budibase/packages/server/src/api/controllers/static.js

const send = require("koa-send")
const { resolve, join } = require("path")
const jwt = require("jsonwebtoken")
const fetch = require("node-fetch")
const fs = require("fs")
const uuid = require("uuid")

const {
  budibaseAppsDir,
  budibaseTempDir,
} = require("../../utilities/budibaseDir")
const CouchDB = require("../../db")
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
const { ANON_LEVEL_ID } = require("../../utilities/accessLevels")
const fileProcessor = require("../../utilities/fileProcessor")

exports.serveBuilder = async function(ctx) {
  let builderPath = resolve(__dirname, "../../../builder")
  if (ctx.file === "index.html") {
    setBuilderToken(ctx)
  }
  await send(ctx, ctx.file, { root: ctx.devPath || builderPath })
}

exports.deleteLocalFileUpload = async function(ctx) {
  try {
    const db = new CouchDB(ctx.user.instanceId)
    let fileUploads = await db.get("_local/fileuploads")
    fileUploads.uploads = fileUploads.uploads.filter(
      upload => upload.fileName !== ctx.params.fileName
    )
    await db.put(fileUploads)
    ctx.body = {
      message: `${ctx.fileName} deleted.`,
    }
  } catch (err) {
    ctx.throw(500, err)
  }
}

exports.processLocalFileUpload = async function(ctx) {
  const { files } = ctx.request.body

  const attachmentsPath = resolve(
    budibaseAppsDir(),
    ctx.user.appId,
    "attachments"
  )

  // create attachments dir if it doesnt exist
  !fs.existsSync(attachmentsPath) &&
    fs.mkdirSync(attachmentsPath, { recursive: true })

  const filesToProcess = files.map(file => {
    const fileExtension = [...file.path.split(".")].pop()
    // filenames converted to UUIDs so they are unique
    const fileName = `${uuid.v4()}.${fileExtension}`

    return {
      ...file,
      fileName,
      extension: fileExtension,
      outputPath: join(attachmentsPath, fileName),
      clientUrl: join("/attachments", fileName),
    }
  })

  const fileProcessOperations = filesToProcess.map(file =>
    fileProcessor.process(file)
  )

  try {
    // TODO: get file sizes of images after resize
    await Promise.all(fileProcessOperations)

    let pendingFileUploads
    // local document used to track which files need to be uploaded
    // db.get throws an error if the document doesn't exist
    // need to use a promise to default
    const db = new CouchDB(ctx.user.instanceId)
    await db
      .get("_local/fileuploads")
      .then(data => {
        pendingFileUploads = data
      })
      .catch(() => {
        pendingFileUploads = { _id: "_local/fileuploads", uploads: [] }
      })

    pendingFileUploads.uploads = [...filesToProcess, ...pendingFileUploads.uploads]
    await db.put(pendingFileUploads)

    ctx.body = filesToProcess
  } catch (err) {
    ctx.throw(500, err)
  }
}

exports.serveApp = async function(ctx) {
  const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"

  // default to homedir
  const appPath = resolve(
    budibaseAppsDir(),
    ctx.params.appId,
    "public",
    mainOrAuth
  )

  let appId = ctx.params.appId
  if (process.env.CLOUD) {
    appId = ctx.subdomains[1]
  }

  // only set the appId cookie for /appId .. we COULD check for valid appIds
  // but would like to avoid that DB hit
  const looksLikeAppId = /^[0-9a-f]{32}$/.test(appId)
  if (looksLikeAppId && !ctx.isAuthenticated) {
    const anonUser = {
      userId: "ANON",
      accessLevelId: ANON_LEVEL_ID,
      appId,
    }
    const anonToken = jwt.sign(anonUser, ctx.config.jwtSecret)
    ctx.cookies.set("budibase:token", anonToken, {
      path: "/",
      httpOnly: false,
    })
  }

  if (process.env.CLOUD) {
    const S3_URL = `https://${appId}.app.budi.live/assets/${appId}/${mainOrAuth}/${ctx.file ||
      "index.production.html"}`

    const response = await fetch(S3_URL)
    const body = await response.text()
    ctx.body = body
    return
  }

  await send(ctx, ctx.file || "index.html", { root: ctx.devPath || appPath })
}

exports.serveAttachment = async function(ctx) {
  const appId = ctx.user.appId

  const attachmentsPath = resolve(budibaseAppsDir(), appId, "attachments")

