Merge branch 'next' of github.com:Budibase/budibase into spectrum-bbui

This commit is contained in:
Andrew Kingston 2021-04-28 15:53:07 +01:00
commit 9c903feed0
173 changed files with 9332 additions and 1430 deletions

1
.eslintignore Normal file
View File

@ -0,0 +1 @@
packages/server/builder/**/*.js

View File

@ -14,6 +14,13 @@ Budibase is a monorepo managed by [lerna](https://github.com/lerna/lerna). Lerna
- **packages/server** - The budibase server. This [Koa](https://koajs.com/) app is responsible for serving the JS for the builder and budibase apps, as well as providing the API for interaction with the database and file system. - **packages/server** - The budibase server. This [Koa](https://koajs.com/) app is responsible for serving the JS for the builder and budibase apps, as well as providing the API for interaction with the database and file system.
## Contributor License Agreement (CLA)
In order to accept your pull request, we need you to submit a CLA. You only need to do this once. If you are submitting a pull request for the first time, just submit a Pull Request and our CLA Bot will give you instructions on how to sign the CLA before merging your Pull Request.
All contributors must sign an [Individual Contributor License Agreement](https://github.com/budibase/budibase/blob/next/.github/cla/individual-cla.md).
If contributing on behalf of your company, your company must sign a [Corporate Contributor License Agreement](https://github.com/budibase/budibase/blob/next/.github/cla/corporate-cla.md). If so, please contact us via community@budibase.com.
## Glossary of Terms ## Glossary of Terms

23
.github/cla/corporate-cla.md vendored Normal file
View File

@ -0,0 +1,23 @@
# Software Grant and Corporate Contributor License Agreement ("Agreement"), v1.0
You accept and agree to the following terms and conditions for Your present and future Contributions submitted to Budibase, Inc. ("Budibase"). Except for the license granted herein to Budibase and recipients of software distributed by Budibase, You reserve all right, title, and interest in and to Your Contributions.
1. Definitions.
"You" (or "Your") shall mean the copyright owner or legal entity authorized by the copyright owner that is making this Agreement with Budibase. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"Contribution" shall mean the code, documentation or other original works of authorship expressly identified in Schedule B, as well as any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to Budibase for inclusion in, or documentation of, any of the products owned or managed by Budibase (the "Work"). For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to Budibase or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Budibase for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution."
2. Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to Budibase and to recipients of software distributed by Budibase a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
3. Grant of Patent License. Subject to the terms and conditions of this Agreement, You hereby grant to Budibase and to recipients of software distributed by Budibase a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
4. You represent that You are legally entitled to grant the above license. You represent further that each employee of the Corporation designated on Schedule A below (or in a subsequent written modification to that Schedule) is authorized to submit Contributions on behalf of the Corporation.
5. You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of others).
6. You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
7. Should You wish to submit work that is not Your original creation, You may submit it to Budibase separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as "Submitted on behalf of a third-party: [named here]".
8. It is your responsibility to notify Budibase when any change is required to the list of designated employees authorized to submit Contributions on behalf of the Corporation, or to the Corporation's Point of Contact with Budibase.

23
.github/cla/individual-cla.md vendored Normal file
View File

@ -0,0 +1,23 @@
# Individual Contributor License Agreement ("Agreement"), v1.0
Thank you for your interest in contributing to open-source software projects (“Projects”) made available by Budibase Inc, or its affiliates (“Budibase”). This Individual Contributor License Agreement (“Agreement”) sets out the terms governing any source code, object code, bug fixes, configuration changes, tools, specifications, documentation, data, materials, feedback, information or other works of authorship that you submit or have submitted, in any form and in any manner, to Budibase in respect of any of the Projects (collectively “Contributions”). If you have any questions respecting this Agreement, please contact community@budibase.com.
You accept and agree to the following terms and conditions for Your past, present, and future Contributions submitted to Budibase, Inc. ("Budibase"). Except for the license granted herein to Budibase and recipients of software distributed by Budibase, You reserve all right, title, and interest in and to Your Contributions.
1. Definitions. "You" (or "Your") shall mean the copyright owner or legal entity authorized by the copyright owner that is making this Agreement with Budibase. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "Contribution" shall mean any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to Budibase for inclusion in, or documentation of, any of the products owned or managed by Budibase (the "Work"). For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to Budibase or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Budibase for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution."
2. Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to Budibase and to recipients of software distributed by Budibase a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
3. Grant of Patent License. Subject to the terms and conditions of this Agreement, You hereby grant to Budibase and to recipients of software distributed by Budibase a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes a direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
4. You represent that you are legally entitled to grant the above license. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to Budibase, or that your employer has executed a separate Corporate CLA with Budibase.
5. You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of others). You represent that Your Contribution submissions include complete details of any third-party license or other restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which are associated with any part of Your Contributions.
6. You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
7. Should You wish to submit work that is not Your original creation, You may submit it to Budibase separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as "Submitted on behalf of a third-party: [named here]".
8. You agree to notify Budibase of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.

20
.github/cla/signatures.json vendored Normal file
View File

@ -0,0 +1,20 @@
{
"signedContributors": [
{
"name": "shogunpurple",
"id": 11256663,
"comment_id": 819645107,
"created_at": "2021-04-14T16:20:01Z",
"repoId": 190729906,
"pullRequestNo": 1383
},
{
"name": "mike12345567",
"id": 4407001,
"comment_id": 819645152,
"created_at": "2021-04-14T16:20:04Z",
"repoId": 190729906,
"pullRequestNo": 1383
}
]
}

36
.github/workflows/cla.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: "CLA Assistant"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]
jobs:
CLAssistant:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
# Beta Release
uses: cla-assistant/github-action@v2.1.2-beta
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# the below token should have repo scope and must be manually added by you in the repository's secret
PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
path-to-signatures: '.github/cla/signatures.json'
path-to-document: 'https://github.com/budibase/budibase/blob/next/.github/cla/individual-cla.md' # e.g. a CLA or a DCO document
# branch should not be protected
branch: 'next'
allowlist: user1,bot*
#below are the optional inputs - If the optional inputs are not given, then default values will be taken
#remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
#remote-repository-name: enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository)
#create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
#signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
custom-notsigned-prcomment: '<br/><br/>Thank you for your submission - we really appreciate it ❤️. Like many open-source projects, we ask that $you sign a [Contributor License Agreement](https://github.com/budibase/budibase/blob/next/.github/cla/individual-cla.md) before we can accept your contribution.<br/><br/>You can sign the CLA by just posting a Pull Request Comment, the same as the text below.<br/><br/>If you are contributing on behalf of a company, your company should contact us to sign a [Corporate Contributor License Agreement](https://github.com/budibase/budibase/blob/next/.github/cla/corporate-cla.md), via community@budibase.com.'
#custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
#custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
#lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
#use-dco-flag: true - If you are using DCO instead of CLA

View File

@ -1,6 +1,13 @@
name: Budibase Release name: Budibase Release
on: on:
workflow_dispatch:
inputs:
name:
description: 'Version'
required: false
default: '0.8'
# Trigger the workflow on push with tags, # Trigger the workflow on push with tags,
# but only for the master branch # but only for the master branch
push: push:

View File

@ -38,7 +38,7 @@
</a> </a>
<img src="https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg" alt="Code of conduct" /> <img src="https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg" alt="Code of conduct" />
<a href="https://codecov.io/gh/Budibase/budibase"> <a href="https://codecov.io/gh/Budibase/budibase">
<img src="https://codecov.io/gh/Budibase/budibase/branch/next/graph/badge.svg?token=E8W2ZFXQOH"/> <img src="https://codecov.io/gh/Budibase/budibase/graph/badge.svg?token=E8W2ZFXQOH"/>
</a> </a>
</p> </p>
@ -93,7 +93,7 @@ Watch "releases" of this repo to get notified of major updates, and give the sta
[![Stargazers over time](https://starchart.cc/Budibase/budibase.svg)](https://starchart.cc/Budibase/budibase) [![Stargazers over time](https://starchart.cc/Budibase/budibase.svg)](https://starchart.cc/Budibase/budibase)
If you are having issues between updates of the builder, please use the guide [here](https://github.com/Budibase/budibase/blob/master/CONTRIBUTING.md#troubleshooting) to clear down your environment. If you are having issues between updates of the builder, please use the guide [here](https://github.com/Budibase/budibase/blob/HEAD/.github/CONTRIBUTING.md#troubleshooting) to clear down your environment.
## 🏁 Getting Started with Budibase ## 🏁 Getting Started with Budibase
@ -131,7 +131,7 @@ Checkout our [Public Roadmap](https://github.com/Budibase/budibase/projects/10).
## ❗ Code of Conduct ## ❗ Code of Conduct
Budibase is dedicated to providing a welcoming, diverse, and harrassment-free experience for everyone. We expect everyone in the Budibase community to abide by our [**Code of Conduct**](https://github.com/Budibase/budibase/blob/master/.github/CODE_OF_CONDUCT.md). Please read it. Budibase is dedicated to providing a welcoming, diverse, and harrassment-free experience for everyone. We expect everyone in the Budibase community to abide by our [**Code of Conduct**](https://github.com/Budibase/budibase/blob/HEAD/.github/CODE_OF_CONDUCT.md). Please read it.
## 🙌 Contributing to Budibase ## 🙌 Contributing to Budibase
@ -143,13 +143,13 @@ A good place to start contributing, is the [First time issues project](https://g
### How the repository is organized ### How the repository is organized
Budibase is a monorepo managed by lerna. Lerna manages the building and publishing of the budibase packages. At a high level, here are the packages that make up Budibase. Budibase is a monorepo managed by lerna. Lerna manages the building and publishing of the budibase packages. At a high level, here are the packages that make up Budibase.
- [packages/builder](https://github.com/Budibase/budibase/tree/master/packages/builder) - contains code for the budibase builder client side svelte application. - [packages/builder](https://github.com/Budibase/budibase/tree/HEAD/packages/builder) - contains code for the budibase builder client side svelte application.
- [packages/client](https://github.com/Budibase/budibase/tree/master/packages/client) - A module that runs in the browser responsible for reading JSON definition and creating living, breathing web apps from it. - [packages/client](https://github.com/Budibase/budibase/tree/HEAD/packages/client) - A module that runs in the browser responsible for reading JSON definition and creating living, breathing web apps from it.
- [packages/server](https://github.com/Budibase/budibase/tree/master/packages/server) - The budibase server. This Koa app is responsible for serving the JS for the builder and budibase apps, as well as providing the API for interaction with the database and file system. - [packages/server](https://github.com/Budibase/budibase/tree/HEAD/packages/server) - The budibase server. This Koa app is responsible for serving the JS for the builder and budibase apps, as well as providing the API for interaction with the database and file system.
For more information, see [CONTRIBUTING.md](https://github.com/Budibase/budibase/blob/master/.github/CONTRIBUTING.md) For more information, see [CONTRIBUTING.md](https://github.com/Budibase/budibase/blob/HEAD/.github/CONTRIBUTING.md)
## 📝 License ## 📝 License

View File

@ -35,9 +35,10 @@ services:
environment: environment:
SELF_HOSTED: 1 SELF_HOSTED: 1
PORT: 4003 PORT: 4003
JWT_SECRET: ${JWT_SECRET}
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY} MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY} MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
RAW_MINIO_URL: http://minio-service:9000 MINIO_URL: http://minio-service:9000
COUCH_DB_USERNAME: ${COUCH_DB_USER} COUCH_DB_USERNAME: ${COUCH_DB_USER}
COUCH_DB_PASSWORD: ${COUCH_DB_PASSWORD} COUCH_DB_PASSWORD: ${COUCH_DB_PASSWORD}
COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984 COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984

View File

@ -26,6 +26,10 @@ static_resources:
cluster: redis-service cluster: redis-service
prefix_rewrite: "/" prefix_rewrite: "/"
- match: { prefix: "/api/admin/" }
route:
cluster: worker-dev
- match: { prefix: "/api/" } - match: { prefix: "/api/" }
route: route:
cluster: server-dev cluster: server-dev
@ -43,6 +47,10 @@ static_resources:
cluster: builder-dev cluster: builder-dev
prefix_rewrite: "/builder/" prefix_rewrite: "/builder/"
# special case in dev to redirect no path to builder
- match: { path: "/" }
redirect: { path_redirect: "/builder/" }
# minio is on the default route because this works # minio is on the default route because this works
# best, minio + AWS SDK doesn't handle path proxy # best, minio + AWS SDK doesn't handle path proxy
- match: { prefix: "/" } - match: { prefix: "/" }
@ -123,3 +131,17 @@ static_resources:
address: {{ address }} address: {{ address }}
port_value: 3000 port_value: 3000
- name: worker-dev
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: worker-dev
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: {{ address }}
port_value: 4002

View File

@ -26,6 +26,11 @@ static_resources:
route: route:
cluster: app-service cluster: app-service
# special case for worker admin API
- match: { path: "/api/admin" }
route:
cluster: worker-service
# special case for when API requests are made, can just forward, not to minio # special case for when API requests are made, can just forward, not to minio
- match: { prefix: "/api/" } - match: { prefix: "/api/" }
route: route:

View File

@ -1,5 +1,5 @@
{ {
"version": "0.8.9", "version": "0.8.16",
"npmClient": "yarn", "npmClient": "yarn",
"packages": [ "packages": [
"packages/*" "packages/*"

View File

@ -29,7 +29,7 @@
"clean": "lerna clean", "clean": "lerna clean",
"kill-port": "kill-port 4001", "kill-port": "kill-port 4001",
"dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1", "dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1",
"dev:noserver": "lerna link && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/server", "dev:noserver": "lerna link && lerna run dev:stack:up && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/server --ignore @budibase/worker",
"test": "lerna run test", "test": "lerna run test",
"lint": "eslint packages", "lint": "eslint packages",
"lint:fix": "eslint --fix packages", "lint:fix": "eslint --fix packages",

117
packages/auth/.gitignore vendored Normal file
View File

@ -0,0 +1,117 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# Snowpack dependency directory (https://snowpack.dev/)
web_modules/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variables file
.env
.env.test
# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
# Next.js build output
.next
out
# Nuxt.js build / generate output
.nuxt
dist
# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# TernJS port file
.tern-port
# Stores VSCode versions used for testing VSCode extensions
.vscode-test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*

1
packages/auth/README.md Normal file
View File

@ -0,0 +1 @@
# Budibase Authentication Library

View File

@ -0,0 +1,18 @@
{
"name": "@budibase/auth",
"version": "0.0.1",
"description": "Authentication middlewares for budibase builder and apps",
"main": "src/index.js",
"author": "Budibase",
"license": "AGPL-3.0",
"dependencies": {
"bcryptjs": "^2.4.3",
"jsonwebtoken": "^8.5.1",
"koa-passport": "^4.1.4",
"passport-google-auth": "^1.0.2",
"passport-google-oauth": "^2.0.0",
"passport-jwt": "^4.0.0",
"passport-local": "^1.0.0",
"uuid": "^8.3.2"
}
}

View File

@ -0,0 +1,16 @@
exports.UserStatus = {
ACTIVE: "active",
INACTIVE: "inactive",
}
exports.Cookies = {
CurrentApp: "budibase:currentapp",
Auth: "budibase:auth",
}
exports.GlobalRoles = {
OWNER: "owner",
ADMIN: "admin",
BUILDER: "builder",
GROUP_MANAGER: "group_manager",
}

View File

@ -0,0 +1,9 @@
let Pouch
module.exports.setDB = pouch => {
Pouch = pouch
}
module.exports.getDB = dbName => {
return new Pouch(dbName)
}

View File

@ -0,0 +1,162 @@
const { newid } = require("../hashing")
exports.ViewNames = {
USER_BY_EMAIL: "by_email",
}
exports.StaticDatabases = {
GLOBAL: {
name: "global-db",
},
}
const DocumentTypes = {
USER: "us",
APP: "app",
GROUP: "group",
CONFIG: "config",
TEMPLATE: "template",
}
exports.DocumentTypes = DocumentTypes
const UNICODE_MAX = "\ufff0"
const SEPARATOR = "_"
exports.SEPARATOR = SEPARATOR
/**
* Generates a new group ID.
* @returns {string} The new group ID which the group doc can be stored under.
*/
exports.generateGroupID = () => {
return `${DocumentTypes.GROUP}${SEPARATOR}${newid()}`
}
/**
* Gets parameters for retrieving groups.
*/
exports.getGroupParams = (id = "", otherProps = {}) => {
return {
...otherProps,
startkey: `${DocumentTypes.GROUP}${SEPARATOR}${id}`,
endkey: `${DocumentTypes.GROUP}${SEPARATOR}${id}${UNICODE_MAX}`,
}
}
/**
* Generates a new global user ID.
* @returns {string} The new user ID which the user doc can be stored under.
*/
exports.generateGlobalUserID = id => {
return `${DocumentTypes.USER}${SEPARATOR}${id || newid()}`
}
/**
* Gets parameters for retrieving users.
*/
exports.getGlobalUserParams = (globalId, otherProps = {}) => {
if (!globalId) {
globalId = ""
}
return {
...otherProps,
startkey: `${DocumentTypes.USER}${SEPARATOR}${globalId}`,
endkey: `${DocumentTypes.USER}${SEPARATOR}${globalId}${UNICODE_MAX}`,
}
}
/**
* Generates a template ID.
* @param ownerId The owner/user of the template, this could be global or a group level.
*/
exports.generateTemplateID = ownerId => {
return `${DocumentTypes.TEMPLATE}${SEPARATOR}${ownerId}${newid()}`
}
/**
* Gets parameters for retrieving templates. Owner ID must be specified, either global or a group level.
*/
exports.getTemplateParams = (ownerId, templateId, otherProps = {}) => {
if (!templateId) {
templateId = ""
}
let final
if (templateId) {
final = templateId
} else {
final = `${DocumentTypes.TEMPLATE}${SEPARATOR}${ownerId}${SEPARATOR}`
}
return {
...otherProps,
startkey: final,
endkey: `${final}${UNICODE_MAX}`,
}
}
/**
* Generates a new configuration ID.
* @returns {string} The new configuration ID which the config doc can be stored under.
*/
const generateConfigID = ({ type, group, user }) => {
const scope = [type, group, user].filter(Boolean).join(SEPARATOR)
return `${DocumentTypes.CONFIG}${SEPARATOR}${scope}`
}
/**
* Gets parameters for retrieving configurations.
*/
const getConfigParams = ({ type, group, user }, otherProps = {}) => {
const scope = [type, group, user].filter(Boolean).join(SEPARATOR)
return {
...otherProps,
startkey: `${DocumentTypes.CONFIG}${SEPARATOR}${scope}`,
endkey: `${DocumentTypes.CONFIG}${SEPARATOR}${scope}${UNICODE_MAX}`,
}
}
/**
* Returns the most granular configuration document from the DB based on the type, group and userID passed.
* @param {Object} db - db instance to query
* @param {Object} scopes - the type, group and userID scopes of the configuration.
* @returns The most granular configuration document based on the scope.
*/
const determineScopedConfig = async function(db, { type, user, group }) {
const response = await db.allDocs(
getConfigParams(
{ type, user, group },
{
include_docs: true,
}
)
)
const configs = response.rows.map(row => {
const config = row.doc
// Config is specific to a user and a group
if (config._id.includes(generateConfigID({ type, user, group }))) {
config.score = 4
} else if (config._id.includes(generateConfigID({ type, user }))) {
// Config is specific to a user only
config.score = 3
} else if (config._id.includes(generateConfigID({ type, group }))) {
// Config is specific to a group only
config.score = 2
} else if (config._id.includes(generateConfigID({ type }))) {
// Config is specific to a type only
config.score = 1
}
return config
})
// Find the config with the most granular scope based on context
const scopedConfig = configs.sort((a, b) => b.score - a.score)[0]
return scopedConfig
}
exports.generateConfigID = generateConfigID
exports.getConfigParams = getConfigParams
exports.determineScopedConfig = determineScopedConfig

