budibase/packages/server/src/utilities/workerRequests.js

const fetch = require("node-fetch")
const env = require("../environment")
const { checkSlashesInUrl } = require("./index")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { getDeployedAppID } = require("@budibase/auth/db")

function getAppRole(appId, user) {
  if (!user.roles) {
    return user
  }
  user.roleId = user.roles[appId]
  if (!user.roleId) {
    user.roleId = BUILTIN_ROLE_IDS.PUBLIC
  }
  delete user.roles
  return user
}

function request(ctx, request) {
  if (!request.headers) {
    request.headers = {}
  }
  if (request.body && Object.keys(request.body).length > 0) {
    request.headers["Content-Type"] = "application/json"
    request.body =
      typeof request.body === "object"
        ? JSON.stringify(request.body)
        : request.body
  } else {
    delete request.body
  }
  if (ctx && ctx.headers) {
    request.headers.cookie = ctx.headers.cookie
  }
  return request
}

exports.request = request

exports.sendSmtpEmail = async (to, from, subject, contents) => {
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
    request(null, {
      method: "POST",
      headers: {
        "x-budibase-api-key": env.INTERNAL_API_KEY,
      },
      body: {
        email: to,
        from,
        contents,
        subject,
        purpose: "custom",
      },
    })
  )

  const json = await response.json()
  if (json.status !== 200 && response.status !== 200) {
    throw "Unable to send email."
  }
  return json
}

exports.getDeployedApps = async ctx => {
  try {
    const response = await fetch(
      checkSlashesInUrl(env.WORKER_URL + `/api/apps`),
      request(ctx, {
        method: "GET",
      })
    )
    const json = await response.json()
    const apps = {}
    for (let [key, value] of Object.entries(json)) {
      if (value.url) {
        value.url = value.url.toLowerCase()
        apps[key] = value
      }
    }
    return apps
  } catch (err) {
    // error, cannot determine deployed apps, don't stop app creation - sort this later
    return {}
  }
}

exports.deleteGlobalUser = async (ctx, globalId) => {
  const endpoint = `/api/admin/users/${globalId}`
  const reqCfg = { method: "DELETE" }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, reqCfg)
  )
  return response.json()
}

exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
  // always use the deployed app
  appId = getDeployedAppID(appId)
  const endpoint = globalId
    ? `/api/admin/users/${globalId}`
    : `/api/admin/users`
  const reqCfg = { method: "GET" }
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, reqCfg)
  )
  let users = await response.json()
  if (!appId) {
    return users
  }
  if (Array.isArray(users)) {
    users = users.map(user => getAppRole(appId, user))
  } else {
    users = getAppRole(appId, users)
  }
  return users
}

exports.saveGlobalUser = async (ctx, appId, body) => {
  const globalUser = body._id
    ? await exports.getGlobalUsers(ctx, appId, body._id)
    : {}
  const preRoles = globalUser.roles || {}
  if (body.roleId) {
    preRoles[appId] = body.roleId
  }
  // make sure no dev app IDs in roles
  const roles = {}
  for (let [appId, roleId] of Object.entries(preRoles)) {
    roles[getDeployedAppID(appId)] = roleId
  }
  const endpoint = `/api/admin/users`
  const reqCfg = {
    method: "POST",
    body: {
      ...globalUser,
      password: body.password || undefined,
      status: body.status,
      email: body.email,
      roles,
      builder: {
        global: true,
      },
    },
  }

  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, reqCfg)
  )
  const json = await response.json()
  if (json.status !== 200 && response.status !== 200) {
    ctx.throw(400, "Unable to save global user.")
  }
  delete body.password
  delete body.roles
  delete body.builder
  // TODO: for now these have been left in as they are
  // TODO: pretty important to keeping relationships working
  // TODO: however if user metadata is changed this should be removed
  // delete body.email
  // delete body.roleId
  // delete body.status
  return {
    ...body,
    _id: json._id,
  }
}
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const fetch = require("node-fetch")`
			`const env = require("../environment")`
			`const { checkSlashesInUrl } = require("./index")`
A general re-work of some parts of the auth lib, as well as moving roles/permissions around to make it possible to build an admin API which has role knowledge. 2021-05-14 16:43:41 +02:00			`const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")`
Updating role system to never think about the dev app. 2021-05-17 15:20:19 +02:00			`const { getDeployedAppID } = require("@budibase/auth/db")`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00
			`function getAppRole(appId, user) {`
			`if (!user.roles) {`
			`return user`
			`}`
			`user.roleId = user.roles[appId]`
			`if (!user.roleId) {`
			`user.roleId = BUILTIN_ROLE_IDS.PUBLIC`
			`}`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`delete user.roles`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`return user`
			`}`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`function request(ctx, request) {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (!request.headers) {`
			`request.headers = {}`
			`}`
Other minor fixes after doing some initial setup testing. 2021-05-10 14:18:05 +02:00			`if (request.body && Object.keys(request.body).length > 0) {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`request.headers["Content-Type"] = "application/json"`
			`request.body =`
			`typeof request.body === "object"`
			`? JSON.stringify(request.body)`
			`: request.body`
Other minor fixes after doing some initial setup testing. 2021-05-10 14:18:05 +02:00			`} else {`
			`delete request.body`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`if (ctx && ctx.headers) {`
Updating some test cases to work with new system. 2021-04-09 18:33:21 +02:00			`request.headers.cookie = ctx.headers.cookie`
			`}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`return request`
			`}`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`exports.request = request`

Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`exports.sendSmtpEmail = async (to, from, subject, contents) => {`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`const response = await fetch(`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`request(null, {`
			`method: "POST",`
			`headers: {`
Changing INTERNAL_KEY to INTERNAL_API_KEY. 2021-05-11 16:23:03 +02:00			`"x-budibase-api-key": env.INTERNAL_API_KEY,`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`},`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00			`body: {`
			`email: to,`
			`from,`
			`contents,`
			`subject,`
			`purpose: "custom",`
			`},`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`})`
			`)`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-11 16:08:59 +02:00
			`const json = await response.json()`
			`if (json.status !== 200 && response.status !== 200) {`
			`throw "Unable to send email."`
			`}`
			`return json`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 13:02:29 +02:00			`}`

Add explicit prettier options 2021-05-04 12:32:22 +02:00			`exports.getDeployedApps = async ctx => {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`try {`
			`const response = await fetch(`
			checkSlashesInUrl(env.WORKER_URL + `/api/apps`),
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, {`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`method: "GET",`
			`})`
			`)`
			`const json = await response.json()`
			`const apps = {}`
			`for (let [key, value] of Object.entries(json)) {`
			`if (value.url) {`
			`value.url = value.url.toLowerCase()`
			`apps[key] = value`
			`}`
			`}`
			`return apps`
			`} catch (err) {`
			`// error, cannot determine deployed apps, don't stop app creation - sort this later`
			`return {}`
			`}`
			`}`

Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`exports.deleteGlobalUser = async (ctx, globalId) => {`
			const endpoint = `/api/admin/users/${globalId}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const reqCfg = { method: "DELETE" }`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, reqCfg)`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`)`
			`return response.json()`
			`}`

Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {`
Updating role system to never think about the dev app. 2021-05-17 15:20:19 +02:00			`// always use the deployed app`
			`appId = getDeployedAppID(appId)`
Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`const endpoint = globalId`
			? `/api/admin/users/${globalId}`
			: `/api/admin/users`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`const reqCfg = { method: "GET" }`
			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, reqCfg)`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`)`
			`let users = await response.json()`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`if (!appId) {`
			`return users`
			`}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (Array.isArray(users)) {`
Add explicit prettier options 2021-05-04 12:32:22 +02:00			`users = users.map(user => getAppRole(appId, user))`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`} else {`
			`users = getAppRole(appId, users)`
			`}`
			`return users`
			`}`

Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-20 18:17:44 +02:00			`exports.saveGlobalUser = async (ctx, appId, body) => {`
			`const globalUser = body._id`
			`? await exports.getGlobalUsers(ctx, appId, body._id)`
			`: {}`
Updating role system to never think about the dev app. 2021-05-17 15:20:19 +02:00			`const preRoles = globalUser.roles \|\| {}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`if (body.roleId) {`
Updating role system to never think about the dev app. 2021-05-17 15:20:19 +02:00			`preRoles[appId] = body.roleId`
			`}`
			`// make sure no dev app IDs in roles`
			`const roles = {}`
			`for (let [appId, roleId] of Object.entries(preRoles)) {`
			`roles[getDeployedAppID(appId)] = roleId`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`
			const endpoint = `/api/admin/users`
			`const reqCfg = {`
			`method: "POST",`
			`body: {`
			`...globalUser,`
Removing the lookup of _id in usage quota when in dev/self host for performance reasons as part of usage quota, re-writing some bits of fetch self for cleaner implementation, fixing some issues with updating/saving users from within app. 2021-04-13 18:11:55 +02:00			`password: body.password \|\| undefined,`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`status: body.status,`
Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`email: body.email,`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`roles,`
Getting most of the test auth working, adding in global builder configuration. 2021-04-13 19:12:35 +02:00			`builder: {`
			`global: true,`
			`},`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`},`
			`}`

			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-15 16:57:55 +02:00			`request(ctx, reqCfg)`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`)`
			`const json = await response.json()`
			`if (json.status !== 200 && response.status !== 200) {`
			`ctx.throw(400, "Unable to save global user.")`
			`}`
			`delete body.password`
Removing the lookup of _id in usage quota when in dev/self host for performance reasons as part of usage quota, re-writing some bits of fetch self for cleaner implementation, fixing some issues with updating/saving users from within app. 2021-04-13 18:11:55 +02:00			`delete body.roles`
			`delete body.builder`
Adding handlebars formulas to the system, it is now possible to set a formula at a column level which will always be applied on the way out with a relationship depth of one. 2021-04-29 20:06:58 +02:00			`// TODO: for now these have been left in as they are`
			`// TODO: pretty important to keeping relationships working`
			`// TODO: however if user metadata is changed this should be removed`
			`// delete body.email`
			`// delete body.roleId`
			`// delete body.status`
Updating the server to remove use of the email in the user ID. 2021-04-19 17:26:33 +02:00			`return {`
			`...body,`
			`_id: json._id,`
			`}`
Global users now working through the server, all requests proxied. 2021-04-09 16:11:49 +02:00			`}`