  // Serve from CloudFront
  if (process.env.CLOUD) {
    const S3_URL = `https://cdn.app.budi.live/assets/${appId}/attachments/${ctx.file}`

    const response = await fetch(S3_URL)
    const body = await response.text()
    ctx.body = body
    return
  }

  await send(ctx, ctx.file, { root: attachmentsPath })
}

exports.serveAppAsset = async function(ctx) {
  // default to homedir
  const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"

  const appPath = resolve(
    budibaseAppsDir(),
    ctx.user.appId,
    "public",
    mainOrAuth
  )

  await send(ctx, ctx.file, { root: ctx.devPath || appPath })
}

exports.serveComponentLibrary = async function(ctx) {
  // default to homedir
  let componentLibraryPath = resolve(
    budibaseAppsDir(),
    ctx.user.appId,
    "node_modules",
    decodeURI(ctx.query.library),
    "package",
    "dist"
  )

  if (ctx.isDev) {
    componentLibraryPath = join(
      budibaseTempDir(),
      decodeURI(ctx.query.library),
      "dist"
    )
  }

  // TODO: component libs should be versioned based on app version
  if (process.env.CLOUD) {
    const appId = ctx.user.appId
    const S3_URL = encodeURI(
      `https://${appId}.app.budi.live/assets/componentlibrary/${ctx.query.library}/dist/index.js`
    )
    const response = await fetch(S3_URL)
    const body = await response.text()
    ctx.type = "application/javascript"
    ctx.body = body
    return
  }

  await send(ctx, "/index.js", { root: componentLibraryPath })
}
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const send = require("koa-send")`
development setup, adding data components 2020-05-06 11:33:30 +02:00			`const { resolve, join } = require("path")`
removed x-user-agent 2020-06-19 17:59:46 +02:00			`const jwt = require("jsonwebtoken")`
cleaned up deploy code 2020-06-29 11:27:38 +02:00			`const fetch = require("node-fetch")`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00			`const fs = require("fs")`
Dropzone styling 2020-09-16 13:18:47 +02:00			`const uuid = require("uuid")`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
lint 2020-09-17 17:36:39 +02:00			`const {`
			`budibaseAppsDir,`
			`budibaseTempDir,`
			`} = require("../../utilities/budibaseDir")`
			`const CouchDB = require("../../db")`
			`const setBuilderToken = require("../../utilities/builder/setBuilderToken")`
			`const { ANON_LEVEL_ID } = require("../../utilities/accessLevels")`
			`const fileProcessor = require("../../utilities/fileProcessor")`

set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00			`exports.serveBuilder = async function(ctx) {`
lint 2020-09-17 17:36:39 +02:00			`let builderPath = resolve(__dirname, "../../../builder")`
removed x-user-agent 2020-06-19 17:59:46 +02:00			`if (ctx.file === "index.html") {`
			`setBuilderToken(ctx)`
			`}`
dev setup complete 2020-05-06 13:17:15 +02:00			`await send(ctx, ctx.file, { root: ctx.devPath \|\| builderPath })`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00			`}`

delete local file upload when file deleted 2020-09-17 16:08:28 +02:00			`exports.deleteLocalFileUpload = async function(ctx) {`
			`try {`
lint 2020-09-17 17:36:39 +02:00			`const db = new CouchDB(ctx.user.instanceId)`
delete local file upload when file deleted 2020-09-17 16:08:28 +02:00			`let fileUploads = await db.get("_local/fileuploads")`
lint 2020-09-17 17:36:39 +02:00			`fileUploads.uploads = fileUploads.uploads.filter(`
			`upload => upload.fileName !== ctx.params.fileName`
			`)`
			`await db.put(fileUploads)`
delete local file upload when file deleted 2020-09-17 16:08:28 +02:00			`ctx.body = {`
lint 2020-09-17 17:36:39 +02:00			message: `${ctx.fileName} deleted.`,
delete local file upload when file deleted 2020-09-17 16:08:28 +02:00			`}`
			`} catch (err) {`
			`ctx.throw(500, err)`
			`}`
			`}`

file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00			`exports.processLocalFileUpload = async function(ctx) {`
			`const { files } = ctx.request.body`

lint 2020-09-17 17:36:39 +02:00			`const attachmentsPath = resolve(`
			`budibaseAppsDir(),`
			`ctx.user.appId,`
			`"attachments"`
			`)`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00
			`// create attachments dir if it doesnt exist`
lint 2020-09-17 17:36:39 +02:00			`!fs.existsSync(attachmentsPath) &&`
			`fs.mkdirSync(attachmentsPath, { recursive: true })`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00
Dropzone styling 2020-09-16 13:18:47 +02:00			`const filesToProcess = files.map(file => {`
			`const fileExtension = [...file.path.split(".")].pop()`
			`// filenames converted to UUIDs so they are unique`
			const fileName = `${uuid.v4()}.${fileExtension}`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00
Dropzone styling 2020-09-16 13:18:47 +02:00			`return {`
			`...file,`
delete local file upload when file deleted 2020-09-17 16:08:28 +02:00			`fileName,`
Dropzone styling 2020-09-16 13:18:47 +02:00			`extension: fileExtension,`
			`outputPath: join(attachmentsPath, fileName),`
allow deletion of images 2020-09-17 13:45:28 +02:00			`clientUrl: join("/attachments", fileName),`
Dropzone styling 2020-09-16 13:18:47 +02:00			`}`
			`})`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00
lint 2020-09-17 17:36:39 +02:00			`const fileProcessOperations = filesToProcess.map(file =>`
			`fileProcessor.process(file)`
			`)`

