Removing use of the , replacing to ctx.appId to make it clear appId not part of the auth.

packages/server/src/api/controllers/auth.js

@@ -48,7 +48,7 @@ exports.authenticate = async ctx => {
     // if in prod add the user api key, unless self hosted
     /* istanbul ignore next */
     if (env.isProd() && !env.SELF_HOSTED) {
-      const { apiKey } = await getAPIKey(ctx.user.appId)
+      const { apiKey } = await getAPIKey(ctx.appId)
       payload.apiKey = apiKey
     }
 

packages/server/src/api/controllers/automation.js

@@ -34,13 +34,14 @@ function cleanAutomationInputs(automation) {
 
 /**
  * This function handles checking if any webhooks need to be created or deleted for automations.
+ * @param {string} appId The ID of the app in which we are checking for webhooks
  * @param {object} user The user object, including all auth info
  * @param {object|undefined} oldAuto The old automation object if updating/deleting
  * @param {object|undefined} newAuto The new automation object if creating/updating
  * @returns {Promise<object|undefined>} After this is complete the new automation object may have been updated and should be
  * written to DB (this does not write to DB as it would be wasteful to repeat).
  */
-async function checkForWebhooks({ user, oldAuto, newAuto }) {
+async function checkForWebhooks({ appId, user, oldAuto, newAuto }) {
   const oldTrigger = oldAuto ? oldAuto.definition.trigger : null
   const newTrigger = newAuto ? newAuto.definition.trigger : null
   function isWebhookTrigger(auto) {
@@ -56,7 +57,7 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
     !isWebhookTrigger(newAuto) &&
     oldTrigger.webhookId
   ) {
-    let db = new CouchDB(user.appId)
+    let db = new CouchDB(appId)
     // need to get the webhook to get the rev
     const webhook = await db.get(oldTrigger.webhookId)
     const ctx = {
@@ -86,17 +87,17 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
     const id = ctx.body.webhook._id
     newTrigger.webhookId = id
     newTrigger.inputs = {
-      schemaUrl: `api/webhooks/schema/${user.appId}/${id}`,
+      schemaUrl: `api/webhooks/schema/${appId}/${id}`,
-      triggerUrl: `api/webhooks/trigger/${user.appId}/${id}`,
+      triggerUrl: `api/webhooks/trigger/${appId}/${id}`,
     }
   }
   return newAuto
 }
 
 exports.create = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   let automation = ctx.request.body
-  automation.appId = ctx.user.appId
+  automation.appId = ctx.appId
 
   // call through to update if already exists
   if (automation._id && automation._rev) {
@@ -107,7 +108,11 @@ exports.create = async function(ctx) {
 
   automation.type = "automation"
   automation = cleanAutomationInputs(automation)
-  automation = await checkForWebhooks({ user: ctx.user, newAuto: automation })
+  automation = await checkForWebhooks({
+    appId: ctx.appId,
+    user: ctx.user,
+    newAuto: automation,
+  })
   const response = await db.put(automation)
   automation._rev = response.rev
 
@@ -122,12 +127,13 @@ exports.create = async function(ctx) {
 }
 
 exports.update = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   let automation = ctx.request.body
-  automation.appId = ctx.user.appId
+  automation.appId = ctx.appId
   const oldAutomation = await db.get(automation._id)
   automation = cleanAutomationInputs(automation)
   automation = await checkForWebhooks({
+    appId: ctx.appId,
     user: ctx.user,
     oldAuto: oldAutomation,
     newAuto: automation,
@@ -147,7 +153,7 @@ exports.update = async function(ctx) {
 }
 
 exports.fetch = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const response = await db.allDocs(
     getAutomationParams(null, {
       include_docs: true,
@@ -157,14 +163,18 @@ exports.fetch = async function(ctx) {
 }
 
 exports.find = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   ctx.body = await db.get(ctx.params.id)
 }
 
 exports.destroy = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const oldAutomation = await db.get(ctx.params.id)
-  await checkForWebhooks({ user: ctx.user, oldAuto: oldAutomation })
+  await checkForWebhooks({
+    appId: ctx.appId,
+    user: ctx.user,
+    oldAuto: oldAutomation,
+  })
   ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
 }
 
