/controllers/system/environment.ts
View File

@ -7,6 +7,7 @@ export const fetch = async (ctx: BBContext) => {
cloud: !env.SELF_HOSTED, cloud: !env.SELF_HOSTED,
accountPortalUrl: env.ACCOUNT_PORTAL_URL, accountPortalUrl: env.ACCOUNT_PORTAL_URL,
disableAccountPortal: env.DISABLE_ACCOUNT_PORTAL, disableAccountPortal: env.DISABLE_ACCOUNT_PORTAL,
baseUrl: env.PLATFORM_URL,
// in test need to pretend its in production for the UI (Cypress) // in test need to pretend its in production for the UI (Cypress)
isDev: env.isDev() && !env.isTest(), isDev: env.isDev() && !env.isTest(),
} }

2
packages/worker/src/api/routes/system/tenants.ts
View File

@ -10,6 +10,4 @@ router.delete(
controller.destroy controller.destroy
) )
router.get("/api/system/tenants/:tenantId/info", controller.info)
export default router export default router

13
packages/worker/src/api/routes/system/tests/tenants.spec.ts
View File

@ -58,17 +58,4 @@ describe("/api/global/tenants", () => {
expect(res.body).toEqual(config.adminOnlyResponse()) expect(res.body).toEqual(config.adminOnlyResponse())
}) })
}) })
describe("GET /api/system/tenants/:tenantId/info", () => {
it("allows retrieving information about the tenant", async () => {
const user1 = await config.createTenant()
const res = await config.api.tenants.info(user1.tenantId)
expect(res.body.exists).toEqual(true)
})
it("check a tenant that doesn't exist", async () => {
const res = await config.api.tenants.info("cannot-exist-tenantid")
expect(res.body.exists).toEqual(false)
})
})
}) })

7
packages/worker/src/tests/api/tenants.ts
View File

@ -14,11 +14,4 @@ export class TenantAPI extends TestAPI {
.set(opts?.headers) .set(opts?.headers)
.expect(opts?.status ? opts.status : 204) .expect(opts?.status ? opts.status : 204)
} }
info = (tenantId: string) => {
return this.request
.get(`/api/system/tenants/${tenantId}/info`)
.set(this.config.defaultHeaders())
.expect(200)
}
} }