View File

@ -0,0 +1,35 @@
const { DocumentTypes, ViewNames, StaticDatabases } = require("./utils")
const { getDB } = require("./index")
function DesignDoc() {
return {
_id: "_design/database",
// view collation information, read before writing any complex views:
// https://docs.couchdb.org/en/master/ddocs/views/collation.html#collation-specification
views: {},
}
}
exports.createUserEmailView = async () => {
const db = getDB(StaticDatabases.GLOBAL.name)
let designDoc
try {
designDoc = await db.get("_design/database")
} catch (err) {
// no design doc, make one
designDoc = DesignDoc()
}
const view = {
// if using variables in a map function need to inject them before use
map: `function(doc) {
if (doc._id.startsWith("${DocumentTypes.USER}")) {
emit(doc.email, doc._id)
}
}`,
}
designDoc.views = {
...designDoc.views,
[ViewNames.USER_BY_EMAIL]: view,
}
await db.put(designDoc)
}

View File

@ -0,0 +1,5 @@
module.exports = {
JWT_SECRET: process.env.JWT_SECRET,
COUCH_DB_URL: process.env.COUCH_DB_URL,
SALT_ROUNDS: process.env.SALT_ROUNDS,
}

View File

@ -0,0 +1,18 @@
const bcrypt = require("bcryptjs")
const env = require("./environment")
const { v4 } = require("uuid")
const SALT_ROUNDS = env.SALT_ROUNDS || 10
exports.hash = async data => {
const salt = await bcrypt.genSalt(SALT_ROUNDS)
return bcrypt.hash(data, salt)
}
exports.compare = async (data, encrypted) => {
return bcrypt.compare(data, encrypted)
}
exports.newid = function() {
return v4().replace(/-/g, "")
}

View File

@ -0,0 +1,43 @@
const passport = require("koa-passport")
const LocalStrategy = require("passport-local").Strategy
const JwtStrategy = require("passport-jwt").Strategy
const { StaticDatabases } = require("./db/utils")
const { jwt, local, authenticated, google } = require("./middleware")
const { setDB, getDB } = require("./db")
// Strategies
passport.use(new LocalStrategy(local.options, local.authenticate))
passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
passport.serializeUser((user, done) => done(null, user))
passport.deserializeUser(async (user, done) => {
const db = getDB(StaticDatabases.GLOBAL.name)
try {
const user = await db.get(user._id)
return done(null, user)
} catch (err) {
console.error("User not found", err)
return done(null, false, { message: "User not found" })
}
})
module.exports = {
init(pouch) {
setDB(pouch)
},
db: require("./db/utils"),
utils: {
...require("./utils"),
...require("./hashing"),
},
auth: {
buildAuthMiddleware: authenticated,
passport,
google,
jwt: require("jsonwebtoken"),
},
StaticDatabases,
constants: require("./constants"),
}

View File

@ -0,0 +1,39 @@
const { Cookies } = require("../constants")
const database = require("../db")
const { getCookie, clearCookie } = require("../utils")
const { StaticDatabases } = require("../db/utils")
module.exports = (noAuthPatterns = []) => {
const regex = new RegExp(noAuthPatterns.join("|"))
return async (ctx, next) => {
// the path is not authenticated
if (regex.test(ctx.request.url)) {
return next()
}
try {
// check the actual user is authenticated first
const authCookie = getCookie(ctx, Cookies.Auth)
if (authCookie) {
try {
const db = database.getDB(StaticDatabases.GLOBAL.name)
const user = await db.get(authCookie.userId)
delete user.password
ctx.isAuthenticated = true
ctx.user = user
} catch (err) {
// remove the cookie as the use does not exist anymore
clearCookie(ctx, Cookies.Auth)
}
}
// be explicit
if (ctx.isAuthenticated !== true) {
ctx.isAuthenticated = false
}
return next()
} catch (err) {
ctx.throw(err.status || 403, err)
}
}
}

View File

@ -0,0 +1,11 @@
const jwt = require("./passport/jwt")
const local = require("./passport/local")
const google = require("./passport/google")
const authenticated = require("./authenticated")
module.exports = {
google,
jwt,
local,
authenticated,
}

View File

@ -0,0 +1,76 @@
const env = require("../../environment")
const jwt = require("jsonwebtoken")
const database = require("../../db")
const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
const { StaticDatabases, generateGlobalUserID } = require("../../db/utils")
async function authenticate(token, tokenSecret, profile, done) {
// Check the user exists in the instance DB by email
const db = database.getDB(StaticDatabases.GLOBAL.name)
let dbUser
const userId = generateGlobalUserID(profile.id)
try {
// use the google profile id
dbUser = await db.get(userId)
} catch (err) {
console.error("Google user not found. Creating..")
// create the user
const user = {
_id: userId,
provider: profile.provider,
roles: {},
builder: {
global: true,
},
...profile._json,
}
const response = await db.post(user)
dbUser = user
dbUser._rev = response.rev
}
// authenticate
const payload = {
userId: dbUser._id,
builder: dbUser.builder,
email: dbUser.email,
}
dbUser.token = jwt.sign(payload, env.JWT_SECRET, {
expiresIn: "1 day",
})
return done(null, dbUser)
}
/**
* Create an instance of the google passport strategy. This wrapper fetches the configuration
* from couchDB rather than environment variables, using this factory is necessary for dynamically configuring passport.
* @returns Dynamically configured Passport Google Strategy
*/
exports.strategyFactory = async function(config) {
try {
const { clientID, clientSecret, callbackURL } = config
if (!clientID || !clientSecret || !callbackURL) {
throw new Error(
"Configuration invalid. Must contain google clientID, clientSecret and callbackURL"
)
}
return new GoogleStrategy(
{
clientID: config.clientID,
clientSecret: config.clientSecret,
callbackURL: config.callbackURL,
},
authenticate
)
} catch (err) {
console.error(err)
throw new Error("Error constructing google authentication strategy", err)
}
}

View File

@ -0,0 +1,17 @@
const { Cookies } = require("../../constants")
const env = require("../../environment")
exports.options = {
secretOrKey: env.JWT_SECRET,
jwtFromRequest: function(ctx) {
return ctx.cookies.get(Cookies.Auth)
},
}
exports.authenticate = async function(jwt, done) {
try {
return done(null, jwt)
} catch (err) {
return done(new Error("JWT invalid."), false)
}
}

View File

@ -0,0 +1,48 @@
const jwt = require("jsonwebtoken")
const { UserStatus } = require("../../constants")
const { compare } = require("../../hashing")
const env = require("../../environment")
const { getGlobalUserByEmail } = require("../../utils")
const INVALID_ERR = "Invalid Credentials"
exports.options = {}
/**
* Passport Local Authentication Middleware.
* @param {*} email - username to login with
* @param {*} password - plain text password to log in with
* @param {*} done - callback from passport to return user information and errors
* @returns The authenticated user, or errors if they occur
*/
exports.authenticate = async function(email, password, done) {
if (!email) return done(null, false, "Email Required.")
if (!password) return done(null, false, "Password Required.")
const dbUser = await getGlobalUserByEmail(email)
if (dbUser == null) {
return done(null, false, { message: "User not found" })
}
// check that the user is currently inactive, if this is the case throw invalid
if (dbUser.status === UserStatus.INACTIVE) {
return done(null, false, { message: INVALID_ERR })
}
// authenticate
if (await compare(password, dbUser.password)) {
const payload = {
userId: dbUser._id,
}
dbUser.token = jwt.sign(payload, env.JWT_SECRET, {
expiresIn: "1 day",
})
// Remove users password in payload
delete dbUser.password
return done(null, dbUser)
} else {
done(new Error(INVALID_ERR), false)
}
}

127
packages/auth/src/utils.js Normal file
View File

@ -0,0 +1,127 @@
const {
DocumentTypes,
SEPARATOR,
ViewNames,
StaticDatabases,
} = require("./db/utils")
const jwt = require("jsonwebtoken")
const { options } = require("./middleware/passport/jwt")
const { createUserEmailView } = require("./db/views")
const { getDB } = require("./db")
const APP_PREFIX = DocumentTypes.APP + SEPARATOR
function confirmAppId(possibleAppId) {
return possibleAppId && possibleAppId.startsWith(APP_PREFIX)
? possibleAppId
: undefined
}
/**
* Given a request tries to find the appId, which can be located in various places
* @param {object} ctx The main request body to look through.
* @returns {string|undefined} If an appId was found it will be returned.
*/
exports.getAppId = ctx => {
const options = [ctx.headers["x-budibase-app-id"], ctx.params.appId]
if (ctx.subdomains) {
options.push(ctx.subdomains[1])
}
let appId
for (let option of options) {
appId = confirmAppId(option)
if (appId) {
break
}
}
// look in body if can't find it in subdomain
if (!appId && ctx.request.body && ctx.request.body.appId) {
appId = confirmAppId(ctx.request.body.appId)
}
let appPath =
ctx.request.headers.referrer ||
ctx.path.split("/").filter(subPath => subPath.startsWith(APP_PREFIX))
if (!appId && appPath.length !== 0) {
appId = confirmAppId(appPath[0])
}
return appId
}
/**
* Get a cookie from context, and decrypt if necessary.
* @param {object} ctx The request which is to be manipulated.
* @param {string} name The name of the cookie to get.
*/
exports.getCookie = (ctx, name) => {
const cookie = ctx.cookies.get(name)
if (!cookie) {
return cookie
}
return jwt.verify(cookie, options.secretOrKey)
}
/**
* Store a cookie for the request, has a hardcoded expiry.
* @param {object} ctx The request which is to be manipulated.
* @param {string} name The name of the cookie to set.
* @param {string|object} value The value of cookie which will be set.
*/
exports.setCookie = (ctx, value, name = "builder") => {
const expires = new Date()
expires.setDate(expires.getDate() + 1)
if (!value) {
ctx.cookies.set(name)
} else {
value = jwt.sign(value, options.secretOrKey, {
expiresIn: "1 day",
})
ctx.cookies.set(name, value, {
expires,
path: "/",
httpOnly: false,
overwrite: true,
})
}
}
/**
* Utility function, simply calls setCookie with an empty string for value
*/
exports.clearCookie = (ctx, name) => {
exports.setCookie(ctx, null, name)
}
/**
* Checks if the API call being made (based on the provided ctx object) is from the client. If
* the call is not from a client app then it is from the builder.
* @param {object} ctx The koa context object to be tested.
* @return {boolean} returns true if the call is from the client lib (a built app rather than the builder).
*/
exports.isClient = ctx => {
return ctx.headers["x-budibase-type"] === "client"
}
exports.getGlobalUserByEmail = async email => {
const db = getDB(StaticDatabases.GLOBAL.name)
try {
let users = (
await db.query(`database/${ViewNames.USER_BY_EMAIL}`, {
key: email,
include_docs: true,
})
).rows
users = users.map(user => user.doc)
return users.length <= 1 ? users[0] : users
} catch (err) {
if (err != null && err.name === "not_found") {
await createUserEmailView()
return exports.getGlobalUserByEmail(email)
} else {
throw err
}
}
}

