budibase/packages/server/src/api/controllers/user.js

const CouchDB = require("../../db")
const {
  generateUserID,
  getUserParams,
  getEmailFromUserID,
} = require("@budibase/auth")
const { InternalTables } = require("../../db/utils")
const { getRole } = require("../../utilities/security/roles")
const { checkSlashesInUrl } = require("../../utilities")
const env = require("../../environment")
const fetch = require("node-fetch")

async function deleteGlobalUser(email) {
  const endpoint = `/api/admin/users/${email}`
  const reqCfg = { method: "DELETE" }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    reqCfg
  )
  return response.json()
}

async function getGlobalUsers(email = null) {
  const endpoint = email ? `/api/admin/users/${email}` : `/api/admin/users`
  const reqCfg = { method: "GET" }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    reqCfg
  )
  return response.json()
}

async function saveGlobalUser(appId, email, body) {
  const globalUser = await getGlobalUsers(email)
  const roles = globalUser.roles || {}
  if (body.roleId) {
    roles.appId = body.roleId
  }
  const endpoint = `/api/admin/users`
  const reqCfg = {
    method: "POST",
    body: {
      ...globalUser,
      email,
      password: body.password,
      status: body.status,
      roles,
    },
  }

  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    reqCfg
  )
  await response.json()
  delete body.email
  delete body.password
  delete body.roleId
  delete body.status
  return body
}

exports.fetchMetadata = async function(ctx) {
  const database = new CouchDB(ctx.appId)
  const global = await getGlobalUsers()
  const metadata = (
    await database.allDocs(
      getUserParams(null, {
        include_docs: true,
      })
    )
  ).rows.map(row => row.doc)
  const users = []
  for (let user of global) {
    const info = metadata.find(meta => meta._id.includes(user.email))
    users.push({
      ...user,
      ...info,
    })
  }
  ctx.body = users
}

exports.createMetadata = async function(ctx) {
  const appId = ctx.appId
  const db = new CouchDB(appId)
  const { email, roleId } = ctx.request.body

  // check role valid
  const role = await getRole(appId, roleId)
  if (!role) ctx.throw(400, "Invalid Role")

  const metadata = await saveGlobalUser(appId, email, ctx.request.body)

  const user = {
    ...metadata,
    _id: generateUserID(email),
    type: "user",
    tableId: InternalTables.USER_METADATA,
  }

  const response = await db.post(user)
  ctx.body = {
    _rev: response.rev,
    email,
  }
}

exports.updateMetadata = async function(ctx) {
  const appId = ctx.appId
  const db = new CouchDB(appId)
  const user = ctx.request.body
  let email = user.email || getEmailFromUserID(user._id)
  const metadata = await saveGlobalUser(appId, email, ctx.request.body)

  if (!metadata._id) {
    user._id = generateUserID(email)
  }
  ctx.body = await db.put({
    ...metadata,
  })
}

exports.destroyMetadata = async function(ctx) {
  const db = new CouchDB(ctx.appId)
  const email = ctx.params.email
  await deleteGlobalUser(email)
  await db.destroy(generateUserID(email))
  ctx.body = {
    message: `User ${ctx.params.email} deleted.`,
  }
}

exports.findMetadata = async function(ctx) {
  const database = new CouchDB(ctx.appId)
  let lookup = ctx.params.email
    ? generateUserID(ctx.params.email)
    : ctx.params.userId
  const user = await database.get(lookup)
  if (user) {
    delete user.password
  }
  ctx.body = user
}
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const CouchDB = require("../../db")`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`const {`
			`generateUserID,`
			`getUserParams,`
			`getEmailFromUserID,`
			`} = require("@budibase/auth")`
			`const { InternalTables } = require("../../db/utils")`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-02 18:08:25 +01:00			`const { getRole } = require("../../utilities/security/roles")`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`const { checkSlashesInUrl } = require("../../utilities")`
			`const env = require("../../environment")`
			`const fetch = require("node-fetch")`
added more endpoints 2020-04-07 18:25:09 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`async function deleteGlobalUser(email) {`
			const endpoint = `/api/admin/users/${email}`
			`const reqCfg = { method: "DELETE" }`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
			`reqCfg`
			`)`
			`return response.json()`
			`}`

			`async function getGlobalUsers(email = null) {`
			const endpoint = email ? `/api/admin/users/${email}` : `/api/admin/users`
			`const reqCfg = { method: "GET" }`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
			`reqCfg`
			`)`
			`return response.json()`
			`}`

			`async function saveGlobalUser(appId, email, body) {`
			`const globalUser = await getGlobalUsers(email)`
			`const roles = globalUser.roles \|\| {}`
			`if (body.roleId) {`
			`roles.appId = body.roleId`
			`}`
			const endpoint = `/api/admin/users`
			`const reqCfg = {`
			`method: "POST",`
			`body: {`
			`...globalUser,`
			`email,`
			`password: body.password,`
			`status: body.status,`
			`roles,`
			`},`
			`}`

