logic to not use builder:token for apps running in dev

This commit is contained in:
Michael Shanks 2020-06-03 17:05:36 +01:00
parent 3e9a3ec678
commit 6c2b72dd27
5 changed files with 30 additions and 24 deletions

View File

@ -3,6 +3,7 @@ const apiCall = method => async (url, body) => {
method: method, method: method,
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
"User-Agent": "Budibase Builder",
}, },
body: body && JSON.stringify(body), body: body && JSON.stringify(body),
}) })
@ -14,11 +15,11 @@ const apiCall = method => async (url, body) => {
return response return response
} }
const post = apiCall("POST") export const post = apiCall("POST")
const get = apiCall("GET") export const get = apiCall("GET")
const patch = apiCall("PATCH") export const patch = apiCall("PATCH")
const del = apiCall("DELETE") export const del = apiCall("DELETE")
const put = apiCall("PUT") export const put = apiCall("PUT")
export default { export default {
post, post,

View File

@ -5,6 +5,7 @@
import { AppsIcon, InfoIcon, CloseIcon } from "components/common/Icons/" import { AppsIcon, InfoIcon, CloseIcon } from "components/common/Icons/"
import { getContext } from "svelte" import { getContext } from "svelte"
import { fade } from "svelte/transition" import { fade } from "svelte/transition"
import { post } from "builderStore/api"
const { open, close } = getContext("simple-modal") const { open, close } = getContext("simple-modal")
@ -33,15 +34,7 @@
const data = { name, description } const data = { name, description }
loading = true loading = true
try { try {
const response = await fetch("/api/applications", { const response = await post("/api/applications", data)
method: "POST", // *GET, POST, PUT, DELETE, etc.
credentials: "same-origin", // include, *same-origin, omit
headers: {
"Content-Type": "application/json",
// 'Content-Type': 'application/x-www-form-urlencoded',
},
body: JSON.stringify(data), // body data type must match "Content-Type" header
})
const res = await response.json() const res = await response.json()

View File

@ -1,6 +1,7 @@
<script> <script>
import Modal from "svelte-simple-modal" import Modal from "svelte-simple-modal"
import { store } from "builderStore" import { store } from "builderStore"
import { get } from "builderStore/api"
import { fade } from "svelte/transition" import { fade } from "svelte/transition"
import { isActive, goto, layout } from "@sveltech/routify" import { isActive, goto, layout } from "@sveltech/routify"
@ -14,7 +15,7 @@
let promise = getPackage() let promise = getPackage()
async function getPackage() { async function getPackage() {
const res = await fetch(`/api/${application}/appPackage`) const res = await get(`/api/${application}/appPackage`)
const pkg = await res.json() const pkg = await res.json()
if (res.ok) { if (res.ok) {

View File

@ -5,14 +5,14 @@
import { onMount } from "svelte" import { onMount } from "svelte"
import ActionButton from "components/common/ActionButton.svelte" import ActionButton from "components/common/ActionButton.svelte"
import IconButton from "components/common/IconButton.svelte" import IconButton from "components/common/IconButton.svelte"
import { get } from "builderStore/api"
import Spinner from "components/common/Spinner.svelte" import Spinner from "components/common/Spinner.svelte"
import CreateAppModal from "components/start/CreateAppModal.svelte" import CreateAppModal from "components/start/CreateAppModal.svelte"
let promise = getApps() let promise = getApps()
async function getApps() { async function getApps() {
const res = await fetch(`/api/applications`) const res = await get("/api/applications")
const json = await res.json() const json = await res.json()
if (res.ok) { if (res.ok) {

View File

@ -13,23 +13,34 @@ module.exports = async (ctx, next) => {
return return
} }
if (ctx.cookies.get("builder:token") === env.ADMIN_SECRET) { const appToken = ctx.cookies.get("budibase:token")
ctx.isAuthenticated = true const builderToken = ctx.cookies.get("builder:token")
ctx.isBuilder = true const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
const shouldAuthAsBuilder = isBuilderAgent && builderToken
if (shouldAuthAsBuilder) {
if (builderToken === env.ADMIN_SECRET) {
ctx.isAuthenticated = true
ctx.isBuilder = true
} else {
ctx.isAuthenticated = false
ctx.isBuilder = false
}
await next() await next()
return return
} }
const token = ctx.cookies.get("budibase:token") if (!appToken) {
if (!token) {
ctx.isAuthenticated = false ctx.isAuthenticated = false
await next() await next()
return return
} }
try { try {
const jwtPayload = jwt.verify(token, ctx.config.jwtSecret) const jwtPayload = jwt.verify(appToken, ctx.config.jwtSecret)
ctx.user = { ctx.user = {
...jwtPayload, ...jwtPayload,