599
packages/auth/yarn.lock Normal file
View File

@ -0,0 +1,599 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
ajv@^6.12.3:
version "6.12.6"
resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==
dependencies:
fast-deep-equal "^3.1.1"
fast-json-stable-stringify "^2.0.0"
json-schema-traverse "^0.4.1"
uri-js "^4.2.2"
asn1@~0.2.3:
version "0.2.4"
resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==
dependencies:
safer-buffer "~2.1.0"
assert-plus@1.0.0, assert-plus@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=
async@~2.1.4:
version "2.1.5"
resolved "https://registry.yarnpkg.com/async/-/async-2.1.5.tgz#e587c68580994ac67fc56ff86d3ac56bdbe810bc"
integrity sha1-5YfGhYCZSsZ/xW/4bTrFa9voELw=
dependencies:
lodash "^4.14.0"
asynckit@^0.4.0:
version "0.4.0"
resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
integrity sha1-x57Zf380y48robyXkLzDZkdLS3k=
aws-sign2@~0.7.0:
version "0.7.0"
resolved "https://registry.yarnpkg.com/aws-sign2/-/aws-sign2-0.7.0.tgz#b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"
integrity sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=
aws4@^1.8.0:
version "1.11.0"
resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.11.0.tgz#d61f46d83b2519250e2784daf5b09479a8b41c59"
integrity sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==
base64url@3.x.x:
version "3.0.1"
resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
bcrypt-pbkdf@^1.0.0:
version "1.0.2"
resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=
dependencies:
tweetnacl "^0.14.3"
bcryptjs@^2.4.3:
version "2.4.3"
resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb"
integrity sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms=
buffer-equal-constant-time@1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819"
integrity sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=
caseless@~0.12.0:
version "0.12.0"
resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc"
integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=
combined-stream@^1.0.6, combined-stream@~1.0.6:
version "1.0.8"
resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
dependencies:
delayed-stream "~1.0.0"
core-util-is@1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
dashdash@^1.12.0:
version "1.14.1"
resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"
integrity sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=
dependencies:
assert-plus "^1.0.0"
delayed-stream@~1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
integrity sha1-3zrhmayt+31ECqrgsp4icrJOxhk=
ecc-jsbn@~0.1.1:
version "0.1.2"
resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9"
integrity sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=
dependencies:
jsbn "~0.1.0"
safer-buffer "^2.1.0"
ecdsa-sig-formatter@1.0.11:
version "1.0.11"
resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz#ae0f0fa2d85045ef14a817daa3ce9acd0489e5bf"
integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==
dependencies:
safe-buffer "^5.0.1"
extend@~3.0.2:
version "3.0.2"
resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
extsprintf@1.3.0:
version "1.3.0"
resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05"
integrity sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=
extsprintf@^1.2.0:
version "1.4.0"
resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f"
integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8=
fast-deep-equal@^3.1.1:
version "3.1.3"
resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525"
integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==
fast-json-stable-stringify@^2.0.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==
forever-agent@~0.6.1:
version "0.6.1"
resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=
form-data@~2.3.2:
version "2.3.3"
resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.3.3.tgz#dcce52c05f644f298c6a7ab936bd724ceffbf3a6"
integrity sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==
dependencies:
asynckit "^0.4.0"
combined-stream "^1.0.6"
mime-types "^2.1.12"
getpass@^0.1.1:
version "0.1.7"
resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
integrity sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=
dependencies:
assert-plus "^1.0.0"
google-auth-library@~0.10.0:
version "0.10.0"
resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-0.10.0.tgz#6e15babee85fd1dd14d8d128a295b6838d52136e"
integrity sha1-bhW6vuhf0d0U2NEoopW2g41SE24=
dependencies:
gtoken "^1.2.1"
jws "^3.1.4"
lodash.noop "^3.0.1"
request "^2.74.0"
google-p12-pem@^0.1.0:
version "0.1.2"
resolved "https://registry.yarnpkg.com/google-p12-pem/-/google-p12-pem-0.1.2.tgz#33c46ab021aa734fa0332b3960a9a3ffcb2f3177"
integrity sha1-M8RqsCGqc0+gMys5YKmj/8svMXc=
dependencies:
node-forge "^0.7.1"
googleapis@^16.0.0:
version "16.1.0"
resolved "https://registry.yarnpkg.com/googleapis/-/googleapis-16.1.0.tgz#0f19f2d70572d918881a0f626e3b1a2fa8629576"
integrity sha1-Dxny1wVy2RiIGg9ibjsaL6hilXY=
dependencies:
async "~2.1.4"
google-auth-library "~0.10.0"
string-template "~1.0.0"
gtoken@^1.2.1:
version "1.2.3"
resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-1.2.3.tgz#5509571b8afd4322e124cf66cf68115284c476d8"
integrity sha512-wQAJflfoqSgMWrSBk9Fg86q+sd6s7y6uJhIvvIPz++RElGlMtEqsdAR2oWwZ/WTEtp7P9xFbJRrT976oRgzJ/w==
dependencies:
google-p12-pem "^0.1.0"
jws "^3.0.0"
mime "^1.4.1"
request "^2.72.0"
har-schema@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
integrity sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=
har-validator@~5.1.3:
version "5.1.5"
resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-5.1.5.tgz#1f0803b9f8cb20c0fa13822df1ecddb36bde1efd"
integrity sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==
dependencies:
ajv "^6.12.3"
har-schema "^2.0.0"
http-signature@~1.2.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
dependencies:
assert-plus "^1.0.0"
jsprim "^1.2.2"
sshpk "^1.7.0"
is-typedarray@~1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
integrity sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=
isstream@~0.1.2:
version "0.1.2"
resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
integrity sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=
jsbn@~0.1.0:
version "0.1.1"
resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"
integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM=
json-schema-traverse@^0.4.1:
version "0.4.1"
resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660"
integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==
json-schema@0.2.3:
version "0.2.3"
resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=
json-stringify-safe@~5.0.1:
version "5.0.1"
resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=
jsonwebtoken@^8.2.0, jsonwebtoken@^8.5.1:
version "8.5.1"
resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==
dependencies:
jws "^3.2.2"
lodash.includes "^4.3.0"
lodash.isboolean "^3.0.3"
lodash.isinteger "^4.0.4"
lodash.isnumber "^3.0.3"
lodash.isplainobject "^4.0.6"
lodash.isstring "^4.0.1"
lodash.once "^4.0.0"
ms "^2.1.1"
semver "^5.6.0"
jsprim@^1.2.2:
version "1.4.1"
resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
integrity sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=
dependencies:
assert-plus "1.0.0"
extsprintf "1.3.0"
json-schema "0.2.3"
verror "1.10.0"
jwa@^1.4.1:
version "1.4.1"
resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.1.tgz#743c32985cb9e98655530d53641b66c8645b039a"
integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==
dependencies:
buffer-equal-constant-time "1.0.1"
ecdsa-sig-formatter "1.0.11"
safe-buffer "^5.0.1"
jws@^3.0.0, jws@^3.1.4, jws@^3.2.2:
version "3.2.2"
resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304"
integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==
dependencies:
jwa "^1.4.1"
safe-buffer "^5.0.1"
koa-passport@^4.1.4:
version "4.1.4"
resolved "https://registry.yarnpkg.com/koa-passport/-/koa-passport-4.1.4.tgz#5f1665c1c2a37ace79af9f970b770885ca30ccfa"
integrity sha512-dJBCkl4X+zdYxbI2V2OtoGy0PUenpvp2ZLLWObc8UJhsId0iQpTFT8RVcuA0709AL2txGwRHnSPoT1bYNGa6Kg==
dependencies:
passport "^0.4.0"
lodash.includes@^4.3.0:
version "4.3.0"
resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
integrity sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=
lodash.isboolean@^3.0.3:
version "3.0.3"
resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=
lodash.isinteger@^4.0.4:
version "4.0.4"
resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
integrity sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=
lodash.isnumber@^3.0.3:
version "3.0.3"
resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
integrity sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=
lodash.isplainobject@^4.0.6:
version "4.0.6"
resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=
lodash.isstring@^4.0.1:
version "4.0.1"
resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
lodash.noop@^3.0.1:
version "3.0.1"
resolved "https://registry.yarnpkg.com/lodash.noop/-/lodash.noop-3.0.1.tgz#38188f4d650a3a474258439b96ec45b32617133c"
integrity sha1-OBiPTWUKOkdCWEObluxFsyYXEzw=
lodash.once@^4.0.0:
version "4.1.1"
resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=
lodash@^4.14.0:
version "4.17.21"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
mime-db@1.47.0:
version "1.47.0"
resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.47.0.tgz#8cb313e59965d3c05cfbf898915a267af46a335c"
integrity sha512-QBmA/G2y+IfeS4oktet3qRZ+P5kPhCKRXxXnQEudYqUaEioAU1/Lq2us3D/t1Jfo4hE9REQPrbB7K5sOczJVIw==
mime-types@^2.1.12, mime-types@~2.1.19:
version "2.1.30"
resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.30.tgz#6e7be8b4c479825f85ed6326695db73f9305d62d"
integrity sha512-crmjA4bLtR8m9qLpHvgxSChT+XoSlZi8J4n/aIdn3z92e/U47Z0V/yl+Wh9W046GgFVAmoNR/fmdbZYcSSIUeg==
dependencies:
mime-db "1.47.0"
mime@^1.4.1:
version "1.6.0"
resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
ms@^2.1.1:
version "2.1.3"
resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
node-forge@^0.7.1:
version "0.7.6"
resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac"
integrity sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==
oauth-sign@~0.9.0:
version "0.9.0"
resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455"
integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==
oauth@0.9.x:
version "0.9.15"
resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.15.tgz#bd1fefaf686c96b75475aed5196412ff60cfb9c1"
integrity sha1-vR/vr2hslrdUda7VGWQS/2DPucE=
passport-google-auth@^1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/passport-google-auth/-/passport-google-auth-1.0.2.tgz#8b300b5aa442ef433de1d832ed3112877d0b2938"
integrity sha1-izALWqRC70M94dgy7TESh30LKTg=
dependencies:
googleapis "^16.0.0"
passport-strategy "1.x"
passport-google-oauth1@1.x.x:
version "1.0.0"
resolved "https://registry.yarnpkg.com/passport-google-oauth1/-/passport-google-oauth1-1.0.0.tgz#af74a803df51ec646f66a44d82282be6f108e0cc"
integrity sha1-r3SoA99R7GRvZqRNgigr5vEI4Mw=
dependencies:
passport-oauth1 "1.x.x"
passport-google-oauth20@2.x.x:
version "2.0.0"
resolved "https://registry.yarnpkg.com/passport-google-oauth20/-/passport-google-oauth20-2.0.0.tgz#0d241b2d21ebd3dc7f2b60669ec4d587e3a674ef"
integrity sha512-KSk6IJ15RoxuGq7D1UKK/8qKhNfzbLeLrG3gkLZ7p4A6DBCcv7xpyQwuXtWdpyR0+E0mwkpjY1VfPOhxQrKzdQ==
dependencies:
passport-oauth2 "1.x.x"
passport-google-oauth@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/passport-google-oauth/-/passport-google-oauth-2.0.0.tgz#f6eb4bc96dd6c16ec0ecfdf4e05ec48ca54d4dae"
integrity sha512-JKxZpBx6wBQXX1/a1s7VmdBgwOugohH+IxCy84aPTZNq/iIPX6u7Mqov1zY7MKRz3niFPol0KJz8zPLBoHKtYA==
dependencies:
passport-google-oauth1 "1.x.x"
passport-google-oauth20 "2.x.x"
passport-jwt@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/passport-jwt/-/passport-jwt-4.0.0.tgz#7f0be7ba942e28b9f5d22c2ebbb8ce96ef7cf065"
integrity sha512-BwC0n2GP/1hMVjR4QpnvqA61TxenUMlmfNjYNgK0ZAs0HK4SOQkHcSv4L328blNTLtHq7DbmvyNJiH+bn6C5Mg==
dependencies:
jsonwebtoken "^8.2.0"
passport-strategy "^1.0.0"
passport-local@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/passport-local/-/passport-local-1.0.0.tgz#1fe63268c92e75606626437e3b906662c15ba6ee"
integrity sha1-H+YyaMkudWBmJkN+O5BmYsFbpu4=
dependencies:
passport-strategy "1.x.x"
passport-oauth1@1.x.x:
version "1.1.0"
resolved "https://registry.yarnpkg.com/passport-oauth1/-/passport-oauth1-1.1.0.tgz#a7de988a211f9cf4687377130ea74df32730c918"
integrity sha1-p96YiiEfnPRoc3cTDqdN8ycwyRg=
dependencies:
oauth "0.9.x"
passport-strategy "1.x.x"
utils-merge "1.x.x"
passport-oauth2@1.x.x:
version "1.5.0"
resolved "https://registry.yarnpkg.com/passport-oauth2/-/passport-oauth2-1.5.0.tgz#64babbb54ac46a4dcab35e7f266ed5294e3c4108"
integrity sha512-kqBt6vR/5VlCK8iCx1/KpY42kQ+NEHZwsSyt4Y6STiNjU+wWICG1i8ucc1FapXDGO15C5O5VZz7+7vRzrDPXXQ==
dependencies:
base64url "3.x.x"
oauth "0.9.x"
passport-strategy "1.x.x"
uid2 "0.0.x"
utils-merge "1.x.x"
passport-strategy@1.x, passport-strategy@1.x.x, passport-strategy@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4"
integrity sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=
passport@^0.4.0:
version "0.4.1"
resolved "https://registry.yarnpkg.com/passport/-/passport-0.4.1.tgz#941446a21cb92fc688d97a0861c38ce9f738f270"
integrity sha512-IxXgZZs8d7uFSt3eqNjM9NQ3g3uQCW5avD8mRNoXV99Yig50vjuaez6dQK2qC0kVWPRTujxY0dWgGfT09adjYg==
dependencies:
passport-strategy "1.x.x"
pause "0.0.1"
pause@0.0.1:
version "0.0.1"
resolved "https://registry.yarnpkg.com/pause/-/pause-0.0.1.tgz#1d408b3fdb76923b9543d96fb4c9dfd535d9cb5d"
integrity sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10=
performance-now@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=
psl@^1.1.28:
version "1.8.0"
resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
integrity sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==
punycode@^2.1.0, punycode@^2.1.1:
version "2.1.1"
resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
qs@~6.5.2:
version "6.5.2"
resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"
integrity sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==
request@^2.72.0, request@^2.74.0:
version "2.88.2"
resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==
dependencies:
aws-sign2 "~0.7.0"
aws4 "^1.8.0"
caseless "~0.12.0"
combined-stream "~1.0.6"
extend "~3.0.2"
forever-agent "~0.6.1"
form-data "~2.3.2"
har-validator "~5.1.3"
http-signature "~1.2.0"
is-typedarray "~1.0.0"
isstream "~0.1.2"
json-stringify-safe "~5.0.1"
mime-types "~2.1.19"
oauth-sign "~0.9.0"
performance-now "^2.1.0"
qs "~6.5.2"
safe-buffer "^5.1.2"
tough-cookie "~2.5.0"
tunnel-agent "^0.6.0"
uuid "^3.3.2"
safe-buffer@^5.0.1, safe-buffer@^5.1.2:
version "5.2.1"
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
version "2.1.2"
resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
semver@^5.6.0:
version "5.7.1"
resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
sshpk@^1.7.0:
version "1.16.1"
resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==
dependencies:
asn1 "~0.2.3"
assert-plus "^1.0.0"
bcrypt-pbkdf "^1.0.0"
dashdash "^1.12.0"
ecc-jsbn "~0.1.1"
getpass "^0.1.1"
jsbn "~0.1.0"
safer-buffer "^2.0.2"
tweetnacl "~0.14.0"
string-template@~1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/string-template/-/string-template-1.0.0.tgz#9e9f2233dc00f218718ec379a28a5673ecca8b96"
integrity sha1-np8iM9wA8hhxjsN5oopWc+zKi5Y=
tough-cookie@~2.5.0:
version "2.5.0"
resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-2.5.0.tgz#cd9fb2a0aa1d5a12b473bd9fb96fa3dcff65ade2"
integrity sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==
dependencies:
psl "^1.1.28"
punycode "^2.1.1"
tunnel-agent@^0.6.0:
version "0.6.0"
resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"
integrity sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=
dependencies:
safe-buffer "^5.0.1"
tweetnacl@^0.14.3, tweetnacl@~0.14.0:
version "0.14.5"
resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64"
integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=
uid2@0.0.x:
version "0.0.3"
resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.3.tgz#483126e11774df2f71b8b639dcd799c376162b82"
integrity sha1-SDEm4Rd03y9xuLY53NeZw3YWK4I=
uri-js@^4.2.2:
version "4.4.1"
resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e"
integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==
dependencies:
punycode "^2.1.0"
utils-merge@1.x.x:
version "1.0.1"
resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"
integrity sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=
uuid@^3.3.2:
version "3.4.0"
resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee"
integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==
uuid@^8.3.2:
version "8.3.2"
resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
verror@1.10.0:
version "1.10.0"
resolved "https://registry.yarnpkg.com/verror/-/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400"
integrity sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=
dependencies:
assert-plus "^1.0.0"
core-util-is "1.0.2"
extsprintf "^1.2.0"

View File

@ -19,6 +19,7 @@
{#if options && Array.isArray(options)} {#if options && Array.isArray(options)}
{#each options as option} {#each options as option}
<div <div
title={getOptionLabel(option)}
class="spectrum-Radio spectrum-FieldGroup-item spectrum-Radio--emphasized" class="spectrum-Radio spectrum-FieldGroup-item spectrum-Radio--emphasized"
class:is-invalid={!!error}> class:is-invalid={!!error}>
<input <input

View File

@ -1,5 +1,6 @@
context("Create an Application", () => { context("Create an Application", () => {
it("should create a new application", () => { it("should create a new application", () => {
cy.login()
cy.createTestApp() cy.createTestApp()
cy.visit(`localhost:${Cypress.env("PORT")}/builder`) cy.visit(`localhost:${Cypress.env("PORT")}/builder`)
cy.contains("Cypress Tests").should("exist") cy.contains("Cypress Tests").should("exist")

View File

@ -1,5 +1,6 @@
context("Create a automation", () => { context("Create a automation", () => {
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
}) })

View File

@ -1,16 +1,13 @@
context("Create Bindings", () => { context("Create Bindings", () => {
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
cy.navigateToFrontend() cy.navigateToFrontend()
}) })
it("should add a current user binding", () => { it("should add a current user binding", () => {
cy.addComponent("Elements", "Paragraph").then(componentId => { cy.addComponent("Elements", "Paragraph").then(() => {
addSettingBinding("text", "Current User._id") addSettingBinding("text", "Current User._id")
cy.getComponent(componentId).should(
"have.text",
`ro_ta_users_us_test@test.com`
)
}) })
}) })

View File

@ -2,6 +2,7 @@ context("Create Components", () => {
let headlineId let headlineId
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
cy.createTable("dog") cy.createTable("dog")
cy.addColumn("dog", "name", "string") cy.addColumn("dog", "name", "string")

View File

@ -1,5 +1,6 @@
context("Screen Tests", () => { context("Screen Tests", () => {
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
cy.navigateToFrontend() cy.navigateToFrontend()
}) })

View File

@ -1,5 +1,6 @@
context("Create a Table", () => { context("Create a Table", () => {
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
}) })

View File

@ -1,5 +1,6 @@
context("Create a User", () => { context("Create a User", () => {
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
}) })

View File

@ -1,5 +1,6 @@
context("Create a View", () => { context("Create a View", () => {
before(() => { before(() => {
cy.login()
cy.createTestApp() cy.createTestApp()
cy.createTable("data") cy.createTable("data")
cy.addColumn("data", "group", "Text") cy.addColumn("data", "group", "Text")

View File

@ -3,13 +3,16 @@ const path = require("path")
const tmpdir = path.join(require("os").tmpdir(), ".budibase") const tmpdir = path.join(require("os").tmpdir(), ".budibase")
const WORKER_PORT = "4002"
const MAIN_PORT = cypressConfig.env.PORT
process.env.BUDIBASE_API_KEY = "6BE826CB-6B30-4AEC-8777-2E90464633DE" process.env.BUDIBASE_API_KEY = "6BE826CB-6B30-4AEC-8777-2E90464633DE"
process.env.NODE_ENV = "cypress" process.env.NODE_ENV = "cypress"
process.env.ENABLE_ANALYTICS = "false" process.env.ENABLE_ANALYTICS = "false"
process.env.PORT = cypressConfig.env.PORT process.env.PORT = MAIN_PORT
process.env.JWT_SECRET = cypressConfig.env.JWT_SECRET process.env.JWT_SECRET = cypressConfig.env.JWT_SECRET
process.env.COUCH_URL = `leveldb://${tmpdir}/.data/` process.env.COUCH_URL = `leveldb://${tmpdir}/.data/`
process.env.SELF_HOSTED = 1 process.env.SELF_HOSTED = 1
process.env.WORKER_URL = "http://localhost:4002/"
process.env.MINIO_URL = "http://localhost:10000/" process.env.MINIO_URL = "http://localhost:10000/"
process.env.MINIO_ACCESS_KEY = "budibase" process.env.MINIO_ACCESS_KEY = "budibase"
process.env.MINIO_SECRET_KEY = "budibase" process.env.MINIO_SECRET_KEY = "budibase"
@ -25,18 +28,12 @@ async function run() {
// dont make this a variable or top level require // dont make this a variable or top level require
// it will cause environment module to be loaded prematurely // it will cause environment module to be loaded prematurely
const server = require("../../server/src/app") const server = require("../../server/src/app")
process.env.PORT = WORKER_PORT
const worker = require("../../worker/src/index")
// reload main port for rest of system
process.env.PORT = MAIN_PORT
server.on("close", () => console.log("Server Closed")) server.on("close", () => console.log("Server Closed"))
worker.on("close", () => console.log("Worker Closed"))
} }
run() run()
// TODO: ensure that this still works
// initialiseBudibase({ dir: homedir, clientId: "cypress-test" })
// .then(() => {
// delete require.cache[require.resolve("../../server/src/environment")]
// const xPlatHomeDir = homedir.startsWith("~")
// ? join(homedir(), homedir.substring(1))
// : homedir
// run(xPlatHomeDir)
// })
// .catch(e => console.error(e))

View File

@ -1,28 +1,26 @@
// *********************************************** // ***********************************************
// This example commands.js shows you how to
// create various custom commands and overwrite
// existing commands.
//
// For more comprehensive examples of custom // For more comprehensive examples of custom
// commands please read more here: // commands please read more here:
// https://on.cypress.io/custom-commands // https://on.cypress.io/custom-commands
// *********************************************** // ***********************************************
// //
//
// -- This is a parent command -- Cypress.Commands.add("login", () => {
// Cypress.Commands.add("login", (email, password) => { ... }) cy.getCookie("budibase:auth").then(cookie => {
// // Already logged in
// if (cookie) return
// -- This is a child command --
// Cypress.Commands.add("drag", { prevSubject: 'element'}, (subject, options) => { ... }) cy.visit(`localhost:${Cypress.env("PORT")}/builder`)
// cy.contains("Create Test User").click()
// cy.get("input")
// -- This is a dual command -- .first()
// Cypress.Commands.add("dismiss", { prevSubject: 'optional'}, (subject, options) => { ... }) .type("test@test.com")
//
// cy.get('input[type="password"]').type("test")
// -- This will overwrite an existing command --
// Cypress.Commands.overwrite("visit", (originalFn, url, options) => { ... }) cy.contains("Login").click()
})
})
Cypress.Commands.add("createApp", name => { Cypress.Commands.add("createApp", name => {
cy.visit(`localhost:${Cypress.env("PORT")}/builder`) cy.visit(`localhost:${Cypress.env("PORT")}/builder`)

View File

@ -1,3 +1,3 @@
Cypress.Cookies.defaults({ Cypress.Cookies.defaults({
preserve: "budibase:builder:local", preserve: "budibase:auth",
}) })

