budibase/packages/worker/src/api/controllers/admin/configs.js

const CouchDB = require("../../../db")
const {
  generateConfigID,
  StaticDatabases,
  getConfigParams,
  getGlobalUserParams,
  getScopedFullConfig,
} = require("@budibase/auth").db
const { Configs } = require("../../../constants")
const email = require("../../../utilities/email")
const { upload, ObjectStoreBuckets } = require("@budibase/auth").objectStore

const APP_PREFIX = "app_"

const GLOBAL_DB = StaticDatabases.GLOBAL.name

exports.save = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  const { type, group, user, config } = ctx.request.body

  // Config does not exist yet
  if (!ctx.request.body._id) {
    ctx.request.body._id = generateConfigID({
      type,
      group,
      user,
    })
  }

  try {
    // verify the configuration
    switch (type) {
      case Configs.SMTP:
        await email.verifyConfig(config)
        break
    }
  } catch (err) {
    ctx.throw(400, err)
  }

  try {
    const response = await db.put(ctx.request.body)
    ctx.body = {
      type,
      _id: response.id,
      _rev: response.rev,
    }
  } catch (err) {
    ctx.throw(400, err)
  }
}

exports.fetch = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  const response = await db.allDocs(
    getConfigParams(
      { type: ctx.params.type },
      {
        include_docs: true,
      }
    )
  )
  ctx.body = response.rows.map(row => row.doc)
}

/**
 * Gets the most granular config for a particular configuration type.
 * The hierarchy is type -> group -> user.
 */
exports.find = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)

  const { userId, groupId } = ctx.query
  if (groupId && userId) {
    const group = await db.get(groupId)
    const userInGroup = group.users.some(groupUser => groupUser === userId)
    if (!ctx.user.admin && !userInGroup) {
      ctx.throw(400, `User is not in specified group: ${group}.`)
    }
  }

  try {
    // Find the config with the most granular scope based on context
    const scopedConfig = await getScopedFullConfig(db, {
      type: ctx.params.type,
      user: userId,
      group: groupId,
    })

    if (scopedConfig) {
      ctx.body = scopedConfig
    } else {
      // don't throw an error, there simply is nothing to return
      ctx.body = {}
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.publicOidc = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  try {
    // Find the config with the most granular scope based on context
    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })

    if (!oidcConfig) {
      ctx.body = {}
    } else {
      const partialOidcCofig = oidcConfig.config.configs.map(config => {
        return {
          logo: config.logo,
          name: config.name,
          uuid: config.uuid,
        }
      })
      ctx.body = partialOidcCofig
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.publicSettings = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)

  try {
    // Find the config with the most granular scope based on context
    const publicConfig = await getScopedFullConfig(db, {
      type: Configs.SETTINGS,
    })

    const googleConfig = await getScopedFullConfig(db, {
      type: Configs.GOOGLE,
    })

    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })

    let config = {}
    if (!publicConfig) {
      config = {
        config: {},
      }
    } else {
      config = publicConfig
    }

    // google button flag
    if (googleConfig && googleConfig.config) {
      const googleActivated =
        googleConfig.config.activated == undefined || // activated by default for configs pre-activated flag
        googleConfig.config.activated
      config.config.google = googleActivated
    } else {
      config.config.google = false
    }

    // oidc button flag
    if (oidcConfig && oidcConfig.config) {
      const oidcActivated = oidcConfig.config.configs[0].activated
      config.config.oidc = oidcActivated
    } else {
      config.config.oidc = false
    }

    ctx.body = config
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.upload = async function (ctx) {
  if (ctx.request.files == null || ctx.request.files.file.length > 1) {
    ctx.throw(400, "One file must be uploaded.")
  }
  const file = ctx.request.files.file
  const { type, name } = ctx.params

  const bucket = ObjectStoreBuckets.GLOBAL
  const key = `${type}/${name}`
  await upload({
    bucket,
    filename: key,
    path: file.path,
    type: file.type,
  })

