MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Account portal cors and auth changes

This commit is contained in:
Rory Powell 2021-09-07 11:22:11 +01:00
parent 221a67fe5a
commit 3d15db2223
8 changed files with 76 additions and 1095 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
packages/server/src/api/controllers/row/ExternalRequest.ts
View File

@ -6,8 +6,16 @@ import {
SearchFilters, SearchFilters,
SortJson, SortJson,
} from "../../../definitions/datasource" } from "../../../definitions/datasource"
import {Datasource, FieldSchema, Row, Table} from "../../../definitions/common" import {
import {breakRowIdField, generateRowIdField} from "../../../integrations/utils" Datasource,
FieldSchema,
Row,
Table,
} from "../../../definitions/common"
import {
breakRowIdField,
generateRowIdField,
} from "../../../integrations/utils"
import { RelationshipTypes } from "../../../constants" import { RelationshipTypes } from "../../../constants"
interface ManyRelationship { interface ManyRelationship {
@ -348,7 +356,7 @@ module External {
* information. * information.
*/ */
async lookupRelations(tableId: string, row: Row) { async lookupRelations(tableId: string, row: Row) {
const related: {[key: string]: any} = {} const related: { [key: string]: any } = {}
const { tableName } = breakExternalTableId(tableId) const { tableName } = breakExternalTableId(tableId)
const table = this.tables[tableName] const table = this.tables[tableName]
// @ts-ignore // @ts-ignore
@ -387,7 +395,11 @@ module External {
* isn't supposed to exist anymore and delete those. This is better than the usual method of delete them * isn't supposed to exist anymore and delete those. This is better than the usual method of delete them
* all and then re-create, as theres no chance of losing data (e.g. delete succeed, but write fail). * all and then re-create, as theres no chance of losing data (e.g. delete succeed, but write fail).
*/ */
async handleManyRelationships(mainTableId: string, row: Row, relationships: ManyRelationship[]) { async handleManyRelationships(
mainTableId: string,
row: Row,
relationships: ManyRelationship[]
) {
const { appId } = this const { appId } = this
// if we're creating (in a through table) need to wipe the existing ones first // if we're creating (in a through table) need to wipe the existing ones first
const promises = [] const promises = []
@ -399,8 +411,10 @@ module External {
// @ts-ignore // @ts-ignore
const linkPrimary = linkTable.primary[0] const linkPrimary = linkTable.primary[0]
const rows = related[key].rows || [] const rows = related[key].rows || []
const found = rows.find((row: { [key: string]: any }) => const found = rows.find(
row[linkPrimary] === relationship.id || row[linkPrimary] === body[linkPrimary] (row: { [key: string]: any }) =>
row[linkPrimary] === relationship.id ||
row[linkPrimary] === body[linkPrimary]
) )
const operation = isUpdate const operation = isUpdate
? DataSourceOperation.UPDATE ? DataSourceOperation.UPDATE
@ -420,13 +434,17 @@ module External {
} }
} }
// finally cleanup anything that needs to be removed // finally cleanup anything that needs to be removed
for (let [colName, {isMany, rows, tableId}] of Object.entries(related)) { for (let [colName, { isMany, rows, tableId }] of Object.entries(
related
)) {
const table = this.getTable(tableId) const table = this.getTable(tableId)
for (let row of rows) { for (let row of rows) {
const filters = buildFilters(generateIdForRow(row, table), {}, table) const filters = buildFilters(generateIdForRow(row, table), {}, table)
// safety check, if there are no filters on deletion bad things happen // safety check, if there are no filters on deletion bad things happen
if (Object.keys(filters).length !== 0) { if (Object.keys(filters).length !== 0) {
const op = isMany ? DataSourceOperation.DELETE : DataSourceOperation.UPDATE const op = isMany
? DataSourceOperation.DELETE
: DataSourceOperation.UPDATE
const body = isMany ? null : { [colName]: null } const body = isMany ? null : { [colName]: null }
promises.push( promises.push(
makeExternalQuery(this.appId, { makeExternalQuery(this.appId, {
@ -448,7 +466,10 @@ module External {
* Creating the specific list of fields that we desire, and excluding the ones that are no use to us * Creating the specific list of fields that we desire, and excluding the ones that are no use to us
* is more performant and has the added benefit of protecting against this scenario. * is more performant and has the added benefit of protecting against this scenario.
*/ */
buildFields(table: Table, includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE) { buildFields(
table: Table,
includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE
) {
function extractNonLinkFieldNames(table: Table, existing: string[] = []) { function extractNonLinkFieldNames(table: Table, existing: string[] = []) {
return Object.entries(table.schema) return Object.entries(table.schema)
.filter( .filter(
@ -523,7 +544,10 @@ module External {
// can't really use response right now // can't really use response right now
const response = await makeExternalQuery(appId, json) const response = await makeExternalQuery(appId, json)
// handle many to many relationships now if we know the ID (could be auto increment) // handle many to many relationships now if we know the ID (could be auto increment)
if (operation !== DataSourceOperation.READ && processed.manyRelationships) { if (
operation !== DataSourceOperation.READ &&
processed.manyRelationships
) {
await this.handleManyRelationships( await this.handleManyRelationships(
table._id || "", table._id || "",
response[0], response[0],

