From aeee34cb7c8d6257c5b8b2b163c55575c5c359b0 Mon Sep 17 00:00:00 2001 From: Budibase Release Bot <> Date: Fri, 25 Mar 2022 16:59:39 +0000 Subject: [PATCH 01/11] v1.0.98 --- lerna.json | 2 +- packages/backend-core/package.json | 2 +- packages/bbui/package.json | 4 ++-- packages/builder/package.json | 10 +++++----- packages/cli/package.json | 2 +- packages/client/package.json | 8 ++++---- packages/frontend-core/package.json | 4 ++-- packages/server/package.json | 8 ++++---- packages/string-templates/package.json | 2 +- packages/worker/package.json | 6 +++--- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lerna.json b/lerna.json index 07d2da39cc..b9ef2a0a61 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "1.0.97", + "version": "1.0.98", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json index 7697558531..4f333a0e3e 100644 --- a/packages/backend-core/package.json +++ b/packages/backend-core/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/backend-core", - "version": "1.0.97", + "version": "1.0.98", "description": "Budibase backend core libraries used in server and worker", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index 491cf0c9f4..3f5bbf12b9 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "1.0.97", + "version": "1.0.98", "license": "MPL-2.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", @@ -38,7 +38,7 @@ ], "dependencies": { "@adobe/spectrum-css-workflow-icons": "^1.2.1", - "@budibase/string-templates": "^1.0.97", + "@budibase/string-templates": "^1.0.98", "@spectrum-css/actionbutton": "^1.0.1", "@spectrum-css/actiongroup": "^1.0.1", "@spectrum-css/avatar": "^3.0.2", diff --git a/packages/builder/package.json b/packages/builder/package.json index 7ed85722e9..f9b092a0e7 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "1.0.97", + "version": "1.0.98", "license": "GPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^1.0.97", - "@budibase/client": "^1.0.97", - "@budibase/frontend-core": "^1.0.97", - "@budibase/string-templates": "^1.0.97", + "@budibase/bbui": "^1.0.98", + "@budibase/client": "^1.0.98", + "@budibase/frontend-core": "^1.0.98", + "@budibase/string-templates": "^1.0.98", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/cli/package.json b/packages/cli/package.json index de4cf6e740..d8da1adb87 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "1.0.97", + "version": "1.0.98", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index e9f05a4eb8..f55b9e1145 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "1.0.97", + "version": "1.0.98", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -19,9 +19,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^1.0.97", - "@budibase/frontend-core": "^1.0.97", - "@budibase/string-templates": "^1.0.97", + "@budibase/bbui": "^1.0.98", + "@budibase/frontend-core": "^1.0.98", + "@budibase/string-templates": "^1.0.98", "@spectrum-css/button": "^3.0.3", "@spectrum-css/card": "^3.0.3", "@spectrum-css/divider": "^1.0.3", diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json index a88b67d05c..53220e101c 100644 --- a/packages/frontend-core/package.json +++ b/packages/frontend-core/package.json @@ -1,12 +1,12 @@ { "name": "@budibase/frontend-core", - "version": "1.0.97", + "version": "1.0.98", "description": "Budibase frontend core libraries used in builder and client", "author": "Budibase", "license": "MPL-2.0", "svelte": "src/index.js", "dependencies": { - "@budibase/bbui": "^1.0.97", + "@budibase/bbui": "^1.0.98", "lodash": "^4.17.21", "svelte": "^3.46.2" } diff --git a/packages/server/package.json b/packages/server/package.json index 97430e4d18..66dcf4a022 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "1.0.97", + "version": "1.0.98", "description": "Budibase Web Server", "main": "src/index.ts", "repository": { @@ -68,9 +68,9 @@ "license": "GPL-3.0", "dependencies": { "@apidevtools/swagger-parser": "^10.0.3", - "@budibase/backend-core": "^1.0.97", - "@budibase/client": "^1.0.97", - "@budibase/string-templates": "^1.0.97", + "@budibase/backend-core": "^1.0.98", + "@budibase/client": "^1.0.98", + "@budibase/string-templates": "^1.0.98", "@bull-board/api": "^3.7.0", "@bull-board/koa": "^3.7.0", "@elastic/elasticsearch": "7.10.0", diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index d7032a631a..4916450410 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "1.0.97", + "version": "1.0.98", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index