MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Limiting use of query string to a few select endpoints for determining tenant ID.

This commit is contained in:
mike12345567 2021-07-27 18:02:59 +01:00
parent 35f1b50511
commit 5dfeb9b3ca
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/auth/src/db/utils.js
View File

@ -92,21 +92,24 @@ exports.getGlobalDB = tenantId => {
/** /**
* Given a koa context this tries to extra what tenant is being accessed. * Given a koa context this tries to extra what tenant is being accessed.
*/ */
exports.getTenantIdFromCtx = ctx => { exports.getTenantIdFromCtx = (ctx, opts = { includeQuery: false }) => {
if (!ctx) { if (!ctx) {
return null return null
} }
const user = ctx.user || {} const user = ctx.user || {}
const params = ctx.request.params || {} const params = ctx.request.params || {}
const query = ctx.request.query || {} let query = {}
if (opts && opts.includeQuery) {
query = ctx.request.query || {}
}
return user.tenantId || params.tenantId || query.tenantId return user.tenantId || params.tenantId || query.tenantId
} }
/** /**
* Given a koa context this tries to find the correct tenant Global DB. * Given a koa context this tries to find the correct tenant Global DB.
*/ */
exports.getGlobalDBFromCtx = ctx => { exports.getGlobalDBFromCtx = (ctx, opts) => {
const tenantId = exports.getTenantIdFromCtx(ctx) const tenantId = exports.getTenantIdFromCtx(ctx, opts)
return exports.getGlobalDB(tenantId) return exports.getGlobalDB(tenantId)
} }

9
packages/worker/src/api/controllers/global/configs.js
View File

@ -99,7 +99,7 @@ exports.find = async function (ctx) {
} }
exports.publicOidc = async function (ctx) { exports.publicOidc = async function (ctx) {
const db = getGlobalDBFromCtx(ctx) const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try { try {
// Find the config with the most granular scope based on context // Find the config with the most granular scope based on context
const oidcConfig = await getScopedFullConfig(db, { const oidcConfig = await getScopedFullConfig(db, {
@ -121,7 +121,7 @@ exports.publicOidc = async function (ctx) {
} }
exports.publicSettings = async function (ctx) { exports.publicSettings = async function (ctx) {
const db = getGlobalDBFromCtx(ctx) const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try { try {
// Find the config with the most granular scope based on context // Find the config with the most granular scope based on context
@ -218,8 +218,9 @@ exports.destroy = async function (ctx) {
} }
exports.configChecklist = async function (ctx) { exports.configChecklist = async function (ctx) {
const tenantId = getTenantIdFromCtx(ctx) // include the query string only for a select few endpoints
const db = getGlobalDBFromCtx(ctx) const tenantId = getTenantIdFromCtx(ctx, { includeQuery: true })
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try { try {
// TODO: Watch get started video // TODO: Watch get started video