Minor update to make use of new client header to state the request is from the client, not the builder.

This commit is contained in:
Michael Drury 2020-11-19 20:16:37 +00:00
parent c541cd078b
commit c03923360b
4 changed files with 15 additions and 15 deletions

View File

@ -62,11 +62,10 @@ exports.fetch = async ctx => {
exports.clientFetch = async ctx => { exports.clientFetch = async ctx => {
const routing = await getRoutingStructure(ctx.appId) const routing = await getRoutingStructure(ctx.appId)
const accessLevelId = ctx.user.accessLevel._id let accessLevelId = ctx.user.accessLevel._id
// builder is a special case, always return the full routing structure // builder is a special case, always return the full routing structure
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) { if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
ctx.body = routing accessLevelId = BUILTIN_LEVEL_IDS.ADMIN
return
} }
const accessLevelIds = await getUserAccessLevelHierarchy( const accessLevelIds = await getUserAccessLevelHierarchy(
ctx.appId, ctx.appId,

View File

@ -1,9 +1,9 @@
const jwt = require("jsonwebtoken") const jwt = require("jsonwebtoken")
const STATUS_CODES = require("../utilities/statusCodes") const STATUS_CODES = require("../utilities/statusCodes")
const { getAccessLevel } = require("../utilities/security/accessLevels") const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
const env = require("../environment") const env = require("../environment")
const { AuthTypes } = require("../constants") const { AuthTypes } = require("../constants")
const { getAppId, getCookieName, setCookie } = require("../utilities") const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")
module.exports = async (ctx, next) => { module.exports = async (ctx, next) => {
if (ctx.path === "/_builder") { if (ctx.path === "/_builder") {
@ -21,17 +21,13 @@ module.exports = async (ctx, next) => {
appId = cookieAppId appId = cookieAppId
} }
const appToken = ctx.cookies.get(getCookieName(appId))
const builderToken = ctx.cookies.get(getCookieName())
let token let token
// if running locally in the builder itself if (isClient(ctx)) {
if (!env.CLOUD && !appToken) {
token = builderToken
ctx.auth.authenticated = AuthTypes.BUILDER
} else {
token = appToken
ctx.auth.authenticated = AuthTypes.APP ctx.auth.authenticated = AuthTypes.APP
token = ctx.cookies.get(getCookieName(appId))
} else {
ctx.auth.authenticated = AuthTypes.BUILDER
token = ctx.cookies.get(getCookieName())
} }
if (!token) { if (!token) {
@ -39,6 +35,7 @@ module.exports = async (ctx, next) => {
ctx.appId = appId ctx.appId = appId
ctx.user = { ctx.user = {
appId, appId,
accessLevel: BUILTIN_LEVELS.PUBLIC,
} }
await next() await next()
return return

View File

@ -70,3 +70,7 @@ exports.setCookie = (ctx, name, value) => {
overwrite: true, overwrite: true,
}) })
} }
exports.isClient = ctx => {
return ctx.headers["x-budibase-type"] === "client"
}

View File

@ -21,7 +21,7 @@ exports.BUILTIN_LEVELS = {
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER), ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC), POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC), BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"), PUBLIC: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"), BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
} }