Merge pull request #4918 from Budibase/fix/public-api-errors

Fix for public API header error warnings
This commit is contained in:
Michael Drury 2022-03-16 11:31:14 +00:00 committed by GitHub
commit 5bb4b8ddde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 0 deletions

View File

@ -5,6 +5,7 @@ import rowEndpoints from "./rows"
import userEndpoints from "./users"
import usage from "../../../middleware/usageQuota"
import authorized from "../../../middleware/authorized"
import publicApi from "../../../middleware/publicApi"
import { paramResource, paramSubResource } from "../../../middleware/resourceId"
import { CtxFn } from "./utils/Endpoint"
import mapperMiddleware from "./middleware/mapper"
@ -101,6 +102,12 @@ function applyRoutes(
const paramMiddleware = subResource
? paramSubResource(resource, subResource)
: paramResource(resource)
const publicApiMiddleware = publicApi({
requiresAppId:
permType !== PermissionTypes.APP && permType !== PermissionTypes.USER,
})
addMiddleware(endpoints.read, publicApiMiddleware)
addMiddleware(endpoints.write, publicApiMiddleware)
// add the parameter capture middleware
addMiddleware(endpoints.read, paramMiddleware)
addMiddleware(endpoints.write, paramMiddleware)

View File

@ -0,0 +1,21 @@
const { Headers } = require("@budibase/backend-core/constants")
const { getAppId } = require("@budibase/backend-core/utils")
module.exports = function ({ requiresAppId } = {}) {
return async (ctx, next) => {
const appId = getAppId(ctx)
if (requiresAppId && !appId) {
ctx.throw(
400,
`Invalid app ID provided, please check the ${Headers.APP_ID} header.`
)
}
if (!ctx.headers[Headers.API_KEY]) {
ctx.throw(
400,
`Invalid API key provided, please check the ${Headers.API_KEY} header.`
)
}
return next()
}
}