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/builder", "name": "@budibase/builder",
"version": "0.8.9", "version": "0.8.16",
"license": "AGPL-3.0", "license": "AGPL-3.0",
"private": true, "private": true,
"scripts": { "scripts": {
@ -14,9 +14,10 @@
"cy:setup": "node ./cypress/setup.js", "cy:setup": "node ./cypress/setup.js",
"cy:run": "cypress run", "cy:run": "cypress run",
"cy:open": "cypress open", "cy:open": "cypress open",
"cy:run:ci": "cypress run --browser electron --record --key f308590b-6070-41af-b970-794a3823d451", "cy:run:ci": "cypress run --record --key f308590b-6070-41af-b970-794a3823d451",
"cy:test": "start-server-and-test cy:setup http://localhost:10000/builder cy:run", "cy:test": "start-server-and-test cy:setup http://localhost:10000/builder cy:run",
"cy:ci": "start-server-and-test cy:setup http://localhost:10000/builder cy:run:ci" "cy:ci": "start-server-and-test cy:setup http://localhost:10000/builder cy:run:ci",
"cy:debug": "start-server-and-test cy:setup http://localhost:10000/builder cy:open"
}, },
"jest": { "jest": {
"globals": { "globals": {
@ -65,9 +66,9 @@
}, },
"dependencies": { "dependencies": {
"@budibase/bbui": "^1.58.13", "@budibase/bbui": "^1.58.13",
"@budibase/client": "^0.8.9", "@budibase/client": "^0.8.16",
"@budibase/colorpicker": "1.1.2", "@budibase/colorpicker": "1.1.2",
"@budibase/string-templates": "^0.8.9", "@budibase/string-templates": "^0.8.16",
"@sentry/browser": "5.19.1", "@sentry/browser": "5.19.1",
"@spectrum-css/page": "^3.0.1", "@spectrum-css/page": "^3.0.1",
"@spectrum-css/vars": "^3.0.1", "@spectrum-css/vars": "^3.0.1",

View File

@ -1,5 +1,6 @@
import { store } from "./index" import { store } from "./index"
import { get as svelteGet } from "svelte/store" import { get as svelteGet } from "svelte/store"
import { removeCookie, Cookies } from "./cookies"
const apiCall = method => async ( const apiCall = method => async (
url, url,
@ -8,11 +9,15 @@ const apiCall = method => async (
) => { ) => {
headers["x-budibase-app-id"] = svelteGet(store).appId headers["x-budibase-app-id"] = svelteGet(store).appId
const json = headers["Content-Type"] === "application/json" const json = headers["Content-Type"] === "application/json"
return await fetch(url, { const resp = await fetch(url, {
method: method, method: method,
body: json ? JSON.stringify(body) : body, body: json ? JSON.stringify(body) : body,
headers, headers,
}) })
if (resp.status === 403) {
removeCookie(Cookies.Auth)
}
return resp
} }
export const post = apiCall("POST") export const post = apiCall("POST")
@ -20,9 +25,6 @@ export const get = apiCall("GET")
export const patch = apiCall("PATCH") export const patch = apiCall("PATCH")
export const del = apiCall("DELETE") export const del = apiCall("DELETE")
export const put = apiCall("PUT") export const put = apiCall("PUT")
export const getBuilderCookie = async () => {
await post("/api/builder/login", {})
}
export default { export default {
post: apiCall("POST"), post: apiCall("POST"),
@ -30,5 +32,4 @@ export default {
patch: apiCall("PATCH"), patch: apiCall("PATCH"),
delete: apiCall("DELETE"), delete: apiCall("DELETE"),
put: apiCall("PUT"), put: apiCall("PUT"),
getBuilderCookie,
} }

View File

@ -0,0 +1,16 @@
export const Cookies = {
Auth: "budibase:auth",
CurrentApp: "budibase:currentapp",
}
export function getCookie(cookieName) {
return document.cookie.split(";").some(cookie => {
return cookie.trim().startsWith(`${cookieName}=`)
})
}
export function removeCookie(cookieName) {
if (getCookie(cookieName)) {
document.cookie = `${cookieName}=; Max-Age=-99999999;`
}
}

View File

@ -2,10 +2,7 @@ import { cloneDeep } from "lodash/fp"
import { get } from "svelte/store" import { get } from "svelte/store"
import { findComponent, findComponentPath } from "./storeUtils" import { findComponent, findComponentPath } from "./storeUtils"
import { store } from "builderStore" import { store } from "builderStore"
import { import { tables as tablesStore, queries as queriesStores } from "stores/backend"
tables as tablesStore,
queries as queriesStores,
} from "stores/backend/"
import { makePropSafe } from "@budibase/string-templates" import { makePropSafe } from "@budibase/string-templates"
import { TableNames } from "../constants" import { TableNames } from "../constants"

View File

@ -6,7 +6,6 @@ import { derived, writable } from "svelte/store"
import analytics from "analytics" import analytics from "analytics"
import { FrontendTypes, LAYOUT_NAMES } from "../constants" import { FrontendTypes, LAYOUT_NAMES } from "../constants"
import { findComponent } from "./storeUtils" import { findComponent } from "./storeUtils"
import { getBuilderCookie } from "./api"
export const store = getFrontendStore() export const store = getFrontendStore()
export const automationStore = getAutomationStore() export const automationStore = getAutomationStore()
@ -58,8 +57,6 @@ export const selectedAccessRole = writable("BASIC")
export const initialise = async () => { export const initialise = async () => {
try { try {
// TODO this needs to be replaced by a real login
await getBuilderCookie()
await analytics.activate() await analytics.activate()
analytics.captureEvent("Builder Started") analytics.captureEvent("Builder Started")
} catch (err) { } catch (err) {

View File

@ -1,7 +1,7 @@
import api from "builderStore/api" import api from "builderStore/api"
export async function createUser(user) { export async function createUser(user) {
const CREATE_USER_URL = `/api/users` const CREATE_USER_URL = `/api/users/metadata`
const response = await api.post(CREATE_USER_URL, user) const response = await api.post(CREATE_USER_URL, user)
return await response.json() return await response.json()
} }
@ -15,8 +15,7 @@ export async function saveRow(row, tableId) {
export async function deleteRow(row) { export async function deleteRow(row) {
const DELETE_ROWS_URL = `/api/${row.tableId}/rows/${row._id}/${row._rev}` const DELETE_ROWS_URL = `/api/${row.tableId}/rows/${row._id}/${row._rev}`
const response = await api.delete(DELETE_ROWS_URL) return api.delete(DELETE_ROWS_URL)
return response
} }
export async function fetchDataForView(view) { export async function fetchDataForView(view) {

View File

@ -53,8 +53,9 @@
) )
$: required = !!field?.constraints?.presence || primaryDisplay $: required = !!field?.constraints?.presence || primaryDisplay
$: uneditable = $: uneditable =
$tables.selected?._id === TableNames.USERS && ($tables.selected?._id === TableNames.USERS &&
UNEDITABLE_USER_FIELDS.includes(field.name) UNEDITABLE_USER_FIELDS.includes(field.name)) ||
(originalName && field.type === LINK_TYPE)
$: invalid = $: invalid =
!field.name || !field.name ||
(field.type === LINK_TYPE && !field.tableId) || (field.type === LINK_TYPE && !field.tableId) ||
@ -157,19 +158,22 @@
if (!linkTable) { if (!linkTable) {
return null return null
} }
const thisName = truncate(table.name, { length: 15 }), const thisName = truncate(table.name, { length: 14 }),
linkName = truncate(linkTable.name, { length: 15 }) linkName = truncate(linkTable.name, { length: 14 })
return [ return [
{ {
name: `Many ${thisName} rows → many ${linkName} rows`, name: `Many ${thisName} rows → many ${linkName} rows`,
alt: `Many ${table.name} rows → many ${linkTable.name} rows`,
value: RelationshipTypes.MANY_TO_MANY, value: RelationshipTypes.MANY_TO_MANY,
}, },
{ {
name: `One ${linkName} row → many ${thisName} rows`, name: `One ${linkName} row → many ${thisName} rows`,
alt: `One ${linkTable.name} rows → many ${table.name} rows`,
value: RelationshipTypes.ONE_TO_MANY, value: RelationshipTypes.ONE_TO_MANY,
}, },
{ {
name: `One ${thisName} row → many ${linkName} rows`, name: `One ${thisName} row → many ${linkName} rows`,
alt: `One ${table.name} rows → many ${linkTable.name} rows`,
value: RelationshipTypes.MANY_TO_ONE, value: RelationshipTypes.MANY_TO_ONE,
}, },
] ]

View File

@ -80,6 +80,7 @@
border-color var(--spectrum-global-animation-duration-100, 130ms); border-color var(--spectrum-global-animation-duration-100, 130ms);
height: calc(var(--spectrum-alias-item-height-m) - 2px); height: calc(var(--spectrum-alias-item-height-m) - 2px);
} }
.icon:hover { .icon:hover {
cursor: pointer; cursor: pointer;
color: var(--spectrum-alias-text-color-hover); color: var(--spectrum-alias-text-color-hover);

View File

@ -0,0 +1,50 @@
<script>
import { Button, Label, Input, Spacer } from "@budibase/bbui"
import { notifier } from "builderStore/store/notifications"
import { auth } from "stores/backend"
let username = ""
let password = ""
async function login() {
try {
await auth.login({
username,
password,
})
notifier.success("Logged in successfully.")
} catch (err) {
console.error(err)
notifier.danger("Invalid credentials")
}
}
async function createTestUser() {
try {
await auth.firstUser()
notifier.success("Test user created")
} catch (err) {
console.error(err)
notifier.danger("Could not create test user")
}
}
</script>
<form on:submit|preventDefault data-cy="login-form">
<Spacer large />
<Label small>Email</Label>
<Input outline bind:value={username} />
<Spacer large />
<Label small>Password</Label>
<Input outline type="password" on:change bind:value={password} />
<Spacer large />
<Button primary on:click={login}>Login</Button>
<a target="_blank" href="/api/admin/auth/google">Sign In With Google</a>
<Button secondary on:click={createTestUser}>Create Test User</Button>
</form>
<style>
form {
width: 60%;
}
</style>

View File

@ -0,0 +1 @@
export { LoginForm } from "./LoginForm.svelte"

View File

@ -27,12 +27,6 @@
applicationName: string().required("Your application must have a name"), applicationName: string().required("Your application must have a name"),
}, },
{ {
email: string()
.email()
.required("Your application needs a first user"),
password: string().required(
"Please enter a password for your first user"
),
roleId: string() roleId: string()
.nullable() .nullable()
.required("You need to select a role for your user"), .required("You need to select a role for your user"),
@ -114,11 +108,9 @@
// Create user // Create user
const user = { const user = {
email: $values.email,
password: $values.password,
roleId: $values.roleId, roleId: $values.roleId,
} }
const userResp = await api.post(`/api/users`, user) const userResp = await api.post(`/api/users/metadata/self`, user)
await userResp.json() await userResp.json()
$goto(`./${appJson._id}`) $goto(`./${appJson._id}`)
} catch (error) { } catch (error) {

View File

@ -0,0 +1,28 @@
<script>
import { TextButton as Button, Modal } from "@budibase/bbui"
import { auth } from "stores/backend"
</script>
<div>
<Button text on:click={auth.logout}>
<i class="ri-logout-box-line" />
<p>Logout</p>
</Button>
</div>
<style>
div i {
font-size: 26px;
color: var(--grey-7);
margin-left: 12px;
margin-top: 10px;
}
div p {
font-family: var(--font-sans);
font-size: var(--font-size-s);
color: var(--ink);
font-weight: 400;
margin: 0 0 0 12px;
}
</style>

View File

@ -1,5 +1,5 @@
<script> <script>
import { Input, Select, Heading } from "@budibase/bbui" import { Select, Heading } from "@budibase/bbui"
export let values export let values
export let errors export let errors
@ -7,21 +7,7 @@
</script> </script>
<div class="container"> <div class="container">
<Heading l h2>Create your first User</Heading> <Heading l h2>What's your role for this app?</Heading>
<Input
bind:value={$values.email}
on:change={() => ($touched.email = true)}
label="Email"
placeholder="Email"
type="email"
error={$touched.email && $errors.email} />
<Input
bind:value={$values.password}
on:change={() => ($touched.password = true)}
label="Password"
placeholder="Password"
type="password"
error={$touched.password && $errors.password} />
<Select <Select
bind:value={$values.roleId} bind:value={$values.roleId}
label="Role" label="Role"

View File

@ -9,7 +9,7 @@
}) })
</script> </script>
{#if $tables.list.length === 0} {#if $datasources.list.length === 0}
<i>Connect your first datasource to start building.</i> <i>Connect your first datasource to start building.</i>
{:else}<i>Select a datasource to edit</i>{/if} {:else}<i>Select a datasource to edit</i>{/if}

View File

@ -3,10 +3,17 @@
SideNavigation as Navigation, SideNavigation as Navigation,
SideNavigationItem as Item, SideNavigationItem as Item,
} from "@budibase/bbui" } from "@budibase/bbui"
import { auth } from "stores/backend"
import LoginForm from "components/login/LoginForm.svelte"
import BuilderSettingsButton from "components/start/BuilderSettingsButton.svelte" import BuilderSettingsButton from "components/start/BuilderSettingsButton.svelte"
import LogoutButton from "components/start/LogoutButton.svelte"
import Logo from "/assets/budibase-logo.svg" import Logo from "/assets/budibase-logo.svg"
let modal
</script> </script>
{#if $auth}
{#if $auth.user}
<div class="root"> <div class="root">
<div class="ui-nav"> <div class="ui-nav">
<div class="home-logo"><img src={Logo} alt="Budibase icon" /></div> <div class="home-logo"><img src={Logo} alt="Budibase icon" /></div>
@ -23,21 +30,20 @@
<Item <Item
external external
href="https://github.com/Budibase/budibase/discussions" href="https://github.com/Budibase/budibase/discussions"
icon="PeopleGroup" icon="PeopleGroup">
>
Community Community
</Item> </Item>
<Item <Item
external external
href="https://github.com/Budibase/budibase/issues/new/choose" href="https://github.com/Budibase/budibase/issues/new/choose"
icon="Bug" icon="Bug">
>
Raise an issue Raise an issue
</Item> </Item>
</Navigation> </Navigation>
</div> </div>
<div class="nav-bottom"> <div class="nav-bottom">
<BuilderSettingsButton /> <BuilderSettingsButton />
<LogoutButton />
</div> </div>
</div> </div>
</div> </div>
@ -45,6 +51,12 @@
<slot /> <slot />
</div> </div>
</div> </div>
{:else}
<section class="login">
<LoginForm />
</section>
{/if}
{/if}
<style> <style>
.root { .root {
@ -54,6 +66,14 @@
width: 100%; width: 100%;
} }
.login {
display: flex;
align-items: center;
justify-content: center;
height: 100%;
width: 100%;
}
.main { .main {
grid-column: 2; grid-column: 2;
overflow: auto; overflow: auto;

View File

@ -0,0 +1,56 @@
import { writable } from "svelte/store"
import api from "../../builderStore/api"
async function checkAuth() {
const response = await api.get("/api/self")
const user = await response.json()
if (response.status === 200) return user
return null
}
export function createAuthStore() {
const { subscribe, set } = writable(null)
checkAuth()
.then(user => set({ user }))
.catch(() => set({ user: null }))
return {
subscribe,
login: async creds => {
const response = await api.post(`/api/admin/auth`, creds)
const json = await response.json()
if (response.status === 200) {
set({ user: json.user })
} else {
throw "Invalid credentials"
}
return json
},
logout: async () => {
const response = await api.post(`/api/admin/auth/logout`)
if (response.status !== 200) {
throw "Unable to create logout"
}
await response.json()
set({ user: null })
},
createUser: async user => {
const response = await api.post(`/api/admin/users`, user)
if (response.status !== 200) {
throw "Unable to create user"
}
await response.json()
},
firstUser: async () => {
const response = await api.post(`/api/admin/users/first`)
if (response.status !== 200) {
throw "Unable to create test user"
}
await response.json()
},
}
}
export const auth = createAuthStore()

View File

@ -7,3 +7,4 @@ export { roles } from "./roles"
export { datasources } from "./datasources" export { datasources } from "./datasources"
export { integrations } from "./integrations" export { integrations } from "./integrations"
export { queries } from "./queries" export { queries } from "./queries"
export { auth } from "./auth"

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/cli", "name": "cli",
"version": "0.8.10", "version": "0.8.15",
"description": "Budibase CLI, for developers, self hosting and migrations.", "description": "Budibase CLI, for developers, self hosting and migrations.",
"main": "src/index.js", "main": "src/index.js",
"bin": { "bin": {

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/client", "name": "@budibase/client",
"version": "0.8.9", "version": "0.8.16",
"license": "MPL-2.0", "license": "MPL-2.0",
"module": "dist/budibase-client.js", "module": "dist/budibase-client.js",
"main": "dist/budibase-client.js", "main": "dist/budibase-client.js",
@ -18,8 +18,7 @@
"dev:builder": "rollup -cw" "dev:builder": "rollup -cw"
}, },
"dependencies": { "dependencies": {
"@budibase/standard-components": "^0.8.9", "@budibase/string-templates": "^0.8.16",
"@budibase/string-templates": "^0.8.9",
"regexparam": "^1.3.0", "regexparam": "^1.3.0",
"shortid": "^2.2.15", "shortid": "^2.2.15",
"svelte-spa-router": "^3.0.5" "svelte-spa-router": "^3.0.5"
@ -27,6 +26,7 @@
"devDependencies": { "devDependencies": {
"@rollup/plugin-commonjs": "^18.0.0", "@rollup/plugin-commonjs": "^18.0.0",
"@rollup/plugin-node-resolve": "^11.2.1", "@rollup/plugin-node-resolve": "^11.2.1",
"@budibase/standard-components": "^0.8.16",
"fs-extra": "^8.1.0", "fs-extra": "^8.1.0",
"jsdom": "^16.0.1", "jsdom": "^16.0.1",
"postcss": "^8.2.9", "postcss": "^8.2.9",
@ -40,5 +40,5 @@
"rollup-plugin-terser": "^7.0.2", "rollup-plugin-terser": "^7.0.2",
"svelte": "^3.35.0" "svelte": "^3.35.0"
}, },
"gitHead": "1b95326b20d1352d36305910259228b96a683dc7" "gitHead": "4b6efc42ed3273595c7a129411f4d883733d3321"
} }