@@ -195,11 +205,11 @@ module.exports.getDefinitionList = async function(ctx) {
  *********************/
 
 exports.trigger = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   let automation = await db.get(ctx.params.id)
   await triggers.externalTrigger(automation, {
     ...ctx.request.body,
-    appId: ctx.user.appId,
+    appId: ctx.appId,
   })
   ctx.status = 200
   ctx.body = {

packages/server/src/api/controllers/datasource.js

@@ -6,7 +6,7 @@ const {
 } = require("../../db/utils")
 
 exports.fetch = async function(ctx) {
-  const database = new CouchDB(ctx.user.appId)
+  const database = new CouchDB(ctx.appId)
   ctx.body = (
     await database.allDocs(
       getDatasourceParams(null, {
@@ -17,7 +17,7 @@ exports.fetch = async function(ctx) {
 }
 
 exports.save = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
 
   const datasource = {
     _id: generateDatasourceID(),
@@ -34,7 +34,7 @@ exports.save = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
 
   // Delete all queries for the datasource
   const rows = await db.allDocs(getQueryParams(ctx.params.datasourceId, null))
@@ -48,6 +48,6 @@ exports.destroy = async function(ctx) {
 }
 
 exports.find = async function(ctx) {
-  const database = new CouchDB(ctx.user.appId)
+  const database = new CouchDB(ctx.appId)
   ctx.body = await database.get(ctx.params.datasourceId)
 }

packages/server/src/api/controllers/deploy/index.js

@@ -93,7 +93,7 @@ async function deployApp(deployment) {
 
 exports.fetchDeployments = async function(ctx) {
   try {
-    const db = new PouchDB(ctx.user.appId)
+    const db = new PouchDB(ctx.appId)
     const deploymentDoc = await db.get("_local/deployments")
     const { updated, deployments } = await checkAllDeployments(
       deploymentDoc,
@@ -110,7 +110,7 @@ exports.fetchDeployments = async function(ctx) {
 
 exports.deploymentProgress = async function(ctx) {
   try {
-    const db = new PouchDB(ctx.user.appId)
+    const db = new PouchDB(ctx.appId)
     const deploymentDoc = await db.get("_local/deployments")
     ctx.body = deploymentDoc[ctx.params.deploymentId]
   } catch (err) {
@@ -128,7 +128,7 @@ exports.deployApp = async function(ctx) {
     hostingInfo.type === HostingTypes.CLOUD
       ? require("./awsDeploy")
       : require("./selfDeploy")
-  let deployment = new Deployment(ctx.user.appId)
+  let deployment = new Deployment(ctx.appId)
   deployment.setStatus(DeploymentStatus.PENDING)
   deployment = await storeLocalDeploymentHistory(deployment)
 

packages/server/src/api/controllers/layout.js

@@ -3,7 +3,7 @@ const CouchDB = require("../../db")
 const { generateLayoutID, getScreenParams } = require("../../db/utils")
 
 exports.save = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   let layout = ctx.request.body
 
   if (!layout.props) {
@@ -22,7 +22,7 @@ exports.save = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const layoutId = ctx.params.layoutId,
     layoutRev = ctx.params.layoutRev
 

packages/server/src/api/controllers/query.js

@@ -28,7 +28,7 @@ function formatResponse(resp) {
 }
 
 exports.fetch = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
 
   const body = await db.allDocs(
     getQueryParams(null, {
@@ -39,7 +39,7 @@ exports.fetch = async function(ctx) {
 }
 
 exports.save = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const query = ctx.request.body
 
   if (!query._id) {
@@ -90,7 +90,7 @@ async function enrichQueryFields(fields, parameters) {
 }
 
 exports.find = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const query = enrichQueries(await db.get(ctx.params.queryId))
   // remove properties that could be dangerous in real app
   if (env.isProd()) {
@@ -102,7 +102,7 @@ exports.find = async function(ctx) {
 }
 
 exports.preview = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
 
   const datasource = await db.get(ctx.request.body.datasourceId)
 
