feat: Disable authentication checks in developer mode

cube-js · Apr 11, 2019 · bc09eba · bc09eba
1 parent face67e
commit bc09eba
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/packages/cubejs-api-gateway/index.js b/packages/cubejs-api-gateway/index.js
@@ -116,7 +116,7 @@ const querySchema = Joi.object().keys({
   segments: Joi.array().items(id),
   timezone: Joi.string(),
   limit: Joi.number().integer().min(1).max(50000)
-}).or("measures","dimensions");
+}).or("measures", "dimensions");
 
 const normalizeQuery = (query) => {
   // eslint-disable-next-line no-unused-vars
@@ -195,7 +195,7 @@ class ApiGateway {
   initApp(app) {
     app.get(`${this.basePath}/v1/load`, this.checkAuthMiddleware, (async (req, res) => {
       try {
-        const query = JSON.parse(req.query.query)
+        const query = JSON.parse(req.query.query);
         this.log(req, {
           type: 'Load Request',
           query: req.query.query
@@ -297,10 +297,20 @@ class ApiGateway {
         req.authInfo = jwt.verify(auth, secret);
         return next && next();
       } catch (e) {
-        res.status(403).json({ error: 'Invalid token' });
+        if (process.env.NODE_ENV === 'production') {
+          res.status(403).json({ error: 'Invalid token' });
+        } else {
+          this.log(req, {
+            type: 'Invalid Token',
+            error: e.stack || e.toString()
+          });
+          return next && next();
+        }
       }
-    } else {
+    } else if (process.env.NODE_ENV === 'production') {
       res.status(403).send({ error: "Authorization header isn't set" });
+    } else {
+      return next && next();
     }
     return null;
   }

diff --git a/packages/cubejs-server-core/core/DevServer.js b/packages/cubejs-server-core/core/DevServer.js
@@ -26,7 +26,11 @@ class DevServer {
     const apiUrl = process.env.CUBEJS_API_URL || `http://localhost:${port}`;
     const jwt = require('jsonwebtoken');
     const cubejsToken = jwt.sign({}, this.cubejsServer.apiSecret, { expiresIn: '1d' });
-    console.log(`🔒 Your temporary cube.js token: ${cubejsToken}`);
+    if (process.NODE_ENV !== 'production') {
+      console.log(`🔓 Authentication checks are disabled in developer mode. Please use NODE_ENV=production to enable it.`);
+    } else {
+      console.log(`🔒 Your temporary cube.js token: ${cubejsToken}`);
+    }
     console.log(`🦅 Dev environment available at ${apiUrl}`);
     this.cubejsServer.event('Dev Server Start');
     const serveStatic = require('serve-static');