Adding admin only endpoint, removing the ability to create/delete global users from the app server and adding a global self user update.

This commit is contained in:
mike12345567 2021-05-19 13:17:50 +01:00
parent bf935183ce
commit 1956d9765e
9 changed files with 59 additions and 155 deletions

View File

@ -167,11 +167,10 @@ exports.save = async function (ctx) {
table, table,
}) })
// TODO remove special user case in future if (row.tableId === InternalTables.USER_METADATA && row._id) {
if (row.tableId === InternalTables.USER_METADATA) {
// the row has been updated, need to put it into the ctx // the row has been updated, need to put it into the ctx
ctx.request.body = row ctx.request.body = row
await userController.createMetadata(ctx) await userController.updateMetadata(ctx)
return return
} }

View File

@ -2,15 +2,10 @@ const CouchDB = require("../../db")
const { const {
generateUserMetadataID, generateUserMetadataID,
getUserMetadataParams, getUserMetadataParams,
getGlobalIDFromUserMetadataID,
} = require("../../db/utils") } = require("../../db/utils")
const { InternalTables } = require("../../db/utils") const { InternalTables } = require("../../db/utils")
const { getRole, BUILTIN_ROLE_IDS } = require("@budibase/auth/roles") const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { const { getGlobalUsers } = require("../../utilities/workerRequests")
getGlobalUsers,
saveGlobalUser,
deleteGlobalUser,
} = require("../../utilities/workerRequests")
const { getFullUser } = require("../../utilities/users") const { getFullUser } = require("../../utilities/users")
exports.fetchMetadata = async function (ctx) { exports.fetchMetadata = async function (ctx) {
@ -38,38 +33,6 @@ exports.fetchMetadata = async function (ctx) {
ctx.body = users ctx.body = users
} }
exports.createMetadata = async function (ctx) {
const appId = ctx.appId
const db = new CouchDB(appId)
const { roleId } = ctx.request.body
if (ctx.request.body._id) {
return exports.updateMetadata(ctx)
}
// check role valid
const role = await getRole(appId, roleId)
if (!role) ctx.throw(400, "Invalid Role")
const globalUser = await saveGlobalUser(ctx, appId, ctx.request.body)
const user = {
...globalUser,
_id: generateUserMetadataID(globalUser._id),
type: "user",
tableId: InternalTables.USER_METADATA,
}
const response = await db.post(user)
// for automations to make it obvious was successful
ctx.status = 200
ctx.body = {
_id: response.id,
_rev: response.rev,
email: ctx.request.body.email,
}
}
exports.updateSelfMetadata = async function (ctx) { exports.updateSelfMetadata = async function (ctx) {
// overwrite the ID with current users // overwrite the ID with current users
ctx.request.body._id = ctx.user._id ctx.request.body._id = ctx.user._id
@ -85,14 +48,13 @@ exports.updateMetadata = async function (ctx) {
const appId = ctx.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const user = ctx.request.body const user = ctx.request.body
const globalUser = await saveGlobalUser(ctx, appId, { // make sure to always remove global user props
...user, delete user.password
_id: getGlobalIDFromUserMetadataID(user._id), delete user.roles
}) delete user.builder
const metadata = { const metadata = {
...globalUser,
tableId: InternalTables.USER_METADATA, tableId: InternalTables.USER_METADATA,
_id: user._id || generateUserMetadataID(globalUser._id), _id: user._id,
_rev: user._rev, _rev: user._rev,
} }
ctx.body = await db.put(metadata) ctx.body = await db.put(metadata)
@ -100,7 +62,6 @@ exports.updateMetadata = async function (ctx) {
exports.destroyMetadata = async function (ctx) { exports.destroyMetadata = async function (ctx) {
const db = new CouchDB(ctx.appId) const db = new CouchDB(ctx.appId)
await deleteGlobalUser(ctx, getGlobalIDFromUserMetadataID(ctx.params.id))
try { try {
const dbUser = await db.get(ctx.params.id) const dbUser = await db.get(ctx.params.id)
await db.remove(dbUser._id, dbUser._rev) await db.remove(dbUser._id, dbUser._rev)
@ -108,7 +69,7 @@ exports.destroyMetadata = async function (ctx) {
// error just means the global user has no config in this app // error just means the global user has no config in this app
} }
ctx.body = { ctx.body = {
message: `User ${ctx.params.id} deleted.`, message: `User metadata ${ctx.params.id} deleted.`,
} }
} }