@@ -130,7 +130,7 @@ exports.preview = async function(ctx) {
 }
 
 exports.execute = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
 
   const query = await db.get(ctx.params.queryId)
   const datasource = await db.get(query.datasourceId)
@@ -153,7 +153,7 @@ exports.execute = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   await db.remove(ctx.params.queryId, ctx.params.revId)
   ctx.message = `Query deleted.`
   ctx.status = 200

packages/server/src/api/controllers/role.js

@@ -51,7 +51,7 @@ async function updateRolesOnUserTable(db, roleId, updateOption) {
 }
 
 exports.fetch = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const body = await db.allDocs(
     getRoleParams(null, {
       include_docs: true,
@@ -79,11 +79,11 @@ exports.fetch = async function(ctx) {
 }
 
 exports.find = async function(ctx) {
-  ctx.body = await getRole(ctx.user.appId, ctx.params.roleId)
+  ctx.body = await getRole(ctx.appId, ctx.params.roleId)
 }
 
 exports.save = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   let { _id, name, inherits, permissionId } = ctx.request.body
   if (!_id) {
     _id = generateRoleID()
@@ -104,7 +104,7 @@ exports.save = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const roleId = ctx.params.roleId
   if (isBuiltin(roleId)) {
     ctx.throw(400, "Cannot delete builtin role.")

packages/server/src/api/controllers/row.js

@@ -60,7 +60,7 @@ async function findRow(db, appId, tableId, rowId) {
 }
 
 exports.patch = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   let dbRow = await db.get(ctx.params.rowId)
   let dbTable = await db.get(dbRow.tableId)
@@ -121,7 +121,7 @@ exports.patch = async function(ctx) {
 }
 
 exports.save = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   let inputs = ctx.request.body
   inputs.tableId = ctx.params.tableId
@@ -197,7 +197,7 @@ exports.save = async function(ctx) {
 }
 
 exports.fetchView = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const viewName = ctx.params.viewName
 
   // if this is a table view being looked for just transfer to that
@@ -256,7 +256,7 @@ exports.fetchView = async function(ctx) {
 }
 
 exports.search = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   const {
     query,
@@ -303,7 +303,7 @@ exports.search = async function(ctx) {
 }
 
 exports.fetchTableRows = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
 
   // special case for users, fetch through the user controller
@@ -324,7 +324,7 @@ exports.fetchTableRows = async function(ctx) {
 }
 
 exports.find = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   try {
     const table = await db.get(ctx.params.tableId)
@@ -336,7 +336,7 @@ exports.find = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   const row = await db.get(ctx.params.rowId)
   if (row.tableId !== ctx.params.tableId) {
@@ -358,7 +358,7 @@ exports.destroy = async function(ctx) {
 
 exports.validate = async function(ctx) {
   const errors = await validate({
-    appId: ctx.user.appId,
+    appId: ctx.appId,
     tableId: ctx.params.tableId,
     row: ctx.request.body,
   })
@@ -388,7 +388,7 @@ async function validate({ appId, tableId, row, table }) {
 }
 
 exports.fetchEnrichedRow = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   const tableId = ctx.params.tableId
   const rowId = ctx.params.rowId
@@ -433,7 +433,7 @@ exports.fetchEnrichedRow = async function(ctx) {
 }
 
 async function bulkDelete(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const { rows } = ctx.request.body
   const db = new CouchDB(appId)
 

packages/server/src/api/controllers/screen.js

@@ -3,7 +3,7 @@ const { getScreenParams, generateScreenID } = require("../../db/utils")
 const { AccessController } = require("../../utilities/security/roles")
 
 exports.fetch = async ctx => {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
 
   const screens = (
@@ -21,7 +21,7 @@ exports.fetch = async ctx => {
 }
 
 exports.save = async ctx => {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   let screen = ctx.request.body
 
@@ -39,7 +39,7 @@ exports.save = async ctx => {
 }
 
 exports.destroy = async ctx => {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   await db.remove(ctx.params.screenId, ctx.params.screenRev)
   ctx.body = {
     message: "Screen deleted successfully",

packages/server/src/api/controllers/search/index.js

@@ -2,7 +2,7 @@ const { QueryBuilder, buildSearchUrl, search } = require("./utils")
 
 exports.rowSearch = async ctx => {
   // this can't be done through pouch, have to reach for trusty node-fetch
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const bookmark = ctx.params.bookmark
   let url
   if (ctx.params.query) {

packages/server/src/api/controllers/static/index.js

@@ -84,7 +84,7 @@ exports.uploadFile = async function(ctx) {
 
     return prepareUpload({
       file,
-      s3Key: `assets/${ctx.user.appId}/attachments/${processedFileName}`,
+      s3Key: `assets/${ctx.appId}/attachments/${processedFileName}`,
       bucket: "prod-budi-app-assets",
     })
   })
@@ -120,7 +120,7 @@ exports.serveApp = async function(ctx) {
 exports.serveAttachment = async function(ctx) {
   await returnObjectStoreFile(
     ctx,
-    join(ctx.user.appId, "attachments", ctx.file)
+    join(ctx.appId, "attachments", ctx.file)
   )
 }
 
