make api calls from the boot page be owned by the support user

3 weeks ago · 485d5af268
parent fcf6b0ce15
commit 485d5af268
5 changed files with 31 additions and 2 deletions
--- a/app/common/BaseAPI.ts
+++ b/app/common/BaseAPI.ts
@ -61,6 +61,12 @@ export class BaseAPI {
      'X-Requested-With': 'XMLHttpRequest',
      ...options.headers
    };
+    if ((window as any)?.isGristBootPage) {
+      const parts = (new URL(window.location.href).pathname).split('/')
+      if (parts[0] === '' && parts[1] === 'boot' && parts[2] !== undefined) {
+        this._headers['X-Boot-Key'] = parts[2];
+      }
+    }
    this._extraParameters = options.extraParameters;
  }

--- a/app/server/lib/Authorizer.ts
+++ b/app/server/lib/Authorizer.ts
@ -193,6 +193,19 @@ export async function addRequestUser(
    }
  }

+  if (!authDone && mreq.headers && mreq.headers['x-boot-key']) {
+    const reqBootKey = String(mreq.headers['x-boot-key']);
+    const bootKey = process.env.GRIST_BOOT_KEY;
+    if (!(bootKey && bootKey === reqBootKey)) {
+      return res.status(401).send('Bad request: invalid Boot key');
+    }
+    const userId = dbManager.getSupportUserId();
+    const user = await dbManager.getUser(userId);
+    mreq.user = user;
+    mreq.userId = userId;
+    mreq.userIsAuthorized = true;
+  }
+
  // Special permission header for internal housekeeping tasks
  if (!authDone && mreq.headers && mreq.headers.permit) {
    const permitKey = String(mreq.headers.permit);
--- a/app/server/lib/ICreate.ts
+++ b/app/server/lib/ICreate.ts
@ -158,6 +158,6 @@ export function makeSimpleCreator(opts: {
    },
    getSqliteVariant: opts.getSqliteVariant,
    getSandboxVariants: opts.getSandboxVariants,
-    createInstallAdmin: opts.createInstallAdmin || (async () => new SimpleInstallAdmin()),
+    createInstallAdmin: opts.createInstallAdmin || (async (dbManager) => new SimpleInstallAdmin(dbManager)),
  };
 }
--- a/app/server/lib/InstallAdmin.ts
+++ b/app/server/lib/InstallAdmin.ts
@ -1,4 +1,5 @@
 import {ApiError} from 'app/common/ApiError';
+import {HomeDBManager} from 'app/gen-server/lib/HomeDBManager';
 import {appSettings} from 'app/server/lib/AppSettings';
 import {getUser, RequestWithLogin} from 'app/server/lib/Authorizer';
 import {User} from 'app/gen-server/entity/User';
@ -40,13 +41,19 @@ export abstract class InstallAdmin {
 }

 // Considers the user whose email matches GRIST_DEFAULT_EMAIL env var, if given, to be the
-// installation admin. If not given, then there is no admin.
+// installation admin. The support user is also accepted.
+// Otherwise, there is no admin.
 export class SimpleInstallAdmin extends InstallAdmin {
  private _installAdminEmail = appSettings.section('access').flag('installAdminEmail').readString({
    envVar: 'GRIST_DEFAULT_EMAIL',
  });

+  public constructor(private _dbManager: HomeDBManager) {
+    super();
+  }
+
  public override async isAdminUser(user: User): Promise<boolean> {
+    if (user.id === this._dbManager.getSupportUserId()) { return true;}
    return this._installAdminEmail ? (user.loginEmail === this._installAdminEmail) : false;
  }
 }
--- a/static/boot.html
+++ b/static/boot.html
@ -10,6 +10,9 @@
  <title>Loading...<!-- INSERT TITLE SUFFIX --></title>
 </head>
 <body>
+  <script>
+    window.isGristBootPage = true;
+  </script>
  <script crossorigin="anonymous" src="boot.bundle.js"></script>
 </body>
 </html>