Removing use of the , replacing to ctx.appId to make it clear appId not part of the auth.

This commit is contained in:
mike12345567 2021-03-29 17:32:05 +01:00
parent 9423128369
commit ae8dd1ec78
20 changed files with 96 additions and 80 deletions

View File

@ -48,7 +48,7 @@ exports.authenticate = async ctx => {
// if in prod add the user api key, unless self hosted
/* istanbul ignore next */
if (env.isProd() && !env.SELF_HOSTED) {
const { apiKey } = await getAPIKey(ctx.user.appId)
const { apiKey } = await getAPIKey(ctx.appId)
payload.apiKey = apiKey
}

View File

@ -34,13 +34,14 @@ function cleanAutomationInputs(automation) {
/**
* This function handles checking if any webhooks need to be created or deleted for automations.
* @param {string} appId The ID of the app in which we are checking for webhooks
* @param {object} user The user object, including all auth info
* @param {object|undefined} oldAuto The old automation object if updating/deleting
* @param {object|undefined} newAuto The new automation object if creating/updating
* @returns {Promise<object|undefined>} After this is complete the new automation object may have been updated and should be
* written to DB (this does not write to DB as it would be wasteful to repeat).
*/
async function checkForWebhooks({ user, oldAuto, newAuto }) {
async function checkForWebhooks({ appId, user, oldAuto, newAuto }) {
const oldTrigger = oldAuto ? oldAuto.definition.trigger : null
const newTrigger = newAuto ? newAuto.definition.trigger : null
function isWebhookTrigger(auto) {
@ -56,7 +57,7 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
!isWebhookTrigger(newAuto) &&
oldTrigger.webhookId
) {
let db = new CouchDB(user.appId)
let db = new CouchDB(appId)
// need to get the webhook to get the rev
const webhook = await db.get(oldTrigger.webhookId)
const ctx = {
@ -86,17 +87,17 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
const id = ctx.body.webhook._id
newTrigger.webhookId = id
newTrigger.inputs = {
schemaUrl: `api/webhooks/schema/${user.appId}/${id}`,
triggerUrl: `api/webhooks/trigger/${user.appId}/${id}`,
schemaUrl: `api/webhooks/schema/${appId}/${id}`,
triggerUrl: `api/webhooks/trigger/${appId}/${id}`,
}
}
return newAuto
}
exports.create = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
let automation = ctx.request.body
automation.appId = ctx.user.appId
automation.appId = ctx.appId
// call through to update if already exists
if (automation._id && automation._rev) {
@ -107,7 +108,11 @@ exports.create = async function(ctx) {
automation.type = "automation"
automation = cleanAutomationInputs(automation)
automation = await checkForWebhooks({ user: ctx.user, newAuto: automation })
automation = await checkForWebhooks({
appId: ctx.appId,
user: ctx.user,
newAuto: automation,
})
const response = await db.put(automation)
automation._rev = response.rev
@ -122,12 +127,13 @@ exports.create = async function(ctx) {
}
exports.update = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
let automation = ctx.request.body
automation.appId = ctx.user.appId
automation.appId = ctx.appId
const oldAutomation = await db.get(automation._id)
automation = cleanAutomationInputs(automation)
automation = await checkForWebhooks({
appId: ctx.appId,
user: ctx.user,
oldAuto: oldAutomation,
newAuto: automation,
@ -147,7 +153,7 @@ exports.update = async function(ctx) {
}
exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const response = await db.allDocs(
getAutomationParams(null, {
include_docs: true,
@ -157,14 +163,18 @@ exports.fetch = async function(ctx) {
}
exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
ctx.body = await db.get(ctx.params.id)
}
exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const oldAutomation = await db.get(ctx.params.id)
await checkForWebhooks({ user: ctx.user, oldAuto: oldAutomation })
await checkForWebhooks({
appId: ctx.appId,
user: ctx.user,
oldAuto: oldAutomation,
})
ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
}
@ -195,11 +205,11 @@ module.exports.getDefinitionList = async function(ctx) {
*********************/
exports.trigger = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
let automation = await db.get(ctx.params.id)
await triggers.externalTrigger(automation, {
...ctx.request.body,
appId: ctx.user.appId,
appId: ctx.appId,
})
ctx.status = 200
ctx.body = {

View File

@ -6,7 +6,7 @@ const {
} = require("../../db/utils")
exports.fetch = async function(ctx) {
const database = new CouchDB(ctx.user.appId)
const database = new CouchDB(ctx.appId)
ctx.body = (
await database.allDocs(
getDatasourceParams(null, {
@ -17,7 +17,7 @@ exports.fetch = async function(ctx) {
}
exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const datasource = {
_id: generateDatasourceID(),
@ -34,7 +34,7 @@ exports.save = async function(ctx) {
}
exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
// Delete all queries for the datasource
const rows = await db.allDocs(getQueryParams(ctx.params.datasourceId, null))
@ -48,6 +48,6 @@ exports.destroy = async function(ctx) {
}
exports.find = async function(ctx) {
const database = new CouchDB(ctx.user.appId)
const database = new CouchDB(ctx.appId)
ctx.body = await database.get(ctx.params.datasourceId)
}

