logic to not use builder:token for apps running in dev
This commit is contained in:
parent
3e9a3ec678
commit
6c2b72dd27
|
@ -3,6 +3,7 @@ const apiCall = method => async (url, body) => {
|
||||||
method: method,
|
method: method,
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json",
|
"Content-Type": "application/json",
|
||||||
|
"User-Agent": "Budibase Builder",
|
||||||
},
|
},
|
||||||
body: body && JSON.stringify(body),
|
body: body && JSON.stringify(body),
|
||||||
})
|
})
|
||||||
|
@ -14,11 +15,11 @@ const apiCall = method => async (url, body) => {
|
||||||
return response
|
return response
|
||||||
}
|
}
|
||||||
|
|
||||||
const post = apiCall("POST")
|
export const post = apiCall("POST")
|
||||||
const get = apiCall("GET")
|
export const get = apiCall("GET")
|
||||||
const patch = apiCall("PATCH")
|
export const patch = apiCall("PATCH")
|
||||||
const del = apiCall("DELETE")
|
export const del = apiCall("DELETE")
|
||||||
const put = apiCall("PUT")
|
export const put = apiCall("PUT")
|
||||||
|
|
||||||
export default {
|
export default {
|
||||||
post,
|
post,
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
import { AppsIcon, InfoIcon, CloseIcon } from "components/common/Icons/"
|
import { AppsIcon, InfoIcon, CloseIcon } from "components/common/Icons/"
|
||||||
import { getContext } from "svelte"
|
import { getContext } from "svelte"
|
||||||
import { fade } from "svelte/transition"
|
import { fade } from "svelte/transition"
|
||||||
|
import { post } from "builderStore/api"
|
||||||
|
|
||||||
const { open, close } = getContext("simple-modal")
|
const { open, close } = getContext("simple-modal")
|
||||||
|
|
||||||
|
@ -33,15 +34,7 @@
|
||||||
const data = { name, description }
|
const data = { name, description }
|
||||||
loading = true
|
loading = true
|
||||||
try {
|
try {
|
||||||
const response = await fetch("/api/applications", {
|
const response = await post("/api/applications", data)
|
||||||
method: "POST", // *GET, POST, PUT, DELETE, etc.
|
|
||||||
credentials: "same-origin", // include, *same-origin, omit
|
|
||||||
headers: {
|
|
||||||
"Content-Type": "application/json",
|
|
||||||
// 'Content-Type': 'application/x-www-form-urlencoded',
|
|
||||||
},
|
|
||||||
body: JSON.stringify(data), // body data type must match "Content-Type" header
|
|
||||||
})
|
|
||||||
|
|
||||||
const res = await response.json()
|
const res = await response.json()
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
<script>
|
<script>
|
||||||
import Modal from "svelte-simple-modal"
|
import Modal from "svelte-simple-modal"
|
||||||
import { store } from "builderStore"
|
import { store } from "builderStore"
|
||||||
|
import { get } from "builderStore/api"
|
||||||
|
|
||||||
import { fade } from "svelte/transition"
|
import { fade } from "svelte/transition"
|
||||||
import { isActive, goto, layout } from "@sveltech/routify"
|
import { isActive, goto, layout } from "@sveltech/routify"
|
||||||
|
@ -14,7 +15,7 @@
|
||||||
let promise = getPackage()
|
let promise = getPackage()
|
||||||
|
|
||||||
async function getPackage() {
|
async function getPackage() {
|
||||||
const res = await fetch(`/api/${application}/appPackage`)
|
const res = await get(`/api/${application}/appPackage`)
|
||||||
const pkg = await res.json()
|
const pkg = await res.json()
|
||||||
|
|
||||||
if (res.ok) {
|
if (res.ok) {
|
||||||
|
|
|
@ -5,14 +5,14 @@
|
||||||
import { onMount } from "svelte"
|
import { onMount } from "svelte"
|
||||||
import ActionButton from "components/common/ActionButton.svelte"
|
import ActionButton from "components/common/ActionButton.svelte"
|
||||||
import IconButton from "components/common/IconButton.svelte"
|
import IconButton from "components/common/IconButton.svelte"
|
||||||
|
import { get } from "builderStore/api"
|
||||||
import Spinner from "components/common/Spinner.svelte"
|
import Spinner from "components/common/Spinner.svelte"
|
||||||
import CreateAppModal from "components/start/CreateAppModal.svelte"
|
import CreateAppModal from "components/start/CreateAppModal.svelte"
|
||||||
|
|
||||||
let promise = getApps()
|
let promise = getApps()
|
||||||
|
|
||||||
async function getApps() {
|
async function getApps() {
|
||||||
const res = await fetch(`/api/applications`)
|
const res = await get("/api/applications")
|
||||||
const json = await res.json()
|
const json = await res.json()
|
||||||
|
|
||||||
if (res.ok) {
|
if (res.ok) {
|
||||||
|
|
|
@ -13,23 +13,34 @@ module.exports = async (ctx, next) => {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ctx.cookies.get("builder:token") === env.ADMIN_SECRET) {
|
const appToken = ctx.cookies.get("budibase:token")
|
||||||
ctx.isAuthenticated = true
|
const builderToken = ctx.cookies.get("builder:token")
|
||||||
ctx.isBuilder = true
|
const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
|
||||||
|
|
||||||
|
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
|
||||||
|
const shouldAuthAsBuilder = isBuilderAgent && builderToken
|
||||||
|
|
||||||
|
if (shouldAuthAsBuilder) {
|
||||||
|
if (builderToken === env.ADMIN_SECRET) {
|
||||||
|
ctx.isAuthenticated = true
|
||||||
|
ctx.isBuilder = true
|
||||||
|
} else {
|
||||||
|
ctx.isAuthenticated = false
|
||||||
|
ctx.isBuilder = false
|
||||||
|
}
|
||||||
|
|
||||||
await next()
|
await next()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
const token = ctx.cookies.get("budibase:token")
|
if (!appToken) {
|
||||||
|
|
||||||
if (!token) {
|
|
||||||
ctx.isAuthenticated = false
|
ctx.isAuthenticated = false
|
||||||
await next()
|
await next()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
|
const jwtPayload = jwt.verify(appToken, ctx.config.jwtSecret)
|
||||||
|
|
||||||
ctx.user = {
|
ctx.user = {
|
||||||
...jwtPayload,
|
...jwtPayload,
|
||||||
|
|
Loading…
Reference in New Issue