dad4840503..44f178890f 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "1.0.97", + "version": "1.0.98", "description": "Budibase background service", "main": "src/index.ts", "repository": { @@ -31,8 +31,8 @@ "author": "Budibase", "license": "GPL-3.0", "dependencies": { - "@budibase/backend-core": "^1.0.97", - "@budibase/string-templates": "^1.0.97", + "@budibase/backend-core": "^1.0.98", + "@budibase/string-templates": "^1.0.98", "@koa/router": "^8.0.0", "@sentry/node": "^6.0.0", "@techpass/passport-openidconnect": "^0.3.0", From cd84bd3f54d5adb7f64d993caa29c5d2546ea2aa Mon Sep 17 00:00:00 2001 From: Andrew Kingston Date: Mon, 28 Mar 2022 16:08:25 +0100 Subject: [PATCH 02/11] Allow data URI's for image sources and font sources --- hosting/nginx.prod.conf.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosting/nginx.prod.conf.hbs b/hosting/nginx.prod.conf.hbs index 0ab7ed2c7e..8560ad0198 100644 --- a/hosting/nginx.prod.conf.hbs +++ b/hosting/nginx.prod.conf.hbs @@ -48,7 +48,7 @@ http { add_header X-Frame-Options SAMEORIGIN always; add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io ; font-src 'self' data https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src http: https: data; manifest-src 'self'; media-src 'self'; worker-src 'none';" always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io ; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';" always; # upstreams set $apps {{ apps }}; From 88437e11d0973dab600ea625c53dd8ee455e219b Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 28 Mar 2022 16:34:50 +0100 Subject: [PATCH 03/11] Fix for #5103 - some templates are built on an older version that stored permissions differently, we can't migrate these as they will keep being added, easiest to just support the old method (apply the old rule and convert to the new format when retrieving roles). --- packages/backend-core/src/security/roles.js | 38 ++++++++++++++++--- .../server/src/api/controllers/permission.js | 6 +-- packages/server/src/api/routes/table.js | 2 +- packages/server/src/middleware/authorized.js | 32 +++++++++++++--- 4 files changed, 62 insertions(+), 16 deletions(-) diff --git a/packages/backend-core/src/security/roles.js b/packages/backend-core/src/security/roles.js index 11abc70bdd..8535cdc716 100644 --- a/packages/backend-core/src/security/roles.js +++ b/packages/backend-core/src/security/roles.js @@ -1,5 +1,5 @@ const { cloneDeep } = require("lodash/fp") -const { BUILTIN_PERMISSION_IDS } = require("./permissions") +const { BUILTIN_PERMISSION_IDS, PermissionLevels } = require("./permissions") const { generateRoleID, getRoleParams, @@ -180,6 +180,20 @@ exports.getUserRoleHierarchy = async (userRoleId, opts = { idOnly: true }) => { return opts.idOnly ? roles.map(role => role._id) : roles } +// this function checks that the provided permissions are in an array format +// some templates/older apps will use a simple string instead of array for roles +// convert the string to an array using the theory that write is higher than read +exports.checkForRoleResourceArray = (rolePerms, resourceId) => { + if (rolePerms && !Array.isArray(rolePerms[resourceId])) { + const permLevel = rolePerms[resourceId] + rolePerms[resourceId] = [permLevel] + if (permLevel === PermissionLevels.WRITE) { + rolePerms[resourceId].push(PermissionLevels.READ) + } + } + return rolePerms +} + /** * Given an app ID this will retrieve all of the roles that are currently within that app. * @return {Promise} An array of the role objects that were found. @@ -209,15 +223,27 @@ exports.getAllRoles = async appId => { roles.push(Object.assign(builtinRole, dbBuiltin)) } } + // check permissions + for (let role of roles) { + if (!role.permissions) { + continue + } + for (let resourceId of Object.keys(role.permissions)) { + role.permissions = exports.checkForRoleResourceArray( + role.permissions, + resourceId + ) + } + } return roles } /** - * This retrieves the required role - * @param permLevel - * @param resourceId - * @param subResourceId - * @return {Promise<{permissions}|Object>} + * This retrieves the required role for a resource + * @param permLevel The level of request + * @param resourceId The resource being requested + * @param subResourceId The sub resource being requested + * @return {Promise<{permissions}|Object>} returns the permissions required to