View File

@ -13,8 +13,8 @@ export const logIn = async ({ email, password }) => {
return API.error("Please enter your password") return API.error("Please enter your password")
} }
return await API.post({ return await API.post({
url: "/api/authenticate", url: "/api/admin/auth",
body: { email, password }, body: { username: email, password },
}) })
} }

View File

@ -19,8 +19,8 @@ const createAuthStore = () => {
// Logs a user in // Logs a user in
const logIn = async ({ email, password }) => { const logIn = async ({ email, password }) => {
const user = await API.logIn({ email, password }) const auth = await API.logIn({ email, password })
if (!user.error) { if (auth.success) {
await fetchUser() await fetchUser()
await initialise() await initialise()
goToDefaultRoute() goToDefaultRoute()
@ -30,12 +30,7 @@ const createAuthStore = () => {
// Logs a user out // Logs a user out
const logOut = async () => { const logOut = async () => {
store.set(null) store.set(null)
const appId = get(builderStore).appId window.document.cookie = `budibase:auth=; budibase:currentapp=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;`
if (appId) {
for (let environment of ["local", "cloud"]) {
window.document.cookie = `budibase:${appId}:${environment}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;`
}
}
await initialise() await initialise()
goToDefaultRoute() goToDefaultRoute()
} }

View File

@ -10,8 +10,15 @@ module.exports = async (url, opts) => {
} }
} }
if (url.includes("/api/admin")) {
return json({
email: "test@test.com",
_id: "us_test@test.com",
status: "active",
})
}
// mocked data based on url // mocked data based on url
if (url.includes("api/apps")) { else if (url.includes("api/apps")) {
return json({ return json({
app1: { app1: {
url: "/app1", url: "/app1",

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/server", "name": "@budibase/server",
"email": "hi@budibase.com", "email": "hi@budibase.com",
"version": "0.8.9", "version": "0.8.16",
"description": "Budibase Web Server", "description": "Budibase Web Server",
"main": "src/electron.js", "main": "src/electron.js",
"repository": { "repository": {
@ -43,7 +43,6 @@
"electron": "electron src/electron.js", "electron": "electron src/electron.js",
"build:electron": "electron-builder --dir", "build:electron": "electron-builder --dir",
"publish:electron": "electron-builder -mwl --publish always", "publish:electron": "electron-builder -mwl --publish always",
"postinstall": "electron-builder install-app-deps",
"lint": "eslint --fix src/", "lint": "eslint --fix src/",
"initialise": "node scripts/initialise.js" "initialise": "node scripts/initialise.js"
}, },
@ -80,8 +79,9 @@
"author": "Budibase", "author": "Budibase",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@budibase/client": "^0.8.9", "@budibase/auth": "^0.0.1",
"@budibase/string-templates": "^0.8.9", "@budibase/client": "^0.8.16",
"@budibase/string-templates": "^0.8.16",
"@elastic/elasticsearch": "7.10.0", "@elastic/elasticsearch": "7.10.0",
"@koa/router": "8.0.0", "@koa/router": "8.0.0",
"@sendgrid/mail": "7.1.1", "@sendgrid/mail": "7.1.1",
@ -103,7 +103,6 @@
"jimp": "0.16.1", "jimp": "0.16.1",
"joi": "17.2.1", "joi": "17.2.1",
"jsonschema": "1.4.0", "jsonschema": "1.4.0",
"jsonwebtoken": "8.5.1",
"koa": "2.7.0", "koa": "2.7.0",
"koa-body": "4.2.0", "koa-body": "4.2.0",
"koa-compress": "4.0.1", "koa-compress": "4.0.1",
@ -135,7 +134,7 @@
"zlib": "1.0.5" "zlib": "1.0.5"
}, },
"devDependencies": { "devDependencies": {
"@budibase/standard-components": "^0.8.9", "@budibase/standard-components": "^0.8.16",
"@jest/test-sequencer": "^24.8.0", "@jest/test-sequencer": "^24.8.0",
"docker-compose": "^0.23.6", "docker-compose": "^0.23.6",
"electron": "10.1.3", "electron": "10.1.3",
@ -147,5 +146,5 @@
"pouchdb-adapter-memory": "^7.2.1", "pouchdb-adapter-memory": "^7.2.1",
"supertest": "^4.0.2" "supertest": "^4.0.2"
}, },
"gitHead": "1b95326b20d1352d36305910259228b96a683dc7" "gitHead": "4b6efc42ed3273595c7a129411f4d883733d3321"
} }

View File

@ -33,9 +33,6 @@ async function init() {
fs.writeFileSync(envoyOutputPath, processStringSync(contents, config)) fs.writeFileSync(envoyOutputPath, processStringSync(contents, config))
const envFilePath = path.join(process.cwd(), ".env") const envFilePath = path.join(process.cwd(), ".env")
if (fs.existsSync(envFilePath)) {
return
}
const envFileJson = { const envFileJson = {
PORT: 4001, PORT: 4001,
MINIO_URL: "http://localhost:10000/", MINIO_URL: "http://localhost:10000/",
@ -70,7 +67,11 @@ async function nuke() {
console.log( console.log(
"Clearing down your budibase dev environment, including all containers and volumes... 💥" "Clearing down your budibase dev environment, including all containers and volumes... 💥"
) )
await compose.down(CONFIG) await compose.down({
...CONFIG,
// stop containers, delete volumes
commandOptions: ["-v", "--remove-orphans"],
})
} }
const managementCommand = process.argv.slice(2)[0] const managementCommand = process.argv.slice(2)[0]

View File

@ -1,6 +1,5 @@
const CouchDB = require("../../db") const CouchDB = require("../../db")
const env = require("../../environment") const env = require("../../environment")
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
const packageJson = require("../../../package.json") const packageJson = require("../../../package.json")
const { const {
createLinkView, createLinkView,
@ -74,7 +73,7 @@ async function getAppUrlIfNotInUse(ctx) {
if (!env.SELF_HOSTED) { if (!env.SELF_HOSTED) {
return url return url
} }
const deployedApps = await getDeployedApps() const deployedApps = await getDeployedApps(ctx)
if ( if (
deployedApps[url] != null && deployedApps[url] != null &&
deployedApps[url].appId !== ctx.params.appId deployedApps[url].appId !== ctx.params.appId
@ -145,7 +144,6 @@ exports.fetchAppPackage = async function(ctx) {
layouts, layouts,
clientLibPath: clientLibraryPath(ctx.params.appId), clientLibPath: clientLibraryPath(ctx.params.appId),
} }
await setBuilderToken(ctx, ctx.params.appId, application.version)
} }
exports.create = async function(ctx) { exports.create = async function(ctx) {
@ -161,7 +159,6 @@ exports.create = async function(ctx) {
const url = await getAppUrlIfNotInUse(ctx) const url = await getAppUrlIfNotInUse(ctx)
const appId = instance._id const appId = instance._id
const version = packageJson.version
const newApplication = { const newApplication = {
_id: appId, _id: appId,
type: "app", type: "app",
@ -184,7 +181,6 @@ exports.create = async function(ctx) {
await createApp(appId) await createApp(appId)
} }
await setBuilderToken(ctx, appId, version)
ctx.status = 200 ctx.status = 200
ctx.body = newApplication ctx.body = newApplication
ctx.message = `Application ${ctx.request.body.name} created successfully` ctx.message = `Application ${ctx.request.body.name} created successfully`

View File

@ -1,93 +1,38 @@
const jwt = require("jsonwebtoken")
const CouchDB = require("../../db") const CouchDB = require("../../db")
const bcrypt = require("../../utilities/bcrypt")
const env = require("../../environment")
const { getAPIKey } = require("../../utilities/usageQuota")
const { generateUserID } = require("../../db/utils")
const { setCookie } = require("../../utilities")
const { outputProcessing } = require("../../utilities/rowProcessor") const { outputProcessing } = require("../../utilities/rowProcessor")
const { ViewNames } = require("../../db/utils") const { InternalTables } = require("../../db/utils")
const { UserStatus } = require("../../constants") const { getFullUser } = require("../../utilities/users")
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
const INVALID_ERR = "Invalid Credentials"
exports.authenticate = async ctx => {
const appId = ctx.appId
if (!appId) ctx.throw(400, "No appId")
const { email, password } = ctx.request.body
if (!email) ctx.throw(400, "Email Required.")
if (!password) ctx.throw(400, "Password Required.")
// Check the user exists in the instance DB by email
const db = new CouchDB(appId)
const app = await db.get(appId)
let dbUser
try {
dbUser = await db.get(generateUserID(email))
} catch (_) {
// do not want to throw a 404 - as this could be
// used to determine valid emails
ctx.throw(401, INVALID_ERR)
}
// check that the user is currently inactive, if this is the case throw invalid
if (dbUser.status === UserStatus.INACTIVE) {
ctx.throw(401, INVALID_ERR)
}
// authenticate
if (await bcrypt.compare(password, dbUser.password)) {
const payload = {
userId: dbUser._id,
roleId: dbUser.roleId,
version: app.version,
}
// if in prod add the user api key, unless self hosted
/* istanbul ignore next */
if (env.isProd() && !env.SELF_HOSTED) {
const { apiKey } = await getAPIKey(ctx.user.appId)
payload.apiKey = apiKey
}
const token = jwt.sign(payload, ctx.config.jwtSecret, {
expiresIn: "1 day",
})
setCookie(ctx, token, appId)
delete dbUser.password
ctx.body = {
token,
...dbUser,
appId,
}
} else {
ctx.throw(401, INVALID_ERR)
}
}
exports.builderLogin = async ctx => {
await setBuilderToken(ctx)
ctx.status = 200
}
exports.fetchSelf = async ctx => { exports.fetchSelf = async ctx => {
const { userId, appId } = ctx.user if (!ctx.user) {
ctx.throw(403, "No user logged in")
}
const appId = ctx.appId
const { userId } = ctx.user
/* istanbul ignore next */ /* istanbul ignore next */
if (!userId || !appId) { if (!userId) {
ctx.body = {} ctx.body = {}
return return
} }
const user = await getFullUser(ctx, userId)
if (appId) {
const db = new CouchDB(appId) const db = new CouchDB(appId)
const user = await db.get(userId) // remove the full roles structure
const userTable = await db.get(ViewNames.USERS) delete user.roles
if (user) { try {
delete user.password const userTable = await db.get(InternalTables.USER_METADATA)
} const metadata = await db.get(userId)
// specifically needs to make sure is enriched // specifically needs to make sure is enriched
ctx.body = await outputProcessing(appId, userTable, user) ctx.body = await outputProcessing(appId, userTable, {
...user,
...metadata,
})
} catch (err) {
ctx.body = user
}
} else {
ctx.body = user
}
} }

View File

@ -34,13 +34,13 @@ function cleanAutomationInputs(automation) {
/** /**
* This function handles checking if any webhooks need to be created or deleted for automations. * This function handles checking if any webhooks need to be created or deleted for automations.
* @param {object} user The user object, including all auth info * @param {string} appId The ID of the app in which we are checking for webhooks
* @param {object|undefined} oldAuto The old automation object if updating/deleting * @param {object|undefined} oldAuto The old automation object if updating/deleting
* @param {object|undefined} newAuto The new automation object if creating/updating * @param {object|undefined} newAuto The new automation object if creating/updating
* @returns {Promise<object|undefined>} After this is complete the new automation object may have been updated and should be * @returns {Promise<object|undefined>} After this is complete the new automation object may have been updated and should be
* written to DB (this does not write to DB as it would be wasteful to repeat). * written to DB (this does not write to DB as it would be wasteful to repeat).
*/ */
async function checkForWebhooks({ user, oldAuto, newAuto }) { async function checkForWebhooks({ appId, oldAuto, newAuto }) {
const oldTrigger = oldAuto ? oldAuto.definition.trigger : null const oldTrigger = oldAuto ? oldAuto.definition.trigger : null
const newTrigger = newAuto ? newAuto.definition.trigger : null const newTrigger = newAuto ? newAuto.definition.trigger : null
function isWebhookTrigger(auto) { function isWebhookTrigger(auto) {
@ -56,11 +56,11 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
!isWebhookTrigger(newAuto) && !isWebhookTrigger(newAuto) &&
oldTrigger.webhookId oldTrigger.webhookId
) { ) {
let db = new CouchDB(user.appId) let db = new CouchDB(appId)
// need to get the webhook to get the rev // need to get the webhook to get the rev
const webhook = await db.get(oldTrigger.webhookId) const webhook = await db.get(oldTrigger.webhookId)
const ctx = { const ctx = {
user, appId,
params: { id: webhook._id, rev: webhook._rev }, params: { id: webhook._id, rev: webhook._rev },
} }
// might be updating - reset the inputs to remove the URLs // might be updating - reset the inputs to remove the URLs
@ -73,7 +73,7 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
// need to create webhook // need to create webhook
else if (!isWebhookTrigger(oldAuto) && isWebhookTrigger(newAuto)) { else if (!isWebhookTrigger(oldAuto) && isWebhookTrigger(newAuto)) {
const ctx = { const ctx = {
user, appId,
request: { request: {
body: new webhooks.Webhook( body: new webhooks.Webhook(
"Automation webhook", "Automation webhook",
@ -86,17 +86,17 @@ async function checkForWebhooks({ user, oldAuto, newAuto }) {
const id = ctx.body.webhook._id const id = ctx.body.webhook._id
newTrigger.webhookId = id newTrigger.webhookId = id
newTrigger.inputs = { newTrigger.inputs = {
schemaUrl: `api/webhooks/schema/${user.appId}/${id}`, schemaUrl: `api/webhooks/schema/${appId}/${id}`,
triggerUrl: `api/webhooks/trigger/${user.appId}/${id}`, triggerUrl: `api/webhooks/trigger/${appId}/${id}`,
} }
} }
return newAuto return newAuto
} }
exports.create = async function(ctx) { exports.create = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
let automation = ctx.request.body let automation = ctx.request.body
automation.appId = ctx.user.appId automation.appId = ctx.appId
// call through to update if already exists // call through to update if already exists
if (automation._id && automation._rev) { if (automation._id && automation._rev) {
@ -107,7 +107,10 @@ exports.create = async function(ctx) {
automation.type = "automation" automation.type = "automation"
automation = cleanAutomationInputs(automation) automation = cleanAutomationInputs(automation)
automation = await checkForWebhooks({ user: ctx.user, newAuto: automation }) automation = await checkForWebhooks({
appId: ctx.appId,
newAuto: automation,
})
const response = await db.put(automation) const response = await db.put(automation)
automation._rev = response.rev automation._rev = response.rev
@ -122,13 +125,13 @@ exports.create = async function(ctx) {
} }
exports.update = async function(ctx) { exports.update = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
let automation = ctx.request.body let automation = ctx.request.body
automation.appId = ctx.user.appId automation.appId = ctx.appId
const oldAutomation = await db.get(automation._id) const oldAutomation = await db.get(automation._id)
automation = cleanAutomationInputs(automation) automation = cleanAutomationInputs(automation)
automation = await checkForWebhooks({ automation = await checkForWebhooks({
user: ctx.user, appId: ctx.appId,
oldAuto: oldAutomation, oldAuto: oldAutomation,
newAuto: automation, newAuto: automation,
}) })
@ -147,7 +150,7 @@ exports.update = async function(ctx) {
} }
exports.fetch = async function(ctx) { exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const response = await db.allDocs( const response = await db.allDocs(
getAutomationParams(null, { getAutomationParams(null, {
include_docs: true, include_docs: true,
@ -157,14 +160,17 @@ exports.fetch = async function(ctx) {
} }
exports.find = async function(ctx) { exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
ctx.body = await db.get(ctx.params.id) ctx.body = await db.get(ctx.params.id)
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const oldAutomation = await db.get(ctx.params.id) const oldAutomation = await db.get(ctx.params.id)
await checkForWebhooks({ user: ctx.user, oldAuto: oldAutomation }) await checkForWebhooks({
appId: ctx.appId,
oldAuto: oldAutomation,
})
ctx.body = await db.remove(ctx.params.id, ctx.params.rev) ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
} }
@ -195,11 +201,11 @@ module.exports.getDefinitionList = async function(ctx) {
*********************/ *********************/
exports.trigger = async function(ctx) { exports.trigger = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
let automation = await db.get(ctx.params.id) let automation = await db.get(ctx.params.id)
await triggers.externalTrigger(automation, { await triggers.externalTrigger(automation, {
...ctx.request.body, ...ctx.request.body,
appId: ctx.user.appId, appId: ctx.appId,
}) })
ctx.status = 200 ctx.status = 200
ctx.body = { ctx.body = {

View File

@ -6,7 +6,7 @@ const {
} = require("../../db/utils") } = require("../../db/utils")
exports.fetch = async function(ctx) { exports.fetch = async function(ctx) {
const database = new CouchDB(ctx.user.appId) const database = new CouchDB(ctx.appId)
ctx.body = ( ctx.body = (
await database.allDocs( await database.allDocs(
getDatasourceParams(null, { getDatasourceParams(null, {
@ -17,7 +17,7 @@ exports.fetch = async function(ctx) {
} }
exports.save = async function(ctx) { exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const datasource = { const datasource = {
_id: generateDatasourceID(), _id: generateDatasourceID(),
@ -34,7 +34,7 @@ exports.save = async function(ctx) {
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
// Delete all queries for the datasource // Delete all queries for the datasource
const rows = await db.allDocs(getQueryParams(ctx.params.datasourceId, null)) const rows = await db.allDocs(getQueryParams(ctx.params.datasourceId, null))
@ -48,6 +48,6 @@ exports.destroy = async function(ctx) {
} }
exports.find = async function(ctx) { exports.find = async function(ctx) {
const database = new CouchDB(ctx.user.appId) const database = new CouchDB(ctx.appId)
ctx.body = await database.get(ctx.params.datasourceId) ctx.body = await database.get(ctx.params.datasourceId)
} }

