removed x-user-agent
This commit is contained in:
parent
bd927564b2
commit
eb2b6ec56f
|
@ -1,8 +1,9 @@
|
||||||
export const getAppId = cookie => {
|
export const getAppId = docCookie => {
|
||||||
const base64Token = cookie
|
const cookie =
|
||||||
.split(";")
|
docCookie.split(";").find(c => c.trim().startsWith("budibase:token")) ||
|
||||||
.find(c => c.trim().startsWith("budibase:token"))
|
docCookie.split(";").find(c => c.trim().startsWith("builder:token"))
|
||||||
.substring(lengthOfKey)
|
|
||||||
|
const base64Token = cookie.substring(lengthOfKey)
|
||||||
|
|
||||||
const user = JSON.parse(atob(base64Token.split(".")[1]))
|
const user = JSON.parse(atob(base64Token.split(".")[1]))
|
||||||
return user.appId
|
return user.appId
|
||||||
|
|
|
@ -79,7 +79,7 @@ export const screenRouter = ({ screens, onScreenSelected, window }) => {
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
|
|
||||||
const target = x.target || "_self"
|
const target = (x && x.target) || "_self"
|
||||||
if (!y || target !== "_self" || x.host !== location.host) return
|
if (!y || target !== "_self" || x.host !== location.host) return
|
||||||
|
|
||||||
e.preventDefault()
|
e.preventDefault()
|
||||||
|
|
|
@ -9,16 +9,16 @@ export const bbFactory = ({
|
||||||
componentLibraries,
|
componentLibraries,
|
||||||
onScreenSlotRendered,
|
onScreenSlotRendered,
|
||||||
}) => {
|
}) => {
|
||||||
const apiCall = method => (url, body) =>
|
const apiCall = method => (url, body) => {
|
||||||
fetch(url, {
|
return fetch(url, {
|
||||||
method: method,
|
method: method,
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json",
|
"Content-Type": "application/json",
|
||||||
"x-user-agent": "Budibase Builder",
|
|
||||||
},
|
},
|
||||||
body: body && JSON.stringify(body),
|
body: body && JSON.stringify(body),
|
||||||
credentials: "same-origin",
|
credentials: "same-origin",
|
||||||
})
|
})
|
||||||
|
}
|
||||||
|
|
||||||
const api = {
|
const api = {
|
||||||
post: apiCall("POST"),
|
post: apiCall("POST"),
|
||||||
|
|
|
@ -55,9 +55,14 @@ exports.authenticate = async ctx => {
|
||||||
expiresIn: "1 day",
|
expiresIn: "1 day",
|
||||||
})
|
})
|
||||||
|
|
||||||
const ONE_DAY_FROM_NOW = new Date(Date.now() + 24 * 3600)
|
const expires = new Date()
|
||||||
|
expires.setDate(expires.getDate() + 1)
|
||||||
|
|
||||||
ctx.cookies.set("budibase:token", token, { expires: ONE_DAY_FROM_NOW })
|
ctx.cookies.set("budibase:token", token, {
|
||||||
|
expires,
|
||||||
|
path: "/",
|
||||||
|
httpOnly: false,
|
||||||
|
})
|
||||||
|
|
||||||
ctx.body = {
|
ctx.body = {
|
||||||
token,
|
token,
|
||||||
|
|
|
@ -6,10 +6,13 @@ const {
|
||||||
} = require("../../utilities/budibaseDir")
|
} = require("../../utilities/budibaseDir")
|
||||||
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
|
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
|
||||||
const { ANON_LEVEL_ID } = require("../../utilities/accessLevels")
|
const { ANON_LEVEL_ID } = require("../../utilities/accessLevels")
|
||||||
|
const jwt = require("jsonwebtoken")
|
||||||
|
|
||||||
exports.serveBuilder = async function(ctx) {
|
exports.serveBuilder = async function(ctx) {
|
||||||
let builderPath = resolve(__dirname, "../../../builder")
|
let builderPath = resolve(__dirname, "../../../builder")
|
||||||
|
if (ctx.file === "index.html") {
|
||||||
setBuilderToken(ctx)
|
setBuilderToken(ctx)
|
||||||
|
}
|
||||||
await send(ctx, ctx.file, { root: ctx.devPath || builderPath })
|
await send(ctx, ctx.file, { root: ctx.devPath || builderPath })
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,11 +27,12 @@ exports.serveApp = async function(ctx) {
|
||||||
// only set the appId cookie for /appId .. we COULD check for valid appIds
|
// only set the appId cookie for /appId .. we COULD check for valid appIds
|
||||||
// but would like to avoid that DB hit
|
// but would like to avoid that DB hit
|
||||||
if (looksLikeAppId(ctx.params.appId) && !ctx.isAuthenticated) {
|
if (looksLikeAppId(ctx.params.appId) && !ctx.isAuthenticated) {
|
||||||
const anonToken = {
|
const anonUser = {
|
||||||
userId: "ANON",
|
userId: "ANON",
|
||||||
accessLevelId: ANON_LEVEL_ID,
|
accessLevelId: ANON_LEVEL_ID,
|
||||||
appId: ctx.params.appId,
|
appId: ctx.params.appId,
|
||||||
}
|
}
|
||||||
|
const anonToken = jwt.sign(anonUser, ctx.config.jwtSecret)
|
||||||
ctx.cookies.set("budibase:token", anonToken, {
|
ctx.cookies.set("budibase:token", anonToken, {
|
||||||
path: "/",
|
path: "/",
|
||||||
httpOnly: false,
|
httpOnly: false,
|
||||||
|
|
|
@ -16,12 +16,8 @@ module.exports = async (ctx, next) => {
|
||||||
|
|
||||||
const appToken = ctx.cookies.get("budibase:token")
|
const appToken = ctx.cookies.get("budibase:token")
|
||||||
const builderToken = ctx.cookies.get("builder:token")
|
const builderToken = ctx.cookies.get("builder:token")
|
||||||
const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder"
|
|
||||||
|
|
||||||
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
|
if (builderToken) {
|
||||||
const shouldAuthAsBuilder = isBuilderAgent && builderToken
|
|
||||||
|
|
||||||
if (shouldAuthAsBuilder) {
|
|
||||||
try {
|
try {
|
||||||
const jwtPayload = jwt.verify(builderToken, ctx.config.jwtSecret)
|
const jwtPayload = jwt.verify(builderToken, ctx.config.jwtSecret)
|
||||||
ctx.isAuthenticated = jwtPayload.accessLevelId === BUILDER_LEVEL_ID
|
ctx.isAuthenticated = jwtPayload.accessLevelId === BUILDER_LEVEL_ID
|
||||||
|
|
|
@ -94,6 +94,7 @@ module.exports = {
|
||||||
USER_MANAGEMENT,
|
USER_MANAGEMENT,
|
||||||
BUILDER,
|
BUILDER,
|
||||||
LIST_USERS,
|
LIST_USERS,
|
||||||
|
adminPermissions,
|
||||||
generateAdminPermissions,
|
generateAdminPermissions,
|
||||||
generatePowerUserPermissions,
|
generatePowerUserPermissions,
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue