fixes 896: don't assume user agent to be always present (#907)

Author: sadiqkhoja

lib/http/preprocessors.js

@@ -153,6 +153,13 @@ const queryOptionsHandler = (_, context) => {
   return context.with({ queryOptions: new QueryOptions(options), transitoryData: new Map() });
 };
 
+// User Agent in HTTP is optional, if not provided then it is `undefined`.
+// `undefined` causes Slonik to fail, we are setting it to `null` here so that
+// we don't have check its existence in multiple places.
+const userAgentHandler = (_, context) => {
+  const userAgent = context.headers['user-agent'] ?? null;
+  return context.with({ userAgent });
+};
 
-module.exports = { emptyAuthInjector, authHandler, queryOptionsHandler };
+module.exports = { emptyAuthInjector, authHandler, queryOptionsHandler, userAgentHandler };
 

lib/http/service.js

@@ -49,8 +49,8 @@ module.exports = (container) => {
   // and for easier transaction management.
 
   const { builder } = require('./endpoint');
-  const { emptyAuthInjector, authHandler, queryOptionsHandler } = require('./preprocessors');
-  const endpoint = builder(container, [ emptyAuthInjector, authHandler, queryOptionsHandler ]);
+  const { emptyAuthInjector, authHandler, queryOptionsHandler, userAgentHandler } = require('./preprocessors');
+  const endpoint = builder(container, [ emptyAuthInjector, authHandler, queryOptionsHandler, userAgentHandler ]);
 
 
   ////////////////////////////////////////////////////////////////////////////////

lib/resources/entities.js

@@ -74,7 +74,7 @@ module.exports = (service, endpoint) => {
 
   }));
 
-  service.post('/projects/:id/datasets/:name/entities', endpoint(async ({ Datasets, Entities }, { auth, body, headers, params }) => {
+  service.post('/projects/:id/datasets/:name/entities', endpoint(async ({ Datasets, Entities }, { auth, body, params, userAgent }) => {
 
     const dataset = await Datasets.get(params.id, params.name).then(getOrNotFound);
 
@@ -85,13 +85,13 @@ module.exports = (service, endpoint) => {
     const partial = await Entity.fromJson(body, properties, dataset);
 
     const sourceId = await Entities.createSource();
-    const entity = await Entities.createNew(dataset, partial, null, sourceId, headers['user-agent']);
+    const entity = await Entities.createNew(dataset, partial, null, sourceId, userAgent);
 
     // Entities.createNew doesn't return enough information for a full response so re-fetch.
     return Entities.getById(dataset.id, entity.uuid).then(getOrNotFound);
   }));
 
-  service.patch('/projects/:id/datasets/:name/entities/:uuid', endpoint(async ({ Datasets, Entities }, { auth, body, headers, params, query }) => {
+  service.patch('/projects/:id/datasets/:name/entities/:uuid', endpoint(async ({ Datasets, Entities }, { auth, body, params, query, userAgent }) => {
 
     const dataset = await Datasets.get(params.id, params.name).then(getOrNotFound);
 
@@ -105,7 +105,7 @@ module.exports = (service, endpoint) => {
     const partial = Entity.fromJson(body, properties, dataset, entity);
 
     const sourceId = await Entities.createSource();
-    return Entities.createVersion(dataset, entity, partial.def.data, partial.def.label, sourceId, headers['user-agent']);
+    return Entities.createVersion(dataset, entity, partial.def.data, partial.def.label, sourceId, userAgent);
   }));
 
   service.delete('/projects/:projectId/datasets/:name/entities/:uuid', endpoint(async ({ Datasets, Entities }, { auth, params, queryOptions }) => {

lib/resources/sessions.js

@@ -15,7 +15,7 @@ const { success } = require('../util/http');
 
 module.exports = (service, endpoint) => {
 
-  service.post('/sessions', endpoint(({ Audits, Users, Sessions, bcrypt }, { body, headers }) => {
+  service.post('/sessions', endpoint(({ Audits, Users, Sessions, bcrypt }, { body, userAgent }) => {
     const { email, password } = body;
 
     if (isBlank(email) || isBlank(password))
@@ -33,9 +33,7 @@ module.exports = (service, endpoint) => {
           // Logging here rather than defining Sessions.create.audit, because
           // Sessions.create.audit would require auth. Logging here also makes
           // it easy to access `headers`.
-          Audits.log(user.actor, 'user.session.create', user.actor, {
-            userAgent: headers['user-agent']
-          })
+          Audits.log(user.actor, 'user.session.create', user.actor, { userAgent })
         ]))
         .then(([ session ]) => (_, response) => {
           response.cookie('__Host-session', session.token, { path: '/', expires: session.expiresAt,

lib/resources/submissions.js

@@ -81,7 +81,7 @@ module.exports = (service, endpoint) => {
     };
 
