adding auth object to context rather than separate booleans

6 years ago · 7f7594895b
5 changed files with 20 additions and 13 deletions
--- a/packages/server/src/api/controllers/static.js
+++ b/packages/server/src/api/controllers/static.js
@ -136,7 +136,7 @@ exports.performLocalFileProcessing = async function(ctx) {
 }

 exports.serveApp = async function(ctx) {
-  const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"
+  const mainOrAuth = ctx.auth.authenticated ? "main" : "unauthenticated"

  // default to homedir
  const appPath = resolve(
@ -154,7 +154,7 @@ exports.serveApp = async function(ctx) {
  // only set the appId cookie for /appId .. we COULD check for valid appIds
  // but would like to avoid that DB hit
  const looksLikeAppId = /^(app_)?[0-9a-f]{32}$/.test(appId)
-  if (looksLikeAppId && !ctx.isAuthenticated) {
+  if (looksLikeAppId && !ctx.auth.authenticated) {
    const anonUser = {
      userId: "ANON",
      accessLevelId: ANON_LEVEL_ID,
@ -200,7 +200,7 @@ exports.serveAttachment = async function(ctx) {

 exports.serveAppAsset = async function(ctx) {
  // default to homedir
-  const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"
+  const mainOrAuth = ctx.auth.authenticated ? "main" : "unauthenticated"

  const appPath = resolve(
    budibaseAppsDir(),
--- a/packages/server/src/app.js
+++ b/packages/server/src/app.js
@ -24,6 +24,7 @@ app.use(
 )

 app.context.eventEmitter = eventEmitter
+app.context.auth = {}

 // api routes
 app.use(api.routes())
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@ -20,8 +20,10 @@ module.exports = async (ctx, next) => {
  if (builderToken) {
    try {
      const jwtPayload = jwt.verify(builderToken, ctx.config.jwtSecret)
-      ctx.apiKey = jwtPayload.apiKey
-      ctx.isAuthenticated = jwtPayload.accessLevelId === BUILDER_LEVEL_ID
+      ctx.auth = {
+        apiKey: jwtPayload.apiKey,
+        authenticated: jwtPayload.accessLevelId === BUILDER_LEVEL_ID,
+      }
      ctx.user = {
        ...jwtPayload,
        accessLevel: await getAccessLevel(
@ -38,14 +40,13 @@ module.exports = async (ctx, next) => {
  }

  if (!appToken) {
-    ctx.isAuthenticated = false
+    ctx.auth.authenticated = false
    await next()
    return
  }

  try {
    const jwtPayload = jwt.verify(appToken, ctx.config.jwtSecret)
-    ctx.apiKey = jwtPayload.apiKey
    ctx.user = {
      ...jwtPayload,
      accessLevel: await getAccessLevel(
@ -53,7 +54,10 @@ module.exports = async (ctx, next) => {
        jwtPayload.accessLevelId
      ),
    }
-    ctx.isAuthenticated = ctx.user.accessLevelId !== ANON_LEVEL_ID
+    ctx.auth = {
+      authenticated: ctx.user.accessLevelId !== ANON_LEVEL_ID,
+      apiKey: jwtPayload.apiKey,
+    }
  } catch (err) {
    ctx.throw(err.status || STATUS_CODES.FORBIDDEN, err.text)
  }
--- a/packages/server/src/middleware/authorized.js
+++ b/packages/server/src/middleware/authorized.js
@ -20,9 +20,11 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
    })

    if (apiKeyInfo) {
-      ctx.isAuthenticated = true
-      ctx.externalWebhook = true
-      ctx.apiKey = ctx.headers["x-api-key"]
+      ctx.auth = {
+        authenticated: true,
+        external: true,
+        apiKey: ctx.headers["x-api-key"],
+      }
      ctx.user = {
        instanceId: ctx.headers["x-instanceid"],
      }
@ -32,7 +34,7 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
    ctx.throw(403, "API key invalid")
  }

-  if (!ctx.isAuthenticated) {
+  if (!ctx.auth.authenticated) {
    ctx.throw(403, "Session not authenticated")
  }

--- a/packages/server/src/middleware/usageQuota.js
+++ b/packages/server/src/middleware/usageQuota.js
@ -55,7 +55,7 @@ module.exports = async (ctx, next) => {
    return next()
  }
  try {
-    await usageQuota.update(ctx.apiKey, property, usage)
+    await usageQuota.update(ctx.auth.apiKey, property, usage)
    return next()
  } catch (err) {
    ctx.throw(403, err)