View File

@ -93,7 +93,7 @@ async function deployApp(deployment) {
exports.fetchDeployments = async function(ctx) { exports.fetchDeployments = async function(ctx) {
try { try {
const db = new PouchDB(ctx.user.appId) const db = new PouchDB(ctx.appId)
const deploymentDoc = await db.get("_local/deployments") const deploymentDoc = await db.get("_local/deployments")
const { updated, deployments } = await checkAllDeployments( const { updated, deployments } = await checkAllDeployments(
deploymentDoc, deploymentDoc,
@ -110,7 +110,7 @@ exports.fetchDeployments = async function(ctx) {
exports.deploymentProgress = async function(ctx) { exports.deploymentProgress = async function(ctx) {
try { try {
const db = new PouchDB(ctx.user.appId) const db = new PouchDB(ctx.appId)
const deploymentDoc = await db.get("_local/deployments") const deploymentDoc = await db.get("_local/deployments")
ctx.body = deploymentDoc[ctx.params.deploymentId] ctx.body = deploymentDoc[ctx.params.deploymentId]
} catch (err) { } catch (err) {
@ -128,7 +128,7 @@ exports.deployApp = async function(ctx) {
hostingInfo.type === HostingTypes.CLOUD hostingInfo.type === HostingTypes.CLOUD
? require("./awsDeploy") ? require("./awsDeploy")
: require("./selfDeploy") : require("./selfDeploy")
let deployment = new Deployment(ctx.user.appId) let deployment = new Deployment(ctx.appId)
deployment.setStatus(DeploymentStatus.PENDING) deployment.setStatus(DeploymentStatus.PENDING)
deployment = await storeLocalDeploymentHistory(deployment) deployment = await storeLocalDeploymentHistory(deployment)

View File

@ -0,0 +1,34 @@
const fetch = require("node-fetch")
const env = require("../../environment")
const { checkSlashesInUrl } = require("../../utilities")
const { request } = require("../../utilities/workerRequests")
async function redirect(ctx, method) {
const { devPath } = ctx.params
const response = await fetch(
checkSlashesInUrl(`${env.WORKER_URL}/api/admin/${devPath}`),
request(ctx, {
method,
body: ctx.request.body,
})
)
ctx.body = await response.json()
const cookie = response.headers.get("set-cookie")
if (cookie) {
ctx.set("set-cookie", cookie)
}
ctx.status = response.status
ctx.cookies
}
exports.redirectGet = async ctx => {
await redirect(ctx, "GET")
}
exports.redirectPost = async ctx => {
await redirect(ctx, "POST")
}
exports.redirectDelete = async ctx => {
await redirect(ctx, "DELETE")
}

View File

@ -40,5 +40,5 @@ exports.fetchUrls = async ctx => {
} }
exports.getDeployedApps = async ctx => { exports.getDeployedApps = async ctx => {
ctx.body = await getDeployedApps() ctx.body = await getDeployedApps(ctx)
} }

View File

@ -3,7 +3,7 @@ const CouchDB = require("../../db")
const { generateLayoutID, getScreenParams } = require("../../db/utils") const { generateLayoutID, getScreenParams } = require("../../db/utils")
exports.save = async function(ctx) { exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
let layout = ctx.request.body let layout = ctx.request.body
if (!layout.props) { if (!layout.props) {
@ -22,7 +22,7 @@ exports.save = async function(ctx) {
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const layoutId = ctx.params.layoutId, const layoutId = ctx.params.layoutId,
layoutRev = ctx.params.layoutRev layoutRev = ctx.params.layoutRev

View File

@ -28,7 +28,7 @@ function formatResponse(resp) {
} }
exports.fetch = async function(ctx) { exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const body = await db.allDocs( const body = await db.allDocs(
getQueryParams(null, { getQueryParams(null, {
@ -39,7 +39,7 @@ exports.fetch = async function(ctx) {
} }
exports.save = async function(ctx) { exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const query = ctx.request.body const query = ctx.request.body
if (!query._id) { if (!query._id) {
@ -90,7 +90,7 @@ async function enrichQueryFields(fields, parameters) {
} }
exports.find = async function(ctx) { exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const query = enrichQueries(await db.get(ctx.params.queryId)) const query = enrichQueries(await db.get(ctx.params.queryId))
// remove properties that could be dangerous in real app // remove properties that could be dangerous in real app
if (env.isProd()) { if (env.isProd()) {
@ -102,7 +102,7 @@ exports.find = async function(ctx) {
} }
exports.preview = async function(ctx) { exports.preview = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const datasource = await db.get(ctx.request.body.datasourceId) const datasource = await db.get(ctx.request.body.datasourceId)
@ -130,7 +130,7 @@ exports.preview = async function(ctx) {
} }
exports.execute = async function(ctx) { exports.execute = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const query = await db.get(ctx.params.queryId) const query = await db.get(ctx.params.queryId)
const datasource = await db.get(query.datasourceId) const datasource = await db.get(query.datasourceId)
@ -153,7 +153,7 @@ exports.execute = async function(ctx) {
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
await db.remove(ctx.params.queryId, ctx.params.revId) await db.remove(ctx.params.queryId, ctx.params.revId)
ctx.message = `Query deleted.` ctx.message = `Query deleted.`
ctx.status = 200 ctx.status = 200

View File

@ -10,8 +10,8 @@ const {
const { const {
generateRoleID, generateRoleID,
getRoleParams, getRoleParams,
getUserParams, getUserMetadataParams,
ViewNames, InternalTables,
} = require("../../db/utils") } = require("../../db/utils")
const UpdateRolesOptions = { const UpdateRolesOptions = {
@ -28,7 +28,7 @@ const EXTERNAL_BUILTIN_ROLE_IDS = [
] ]
async function updateRolesOnUserTable(db, roleId, updateOption) { async function updateRolesOnUserTable(db, roleId, updateOption) {
const table = await db.get(ViewNames.USERS) const table = await db.get(InternalTables.USER_METADATA)
const schema = table.schema const schema = table.schema
const remove = updateOption === UpdateRolesOptions.REMOVED const remove = updateOption === UpdateRolesOptions.REMOVED
let updated = false let updated = false
@ -51,7 +51,7 @@ async function updateRolesOnUserTable(db, roleId, updateOption) {
} }
exports.fetch = async function(ctx) { exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const body = await db.allDocs( const body = await db.allDocs(
getRoleParams(null, { getRoleParams(null, {
include_docs: true, include_docs: true,
@ -79,11 +79,11 @@ exports.fetch = async function(ctx) {
} }
exports.find = async function(ctx) { exports.find = async function(ctx) {
ctx.body = await getRole(ctx.user.appId, ctx.params.roleId) ctx.body = await getRole(ctx.appId, ctx.params.roleId)
} }
exports.save = async function(ctx) { exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
let { _id, name, inherits, permissionId } = ctx.request.body let { _id, name, inherits, permissionId } = ctx.request.body
if (!_id) { if (!_id) {
_id = generateRoleID() _id = generateRoleID()
@ -104,7 +104,7 @@ exports.save = async function(ctx) {
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const roleId = ctx.params.roleId const roleId = ctx.params.roleId
if (isBuiltin(roleId)) { if (isBuiltin(roleId)) {
ctx.throw(400, "Cannot delete builtin role.") ctx.throw(400, "Cannot delete builtin role.")
@ -112,7 +112,7 @@ exports.destroy = async function(ctx) {
// first check no users actively attached to role // first check no users actively attached to role
const users = ( const users = (
await db.allDocs( await db.allDocs(
getUserParams(null, { getUserMetadataParams(null, {
include_docs: true, include_docs: true,
}) })
) )

View File

@ -6,10 +6,9 @@ const {
generateRowID, generateRowID,
DocumentTypes, DocumentTypes,
SEPARATOR, SEPARATOR,
ViewNames, InternalTables,
generateUserID,
} = require("../../db/utils") } = require("../../db/utils")
const usersController = require("./user") const userController = require("./user")
const { const {
inputProcessing, inputProcessing,
outputProcessing, outputProcessing,
@ -37,18 +36,14 @@ validateJs.extend(validateJs.validators.datetime, {
}, },
}) })
async function findRow(db, appId, tableId, rowId) { async function findRow(ctx, db, tableId, rowId) {
let row let row
if (tableId === ViewNames.USERS) { // TODO remove special user case in future
let ctx = { if (tableId === InternalTables.USER_METADATA) {
params: { ctx.params = {
userId: rowId, id: rowId,
},
user: {
appId,
},
} }
await usersController.find(ctx) await userController.findMetadata(ctx)
row = ctx.body row = ctx.body
} else { } else {
row = await db.get(rowId) row = await db.get(rowId)
@ -60,7 +55,7 @@ async function findRow(db, appId, tableId, rowId) {
} }
exports.patch = async function(ctx) { exports.patch = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
let dbRow = await db.get(ctx.params.rowId) let dbRow = await db.get(ctx.params.rowId)
let dbTable = await db.get(dbRow.tableId) let dbTable = await db.get(dbRow.tableId)
@ -96,14 +91,14 @@ exports.patch = async function(ctx) {
table, table,
}) })
// Creation of a new user goes to the user controller // TODO remove special user case in future
if (row.tableId === ViewNames.USERS) { if (row.tableId === InternalTables.USER_METADATA) {
// the row has been updated, need to put it into the ctx // the row has been updated, need to put it into the ctx
ctx.request.body = { ctx.request.body = {
...row, ...row,
password: ctx.request.body.password, password: ctx.request.body.password,
} }
await usersController.update(ctx) await userController.updateMetadata(ctx)
return return
} }
@ -121,7 +116,7 @@ exports.patch = async function(ctx) {
} }
exports.save = async function(ctx) { exports.save = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
let inputs = ctx.request.body let inputs = ctx.request.body
inputs.tableId = ctx.params.tableId inputs.tableId = ctx.params.tableId
@ -134,20 +129,18 @@ exports.save = async function(ctx) {
} }
// if the row obj had an _id then it will have been retrieved // if the row obj had an _id then it will have been retrieved
const existingRow = ctx.preExisting if (inputs._id && inputs._rev) {
const existingRow = await db.get(inputs._id)
if (existingRow) { if (existingRow) {
ctx.params.rowId = inputs._id ctx.params.rowId = inputs._id
await exports.patch(ctx) await exports.patch(ctx)
return return
} }
}
if (!inputs._rev && !inputs._id) { if (!inputs._rev && !inputs._id) {
if (inputs.tableId === ViewNames.USERS) {
inputs._id = generateUserID(inputs.email)
} else {
inputs._id = generateRowID(inputs.tableId) inputs._id = generateRowID(inputs.tableId)
} }
}
// this returns the table and row incase they have been updated // this returns the table and row incase they have been updated
const dbTable = await db.get(inputs.tableId) const dbTable = await db.get(inputs.tableId)
@ -175,11 +168,11 @@ exports.save = async function(ctx) {
table, table,
}) })
// Creation of a new user goes to the user controller // TODO remove special user case in future
if (row.tableId === ViewNames.USERS) { if (row.tableId === InternalTables.USER_METADATA) {
// the row has been updated, need to put it into the ctx // the row has been updated, need to put it into the ctx
ctx.request.body = row ctx.request.body = row
await usersController.create(ctx) await userController.createMetadata(ctx)
return return
} }
@ -197,7 +190,7 @@ exports.save = async function(ctx) {
} }
exports.fetchView = async function(ctx) { exports.fetchView = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const viewName = ctx.params.viewName const viewName = ctx.params.viewName
// if this is a table view being looked for just transfer to that // if this is a table view being looked for just transfer to that
@ -256,7 +249,7 @@ exports.fetchView = async function(ctx) {
} }
exports.search = async function(ctx) { exports.search = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const { const {
query, query,
@ -287,14 +280,6 @@ exports.search = async function(ctx) {
} }
const response = await search(searchString) const response = await search(searchString)
// delete passwords from users
if (tableId === ViewNames.USERS) {
for (let row of response.rows) {
delete row.password
}
}
const table = await db.get(tableId) const table = await db.get(tableId)
ctx.body = { ctx.body = {
rows: await outputProcessing(appId, table, response.rows), rows: await outputProcessing(appId, table, response.rows),
@ -303,14 +288,14 @@ exports.search = async function(ctx) {
} }
exports.fetchTableRows = async function(ctx) { exports.fetchTableRows = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
// special case for users, fetch through the user controller // TODO remove special user case in future
let rows, let rows,
table = await db.get(ctx.params.tableId) table = await db.get(ctx.params.tableId)
if (ctx.params.tableId === ViewNames.USERS) { if (ctx.params.tableId === InternalTables.USER_METADATA) {
await usersController.fetch(ctx) await userController.fetchMetadata(ctx)
rows = ctx.body rows = ctx.body
} else { } else {
const response = await db.allDocs( const response = await db.allDocs(
@ -324,11 +309,11 @@ exports.fetchTableRows = async function(ctx) {
} }
exports.find = async function(ctx) { exports.find = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
try { try {
const table = await db.get(ctx.params.tableId) const table = await db.get(ctx.params.tableId)
const row = await findRow(db, appId, ctx.params.tableId, ctx.params.rowId) const row = await findRow(ctx, db, ctx.params.tableId, ctx.params.rowId)
ctx.body = await outputProcessing(appId, table, row) ctx.body = await outputProcessing(appId, table, row)
} catch (err) { } catch (err) {
ctx.throw(400, err) ctx.throw(400, err)
@ -336,7 +321,7 @@ exports.find = async function(ctx) {
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const row = await db.get(ctx.params.rowId) const row = await db.get(ctx.params.rowId)
if (row.tableId !== ctx.params.tableId) { if (row.tableId !== ctx.params.tableId) {
@ -348,17 +333,25 @@ exports.destroy = async function(ctx) {
row, row,
tableId: row.tableId, tableId: row.tableId,
}) })
// TODO remove special user case in future
if (ctx.params.tableId === InternalTables.USER_METADATA) {
ctx.params = {
id: ctx.params.rowId,
}
await userController.destroyMetadata(ctx)
} else {
ctx.body = await db.remove(ctx.params.rowId, ctx.params.revId) ctx.body = await db.remove(ctx.params.rowId, ctx.params.revId)
ctx.status = 200 }
// for automations include the row that was deleted // for automations include the row that was deleted
ctx.row = row ctx.row = row
ctx.status = 200
ctx.eventEmitter && ctx.eventEmitter.emitRow(`row:delete`, appId, row) ctx.eventEmitter && ctx.eventEmitter.emitRow(`row:delete`, appId, row)
} }
exports.validate = async function(ctx) { exports.validate = async function(ctx) {
const errors = await validate({ const errors = await validate({
appId: ctx.user.appId, appId: ctx.appId,
tableId: ctx.params.tableId, tableId: ctx.params.tableId,
row: ctx.request.body, row: ctx.request.body,
}) })
@ -388,14 +381,14 @@ async function validate({ appId, tableId, row, table }) {
} }
exports.fetchEnrichedRow = async function(ctx) { exports.fetchEnrichedRow = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const tableId = ctx.params.tableId const tableId = ctx.params.tableId
const rowId = ctx.params.rowId const rowId = ctx.params.rowId
// need table to work out where links go in row // need table to work out where links go in row
let [table, row] = await Promise.all([ let [table, row] = await Promise.all([
db.get(tableId), db.get(tableId),
findRow(db, appId, tableId, rowId), findRow(ctx, db, tableId, rowId),
]) ])
// get the link docs // get the link docs
const linkVals = await linkRows.getLinkDocuments({ const linkVals = await linkRows.getLinkDocuments({
@ -433,11 +426,11 @@ exports.fetchEnrichedRow = async function(ctx) {
} }
async function bulkDelete(ctx) { async function bulkDelete(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const { rows } = ctx.request.body const { rows } = ctx.request.body
const db = new CouchDB(appId) const db = new CouchDB(appId)
const linkUpdates = rows.map(row => let updates = rows.map(row =>
linkRows.updateLinks({ linkRows.updateLinks({
appId, appId,
eventType: linkRows.EventType.ROW_DELETE, eventType: linkRows.EventType.ROW_DELETE,
@ -445,9 +438,20 @@ async function bulkDelete(ctx) {
tableId: row.tableId, tableId: row.tableId,
}) })
) )
// TODO remove special user case in future
if (ctx.params.tableId === InternalTables.USER_METADATA) {
updates = updates.concat(
rows.map(row => {
ctx.params = {
id: row._id,
}
return userController.destroyMetadata(ctx)
})
)
} else {
await db.bulkDocs(rows.map(row => ({ ...row, _deleted: true }))) await db.bulkDocs(rows.map(row => ({ ...row, _deleted: true })))
await Promise.all(linkUpdates) }
await Promise.all(updates)
rows.forEach(row => { rows.forEach(row => {
ctx.eventEmitter && ctx.eventEmitter.emitRow(`row:delete`, appId, row) ctx.eventEmitter && ctx.eventEmitter.emitRow(`row:delete`, appId, row)

View File

@ -3,7 +3,7 @@ const { getScreenParams, generateScreenID } = require("../../db/utils")
const { AccessController } = require("../../utilities/security/roles") const { AccessController } = require("../../utilities/security/roles")
exports.fetch = async ctx => { exports.fetch = async ctx => {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const screens = ( const screens = (
@ -21,7 +21,7 @@ exports.fetch = async ctx => {
} }
exports.save = async ctx => { exports.save = async ctx => {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
let screen = ctx.request.body let screen = ctx.request.body
@ -39,7 +39,7 @@ exports.save = async ctx => {
} }
exports.destroy = async ctx => { exports.destroy = async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
await db.remove(ctx.params.screenId, ctx.params.screenRev) await db.remove(ctx.params.screenId, ctx.params.screenRev)
ctx.body = { ctx.body = {
message: "Screen deleted successfully", message: "Screen deleted successfully",

View File

@ -1,8 +1,7 @@
const { QueryBuilder, buildSearchUrl, search } = require("./utils") const { QueryBuilder, buildSearchUrl, search } = require("./utils")
exports.rowSearch = async ctx => { exports.rowSearch = async ctx => {
// this can't be done through pouch, have to reach for trusty node-fetch const appId = ctx.appId
const appId = ctx.user.appId
const { tableId } = ctx.params const { tableId } = ctx.params
const { bookmark, query, raw } = ctx.request.body const { bookmark, query, raw } = ctx.request.body
let url let url

