Fix: Remove user reference from webhook context (#2337)

* fix: remove user info from webhook handlebar context Signed-off-by: Pranav C <pranavxc@gmail.com> * docs: update webhook context variables docs Signed-off-by: Pranav C <pranavxc@gmail.com>
2 years ago · 269a19c2ad
3 changed files with 18 additions and 64 deletions
--- a/packages/noco-docs/content/en/developer-resources/webhooks.md
+++ b/packages/noco-docs/content/en/developer-resources/webhooks.md
@ -66,15 +66,9 @@ For INSERT/ UPDATE based triggers, use following handlebars to access correspond
 Note that, for Update trigger - all the fields in the ROW will be accessible, not just the field updated.
 For DELETE based triggers, **only** {{ data.id }} is accessible representing ID of the column deleted.
  
-For all trigger, following **user** information associated with person trigger can be accessed.
-
-   {{ **user**.id }} : Unique auto incremented NocoDB system value
-   {{ **user**.email }} : User E-mail.
-   {{ **user**.roles }} : User Role amongst [Owner, Creator, Editor, Commenter, Viewer].
-
 ### JSON format

-Use {{ json data }} {{ json user }} to dump complete data & user information available in JSON format
+Use {{ json data }} to dump complete data & user information available in JSON format

 ### Additional references:

--- a/packages/nocodb/src/lib/db/sql-data-mapper/lib/sql/BaseModelSqlv2.ts
+++ b/packages/nocodb/src/lib/db/sql-data-mapper/lib/sql/BaseModelSqlv2.ts
@ -34,8 +34,7 @@ import Hook from '../../../../models/Hook';
 import NcPluginMgrv2 from '../../../../meta/helpers/NcPluginMgrv2';
 import {
  _transformSubmittedFormDataForEmail,
-  invokeWebhook,
-  parseBody
+  invokeWebhook
 } from '../../../../meta/helpers/webhookHelpers';
 import Validator from 'validator';
 import { customValidators } from './customValidators';
@ -1791,7 +1790,7 @@ class BaseModelSqlv2 {
          // todo: notification template
          (await NcPluginMgrv2.emailAdapter())?.mailSend({
            to: emails.join(','),
-            subject: parseBody('NocoDB Form', req, data, {}),
+            subject: 'NocoDB Form',
            html: ejs.render(formSubmissionEmailTemplate, {
              data: transformedData,
              tn: this.model.table_name,
--- a/packages/nocodb/src/lib/meta/helpers/webhookHelpers.ts
+++ b/packages/nocodb/src/lib/meta/helpers/webhookHelpers.ts
@ -7,21 +7,13 @@ import Filter from '../../models/Filter';
 import HookLog from '../../models/HookLog';
 import { HookLogType } from 'nocodb-sdk';

-export function parseBody(
-  template: string,
-  user: any,
-  data: any,
-  payload: any
-): string {
+export function parseBody(template: string, data: any): string {
  if (!template) {
    return template;
  }

  return Handlebars.compile(template, { noEscape: true })({
-    data,
-    user,
-    payload,
-    env: process.env
+    data
  });
 }

@ -121,28 +113,24 @@ export async function handleHttpWebHook(apiMeta, user, data) {
  // }
 }

-export function axiosRequestMake(_apiMeta, user, data) {
+export function axiosRequestMake(_apiMeta, _user, data) {
  const apiMeta = { ..._apiMeta };
  if (apiMeta.body) {
    try {
      apiMeta.body = JSON.parse(apiMeta.body, (_key, value) => {
-        return typeof value === 'string'
-          ? parseBody(value, user, data, apiMeta)
-          : value;
+        return typeof value === 'string' ? parseBody(value, data) : value;
      });
    } catch (e) {
-      apiMeta.body = parseBody(apiMeta.body, user, data, apiMeta);
+      apiMeta.body = parseBody(apiMeta.body, data);
    }
  }
  if (apiMeta.auth) {
    try {
      apiMeta.auth = JSON.parse(apiMeta.auth, (_key, value) => {
-        return typeof value === 'string'
-          ? parseBody(value, user, data, apiMeta)
-          : value;
+        return typeof value === 'string' ? parseBody(value, data) : value;
      });
    } catch (e) {
-      apiMeta.auth = parseBody(apiMeta.auth, user, data, apiMeta);
+      apiMeta.auth = parseBody(apiMeta.auth, data);
    }
  }
  apiMeta.response = {};
@ -150,23 +138,18 @@ export function axiosRequestMake(_apiMeta, user, data) {
    params: apiMeta.parameters
      ? apiMeta.parameters.reduce((paramsObj, param) => {
          if (param.name && param.enabled) {
-            paramsObj[param.name] = parseBody(param.value, user, data, apiMeta);
+            paramsObj[param.name] = parseBody(param.value, data);
          }
          return paramsObj;
        }, {})
      : {},
-    url: parseBody(apiMeta.path, user, data, apiMeta),
+    url: parseBody(apiMeta.path, data),
    method: apiMeta.method,
    data: apiMeta.body,
    headers: apiMeta.headers
      ? apiMeta.headers.reduce((headersObj, header) => {
          if (header.name && header.enabled) {
-            headersObj[header.name] = parseBody(
-              header.value,
-              user,
-              data,
-              apiMeta
-            );
+            headersObj[header.name] = parseBody(header.value, data);
          }
          return headersObj;
        }, {})
@ -208,24 +191,9 @@ export async function invokeWebhook(
      case 'Email':
        {
          const res = await (await NcPluginMgrv2.emailAdapter())?.mailSend({
-            to: parseBody(
-              notification?.payload?.to,
-              user,
-              data,
-              notification?.payload
-            ),
-            subject: parseBody(
-              notification?.payload?.subject,
-              user,
-              data,
-              notification?.payload
-            ),
-            html: parseBody(
-              notification?.payload?.body,
-              user,
-              data,
-              notification?.payload
-            )
+            to: parseBody(notification?.payload?.to, data),
+            subject: parseBody(notification?.payload?.subject, data),
+            html: parseBody(notification?.payload?.body, data)
          });
          hookLog = {
            ...hook,
@ -258,16 +226,9 @@ export async function invokeWebhook(
          const res = await (
            await NcPluginMgrv2.webhookNotificationAdapters(notification.type)
          ).sendMessage(
-            parseBody(
-              notification?.payload?.body,
-              user,
-              data,
-              notification?.payload
-            ),
+            parseBody(notification?.payload?.body, data),
            JSON.parse(JSON.stringify(notification?.payload), (_key, value) => {
-              return typeof value === 'string'
-                ? parseBody(value, user, data, notification?.payload)
-                : value;
+              return typeof value === 'string' ? parseBody(value, data) : value;
            })
          );