@@ -128,7 +128,7 @@ exports.serveAppAsset = async function(ctx) {
   if (env.isDev() || env.isTest()) {
     return send(ctx, ctx.file, { root: budibaseTempDir() })
   }
-  await returnObjectStoreFile(ctx, join(ctx.user.appId, "public", ctx.file))
+  await returnObjectStoreFile(ctx, join(ctx.appId, "public", ctx.file))
 }
 
 exports.serveComponentLibrary = async function(ctx) {

packages/server/src/api/controllers/table/index.js

@@ -10,7 +10,7 @@ const { FieldTypes } = require("../../../constants")
 const { TableSaveFunctions } = require("./utils")
 
 exports.fetch = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const body = await db.allDocs(
     getTableParams(null, {
       include_docs: true,
@@ -20,12 +20,12 @@ exports.fetch = async function(ctx) {
 }
 
 exports.find = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   ctx.body = await db.get(ctx.params.id)
 }
 
 exports.save = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   const { dataImport, ...rest } = ctx.request.body
   let tableToSave = {
@@ -127,7 +127,7 @@ exports.save = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const appId = ctx.user.appId
+  const appId = ctx.appId
   const db = new CouchDB(appId)
   const tableToDelete = await db.get(ctx.params.tableId)
 

packages/server/src/api/controllers/table/utils.js

@@ -57,8 +57,8 @@ exports.makeSureTableUpToDate = (table, tableToSave) => {
   return tableToSave
 }
 
-exports.handleDataImport = async (user, table, dataImport) => {
+exports.handleDataImport = async (appId, user, table, dataImport) => {
-  const db = new CouchDB(user.appId)
+  const db = new CouchDB(appId)
   if (dataImport && dataImport.csvString) {
     // Populate the table with rows imported from CSV in a bulk update
     const data = await csvParser.transform(dataImport)
@@ -152,7 +152,7 @@ class TableSaveFunctions {
     this.db = db
     this.ctx = ctx
     if (this.ctx && this.ctx.user) {
-      this.appId = this.ctx.user.appId
+      this.appId = this.ctx.appId
     }
     this.oldTable = oldTable
     this.dataImport = dataImport
@@ -184,6 +184,7 @@ class TableSaveFunctions {
   async after(table) {
     table = await exports.handleSearchIndexes(this.appId, table)
     table = await exports.handleDataImport(
+      this.appId,
       this.ctx.user,
       table,
       this.dataImport

packages/server/src/api/controllers/user.js

@@ -5,7 +5,7 @@ const { getRole } = require("../../utilities/security/roles")
 const { UserStatus } = require("../../constants")
 
 exports.fetch = async function(ctx) {
-  const database = new CouchDB(ctx.user.appId)
+  const database = new CouchDB(ctx.appId)
   const users = (
     await database.allDocs(
       getUserParams(null, {
@@ -20,15 +20,16 @@ exports.fetch = async function(ctx) {
   ctx.body = users
 }
 
+// TODO: need to replace this with something that purely manages metadata
 exports.create = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const { email, password, roleId } = ctx.request.body
 
   if (!email || !password) {
     ctx.throw(400, "email and Password Required.")
   }
 
-  const role = await getRole(ctx.user.appId, roleId)
+  const role = await getRole(ctx.appId, roleId)
 
   if (!role) ctx.throw(400, "Invalid Role")
 
@@ -67,7 +68,7 @@ exports.create = async function(ctx) {
 }
 
 exports.update = async function(ctx) {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const user = ctx.request.body
   let dbUser
   if (user.email && !user._id) {
@@ -94,7 +95,7 @@ exports.update = async function(ctx) {
 }
 
 exports.destroy = async function(ctx) {
-  const database = new CouchDB(ctx.user.appId)
+  const database = new CouchDB(ctx.appId)
   await database.destroy(generateUserID(ctx.params.email))
   ctx.body = {
     message: `User ${ctx.params.email} deleted.`,
@@ -103,7 +104,7 @@ exports.destroy = async function(ctx) {
 }
 
 exports.find = async function(ctx) {
-  const database = new CouchDB(ctx.user.appId)
+  const database = new CouchDB(ctx.appId)
   let lookup = ctx.params.email
     ? generateUserID(ctx.params.email)
     : ctx.params.userId

packages/server/src/api/controllers/view/index.js

@@ -7,7 +7,7 @@ const { ViewNames } = require("../../../db/utils")
 
 const controller = {
   fetch: async ctx => {
-    const db = new CouchDB(ctx.user.appId)
+    const db = new CouchDB(ctx.appId)
     const designDoc = await db.get("_design/database")
     const response = []
 