access. */ exports.getRequiredResourceRole = async ( permLevel, diff --git a/packages/server/src/api/controllers/permission.js b/packages/server/src/api/controllers/permission.js index 0e37a3e7d3..e1547eb597 100644 --- a/packages/server/src/api/controllers/permission.js +++ b/packages/server/src/api/controllers/permission.js @@ -4,6 +4,7 @@ const { getDBRoleID, getExternalRoleID, getBuiltinRoles, + checkForRoleResourceArray, } = require("@budibase/backend-core/roles") const { getRoleParams } = require("../../db/utils") const { @@ -144,12 +145,11 @@ exports.getResourcePerms = async function (ctx) { for (let level of SUPPORTED_LEVELS) { // update the various roleIds in the resource permissions for (let role of roles) { - const rolePerms = role.permissions + const rolePerms = checkForRoleResourceArray(role.permissions, resourceId) if ( rolePerms && rolePerms[resourceId] && - (rolePerms[resourceId] === level || - rolePerms[resourceId].indexOf(level) !== -1) + rolePerms[resourceId].indexOf(level) !== -1 ) { permissions[level] = getExternalRoleID(role._id) } diff --git a/packages/server/src/api/routes/table.js b/packages/server/src/api/routes/table.js index 4d20b98962..5d2378710d 100644 --- a/packages/server/src/api/routes/table.js +++ b/packages/server/src/api/routes/table.js @@ -40,7 +40,7 @@ router .get( "/api/tables/:tableId", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionTypes.TABLE, PermissionLevels.READ, { schema: true }), tableController.find ) /** diff --git a/packages/server/src/middleware/authorized.js b/packages/server/src/middleware/authorized.js index c8d6497ca3..d6f904290a 100644 --- a/packages/server/src/middleware/authorized.js +++ b/packages/server/src/middleware/authorized.js @@ -5,6 +5,7 @@ const { } = require("@budibase/backend-core/roles") const { PermissionTypes, + PermissionLevels, doesHaveBasePermission, } = require("@budibase/backend-core/permissions") const builderMiddleware = require("./builder") @@ -64,7 +65,7 @@ const checkAuthorizedResource = async ( } module.exports = - (permType, permLevel = null) => + (permType, permLevel = null, opts = { schema: false }) => async (ctx, next) => { // webhooks don't need authentication, each webhook unique // also internal requests (between services) don't need authorized @@ -81,15 +82,25 @@ module.exports = await builderMiddleware(ctx, permType) // get the resource roles - let resourceRoles = [] + let resourceRoles = [], + otherLevelRoles + const otherLevel = + permLevel === PermissionLevels.READ + ? PermissionLevels.WRITE + : PermissionLevels.READ const appId = getAppId() if (appId && hasResource(ctx)) { resourceRoles = await getRequiredResourceRole(permLevel, ctx) + if (opts && opts.schema) { + otherLevelRoles = await getRequiredResourceRole(otherLevel, ctx) + } } // if the resource is public, proceed - const isPublicResource = resourceRoles.includes(BUILTIN_ROLE_IDS.PUBLIC) - if (isPublicResource) { + if ( + resourceRoles.includes(BUILTIN_ROLE_IDS.PUBLIC) || + (otherLevelRoles && otherLevelRoles.includes(BUILTIN_ROLE_IDS.PUBLIC)) + ) { return next() } @@ -98,8 +109,17 @@ module.exports = return ctx.throw(403, "Session not authenticated") } - // check authorized - await checkAuthorized(ctx, resourceRoles, permType, permLevel) + try { + // check authorized + await checkAuthorized(ctx, resourceRoles, permType, permLevel) + } catch (err) { + // this is a schema, check if + if (opts && opts.schema && permLevel) { + await checkAuthorized(ctx, otherLevelRoles, permType, otherLevel) + } else { + throw err + } + } // csrf protection return csrf(ctx, next) From db0b096c0a1dd58eb2e9d2e080ca5e3538be71cf Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 28 Mar 2022 18:33:54 +0100 Subject: [PATCH 04/11] Fix for #5117 - raised a point that the docs didn't describe where to put properties for a query when running through the public API - fixing the spec. --- packages/server/specs/openapi.json | 26 ++++++++++++++++-- packages/server/specs/openapi.yaml | 24 +++++++++++++--- packages/server/specs/resources/query.js | 32 ++++++++++++++++++---- packages/server/src/definitions/openapi.ts | 14 ++++++++-- 4 files changed, 82 insertions(+), 14 deletions(-) diff --git a/packages/server/specs/openapi.json b/packages/server/specs/openapi.json index 6ca1a5b9fb..30ef0a8c6f 100644 --- a/packages/server/specs/openapi.json +++ b/packages/server/specs/openapi.json @@ -1260,10 +1260,30 @@ ] }, "executeQuery": { - "description": "The query body must contain the required parameters for the query, this depends on query type, setup and bindings.", + "description": "The parameters required for executing a query.", "type": "object", - "additionalProperties": { - "description": "Key value properties of any type, depending on the query output schema." + "properties": { + "parameters": { + "type": "object", + "description": "This contains the required parameters for the query, this depends on query type, setup and bindings.", + "additionalProperties": { + "description": "Key value properties of any type, depending on the query output schema." + } + }, + "pagination": { + "type": "object", + "description": "For supported query types (currently on REST) pagination can be performed using these properties.", + "properties": { + "page": { + "type": "string", + "description": "The page which has been returned from a previous query." + }, + "limit": { + "type": "number", + "description": "The number of rows to return per page." + } + } + } } }, "executeQueryOutput": { diff --git a/packages/server/specs/openapi.yaml b/packages/server/specs/openapi.yaml index c4d9808c86..ed55df953a 100644 --- a/packages/server/specs/openapi.yaml +++ b/packages/server/specs/openapi.yaml @@ -951,11 +951,27 @@ components: required: - data executeQuery: - description: The query body must contain the required parameters for the query, - this depends on query type, setup and bindings. + description: The parameters required for executing a query. type: object - additionalProperties: - description: Key value properties of any type, depending on the query output schema. + properties: + parameters: + type: object + description: This contains the required parameters for the query, this depends + on query type, setup and bindings. + additionalProperties: + description: Key value properties of any type, depending on the query output + schema. + pagination: + type: object + description: For supported query types (currently on REST) pagination can be + performed using these properties. + properties: + page: + type: string + description: The page which has been returned from a previous query. + limit: + type: number + description: The number of rows to return per page. executeQueryOutput: type: object properties: diff --git a/packages/server/specs/resources/query.js b/packages/server/specs/resources/query.js index df532c9a3a..d4a4882fb2 100644 --- a/packages/server/specs/resources/query.js +++ b/packages/server/specs/resources/query.js @@ -124,12 +124,34 @@ const querySchema = object( ) const executeQuerySchema = { - description: - "The query body must contain the required parameters for the query, this depends on query type, setup and bindings.", + description: "The parameters required for executing a query.", type: "object", - additionalProperties: { - description: - "Key value properties of any type, depending on the query output schema.", + properties: { + parameters: { + type: "object", + description: + "This contains the required parameters for the query, this depends on query type, setup and bindings.", + additionalProperties: { + description: + "Key value properties of any type, depending on the query output schema.", + }, + }, + pagination: { + type: "object", + description: + "For supported query types (currently on REST) pagination can be performed using these properties.", + properties: { + page: { + type: "string", + description: + "The page which has been returned from a previous query.", + }, + limit: { + type: "number", + description: "The number of rows to return per page.", + }, + }, + }, }, } diff --git a/packages/server/src/definitions/openapi.ts b/packages/server/src/definitions/openapi.ts index c8b518107c..4fd11f88e9 100644 --- a/packages/server/src/definitions/openapi.ts +++ b/packages/server/src/definitions/openapi.ts @@ -935,8 +935,18 @@ export interface components { _id: string; }[]; }; - /** @description The query body must contain the required parameters for the query, this depends on query type, setup and bindings. */ - executeQuery: { [key: string]: unknown }; + /** @description The parameters required for executing a query. */ + executeQuery: { + /** @description This contains the required parameters for the query, this depends on query type, setup and bindings. */ + parameters?: { [key: string]: unknown }; + /** @description For supported query types (currently on REST) pagination can be performed using these properties. */ + pagination?: { + /** @description The page which has been returned from a previous query. */ + page?: string; + /** @description The number of rows to return per page. */ + limit?: number; + }; + }; executeQueryOutput: { /** @description The data response from the query. */ data: { [key: string]: unknown }[]; From 04b8886ce857ff77e5e743ad5e5ed4316d4cb8e8 Mon Sep 17 00:00:00 2001 From: Budibase Release Bot <> Date: Tue, 29 Mar 2022 09:23:26 +0000 Subject: [PATCH 05/11] v1.0.99 --- lerna.json | 2 +- packages/backend-core/package.json | 2 +- packages/bbui/package.json | 4 ++-- packages/builder/package.json | 10 +++++----- packages/cli/package.json | 2 +- packages/client/package.json | 8 ++++---- packages/frontend-core/package.json | 4 ++-- packages/server/package.json | 8 ++++---- packages/string-templates/package.json | 2 +- packages/worker/package.json | 6 +++--- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lerna.json b/lerna.json index b9ef2a0a61..28826d9b0f 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "1.0.98", + "version": "1.0.99", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json index 4f333a0e3e..5d1114346e 100644 --- a/packages/backend-core/package.json +++ b/packages/backend-core/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/backend-core", - "version": "1.0.98", + "version": "1.0.99", "description": "Budibase backend core libraries used in server and worker", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index 3f5bbf12b9..fa28bd5d11 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "1.0.98", + "version": "1.0.99", "license": "MPL-2.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", @@ -38,7 +38,7 @@ ], "dependencies": { "@adobe/spectrum-css-workflow-icons": "^1.2.1", - "@budibase/string-templates": "^1.0.98", + "@budibase/string-templates": "^1.0.99", "@spectrum-css/actionbutton": "^1.0.1", "@spectrum-css/actiongroup": "^1.0.1", "@spectrum-css/avatar": "^3.0.2", diff --git a/packages/builder/package.json b/packages/builder/package.json index f9b092a0e7..4c9e0e8d95 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "1.0.98", + "version": "1.0.99", "license": "GPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^1.0.98", - "@budibase/client": "^1.0.98", - "@budibase/frontend-core": "^1.0.98", - "@budibase/string-templates": "^1.0.98", + "@budibase/bbui": "^1.0.99", + "@budibase/client": "^1.0.99", + "@budibase/frontend-core": "^1.0.99", + "@budibase/string-templates": "^1.0.99", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/cli/package.json b/packages/cli/package.json index d8da1adb87..a51a566f0f 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "1.0.98", + "version": "1.0.99", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index f55b9e1145..9a7ab3a7d9 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "1.0.98", + "version": "1.0.99", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -19,9 +19,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^1.0.98", - "@budibase/frontend-core": "^1.0.98", - "@budibase/string-templates": "^1.0.98", + "@budibase/bbui": "^1.0.99", + "@budibase/frontend-core": "^1.0.99", + "@budibase/string-templates": "^1.0.99", "@spectrum-css/button": "^3.0.3", "@spectrum-css/card": "^3.0.3", "@spectrum-css/divider": "^1.0.3", diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json index 53220e101c..f9d3e50d56 100644 --- a/packages/frontend-core/package.json +++ b/packages/frontend-core/package.json @@ -1,12 +1,12 @@ { "name": "@budibase/frontend-core", - "version": "1.0.98", + "version": "1.0.99", "description": "Budibase frontend core libraries used in builder and client", "author": "Budibase", "license": "MPL-2.0", "svelte": "src/index.js", "dependencies": { - "@budibase/bbui": "^1.0.98", + "@budibase/bbui": "^1.0.99", "lodash": "^4.17.21", "svelte": "^3.46.2" } diff --git a/packages/server/package.json b/packages/server/package.json index 66dcf4a022..6bb49ca7ac 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "1.0.98", + "version": "1.0.99", "description": "Budibase Web Server", "main": "src/index.ts", "repository": { @@ -68,9 +68,9 @@ "license": "GPL-3.0", "dependencies": { "@apidevtools/swagger-parser": "^10.0.3", - "@budibase/backend-core": "^1.0.98", - "@budibase/client": "^1.0.98", - "@budibase/string-templates": "^1.0.98", + "@budibase/backend-core": "^1.0.99", + "@budibase/client": "^1.0.99", + "@budibase/string-templates": "^1.0.99", "@bull-board/api": "^3.7.0", "@bull-board/koa": "^3.7.0", "@elastic/elasticsearch": "7.10.0", diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index 4916450410..494aaa8209 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "1.0.98", + "version": "1.0.99", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index 44f178890f..c23868fe7b 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "1.0.98", + "version": "1.0.99", "description": "Budibase background service", "main": "src/index.ts", "repository": { @@ -31,8 +31,8 @@ "author": "Budibase", "license": "GPL-3.0", "dependencies": { - "@budibase/backend-core": "^1.0.98", - "@budibase/string-templates": "^1.0.98", + "@budibase/backend-core": "^1.0.99", + "@budibase/string-templates": "^1.0.99", "@koa/router": "^8.0.0", "@sentry/node": "^6.0.0", "@techpass/passport-openidconnect": "^0.3.0", From d2d54d1343fe236096cde75a6138c39cae432954 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 29 Mar 2022 17:50:52 +0100 Subject: [PATCH 06/11] adding smoke test run on schedule, with discord webhook --- .github/workflows/smoke_test.yaml | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/smoke_test.yaml b/.github/workflows/smoke_test.yaml index 745fed1306..b48d0b5722 100644 --- a/.github/workflows/smoke_test.yaml +++ b/.github/workflows/smoke_test.yaml @@ -2,6 +2,9 @@ name: Budibase Smoke Test on: workflow_dispatch: + schedule: + - cron: "0 5 * * *" # every day at 5AM + jobs: release: @@ -23,10 +26,13 @@ jobs: -o packages/builder/cypress.env.json \ -L https://api.github.com/repos/budibase/budibase-infra/contents/test/cypress.env.json wc -l packages/builder/cypress.env.json - - run: yarn test:e2e:ci - env: - CI: true - name: Budibase CI + + - name: Cypress run + id: cypress + uses: cypress-io/github-action@v2 + with: + install: false + command: yarn test:e2e:ci # TODO: upload recordings to s3 # - name: Configure AWS Credentials @@ -36,11 +42,11 @@ jobs: # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # aws-region: eu-west-1 - # TODO look at cypress reporters - # - name: Discord Webhook Action - # uses: tsickert/discord-webhook@v4.0.0 - # with: - # webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }} - # content: "Production Deployment Complete: ${{ env.RELEASE_VERSION }} deployed to Budibase Cloud." - # embed-title: ${{ env.RELEASE_VERSION }} + - name: Discord Webhook Action + uses: tsickert/discord-webhook@v4.0.0 + with: + webhook-url: ${{ secrets.BUDI_QA_WEBHOOK }} + content: "Smoke test run completed with ${{ steps.cypress.outcome }}. See results at ${{ steps.cypress.dashboardUrl }}" + embed-title: ${{ steps.cypress.outcome }} + embed-color: ${{ steps.cypress.outcome == "success" && '3066993' || '15548997' }} From a7b84aaff6d462d3b8ce85a462809cdcefae13ac Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 29 Mar 2022 17:53:34 +0100 Subject: [PATCH 07/11] fix workflow file --- .github/workflows/smoke_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/smoke_test.yaml b/.github/workflows/smoke_test.yaml index b48d0b5722..52374b3960 100644 --- a/.github/workflows/smoke_test.yaml +++ b/.github/workflows/smoke_test.yaml @@ -48,5 +48,5 @@ jobs: webhook-url: ${{ secrets.BUDI_QA_WEBHOOK }} content: "Smoke test run completed with ${{ steps.cypress.outcome }}. See results at ${{ steps.cypress.dashboardUrl }}" embed-title: ${{ steps.cypress.outcome }} - embed-color: ${{ steps.cypress.outcome == "success" && '3066993' || '15548997' }} + embed-color: ${{ steps.cypress.outcome == 'success' && '3066993' || '15548997' }} From b69445264d55b1cd6d532a7248829a93a33e0131 Mon Sep 17 00:00:00 2001 From: Rory Powell Date: Wed, 30 Mar 2022 14:26:51 +0100 Subject: [PATCH 08/11] Add additional logging to automations --- packages/server/src/automations/utils.