Minor update to make use of new client header to state the request is from the client, not the builder.

2020-11-19 20:16:37 +00:00 · 2020-11-19 20:16:37 +00:00 · c03923360b
parent c541cd078b
commit c03923360b
4 changed files with 15 additions and 15 deletions
--- a/packages/server/src/api/controllers/routing.js
+++ b/packages/server/src/api/controllers/routing.js
@ -62,11 +62,10 @@ exports.fetch = async ctx => {

 exports.clientFetch = async ctx => {
  const routing = await getRoutingStructure(ctx.appId)
-  const accessLevelId = ctx.user.accessLevel._id
+  let accessLevelId = ctx.user.accessLevel._id
  // builder is a special case, always return the full routing structure
  if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
-    ctx.body = routing
-    return
+    accessLevelId = BUILTIN_LEVEL_IDS.ADMIN
  }
  const accessLevelIds = await getUserAccessLevelHierarchy(
    ctx.appId,
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@ -1,9 +1,9 @@
 const jwt = require("jsonwebtoken")
 const STATUS_CODES = require("../utilities/statusCodes")
-const { getAccessLevel } = require("../utilities/security/accessLevels")
+const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
 const env = require("../environment")
 const { AuthTypes } = require("../constants")
-const { getAppId, getCookieName, setCookie } = require("../utilities")
+const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")

 module.exports = async (ctx, next) => {
  if (ctx.path === "/_builder") {
@ -21,17 +21,13 @@ module.exports = async (ctx, next) => {
    appId = cookieAppId
  }

-  const appToken = ctx.cookies.get(getCookieName(appId))
-  const builderToken = ctx.cookies.get(getCookieName())
-
  let token
-  // if running locally in the builder itself
-  if (!env.CLOUD && !appToken) {
-    token = builderToken
-    ctx.auth.authenticated = AuthTypes.BUILDER
-  } else {
-    token = appToken
+  if (isClient(ctx)) {
    ctx.auth.authenticated = AuthTypes.APP
+    token = ctx.cookies.get(getCookieName(appId))
+  } else {
+    ctx.auth.authenticated = AuthTypes.BUILDER
+    token = ctx.cookies.get(getCookieName())
  }

  if (!token) {
@ -39,6 +35,7 @@ module.exports = async (ctx, next) => {
    ctx.appId = appId
    ctx.user = {
      appId,
+      accessLevel: BUILTIN_LEVELS.PUBLIC,
    }
    await next()
    return
--- a/packages/server/src/utilities/index.js
+++ b/packages/server/src/utilities/index.js
@ -70,3 +70,7 @@ exports.setCookie = (ctx, name, value) => {
    overwrite: true,
  })
 }
+
+exports.isClient = ctx => {
+  return ctx.headers["x-budibase-type"] === "client"
+}
--- a/packages/server/src/utilities/security/accessLevels.js
+++ b/packages/server/src/utilities/security/accessLevels.js
@ -21,7 +21,7 @@ exports.BUILTIN_LEVELS = {
  ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
  POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
  BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
-  ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
+  PUBLIC: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
  BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
 }