Refactoring how endpoints are specified so that the middlewares can be applied in a more generic fashion.

packages/backend-core/src/security/permissions.js

@@ -10,6 +10,7 @@ const PermissionLevels = {
 
 // these are the global types, that govern the underlying default behaviour
 const PermissionTypes = {
+  APP: "app",
   TABLE: "table",
   USER: "user",
   AUTOMATION: "automation",

packages/server/src/api/controllers/public/rows.js

@@ -20,7 +20,6 @@ function fixRow(row, params) {
 
 exports.search = async ctx => {
   await rowController.search(ctx)
-  console.log(ctx.body)
 }
 
 exports.create = ctx => {

packages/server/src/api/routes/public/applications.js

@@ -1,7 +1,8 @@
-const Router = require("@koa/router")
 const controller = require("../../controllers/public/applications")
+const Endpoint = require("./utils/Endpoint")
 
-const router = Router()
+const read = [],
+  write = []
 
 /**
  * @openapi
@@ -34,7 +35,7 @@ const router = Router()
  *               applications:
  *                 $ref: '#/components/examples/applications'
  */
-router.post("/applications/search", controller.search)
+read.push(new Endpoint("post", "/applications/search", controller.search))
 
 /**
  * @openapi
@@ -62,7 +63,7 @@ router.post("/applications/search", controller.search)
  *               application:
  *                 $ref: '#/components/examples/application'
  */
-router.post("/applications", controller.create)
+write.push(new Endpoint("post", "/applications", controller.create))
 
 /**
  * @openapi
@@ -90,7 +91,7 @@ router.post("/applications", controller.create)
  *               application:
  *                 $ref: '#/components/examples/application'
  */
-router.put("/applications/:appId", controller.update)
+write.push(new Endpoint("put", "/applications/:appId", controller.update))
 
 /**
  * @openapi
@@ -112,7 +113,7 @@ router.put("/applications/:appId", controller.update)
  *               application:
  *                 $ref: '#/components/examples/application'
  */
-router.delete("/applications/:appId", controller.delete)
+write.push(new Endpoint("delete", "/applications/:appId", controller.delete))
 
 /**
  * @openapi
@@ -134,6 +135,6 @@ router.delete("/applications/:appId", controller.delete)
  *               application:
  *                 $ref: '#/components/examples/application'
  */
-router.get("/applications/:appId", controller.read)
+read.push(new Endpoint("get", "/applications/:appId", controller.read))
 
-module.exports = router
+module.exports = { read, write }

packages/server/src/api/routes/public/index.js

@@ -1,22 +1,55 @@
-const appRoute = require("./applications")
-const queryRoute = require("./queries")
-const tableRoute = require("./tables")
-const rowRoute = require("./rows")
-const userRoute = require("./users")
+const appEndpoints = require("./applications")
+const queryEndpoints = require("./queries")
+const tableEndpoints = require("./tables")
+const rowEndpoints = require("./rows")
+const userEndpoints = require("./users")
 const Router = require("@koa/router")
 const usage = require("../../../middleware/usageQuota")
+const authorized = require("../../../middleware/authorized")
+const {
+  paramResource,
+  paramSubResource,
+} = require("../../../middleware/resourceId")
+const {
+  PermissionLevels,
+  PermissionTypes,
+} = require("@budibase/backend-core/permissions")
 
 const PREFIX = "/api/public/v1"
-const ROUTES = [appRoute, queryRoute, tableRoute, rowRoute, userRoute]
 
-const router = new Router({
+const publicRouter = new Router({
   prefix: PREFIX,
 })
-for (let route of ROUTES) {
-  // apply usage to everything, middleware will work out whats needs it
-  route.use(usage)
-  router.use(route.routes())
-  router.use(route.allowedMethods())
+
+function addMiddleware(endpoints, middleware) {
+  for (let endpoint of endpoints) {
+    endpoint.addMiddleware(middleware)
+  }
 }
 
