From ae8dd1ec786f959d8f8b6784f8801a7590017c1c Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 29 Mar 2021 17:32:05 +0100 Subject: [PATCH] Removing use of the , replacing to ctx.appId to make it clear appId not part of the auth. --- packages/server/src/api/controllers/auth.js | 2 +- .../server/src/api/controllers/automation.js | 40 ++++++++++++------- .../server/src/api/controllers/datasource.js | 8 ++-- .../src/api/controllers/deploy/index.js | 6 +-- packages/server/src/api/controllers/layout.js | 4 +- packages/server/src/api/controllers/query.js | 12 +++--- packages/server/src/api/controllers/role.js | 8 ++-- packages/server/src/api/controllers/row.js | 20 +++++----- packages/server/src/api/controllers/screen.js | 6 +-- .../src/api/controllers/search/index.js | 2 +- .../src/api/controllers/static/index.js | 6 +-- .../server/src/api/controllers/table/index.js | 8 ++-- .../server/src/api/controllers/table/utils.js | 7 ++-- packages/server/src/api/controllers/user.js | 13 +++--- .../server/src/api/controllers/view/index.js | 8 ++-- .../server/src/api/controllers/webhook.js | 8 ++-- .../server/src/api/routes/tests/misc.spec.js | 10 +++-- .../server/src/middleware/authenticated.js | 4 +- packages/server/src/middleware/usageQuota.js | 2 +- packages/server/src/utilities/bcrypt.js | 2 + 20 files changed, 96 insertions(+), 80 deletions(-) diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js index fc486bcb50..fab46bd05e 100644 --- a/packages/server/src/api/controllers/auth.js +++ b/packages/server/src/api/controllers/auth.js @@ -48,7 +48,7 @@ exports.authenticate = async ctx => { // if in prod add the user api key, unless self hosted /* istanbul ignore next */ if (env.isProd() && !env.SELF_HOSTED) { - const { apiKey } = await getAPIKey(ctx.user.appId) + const { apiKey } = await getAPIKey(ctx.appId) payload.apiKey = apiKey } diff --git a/packages/server/src/api/controllers/automation.js b/packages/server/src/api/controllers/automation.js index df17371f92..d3ed836bc9 100644 --- a/packages/server/src/api/controllers/automation.js +++ b/packages/server/src/api/controllers/automation.js @@ -34,13 +34,14 @@ function cleanAutomationInputs(automation) { /** * This function handles checking if any webhooks need to be created or deleted for automations. + * @param {string} appId The ID of the app in which we are checking for webhooks * @param {object} user The user object, including all auth info * @param {object|undefined} oldAuto The old automation object if updating/deleting * @param {object|undefined} newAuto The new automation object if creating/updating * @returns {Promise} After this is complete the new automation object may have been updated and should be * written to DB (this does not write to DB as it would be wasteful to repeat). */ -async function checkForWebhooks({ user, oldAuto, newAuto }) { +async function checkForWebhooks({ appId, user, oldAuto, newAuto }) { const oldTrigger = oldAuto ? oldAuto.definition.trigger : null const newTrigger = newAuto ? newAuto.definition.trigger : null function isWebhookTrigger(auto) { @@ -56,7 +57,7 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) { !isWebhookTrigger(newAuto) && oldTrigger.webhookId ) { - let db = new CouchDB(user.appId) + let db = new CouchDB(appId) // need to get the webhook to get the rev const webhook = await db.get(oldTrigger.webhookId) const ctx = { @@ -86,17 +87,17 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) { const id = ctx.body.webhook._id newTrigger.webhookId = id newTrigger.inputs = { - schemaUrl: `api/webhooks/schema/${user.appId}/${id}`, - triggerUrl: `api/webhooks/trigger/${user.appId}/${id}`, + schemaUrl: `api/webhooks/schema/${appId}/${id}`, + triggerUrl: `api/webhooks/trigger/${appId}/${id}`, } } return newAuto } exports.create = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) let automation = ctx.request.body - automation.appId = ctx.user.appId + automation.appId = ctx.appId // call through to update if already exists if (automation._id && automation._rev) { @@ -107,7 +108,11 @@ exports.create = async function(ctx) { automation.type = "automation" automation = cleanAutomationInputs(automation) - automation = await