MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Limiting use of query string to a few select endpoints for determining tenant ID.

This commit is contained in:
mike12345567 2021-07-27 18:02:59 +01:00
parent 35f1b50511
commit 5dfeb9b3ca
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/auth/src/db/utils.js
View File

@ -92,21 +92,24 @@ exports.getGlobalDB = tenantId => {
/**
* Given a koa context this tries to extra what tenant is being accessed.
*/
exports.getTenantIdFromCtx = ctx => {
exports.getTenantIdFromCtx = (ctx, opts = { includeQuery: false }) => {
if (!ctx) {
return null
}
const user = ctx.user || {}
const params = ctx.request.params || {}
const query = ctx.request.query || {}
let query = {}
if (opts && opts.includeQuery) {
query = ctx.request.query || {}
}
return user.tenantId || params.tenantId || query.tenantId
}
/**
* Given a koa context this tries to find the correct tenant Global DB.
*/
exports.getGlobalDBFromCtx = ctx => {
const tenantId = exports.getTenantIdFromCtx(ctx)
exports.getGlobalDBFromCtx = (ctx, opts) => {
const tenantId = exports.getTenantIdFromCtx(ctx, opts)
return exports.getGlobalDB(tenantId)
}

9
packages/worker/src/api/controllers/global/configs.js
View File

@ -99,7 +99,7 @@ exports.find = async function (ctx) {
}
exports.publicOidc = async function (ctx) {
const db = getGlobalDBFromCtx(ctx)
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try {
// Find the config with the most granular scope based on context
const oidcConfig = await getScopedFullConfig(db, {
@ -121,7 +121,7 @@ exports.publicOidc = async function (ctx) {
}
exports.publicSettings = async function (ctx) {
const db = getGlobalDBFromCtx(ctx)
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try {
// Find the config with the most granular scope based on context
@ -218,8 +218,9 @@ exports.destroy = async function (ctx) {
}
exports.configChecklist = async function (ctx) {
const tenantId = getTenantIdFromCtx(ctx)
const db = getGlobalDBFromCtx(ctx)
// include the query string only for a select few endpoints
const tenantId = getTenantIdFromCtx(ctx, { includeQuery: true })
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try {
// TODO: Watch get started video