Merge pull request #315 from mjashanks/master

Ignore builder:token for apps
This commit is contained in:
Michael Shanks 2020-06-03 17:47:30 +01:00 committed by GitHub
commit a49d383176
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 31 additions and 24 deletions

View File

@ -3,6 +3,7 @@ const apiCall = method => async (url, body) => {
method: method,
headers: {
"Content-Type": "application/json",
"User-Agent": "Budibase Builder",
},
body: body && JSON.stringify(body),
})
@ -14,11 +15,11 @@ const apiCall = method => async (url, body) => {
return response
}
const post = apiCall("POST")
const get = apiCall("GET")
const patch = apiCall("PATCH")
const del = apiCall("DELETE")
const put = apiCall("PUT")
export const post = apiCall("POST")
export const get = apiCall("GET")
export const patch = apiCall("PATCH")
export const del = apiCall("DELETE")
export const put = apiCall("PUT")
export default {
post,

View File

@ -5,6 +5,7 @@
import { AppsIcon, InfoIcon, CloseIcon } from "components/common/Icons/"
import { getContext } from "svelte"
import { fade } from "svelte/transition"
import { post } from "builderStore/api"
const { open, close } = getContext("simple-modal")
@ -33,15 +34,7 @@
const data = { name, description }
loading = true
try {
const response = await fetch("/api/applications", {
method: "POST", // *GET, POST, PUT, DELETE, etc.
credentials: "same-origin", // include, *same-origin, omit
headers: {
"Content-Type": "application/json",
// 'Content-Type': 'application/x-www-form-urlencoded',
},
body: JSON.stringify(data), // body data type must match "Content-Type" header
})
const response = await post("/api/applications", data)
const res = await response.json()

View File

@ -1,6 +1,7 @@
<script>
import Modal from "svelte-simple-modal"
import { store } from "builderStore"
import { get } from "builderStore/api"
import { fade } from "svelte/transition"
import { isActive, goto, layout } from "@sveltech/routify"
@ -14,7 +15,7 @@
let promise = getPackage()
async function getPackage() {
const res = await fetch(`/api/${application}/appPackage`)
const res = await get(`/api/${application}/appPackage`)
const pkg = await res.json()
if (res.ok) {

View File

@ -5,14 +5,14 @@
import { onMount } from "svelte"
import ActionButton from "components/common/ActionButton.svelte"
import IconButton from "components/common/IconButton.svelte"
import { get } from "builderStore/api"
import Spinner from "components/common/Spinner.svelte"
import CreateAppModal from "components/start/CreateAppModal.svelte"
let promise = getApps()
async function getApps() {
const res = await fetch(`/api/applications`)
const res = await get("/api/applications")
const json = await res.json()
if (res.ok) {

View File

@ -22,6 +22,7 @@ exports.supertest = async () => {
exports.defaultHeaders = {
Accept: "application/json",
Cookie: ["builder:token=test-admin-secret"],
"user-agent": "Budibase Builder",
}
exports.createModel = async (request, instanceId, model) => {

View File

@ -13,23 +13,34 @@ module.exports = async (ctx, next) => {
return
}
if (ctx.cookies.get("builder:token") === env.ADMIN_SECRET) {
const appToken = ctx.cookies.get("budibase:token")
const builderToken = ctx.cookies.get("builder:token")
const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
const shouldAuthAsBuilder = isBuilderAgent && builderToken
if (shouldAuthAsBuilder) {
if (builderToken === env.ADMIN_SECRET) {
ctx.isAuthenticated = true
ctx.isBuilder = true
} else {
ctx.isAuthenticated = false
ctx.isBuilder = false
}
await next()
return
}
const token = ctx.cookies.get("budibase:token")
if (!token) {
if (!appToken) {
ctx.isAuthenticated = false
await next()
return
}
try {
const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
const jwtPayload = jwt.verify(appToken, ctx.config.jwtSecret)
ctx.user = {
...jwtPayload,