View File

@ -93,7 +93,7 @@ async function deployApp(deployment) {
exports.fetchDeployments = async function(ctx) {
try {
const db = new PouchDB(ctx.user.appId)
const db = new PouchDB(ctx.appId)
const deploymentDoc = await db.get("_local/deployments")
const { updated, deployments } = await checkAllDeployments(
deploymentDoc,
@ -110,7 +110,7 @@ exports.fetchDeployments = async function(ctx) {
exports.deploymentProgress = async function(ctx) {
try {
const db = new PouchDB(ctx.user.appId)
const db = new PouchDB(ctx.appId)
const deploymentDoc = await db.get("_local/deployments")
ctx.body = deploymentDoc[ctx.params.deploymentId]
} catch (err) {
@ -128,7 +128,7 @@ exports.deployApp = async function(ctx) {
hostingInfo.type === HostingTypes.CLOUD
? require("./awsDeploy")
: require("./selfDeploy")
let deployment = new Deployment(ctx.user.appId)
let deployment = new Deployment(ctx.appId)
deployment.setStatus(DeploymentStatus.PENDING)
deployment = await storeLocalDeploymentHistory(deployment)

View File

@ -3,7 +3,7 @@ const CouchDB = require("../../db")
const { generateLayoutID, getScreenParams } = require("../../db/utils")
exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
let layout = ctx.request.body
if (!layout.props) {
@ -22,7 +22,7 @@ exports.save = async function(ctx) {
}
exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const layoutId = ctx.params.layoutId,
layoutRev = ctx.params.layoutRev

View File

@ -28,7 +28,7 @@ function formatResponse(resp) {
}
exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const body = await db.allDocs(
getQueryParams(null, {
@ -39,7 +39,7 @@ exports.fetch = async function(ctx) {
}
exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const query = ctx.request.body
if (!query._id) {
@ -90,7 +90,7 @@ async function enrichQueryFields(fields, parameters) {
}
exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const query = enrichQueries(await db.get(ctx.params.queryId))
// remove properties that could be dangerous in real app
if (env.isProd()) {
@ -102,7 +102,7 @@ exports.find = async function(ctx) {
}
exports.preview = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const datasource = await db.get(ctx.request.body.datasourceId)
@ -130,7 +130,7 @@ exports.preview = async function(ctx) {
}
exports.execute = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const query = await db.get(ctx.params.queryId)
const datasource = await db.get(query.datasourceId)
@ -153,7 +153,7 @@ exports.execute = async function(ctx) {
}
exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
await db.remove(ctx.params.queryId, ctx.params.revId)
ctx.message = `Query deleted.`
ctx.status = 200

View File

@ -51,7 +51,7 @@ async function updateRolesOnUserTable(db, roleId, updateOption) {
}
exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const body = await db.allDocs(
getRoleParams(null, {
include_docs: true,
@ -79,11 +79,11 @@ exports.fetch = async function(ctx) {
}
exports.find = async function(ctx) {
ctx.body = await getRole(ctx.user.appId, ctx.params.roleId)
ctx.body = await getRole(ctx.appId, ctx.params.roleId)
}
exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
let { _id, name, inherits, permissionId } = ctx.request.body
if (!_id) {
_id = generateRoleID()
@ -104,7 +104,7 @@ exports.save = async function(ctx) {
}
exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const roleId = ctx.params.roleId
if (isBuiltin(roleId)) {
ctx.throw(400, "Cannot delete builtin role.")