View File

@ -25,12 +25,6 @@ router
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionTypes.USER, PermissionLevels.WRITE),
controller.updateMetadata controller.updateMetadata
) )
.post(
"/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
usage,
controller.createMetadata
)
.post( .post(
"/api/users/metadata/self", "/api/users/metadata/self",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionTypes.USER, PermissionLevels.WRITE),

View File

@ -3,7 +3,6 @@ const sendSmtpEmail = require("./steps/sendSmtpEmail")
const createRow = require("./steps/createRow") const createRow = require("./steps/createRow")
const updateRow = require("./steps/updateRow") const updateRow = require("./steps/updateRow")
const deleteRow = require("./steps/deleteRow") const deleteRow = require("./steps/deleteRow")
const createUser = require("./steps/createUser")
const executeScript = require("./steps/executeScript") const executeScript = require("./steps/executeScript")
const executeQuery = require("./steps/executeQuery") const executeQuery = require("./steps/executeQuery")
const outgoingWebhook = require("./steps/outgoingWebhook") const outgoingWebhook = require("./steps/outgoingWebhook")
@ -20,7 +19,6 @@ const BUILTIN_ACTIONS = {
CREATE_ROW: createRow.run, CREATE_ROW: createRow.run,
UPDATE_ROW: updateRow.run, UPDATE_ROW: updateRow.run,
DELETE_ROW: deleteRow.run, DELETE_ROW: deleteRow.run,
CREATE_USER: createUser.run,
OUTGOING_WEBHOOK: outgoingWebhook.run, OUTGOING_WEBHOOK: outgoingWebhook.run,
EXECUTE_SCRIPT: executeScript.run, EXECUTE_SCRIPT: executeScript.run,
EXECUTE_QUERY: executeQuery.run, EXECUTE_QUERY: executeQuery.run,
@ -31,7 +29,6 @@ const BUILTIN_DEFINITIONS = {
CREATE_ROW: createRow.definition, CREATE_ROW: createRow.definition,
UPDATE_ROW: updateRow.definition, UPDATE_ROW: updateRow.definition,
DELETE_ROW: deleteRow.definition, DELETE_ROW: deleteRow.definition,
CREATE_USER: createUser.definition,
OUTGOING_WEBHOOK: outgoingWebhook.definition, OUTGOING_WEBHOOK: outgoingWebhook.definition,
EXECUTE_SCRIPT: executeScript.definition, EXECUTE_SCRIPT: executeScript.definition,
EXECUTE_QUERY: executeQuery.definition, EXECUTE_QUERY: executeQuery.definition,

View File

@ -1,90 +0,0 @@
const roles = require("@budibase/auth/roles")
const userController = require("../../api/controllers/user")
const env = require("../../environment")
const usage = require("../../utilities/usageQuota")
module.exports.definition = {
description: "Create a new user",
tagline: "Create user {{inputs.email}}",
icon: "ri-user-add-line",
name: "Create User",
type: "ACTION",
stepId: "CREATE_USER",
inputs: {
roleId: roles.BUILTIN_ROLE_IDS.POWER,
},
schema: {
inputs: {
properties: {
email: {
type: "string",
customType: "email",
title: "Email",
},
password: {
type: "string",
title: "Password",
},
roleId: {
type: "string",
title: "Role",
enum: roles.BUILTIN_ROLE_ID_ARRAY,
pretty: roles.BUILTIN_ROLE_NAME_ARRAY,
},
},
required: ["email", "password", "roleId"],
},
outputs: {
properties: {
id: {
type: "string",
description: "The identifier of the new user",
},
revision: {
type: "string",
description: "The revision of the new user",
},
response: {
type: "object",
description: "The response from the user table",
},
success: {
type: "boolean",
description: "Whether the action was successful",
},
},
required: ["id", "revision", "success"],
},
},
}
module.exports.run = async function ({ inputs, appId, apiKey, emitter }) {
const { email, password, roleId } = inputs
const ctx = {
appId,
request: {
body: { email, password, roleId },
},
eventEmitter: emitter,
}
try {
if (env.isProd()) {
await usage.update(apiKey, usage.Properties.USER, 1)
}
await userController.createMetadata(ctx)
return {
response: ctx.body,
// internal property not returned through the API
id: ctx.body._id,
revision: ctx.body._rev,
success: ctx.status === 200,
}
} catch (err) {
console.error(err)
return {
success: false,
response: err,
}
}
}

