Merge pull request #4905 from Budibase/fix/public-api-tenancy

Various release fixes (Public API)
This commit is contained in:
Michael Drury 2022-03-14 21:45:46 +00:00 committed by GitHub
commit f6811cc5d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 16 deletions

View File

@ -5,7 +5,7 @@ const { getSession, updateSessionTTL } = require("../security/sessions")
const { buildMatcherRegex, matches } = require("./matchers") const { buildMatcherRegex, matches } = require("./matchers")
const env = require("../environment") const env = require("../environment")
const { SEPARATOR, ViewNames, queryGlobalView } = require("../../db") const { SEPARATOR, ViewNames, queryGlobalView } = require("../../db")
const { getGlobalDB } = require("../tenancy") const { getGlobalDB, doInTenant } = require("../tenancy")
const { decrypt } = require("../security/encryption") const { decrypt } = require("../security/encryption")
function finalise( function finalise(
@ -25,20 +25,25 @@ async function checkApiKey(apiKey, populateUser) {
} }
const decrypted = decrypt(apiKey) const decrypted = decrypt(apiKey)
const tenantId = decrypted.split(SEPARATOR)[0] const tenantId = decrypted.split(SEPARATOR)[0]
const db = getGlobalDB(tenantId) return doInTenant(tenantId, async () => {
// api key is encrypted in the database const db = getGlobalDB()
const userId = await queryGlobalView( // api key is encrypted in the database
ViewNames.BY_API_KEY, const userId = await queryGlobalView(
{ ViewNames.BY_API_KEY,
key: apiKey, {
}, key: apiKey,
db },
) db
if (userId) { )
return { valid: true, user: await getUser(userId, tenantId, populateUser) } if (userId) {
} else { return {
throw "Invalid API key" valid: true,
} user: await getUser(userId, tenantId, populateUser),
}
} else {
throw "Invalid API key"
}
})
} }
/** /**

View File

@ -85,7 +85,12 @@ exports.setInitInfo = ctx => {
} }
exports.getInitInfo = ctx => { exports.getInitInfo = ctx => {
ctx.body = getCookie(ctx, Cookies.Init) || {} try {
ctx.body = getCookie(ctx, Cookies.Init) || {}
} catch (err) {
clearCookie(ctx, Cookies.Init)
ctx.body = {}
}
} }
/** /**