budibase/packages/server/src/api/routes/query.js

const Router = require("@koa/router")
const queryController = require("../controllers/query")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/security/permissions")
const Joi = require("joi")
const {
  PermissionLevels,
  PermissionTypes,
} = require("../../utilities/security/permissions")
const joiValidator = require("../../middleware/joi-validator")

const router = Router()

const QueryVerb = {
  Create: "CREATE",
  Read: "READ",
  Update: "UPDATE",
  Delete: "DELETE",
}

function generateQueryValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    _id: Joi.string(),
    _rev: Joi.string(),
    name: Joi.string().required(),
    queryString: Joi.string().required(),
    datasourceId: Joi.string().required(),
    parameters: Joi.array().items(Joi.object({
      name: Joi.string(),
      default: Joi.string()
    })),
    // queryVerb: Joi.string().allow(...Object.values(QueryVerb)).required(),
    queryType: Joi.string().required(),
    schema: Joi.object({}).required().unknown(true)
  }))
}

function generateQueryPreviewValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    query: Joi.string().required(),
    datasourceId: Joi.string().required(),
    parameters: Joi.object({}).required().unknown(true)
  }))
}

// TODO: sort out auth so apps have the right permissions
router
  .get("/api/queries", authorized(BUILDER), queryController.fetch)
  .post(
    "/api/queries",
    authorized(BUILDER),
    generateQueryValidation(),
    queryController.save
  )
  .post(
    "/api/queries/preview",
    authorized(BUILDER),
    generateQueryPreviewValidation(),
    queryController.preview
  )
  .post(
    "/api/queries/:queryId",
    authorized(PermissionTypes.QUERY, PermissionLevels.WRITE),
    queryController.execute
  )
  .delete("/api/queries/:queryId", authorized(BUILDER), queryController.destroy)

module.exports = router
switching between queries 2021-01-06 13:28:51 +01:00			`const Router = require("@koa/router")`
			`const queryController = require("../controllers/query")`
			`const authorized = require("../../middleware/authorized")`
			`const { BUILDER } = require("../../utilities/security/permissions")`
type safe schema validation 2021-01-11 22:01:21 +01:00			`const Joi = require("joi")`
			`const {`
			`PermissionLevels,`
			`PermissionTypes,`
			`} = require("../../utilities/security/permissions")`
			`const joiValidator = require("../../middleware/joi-validator")`
separation of datasources and queries 2020-12-18 19:19:43 +01:00
switching between queries 2021-01-06 13:28:51 +01:00			`const router = Router()`
separation of datasources and queries 2020-12-18 19:19:43 +01:00
type safe schema validation 2021-01-11 22:01:21 +01:00			`const QueryVerb = {`
			`Create: "CREATE",`
			`Read: "READ",`
			`Update: "UPDATE",`
			`Delete: "DELETE",`
			`}`

			`function generateQueryValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`_id: Joi.string(),`
			`_rev: Joi.string(),`
			`name: Joi.string().required(),`
			`queryString: Joi.string().required(),`
			`datasourceId: Joi.string().required(),`
			`parameters: Joi.array().items(Joi.object({`
			`name: Joi.string(),`
			`default: Joi.string()`
			`})),`
			`// queryVerb: Joi.string().allow(...Object.values(QueryVerb)).required(),`
			`queryType: Joi.string().required(),`
			`schema: Joi.object({}).required().unknown(true)`
			`}))`
			`}`

			`function generateQueryPreviewValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`query: Joi.string().required(),`
			`datasourceId: Joi.string().required(),`
			`parameters: Joi.object({}).required().unknown(true)`
			`}))`
			`}`

switching between queries 2021-01-06 13:28:51 +01:00			`// TODO: sort out auth so apps have the right permissions`
			`router`
			`.get("/api/queries", authorized(BUILDER), queryController.fetch)`
type safe schema validation 2021-01-11 22:01:21 +01:00			`.post(`
			`"/api/queries",`
			`authorized(BUILDER),`
			`generateQueryValidation(),`
			`queryController.save`
			`)`
			`.post(`
			`"/api/queries/preview",`
			`authorized(BUILDER),`
			`generateQueryPreviewValidation(),`
			`queryController.preview`
			`)`
			`.post(`
			`"/api/queries/:queryId",`
			`authorized(PermissionTypes.QUERY, PermissionLevels.WRITE),`
			`queryController.execute`
			`)`
switching between queries 2021-01-06 13:28:51 +01:00			`.delete("/api/queries/:queryId", authorized(BUILDER), queryController.destroy)`
separation of datasources and queries 2020-12-18 19:19:43 +01:00
switching between queries 2021-01-06 13:28:51 +01:00			`module.exports = router`