checkForWebhooks({ user: ctx.user, newAuto: automation }) + automation = await checkForWebhooks({ + appId: ctx.appId, + user: ctx.user, + newAuto: automation, + }) const response = await db.put(automation) automation._rev = response.rev @@ -122,12 +127,13 @@ exports.create = async function(ctx) { } exports.update = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) let automation = ctx.request.body - automation.appId = ctx.user.appId + automation.appId = ctx.appId const oldAutomation = await db.get(automation._id) automation = cleanAutomationInputs(automation) automation = await checkForWebhooks({ + appId: ctx.appId, user: ctx.user, oldAuto: oldAutomation, newAuto: automation, @@ -147,7 +153,7 @@ exports.update = async function(ctx) { } exports.fetch = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const response = await db.allDocs( getAutomationParams(null, { include_docs: true, @@ -157,14 +163,18 @@ exports.fetch = async function(ctx) { } exports.find = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) ctx.body = await db.get(ctx.params.id) } exports.destroy = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const oldAutomation = await db.get(ctx.params.id) - await checkForWebhooks({ user: ctx.user, oldAuto: oldAutomation }) + await checkForWebhooks({ + appId: ctx.appId, + user: ctx.user, + oldAuto: oldAutomation, + }) ctx.body = await db.remove(ctx.params.id, ctx.params.rev) } @@ -195,11 +205,11 @@ module.exports.getDefinitionList = async function(ctx) { *********************/ exports.trigger = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) let automation = await db.get(ctx.params.id) await triggers.externalTrigger(automation, { ...ctx.request.body, - appId: ctx.user.appId, + appId: ctx.appId, }) ctx.status = 200 ctx.body = { diff --git a/packages/server/src/api/controllers/datasource.js b/packages/server/src/api/controllers/datasource.js index 678c56a14c..b5a207dbbe 100644 --- a/packages/server/src/api/controllers/datasource.js +++ b/packages/server/src/api/controllers/datasource.js @@ -6,7 +6,7 @@ const { } = require("../../db/utils") exports.fetch = async function(ctx) { - const database = new CouchDB(ctx.user.appId) + const database = new CouchDB(ctx.appId) ctx.body = ( await database.allDocs( getDatasourceParams(null, { @@ -17,7 +17,7 @@ exports.fetch = async function(ctx) { } exports.save = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const datasource = { _id: generateDatasourceID(), @@ -34,7 +34,7 @@ exports.save = async function(ctx) { } exports.destroy = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) // Delete all queries for the datasource const rows = await db.allDocs(getQueryParams(ctx.params.datasourceId, null)) @@ -48,6 +48,6 @@ exports.destroy = async function(ctx) { } exports.find = async function(ctx) { - const database = new CouchDB(ctx.user.appId) + const database = new CouchDB(ctx.appId) ctx.body = await database.get(ctx.params.datasourceId) } diff --git a/packages/server/src/api/controllers/deploy/index.js b/packages/server/src/api/controllers/deploy/index.js index 026ce5c85b..490fb3c72e 100644 --- a/packages/server/src/api/controllers/deploy/index.js +++ b/packages/server/src/api/controllers/deploy/index.js @@ -93,7 +93,7 @@ async function deployApp(deployment) { exports.fetchDeployments = async function(ctx) { try { - const db = new PouchDB(ctx.user.appId) + const db = new PouchDB(ctx.appId) const deploymentDoc = await db.get("_local/deployments") const { updated, deployments } = await checkAllDeployments( deploymentDoc, @@ -110,7 +110,7 @@ exports.fetchDeployments = async function(ctx) { exports.deploymentProgress = async function(ctx) { try { - const db = new PouchDB(ctx.user.appId) + const db = new PouchDB(ctx.appId) const deploymentDoc = await db.get("_local/deployments") ctx.body = deploymentDoc[ctx.params.deploymentId] } catch (err) { @@ -128,7 +128,7 @@ exports.deployApp = async function(ctx) { hostingInfo.type === HostingTypes.CLOUD ? require("./awsDeploy") : require("./selfDeploy") - let deployment = new Deployment(ctx.user.appId) + let deployment = new Deployment(ctx.appId) deployment.setStatus(DeploymentStatus.PENDING) deployment = await