View File

@ -9,7 +9,6 @@ const { processString } = require("@budibase/string-templates")
const { budibaseTempDir } = require("../../../utilities/budibaseDir") const { budibaseTempDir } = require("../../../utilities/budibaseDir")
const { getDeployedApps } = require("../../../utilities/builder/hosting") const { getDeployedApps } = require("../../../utilities/builder/hosting")
const CouchDB = require("../../../db") const CouchDB = require("../../../db")
const setBuilderToken = require("../../../utilities/builder/setBuilderToken")
const { const {
loadHandlebarsFile, loadHandlebarsFile,
NODE_MODULES_PATH, NODE_MODULES_PATH,
@ -22,7 +21,7 @@ const { objectStoreUrl, clientLibraryPath } = require("../../../utilities")
async function checkForSelfHostedURL(ctx) { async function checkForSelfHostedURL(ctx) {
// the "appId" component of the URL may actually be a specific self hosted URL // the "appId" component of the URL may actually be a specific self hosted URL
let possibleAppUrl = `/${encodeURI(ctx.params.appId).toLowerCase()}` let possibleAppUrl = `/${encodeURI(ctx.params.appId).toLowerCase()}`
const apps = await getDeployedApps() const apps = await getDeployedApps(ctx)
if (apps[possibleAppUrl] && apps[possibleAppUrl].appId) { if (apps[possibleAppUrl] && apps[possibleAppUrl].appId) {
return apps[possibleAppUrl].appId return apps[possibleAppUrl].appId
} else { } else {
@ -35,9 +34,6 @@ const COMP_LIB_BASE_APP_VERSION = "0.2.5"
exports.serveBuilder = async function(ctx) { exports.serveBuilder = async function(ctx) {
let builderPath = resolve(TOP_LEVEL_PATH, "builder") let builderPath = resolve(TOP_LEVEL_PATH, "builder")
if (ctx.file === "index.html") {
await setBuilderToken(ctx)
}
await send(ctx, ctx.file, { root: builderPath }) await send(ctx, ctx.file, { root: builderPath })
} }
@ -61,7 +57,7 @@ exports.uploadFile = async function(ctx) {
return prepareUpload({ return prepareUpload({
file, file,
s3Key: `assets/${ctx.user.appId}/attachments/${processedFileName}`, s3Key: `assets/${ctx.appId}/attachments/${processedFileName}`,
bucket: "prod-budi-app-assets", bucket: "prod-budi-app-assets",
}) })
}) })
@ -111,20 +107,17 @@ exports.serveComponentLibrary = async function(ctx) {
) )
return send(ctx, "/awsDeploy.js", { root: componentLibraryPath }) return send(ctx, "/awsDeploy.js", { root: componentLibraryPath })
} }
const db = new CouchDB(appId)
const appInfo = await db.get(appId)
let componentLib = "componentlibrary" let componentLib = "componentlibrary"
if (ctx.user.version) { if (appInfo && appInfo.version) {
componentLib += `-${ctx.user.version}` componentLib += `-${appInfo.version}`
} else { } else {
componentLib += `-${COMP_LIB_BASE_APP_VERSION}` componentLib += `-${COMP_LIB_BASE_APP_VERSION}`
} }
const S3_URL = encodeURI( const S3_URL = encodeURI(
join( join(objectStoreUrl(), componentLib, ctx.query.library, "dist", "index.js")
objectStoreUrl(appId),
componentLib,
ctx.query.library,
"dist",
"index.js"
)
) )
const response = await fetch(S3_URL) const response = await fetch(S3_URL)
const body = await response.text() const body = await response.text()

View File

@ -10,7 +10,7 @@ const { FieldTypes } = require("../../../constants")
const { TableSaveFunctions } = require("./utils") const { TableSaveFunctions } = require("./utils")
exports.fetch = async function(ctx) { exports.fetch = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const body = await db.allDocs( const body = await db.allDocs(
getTableParams(null, { getTableParams(null, {
include_docs: true, include_docs: true,
@ -20,12 +20,12 @@ exports.fetch = async function(ctx) {
} }
exports.find = async function(ctx) { exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
ctx.body = await db.get(ctx.params.id) ctx.body = await db.get(ctx.params.id)
} }
exports.save = async function(ctx) { exports.save = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const { dataImport, ...rest } = ctx.request.body const { dataImport, ...rest } = ctx.request.body
let tableToSave = { let tableToSave = {
@ -127,7 +127,7 @@ exports.save = async function(ctx) {
} }
exports.destroy = async function(ctx) { exports.destroy = async function(ctx) {
const appId = ctx.user.appId const appId = ctx.appId
const db = new CouchDB(appId) const db = new CouchDB(appId)
const tableToDelete = await db.get(ctx.params.tableId) const tableToDelete = await db.get(ctx.params.tableId)

View File

@ -1,6 +1,10 @@
const CouchDB = require("../../../db") const CouchDB = require("../../../db")
const csvParser = require("../../../utilities/csvParser") const csvParser = require("../../../utilities/csvParser")
const { getRowParams, generateRowID, ViewNames } = require("../../../db/utils") const {
getRowParams,
generateRowID,
InternalTables,
} = require("../../../db/utils")
const { isEqual } = require("lodash/fp") const { isEqual } = require("lodash/fp")
const { AutoFieldSubTypes } = require("../../../constants") const { AutoFieldSubTypes } = require("../../../constants")
const { inputProcessing } = require("../../../utilities/rowProcessor") const { inputProcessing } = require("../../../utilities/rowProcessor")
@ -57,8 +61,8 @@ exports.makeSureTableUpToDate = (table, tableToSave) => {
return tableToSave return tableToSave
} }
exports.handleDataImport = async (user, table, dataImport) => { exports.handleDataImport = async (appId, user, table, dataImport) => {
const db = new CouchDB(user.appId) const db = new CouchDB(appId)
if (dataImport && dataImport.csvString) { if (dataImport && dataImport.csvString) {
// Populate the table with rows imported from CSV in a bulk update // Populate the table with rows imported from CSV in a bulk update
const data = await csvParser.transform(dataImport) const data = await csvParser.transform(dataImport)
@ -136,7 +140,7 @@ exports.handleSearchIndexes = async (appId, table) => {
exports.checkStaticTables = table => { exports.checkStaticTables = table => {
// check user schema has all required elements // check user schema has all required elements
if (table._id === ViewNames.USERS) { if (table._id === InternalTables.USER_METADATA) {
for (let [key, schema] of Object.entries(USERS_TABLE_SCHEMA.schema)) { for (let [key, schema] of Object.entries(USERS_TABLE_SCHEMA.schema)) {
// check if the schema exists on the table to be created/updated // check if the schema exists on the table to be created/updated
if (table.schema[key] == null) { if (table.schema[key] == null) {
@ -152,7 +156,7 @@ class TableSaveFunctions {
this.db = db this.db = db
this.ctx = ctx this.ctx = ctx
if (this.ctx && this.ctx.user) { if (this.ctx && this.ctx.user) {
this.appId = this.ctx.user.appId this.appId = this.ctx.appId
} }
this.oldTable = oldTable this.oldTable = oldTable
this.dataImport = dataImport this.dataImport = dataImport
@ -184,6 +188,7 @@ class TableSaveFunctions {
async after(table) { async after(table) {
table = await exports.handleSearchIndexes(this.appId, table) table = await exports.handleSearchIndexes(this.appId, table)
table = await exports.handleDataImport( table = await exports.handleDataImport(
this.appId,
this.ctx.user, this.ctx.user,
table, table,
this.dataImport this.dataImport

View File

@ -1,115 +1,113 @@
const CouchDB = require("../../db") const CouchDB = require("../../db")
const bcrypt = require("../../utilities/bcrypt") const {
const { generateUserID, getUserParams, ViewNames } = require("../../db/utils") generateUserMetadataID,
getUserMetadataParams,
getGlobalIDFromUserMetadataID,
} = require("../../db/utils")
const { InternalTables } = require("../../db/utils")
const { getRole } = require("../../utilities/security/roles") const { getRole } = require("../../utilities/security/roles")
const { UserStatus } = require("../../constants") const {
getGlobalUsers,
saveGlobalUser,
deleteGlobalUser,
} = require("../../utilities/workerRequests")
const { getFullUser } = require("../../utilities/users")
exports.fetch = async function(ctx) { exports.fetchMetadata = async function(ctx) {
const database = new CouchDB(ctx.user.appId) const database = new CouchDB(ctx.appId)
const users = ( const global = await getGlobalUsers(ctx, ctx.appId)
const metadata = (
await database.allDocs( await database.allDocs(
getUserParams(null, { getUserMetadataParams(null, {
include_docs: true, include_docs: true,
}) })
) )
).rows.map(row => row.doc) ).rows.map(row => row.doc)
// user hashed password shouldn't ever be returned const users = []
for (let user of users) { for (let user of global) {
delete user.password // find the metadata that matches up to the global ID
const info = metadata.find(meta => meta._id.includes(user._id))
// remove these props, not for the correct DB
users.push({
...user,
...info,
// make sure the ID is always a local ID, not a global one
_id: generateUserMetadataID(user._id),
})
} }
ctx.body = users ctx.body = users
} }
exports.create = async function(ctx) { exports.createMetadata = async function(ctx) {
const db = new CouchDB(ctx.user.appId) const appId = ctx.appId
const { email, password, roleId } = ctx.request.body const db = new CouchDB(appId)
const { roleId } = ctx.request.body
if (!email || !password) { if (ctx.request.body._id) {
ctx.throw(400, "email and Password Required.") return exports.updateMetadata(ctx)
} }
const role = await getRole(ctx.user.appId, roleId) // check role valid
const role = await getRole(appId, roleId)
if (!role) ctx.throw(400, "Invalid Role") if (!role) ctx.throw(400, "Invalid Role")
const hashedPassword = await bcrypt.hash(password) const globalUser = await saveGlobalUser(ctx, appId, ctx.request.body)
const user = { const user = {
...ctx.request.body, ...globalUser,
// these must all be after the object spread, make sure _id: generateUserMetadataID(globalUser._id),
// any values are overwritten, generateUserID will always
// generate the same ID for the user as it is not UUID based
_id: generateUserID(email),
type: "user", type: "user",
password: hashedPassword, tableId: InternalTables.USER_METADATA,
tableId: ViewNames.USERS,
}
// add the active status to a user if its not provided
if (user.status == null) {
user.status = UserStatus.ACTIVE
} }
try {
const response = await db.post(user) const response = await db.post(user)
// for automations to make it obvious was successful
ctx.status = 200 ctx.status = 200
ctx.message = "User created successfully."
ctx.userId = response.id
ctx.body = { ctx.body = {
_id: response.id,
_rev: response.rev, _rev: response.rev,
email, email: ctx.request.body.email,
}
} catch (err) {
if (err.status === 409) {
ctx.throw(400, "User exists already")
} else {
ctx.throw(err.status, err)
}
} }
} }
exports.update = async function(ctx) { exports.updateSelfMetadata = async function(ctx) {
const db = new CouchDB(ctx.user.appId) // overwrite the ID with current users
ctx.request.body._id = ctx.user._id
// make sure no stale rev
delete ctx.request.body._rev
await exports.updateMetadata(ctx)
}
exports.updateMetadata = async function(ctx) {
const appId = ctx.appId
const db = new CouchDB(appId)
const user = ctx.request.body const user = ctx.request.body
let dbUser const globalUser = await saveGlobalUser(ctx, appId, {
if (user.email && !user._id) {
user._id = generateUserID(user.email)
}
// get user incase password removed
if (user._id) {
dbUser = await db.get(user._id)
}
if (user.password) {
user.password = await bcrypt.hash(user.password)
} else {
delete user.password
}
const response = await db.put({
password: dbUser.password,
...user, ...user,
_id: getGlobalIDFromUserMetadataID(user._id),
}) })
user._rev = response.rev const metadata = {
...globalUser,
ctx.status = 200 _id: user._id || generateUserMetadataID(globalUser._id),
ctx.body = response _rev: user._rev,
}
ctx.body = await db.put(metadata)
} }
exports.destroy = async function(ctx) { exports.destroyMetadata = async function(ctx) {
const database = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
await database.destroy(generateUserID(ctx.params.email)) await deleteGlobalUser(ctx, getGlobalIDFromUserMetadataID(ctx.params.id))
try {
const dbUser = await db.get(ctx.params.id)
await db.remove(dbUser._id, dbUser._rev)
} catch (err) {
// error just means the global user has no config in this app
}
ctx.body = { ctx.body = {
message: `User ${ctx.params.email} deleted.`, message: `User ${ctx.params.id} deleted.`,
} }
ctx.status = 200
} }
exports.find = async function(ctx) { exports.findMetadata = async function(ctx) {
const database = new CouchDB(ctx.user.appId) ctx.body = await getFullUser(ctx, ctx.params.id)
let lookup = ctx.params.email
? generateUserID(ctx.params.email)
: ctx.params.userId
const user = await database.get(lookup)
if (user) {
delete user.password
}
ctx.body = user
} }

View File

@ -7,7 +7,7 @@ const { ViewNames } = require("../../../db/utils")
const controller = { const controller = {
fetch: async ctx => { fetch: async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const designDoc = await db.get("_design/database") const designDoc = await db.get("_design/database")
const response = [] const response = []
@ -25,7 +25,7 @@ const controller = {
ctx.body = response ctx.body = response
}, },
save: async ctx => { save: async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const { originalName, ...viewToSave } = ctx.request.body const { originalName, ...viewToSave } = ctx.request.body
const designDoc = await db.get("_design/database") const designDoc = await db.get("_design/database")
const view = viewTemplate(viewToSave) const view = viewTemplate(viewToSave)
@ -66,7 +66,7 @@ const controller = {
} }
}, },
destroy: async ctx => { destroy: async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const designDoc = await db.get("_design/database") const designDoc = await db.get("_design/database")
const viewName = decodeURI(ctx.params.viewName) const viewName = decodeURI(ctx.params.viewName)
const view = designDoc.views[viewName] const view = designDoc.views[viewName]
@ -81,7 +81,7 @@ const controller = {
ctx.body = view ctx.body = view
}, },
exportView: async ctx => { exportView: async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const designDoc = await db.get("_design/database") const designDoc = await db.get("_design/database")
const viewName = decodeURI(ctx.query.view) const viewName = decodeURI(ctx.query.view)

View File

@ -22,7 +22,7 @@ exports.WebhookType = {
} }
exports.fetch = async ctx => { exports.fetch = async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const response = await db.allDocs( const response = await db.allDocs(
getWebhookParams(null, { getWebhookParams(null, {
include_docs: true, include_docs: true,
@ -32,9 +32,9 @@ exports.fetch = async ctx => {
} }
exports.save = async ctx => { exports.save = async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
const webhook = ctx.request.body const webhook = ctx.request.body
webhook.appId = ctx.user.appId webhook.appId = ctx.appId
// check that the webhook exists // check that the webhook exists
if (webhook._id) { if (webhook._id) {
@ -51,7 +51,7 @@ exports.save = async ctx => {
} }
exports.destroy = async ctx => { exports.destroy = async ctx => {
const db = new CouchDB(ctx.user.appId) const db = new CouchDB(ctx.appId)
ctx.body = await db.remove(ctx.params.id, ctx.params.rev) ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
} }

View File

@ -1,22 +1,30 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const authenticated = require("../middleware/authenticated") const { buildAuthMiddleware } = require("@budibase/auth").auth
const currentApp = require("../middleware/currentapp")
const compress = require("koa-compress") const compress = require("koa-compress")
const zlib = require("zlib") const zlib = require("zlib")
const { mainRoutes, authRoutes, staticRoutes } = require("./routes") const { mainRoutes, staticRoutes } = require("./routes")
const pkg = require("../../package.json") const pkg = require("../../package.json")
const router = new Router() const router = new Router()
const env = require("../environment") const env = require("../environment")
const NO_AUTH_ENDPOINTS = [
"/health",
"/version",
"webhooks/trigger",
"webhooks/schema",
]
router router
.use( .use(
compress({ compress({
threshold: 2048, threshold: 2048,
gzip: { gzip: {
flush: zlib.Z_SYNC_FLUSH, flush: zlib.constants.Z_SYNC_FLUSH,
}, },
deflate: { deflate: {
flush: zlib.Z_SYNC_FLUSH, flush: zlib.constants.Z_SYNC_FLUSH,
}, },
br: false, br: false,
}) })
@ -30,7 +38,8 @@ router
}) })
.use("/health", ctx => (ctx.status = 200)) .use("/health", ctx => (ctx.status = 200))
.use("/version", ctx => (ctx.body = pkg.version)) .use("/version", ctx => (ctx.body = pkg.version))
.use(authenticated) .use(buildAuthMiddleware(NO_AUTH_ENDPOINTS))
.use(currentApp)
// error handling middleware // error handling middleware
router.use(async (ctx, next) => { router.use(async (ctx, next) => {
@ -51,9 +60,6 @@ router.use(async (ctx, next) => {
router.get("/health", ctx => (ctx.status = 200)) router.get("/health", ctx => (ctx.status = 200))
router.use(authRoutes.routes())
router.use(authRoutes.allowedMethods())
// authenticated routes // authenticated routes
for (let route of mainRoutes) { for (let route of mainRoutes) {
router.use(route.routes()) router.use(route.routes())

View File

@ -1,14 +1,8 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const controller = require("../controllers/auth") const controller = require("../controllers/auth")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router() const router = Router()
router.post("/api/authenticate", controller.authenticate)
// TODO: this is a hack simply to make sure builder has a cookie until auth reworked
router.post("/api/builder/login", authorized(BUILDER), controller.builderLogin)
// doesn't need authorization as can only fetch info about self
router.get("/api/self", controller.fetchSelf) router.get("/api/self", controller.fetchSelf)
module.exports = router module.exports = router

View File

@ -0,0 +1,14 @@
const Router = require("@koa/router")
const controller = require("../controllers/dev")
const env = require("../../environment")
const router = Router()
if (env.isDev() || env.isTest()) {
router
.get("/api/admin/:devPath(.*)", controller.redirectGet)
.post("/api/admin/:devPath(.*)", controller.redirectPost)
.delete("/api/admin/:devPath(.*)", controller.redirectDelete)
}
module.exports = router

View File

@ -22,8 +22,10 @@ const datasourceRoutes = require("./datasource")
const queryRoutes = require("./query") const queryRoutes = require("./query")
const hostingRoutes = require("./hosting") const hostingRoutes = require("./hosting")
const backupRoutes = require("./backup") const backupRoutes = require("./backup")
const devRoutes = require("./dev")
exports.mainRoutes = [ exports.mainRoutes = [
authRoutes,
deployRoutes, deployRoutes,
layoutRoutes, layoutRoutes,
screenRoutes, screenRoutes,
@ -44,11 +46,11 @@ exports.mainRoutes = [
queryRoutes, queryRoutes,
hostingRoutes, hostingRoutes,
backupRoutes, backupRoutes,
devRoutes,
// these need to be handled last as they still use /api/:tableId // these need to be handled last as they still use /api/:tableId
// this could be breaking as koa may recognise other routes as this // this could be breaking as koa may recognise other routes as this
tableRoutes, tableRoutes,
rowRoutes, rowRoutes,
] ]
exports.authRoutes = authRoutes
exports.staticRoutes = staticRoutes exports.staticRoutes = staticRoutes

