budibase/packages/server/src/api/routes/static.js

const Router = require("@koa/router")
import * as controller from "../controllers/static"
import { budibaseTempDir } from "../../utilities/budibaseDir"
import authorized from "../../middleware/authorized"
import {
  BUILDER,
  PermissionTypes,
  PermissionLevels,
} from "@budibase/backend-core/permissions"
import * as env from "../../environment"
import { paramResource } from "../../middleware/resourceId"

const router = Router()

/* istanbul ignore next */
router.param("file", async (file, ctx, next) => {
  ctx.file = file && file.includes(".") ? file : "index.html"
  if (!ctx.file.startsWith("budibase-client")) {
    return next()
  }
  // test serves from require
  if (env.isTest()) {
    ctx.devPath = require.resolve("@budibase/client").split(ctx.file)[0]
  } else if (env.isDev()) {
    // Serving the client library from your local dir in dev
    ctx.devPath = budibaseTempDir()
  }
  return next()
})

// only used in development for retrieving the client library,
// in production the client lib is always stored in the object store.
if (env.isDev()) {
  router.get("/api/assets/client", controller.serveClientLibrary)
}

router
  // TODO: for now this builder endpoint is not authorized/secured, will need to be
  .get("/builder/:file*", controller.serveBuilder)
  .post("/api/attachments/process", authorized(BUILDER), controller.uploadFile)
  .post(
    "/api/attachments/:tableId/upload",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
    controller.uploadFile
  )
  // TODO: this likely needs to be secured in some way
  .get("/:appId/:path*", controller.serveApp)
  .post(
    "/api/attachments/:datasourceId/url",
    authorized(PermissionTypes.TABLE, PermissionLevels.READ),
    controller.getSignedUploadURL
  )

export default router
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const Router = require("@koa/router")`
Published apps, automations and query count quotas 2022-03-20 02:13:54 +01:00			`import * as controller from "../controllers/static"`
			`import { budibaseTempDir } from "../../utilities/budibaseDir"`
			`import authorized from "../../middleware/authorized"`
			`import {`
Updating some route middleware security. 2021-04-01 15:38:31 +02:00			`BUILDER,`
			`PermissionTypes,`
			`PermissionLevels,`
Published apps, automations and query count quotas 2022-03-20 02:13:54 +01:00			`} from "@budibase/backend-core/permissions"`
			`import * as env from "../../environment"`
			`import { paramResource } from "../../middleware/resourceId"`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const router = Router()`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
Updating row tests, reducing console logging during tests for speed and clarity, testing some misc endpoints and updating search functionality to use a starts with operator when working with strings on rows. 2021-03-10 18:55:42 +01:00			`/* istanbul ignore next */`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`router.param("file", async (file, ctx, next) => {`
			`ctx.file = file && file.includes(".") ? file : "index.html"`
Quick change to make sure the client lib always served correctly in test. 2021-03-25 17:08:09 +01:00			`if (!ctx.file.startsWith("budibase-client")) {`
			`return next()`
			`}`
			`// test serves from require`
			`if (env.isTest()) {`
			`ctx.devPath = require.resolve("@budibase/client").split(ctx.file)[0]`
			`} else if (env.isDev()) {`
			`// Serving the client library from your local dir in dev`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`ctx.devPath = budibaseTempDir()`
			`}`
Quick change to make sure the client lib always served correctly in test. 2021-03-25 17:08:09 +01:00			`return next()`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`})`
dev setup complete 2020-05-06 13:17:15 +02:00
Some refactoring of utilities and constants, as well as documenting work carried out here. 2021-04-01 15:11:58 +02:00			`// only used in development for retrieving the client library,`
			`// in production the client lib is always stored in the object store.`
Updating how the client library is served in development. 2021-04-01 13:48:38 +02:00			`if (env.isDev()) {`
Some refactoring of utilities and constants, as well as documenting work carried out here. 2021-04-01 15:11:58 +02:00			`router.get("/api/assets/client", controller.serveClientLibrary)`
Updating how the client library is served in development. 2021-04-01 13:48:38 +02:00			`}`

removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`router`
Support serving vite-bundled builder from server 2021-03-31 20:55:55 +02:00			`// TODO: for now this builder endpoint is not authorized/secured, will need to be`
			`.get("/builder/:file*", controller.serveBuilder)`
Remove electron specific attachment uploads inside the builder 2021-03-15 13:10:21 +01:00			`.post("/api/attachments/process", authorized(BUILDER), controller.uploadFile)`
Updating some route middleware security. 2021-04-01 15:38:31 +02:00			`.post(`
fixing attachments for public apps 2021-06-08 13:50:58 +02:00			`"/api/attachments/:tableId/upload",`
			`paramResource("tableId"),`
Updating some route middleware security. 2021-04-01 15:38:31 +02:00			`authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),`
			`controller.uploadFile`
			`)`
			`// TODO: this likely needs to be secured in some way`
removal of appRoot - appId comes in cookie 2020-06-12 21:42:55 +02:00			`.get("/:appId/:path*", controller.serveApp)`
Update S3 upload with develop and fix preview URLs 2022-01-13 18:18:24 +01:00			`.post(`
			`"/api/attachments/:datasourceId/url",`
			`authorized(PermissionTypes.TABLE, PermissionLevels.READ),`
			`controller.getSignedUploadURL`
			`)`
set up common to use babel, static file serving middleware 2020-04-14 16:14:57 +02:00
Published apps, automations and query count quotas 2022-03-20 02:13:54 +01:00			`export default router`