storeLocalDeploymentHistory(deployment) diff --git a/packages/server/src/api/controllers/layout.js b/packages/server/src/api/controllers/layout.js index f270e95bec..86c324d178 100644 --- a/packages/server/src/api/controllers/layout.js +++ b/packages/server/src/api/controllers/layout.js @@ -3,7 +3,7 @@ const CouchDB = require("../../db") const { generateLayoutID, getScreenParams } = require("../../db/utils") exports.save = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) let layout = ctx.request.body if (!layout.props) { @@ -22,7 +22,7 @@ exports.save = async function(ctx) { } exports.destroy = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const layoutId = ctx.params.layoutId, layoutRev = ctx.params.layoutRev diff --git a/packages/server/src/api/controllers/query.js b/packages/server/src/api/controllers/query.js index b9b7c85427..ddf88e925f 100644 --- a/packages/server/src/api/controllers/query.js +++ b/packages/server/src/api/controllers/query.js @@ -28,7 +28,7 @@ function formatResponse(resp) { } exports.fetch = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const body = await db.allDocs( getQueryParams(null, { @@ -39,7 +39,7 @@ exports.fetch = async function(ctx) { } exports.save = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const query = ctx.request.body if (!query._id) { @@ -90,7 +90,7 @@ async function enrichQueryFields(fields, parameters) { } exports.find = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const query = enrichQueries(await db.get(ctx.params.queryId)) // remove properties that could be dangerous in real app if (env.isProd()) { @@ -102,7 +102,7 @@ exports.find = async function(ctx) { } exports.preview = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const datasource = await db.get(ctx.request.body.datasourceId) @@ -130,7 +130,7 @@ exports.preview = async function(ctx) { } exports.execute = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const query = await db.get(ctx.params.queryId) const datasource = await db.get(query.datasourceId) @@ -153,7 +153,7 @@ exports.execute = async function(ctx) { } exports.destroy = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) await db.remove(ctx.params.queryId, ctx.params.revId) ctx.message = `Query deleted.` ctx.status = 200 diff --git a/packages/server/src/api/controllers/role.js b/packages/server/src/api/controllers/role.js index 2c29d1030e..11f81c1219 100644 --- a/packages/server/src/api/controllers/role.js +++ b/packages/server/src/api/controllers/role.js @@ -51,7 +51,7 @@ async function updateRolesOnUserTable(db, roleId, updateOption) { } exports.fetch = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const body = await db.allDocs( getRoleParams(null, { include_docs: true, @@ -79,11 +79,11 @@ exports.fetch = async function(ctx) { } exports.find = async function(ctx) { - ctx.body = await getRole(ctx.user.appId, ctx.params.roleId) + ctx.body = await getRole(ctx.appId, ctx.params.roleId) } exports.save = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) let { _id, name, inherits, permissionId } = ctx.request.body if (!_id) { _id = generateRoleID() @@ -104,7 +104,7 @@ exports.save = async function(ctx) { } exports.destroy = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const roleId = ctx.params.roleId if (isBuiltin(roleId)) { ctx.throw(400, "Cannot delete builtin role.") diff --git a/packages/server/src/api/controllers/row.js b/packages/server/src/api/controllers/row.js index 7540cc1894..fe293e9318 100644 --- a/packages/server/src/api/controllers/row.js +++ b/packages/server/src/api/controllers/row.js @@ -60,7 +60,7 @@ async function findRow(db, appId, tableId, rowId) { } exports.patch = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) let dbRow = await db.get(ctx.params.rowId) let dbTable = await db.get(dbRow.tableId) @@ -121,7 +121,7 @@ exports.patch = async function(ctx) { } exports.save = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) let inputs = ctx.request.body inputs.tableId = ctx.params.tableId @@ -197,7 +197,7 @@ exports.save = async function(ctx) { } exports.fetchView = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const viewName = ctx.params.viewName // if this is a table view