View File

@ -96,6 +96,22 @@ exports.destroy = async ctx => {
} }
} }
exports.self = async ctx => {
const db = new CouchDB(GLOBAL_DB)
const user = await db.get(ctx.user._id)
if (ctx.request.body.password) {
ctx.request.body.password = await hash(ctx.request.body.password)
}
const response = await db.put({
...user,
...ctx.request.body,
})
ctx.body = {
_id: response.id,
_rev: response.rev,
}
}
// called internally by app server user fetch // called internally by app server user fetch
exports.fetch = async ctx => { exports.fetch = async ctx => {
const db = new CouchDB(GLOBAL_DB) const db = new CouchDB(GLOBAL_DB)

View File

@ -1,6 +1,7 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const controller = require("../../controllers/admin/configs") const controller = require("../../controllers/admin/configs")
const joiValidator = require("../../../middleware/joi-validator") const joiValidator = require("../../../middleware/joi-validator")
const adminOnly = require("../../../middleware/adminOnly")
const Joi = require("joi") const Joi = require("joi")
const { Configs, ConfigUploads } = require("../../../constants") const { Configs, ConfigUploads } = require("../../../constants")
@ -76,6 +77,8 @@ function buildConfigGetValidation() {
}).unknown(true).required()) }).unknown(true).required())
} }
router.use(adminOnly)
router router
.post("/api/admin/configs", buildConfigSaveValidation(), controller.save) .post("/api/admin/configs", buildConfigSaveValidation(), controller.save)
.delete("/api/admin/configs/:id", controller.destroy) .delete("/api/admin/configs/:id", controller.destroy)

View File

@ -5,13 +5,12 @@ const Joi = require("joi")
const router = Router() const router = Router()
function buildUserSaveValidation() { function buildUserSaveValidation(isSelf = false) {
// prettier-ignore let schema = {
return joiValidator.body(Joi.object({
_id: Joi.string(),
_rev: Joi.string(),
email: Joi.string(), email: Joi.string(),
password: Joi.string().allow(null, ""), password: Joi.string().allow(null, ""),
firstName: Joi.string(),
lastName: Joi.string(),
builder: Joi.object({ builder: Joi.object({
global: Joi.boolean().optional(), global: Joi.boolean().optional(),
apps: Joi.array().optional(), apps: Joi.array().optional(),
@ -21,7 +20,17 @@ function buildUserSaveValidation() {
.pattern(/.*/, Joi.string()) .pattern(/.*/, Joi.string())
.required() .required()
.unknown(true) .unknown(true)
}).required().unknown(true)) }
if (!isSelf) {
schema = {
...schema,
_id: Joi.string(),
_rev: Joi.string(),
}
}
return joiValidator.body(Joi.object(schema)
.required()
.unknown(true))
} }
function buildInviteValidation() { function buildInviteValidation() {
@ -39,10 +48,19 @@ function buildInviteAcceptValidation() {
}).required().unknown(true)) }).required().unknown(true))
} }
function buildUpdateSelfValidation() {
// prettier-ignore
return joiValidator.body(Joi.object({
inviteCode: Joi.string().required(),
password: Joi.string().required(),
}).required().unknown(true))
}
router router
.post("/api/admin/users", buildUserSaveValidation(), controller.save) .post("/api/admin/users", buildUserSaveValidation(), controller.save)
.get("/api/admin/users", controller.fetch) .get("/api/admin/users", controller.fetch)
.post("/api/admin/users/init", controller.adminUser) .post("/api/admin/users/init", controller.adminUser)
.post("/api/admin/users/self", buildUserSaveValidation(true), controller.self)
.delete("/api/admin/users/:id", controller.destroy) .delete("/api/admin/users/:id", controller.destroy)
.get("/api/admin/users/:id", controller.find) .get("/api/admin/users/:id", controller.find)
.get("/api/admin/roles/:appId") .get("/api/admin/roles/:appId")

View File

@ -0,0 +1,6 @@
module.exports = async (ctx, next) => {
if (!ctx.user || !ctx.user.admin || !ctx.user.admin.global) {
ctx.throw(403, "Admin user only endpoint.")
}
return next()
}