From 9e4ab9054ea67cd284b3c85bd0417618678874af Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 6 Sep 2021 16:01:45 +0100 Subject: [PATCH] Allowing all server endpoints to run without tenant information, as most endpoints in server can be public. --- packages/auth/src/middleware/tenancy.js | 8 +++++-- packages/server/src/api/index.js | 29 ++++++------------------- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/packages/auth/src/middleware/tenancy.js b/packages/auth/src/middleware/tenancy.js index b80b9a6763..68d5051895 100644 --- a/packages/auth/src/middleware/tenancy.js +++ b/packages/auth/src/middleware/tenancy.js @@ -2,12 +2,16 @@ const { setTenantId } = require("../tenancy") const ContextFactory = require("../tenancy/FunctionContext") const { buildMatcherRegex, matches } = require("./matchers") -module.exports = (allowQueryStringPatterns, noTenancyPatterns) => { +module.exports = ( + allowQueryStringPatterns, + noTenancyPatterns, + { noTenancyRequired } +) => { const allowQsOptions = buildMatcherRegex(allowQueryStringPatterns) const noTenancyOptions = buildMatcherRegex(noTenancyPatterns) return ContextFactory.getMiddleware(ctx => { - const allowNoTenant = !!matches(ctx, noTenancyOptions) + const allowNoTenant = noTenancyRequired || !!matches(ctx, noTenancyOptions) const allowQs = !!matches(ctx, allowQsOptions) setTenantId(ctx, { allowQs, allowNoTenant }) }) diff --git a/packages/server/src/api/index.js b/packages/server/src/api/index.js index 6b81fb229b..24567b54a6 100644 --- a/packages/server/src/api/index.js +++ b/packages/server/src/api/index.js @@ -10,27 +10,6 @@ const env = require("../environment") const router = new Router() -const NO_TENANCY_ENDPOINTS = [ - { - route: "/api/analytics", - method: "GET", - }, - { - route: "/builder", - method: "GET", - }, - // when using this locally there can be pass through, need - // to allow all pass through endpoints to go without tenancy - { - route: "/api/global", - method: "ALL", - }, - { - route: "/api/system", - method: "ALL", - }, -] - router .use( compress({ @@ -61,7 +40,13 @@ router }) ) // nothing in the server should allow query string tenants - .use(buildTenancyMiddleware(null, NO_TENANCY_ENDPOINTS)) + // the server can be public anywhere, so nowhere should throw errors + // if the tenancy has not been set, it'll have to be discovered at application layer + .use( + buildTenancyMiddleware(null, null, { + noTenancyRequired: true, + }) + ) .use(currentApp) .use(auditLog)