being looked for just transfer to that @@ -256,7 +256,7 @@ exports.fetchView = async function(ctx) { } exports.search = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) const { query, @@ -303,7 +303,7 @@ exports.search = async function(ctx) { } exports.fetchTableRows = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) // special case for users, fetch through the user controller @@ -324,7 +324,7 @@ exports.fetchTableRows = async function(ctx) { } exports.find = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) try { const table = await db.get(ctx.params.tableId) @@ -336,7 +336,7 @@ exports.find = async function(ctx) { } exports.destroy = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) const row = await db.get(ctx.params.rowId) if (row.tableId !== ctx.params.tableId) { @@ -358,7 +358,7 @@ exports.destroy = async function(ctx) { exports.validate = async function(ctx) { const errors = await validate({ - appId: ctx.user.appId, + appId: ctx.appId, tableId: ctx.params.tableId, row: ctx.request.body, }) @@ -388,7 +388,7 @@ async function validate({ appId, tableId, row, table }) { } exports.fetchEnrichedRow = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) const tableId = ctx.params.tableId const rowId = ctx.params.rowId @@ -433,7 +433,7 @@ exports.fetchEnrichedRow = async function(ctx) { } async function bulkDelete(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const { rows } = ctx.request.body const db = new CouchDB(appId) diff --git a/packages/server/src/api/controllers/screen.js b/packages/server/src/api/controllers/screen.js index 8f9baa8172..6095d00c95 100644 --- a/packages/server/src/api/controllers/screen.js +++ b/packages/server/src/api/controllers/screen.js @@ -3,7 +3,7 @@ const { getScreenParams, generateScreenID } = require("../../db/utils") const { AccessController } = require("../../utilities/security/roles") exports.fetch = async ctx => { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) const screens = ( @@ -21,7 +21,7 @@ exports.fetch = async ctx => { } exports.save = async ctx => { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) let screen = ctx.request.body @@ -39,7 +39,7 @@ exports.save = async ctx => { } exports.destroy = async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) await db.remove(ctx.params.screenId, ctx.params.screenRev) ctx.body = { message: "Screen deleted successfully", diff --git a/packages/server/src/api/controllers/search/index.js b/packages/server/src/api/controllers/search/index.js index 1810f07198..be431b62a7 100644 --- a/packages/server/src/api/controllers/search/index.js +++ b/packages/server/src/api/controllers/search/index.js @@ -2,7 +2,7 @@ const { QueryBuilder, buildSearchUrl, search } = require("./utils") exports.rowSearch = async ctx => { // this can't be done through pouch, have to reach for trusty node-fetch - const appId = ctx.user.appId + const appId = ctx.appId const bookmark = ctx.params.bookmark let url if (ctx.params.query) { diff --git a/packages/server/src/api/controllers/static/index.js b/packages/server/src/api/controllers/static/index.js index 7caf6d0f7f..afb1d908ae 100644 --- a/packages/server/src/api/controllers/static/index.js +++ b/packages/server/src/api/controllers/static/index.js @@ -84,7 +84,7 @@ exports.uploadFile = async function(ctx) { return prepareUpload({ file, - s3Key: `assets/${ctx.user.appId}/attachments/${processedFileName}`, + s3Key: `assets/${ctx.appId}/attachments/${processedFileName}`, bucket: "prod-budi-app-assets", }) }) @@ -120,7 +120,7 @@ exports.serveApp = async function(ctx) { exports.serveAttachment = async function(ctx) { await returnObjectStoreFile( ctx, - join(ctx.user.appId, "attachments", ctx.file) + join(ctx.appId, "attachments", ctx.file) ) } @@ -128,7 +128,7 @@ exports.serveAppAsset = async function(ctx) { if (env.isDev() || env.isTest()) { return send(ctx, ctx.file, { root: budibaseTempDir() }) } - await returnObjectStoreFile(ctx, join(ctx.user.appId, "public", ctx.file)) + await returnObjectStoreFile(ctx, join(ctx.appId, "public", ctx.file)) } exports.serveComponentLibrary = async function(ctx) { diff --git a/packages/server/src/api/controllers/table/index.js