@@ -25,7 +25,7 @@ const controller = {
     ctx.body = response
   },
   save: async ctx => {
-    const db = new CouchDB(ctx.user.appId)
+    const db = new CouchDB(ctx.appId)
     const { originalName, ...viewToSave } = ctx.request.body
     const designDoc = await db.get("_design/database")
     const view = viewTemplate(viewToSave)
@@ -66,7 +66,7 @@ const controller = {
     }
   },
   destroy: async ctx => {
-    const db = new CouchDB(ctx.user.appId)
+    const db = new CouchDB(ctx.appId)
     const designDoc = await db.get("_design/database")
     const viewName = decodeURI(ctx.params.viewName)
     const view = designDoc.views[viewName]
@@ -81,7 +81,7 @@ const controller = {
     ctx.body = view
   },
   exportView: async ctx => {
-    const db = new CouchDB(ctx.user.appId)
+    const db = new CouchDB(ctx.appId)
     const designDoc = await db.get("_design/database")
     const viewName = decodeURI(ctx.query.view)
 

packages/server/src/api/controllers/webhook.js

@@ -22,7 +22,7 @@ exports.WebhookType = {
 }
 
 exports.fetch = async ctx => {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const response = await db.allDocs(
     getWebhookParams(null, {
       include_docs: true,
@@ -32,9 +32,9 @@ exports.fetch = async ctx => {
 }
 
 exports.save = async ctx => {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   const webhook = ctx.request.body
-  webhook.appId = ctx.user.appId
+  webhook.appId = ctx.appId
 
   // check that the webhook exists
   if (webhook._id) {
@@ -51,7 +51,7 @@ exports.save = async ctx => {
 }
 
 exports.destroy = async ctx => {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
 }
 

packages/server/src/api/routes/tests/misc.spec.js

@@ -41,10 +41,12 @@ describe("run misc tests", () => {
       const dataImport = {
         csvString: "a,b,c,d\n1,2,3,4"
       }
-      await tableUtils.handleDataImport({
+      await tableUtils.handleDataImport(
-        appId: config.getAppId(),
+        config.getAppId(),
-        userId: "test",
+        { userId: "test" },
-      }, table, dataImport)
+        table,
+        dataImport
+      )
       const rows = await config.getRows()
       expect(rows[0].a).toEqual("1")
       expect(rows[0].b).toEqual("2")

packages/server/src/middleware/authenticated.js

@@ -41,7 +41,6 @@ module.exports = async (ctx, next) => {
     ctx.auth.authenticated = false
     ctx.appId = appId
     ctx.user = {
-      appId,
       role: builtinRoles.PUBLIC,
     }
     await next()
@@ -55,9 +54,10 @@ module.exports = async (ctx, next) => {
     ctx.auth.apiKey = jwtPayload.apiKey
     ctx.user = {
       ...jwtPayload,
-      appId: appId,
       role: await getRole(appId, jwtPayload.roleId),
     }
+    // appId no longer carried in user, make sure
+    delete ctx.user.appId
   } catch (err) {
     console.log(err)
     if (authType === AuthTypes.BUILDER) {

packages/server/src/middleware/usageQuota.js

@@ -27,7 +27,7 @@ function getProperty(url) {
 }
 
 module.exports = async (ctx, next) => {
-  const db = new CouchDB(ctx.user.appId)
+  const db = new CouchDB(ctx.appId)
   let usage = METHOD_MAP[ctx.req.method]
   const property = getProperty(ctx.req.url)
   if (usage == null || property == null) {

packages/server/src/utilities/bcrypt.js

@@ -1,3 +1,5 @@
+// TODO: REMOVE
+
 const bcrypt = require("bcryptjs")
 const env = require("../environment")