			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
			`reqCfg`
			`)`
			`await response.json()`
			`delete body.email`
			`delete body.password`
			`delete body.roleId`
			`delete body.status`
			`return body`
			`}`

			`exports.fetchMetadata = async function(ctx) {`
Removing use of the , replacing to ctx.appId to make it clear appId not part of the auth. 2021-03-29 18:32:05 +02:00			`const database = new CouchDB(ctx.appId)`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`const global = await getGlobalUsers()`
			`const metadata = (`
Updating builder/server in a few ways, to allow creating users with extra columns attached, allowing password to be updated in the builder and making sure that all row endpoints correctly pass through the user controller so that we can still have customised functionality for users (such as making sure password is never returned). 2020-12-08 18:33:08 +01:00			`await database.allDocs(`
			`getUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`).rows.map(row => row.doc)`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`const users = []`
			`for (let user of global) {`
			`const info = metadata.find(meta => meta._id.includes(user.email))`
			`users.push({`
			`...user,`
			`...info,`
			`})`
Updating builder/server in a few ways, to allow creating users with extra columns attached, allowing password to be updated in the builder and making sure that all row endpoints correctly pass through the user controller so that we can still have customised functionality for users (such as making sure password is never returned). 2020-12-08 18:33:08 +01:00			`}`
			`ctx.body = users`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`}`
added more endpoints 2020-04-07 18:25:09 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`exports.createMetadata = async function(ctx) {`
			`const appId = ctx.appId`
			`const db = new CouchDB(appId)`
			`const { email, roleId } = ctx.request.body`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`// check role valid`
			`const role = await getRole(appId, roleId)`
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00			`if (!role) ctx.throw(400, "Invalid Role")`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`const metadata = await saveGlobalUser(appId, email, ctx.request.body)`

auth, first version, needing tested 2020-05-21 15:31:23 +02:00			`const user = {`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`...metadata,`
email as default user identifier 2020-12-04 13:22:45 +01:00			`_id: generateUserID(email),`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`type: "user",`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`tableId: InternalTables.USER_METADATA,`
Adding the ability to set whether a user is active or not rather than deleting them, stops them from being able to log in to the system. 2021-02-22 12:39:58 +01:00			`}`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`const response = await db.post(user)`
			`ctx.body = {`
			`_rev: response.rev,`
			`email,`
test coverage for user creation 2020-04-10 17:37:59 +02:00			`}`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`}`
api tests 2020-04-09 17:53:48 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`exports.updateMetadata = async function(ctx) {`
			`const appId = ctx.appId`
			`const db = new CouchDB(appId)`
adds update functionality to users 2020-06-26 11:05:09 +02:00			`const user = ctx.request.body`
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`let email = user.email \|\| getEmailFromUserID(user._id)`
			`const metadata = await saveGlobalUser(appId, email, ctx.request.body)`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00
First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`if (!metadata._id) {`
			`user._id = generateUserID(email)`
			`}`
			`ctx.body = await db.put({`
			`...metadata,`
Adding the ability to set whether a user is active or not rather than deleting them, stops them from being able to log in to the system. 2021-02-22 12:39:58 +01:00			`})`
adds update functionality to users 2020-06-26 11:05:09 +02:00			`}`

First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`exports.destroyMetadata = async function(ctx) {`
			`const db = new CouchDB(ctx.appId)`
			`const email = ctx.params.email`
			`await deleteGlobalUser(email)`
			`await db.destroy(generateUserID(email))`
Upping user test cases to cover all of controller. 2021-03-09 18:09:18 +01:00			`ctx.body = {`
			message: `User ${ctx.params.email} deleted.`,
			`}`
server tests in-memory and passing 2020-05-14 16:12:30 +02:00			`}`

First pass of global user configuration through existing user API with role mappings. 2021-04-08 17:58:33 +02:00			`exports.findMetadata = async function(ctx) {`
Removing use of the , replacing to ctx.appId to make it clear appId not part of the auth. 2021-03-29 18:32:05 +02:00			`const database = new CouchDB(ctx.appId)`
Updating row controller to make sure that all user requests (bar deletion) are passed through correctly to the user controller so that any logic such as removing user password can be correctly held in the user controller logic. 2020-12-09 11:52:18 +01:00			`let lookup = ctx.params.email`
			`? generateUserID(ctx.params.email)`
			`: ctx.params.userId`
			`const user = await database.get(lookup)`
			`if (user) {`
			`delete user.password`
test coverage for user creation 2020-04-10 17:37:59 +02:00			`}`
Updating row controller to make sure that all user requests (bar deletion) are passed through correctly to the user controller so that any logic such as removing user password can be correctly held in the user controller logic. 2020-12-09 11:52:18 +01:00			`ctx.body = user`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`}`