MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/user-metadata' of github.com:Budibase/budibase into feature/query-rbac-timeouts

This commit is contained in:
mike12345567 2021-11-09 12:49:42 +00:00
parent f8e790bd2f 99c47ab264
commit a11f7e7081
14 changed files with 221 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosting/docker-compose.yaml
View File

@ -45,6 +45,7 @@ services:
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
MINIO_URL: http://minio-service:9000
APPS_URL: http://app-service:4002
COUCH_DB_USERNAME: ${COUCH_DB_USER}
COUCH_DB_PASSWORD: ${COUCH_DB_PASSWORD}
COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984

2
hosting/kubernetes/budibase/templates/worker-service-deployment.yaml
View File

@ -113,6 +113,8 @@ spec:
value: {{ .Values.globals.smtp.port | quote }}
- name: SMTP_FROM_ADDRESS
value: {{ .Values.globals.smtp.from | quote }}
- name: APPS_URL
value: http://app-service:{{ .Values.services.apps.port }}
image: budibase/worker
imagePullPolicy: Always
name: bbworker

11
packages/auth/src/db/utils.js
View File

@ -152,6 +152,17 @@ exports.getDeployedAppID = appId => {
return appId
}
/**
* Convert a deployed app ID to a development app ID.
*/
exports.getDevelopmentAppID = appId => {
if (!appId.startsWith(exports.APP_DEV_PREFIX)) {
const id = appId.split(exports.APP_PREFIX)[1]
return `${exports.APP_DEV_PREFIX}${id}`
}
return appId
}
exports.getCouchUrl = () => {
if (!env.COUCH_DB_URL) return

7
packages/server/src/api/controllers/application.js
View File

@ -44,6 +44,7 @@ const {
revertClientLibrary,
} = require("../../utilities/fileSystem/clientLibrary")
const { getTenantId, isMultiTenant } = require("@budibase/auth/tenancy")
const { syncGlobalUsers } = require("./user")
const URL_REGEX_SLASH = /\/|\\/g
@ -328,6 +329,8 @@ exports.sync = async ctx => {
if (!isDevAppID(appId)) {
ctx.throw(400, "This action cannot be performed for production apps")
}
// replicate prod to dev
const prodAppId = getDeployedAppID(appId)
const replication = new Replication({
source: prodAppId,
@ -343,6 +346,10 @@ exports.sync = async ctx => {
} catch (err) {
error = err
}
// sync the users
await syncGlobalUsers(appId)
if (error) {
ctx.throw(400, error)
} else {

3
packages/server/src/api/controllers/auth.js
View File

@ -14,6 +14,8 @@ exports.fetchSelf = async ctx => {
}
const user = await getFullUser(ctx, userId)
// this shouldn't be returned by the app self
delete user.roles
if (appId) {
const db = new CouchDB(appId)
@ -36,6 +38,7 @@ exports.fetchSelf = async ctx => {
// user has a role of some sort, return them
else if (err.status === 404) {
const metadata = {
...user,
_id: userId,
}
const dbResp = await db.put(metadata)