file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00			`try {`
Dropzone styling 2020-09-16 13:18:47 +02:00			`// TODO: get file sizes of images after resize`
more lint 2020-09-17 17:38:33 +02:00			`await Promise.all(fileProcessOperations)`
Dropzone styling 2020-09-16 13:18:47 +02:00
lint 2020-09-17 17:36:39 +02:00			`let pendingFileUploads`
Dropzone styling 2020-09-16 13:18:47 +02:00			`// local document used to track which files need to be uploaded`
			`// db.get throws an error if the document doesn't exist`
			`// need to use a promise to default`
lint 2020-09-17 17:36:39 +02:00			`const db = new CouchDB(ctx.user.instanceId)`
			`await db`
			`.get("_local/fileuploads")`
			`.then(data => {`
			`pendingFileUploads = data`
			`})`
			`.catch(() => {`
			`pendingFileUploads = { _id: "_local/fileuploads", uploads: [] }`
Dropzone styling 2020-09-16 13:18:47 +02:00			`})`

more lint 2020-09-17 17:38:33 +02:00			`pendingFileUploads.uploads = [...filesToProcess, ...pendingFileUploads.uploads]`
			`await db.put(pendingFileUploads)`
Dropzone styling 2020-09-16 13:18:47 +02:00
lint 2020-09-17 17:36:39 +02:00			`ctx.body = filesToProcess`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00			`} catch (err) {`
lint 2020-09-17 17:36:39 +02:00			`ctx.throw(500, err)`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00			`}`
			`}`

set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00			`exports.serveApp = async function(ctx) {`
lint :sparkles: 2020-07-07 22:29:20 +02:00			`const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"`
cleaned up deploy code 2020-06-29 11:27:38 +02:00
screenslots working again 2020-05-03 12:33:20 +02:00			`// default to homedir`
			`const appPath = resolve(`
allow bb home folder to bem anywhere 2020-05-11 16:42:42 +02:00			`budibaseAppsDir(),`
screenslots working again 2020-05-03 12:33:20 +02:00			`ctx.params.appId,`
			`"public",`
cleaned up deploy code 2020-06-29 11:27:38 +02:00			`mainOrAuth`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`)`
budibase complete deployment 2020-07-07 18:47:18 +02:00
			`let appId = ctx.params.appId`
			`if (process.env.CLOUD) {`
			`appId = ctx.subdomains[1]`
			`}`
lint :sparkles: 2020-07-07 22:29:20 +02:00
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`// only set the appId cookie for /appId .. we COULD check for valid appIds`
			`// but would like to avoid that DB hit`
budibase complete deployment 2020-07-07 18:47:18 +02:00			`const looksLikeAppId = /^[0-9a-f]{32}$/.test(appId)`
codereview: looksLikeAppId as variable 2020-06-19 18:21:24 +02:00			`if (looksLikeAppId && !ctx.isAuthenticated) {`
removed x-user-agent 2020-06-19 17:59:46 +02:00			`const anonUser = {`
instanceid removal 2020-06-18 17:59:31 +02:00			`userId: "ANON",`
			`accessLevelId: ANON_LEVEL_ID,`
budibase complete deployment 2020-07-07 18:47:18 +02:00			`appId,`
instanceid removal 2020-06-18 17:59:31 +02:00			`}`
removed x-user-agent 2020-06-19 17:59:46 +02:00			`const anonToken = jwt.sign(anonUser, ctx.config.jwtSecret)`
instanceid removal 2020-06-18 17:59:31 +02:00			`ctx.cookies.set("budibase:token", anonToken, {`
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`path: "/",`
			`httpOnly: false,`
			`})`
			`}`

tidy up 2020-07-09 12:21:42 +02:00			`if (process.env.CLOUD) {`
lint :sparkles: 2020-07-07 22:29:20 +02:00			const S3_URL = `https://${appId}.app.budi.live/assets/${appId}/${mainOrAuth}/${ctx.file \|\|
			"index.production.html"}`
PR Comments 2020-07-08 17:31:26 +02:00
s3 awareness, authentication through API keys 2020-07-01 22:56:53 +02:00			`const response = await fetch(S3_URL)`
cleaned up deploy code 2020-06-29 11:27:38 +02:00			`const body = await response.text()`
lint :sparkles: 2020-07-07 22:29:20 +02:00			`ctx.body = body`
s3 awareness, authentication through API keys 2020-07-01 22:56:53 +02:00			`return`
cleaned up deploy code 2020-06-29 11:27:38 +02:00			`}`
s3 awareness, authentication through API keys 2020-07-01 22:56:53 +02:00
extra index template for production 2020-07-06 20:43:40 +02:00			`await send(ctx, ctx.file \|\| "index.html", { root: ctx.devPath \|\| appPath })`
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`}`