b/packages/server/src/api/controllers/table/index.js index 4cb1d16146..995ba8f72c 100644 --- a/packages/server/src/api/controllers/table/index.js +++ b/packages/server/src/api/controllers/table/index.js @@ -10,7 +10,7 @@ const { FieldTypes } = require("../../../constants") const { TableSaveFunctions } = require("./utils") exports.fetch = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const body = await db.allDocs( getTableParams(null, { include_docs: true, @@ -20,12 +20,12 @@ exports.fetch = async function(ctx) { } exports.find = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) ctx.body = await db.get(ctx.params.id) } exports.save = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) const { dataImport, ...rest } = ctx.request.body let tableToSave = { @@ -127,7 +127,7 @@ exports.save = async function(ctx) { } exports.destroy = async function(ctx) { - const appId = ctx.user.appId + const appId = ctx.appId const db = new CouchDB(appId) const tableToDelete = await db.get(ctx.params.tableId) diff --git a/packages/server/src/api/controllers/table/utils.js b/packages/server/src/api/controllers/table/utils.js index 66b3651ccf..0302ca18a3 100644 --- a/packages/server/src/api/controllers/table/utils.js +++ b/packages/server/src/api/controllers/table/utils.js @@ -57,8 +57,8 @@ exports.makeSureTableUpToDate = (table, tableToSave) => { return tableToSave } -exports.handleDataImport = async (user, table, dataImport) => { - const db = new CouchDB(user.appId) +exports.handleDataImport = async (appId, user, table, dataImport) => { + const db = new CouchDB(appId) if (dataImport && dataImport.csvString) { // Populate the table with rows imported from CSV in a bulk update const data = await csvParser.transform(dataImport) @@ -152,7 +152,7 @@ class TableSaveFunctions { this.db = db this.ctx = ctx if (this.ctx && this.ctx.user) { - this.appId = this.ctx.user.appId + this.appId = this.ctx.appId } this.oldTable = oldTable this.dataImport = dataImport @@ -184,6 +184,7 @@ class TableSaveFunctions { async after(table) { table = await exports.handleSearchIndexes(this.appId, table) table = await exports.handleDataImport( + this.appId, this.ctx.user, table, this.dataImport diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js index 3dd28284be..d9a4af9719 100644 --- a/packages/server/src/api/controllers/user.js +++ b/packages/server/src/api/controllers/user.js @@ -5,7 +5,7 @@ const { getRole } = require("../../utilities/security/roles") const { UserStatus } = require("../../constants") exports.fetch = async function(ctx) { - const database = new CouchDB(ctx.user.appId) + const database = new CouchDB(ctx.appId) const users = ( await database.allDocs( getUserParams(null, { @@ -20,15 +20,16 @@ exports.fetch = async function(ctx) { ctx.body = users } +// TODO: need to replace this with something that purely manages metadata exports.create = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const { email, password, roleId } = ctx.request.body if (!email || !password) { ctx.throw(400, "email and Password Required.") } - const role = await getRole(ctx.user.appId, roleId) + const role = await getRole(ctx.appId, roleId) if (!role) ctx.throw(400, "Invalid Role") @@ -67,7 +68,7 @@ exports.create = async function(ctx) { } exports.update = async function(ctx) { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const user = ctx.request.body let dbUser if (user.email && !user._id) { @@ -94,7 +95,7 @@ exports.update = async function(ctx) { } exports.destroy = async function(ctx) { - const database = new CouchDB(ctx.user.appId) + const database = new CouchDB(ctx.appId) await database.destroy(generateUserID(ctx.params.email)) ctx.body = { message: `User ${ctx.params.email} deleted.