logic to not use builder:token for apps running in dev
This commit is contained in:
parent
3e9a3ec678
commit
6c2b72dd27
|
@ -3,6 +3,7 @@ const apiCall = method => async (url, body) => {
|
|||
method: method,
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
"User-Agent": "Budibase Builder",
|
||||
},
|
||||
body: body && JSON.stringify(body),
|
||||
})
|
||||
|
@ -14,11 +15,11 @@ const apiCall = method => async (url, body) => {
|
|||
return response
|
||||
}
|
||||
|
||||
const post = apiCall("POST")
|
||||
const get = apiCall("GET")
|
||||
const patch = apiCall("PATCH")
|
||||
const del = apiCall("DELETE")
|
||||
const put = apiCall("PUT")
|
||||
export const post = apiCall("POST")
|
||||
export const get = apiCall("GET")
|
||||
export const patch = apiCall("PATCH")
|
||||
export const del = apiCall("DELETE")
|
||||
export const put = apiCall("PUT")
|
||||
|
||||
export default {
|
||||
post,
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
import { AppsIcon, InfoIcon, CloseIcon } from "components/common/Icons/"
|
||||
import { getContext } from "svelte"
|
||||
import { fade } from "svelte/transition"
|
||||
import { post } from "builderStore/api"
|
||||
|
||||
const { open, close } = getContext("simple-modal")
|
||||
|
||||
|
@ -33,15 +34,7 @@
|
|||
const data = { name, description }
|
||||
loading = true
|
||||
try {
|
||||
const response = await fetch("/api/applications", {
|
||||
method: "POST", // *GET, POST, PUT, DELETE, etc.
|
||||
credentials: "same-origin", // include, *same-origin, omit
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
// 'Content-Type': 'application/x-www-form-urlencoded',
|
||||
},
|
||||
body: JSON.stringify(data), // body data type must match "Content-Type" header
|
||||
})
|
||||
const response = await post("/api/applications", data)
|
||||
|
||||
const res = await response.json()
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
<script>
|
||||
import Modal from "svelte-simple-modal"
|
||||
import { store } from "builderStore"
|
||||
import { get } from "builderStore/api"
|
||||
|
||||
import { fade } from "svelte/transition"
|
||||
import { isActive, goto, layout } from "@sveltech/routify"
|
||||
|
@ -14,7 +15,7 @@
|
|||
let promise = getPackage()
|
||||
|
||||
async function getPackage() {
|
||||
const res = await fetch(`/api/${application}/appPackage`)
|
||||
const res = await get(`/api/${application}/appPackage`)
|
||||
const pkg = await res.json()
|
||||
|
||||
if (res.ok) {
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
import { onMount } from "svelte"
|
||||
import ActionButton from "components/common/ActionButton.svelte"
|
||||
import IconButton from "components/common/IconButton.svelte"
|
||||
|
||||
import { get } from "builderStore/api"
|
||||
import Spinner from "components/common/Spinner.svelte"
|
||||
import CreateAppModal from "components/start/CreateAppModal.svelte"
|
||||
|
||||
let promise = getApps()
|
||||
|
||||
async function getApps() {
|
||||
const res = await fetch(`/api/applications`)
|
||||
const res = await get("/api/applications")
|
||||
const json = await res.json()
|
||||
|
||||
if (res.ok) {
|
||||
|
|
|
@ -13,23 +13,34 @@ module.exports = async (ctx, next) => {
|
|||
return
|
||||
}
|
||||
|
||||
if (ctx.cookies.get("builder:token") === env.ADMIN_SECRET) {
|
||||
const appToken = ctx.cookies.get("budibase:token")
|
||||
const builderToken = ctx.cookies.get("builder:token")
|
||||
const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
|
||||
|
||||
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
|
||||
const shouldAuthAsBuilder = isBuilderAgent && builderToken
|
||||
|
||||
if (shouldAuthAsBuilder) {
|
||||
if (builderToken === env.ADMIN_SECRET) {
|
||||
ctx.isAuthenticated = true
|
||||
ctx.isBuilder = true
|
||||
} else {
|
||||
ctx.isAuthenticated = false
|
||||
ctx.isBuilder = false
|
||||
}
|
||||
|
||||
await next()
|
||||
return
|
||||
}
|
||||
|
||||
const token = ctx.cookies.get("budibase:token")
|
||||
|
||||
if (!token) {
|
||||
if (!appToken) {
|
||||
ctx.isAuthenticated = false
|
||||
await next()
|
||||
return
|
||||
}
|
||||
|
||||
try {
|
||||
const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
|
||||
const jwtPayload = jwt.verify(appToken, ctx.config.jwtSecret)
|
||||
|
||||
ctx.user = {
|
||||
...jwtPayload,
|
||||
|
|
Loading…
Reference in New Issue