tsai
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Limiting use of query string to a few select endpoints for determining tenant ID.

pull/2076/head
mike12345567 5 years ago
parent
9174615821
commit
a21fd3e0ee
2 changed files with 12 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      packages/auth/src/db/utils.js
  2. 9
      packages/worker/src/api/controllers/global/configs.js

11
packages/auth/src/db/utils.js
View File

@ -92,21 +92,24 @@ exports.getGlobalDB = tenantId => {
/**
* Given a koa context this tries to extra what tenant is being accessed.
*/
exports.getTenantIdFromCtx = ctx => {
exports.getTenantIdFromCtx = (ctx, opts = { includeQuery: false }) => {
if (!ctx) {
return null
}
const user = ctx.user || {}
const params = ctx.request.params || {}
const query = ctx.request.query || {}
let query = {}
if (opts && opts.includeQuery) {
query = ctx.request.query || {}
}
return user.tenantId || params.tenantId || query.tenantId
}
/**
* Given a koa context this tries to find the correct tenant Global DB.
*/
exports.getGlobalDBFromCtx = ctx => {
const tenantId = exports.getTenantIdFromCtx(ctx)
exports.getGlobalDBFromCtx = (ctx, opts) => {
const tenantId = exports.getTenantIdFromCtx(ctx, opts)
return exports.getGlobalDB(tenantId)
}

9
packages/worker/src/api/controllers/global/configs.js
View File

@ -99,7 +99,7 @@ exports.find = async function (ctx) {
}
exports.publicOidc = async function (ctx) {
const db = getGlobalDBFromCtx(ctx)
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try {
// Find the config with the most granular scope based on context
const oidcConfig = await getScopedFullConfig(db, {
@ -121,7 +121,7 @@ exports.publicOidc = async function (ctx) {
}
exports.publicSettings = async function (ctx) {
const db = getGlobalDBFromCtx(ctx)
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try {
// Find the config with the most granular scope based on context
@ -218,8 +218,9 @@ exports.destroy = async function (ctx) {
}
exports.configChecklist = async function (ctx) {
const tenantId = getTenantIdFromCtx(ctx)
const db = getGlobalDBFromCtx(ctx)
// include the query string only for a select few endpoints
const tenantId = getTenantIdFromCtx(ctx, { includeQuery: true })
const db = getGlobalDBFromCtx(ctx, { includeQuery: true })
try {
// TODO: Watch get started video

Write Preview
Loading…
Cancel
Save