budibase/packages/server/src/utilities/workerRequests.js

const fetch = require("node-fetch")
const env = require("../environment")
const { checkSlashesInUrl } = require("./index")
const { getProdAppID } = require("@budibase/backend-core/db")
const { updateAppRole } = require("./global")
const { Headers } = require("@budibase/backend-core/constants")
const { getTenantId, isTenantIdSet } = require("@budibase/backend-core/tenancy")

function request(ctx, request) {
  if (!request.headers) {
    request.headers = {}
  }
  if (!ctx) {
    request.headers[Headers.API_KEY] = env.INTERNAL_API_KEY
    if (isTenantIdSet()) {
      request.headers[Headers.TENANT_ID] = getTenantId()
    }
  }
  if (request.body && Object.keys(request.body).length > 0) {
    request.headers["Content-Type"] = "application/json"
    request.body =
      typeof request.body === "object"
        ? JSON.stringify(request.body)
        : request.body
  } else {
    delete request.body
  }
  if (ctx && ctx.headers) {
    request.headers = ctx.headers
  }
  return request
}

async function checkResponse(response, errorMsg, { ctx } = {}) {
  if (response.status !== 200) {
    let error
    try {
      error = await response.json()
    } catch (err) {
      error = await response.text()
    }
    const msg = `Unable to ${errorMsg} - ${
      error.message ? error.message : error
    }`
    if (ctx) {
      ctx.throw(400, msg)
    } else {
      throw msg
    }
  }
  return response.json()
}

exports.request = request

// have to pass in the tenant ID as this could be coming from an automation
exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {
  // tenant ID will be set in header
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`),
    request(null, {
      method: "POST",
      body: {
        email: to,
        from,
        contents,
        subject,
        purpose: "custom",
        automation,
      },
    })
  )
  return checkResponse(response, "send email")
}

exports.getGlobalSelf = async (ctx, appId = null) => {
  const endpoint = `/api/global/self`
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    // we don't want to use API key when getting self
    request(ctx, { method: "GET" })
  )
  let json = await checkResponse(response, "get self globally", { ctx })
  if (appId) {
    json = updateAppRole(json)
  }
  return json
}

exports.removeAppFromUserRoles = async (ctx, appId) => {
  const prodAppId = getProdAppID(appId)
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/global/roles/${prodAppId}`),
    request(ctx, {
      method: "DELETE",
    })
  )
  return checkResponse(response, "remove app role")
}

exports.allGlobalUsers = async ctx => {
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + "/api/global/users"),
    // we don't want to use API key when getting self
    request(ctx, { method: "GET" })
  )
  return checkResponse(response, "get users", { ctx })
}

exports.saveGlobalUser = async ctx => {
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + "/api/global/users"),
    // we don't want to use API key when getting self
    request(ctx, { method: "POST", body: ctx.request.body })
  )
  return checkResponse(response, "save user", { ctx })
}

exports.deleteGlobalUser = async ctx => {
  const response = await fetch(
    checkSlashesInUrl(
      env.WORKER_URL + `/api/global/users/${ctx.params.userId}`
    ),
    // we don't want to use API key when getting self
    request(ctx, { method: "DELETE" })
  )
  return checkResponse(response, "delete user", { ctx, body: ctx.request.body })
}

exports.readGlobalUser = async ctx => {
  const response = await fetch(
    checkSlashesInUrl(
      env.WORKER_URL + `/api/global/users/${ctx.params.userId}`
    ),
    // we don't want to use API key when getting self
    request(ctx, { method: "GET" })
  )
  return checkResponse(response, "get user", { ctx })
}
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const fetch = require("node-fetch")`
			`const env = require("../environment")`
			`const { checkSlashesInUrl } = require("./index")`
Review comments, renaming deployed -> prod in terms of app IDs. 2022-01-31 18:42:51 +01:00			`const { getProdAppID } = require("@budibase/backend-core/db")`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-07 16:49:26 +02:00			`const { updateAppRole } = require("./global")`
Switching out @budibase/auth to @budibase/backend-core. 2022-01-10 20:33:00 +01:00			`const { Headers } = require("@budibase/backend-core/constants")`
			`const { getTenantId, isTenantIdSet } = require("@budibase/backend-core/tenancy")`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`function request(ctx, request) {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (!request.headers) {`
			`request.headers = {}`
			`}`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`if (!ctx) {`
Adding concept of version to APIs. 2021-07-23 16:29:14 +02:00			`request.headers[Headers.API_KEY] = env.INTERNAL_API_KEY`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`if (isTenantIdSet()) {`
			`request.headers[Headers.TENANT_ID] = getTenantId()`
			`}`
Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps. 2021-06-04 13:13:29 +02:00			`}`
Other minor fixes after doing some initial setup testing. 2021-05-10 14:18:05 +02:00			`if (request.body && Object.keys(request.body).length > 0) {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`request.headers["Content-Type"] = "application/json"`
			`request.body =`
			`typeof request.body === "object"`
			`? JSON.stringify(request.body)`
			`: request.body`
Other minor fixes after doing some initial setup testing. 2021-05-10 14:18:05 +02:00			`} else {`
			`delete request.body`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`if (ctx && ctx.headers) {`
Adding controllers for row, query and applications public APIs. 2022-02-23 19:31:32 +01:00			`request.headers = ctx.headers`
Updating some test cases to work with new system. 2021-04-09 18:33:21 +02:00			`}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`return request`
			`}`