     // Nonstandard REST; OpenRosa-specific API.
-    service.post(path, multipart.any(), multerUtf, endpoint.openRosa(({ Forms, Submissions, SubmissionAttachments }, { params, files, auth, query, headers }) =>
+    service.post(path, multipart.any(), multerUtf, endpoint.openRosa(({ Forms, Submissions, SubmissionAttachments }, { params, files, auth, query, userAgent }) =>
       Submission.fromXml(findMultipart(files).buffer)
         .then((partial) => getForm(auth, params, partial.xmlFormId, Forms, partial.def.version)
           .catch(forceAuthFailed)
@@ -124,7 +124,7 @@ module.exports = (service, endpoint) => {
                   }
                   // NEW SUBMISSION REQUEST: create a new submission and attachments.
                   return Promise.all([
-                    Submissions.createNew(partial, form, query.deviceID, headers['user-agent']),
+                    Submissions.createNew(partial, form, query.deviceID, userAgent),
                     Forms.getBinaryFields(form.def.id)
                   ]).then(([ saved, binaryFields ]) => SubmissionAttachments.create(saved, form, binaryFields, files));
                 });
@@ -177,7 +177,7 @@ module.exports = (service, endpoint) => {
   // and repeated for draft/nondraft.
 
   const restSubmission = (base, draft, getForm) => {
-    service.post(`${base}/submissions`, endpoint(({ Forms, Submissions, SubmissionAttachments }, { params, auth, query, headers }, request) =>
+    service.post(`${base}/submissions`, endpoint(({ Forms, Submissions, SubmissionAttachments }, { params, auth, query, userAgent }, request) =>
       Submission.fromXml(request)
         .then((partial) => getForm(params, Forms, partial.def.version)
           .then((form) => auth.canOrReject('submission.create', form))
@@ -186,15 +186,15 @@ module.exports = (service, endpoint) => {
               return reject(Problem.user.unexpectedValue({ field: 'form id', value: partial.xmlFormId, reason: 'did not match the form ID in the URL' }));
 
             return Promise.all([
-              Submissions.createNew(partial, form, query.deviceID, headers['user-agent']),
+              Submissions.createNew(partial, form, query.deviceID, userAgent),
               Forms.getBinaryFields(form.def.id)
             ])
               .then(([ submission, binaryFields ]) =>
                 SubmissionAttachments.create(submission, form, binaryFields)
                   .then(always(submission)));
           }))));
 
-    service.put(`${base}/submissions/:instanceId`, endpoint(({ Forms, Submissions, SubmissionAttachments }, { params, auth, query, headers }, request) =>
+    service.put(`${base}/submissions/:instanceId`, endpoint(({ Forms, Submissions, SubmissionAttachments }, { params, auth, query, userAgent }, request) =>
       Submission.fromXml(request).then((partial) => {
         if (partial.xmlFormId !== params.formId)
           return reject(Problem.user.unexpectedValue({ field: 'form id', value: partial.xmlFormId, reason: 'did not match the form ID in the URL' }));
@@ -211,7 +211,7 @@ module.exports = (service, endpoint) => {
             .then(getOrNotFound) // this request exists just to check existence and fail the whole request.
         ])
           .then(([ deprecated, form ]) => Promise.all([
-            Submissions.createVersion(partial, deprecated, form, query.deviceID, headers['user-agent']),
+            Submissions.createVersion(partial, deprecated, form, query.deviceID, userAgent),
             Forms.getBinaryFields(form.def.id),
             SubmissionAttachments.getForFormAndInstanceId(form.id, deprecatedId, draft),
           ])