Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00
Code Issues Projects Releases Wiki Activity

[authorizer] Move code for extracting auth header into a function

Browse Source
This commit is contained in:
Thomas Karolski 2022-03-12 20:01:03 +01:00 committed by Thomas Karolski
parent a584bc3a19
commit c459037b04
1 changed files with 33 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
app/server/lib/Authorizer.ts
View File

@ -89,6 +89,36 @@ export function isSingleUserMode(): boolean {
return process.env.GRIST_SINGLE_USER === '1'; return process.env.GRIST_SINGLE_USER === '1';
} }
/**
* Returns a profile if it can be deduced from the request. This requires a
* header to specify the users' email address.
*/
export function getRequestProfile(req: Request): UserProfile|undefined {
// Try to determine user based on 'x-remote-user' header passed via a webserver rewrite rule.
// TODO: The header should probably be set via an environment variable and if it is not set,
// this code path should be disabled altogether.
let header:string = "x-remote-user";
let profile: UserProfile|undefined;
if (req.headers && req.headers[header]) {
let headerContent = req.headers[header];
if (headerContent) {
const userEmail = headerContent.toString();
const [userName] = userEmail.split("@", 1);
if (userEmail && userName) {
profile = {
"email": userEmail,
"name": userName
};
}
}
}
return profile;
}
/** /**
* Returns the express request object with user information added, if it can be * Returns the express request object with user information added, if it can be
* found based on passed in headers or the session. Specifically, sets: * found based on passed in headers or the session. Specifically, sets:
@ -245,18 +275,10 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
} }
} }
// Try to determine user based on 'x-remote-user' header passed via a webserver rewrite rule.
// TODO: The header should probably be set via an environment variable and if it is not set,
// this code path should be disabled altogether.
if (!mreq.userId) { if (!mreq.userId) {
if (mreq.headers && mreq.headers["x-remote-user"]) { profile = getRequestProfile(mreq);
const remoteUser = mreq.headers["x-remote-user"].toString(); if (profile) {
log.debug("Authorized user based on 'x-remote-user' header found."); const user = await dbManager.getUserByLoginWithRetry(profile.email, profile);
profile = {
"email": remoteUser,
"name": remoteUser
};
const user = await dbManager.getUserByLoginWithRetry(remoteUser, profile);
if(user) { if(user) {
mreq.user = user; mreq.user = user;
mreq.users = [profile]; mreq.users = [profile];