From f163027ca8386b04e1fcc83f4a80b473e3050f33 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Thu, 15 Oct 2020 14:26:33 +0100 Subject: [PATCH] more auth bugfixes --- packages/client/src/render/getAppId.js | 2 ++ packages/server/src/middleware/authenticated.js | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/client/src/render/getAppId.js b/packages/client/src/render/getAppId.js index e6216e7be5..5525c67358 100644 --- a/packages/client/src/render/getAppId.js +++ b/packages/client/src/render/getAppId.js @@ -3,6 +3,8 @@ export const parseAppIdFromCookie = docCookie => { docCookie.split(";").find(c => c.trim().startsWith("budibase:token")) || docCookie.split(";").find(c => c.trim().startsWith("builder:token")) + if (!cookie) return location.pathname.replace("/") + const base64Token = cookie.substring(lengthOfKey) const user = JSON.parse(atob(base64Token.split(".")[1])) diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js index 8a046f4327..1a2eba3fd8 100644 --- a/packages/server/src/middleware/authenticated.js +++ b/packages/server/src/middleware/authenticated.js @@ -34,12 +34,14 @@ module.exports = async (ctx, next) => { let appId = process.env.CLOUD ? ctx.subdomains[1] : ctx.params.appId - if (!appId) { - appId = ctx.referer && ctx.referer.split("/").pop() + // if appId can't be determined from path param or subdomain + if (!appId && ctx.request.headers.referer) { + const url = new URL(ctx.request.headers.referer) + // remove leading and trailing slashes from appId + appId = url.pathname.replace(/\//g, "") } ctx.user = { - // if appId can't be determined from path param or subdomain appId, } await next()