MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow bearer token for auth

This commit is contained in:
adrinr 2023-03-09 14:02:55 +01:00
parent e181b5652a
commit f65ded4282
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
packages/backend-core/src/constants/misc.ts
View File

@ -23,6 +23,7 @@ export enum Header {
TOKEN = "x-budibase-token", TOKEN = "x-budibase-token",
CSRF_TOKEN = "x-csrf-token", CSRF_TOKEN = "x-csrf-token",
CORRELATION_ID = "x-budibase-correlation-id", CORRELATION_ID = "x-budibase-correlation-id",
AUTHORIZATION = "authorization",
} }
export enum GlobalRole { export enum GlobalRole {

10
packages/backend-core/src/middleware/authenticated.ts
View File

@ -96,9 +96,15 @@ export default function (
} }
try { try {
// check the actual user is authenticated first, try header or cookie // check the actual user is authenticated first, try header or cookie
const headerToken = ctx.request.headers[Header.TOKEN] let headerToken = ctx.request.headers[Header.TOKEN]
const authCookie = getCookie(ctx, Cookie.Auth) || openJwt(headerToken) const authCookie = getCookie(ctx, Cookie.Auth) || openJwt(headerToken)
const apiKey = ctx.request.headers[Header.API_KEY] let apiKey = ctx.request.headers[Header.API_KEY]
if (!apiKey && ctx.request.headers[Header.AUTHORIZATION]) {
apiKey = ctx.request.headers[Header.AUTHORIZATION].split(" ")[1]
}
const tenantId = ctx.request.headers[Header.TENANT_ID] const tenantId = ctx.request.headers[Header.TENANT_ID]
let authenticated = false, let authenticated = false,
user = null, user = null,