  // add to configuration structure
  // TODO: right now this only does a global level
  const db = new CouchDB(GLOBAL_DB)
  let cfgStructure = await getScopedFullConfig(db, { type })
  if (!cfgStructure) {
    cfgStructure = {
      _id: generateConfigID({ type }),
      config: {},
    }
  }
  const url = `/${bucket}/${key}`
  cfgStructure.config[`${name}`] = url
  // write back to db with url updated
  await db.put(cfgStructure)

  ctx.body = {
    message: "File has been uploaded and url stored to config.",
    url,
  }
}

exports.destroy = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  const { id, rev } = ctx.params

  try {
    await db.remove(id, rev)
    ctx.body = { message: "Config deleted successfully" }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.configChecklist = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)

  try {
    // TODO: Watch get started video

    // Apps exist
    let allDbs = await CouchDB.allDbs()
    const appDbNames = allDbs.filter(dbName => dbName.startsWith(APP_PREFIX))

    // They have set up SMTP
    const smtpConfig = await getScopedFullConfig(db, {
      type: Configs.SMTP,
    })

    // They have set up Google Auth
    const googleConfig = await getScopedFullConfig(db, {
      type: Configs.GOOGLE,
    })

    // They have set up OIDC
    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })
    // They have set up an admin user
    const users = await db.allDocs(
      getGlobalUserParams(null, {
        include_docs: true,
      })
    )
    const adminUser = users.rows.some(row => row.doc.admin)

    ctx.body = {
      apps: appDbNames.length,
      smtp: !!smtpConfig,
      adminUser,
      sso: !!googleConfig || !!oidcConfig,
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const CouchDB = require("../../../db")`
Fleshing out the main work behind the email generation. 2021-04-22 18:57:38 +02:00			`const {`
			`generateConfigID,`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`StaticDatabases,`
Fleshing out the main work behind the email generation. 2021-04-22 18:57:38 +02:00			`getConfigParams,`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00			`getGlobalUserParams,`
Making some changes to how configs are scoped. 2021-05-06 11:51:21 +02:00			`getScopedFullConfig,`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`} = require("@budibase/auth").db`
Updating config management for SMTP as well as finalising the work around generating and sending emails. 2021-04-23 14:49:47 +02:00			`const { Configs } = require("../../../constants")`
			`const email = require("../../../utilities/email")`
Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00			`const { upload, ObjectStoreBuckets } = require("@budibase/auth").objectStore`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00
			`const APP_PREFIX = "app_"`

			`const GLOBAL_DB = StaticDatabases.GLOBAL.name`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00
lint:fix 2021-05-03 09:31:09 +02:00			`exports.save = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
			`const { type, group, user, config } = ctx.request.body`
config creation and management APIs 2021-04-20 19:14:36 +02:00
			`// Config does not exist yet`
google oauth UI 2021-05-04 18:31:06 +02:00			`if (!ctx.request.body._id) {`
			`ctx.request.body._id = generateConfigID({`
config specificity 2021-04-22 12:45:22 +02:00			`type,`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`group,`
config specificity 2021-04-22 12:45:22 +02:00			`user,`
			`})`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`}`

Updating SMTP config to show better errors. 2021-06-09 16:45:54 +02:00			`try {`
			`// verify the configuration`
			`switch (type) {`
			`case Configs.SMTP:`
			`await email.verifyConfig(config)`
			`break`
			`}`
			`} catch (err) {`
			`ctx.throw(400, err)`
Updating config management for SMTP as well as finalising the work around generating and sending emails. 2021-04-23 14:49:47 +02:00			`}`

config creation and management APIs 2021-04-20 19:14:36 +02:00			`try {`
google oauth UI 2021-05-04 18:31:06 +02:00			`const response = await db.put(ctx.request.body)`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`ctx.body = {`
config specificity 2021-04-22 12:45:22 +02:00			`type,`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`_id: response.id,`
			`_rev: response.rev,`
			`}`
			`} catch (err) {`
Updating SMTP config to show better errors. 2021-06-09 16:45:54 +02:00			`ctx.throw(400, err)`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`}`
			`}`

lint:fix 2021-05-03 09:31:09 +02:00			`exports.fetch = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`const response = await db.allDocs(`
Formatting. 2021-05-05 17:00:15 +02:00			`getConfigParams(`
			`{ type: ctx.params.type },`
			`{`
			`include_docs: true,`
			`}`
			`)`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`)`
Add explicit prettier options 2021-05-04 12:32:22 +02:00			`ctx.body = response.rows.map(row => row.doc)`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`}`

config specificity 2021-04-22 12:45:22 +02:00			`/**`
			`* Gets the most granular config for a particular configuration type.`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`* The hierarchy is type -> group -> user.`
config specificity 2021-04-22 12:45:22 +02:00			`*/`
lint:fix 2021-05-03 09:31:09 +02:00			`exports.find = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`

