budibase/packages/server/src/utilities/workerRequests.js

const fetch = require("node-fetch")
const env = require("../environment")
const { checkSlashesInUrl } = require("./index")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { getDeployedAppID } = require("@budibase/auth/db")
const { getGlobalIDFromUserMetadataID } = require("../db/utils")

function getAppRole(appId, user) {
  if (!user.roles) {
    return user
  }
  // always use the deployed app
  user.roleId = user.roles[getDeployedAppID(appId)]
  if (!user.roleId) {
    user.roleId = BUILTIN_ROLE_IDS.PUBLIC
  }
  delete user.roles
  return user
}

function request(ctx, request) {
  if (!request.headers) {
    request.headers = {}
  }
  if (request.body && Object.keys(request.body).length > 0) {
    request.headers["Content-Type"] = "application/json"
    request.body =
      typeof request.body === "object"
        ? JSON.stringify(request.body)
        : request.body
  } else {
    delete request.body
  }
  if (ctx && ctx.headers) {
    request.headers.cookie = ctx.headers.cookie
  }
  return request
}

exports.request = request

exports.sendSmtpEmail = async (to, from, subject, contents) => {
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
    request(null, {
      method: "POST",
      headers: {
        "x-budibase-api-key": env.INTERNAL_API_KEY,
      },
      body: {
        email: to,
        from,
        contents,
        subject,
        purpose: "custom",
      },
    })
  )

  if (response.status !== 200) {
    throw "Unable to send email."
  }
  return response.json()
}

exports.getDeployedApps = async ctx => {
  try {
    const response = await fetch(
      checkSlashesInUrl(env.WORKER_URL + `/api/apps`),
      request(ctx, {
        method: "GET",
      })
    )
    const json = await response.json()
    const apps = {}
    for (let [key, value] of Object.entries(json)) {
      if (value.url) {
        value.url = value.url.toLowerCase()
        apps[key] = value
      }
    }
    return apps
  } catch (err) {
    // error, cannot determine deployed apps, don't stop app creation - sort this later
    return {}
  }
}

exports.deleteGlobalUser = async (ctx, globalId) => {
  const endpoint = `/api/admin/users/${globalId}`
  const reqCfg = { method: "DELETE" }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, reqCfg)
  )
  return response.json()
}

exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
  const endpoint = globalId
    ? `/api/admin/users/${globalId}`
    : `/api/admin/users`
  const reqCfg = { method: "GET" }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, reqCfg)
  )
  let users = await response.json()
  if (!appId) {
    return users
  }
  if (Array.isArray(users)) {
    users = users.map(user => getAppRole(appId, user))
  } else {
    users = getAppRole(appId, users)
  }
  return users
}

exports.getGlobalSelf = async (ctx, appId = null) => {
  const endpoint = `/api/admin/users/self`
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, { method: "GET" })
  )
  if (response.status !== 200) {
    ctx.throw(400, "Unable to get self globally.")
  }
  let json = await response.json()
  if (appId) {
    json = getAppRole(appId, json)
  }
  return json
}

exports.addAppRoleToUser = async (ctx, appId, roleId, userId = null) => {
  let user,
    endpoint,
    body = {}
  if (!userId) {
    user = await exports.getGlobalSelf(ctx)
    endpoint = `/api/admin/users/self`
  } else {
    userId = getGlobalIDFromUserMetadataID(userId)
    user = await exports.getGlobalUsers(ctx, appId, userId)
    body._id = userId
    endpoint = `/api/admin/users`
  }
  body = {
    ...body,
    roles: {
      ...user.roles,
      [getDeployedAppID(appId)]: roleId,
    },
  }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, {
      method: "POST",
      body,
    })
  )
  if (response.status !== 200) {
    ctx.throw(400, "Unable to save self globally.")
  }
  return response.json()
}

exports.removeAppFromUserRoles = async appId => {
  const deployedAppId = getDeployedAppID(appId)
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
    request(null, {
      method: "DELETE",
      headers: {
        "x-budibase-api-key": env.INTERNAL_API_KEY,
      },
    })
  )
  if (response.status !== 200) {
    throw "Unable to remove app role"
  }
  return response.json()
}
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const fetch = require("node-fetch")`
			`const env = require("../environment")`
			`const { checkSlashesInUrl } = require("./index")`
A general re-work of some parts of the auth lib, as well as moving roles/permissions around to make it possible to build an admin API which has role knowledge. 2021-05-14 16:43:41 +02:00			`const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")`
Updating role system to never think about the dev app. 2021-05-17 15:20:19 +02:00			`const { getDeployedAppID } = require("@budibase/auth/db")`
Fixing issues with the user table within the apps. 2021-05-19 16:55:00 +02:00			`const { getGlobalIDFromUserMetadataID } = require("../db/utils")`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00
			`function getAppRole(appId, user) {`
			`if (!user.roles) {`
			`return user`
			`}`
Fixing an issue with page not loading. 2021-05-28 19:54:30 +02:00			`// always use the deployed app`
			`user.roleId = user.roles[getDeployedAppID(appId)]`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (!user.roleId) {`
			`user.roleId = BUILTIN_ROLE_IDS.PUBLIC`
			`}`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`delete user.roles`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`return user`
			`}`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`function request(ctx, request) {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (!request.headers) {`
			`request.headers = {}`
			`}`
Other minor fixes after doing some initial setup testing. 2021-05-10 14:18:05 +02:00			`if (request.body && Object.keys(request.body).length > 0) {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`request.headers["Content-Type"] = "application/json"`
			`request.body =`
			`typeof request.body === "object"`
			`? JSON.stringify(request.body)`
			`: request.body`
Other minor fixes after doing some initial setup testing. 2021-05-10 14:18:05 +02:00			`} else {`
			`delete request.body`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`if (ctx && ctx.headers) {`
Updating some test cases to work with new system. 2021-04-09 18:33:21 +02:00			`request.headers.cookie = ctx.headers.cookie`
			`}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`return request`
			`}`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`exports.request = request`

Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`exports.sendSmtpEmail = async (to, from, subject, contents) => {`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`const response = await fetch(`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`request(null, {`
			`method: "POST",`
			`headers: {`
Changing INTERNAL_KEY to INTERNAL_API_KEY. 2021-05-11 16:23:03 +02:00			`"x-budibase-api-key": env.INTERNAL_API_KEY,`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`},`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`body: {`
			`email: to,`
			`from,`
			`contents,`
			`subject,`
			`purpose: "custom",`
			`},`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`})`
			`)`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`if (response.status !== 200) {`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`throw "Unable to send email."`
			`}`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`return response.json()`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`}`

Add explicit prettier options 2021-05-04 12:32:22 +02:00			`exports.getDeployedApps = async ctx => {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`try {`
			`const response = await fetch(`
			checkSlashesInUrl(env.WORKER_URL + `/api/apps`),
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`method: "GET",`
			`})`
			`)`
			`const json = await response.json()`
			`const apps = {}`
			`for (let [key, value] of Object.entries(json)) {`
			`if (value.url) {`
			`value.url = value.url.toLowerCase()`
			`apps[key] = value`
			`}`
			`}`
			`return apps`
			`} catch (err) {`
			`// error, cannot determine deployed apps, don't stop app creation - sort this later`
			`return {}`
			`}`
			`}`

Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`exports.deleteGlobalUser = async (ctx, globalId) => {`
			const endpoint = `/api/admin/users/${globalId}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const reqCfg = { method: "DELETE" }`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, reqCfg)`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`)`
			`return response.json()`
			`}`

Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {`
			`const endpoint = globalId`
			? `/api/admin/users/${globalId}`
			: `/api/admin/users`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const reqCfg = { method: "GET" }`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, reqCfg)`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`)`
			`let users = await response.json()`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`if (!appId) {`
			`return users`
			`}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (Array.isArray(users)) {`
Add explicit prettier options 2021-05-04 12:32:22 +02:00			`users = users.map(user => getAppRole(appId, user))`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`} else {`
			`users = getAppRole(appId, users)`
			`}`
			`return users`
			`}`

Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-27 15:53:41 +02:00			`exports.getGlobalSelf = async (ctx, appId = null) => {`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			const endpoint = `/api/admin/users/self`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
			`request(ctx, { method: "GET" })`
			`)`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`if (response.status !== 200) {`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			`ctx.throw(400, "Unable to get self globally.")`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`let json = await response.json()`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-27 15:53:41 +02:00			`if (appId) {`
			`json = getAppRole(appId, json)`
			`}`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			`return json`
			`}`

Fixing issues with the user table within the apps. 2021-05-19 16:55:00 +02:00			`exports.addAppRoleToUser = async (ctx, appId, roleId, userId = null) => {`
			`let user,`
			`endpoint,`
			`body = {}`
			`if (!userId) {`
			`user = await exports.getGlobalSelf(ctx)`
			endpoint = `/api/admin/users/self`
			`} else {`
			`userId = getGlobalIDFromUserMetadataID(userId)`
			`user = await exports.getGlobalUsers(ctx, appId, userId)`
			`body._id = userId`
			endpoint = `/api/admin/users`
			`}`
			`body = {`
			`...body,`
			`roles: {`
			`...user.roles,`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`[getDeployedAppID(appId)]: roleId,`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`},`
			`}`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Fixing issues with the user table within the apps. 2021-05-19 16:55:00 +02:00			`request(ctx, {`
			`method: "POST",`
			`body,`
			`})`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`)`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`if (response.status !== 200) {`
Adding the ability to get all apps, with the status attached. 2021-05-19 16:09:57 +02:00			`ctx.throw(400, "Unable to save self globally.")`
Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`}`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`return response.json()`
			`}`

			`exports.removeAppFromUserRoles = async appId => {`
			`const deployedAppId = getDeployedAppID(appId)`
			`const response = await fetch(`
			checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
			`request(null, {`
			`method: "DELETE",`
			`headers: {`
			`"x-budibase-api-key": env.INTERNAL_API_KEY,`
Formatting. 2021-06-01 17:02:20 +02:00			`},`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-01 16:58:40 +02:00			`})`
			`)`
			`if (response.status !== 200) {`
			`throw "Unable to remove app role"`
			`}`
			`return response.json()`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`