View File

@ -60,7 +60,7 @@ async function findRow(db, appId, tableId, rowId) {
}
exports.patch = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
let dbRow = await db.get(ctx.params.rowId)
let dbTable = await db.get(dbRow.tableId)
@ -121,7 +121,7 @@ exports.patch = async function(ctx) {
}
exports.save = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
let inputs = ctx.request.body
inputs.tableId = ctx.params.tableId
@ -197,7 +197,7 @@ exports.save = async function(ctx) {
}
exports.fetchView = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const viewName = ctx.params.viewName
// if this is a table view being looked for just transfer to that
@ -256,7 +256,7 @@ exports.fetchView = async function(ctx) {
}
exports.search = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
const {
query,
@ -303,7 +303,7 @@ exports.search = async function(ctx) {
}
exports.fetchTableRows = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
// special case for users, fetch through the user controller
@ -324,7 +324,7 @@ exports.fetchTableRows = async function(ctx) {
}
exports.find = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
try {
const table = await db.get(ctx.params.tableId)
@ -336,7 +336,7 @@ exports.find = async function(ctx) {
}
exports.destroy = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
const row = await db.get(ctx.params.rowId)
if (row.tableId !== ctx.params.tableId) {
@ -358,7 +358,7 @@ exports.destroy = async function(ctx) {
exports.validate = async function(ctx) {
const errors = await validate({
appId: ctx.user.appId,
appId: ctx.appId,
tableId: ctx.params.tableId,
row: ctx.request.body,
})
@ -388,7 +388,7 @@ async function validate({ appId, tableId, row, table }) {
}
exports.fetchEnrichedRow = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
const tableId = ctx.params.tableId
const rowId = ctx.params.rowId
@ -433,7 +433,7 @@ exports.fetchEnrichedRow = async function(ctx) {
}
async function bulkDelete(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const { rows } = ctx.request.body
const db = new CouchDB(appId)

View File

@ -3,7 +3,7 @@ const { getScreenParams, generateScreenID } = require("../../db/utils")
const { AccessController } = require("../../utilities/security/roles")
exports.fetch = async ctx => {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
const screens = (
@ -21,7 +21,7 @@ exports.fetch = async ctx => {
}
exports.save = async ctx => {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
let screen = ctx.request.body
@ -39,7 +39,7 @@ exports.save = async ctx => {
}
exports.destroy = async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
await db.remove(ctx.params.screenId, ctx.params.screenRev)
ctx.body = {
message: "Screen deleted successfully",

View File

@ -2,7 +2,7 @@ const { QueryBuilder, buildSearchUrl, search } = require("./utils")
exports.rowSearch = async ctx => {
// this can't be done through pouch, have to reach for trusty node-fetch
const appId = ctx.user.appId
const appId = ctx.appId
const bookmark = ctx.params.bookmark
let url
if (ctx.params.query) {

View File

@ -84,7 +84,7 @@ exports.uploadFile = async function(ctx) {
return prepareUpload({
file,
s3Key: `assets/${ctx.user.appId}/attachments/${processedFileName}`,
s3Key: `assets/${ctx.appId}/attachments/${processedFileName}`,
bucket: "prod-budi-app-assets",
})
})
@ -120,7 +120,7 @@ exports.serveApp = async function(ctx) {
exports.serveAttachment = async function(ctx) {
await returnObjectStoreFile(
ctx,
join(ctx.user.appId, "attachments", ctx.file)
join(ctx.appId, "attachments", ctx.file)
)
}
@ -128,7 +128,7 @@ exports.serveAppAsset = async function(ctx) {
if (env.isDev() || env.isTest()) {
return send(ctx, ctx.file, { root: budibaseTempDir() })
}
await returnObjectStoreFile(ctx, join(ctx.user.appId, "public", ctx.file))
await returnObjectStoreFile(ctx, join(ctx.appId, "public", ctx.file))
}
exports.serveComponentLibrary = async function(ctx) {

View File

@ -10,7 +10,7 @@ const { FieldTypes } = require("../../../constants")
const { TableSaveFunctions } = require("./utils")
exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const body = await db.allDocs(
getTableParams(null, {
include_docs: true,
@ -20,12 +20,12 @@ exports.fetch = async function(ctx) {
}
exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
ctx.body = await db.get(ctx.params.id)
}
exports.save = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
const { dataImport, ...rest } = ctx.request.body
let tableToSave = {
@ -127,7 +127,7 @@ exports.save = async function(ctx) {
}
exports.destroy = async function(ctx) {
const appId = ctx.user.appId
const appId = ctx.appId
const db = new CouchDB(appId)
const tableToDelete = await db.get(ctx.params.tableId)

View File

@ -57,8 +57,8 @@ exports.makeSureTableUpToDate = (table, tableToSave) => {
return tableToSave
}
exports.handleDataImport = async (user, table, dataImport) => {
const db = new CouchDB(user.appId)
exports.handleDataImport = async (appId, user, table, dataImport) => {
const db = new CouchDB(appId)
if (dataImport && dataImport.csvString) {
// Populate the table with rows imported from CSV in a bulk update
const data = await csvParser.transform(dataImport)
@ -152,7 +152,7 @@ class TableSaveFunctions {
this.db = db
this.ctx = ctx
if (this.ctx && this.ctx.user) {
this.appId = this.ctx.user.appId
this.appId = this.ctx.appId
}
this.oldTable = oldTable
this.dataImport = dataImport
@ -184,6 +184,7 @@ class TableSaveFunctions {
async after(table) {
table = await exports.handleSearchIndexes(this.appId, table)
table = await exports.handleDataImport(
this.appId,
this.ctx.user,
table,
this.dataImport