-module.exports = router
+function addToRouter(endpoints) {
+  for (let endpoint of endpoints) {
+    endpoint.apply(publicRouter)
+  }
+}
+
+function applyRoutes(endpoints, permType, resource, subResource = null) {
+  const paramMiddleware = subResource
+    ? paramSubResource(resource, subResource)
+    : paramResource(resource)
+  addMiddleware(endpoints.read, paramMiddleware)
+  addMiddleware(endpoints.write, paramMiddleware)
+  addMiddleware(endpoints.read, authorized(permType, PermissionLevels.READ))
+  addMiddleware(endpoints.write, authorized(permType, PermissionLevels.WRITE))
+  addMiddleware(endpoints.write, usage)
+  addToRouter(endpoints.read)
+  addToRouter(endpoints.write)
+}
+
+applyRoutes(rowEndpoints, PermissionTypes.TABLE, "tableId", "rowId")
+applyRoutes(appEndpoints, PermissionTypes.APP, "appId")
+applyRoutes(tableEndpoints, PermissionTypes.TABLE, "tableId")
+applyRoutes(userEndpoints, PermissionTypes.USER, "userId")
+applyRoutes(queryEndpoints, PermissionTypes.QUERY, "queryId")
+
+module.exports = publicRouter

packages/server/src/api/routes/public/queries.js

@@ -1,7 +1,8 @@
-const Router = require("@koa/router")
 const controller = require("../../controllers/public/queries")
+const Endpoint = require("./utils/Endpoint")
 
-const router = Router()
+const read = [],
+  write = []
 
 /**
  * @openapi
@@ -34,7 +35,7 @@ const router = Router()
  *               queries:
  *                 $ref: '#/components/examples/queries'
  */
-router.post("/queries/search", controller.search)
+read.push(new Endpoint("post", "/queries/search", controller.search))
 
 /**
  * @openapi
@@ -59,6 +60,6 @@ router.post("/queries/search", controller.search)
  *               query:
  *                 $ref: '#/components/examples/query'
  */
-router.post("/queries/:queryId", controller.execute)
+write.push(new Endpoint("post", "/queries/:queryId", controller.execute))
 
-module.exports = router
+module.exports = { read, write }

packages/server/src/api/routes/public/rows.js

@@ -1,15 +1,8 @@
-const Router = require("@koa/router")
 const controller = require("../../controllers/public/rows")
-const authorized = require("../../../middleware/authorized")
-const { paramSubResource } = require("../../../middleware/resourceId")
-const {
-  PermissionLevels,
-  PermissionTypes,
-} = require("@budibase/backend-core/permissions")
+const Endpoint = require("./utils/Endpoint")
 
-const router = Router()
-
-router.use(paramSubResource("tableId", "rowId"))
+const read = [],
+  write = []
 
 /**
  * @openapi
@@ -127,10 +120,8 @@ router.use(paramSubResource("tableId", "rowId"))
  *               search:
  *                 $ref: '#/components/examples/rows'
  */
-router.post(
-  "/tables/:tableId/rows/search",
-  authorized(PermissionTypes.TABLE, PermissionLevels.READ),
-  controller.search
+read.push(
+  new Endpoint("post", "/tables/:tableId/rows/search", controller.search)
 )
 
 /**
@@ -164,11 +155,7 @@ router.post(
  *               row:
  *                 $ref: '#/components/examples/row'
  */
-router.post(
-  "/tables/:tableId/rows",
-  authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
-  controller.create
-)
+write.push(new Endpoint("post", "/tables/:tableId/rows", controller.create))
 
 /**
  * @openapi
@@ -201,10 +188,8 @@ router.post(
  *               row:
  *                 $ref: '#/components/examples/row'
  */
-router.put(
-  "/tables/:tableId/rows/:rowId",
-  authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
-  controller.update
+write.push(
+  new Endpoint("put", "/tables/:tableId/rows/:rowId", controller.update)
 )
 
 /**
@@ -229,10 +214,8 @@ router.put(
  *               row:
  *                 $ref: '#/components/examples/row'
  */
-router.delete(
-  "/tables/:tableId/rows/:rowId",
-  authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
-  controller.delete
+write.push(
+  new Endpoint("delete", "/tables/:tableId/rows/:rowId", controller.delete)
 )
 
 /**
@@ -257,10 +240,6 @@ router.delete(
  *               row:
  *                 $ref: '#/components/examples/row'
  */
-router.get(
-  "/tables/:tableId/rows/:rowId",
-  authorized(PermissionTypes.TABLE, PermissionLevels.READ),
-  controller.read
-)
+read.push(new Endpoint("get", "/tables/:tableId/rows/:rowId", controller.read))
 
