Merge pull request #316 from Budibase/fix-user-agent

use custom user agent header
2020-06-03 20:58:03 +01:00 · 2020-06-03 20:58:03 +01:00 · e4cc5656ae
parent eb850547ab 9581bec421
commit e4cc5656ae
10 changed files with 37 additions and 20 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/packages/builder/src/builderStore/api.js
+++ b/packages/builder/src/builderStore/api.js
@ -3,7 +3,7 @@ const apiCall = method => async (url, body) => {
    method: method,
    headers: {
      "Content-Type": "application/json",
-      "User-Agent": "Budibase Builder",
+      "x-user-agent": "Budibase Builder",
    },
    body: body && JSON.stringify(body),
  })
--- a/packages/builder/src/builderStore/loadComponentLibraries.js
+++ b/packages/builder/src/builderStore/loadComponentLibraries.js
@ -1,3 +1,5 @@
+import { get } from "builderStore/api"
+
 /**
 * Fetches the definitions for component library components. This includes
 * their props and other metadata from components.json.
@ -6,7 +8,7 @@
 export const fetchComponentLibDefinitions = async appId => {
  const LIB_DEFINITION_URL = `/${appId}/components/definitions`
  try {
-    const libDefinitionResponse = await fetch(LIB_DEFINITION_URL)
+    const libDefinitionResponse = await get(LIB_DEFINITION_URL)
    return await libDefinitionResponse.json()
  } catch (err) {
    console.error(`Error fetching component definitions for ${appId}`, err)
--- a/packages/builder/src/components/userInterface/SettingsView.svelte
+++ b/packages/builder/src/components/userInterface/SettingsView.svelte
@ -19,7 +19,7 @@
  }
 </script>

-{#if panelDefinition.length > 0}
+{#if panelDefinition && panelDefinition.length > 0}
  {#each panelDefinition as definition}
    {#if propExistsOnComponentDef(definition.key)}
      <PropertyControl
--- a/packages/builder/src/components/userInterface/temporaryPanelStructure.js
+++ b/packages/builder/src/components/userInterface/temporaryPanelStructure.js
@ -317,7 +317,28 @@ export default {
          icon: "ri-bar-chart-fill",
          properties: {
            design: { ...all },
-            settings: [{ label: "Model", key: "model", control: ModelSelect }],
+            settings: [
+              { label: "Model", key: "model", control: ModelSelect },
+              {
+                label: "Chart Type",
+                key: "type",
+                control: OptionSelect,
+                options: [
+                  "column2d",
+                  "column3d",
+                  "line",
+                  "area2d",
+                  "bar2d",
+                  "bar3d",
+                  "pie2d",
+                  "pie3d",
+                  "doughnut2d",
+                  "doughnut3d",
+                  "pareto2d",
+                  "pareto3d",
+                ],
+              },
+            ],
          },
          children: [],
        },
--- a/packages/client/src/state/bbComponentApi.js
+++ b/packages/client/src/state/bbComponentApi.js
@ -27,6 +27,7 @@ export const bbFactory = ({
      method: method,
      headers: {
        "Content-Type": "application/json",
+        "x-user-agent": "Budibase Builder",
      },
      body: body && JSON.stringify(body),
    })
--- a/packages/server/src/api/controllers/auth.js
+++ b/packages/server/src/api/controllers/auth.js
@ -10,12 +10,9 @@ exports.authenticate = async ctx => {
  if (!username) ctx.throw(400, "Username Required.")
  if (!password) ctx.throw(400, "Password Required")

-  // TODO: Don't use this. It can't be relied on
-  const referer = ctx.request.headers.referer.split("/")
-  const appId = referer[3]
-
  // find the instance that the user is associated with
  const db = new CouchDB(ClientDb.name(env.CLIENT_ID))
+  const appId = ctx.params.appId
  const app = await db.get(appId)
  const instanceId = app.userInstanceMap[username]

--- a/packages/server/src/api/routes/auth.js
+++ b/packages/server/src/api/routes/auth.js
@ -3,6 +3,6 @@ const controller = require("../controllers/auth")

 const router = Router()

-router.post("/api/authenticate", controller.authenticate)
+router.post("/:appId/api/authenticate", controller.authenticate)

 module.exports = router
--- a/packages/server/src/api/routes/tests/couchTestUtils.js
+++ b/packages/server/src/api/routes/tests/couchTestUtils.js
@ -22,7 +22,7 @@ exports.supertest = async () => {
 exports.defaultHeaders = {
  Accept: "application/json",
  Cookie: ["builder:token=test-admin-secret"],
-  "user-agent": "Budibase Builder",
+  "x-user-agent": "Budibase Builder",
 }

 exports.createModel = async (request, instanceId, model) => {
@ -176,8 +176,7 @@ const createUserWithPermissions = async (
  const designDoc = await db.get("_design/database")

  const loginResult = await request
-    .post(`/api/authenticate`)
-    .set("Referer", `http://localhost:4001/${designDoc.metadata.applicationId}`)
+    .post(`/${designDoc.metadata.applicationId}/api/authenticate`)
    .send({ username, password })

  // returning necessary request headers
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@ -15,19 +15,16 @@ module.exports = async (ctx, next) => {

  const appToken = ctx.cookies.get("budibase:token")
  const builderToken = ctx.cookies.get("builder:token")
-  const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
+  const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder"

  // all admin api access should auth with buildertoken and 'Budibase Builder user agent
  const shouldAuthAsBuilder = isBuilderAgent && builderToken

  if (shouldAuthAsBuilder) {
-    if (builderToken === env.ADMIN_SECRET) {
-      ctx.isAuthenticated = true
-      ctx.isBuilder = true
-    } else {
-      ctx.isAuthenticated = false
-      ctx.isBuilder = false
-    }
+    const builderTokenValid = builderToken === env.ADMIN_SECRET
+
+    ctx.isAuthenticated = builderTokenValid
+    ctx.isBuilder = builderTokenValid

    await next()
    return