MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use custom user agent header

This commit is contained in:
Martin McKeaveney 2020-06-03 19:35:04 +01:00
parent 6a8090f69b
commit 94731e017a
2 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/builder/src/builderStore/api.js
View File

@ -3,7 +3,7 @@ const apiCall = method => async (url, body) => {
method: method,
headers: {
"Content-Type": "application/json",
"User-Agent": "Budibase Builder",
"x-user-agent": "Budibase Builder",
},
body: body && JSON.stringify(body),
})

13
packages/server/src/middleware/authenticated.js
View File

@ -15,19 +15,16 @@ module.exports = async (ctx, next) => {
const appToken = ctx.cookies.get("budibase:token")
const builderToken = ctx.cookies.get("builder:token")
const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder"
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
const shouldAuthAsBuilder = isBuilderAgent && builderToken
if (shouldAuthAsBuilder) {
if (builderToken === env.ADMIN_SECRET) {
ctx.isAuthenticated = true
ctx.isBuilder = true
} else {
ctx.isAuthenticated = false
ctx.isBuilder = false
}
const builderTokenValid = builderToken === env.ADMIN_SECRET
ctx.isAuthenticated = builderTokenValid
ctx.isBuilder = builderTokenValid
await next()
return