From a68abf2730bb8e869bdccbad0badd4245562899d Mon Sep 17 00:00:00 2001 From: Rory Powell Date: Wed, 23 Mar 2022 16:45:06 +0000 Subject: [PATCH] Fix cross tenant apps with session --- hosting/nginx.dev.conf.hbs | 3 +- hosting/nginx.prod.conf.hbs | 1 - packages/backend-core/src/utils.js | 44 +- packages/client/stats.html | 2 +- .../src/api/controllers/static/index.js | 20 +- packages/server/src/api/routes/static.js | 3 +- packages/server/src/definitions/openapi.ts | 944 ++++++------- packages/server/src/middleware/currentapp.js | 4 +- packages/server/src/middleware/publicApi.js | 4 +- packages/server/yarn.lock | 1074 +++------------ packages/worker/yarn.lock | 1181 +---------------- 11 files changed, 725 insertions(+), 2555 deletions(-) diff --git a/hosting/nginx.dev.conf.hbs b/hosting/nginx.dev.conf.hbs index 441fffa9f7..9fc2345fb2 100644 --- a/hosting/nginx.dev.conf.hbs +++ b/hosting/nginx.dev.conf.hbs @@ -52,9 +52,8 @@ http { proxy_pass http://{{ address }}:4001; } - location /app/ { + location /app { proxy_pass http://{{ address }}:4001; - rewrite ^/app/(.*)$ /$1 break; } location /builder { diff --git a/hosting/nginx.prod.conf.hbs b/hosting/nginx.prod.conf.hbs index f3009baf40..0f3a41929b 100644 --- a/hosting/nginx.prod.conf.hbs +++ b/hosting/nginx.prod.conf.hbs @@ -62,7 +62,6 @@ http { location /app { proxy_pass http://$apps:4002; - rewrite ^/app/(.*)$ /$1 break; } location = / { diff --git a/packages/backend-core/src/utils.js b/packages/backend-core/src/utils.js index 4183fa64d5..8909f62995 100644 --- a/packages/backend-core/src/utils.js +++ b/packages/backend-core/src/utils.js @@ -3,6 +3,7 @@ const { SEPARATOR, ViewNames, generateGlobalUserID, + getAllApps, } = require("./db/utils") const jwt = require("jsonwebtoken") const { options } = require("./middleware/passport/jwt") @@ -20,8 +21,10 @@ const { hash } = require("./hashing") const userCache = require("./cache/user") const env = require("./environment") const { getUserSessions, invalidateSessions } = require("./security/sessions") +const tenancy = require("./tenancy") const APP_PREFIX = DocumentTypes.APP + SEPARATOR +const PROD_APP_PREFIX = "/app/" function confirmAppId(possibleAppId) { return possibleAppId && possibleAppId.startsWith(APP_PREFIX) @@ -29,16 +32,35 @@ function confirmAppId(possibleAppId) { : undefined } +async function resolveAppUrl(ctx) { + const appUrl = ctx.path.split("/")[2] + let possibleAppUrl = `/${appUrl.toLowerCase()}` + + let tenantId = tenancy.getTenantId() + if (!env.SELF_HOSTED && ctx.subdomains.length) { + // always use the tenant id from the url in cloud + tenantId = ctx.subdomains[0] + } + + // search prod apps for a url that matches + const apps = await tenancy.doInTenant(tenantId, () => + getAllApps({ dev: false }) + ) + const app = apps.filter( + a => a.url && a.url.toLowerCase() === possibleAppUrl + )[0] + + return app && app.appId ? app.appId : undefined +} + /** * Given a request tries to find the appId, which can be located in various places * @param {object} ctx The main request body to look through. * @returns {string|undefined} If an appId was found it will be returned. */ -exports.getAppId = ctx => { - const options = [ctx.headers[Headers.APP_ID], ctx.params.appId] - if (ctx.subdomains) { - options.push(ctx.subdomains[1]) - } +exports.getAppIdFromCtx = async ctx => { + // look in headers + const options = [ctx.headers[Headers.APP_ID]] let appId for (let option of options) { appId = confirmAppId(option) @@ -47,16 +69,24 @@ exports.getAppId = ctx => { } } - // look in body if can't find it in subdomain + // look in body if (!appId && ctx.request.body && ctx.request.body.appId) { appId = confirmAppId(ctx.request.body.appId) } + + // look in the url - dev app let appPath = ctx.request.headers.referrer || ctx.path.split("/").filter(subPath => subPath.startsWith(APP_PREFIX)) - if (!appId && appPath.length !== 0) { + if (!appId && appPath.length) { appId = confirmAppId(appPath[0]) } + + // look in the url - prod app + if (!appId && ctx.path.startsWith(PROD_APP_PREFIX)) { + appId = confirmAppId(await resolveAppUrl(ctx)) + } + return appId } diff --git a/packages/client/stats.html b/packages/client/stats.html index 546fbaa620..99e666d039 100644 --- a/packages/client/stats.html +++ b/packages/client/stats.html @@ -2669,7 +2669,7 @@ var drawChart = (function (exports) {