removed x-user-agent
This commit is contained in:
parent
bd927564b2
commit
eb2b6ec56f
|
@ -1,8 +1,9 @@
|
|||
export const getAppId = cookie => {
|
||||
const base64Token = cookie
|
||||
.split(";")
|
||||
.find(c => c.trim().startsWith("budibase:token"))
|
||||
.substring(lengthOfKey)
|
||||
export const getAppId = docCookie => {
|
||||
const cookie =
|
||||
docCookie.split(";").find(c => c.trim().startsWith("budibase:token")) ||
|
||||
docCookie.split(";").find(c => c.trim().startsWith("builder:token"))
|
||||
|
||||
const base64Token = cookie.substring(lengthOfKey)
|
||||
|
||||
const user = JSON.parse(atob(base64Token.split(".")[1]))
|
||||
return user.appId
|
||||
|
|
|
@ -79,7 +79,7 @@ export const screenRouter = ({ screens, onScreenSelected, window }) => {
|
|||
)
|
||||
return
|
||||
|
||||
const target = x.target || "_self"
|
||||
const target = (x && x.target) || "_self"
|
||||
if (!y || target !== "_self" || x.host !== location.host) return
|
||||
|
||||
e.preventDefault()
|
||||
|
|
|
@ -9,16 +9,16 @@ export const bbFactory = ({
|
|||
componentLibraries,
|
||||
onScreenSlotRendered,
|
||||
}) => {
|
||||
const apiCall = method => (url, body) =>
|
||||
fetch(url, {
|
||||
const apiCall = method => (url, body) => {
|
||||
return fetch(url, {
|
||||
method: method,
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
"x-user-agent": "Budibase Builder",
|
||||
},
|
||||
body: body && JSON.stringify(body),
|
||||
credentials: "same-origin",
|
||||
})
|
||||
}
|
||||
|
||||
const api = {
|
||||
post: apiCall("POST"),
|
||||
|
|
|
@ -55,9 +55,14 @@ exports.authenticate = async ctx => {
|
|||
expiresIn: "1 day",
|
||||
})
|
||||
|
||||
const ONE_DAY_FROM_NOW = new Date(Date.now() + 24 * 3600)
|
||||
const expires = new Date()
|
||||
expires.setDate(expires.getDate() + 1)
|
||||
|
||||
ctx.cookies.set("budibase:token", token, { expires: ONE_DAY_FROM_NOW })
|
||||
ctx.cookies.set("budibase:token", token, {
|
||||
expires,
|
||||
path: "/",
|
||||
httpOnly: false,
|
||||
})
|
||||
|
||||
ctx.body = {
|
||||
token,
|
||||
|
|
|
@ -6,10 +6,13 @@ const {
|
|||
} = require("../../utilities/budibaseDir")
|
||||
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
|
||||
const { ANON_LEVEL_ID } = require("../../utilities/accessLevels")
|
||||
const jwt = require("jsonwebtoken")
|
||||
|
||||
exports.serveBuilder = async function(ctx) {
|
||||
let builderPath = resolve(__dirname, "../../../builder")
|
||||
if (ctx.file === "index.html") {
|
||||
setBuilderToken(ctx)
|
||||
}
|
||||
await send(ctx, ctx.file, { root: ctx.devPath || builderPath })
|
||||
}
|
||||
|
||||
|
@ -24,11 +27,12 @@ exports.serveApp = async function(ctx) {
|
|||
// only set the appId cookie for /appId .. we COULD check for valid appIds
|
||||
// but would like to avoid that DB hit
|
||||
if (looksLikeAppId(ctx.params.appId) && !ctx.isAuthenticated) {
|
||||
const anonToken = {
|
||||
const anonUser = {
|
||||
userId: "ANON",
|
||||
accessLevelId: ANON_LEVEL_ID,
|
||||
appId: ctx.params.appId,
|
||||
}
|
||||
const anonToken = jwt.sign(anonUser, ctx.config.jwtSecret)
|
||||
ctx.cookies.set("budibase:token", anonToken, {
|
||||
path: "/",
|
||||
httpOnly: false,
|
||||
|
|
|
@ -16,12 +16,8 @@ module.exports = async (ctx, next) => {
|
|||
|
||||
const appToken = ctx.cookies.get("budibase:token")
|
||||
const builderToken = ctx.cookies.get("builder:token")
|
||||
const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder"
|
||||
|
||||
// all admin api access should auth with buildertoken and 'Budibase Builder user agent
|
||||
const shouldAuthAsBuilder = isBuilderAgent && builderToken
|
||||
|
||||
if (shouldAuthAsBuilder) {
|
||||
if (builderToken) {
|
||||
try {
|
||||
const jwtPayload = jwt.verify(builderToken, ctx.config.jwtSecret)
|
||||
ctx.isAuthenticated = jwtPayload.accessLevelId === BUILDER_LEVEL_ID
|
||||
|
|
|
@ -94,6 +94,7 @@ module.exports = {
|
|||
USER_MANAGEMENT,
|
||||
BUILDER,
|
||||
LIST_USERS,
|
||||
adminPermissions,
|
||||
generateAdminPermissions,
|
||||
generatePowerUserPermissions,
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue