Merge branch 'master' into BUDI-7655/migration-backend
This commit is contained in:
commit
e7859a8a47
|
@ -93,11 +93,19 @@ export const getTenantIDFromCtx = (
|
||||||
// subdomain
|
// subdomain
|
||||||
if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
|
if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
|
||||||
// e.g. budibase.app or local.com:10000
|
// e.g. budibase.app or local.com:10000
|
||||||
const platformHost = new URL(getPlatformURL()).host.split(":")[0]
|
let platformHost
|
||||||
|
try {
|
||||||
|
platformHost = new URL(getPlatformURL()).host.split(":")[0]
|
||||||
|
} catch (err: any) {
|
||||||
|
// if invalid URL, just don't try to process subdomain
|
||||||
|
if (err.code !== "ERR_INVALID_URL") {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
// e.g. tenant.budibase.app or tenant.local.com
|
// e.g. tenant.budibase.app or tenant.local.com
|
||||||
const requestHost = ctx.host
|
const requestHost = ctx.host
|
||||||
// parse the tenant id from the difference
|
// parse the tenant id from the difference
|
||||||
if (requestHost.includes(platformHost)) {
|
if (platformHost && requestHost.includes(platformHost)) {
|
||||||
const tenantId = requestHost.substring(
|
const tenantId = requestHost.substring(
|
||||||
0,
|
0,
|
||||||
requestHost.indexOf(`.${platformHost}`)
|
requestHost.indexOf(`.${platformHost}`)
|
||||||
|
|
|
@ -5,6 +5,7 @@ import {
|
||||||
tenancy,
|
tenancy,
|
||||||
context,
|
context,
|
||||||
users,
|
users,
|
||||||
|
auth,
|
||||||
} from "@budibase/backend-core"
|
} from "@budibase/backend-core"
|
||||||
import { generateUserMetadataID, isDevAppID } from "../db/utils"
|
import { generateUserMetadataID, isDevAppID } from "../db/utils"
|
||||||
import { getCachedSelf } from "../utilities/global"
|
import { getCachedSelf } from "../utilities/global"
|
||||||
|
@ -69,28 +70,34 @@ export default async (ctx: UserCtx, next: any) => {
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
return context.doInAppContext(appId, async () => {
|
const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined
|
||||||
// if the user not in the right tenant then make sure they have no permissions
|
|
||||||
// need to judge this only based on the request app ID,
|
// if the user is not in the right tenant then make sure to wipe their cookie
|
||||||
|
// also cleanse any information about them that has been allocated
|
||||||
|
// this avoids apps making calls to say the worker which are cross tenant,
|
||||||
|
// we simply remove the authentication
|
||||||
if (
|
if (
|
||||||
env.MULTI_TENANCY &&
|
env.MULTI_TENANCY &&
|
||||||
ctx.user?._id &&
|
userId &&
|
||||||
requestAppId &&
|
requestAppId &&
|
||||||
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
|
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
|
||||||
) {
|
) {
|
||||||
// don't error, simply remove the users rights (they are a public user)
|
// clear out the user
|
||||||
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
|
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
|
||||||
ctx.isAuthenticated = false
|
ctx.isAuthenticated = false
|
||||||
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
|
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
|
||||||
|
// remove the cookie, so future calls are public
|
||||||
|
await auth.platformLogout({
|
||||||
|
ctx,
|
||||||
|
userId,
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return context.doInAppContext(appId, async () => {
|
||||||
ctx.appId = appId
|
ctx.appId = appId
|
||||||
if (roleId) {
|
if (roleId) {
|
||||||
ctx.roleId = roleId
|
ctx.roleId = roleId
|
||||||
const globalId = ctx.user ? ctx.user._id : undefined
|
const globalId = ctx.user ? ctx.user._id : undefined
|
||||||
const userId = ctx.user
|
|
||||||
? generateUserMetadataID(ctx.user._id!)
|
|
||||||
: undefined
|
|
||||||
ctx.user = {
|
ctx.user = {
|
||||||
...ctx.user!,
|
...ctx.user!,
|
||||||
// override userID with metadata one
|
// override userID with metadata one
|
||||||
|
|
Loading…
Reference in New Issue