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/server/src/automations/utils.js b/packages/server/src/automations/utils.js index 64007f28b4..425ccec9de 100644 --- a/packages/server/src/automations/utils.js +++ b/packages/server/src/automations/utils.js @@ -17,10 +17,14 @@ const Runner = new Thread(ThreadType.AUTOMATION) exports.processEvent = async job => { try { // need to actually await these so that an error can be captured properly + console.log( + `${job.data.automation.appId} automation ${job.data.automation._id} running` + ) return await Runner.run(job) } catch (err) { + const errJson = JSON.stringify(err) console.error( - `${job.data.automation.appId} automation ${job.data.automation._id} was unable to run - ${err}` + `${job.data.automation.appId} automation ${job.data.automation._id} was unable to run - ${errJson}` ) console.trace(err) return { err } From 752a0f350e99740540fc06c0fbf79fcc794020f0 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Wed, 30 Mar 2022 14:41:39 +0100 Subject: [PATCH 09/11] Make sure that ethereal tests don't fail on jest timeout. --- packages/worker/src/api/routes/tests/realEmail.spec.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/worker/src/api/routes/tests/realEmail.spec.js b/packages/worker/src/api/routes/tests/realEmail.spec.js index d0cfd24010..28d0151284 100644 --- a/packages/worker/src/api/routes/tests/realEmail.spec.js +++ b/packages/worker/src/api/routes/tests/realEmail.spec.js @@ -3,6 +3,9 @@ const { EmailTemplatePurpose } = require("../../../constants") const nodemailer = require("nodemailer") const fetch = require("node-fetch") +// for the real email tests give them a long time to try complete/fail +jest.setTimeout(30000) + describe("/api/global/email", () => { let request = setup.getRequest() let config = setup.getConfig() @@ -27,6 +30,7 @@ describe("/api/global/email", () => { userId: user._id, }) .set(config.defaultHeaders()) + .timeout(20000) // ethereal hiccup, can't test right now if (res.status >= 300) { return @@ -39,7 +43,7 @@ describe("/api/global/email", () => { text = await response.text() } catch (err) { // ethereal hiccup, can't test right now - if (parseInt(err.status) >= 300) { + if (parseInt(err.status) >= 300 || (err && err.errno === "ETIME")) { return } else { throw err From 258434b3ed50df36290ca4207c361a603c9c2330 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Wed, 30 Mar 2022 14:31:17 +0100 Subject: [PATCH 10/11] Fix for #5153 - doing it at the mysql level as it seems to be affected by incorrect types in a way that other SQL databases aren't - limits the possible damage this can do. --- packages/server/src/definitions/datasource.ts | 6 +----- packages/server/src/integrations/mysql.ts | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/packages/server/src/definitions/datasource.ts b/packages/server/src/definitions/datasource.ts index 2e2ad25f58..77239da261 100644 --- a/packages/server/src/definitions/datasource.ts +++ b/packages/server/src/definitions/datasource.ts @@ -181,11 +181,7 @@ export interface QueryJson { export interface SqlQuery { sql: string - bindings?: - | string[] - | { - [key: string]: any - } + bindings?: string[] } export interface QueryOptions { diff --git a/packages/server/src/integrations/mysql.ts b/packages/server/src/integrations/mysql.ts index 8b2c9ac944..6f009bbd4a 100644 --- a/packages/server/src/integrations/mysql.ts +++ b/packages/server/src/integrations/mysql.ts @@ -80,6 +80,20 @@ module MySQLModule { }, } + function bindingTypeCoerce(bindings: any[]) { + for (let i = 0; i < bindings.length; i++) { + const binding = bindings[i] + if (typeof binding !== "string") { + continue + } + const matches = binding.match(/^\d*/g) + if (matches && matches[0] !== "" && !isNaN(Number(matches[0]))) { + bindings[i] = parseFloat(binding) + } + } + return bindings + } + class MySQLIntegration extends Sql implements DatasourcePlus { private config: MySQLConfig private client: any @@ -122,7 +136,7 @@ module MySQLModule { // Node MySQL is callback based, so we must wrap our call in a promise const response = await this.client.query( query.sql, - query.bindings || [] + bindingTypeCoerce(query.bindings || []) ) return response[0] } finally { From f5e10d7a96e8d7595803047b44a17acab9124fb8 Mon Sep 17 00:00:00 2001 From: Budibase Release Bot <> Date: Wed, 30 Mar 2022 14:30:40 +0000 Subject: [PATCH 11/11] v1.0.100 --- lerna.json | 2 +- packages/backend-core/package.json | 2 +- packages/bbui/package.json | 4 ++-- packages/builder/package.json | 10 +++++----- packages/cli/package.json | 2 +- packages/client/package.json | 8 ++++---- packages/frontend-core/package.json | 4 ++-- packages/server/package.json | 8 ++++---- packages/string-templates/package.json | 2 +- packages/worker/package.json | 6 +++--- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lerna.json