Users implementation added. 2022-02-25 20:00:12 +01:00			`async function checkResponse(response, errorMsg, { ctx } = {}) {`
			`if (response.status !== 200) {`
			`let error`
			`try {`
			`error = await response.json()`
			`} catch (err) {`
			`error = await response.text()`
			`}`
Adding test cases for user implementation with mocks. 2022-02-25 20:01:17 +01:00			const msg = `Unable to ${errorMsg} - ${
			`error.message ? error.message : error`
			}`
Users implementation added. 2022-02-25 20:00:12 +01:00			`if (ctx) {`
			`ctx.throw(400, msg)`
			`} else {`
			`throw msg`
			`}`
			`}`
			`return response.json()`
			`}`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`exports.request = request`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`// have to pass in the tenant ID as this could be coming from an automation`
prevent SMTP fallback for automations 2021-09-27 17:28:39 +02:00			`exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`// tenant ID will be set in header`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`const response = await fetch(`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`),
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`request(null, {`
			`method: "POST",`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`body: {`
			`email: to,`
			`from,`
			`contents,`
			`subject,`
			`purpose: "custom",`
prevent SMTP fallback for automations 2021-09-27 17:28:39 +02:00			`automation,`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`},`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`})`
			`)`
Users implementation added. 2022-02-25 20:00:12 +01:00			`return checkResponse(response, "send email")`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`}`

Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-27 15:53:41 +02:00			`exports.getGlobalSelf = async (ctx, appId = null) => {`
Shifting over all of self API, deprecating old endpoints. 2022-02-14 19:11:35 +01:00			const endpoint = `/api/global/self`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps. 2021-06-04 13:13:29 +02:00			`// we don't want to use API key when getting self`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`request(ctx, { method: "GET" })`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			`)`
Users implementation added. 2022-02-25 20:00:12 +01:00			`let json = await checkResponse(response, "get self globally", { ctx })`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-27 15:53:41 +02:00			`if (appId) {`
Main body of work, refactoring most usages. 2022-01-27 19:18:31 +01:00			`json = updateAppRole(json)`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-27 15:53:41 +02:00			`}`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			`return json`
			`}`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`exports.removeAppFromUserRoles = async (ctx, appId) => {`
Review comments, renaming deployed -> prod in terms of app IDs. 2022-01-31 18:42:51 +01:00			`const prodAppId = getProdAppID(appId)`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`const response = await fetch(`
Review comments, renaming deployed -> prod in terms of app IDs. 2022-01-31 18:42:51 +01:00			checkSlashesInUrl(env.WORKER_URL + `/api/global/roles/${prodAppId}`),
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 10:59:08 +02:00			`request(ctx, {`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`method: "DELETE",`
			`})`
			`)`
Users implementation added. 2022-02-25 20:00:12 +01:00			`return checkResponse(response, "remove app role")`
			`}`

			`exports.allGlobalUsers = async ctx => {`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + "/api/global/users"),`
			`// we don't want to use API key when getting self`
			`request(ctx, { method: "GET" })`
			`)`
			`return checkResponse(response, "get users", { ctx })`
			`}`

			`exports.saveGlobalUser = async ctx => {`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + "/api/global/users"),`
			`// we don't want to use API key when getting self`
			`request(ctx, { method: "POST", body: ctx.request.body })`
			`)`
			`return checkResponse(response, "save user", { ctx })`
			`}`

			`exports.deleteGlobalUser = async ctx => {`
			`const response = await fetch(`
Adding test cases for user implementation with mocks. 2022-02-25 20:01:17 +01:00			`checkSlashesInUrl(`
			env.WORKER_URL + `/api/global/users/${ctx.params.userId}`
			`),`
Users implementation added. 2022-02-25 20:00:12 +01:00			`// we don't want to use API key when getting self`
			`request(ctx, { method: "DELETE" })`
			`)`
			`return checkResponse(response, "delete user", { ctx, body: ctx.request.body })`
			`}`

			`exports.readGlobalUser = async ctx => {`
			`const response = await fetch(`
Adding test cases for user implementation with mocks. 2022-02-25 20:01:17 +01:00			`checkSlashesInUrl(`
			env.WORKER_URL + `/api/global/users/${ctx.params.userId}`
			`),`
Users implementation added. 2022-02-25 20:00:12 +01:00			`// we don't want to use API key when getting self`
			`request(ctx, { method: "GET" })`
			`)`
			`return checkResponse(response, "get user", { ctx })`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`