			`const { userId, groupId } = ctx.query`
			`if (groupId && userId) {`
			`const group = await db.get(groupId)`
			`const userInGroup = group.users.some(groupUser => groupUser === userId)`
			`if (!ctx.user.admin && !userInGroup) {`
			ctx.throw(400, `User is not in specified group: ${group}.`)
config specificity 2021-04-22 12:45:22 +02:00			`}`
			`}`

config creation and management APIs 2021-04-20 19:14:36 +02:00			`try {`
config specificity 2021-04-22 12:45:22 +02:00			`// Find the config with the most granular scope based on context`
Making some changes to how configs are scoped. 2021-05-06 11:51:21 +02:00			`const scopedConfig = await getScopedFullConfig(db, {`
scoped configuration management 2021-04-22 14:46:54 +02:00			`type: ctx.params.type,`
			`user: userId,`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`group: groupId,`
config specificity 2021-04-22 12:45:22 +02:00			`})`

			`if (scopedConfig) {`
			`ctx.body = scopedConfig`
			`} else {`
Fixing authentication with API key issue. 2021-06-21 18:13:06 +02:00			`// don't throw an error, there simply is nothing to return`
			`ctx.body = {}`
config specificity 2021-04-22 12:45:22 +02:00			`}`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

improve structure of OIDC config 2021-07-13 15:54:20 +02:00			`exports.publicOidc = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
improve structure of OIDC config 2021-07-13 15:54:20 +02:00			`try {`
			`// Find the config with the most granular scope based on context`
			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`

			`if (!oidcConfig) {`
			`ctx.body = {}`
			`} else {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const partialOidcCofig = oidcConfig.config.configs.map(config => {`
			`return {`
			`logo: config.logo,`
			`name: config.name,`
			`uuid: config.uuid,`
			`}`
			`})`
			`ctx.body = partialOidcCofig`
improve structure of OIDC config 2021-07-13 15:54:20 +02:00			`}`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

Implementing feature #1700 and making it possible to remove logo. 2021-06-21 19:01:25 +02:00			`exports.publicSettings = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
Default public config.config when missing 2021-07-15 17:50:57 +02:00
Implementing feature #1700 and making it possible to remove logo. 2021-06-21 19:01:25 +02:00			`try {`
			`// Find the config with the most granular scope based on context`
Add oidc icon and name to public api for login page 2021-07-09 10:49:16 +02:00			`const publicConfig = await getScopedFullConfig(db, {`
Implementing feature #1700 and making it possible to remove logo. 2021-06-21 19:01:25 +02:00			`type: Configs.SETTINGS,`
			`})`
Add oidc icon and name to public api for login page 2021-07-09 10:49:16 +02:00
add new logic to support oauth and oidc buttons 2021-07-15 16:49:06 +02:00			`const googleConfig = await getScopedFullConfig(db, {`
			`type: Configs.GOOGLE,`
			`})`

			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`

Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`let config = {}`
Default public config.config when missing 2021-07-15 17:50:57 +02:00			`if (!publicConfig) {`
			`config = {`
			`config: {},`
add new logic to support oauth and oidc buttons 2021-07-15 16:49:06 +02:00			`}`
Fixing issues discovered by cypress tests. 2021-06-21 19:37:14 +02:00			`} else {`
Default public config.config when missing 2021-07-15 17:50:57 +02:00			`config = publicConfig`
Fixing issues discovered by cypress tests. 2021-06-21 19:37:14 +02:00			`}`
Default public config.config when missing 2021-07-15 17:50:57 +02:00
Mark google activated by default for old configs 2021-07-23 12:38:17 +02:00			`// google button flag`
Mark google activated by default for old configs 2021-07-23 15:40:22 +02:00			`if (googleConfig && googleConfig.config) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const googleActivated =`
			`googleConfig.config.activated == undefined \|\| // activated by default for configs pre-activated flag`
			`googleConfig.config.activated`
			`config.config.google = googleActivated`
Mark google activated by default for old configs 2021-07-23 15:40:22 +02:00			`} else {`
			`config.config.google = false`
			`}`
Mark google activated by default for old configs 2021-07-23 12:38:17 +02:00
			`// oidc button flag`
Mark google activated by default for old configs 2021-07-23 15:40:22 +02:00			`if (oidcConfig && oidcConfig.config) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const oidcActivated = oidcConfig.config.configs[0].activated`
			`config.config.oidc = oidcActivated`
Mark google activated by default for old configs 2021-07-23 15:40:22 +02:00			`} else {`
			`config.config.oidc = false`
			`}`
Mark google activated by default for old configs 2021-07-23 12:38:17 +02:00
Default public config.config when missing 2021-07-15 17:50:57 +02:00			`ctx.body = config`
Implementing feature #1700 and making it possible to remove logo. 2021-06-21 19:01:25 +02:00			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00			`exports.upload = async function (ctx) {`
			`if (ctx.request.files == null \|\| ctx.request.files.file.length > 1) {`
			`ctx.throw(400, "One file must be uploaded.")`
			`}`
			`const file = ctx.request.files.file`
			`const { type, name } = ctx.params`