file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00			`exports.serveAttachment = async function(ctx) {`
lint 2020-09-17 17:36:39 +02:00			`const appId = ctx.user.appId`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00
			`const attachmentsPath = resolve(budibaseAppsDir(), appId, "attachments")`

			`// Serve from CloudFront`
			`if (process.env.CLOUD) {`
lint 2020-09-17 17:36:39 +02:00			const S3_URL = `https://cdn.app.budi.live/assets/${appId}/attachments/${ctx.file}`
file attachments and processing working, basic design for dropzone 2020-09-15 17:22:13 +02:00
			`const response = await fetch(S3_URL)`
			`const body = await response.text()`
			`ctx.body = body`
			`return`
			`}`

			`await send(ctx, ctx.file, { root: attachmentsPath })`
			`}`

removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`exports.serveAppAsset = async function(ctx) {`
			`// default to homedir`
lint :sparkles: 2020-07-07 22:29:20 +02:00			`const mainOrAuth = ctx.isAuthenticated ? "main" : "unauthenticated"`
cleaned up deploy code 2020-06-29 11:27:38 +02:00
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`const appPath = resolve(`
			`budibaseAppsDir(),`
instanceid removal 2020-06-18 17:59:31 +02:00			`ctx.user.appId,`
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`"public",`
cleaned up deploy code 2020-06-29 11:27:38 +02:00			`mainOrAuth`
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`)`
screenslots working again 2020-05-03 12:33:20 +02:00
extra index template for production 2020-07-06 20:43:40 +02:00			`await send(ctx, ctx.file, { root: ctx.devPath \|\| appPath })`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00			`}`

			`exports.serveComponentLibrary = async function(ctx) {`
dev setup complete 2020-05-06 13:17:15 +02:00			`// default to homedir`
			`let componentLibraryPath = resolve(`
allow bb home folder to bem anywhere 2020-05-11 16:42:42 +02:00			`budibaseAppsDir(),`
instanceid removal 2020-06-18 17:59:31 +02:00			`ctx.user.appId,`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`"node_modules",`
component library modules and definitions refactor - moved to backend. More routing and middleware reorganisation 2020-05-02 16:29:10 +02:00			`decodeURI(ctx.query.library),`
download component libraries from NPM tarball 2020-07-14 22:07:53 +02:00			`"package",`
component library modules and definitions refactor - moved to backend. More routing and middleware reorganisation 2020-05-02 16:29:10 +02:00			`"dist"`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`)`
component library modules and definitions refactor - moved to backend. More routing and middleware reorganisation 2020-05-02 16:29:10 +02:00
dev setup complete 2020-05-06 13:17:15 +02:00			`if (ctx.isDev) {`
			`componentLibraryPath = join(`
allow bb home folder to bem anywhere 2020-05-11 16:42:42 +02:00			`budibaseTempDir(),`
development setup, adding data components 2020-05-06 11:33:30 +02:00			`decodeURI(ctx.query.library),`
			`"dist"`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`)`
development setup, adding data components 2020-05-06 11:33:30 +02:00			`}`

adding deploy script to upload assets to s3 after release 2020-08-20 12:09:54 +02:00			`// TODO: component libs should be versioned based on app version`
extra index template for production 2020-07-06 20:43:40 +02:00			`if (process.env.CLOUD) {`
			`const appId = ctx.user.appId`
lint :sparkles: 2020-07-07 22:29:20 +02:00			`const S3_URL = encodeURI(`
			`https://${appId}.app.budi.live/assets/componentlibrary/${ctx.query.library}/dist/index.js`
			`)`
extra index template for production 2020-07-06 20:43:40 +02:00			`const response = await fetch(S3_URL)`
			`const body = await response.text()`
lint :sparkles: 2020-07-07 22:29:20 +02:00			`ctx.type = "application/javascript"`
			`ctx.body = body`
extra index template for production 2020-07-06 20:43:40 +02:00			`return`
			`}`
cleaned up deploy code 2020-06-29 11:27:38 +02:00
component library modules and definitions refactor - moved to backend. More routing and middleware reorganisation 2020-05-02 16:29:10 +02:00			`await send(ctx, "/index.js", { root: componentLibraryPath })`
development setup, adding data components 2020-05-06 11:33:30 +02:00			`}`