budibase/packages/server/src/api/routes/static.ts

import Router from "@koa/router"
import * as controller from "../controllers/static"
import { budibaseTempDir } from "../../utilities/budibaseDir"
import authorized from "../../middleware/authorized"
import { permissions } from "@budibase/backend-core"
import * as env from "../../environment"
import { paramResource } from "../../middleware/resourceId"
const { BUILDER, PermissionType, PermissionLevel } = permissions

const router: Router = new Router()

/* istanbul ignore next */
router.param("file", async (file: any, ctx: any, next: any) => {
  ctx.file = file && file.includes(".") ? file : "index.html"
  if (!ctx.file.startsWith("budibase-client")) {
    return next()
  }
  // test serves from require
  if (env.isTest()) {
    ctx.devPath = require.resolve("@budibase/client").split(ctx.file)[0]
  } else if (env.isDev()) {
    // Serving the client library from your local dir in dev
    ctx.devPath = budibaseTempDir()
  }
  return next()
})

// only used in development for retrieving the client library,
// in production the client lib is always stored in the object store.
if (env.isDev()) {
  router.get("/api/assets/client", controller.serveClientLibrary)
}

router
  // TODO: for now this builder endpoint is not authorized/secured, will need to be
  .get("/builder/:file*", controller.serveBuilder)
  .post("/api/attachments/process", authorized(BUILDER), controller.uploadFile)
  .post(
    "/api/attachments/delete",
    authorized(BUILDER),
    controller.deleteObjects
  )
  .post("/api/beta/:feature", controller.toggleBetaUiFeature)
  .post(
    "/api/attachments/:tableId/upload",
    paramResource("tableId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    controller.uploadFile
  )
  .post(
    "/api/attachments/:tableId/delete",
    paramResource("tableId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    controller.deleteObjects
  )
  .get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview)
  .get("/:appId/:path*", controller.serveApp)
  .get("/app/:appUrl/:path*", controller.serveApp)
  .post(
    "/api/attachments/:datasourceId/url",
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    controller.getSignedUploadURL
  )

export = router
Tests complete + backwards compatibility for deployment 2022-03-22 01:23:22 +01:00			`import Router from "@koa/router"`
Published apps, automations and query count quotas 2022-03-20 02:13:54 +01:00			`import * as controller from "../controllers/static"`
			`import { budibaseTempDir } from "../../utilities/budibaseDir"`
			`import authorized from "../../middleware/authorized"`
Updating all of the route files to typescript, as well as some controllers. 2022-11-22 19:49:19 +01:00			`import { permissions } from "@budibase/backend-core"`
Published apps, automations and query count quotas 2022-03-20 02:13:54 +01:00			`import * as env from "../../environment"`
			`import { paramResource } from "../../middleware/resourceId"`
Updating all of the route files to typescript, as well as some controllers. 2022-11-22 19:49:19 +01:00			`const { BUILDER, PermissionType, PermissionLevel } = permissions`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
Some typescript conversions, moving a few imports around. 2022-11-21 19:33:34 +01:00			`const router: Router = new Router()`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
Updating row tests, reducing console logging during tests for speed and clarity, testing some misc endpoints and updating search functionality to use a starts with operator when working with strings on rows. 2021-03-10 18:55:42 +01:00			`/* istanbul ignore next */`
Tests complete + backwards compatibility for deployment 2022-03-22 01:23:22 +01:00			`router.param("file", async (file: any, ctx: any, next: any) => {`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`ctx.file = file && file.includes(".") ? file : "index.html"`
Quick change to make sure the client lib always served correctly in test. 2021-03-25 17:08:09 +01:00			`if (!ctx.file.startsWith("budibase-client")) {`
			`return next()`
			`}`
			`// test serves from require`
			`if (env.isTest()) {`
			`ctx.devPath = require.resolve("@budibase/client").split(ctx.file)[0]`
			`} else if (env.isDev()) {`
			`// Serving the client library from your local dir in dev`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`ctx.devPath = budibaseTempDir()`
			`}`
Quick change to make sure the client lib always served correctly in test. 2021-03-25 17:08:09 +01:00			`return next()`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`})`
dev setup complete 2020-05-06 13:17:15 +02:00
Some refactoring of utilities and constants, as well as documenting work carried out here. 2021-04-01 15:11:58 +02:00			`// only used in development for retrieving the client library,`
			`// in production the client lib is always stored in the object store.`
Updating how the client library is served in development. 2021-04-01 13:48:38 +02:00			`if (env.isDev()) {`
Some refactoring of utilities and constants, as well as documenting work carried out here. 2021-04-01 15:11:58 +02:00			`router.get("/api/assets/client", controller.serveClientLibrary)`
Updating how the client library is served in development. 2021-04-01 13:48:38 +02:00			`}`

removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`router`
Support serving vite-bundled builder from server 2021-03-31 20:55:55 +02:00			`// TODO: for now this builder endpoint is not authorized/secured, will need to be`
			`.get("/builder/:file*", controller.serveBuilder)`
Remove electron specific attachment uploads inside the builder 2021-03-15 13:10:21 +01:00			`.post("/api/attachments/process", authorized(BUILDER), controller.uploadFile)`
Allow delete attachments from builder data section 2022-08-15 16:46:55 +02:00			`.post(`
			`"/api/attachments/delete",`
			`authorized(BUILDER),`
			`controller.deleteObjects`
			`)`
new ui functionality working from S3 bucket 2022-06-07 00:30:36 +02:00			`.post("/api/beta/:feature", controller.toggleBetaUiFeature)`
Updating some route middleware security. 2021-04-01 15:38:31 +02:00			`.post(`
fixing attachments for public apps 2021-06-08 13:50:58 +02:00			`"/api/attachments/:tableId/upload",`
			`paramResource("tableId"),`
Updating some enums, plural to single. 2022-11-17 15:59:18 +01:00			`authorized(PermissionType.TABLE, PermissionLevel.WRITE),`
Updating some route middleware security. 2021-04-01 15:38:31 +02:00			`controller.uploadFile`
			`)`
Delete attachments on field clear 2022-08-12 12:29:57 +02:00			`.post(`
			`"/api/attachments/:tableId/delete",`
			`paramResource("tableId"),`
Updating some enums, plural to single. 2022-11-17 15:59:18 +01:00			`authorized(PermissionType.TABLE, PermissionLevel.WRITE),`
Delete attachments on field clear 2022-08-12 12:29:57 +02:00			`controller.deleteObjects`
			`)`
Update preview endpoint to be prefixed with /app to not require an updated proxy config 2022-09-07 11:40:00 +02:00			`.get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview)`
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`.get("/:appId/:path*", controller.serveApp)`
Fix cross tenant apps with session 2022-03-23 17:45:06 +01:00			`.get("/app/:appUrl/:path*", controller.serveApp)`
Update S3 upload with develop and fix preview URLs 2022-01-13 18:18:24 +01:00			`.post(`
			`"/api/attachments/:datasourceId/url",`
Updating some enums, plural to single. 2022-11-17 15:59:18 +01:00			`authorized(PermissionType.TABLE, PermissionLevel.READ),`
Update S3 upload with develop and fix preview URLs 2022-01-13 18:18:24 +01:00			`controller.getSignedUploadURL`
			`)`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
Updating all of the route files to typescript, as well as some controllers. 2022-11-22 19:49:19 +01:00			`export = router`