View File

@ -5,7 +5,7 @@ const { getRole } = require("../../utilities/security/roles")
const { UserStatus } = require("../../constants")
exports.fetch = async function(ctx) {
const database = new CouchDB(ctx.user.appId)
const database = new CouchDB(ctx.appId)
const users = (
await database.allDocs(
getUserParams(null, {
@ -20,15 +20,16 @@ exports.fetch = async function(ctx) {
ctx.body = users
}
// TODO: need to replace this with something that purely manages metadata
exports.create = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const { email, password, roleId } = ctx.request.body
if (!email || !password) {
ctx.throw(400, "email and Password Required.")
}
const role = await getRole(ctx.user.appId, roleId)
const role = await getRole(ctx.appId, roleId)
if (!role) ctx.throw(400, "Invalid Role")
@ -67,7 +68,7 @@ exports.create = async function(ctx) {
}
exports.update = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const user = ctx.request.body
let dbUser
if (user.email && !user._id) {
@ -94,7 +95,7 @@ exports.update = async function(ctx) {
}
exports.destroy = async function(ctx) {
const database = new CouchDB(ctx.user.appId)
const database = new CouchDB(ctx.appId)
await database.destroy(generateUserID(ctx.params.email))
ctx.body = {
message: `User ${ctx.params.email} deleted.`,
@ -103,7 +104,7 @@ exports.destroy = async function(ctx) {
}
exports.find = async function(ctx) {
const database = new CouchDB(ctx.user.appId)
const database = new CouchDB(ctx.appId)
let lookup = ctx.params.email
? generateUserID(ctx.params.email)
: ctx.params.userId

View File

@ -7,7 +7,7 @@ const { ViewNames } = require("../../../db/utils")
const controller = {
fetch: async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const designDoc = await db.get("_design/database")
const response = []
@ -25,7 +25,7 @@ const controller = {
ctx.body = response
},
save: async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const { originalName, ...viewToSave } = ctx.request.body
const designDoc = await db.get("_design/database")
const view = viewTemplate(viewToSave)
@ -66,7 +66,7 @@ const controller = {
}
},
destroy: async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const designDoc = await db.get("_design/database")
const viewName = decodeURI(ctx.params.viewName)
const view = designDoc.views[viewName]
@ -81,7 +81,7 @@ const controller = {
ctx.body = view
},
exportView: async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const designDoc = await db.get("_design/database")
const viewName = decodeURI(ctx.query.view)

View File

@ -22,7 +22,7 @@ exports.WebhookType = {
}
exports.fetch = async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const response = await db.allDocs(
getWebhookParams(null, {
include_docs: true,
@ -32,9 +32,9 @@ exports.fetch = async ctx => {
}
exports.save = async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
const webhook = ctx.request.body
webhook.appId = ctx.user.appId
webhook.appId = ctx.appId
// check that the webhook exists
if (webhook._id) {
@ -51,7 +51,7 @@ exports.save = async ctx => {
}
exports.destroy = async ctx => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
}

View File

@ -41,10 +41,12 @@ describe("run misc tests", () => {
const dataImport = {
csvString: "a,b,c,d\n1,2,3,4"
}
await tableUtils.handleDataImport({
appId: config.getAppId(),
userId: "test",
}, table, dataImport)
await tableUtils.handleDataImport(
config.getAppId(),
{ userId: "test" },
table,
dataImport
)
const rows = await config.getRows()
expect(rows[0].a).toEqual("1")
expect(rows[0].b).toEqual("2")

View File

@ -41,7 +41,6 @@ module.exports = async (ctx, next) => {
ctx.auth.authenticated = false
ctx.appId = appId
ctx.user = {
appId,
role: builtinRoles.PUBLIC,
}
await next()
@ -55,9 +54,10 @@ module.exports = async (ctx, next) => {
ctx.auth.apiKey = jwtPayload.apiKey
ctx.user = {
...jwtPayload,
appId: appId,
role: await getRole(appId, jwtPayload.roleId),
}
// appId no longer carried in user, make sure
delete ctx.user.appId
} catch (err) {
console.log(err)
if (authType === AuthTypes.BUILDER) {

View File

@ -27,7 +27,7 @@ function getProperty(url) {
}
module.exports = async (ctx, next) => {
const db = new CouchDB(ctx.user.appId)
const db = new CouchDB(ctx.appId)
let usage = METHOD_MAP[ctx.req.method]
const property = getProperty(ctx.req.url)
if (usage == null || property == null) {

View File

@ -1,3 +1,5 @@
// TODO: REMOVE
const bcrypt = require("bcryptjs")
const env = require("../environment")