Merge branch 'master' of github.com:Budibase/budibase into fix/massive-attachment-export

This commit is contained in:
mike12345567 2023-12-04 18:08:59 +00:00
commit 7e4a9016a8
3 changed files with 35 additions and 20 deletions

View File

@ -109,7 +109,7 @@ export async function doWithLock<T>(
): Promise<RedlockExecution<T>> { ): Promise<RedlockExecution<T>> {
const redlock = await getClient(opts.type, opts.customOptions) const redlock = await getClient(opts.type, opts.customOptions)
let lock: Redlock.Lock | undefined let lock: Redlock.Lock | undefined
let timeout: NodeJS.Timeout | undefined let timeout
try { try {
const name = getLockName(opts) const name = getLockName(opts)

View File

@ -93,11 +93,19 @@ export const getTenantIDFromCtx = (
// subdomain // subdomain
if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) { if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
// e.g. budibase.app or local.com:10000 // e.g. budibase.app or local.com:10000
const platformHost = new URL(getPlatformURL()).host.split(":")[0] let platformHost
try {
platformHost = new URL(getPlatformURL()).host.split(":")[0]
} catch (err: any) {
// if invalid URL, just don't try to process subdomain
if (err.code !== "ERR_INVALID_URL") {
throw err
}
}
// e.g. tenant.budibase.app or tenant.local.com // e.g. tenant.budibase.app or tenant.local.com
const requestHost = ctx.host const requestHost = ctx.host
// parse the tenant id from the difference // parse the tenant id from the difference
if (requestHost.includes(platformHost)) { if (platformHost && requestHost.includes(platformHost)) {
const tenantId = requestHost.substring( const tenantId = requestHost.substring(
0, 0,
requestHost.indexOf(`.${platformHost}`) requestHost.indexOf(`.${platformHost}`)

View File

@ -5,6 +5,7 @@ import {
tenancy, tenancy,
context, context,
users, users,
auth,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { generateUserMetadataID, isDevAppID } from "../db/utils" import { generateUserMetadataID, isDevAppID } from "../db/utils"
import { getCachedSelf } from "../utilities/global" import { getCachedSelf } from "../utilities/global"
@ -69,28 +70,34 @@ export default async (ctx: UserCtx, next: any) => {
return next() return next()
} }
return context.doInAppContext(appId, async () => { const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined
// if the user not in the right tenant then make sure they have no permissions
// need to judge this only based on the request app ID, // if the user is not in the right tenant then make sure to wipe their cookie
// also cleanse any information about them that has been allocated
// this avoids apps making calls to say the worker which are cross tenant,
// we simply remove the authentication
if ( if (
env.MULTI_TENANCY && env.MULTI_TENANCY &&
ctx.user?._id && userId &&
requestAppId && requestAppId &&
!tenancy.isUserInAppTenant(requestAppId, ctx.user) !tenancy.isUserInAppTenant(requestAppId, ctx.user)
) { ) {
// don't error, simply remove the users rights (they are a public user) // clear out the user
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
ctx.isAuthenticated = false ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
// remove the cookie, so future calls are public
await auth.platformLogout({
ctx,
userId,
})
} }
return context.doInAppContext(appId, async () => {
ctx.appId = appId ctx.appId = appId
if (roleId) { if (roleId) {
ctx.roleId = roleId ctx.roleId = roleId
const globalId = ctx.user ? ctx.user._id : undefined const globalId = ctx.user ? ctx.user._id : undefined
const userId = ctx.user
? generateUserMetadataID(ctx.user._id!)
: undefined
ctx.user = { ctx.user = {
...ctx.user!, ...ctx.user!,
// override userID with metadata one // override userID with metadata one