-module.exports = router
+module.exports = { read, write }

packages/server/src/api/routes/public/tables.js

@@ -1,7 +1,8 @@
-const Router = require("@koa/router")
 const controller = require("../../controllers/public/tables")
+const Endpoint = require("./utils/Endpoint")
 
-const router = Router()
+const read = [],
+  write = []
 
 /**
  * @openapi
@@ -34,7 +35,7 @@ const router = Router()
  *               tables:
  *                 $ref: '#/components/examples/tables'
  */
-router.post("/tables/search", controller.search)
+read.push(new Endpoint("post", "/tables/search", controller.search))
 
 /**
  * @openapi
@@ -65,7 +66,7 @@ router.post("/tables/search", controller.search)
  *               table:
  *                 $ref: '#/components/examples/table'
  */
-router.post("/tables", controller.create)
+write.push(new Endpoint("post", "/tables", controller.create))
 
 /**
  * @openapi
@@ -96,7 +97,7 @@ router.post("/tables", controller.create)
  *               table:
  *                 $ref: '#/components/examples/table'
  */
-router.put("/tables/:tableId", controller.update)
+write.push(new Endpoint("put", "/tables/:tableId", controller.update))
 
 /**
  * @openapi
@@ -119,7 +120,7 @@ router.put("/tables/:tableId", controller.update)
  *               table:
  *                 $ref: '#/components/examples/table'
  */
-router.delete("/tables/:tableId", controller.delete)
+write.push(new Endpoint("delete", "/tables/:tableId", controller.delete))
 
 /**
  * @openapi
@@ -142,6 +143,6 @@ router.delete("/tables/:tableId", controller.delete)
  *               table:
  *                 $ref: '#/components/examples/table'
  */
-router.get("/tables/:tableId", controller.read)
+read.push(new Endpoint("get", "/tables/:tableId", controller.read))
 
-module.exports = router
+module.exports = { read, write }

packages/server/src/api/routes/public/users.js

@@ -1,7 +1,8 @@
-const Router = require("@koa/router")
 const controller = require("../../controllers/public/users")
+const Endpoint = require("./utils/Endpoint")
 
-const router = Router()
+const read = [],
+  write = []
 
 /**
  * @openapi
@@ -31,7 +32,7 @@ const router = Router()
  *               users:
  *                 $ref: '#/components/examples/users'
  */
-router.post("/users/search", controller.search)
+read.push(new Endpoint("post", "/users/search", controller.search))
 
 /**
  * @openapi
@@ -59,7 +60,7 @@ router.post("/users/search", controller.search)
  *               user:
  *                 $ref: '#/components/examples/user'
  */
-router.post("/users", controller.create)
+write.push(new Endpoint("post", "/users", controller.create))
 
 /**
  * @openapi
@@ -88,7 +89,7 @@ router.post("/users", controller.create)
  *               user:
  *                 $ref: '#/components/examples/user'
  */
-router.put("/users/:userId", controller.update)
+write.push(new Endpoint("put", "/users/:userId", controller.update))
 
 /**
  * @openapi
@@ -111,7 +112,7 @@ router.put("/users/:userId", controller.update)
  *               user:
  *                 $ref: '#/components/examples/user'
  */
-router.delete("/users/:userId", controller.delete)
+write.push(new Endpoint("delete", "/users/:userId", controller.delete))
 
 /**
  * @openapi
@@ -134,6 +135,6 @@ router.delete("/users/:userId", controller.delete)
  *               user:
  *                 $ref: '#/components/examples/user'
  */
-router.get("/users/:userId", controller.read)
+read.push(new Endpoint("get", "/users/:userId", controller.read))
 
-module.exports = router
+module.exports = { read, write }

packages/server/src/api/routes/public/utils/Endpoint.js

@@ -0,0 +1,23 @@
+class Endpoint {
+  constructor(method, url, controller) {
+    this.method = method
+    this.url = url
+    this.controller = controller
+    this.middlewares = []
+  }
+
+  addMiddleware(middleware) {
+    this.middlewares.push(middleware)
+  }
+
+  apply(router) {
+    const method = this.method,
+      url = this.url
+    const middlewares = this.middlewares,
+      controller = this.controller
+    const params = [url, ...middlewares, controller]
+    router[method](...params)
+  }
+}
+
+module.exports = Endpoint