currentapp being set correctly for user

packages/auth/src/db/utils.js

@@ -6,6 +6,7 @@ exports.StaticDatabases = {
 
 const DocumentTypes = {
   USER: "us",
+  APP: "app",
 }
 
 exports.DocumentTypes = DocumentTypes
@@ -13,6 +14,8 @@ exports.DocumentTypes = DocumentTypes
 const UNICODE_MAX = "\ufff0"
 const SEPARATOR = "_"
 
+exports.SEPARATOR = SEPARATOR
+
 /**
  * Generates a new user ID based on the passed in email.
  * @param {string} email The email which the ID is going to be built up of.

packages/auth/src/middleware/authenticated.js

@@ -16,6 +16,6 @@ module.exports = async (ctx, next) => {
 
     await next()
   } catch (err) {
-    ctx.throw(err.status || 403, err.text)
+    ctx.throw(err.status || 403, err)
   }
 }

packages/builder/src/stores/backend/auth.js

@@ -3,13 +3,18 @@ import api from "../../builderStore/api"
 
 async function checkAuth() {
   const response = await api.get("/api/self")
-  return await response.json()
+  const user = await response.json()
+  if (response.status === 200) return user
+
+  return null
 }
 
 export function createAuthStore() {
   const { subscribe, set } = writable({})
 
-  checkAuth().then(user => set({ user }))
+  checkAuth()
+    .then(user => set({ user }))
+    .catch(err => set({ user: null }))
 
   return {
     subscribe,

packages/server/src/middleware/authenticated.js

@@ -1,73 +0,0 @@
-// const jwt = require("jsonwebtoken")
-// const STATUS_CODES = require("../utilities/statusCodes")
-// const { getRole, getBuiltinRoles } = require("../utilities/security/roles")
-// const { AuthTypes } = require("../constants")
-// const {
-//   getAppId,
-//   getCookieName,
-//   clearCookie,
-//   setCookie,
-//   isClient,
-// } = require("../utilities")
-
-// module.exports = async (ctx, next) => {
-//   if (ctx.path === "/builder") {
-//     await next()
-//     return
-//   }
-
-//   // do everything we can to make sure the appId is held correctly
-//   // we hold it in state as a
-//   let appId = getAppId(ctx)
-//   const cookieAppId = ctx.cookies.get(getCookieName("currentapp"))
-//   const builtinRoles = getBuiltinRoles()
-//   if (appId && cookieAppId !== appId) {
-//     setCookie(ctx, appId, "currentapp")
-//   } else if (cookieAppId) {
-//     appId = cookieAppId
-//   }
-//   let token, authType
-//   if (!isClient(ctx)) {
-//     token = ctx.cookies.get(getCookieName())
-//     authType = AuthTypes.BUILDER
-//   }
-
-//   if (!token && appId) {
-//     token = ctx.cookies.get(getCookieName(appId))
-//     authType = AuthTypes.APP
-//   }
-
-//   if (!token) {
-//     ctx.auth.authenticated = false
-//     ctx.appId = appId
-//     ctx.user = {
-//       role: builtinRoles.PUBLIC,
-//     }
-//     await next()
-//     return
-//   }
-
-//   try {
-//     ctx.auth.authenticated = authType
-//     const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
-//     ctx.appId = appId
-//     ctx.auth.apiKey = jwtPayload.apiKey
-//     ctx.user = {
-//       ...jwtPayload,
-//       role: await getRole(appId, jwtPayload.roleId),
-//     }
-//     // appId no longer carried in user, make sure
-//     delete ctx.user.appId
-//   } catch (err) {
-//     console.log(err)
-//     if (authType === AuthTypes.BUILDER) {
-//       clearCookie(ctx)
-//       ctx.status = 200
-//       return
-//     } else {
-//       ctx.throw(err.status || STATUS_CODES.FORBIDDEN, err.text)
-//     }
-//   }
-
-//   await next()
-// }

packages/server/src/middleware/currentapp.js

@@ -2,11 +2,6 @@ const { getAppId, setCookie, getCookie, Cookies } = require("@budibase/auth")
 const { getGlobalUsers } = require("../utilities/workerRequests")
 const { BUILTIN_ROLE_IDS } = require("../utilities/security/roles")
 
-function CurrentAppCookie(appId, roleId) {
-  this.appId = appId
-  this.roleId = roleId
-}
-
 function finish(ctx, next, { appId, roleId, cookie = false }) {
   if (appId) {
     ctx.appId = appId
@@ -15,7 +10,7 @@ function finish(ctx, next, { appId, roleId, cookie = false }) {
     ctx.roleId = roleId
   }
   if (cookie && appId) {
-    setCookie(ctx, new CurrentAppCookie(appId, roleId), Cookies.CurrentApp)
+    setCookie(ctx, { appId, roleId }, Cookies.CurrentApp)
   }
   return next()
 }
@@ -37,10 +32,7 @@ module.exports = async (ctx, next) => {
     updateCookie = true
     appId = requestAppId
     roleId = BUILTIN_ROLE_IDS.PUBLIC
-  } else if (
+  } else if (requestAppId != null) {
-    requestAppId != null &&
-    (appCookie == null || requestAppId === appCookie.appId)
-  ) {
     const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email)
     updateCookie = true
     appId = requestAppId

packages/server/src/middleware/tests/authenticated.spec.js

@@ -66,7 +66,7 @@ describe("Authenticated middleware", () => {
     await config.executeMiddleware()
 
     expect(config.ctx.cookies.set).toHaveBeenCalledWith(
-      "budibase:currentapp:local",
+      "budibase:currentapp",
       appId,
       expect.any(Object)
     )

packages/server/src/utilities/builder/setBuilderToken.js

@@ -22,7 +22,7 @@ module.exports = async (ctx, appId, version) => {
 
   // set the builder token
   // setCookie(ctx, token, "builder")
-  setCookie(ctx, appId, "currentapp")
+  // setCookie(ctx, appId, "currentapp")
   // need to clear all app tokens or else unable to use the app in the builder
   // let allDbNames = await CouchDB.allDbs()
   // allDbNames.map(dbName => {

packages/server/src/utilities/workerRequests.js

@@ -11,7 +11,7 @@ function getAppRole(appId, user) {
   if (!user.roleId) {
     user.roleId = BUILTIN_ROLE_IDS.PUBLIC
   }
-  delete user.roles
+  // delete user.roles
   return user
 }