			`const bucket = ObjectStoreBuckets.GLOBAL`
Add oidc icon and name to public api for login page 2021-07-09 10:49:16 +02:00			const key = `${type}/${name}`
Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00			`await upload({`
			`bucket,`
			`filename: key,`
			`path: file.path,`
			`type: file.type,`
			`})`

			`// add to configuration structure`
			`// TODO: right now this only does a global level`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-12 15:27:33 +02:00			`let cfgStructure = await getScopedFullConfig(db, { type })`
			`if (!cfgStructure) {`
			`cfgStructure = {`
Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00			`_id: generateConfigID({ type }),`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-12 15:27:33 +02:00			`config: {},`
Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00			`}`
			`}`
			const url = `/${bucket}/${key}`
Allow user uploaded icons in oidc config 2021-07-07 14:41:09 +02:00			cfgStructure.config[`${name}`] = url
Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00			`// write back to db with url updated`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-12 15:27:33 +02:00			`await db.put(cfgStructure)`
Updating with a tested and functional API for uploading files for configs. 2021-05-07 14:55:30 +02:00
			`ctx.body = {`
			`message: "File has been uploaded and url stored to config.",`
			`url,`
			`}`
			`}`

lint:fix 2021-05-03 09:31:09 +02:00			`exports.destroy = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
config creation and management APIs 2021-04-20 19:14:36 +02:00			`const { id, rev } = ctx.params`

			`try {`
			`await db.remove(id, rev)`
			`ctx.body = { message: "Config deleted successfully" }`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00
lint :sparkles: 2021-05-06 11:57:24 +02:00			`exports.configChecklist = async function (ctx) {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`const db = new CouchDB(GLOBAL_DB)`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00
			`try {`
			`// TODO: Watch get started video`

			`// Apps exist`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`let allDbs = await CouchDB.allDbs()`
			`const appDbNames = allDbs.filter(dbName => dbName.startsWith(APP_PREFIX))`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00
			`// They have set up SMTP`
update scoped config imports 2021-05-06 13:09:35 +02:00			`const smtpConfig = await getScopedFullConfig(db, {`
lint :sparkles: 2021-05-06 11:57:24 +02:00			`type: Configs.SMTP,`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00			`})`

simpler check using checklist 2021-05-21 15:55:11 +02:00			`// They have set up Google Auth`
Update config checklist to handle multiple sso sources 2021-07-13 18:30:17 +02:00			`const googleConfig = await getScopedFullConfig(db, {`
simpler check using checklist 2021-05-21 15:55:11 +02:00			`type: Configs.GOOGLE,`
			`})`

Add validation to backend for OIDC configuration 2021-07-05 15:27:19 +02:00			`// They have set up OIDC`
			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`// They have set up an admin user`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00			`const users = await db.allDocs(`
			`getGlobalUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`const adminUser = users.rows.some(row => row.doc.admin)`

lint :sparkles: 2021-05-06 11:57:24 +02:00			`ctx.body = {`
Revert "Multi-tenancy/organisations" 2021-08-04 11:02:24 +02:00			`apps: appDbNames.length,`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00			`smtp: !!smtpConfig,`
lint :sparkles: 2021-05-06 11:57:24 +02:00			`adminUser,`
Fix config form saving bugs 2021-07-13 22:46:50 +02:00			`sso: !!googleConfig \|\| !!oidcConfig,`
endpoint for budibase configuration checklist 2021-05-05 21:58:31 +02:00			`}`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`