View File

@ -1,4 +1,19 @@
const setup = require("./utilities") const setup = require("./utilities")
const { generateUserMetadataID } = require("../../../db/utils")
require("../../../utilities/workerRequests")
jest.mock("../../../utilities/workerRequests", () => ({
getGlobalUsers: jest.fn(() => {
return {
_id: "us_uuid1",
}
}),
saveGlobalUser: jest.fn(() => {
return {
_id: "us_uuid1",
}
}),
}))
describe("/authenticate", () => { describe("/authenticate", () => {
let request = setup.getRequest() let request = setup.getRequest()
@ -10,96 +25,16 @@ describe("/authenticate", () => {
await config.init() await config.init()
}) })
describe("authenticate", () => {
it("should be able to create a layout", async () => {
await config.createUser("test@test.com", "p4ssw0rd")
const res = await request
.post(`/api/authenticate`)
.send({
email: "test@test.com",
password: "p4ssw0rd",
})
.set(config.publicHeaders())
.expect("Content-Type", /json/)
.expect(200)
expect(res.body.token).toBeDefined()
expect(res.body.email).toEqual("test@test.com")
expect(res.body.password).toBeUndefined()
})
it("should error if no app specified", async () => {
await request
.post(`/api/authenticate`)
.expect(400)
})
it("should error if no email specified", async () => {
await request
.post(`/api/authenticate`)
.send({
password: "test",
})
.set(config.publicHeaders())
.expect(400)
})
it("should error if no password specified", async () => {
await request
.post(`/api/authenticate`)
.send({
email: "test",
})
.set(config.publicHeaders())
.expect(400)
})
it("should error if invalid user specified", async () => {
await request
.post(`/api/authenticate`)
.send({
email: "test",
password: "test",
})
.set(config.publicHeaders())
.expect(401)
})
it("should throw same error if wrong password specified", async () => {
await config.createUser("test@test.com", "password")
await request
.post(`/api/authenticate`)
.send({
email: "test@test.com",
password: "test",
})
.set(config.publicHeaders())
.expect(401)
})
it("should throw an error for inactive users", async () => {
await config.createUser("test@test.com", "password")
await config.makeUserInactive("test@test.com")
await request
.post(`/api/authenticate`)
.send({
email: "test@test.com",
password: "password",
})
.set(config.publicHeaders())
.expect(401)
})
})
describe("fetch self", () => { describe("fetch self", () => {
it("should be able to delete the layout", async () => { it("should be able to fetch self", async () => {
await config.createUser("test@test.com", "p4ssw0rd") const user = await config.createUser("test@test.com", "p4ssw0rd")
const headers = await config.login("test@test.com", "p4ssw0rd") const headers = await config.login("test@test.com", "p4ssw0rd", { userId: "us_uuid1" })
const res = await request const res = await request
.get(`/api/self`) .get(`/api/self`)
.set(headers) .set(headers)
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
expect(res.body.email).toEqual("test@test.com") expect(res.body._id).toEqual(generateUserMetadataID("us_uuid1"))
}) })
}) })
}) })

View File

@ -41,10 +41,12 @@ describe("run misc tests", () => {
const dataImport = { const dataImport = {
csvString: "a,b,c,d\n1,2,3,4" csvString: "a,b,c,d\n1,2,3,4"
} }
await tableUtils.handleDataImport({ await tableUtils.handleDataImport(
appId: config.getAppId(), config.getAppId(),
userId: "test", { userId: "test" },
}, table, dataImport) table,
dataImport
)
const rows = await config.getRows() const rows = await config.getRows()
expect(rows[0].a).toEqual("1") expect(rows[0].a).toEqual("1")
expect(rows[0].b).toEqual("2") expect(rows[0].b).toEqual("2")

View File

@ -93,7 +93,7 @@ describe("/queries", () => {
const query = await config.createQuery() const query = await config.createQuery()
const res = await request const res = await request
.get(`/api/queries/${query._id}`) .get(`/api/queries/${query._id}`)
.set(await config.roleHeaders()) .set(await config.roleHeaders({}))
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
expect(res.body.fields).toBeUndefined() expect(res.body.fields).toBeUndefined()

View File

@ -2,6 +2,7 @@ const setup = require("./utilities")
const { basicScreen } = setup.structures const { basicScreen } = setup.structures
const { checkBuilderEndpoint } = require("./utilities/TestFunctions") const { checkBuilderEndpoint } = require("./utilities/TestFunctions")
const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles") const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")
const workerRequests = require("../../../utilities/workerRequests")
const route = "/test" const route = "/test"
@ -25,9 +26,20 @@ describe("/routing", () => {
describe("fetch", () => { describe("fetch", () => {
it("returns the correct routing for basic user", async () => { it("returns the correct routing for basic user", async () => {
workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
return {
roles: {
[appId]: BUILTIN_ROLE_IDS.BASIC,
}
}
})
const res = await request const res = await request
.get(`/api/routing/client`) .get(`/api/routing/client`)
.set(await config.roleHeaders("basic@test.com", BUILTIN_ROLE_IDS.BASIC)) .set(await config.roleHeaders({
email: "basic@test.com",
roleId: BUILTIN_ROLE_IDS.BASIC,
builder: false
}))
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
expect(res.body.routes).toBeDefined() expect(res.body.routes).toBeDefined()
@ -42,9 +54,20 @@ describe("/routing", () => {
}) })
it("returns the correct routing for power user", async () => { it("returns the correct routing for power user", async () => {
workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
return {
roles: {
[appId]: BUILTIN_ROLE_IDS.POWER,
}
}
})
const res = await request const res = await request
.get(`/api/routing/client`) .get(`/api/routing/client`)
.set(await config.roleHeaders("basic@test.com", BUILTIN_ROLE_IDS.POWER)) .set(await config.roleHeaders({
email: "basic@test.com",
roleId: BUILTIN_ROLE_IDS.POWER,
builder: false,
}))
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
expect(res.body.routes).toBeDefined() expect(res.body.routes).toBeDefined()

View File

@ -2,6 +2,20 @@ const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")
const { checkPermissionsEndpoint } = require("./utilities/TestFunctions") const { checkPermissionsEndpoint } = require("./utilities/TestFunctions")
const setup = require("./utilities") const setup = require("./utilities")
const { basicUser } = setup.structures const { basicUser } = setup.structures
const workerRequests = require("../../../utilities/workerRequests")
jest.mock("../../../utilities/workerRequests", () => ({
getGlobalUsers: jest.fn(() => {
return {}
}),
saveGlobalUser: jest.fn(() => {
const uuid = require("uuid/v4")
return {
_id: `us_${uuid()}`
}
}),
deleteGlobalUser: jest.fn(),
}))
describe("/users", () => { describe("/users", () => {
let request = setup.getRequest() let request = setup.getRequest()
@ -14,18 +28,30 @@ describe("/users", () => {
}) })
describe("fetch", () => { describe("fetch", () => {
beforeEach(() => {
workerRequests.getGlobalUsers.mockImplementationOnce(() => ([
{
_id: "us_uuid1",
},
{
_id: "us_uuid2",
}
]
))
})
it("returns a list of users from an instance db", async () => { it("returns a list of users from an instance db", async () => {
await config.createUser("brenda@brenda.com", "brendas_password") await config.createUser("brenda@brenda.com", "brendas_password")
await config.createUser("pam@pam.com", "pam_password") await config.createUser("pam@pam.com", "pam_password")
const res = await request const res = await request
.get(`/api/users`) .get(`/api/users/metadata`)
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
expect(res.body.length).toBe(2) expect(res.body.length).toBe(2)
expect(res.body.find(u => u.email === "brenda@brenda.com")).toBeDefined() expect(res.body.find(u => u._id === `ro_ta_users_us_uuid1`)).toBeDefined()
expect(res.body.find(u => u.email === "pam@pam.com")).toBeDefined() expect(res.body.find(u => u._id === `ro_ta_users_us_uuid2`)).toBeDefined()
}) })
it("should apply authorization to endpoint", async () => { it("should apply authorization to endpoint", async () => {
@ -34,7 +60,7 @@ describe("/users", () => {
config, config,
request, request,
method: "GET", method: "GET",
url: `/api/users`, url: `/api/users/metadata`,
passRole: BUILTIN_ROLE_IDS.ADMIN, passRole: BUILTIN_ROLE_IDS.ADMIN,
failRole: BUILTIN_ROLE_IDS.PUBLIC, failRole: BUILTIN_ROLE_IDS.PUBLIC,
}) })
@ -42,9 +68,21 @@ describe("/users", () => {
}) })
describe("create", () => { describe("create", () => {
beforeEach(() => {
workerRequests.getGlobalUsers.mockImplementationOnce(() => ([
{
_id: "us_uuid1",
},
{
_id: "us_uuid2",
}
]
))
})
async function create(user, status = 200) { async function create(user, status = 200) {
return request return request
.post(`/api/users`) .post(`/api/users/metadata`)
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.send(user) .send(user)
.expect(status) .expect(status)
@ -53,51 +91,42 @@ describe("/users", () => {
it("returns a success message when a user is successfully created", async () => { it("returns a success message when a user is successfully created", async () => {
const body = basicUser(BUILTIN_ROLE_IDS.POWER) const body = basicUser(BUILTIN_ROLE_IDS.POWER)
body.email = "bill@budibase.com"
const res = await create(body) const res = await create(body)
expect(res.res.statusMessage).toEqual("User created successfully.") expect(res.res.statusMessage).toEqual("OK")
expect(res.body._id).toBeUndefined() expect(res.body._id).toBeDefined()
}) })
it("should apply authorization to endpoint", async () => { it("should apply authorization to endpoint", async () => {
const body = basicUser(BUILTIN_ROLE_IDS.POWER) const body = basicUser(BUILTIN_ROLE_IDS.POWER)
body.email = "brandNewUser@user.com"
await checkPermissionsEndpoint({ await checkPermissionsEndpoint({
config, config,
method: "POST", method: "POST",
body, body,
url: `/api/users`, url: `/api/users/metadata`,
passRole: BUILTIN_ROLE_IDS.ADMIN, passRole: BUILTIN_ROLE_IDS.ADMIN,
failRole: BUILTIN_ROLE_IDS.PUBLIC, failRole: BUILTIN_ROLE_IDS.PUBLIC,
}) })
}) })
it("should error if no email provided", async () => {
const user = basicUser(BUILTIN_ROLE_IDS.POWER)
delete user.email
await create(user, 400)
})
it("should error if no role provided", async () => { it("should error if no role provided", async () => {
const user = basicUser(null) const user = basicUser(null)
await create(user, 400) await create(user, 400)
}) })
it("should throw error if user exists already", async () => {
await config.createUser("test@test.com")
const user = basicUser(BUILTIN_ROLE_IDS.POWER)
user.email = "test@test.com"
await create(user, 400)
})
}) })
describe("update", () => { describe("update", () => {
beforeEach(() => {
workerRequests.saveGlobalUser.mockImplementationOnce(() => ({
_id: "us_test@test.com"
}))
})
it("should be able to update the user", async () => { it("should be able to update the user", async () => {
const user = await config.createUser() const user = await config.createUser()
user.roleId = BUILTIN_ROLE_IDS.BASIC user.roleId = BUILTIN_ROLE_IDS.BASIC
const res = await request const res = await request
.put(`/api/users`) .put(`/api/users/metadata`)
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.send(user) .send(user)
.expect(200) .expect(200)
@ -108,27 +137,37 @@ describe("/users", () => {
describe("destroy", () => { describe("destroy", () => {
it("should be able to delete the user", async () => { it("should be able to delete the user", async () => {
const email = "test@test.com" const user = await config.createUser()
await config.createUser(email)
const res = await request const res = await request
.delete(`/api/users/${email}`) .delete(`/api/users/metadata/${user._id}`)
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.expect(200) .expect(200)
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
expect(res.body.message).toBeDefined() expect(res.body.message).toBeDefined()
expect(workerRequests.deleteGlobalUser).toHaveBeenCalled()
}) })
}) })
describe("find", () => { describe("find", () => {
beforeEach(() => {
jest.resetAllMocks()
workerRequests.saveGlobalUser.mockImplementationOnce(() => ({
_id: "us_uuid1",
}))
workerRequests.getGlobalUsers.mockImplementationOnce(() => ({
_id: "us_uuid1",
roleId: BUILTIN_ROLE_IDS.POWER,
}))
})
it("should be able to find the user", async () => { it("should be able to find the user", async () => {
const email = "test@test.com" const user = await config.createUser()
await config.createUser(email)
const res = await request const res = await request
.get(`/api/users/${email}`) .get(`/api/users/metadata/${user._id}`)
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.expect(200) .expect(200)
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
expect(res.body.email).toEqual(email) expect(res.body._id).toEqual(user._id)
expect(res.body.roleId).toEqual(BUILTIN_ROLE_IDS.POWER) expect(res.body.roleId).toEqual(BUILTIN_ROLE_IDS.POWER)
expect(res.body.tableId).toBeDefined() expect(res.body.tableId).toBeDefined()
}) })

View File

@ -3,7 +3,7 @@ const appController = require("../../../controllers/application")
const CouchDB = require("../../../../db") const CouchDB = require("../../../../db")
function Request(appId, params) { function Request(appId, params) {
this.user = { appId } this.appId = appId
this.params = params this.params = params
} }
@ -46,7 +46,10 @@ exports.createRequest = (request, method, url, body) => {
} }
exports.checkBuilderEndpoint = async ({ config, method, url, body }) => { exports.checkBuilderEndpoint = async ({ config, method, url, body }) => {
const headers = await config.login() const headers = await config.login("test@test.com", "test", {
userId: "us_fail",
builder: false,
})
await exports await exports
.createRequest(config.request, method, url, body) .createRequest(config.request, method, url, body)
.set(headers) .set(headers)
@ -62,16 +65,22 @@ exports.checkPermissionsEndpoint = async ({
failRole, failRole,
}) => { }) => {
const password = "PASSWORD" const password = "PASSWORD"
await config.createUser("passUser@budibase.com", password, passRole) let user = await config.createUser("pass@budibase.com", password, passRole)
const passHeader = await config.login("passUser@budibase.com", password) const passHeader = await config.login("pass@budibase.com", password, {
roleId: passRole,
userId: user.globalId,
})
await exports await exports
.createRequest(config.request, method, url, body) .createRequest(config.request, method, url, body)
.set(passHeader) .set(passHeader)
.expect(200) .expect(200)
await config.createUser("failUser@budibase.com", password, failRole) user = await config.createUser("fail@budibase.com", password, failRole)
const failHeader = await config.login("failUser@budibase.com", password) const failHeader = await config.login("fail@budibase.com", password, {
roleId: failRole,
userId: user.globalId,
})
await exports await exports
.createRequest(config.request, method, url, body) .createRequest(config.request, method, url, body)

View File

@ -2,6 +2,15 @@ const TestConfig = require("../../../../tests/utilities/TestConfiguration")
const structures = require("../../../../tests/utilities/structures") const structures = require("../../../../tests/utilities/structures")
const env = require("../../../../environment") const env = require("../../../../environment")
jest.mock("../../../../utilities/workerRequests", () => ({
getGlobalUsers: jest.fn(),
saveGlobalUser: jest.fn(() => {
return {
_id: "us_uuid1",
}
}),
}))
exports.delay = ms => new Promise(resolve => setTimeout(resolve, ms)) exports.delay = ms => new Promise(resolve => setTimeout(resolve, ms))
let request, config let request, config

View File

@ -108,14 +108,6 @@ describe("/webhooks", () => {
type: "object", type: "object",
}) })
}) })
it("should apply authorization to endpoint", async () => {
await checkBuilderEndpoint({
config,
method: "POST",
url: `/api/webhooks/schema/${config.getAppId()}/${webhook._id}`,
})
})
}) })
describe("trigger", () => { describe("trigger", () => {

View File

@ -11,31 +11,37 @@ const router = Router()
router router
.get( .get(
"/api/users", "/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.READ), authorized(PermissionTypes.USER, PermissionLevels.READ),
controller.fetch controller.fetchMetadata
) )
.get( .get(
"/api/users/:email", "/api/users/metadata/:id",
authorized(PermissionTypes.USER, PermissionLevels.READ), authorized(PermissionTypes.USER, PermissionLevels.READ),
controller.find controller.findMetadata
) )
.put( .put(
"/api/users", "/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionTypes.USER, PermissionLevels.WRITE),
controller.update controller.updateMetadata
) )
.post( .post(
"/api/users", "/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionTypes.USER, PermissionLevels.WRITE),
usage, usage,
controller.create controller.createMetadata
)
.post(
"/api/users/metadata/self",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
usage,
controller.updateSelfMetadata
) )
.delete( .delete(
"/api/users/:email", "/api/users/metadata/:id",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionTypes.USER, PermissionLevels.WRITE),
usage, usage,
controller.destroy controller.destroyMetadata
) )
module.exports = router module.exports = router

View File

@ -1,3 +1,7 @@
// need to load environment first
const env = require("./environment")
const CouchDB = require("./db")
require("@budibase/auth").init(CouchDB)
const Koa = require("koa") const Koa = require("koa")
const destroyable = require("server-destroy") const destroyable = require("server-destroy")
const electron = require("electron") const electron = require("electron")
@ -5,7 +9,6 @@ const koaBody = require("koa-body")
const logger = require("koa-pino-logger") const logger = require("koa-pino-logger")
const http = require("http") const http = require("http")
const api = require("./api") const api = require("./api")
const env = require("./environment")
const eventEmitter = require("./events") const eventEmitter = require("./events")
const automations = require("./automations/index") const automations = require("./automations/index")
const Sentry = require("@sentry/node") const Sentry = require("@sentry/node")

View File

@ -75,7 +75,7 @@ module.exports.run = async function({ inputs, appId, apiKey, emitter }) {
request: { request: {
body: inputs.row, body: inputs.row,
}, },
user: { appId }, appId,
eventEmitter: emitter, eventEmitter: emitter,
} }

Some files were not shown because too many files have changed in this diff Show More