`, @@ -103,7 +104,7 @@ exports.destroy = async function(ctx) { } exports.find = async function(ctx) { - const database = new CouchDB(ctx.user.appId) + const database = new CouchDB(ctx.appId) let lookup = ctx.params.email ? generateUserID(ctx.params.email) : ctx.params.userId diff --git a/packages/server/src/api/controllers/view/index.js b/packages/server/src/api/controllers/view/index.js index 0f6f008a1b..3d0f236fce 100644 --- a/packages/server/src/api/controllers/view/index.js +++ b/packages/server/src/api/controllers/view/index.js @@ -7,7 +7,7 @@ const { ViewNames } = require("../../../db/utils") const controller = { fetch: async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const designDoc = await db.get("_design/database") const response = [] @@ -25,7 +25,7 @@ const controller = { ctx.body = response }, save: async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const { originalName, ...viewToSave } = ctx.request.body const designDoc = await db.get("_design/database") const view = viewTemplate(viewToSave) @@ -66,7 +66,7 @@ const controller = { } }, destroy: async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const designDoc = await db.get("_design/database") const viewName = decodeURI(ctx.params.viewName) const view = designDoc.views[viewName] @@ -81,7 +81,7 @@ const controller = { ctx.body = view }, exportView: async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const designDoc = await db.get("_design/database") const viewName = decodeURI(ctx.query.view) diff --git a/packages/server/src/api/controllers/webhook.js b/packages/server/src/api/controllers/webhook.js index 5b76f86190..c810f85004 100644 --- a/packages/server/src/api/controllers/webhook.js +++ b/packages/server/src/api/controllers/webhook.js @@ -22,7 +22,7 @@ exports.WebhookType = { } exports.fetch = async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const response = await db.allDocs( getWebhookParams(null, { include_docs: true, @@ -32,9 +32,9 @@ exports.fetch = async ctx => { } exports.save = async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) const webhook = ctx.request.body - webhook.appId = ctx.user.appId + webhook.appId = ctx.appId // check that the webhook exists if (webhook._id) { @@ -51,7 +51,7 @@ exports.save = async ctx => { } exports.destroy = async ctx => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) ctx.body = await db.remove(ctx.params.id, ctx.params.rev) } diff --git a/packages/server/src/api/routes/tests/misc.spec.js b/packages/server/src/api/routes/tests/misc.spec.js index 2957e42d90..f9608c0d49 100644 --- a/packages/server/src/api/routes/tests/misc.spec.js +++ b/packages/server/src/api/routes/tests/misc.spec.js @@ -41,10 +41,12 @@ describe("run misc tests", () => { const dataImport = { csvString: "a,b,c,d\n1,2,3,4" } - await tableUtils.handleDataImport({ - appId: config.getAppId(), - userId: "test", - }, table, dataImport) + await tableUtils.handleDataImport( + config.getAppId(), + { userId: "test" }, + table, + dataImport + ) const rows = await config.getRows() expect(rows[0].a).toEqual("1") expect(rows[0].b).toEqual("2") diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js index 32ed3f63d0..d27b88ae96 100644 --- a/packages/server/src/middleware/authenticated.js +++ b/packages/server/src/middleware/authenticated.js @@ -41,7 +41,6 @@ module.exports = async (ctx, next) => { ctx.auth.authenticated = false ctx.appId = appId ctx.user = { - appId, role: builtinRoles.PUBLIC, } await next() @@ -55,9 +54,10 @@ module.exports = async (ctx, next) => { ctx.auth.apiKey = jwtPayload.apiKey ctx.user = { ...jwtPayload, - appId: appId, role: await getRole(appId, jwtPayload.roleId), } + // appId no longer carried in user, make sure + delete ctx.user.appId } catch (err) { console.log(err) if (authType === AuthTypes.BUILDER) { diff --git a/packages/server/src/middleware/usageQuota.js b/packages/server/src/middleware/usageQuota.js index 1bc829fbcf..a37f089a65 100644 --- a/packages/server/src/middleware/usageQuota.js +++ b/packages/server/src/middleware/usageQuota.js @@ -27,7 +27,7 @@ function getProperty(url) { } module.exports = async (ctx, next) => { - const db = new CouchDB(ctx.user.appId) + const db = new CouchDB(ctx.appId) let usage = METHOD_MAP[ctx.req.method] const property = getProperty(ctx.req.url) if (usage == null || property == null) { diff --git a/packages/server/src/utilities/bcrypt.js b/packages/server/src/utilities/bcrypt.js index 58a37c06a9..6c52d2c2c7 100644 --- a/packages/server/src/utilities/bcrypt.js +++ b/packages/server/src/utilities/bcrypt.js @@ -1,3 +1,5 @@ +// TODO: REMOVE + const bcrypt = require("bcryptjs") const env = require("../environment")