b/lerna.json index 28826d9b0f..46f6fde051 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "1.0.99", + "version": "1.0.100", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json index 5d1114346e..d7d1e81ce0 100644 --- a/packages/backend-core/package.json +++ b/packages/backend-core/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/backend-core", - "version": "1.0.99", + "version": "1.0.100", "description": "Budibase backend core libraries used in server and worker", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index fa28bd5d11..44278e9f1c 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "1.0.99", + "version": "1.0.100", "license": "MPL-2.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", @@ -38,7 +38,7 @@ ], "dependencies": { "@adobe/spectrum-css-workflow-icons": "^1.2.1", - "@budibase/string-templates": "^1.0.99", + "@budibase/string-templates": "^1.0.100", "@spectrum-css/actionbutton": "^1.0.1", "@spectrum-css/actiongroup": "^1.0.1", "@spectrum-css/avatar": "^3.0.2", diff --git a/packages/builder/package.json b/packages/builder/package.json index 4c9e0e8d95..fb808d95a5 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "1.0.99", + "version": "1.0.100", "license": "GPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^1.0.99", - "@budibase/client": "^1.0.99", - "@budibase/frontend-core": "^1.0.99", - "@budibase/string-templates": "^1.0.99", + "@budibase/bbui": "^1.0.100", + "@budibase/client": "^1.0.100", + "@budibase/frontend-core": "^1.0.100", + "@budibase/string-templates": "^1.0.100", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/cli/package.json b/packages/cli/package.json index a51a566f0f..d7fc897d05 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "1.0.99", + "version": "1.0.100", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index 9a7ab3a7d9..3cfc77fc1e 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "1.0.99", + "version": "1.0.100", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -19,9 +19,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^1.0.99", - "@budibase/frontend-core": "^1.0.99", - "@budibase/string-templates": "^1.0.99", + "@budibase/bbui": "^1.0.100", + "@budibase/frontend-core": "^1.0.100", + "@budibase/string-templates": "^1.0.100", "@spectrum-css/button": "^3.0.3", "@spectrum-css/card": "^3.0.3", "@spectrum-css/divider": "^1.0.3", diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json index f9d3e50d56..c5e383e56d 100644 --- a/packages/frontend-core/package.json +++ b/packages/frontend-core/package.json @@ -1,12 +1,12 @@ { "name": "@budibase/frontend-core", - "version": "1.0.99", + "version": "1.0.100", "description": "Budibase frontend core libraries used in builder and client", "author": "Budibase", "license": "MPL-2.0", "svelte": "src/index.js", "dependencies": { - "@budibase/bbui": "^1.0.99", + "@budibase/bbui": "^1.0.100", "lodash": "^4.17.21", "svelte": "^3.46.2" } diff --git a/packages/server/package.json b/packages/server/package.json index 6bb49ca7ac..1008c30916 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "1.0.99", + "version": "1.0.100", "description": "Budibase Web Server", "main": "src/index.ts", "repository": { @@ -68,9 +68,9 @@ "license": "GPL-3.0", "dependencies": { "@apidevtools/swagger-parser": "^10.0.3", - "@budibase/backend-core": "^1.0.99", - "@budibase/client": "^1.0.99", - "@budibase/string-templates": "^1.0.99", + "@budibase/backend-core": "^1.0.100", + "@budibase/client": "^1.0.100", + "@budibase/string-templates": "^1.0.100", "@bull-board/api": "^3.7.0", "@bull-board/koa": "^3.7.0", "@elastic/elasticsearch": "7.10.0", diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index 494aaa8209..35b87a0419 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "1.0.99", + "version": "1.0.100", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index c23868fe7b..495d08f621 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "1.0.99", + "version": "1.0.100", "description": "Budibase background service", "main": "src/index.ts", "repository": { @@ -31,8 +31,8 @@ "author": "Budibase", "license": "GPL-3.0", "dependencies": { - "@budibase/backend-core": "^1.0.99", - "@budibase/string-templates": "^1.0.99", + "@budibase/backend-core": "^1.0.100", + "@budibase/string-templates": "^1.0.100", "@koa/router": "^8.0.0", "@sentry/node": "^6.0.0", "@techpass/passport-openidconnect": "^0.3.0",