2
packages/server/src/definitions/datasource.ts
View File

@ -42,7 +42,7 @@ export enum SourceNames {
export enum IncludeRelationships { export enum IncludeRelationships {
INCLUDE = 1, INCLUDE = 1,
EXCLUDE = 0 EXCLUDE = 0,
} }
export interface QueryDefinition { export interface QueryDefinition {

1101
packages/server/yarn.lock
View File

File diff suppressed because it is too large Load Diff

1
packages/worker/package.json
View File

@ -34,6 +34,7 @@
"joi": "^17.4.0", "joi": "^17.4.0",
"koa": "^2.7.0", "koa": "^2.7.0",
"koa-body": "^4.2.0", "koa-body": "^4.2.0",
"@koa/cors": "^3.1.0",
"koa-compress": "^4.0.1", "koa-compress": "^4.0.1",
"koa-passport": "^4.1.4", "koa-passport": "^4.1.4",
"koa-pino-logger": "^3.0.0", "koa-pino-logger": "^3.0.0",

5
packages/worker/src/api/index.js
View File

@ -35,6 +35,7 @@ const PUBLIC_ENDPOINTS = [
method: "GET", method: "GET",
}, },
{ {
// TODO: Add an provisioning API key to this endpoint in the cloud
route: "/api/global/users/init", route: "/api/global/users/init",
method: "POST", method: "POST",
}, },
@ -46,6 +47,10 @@ const PUBLIC_ENDPOINTS = [
route: "api/system/flags", route: "api/system/flags",
method: "GET", method: "GET",
}, },
{
route: "/api/global/users/tenant/:id",
method: "GET",
},
] ]
const NO_TENANCY_ENDPOINTS = [ const NO_TENANCY_ENDPOINTS = [

2
packages/worker/src/api/routes/global/users.js
View File

@ -94,7 +94,7 @@ router
controller.adminUser controller.adminUser
) )
.get("/api/global/users/self", controller.getSelf) .get("/api/global/users/self", controller.getSelf)
.get("/api/global/users/tenant/:id", adminOnly, controller.tenantLookup) .get("/api/global/users/tenant/:id", controller.tenantLookup)
// global endpoint but needs to come at end (blocks other endpoints otherwise) // global endpoint but needs to come at end (blocks other endpoints otherwise)
.get("/api/global/users/:id", adminOnly, controller.find) .get("/api/global/users/:id", adminOnly, controller.find)

9
packages/worker/src/index.js
View File

@ -6,6 +6,7 @@ const Koa = require("koa")
const destroyable = require("server-destroy") const destroyable = require("server-destroy")
const koaBody = require("koa-body") const koaBody = require("koa-body")
const koaSession = require("koa-session") const koaSession = require("koa-session")
const cors = require("@koa/cors")
const { passport } = require("@budibase/auth").auth const { passport } = require("@budibase/auth").auth
const logger = require("koa-pino-logger") const logger = require("koa-pino-logger")
const http = require("http") const http = require("http")
@ -14,6 +15,14 @@ const redis = require("./utilities/redis")
const app = new Koa() const app = new Koa()
// TODO: Remove this when using envoy / nginx
const accountPortalCors = {
origin: "http://localhost:3001",
credentials: true,
}
app.use(cors(accountPortalCors))
app.keys = ["secret", "key"] app.keys = ["secret", "key"]
// set up top level koa middleware // set up top level koa middleware

7
packages/worker/yarn.lock
View File

@ -499,6 +499,13 @@
"@types/yargs" "^15.0.0" "@types/yargs" "^15.0.0"
chalk "^4.0.0" chalk "^4.0.0"
"@koa/cors@^3.1.0":
version "3.1.0"
resolved "https://registry.yarnpkg.com/@koa/cors/-/cors-3.1.0.tgz#618bb073438cfdbd3ebd0e648a76e33b84f3a3b2"
integrity sha512-7ulRC1da/rBa6kj6P4g2aJfnET3z8Uf3SWu60cjbtxTA5g8lxRdX/Bd2P92EagGwwAhANeNw8T8if99rJliR6Q==
dependencies:
vary "^1.1.2"
"@koa/router@^8.0.0": "@koa/router@^8.0.0":
version "8.0.8" version "8.0.8"
resolved "https://registry.yarnpkg.com/@koa/router/-/router-8.0.8.tgz#95f32d11373d03d89dcb63fabe9ac6f471095236" resolved "https://registry.yarnpkg.com/@koa/router/-/router-8.0.8.tgz#95f32d11373d03d89dcb63fabe9ac6f471095236"