146
packages/server/src/api/controllers/user.js
View File

@ -4,27 +4,141 @@ const {
getUserMetadataParams,
} = require("../../db/utils")
const { InternalTables } = require("../../db/utils")
const { getGlobalUsers } = require("../../utilities/global")
const { getGlobalUsers, getRawGlobalUser } = require("../../utilities/global")
const { getFullUser } = require("../../utilities/users")
const { isEqual } = require("lodash")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const {
getDevelopmentAppID,
getAllApps,
isDevAppID,
} = require("@budibase/auth/db")
const { doesDatabaseExist } = require("../../utilities")
const { UserStatus } = require("@budibase/auth/constants")
function removeGlobalProps(user) {
// make sure to always remove some of the global user props
delete user.password
delete user.roles
delete user.builder
return user
}
exports.fetchMetadata = async function (ctx) {
const database = new CouchDB(ctx.appId)
const global = await getGlobalUsers(ctx.appId)
const metadata = (
await database.allDocs(
async function rawMetadata(db) {
return (
await db.allDocs(
getUserMetadataParams(null, {
include_docs: true,
})
)
).rows.map(row => row.doc)
}
function combineMetadataAndUser(user, metadata) {
// skip users with no access
if (user.roleId === BUILTIN_ROLE_IDS.PUBLIC) {
return null
}
delete user._rev
const metadataId = generateUserMetadataID(user._id)
const newDoc = {
...user,
_id: metadataId,
tableId: InternalTables.USER_METADATA,
}
const found = Array.isArray(metadata)
? metadata.find(doc => doc._id === metadataId)
: metadata
// copy rev over for the purposes of equality check
if (found) {
newDoc._rev = found._rev
}
if (found == null || !isEqual(newDoc, found)) {
return {
...found,
...newDoc,
}
}
return null
}
exports.syncGlobalUsers = async appId => {
// sync user metadata
const db = new CouchDB(appId)
const [users, metadata] = await Promise.all([
getGlobalUsers(appId),
rawMetadata(db),
])
const toWrite = []
for (let user of users) {
const combined = await combineMetadataAndUser(user, metadata)
if (combined) {
toWrite.push(combined)
}
}
await db.bulkDocs(toWrite)
}
exports.syncUser = async function (ctx) {
let deleting = false,
user
const userId = ctx.params.id
try {
user = await getRawGlobalUser(userId)
} catch (err) {
user = {}
deleting = true
}
const roles = user.roles
// remove props which aren't useful to metadata
delete user.password
delete user.forceResetPassword
delete user.roles
// run through all production appIDs in the users roles
let prodAppIds
// if they are a builder then get all production app IDs
if ((user.builder && user.builder.global) || deleting) {
prodAppIds = (await getAllApps(CouchDB, { idsOnly: true })).filter(
id => !isDevAppID(id)
)
} else {
prodAppIds = Object.entries(roles)
.filter(entry => entry[1] !== BUILTIN_ROLE_IDS.PUBLIC)
.map(([appId]) => appId)
}
for (let prodAppId of prodAppIds) {
const devAppId = getDevelopmentAppID(prodAppId)
for (let appId of [prodAppId, devAppId]) {
if (!(await doesDatabaseExist(appId))) {
continue
}
const db = new CouchDB(appId)
const metadataId = generateUserMetadataID(userId)
let metadata
try {
metadata = await db.get(metadataId)
} catch (err) {
if (deleting) {
continue
}
metadata = {
tableId: InternalTables.USER_METADATA,
}
}
let combined
if (deleting) {
combined = {
...metadata,
status: UserStatus.INACTIVE,
metadata: BUILTIN_ROLE_IDS.PUBLIC,
}
} else {
combined = combineMetadataAndUser(user, metadata)
}
await db.put(combined)
}
}
ctx.body = {
message: "User synced.",
}
}
exports.fetchMetadata = async function (ctx) {
const database = new CouchDB(ctx.appId)
const global = await getGlobalUsers(ctx.appId)
const metadata = await rawMetadata(database)
const users = []
for (let user of global) {
// find the metadata that matches up to the global ID
@ -52,7 +166,9 @@ exports.updateSelfMetadata = async function (ctx) {
exports.updateMetadata = async function (ctx) {
const appId = ctx.appId
const db = new CouchDB(appId)
const user = removeGlobalProps(ctx.request.body)
const user = ctx.request.body
// this isn't applicable to the user
delete user.roles
const metadata = {
tableId: InternalTables.USER_METADATA,
...user,

5
packages/server/src/api/routes/user.js
View File

@ -34,5 +34,10 @@ router
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
controller.destroyMetadata
)
.post(
"/api/users/sync/:id",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
controller.syncUser
)
module.exports = router

3
packages/server/src/middleware/authorized.js
View File

@ -15,7 +15,8 @@ module.exports =
(permType, permLevel = null) =>
async (ctx, next) => {
// webhooks don't need authentication, each webhook unique
if (isWebhookEndpoint(ctx)) {
// also internal requests (between services) don't need authorized
if (isWebhookEndpoint(ctx) || ctx.internal) {
return next()
}

9
packages/server/src/utilities/global.js
View File

@ -46,9 +46,13 @@ exports.getCachedSelf = async (ctx, appId) => {
return processUser(appId, user)
}
exports.getGlobalUser = async (appId, userId) => {
exports.getRawGlobalUser = async userId => {
const db = getGlobalDB()
let user = await db.get(getGlobalIDFromUserMetadataID(userId))
return db.get(getGlobalIDFromUserMetadataID(userId))
}
exports.getGlobalUser = async (appId, userId) => {
let user = await exports.getRawGlobalUser(userId)
return processUser(appId, user)
}
@ -73,6 +77,7 @@ exports.getGlobalUsers = async (appId = null, users = null) => {
.filter(user => user != null)
.map(user => {
delete user.password
delete user.forceResetPassword
return user
})
if (!appId) {

10
packages/server/src/utilities/index.js
View File

@ -134,3 +134,13 @@ exports.stringToReadStream = string => {
},
})
}
exports.doesDatabaseExist = async dbName => {
try {
const db = new CouchDB(dbName, { skip_setup: true })
const info = await db.info()
return info && !info.error
} catch (err) {
return false
}
}

1
packages/worker/scripts/dev/manage.js
View File

@ -25,6 +25,7 @@ async function init() {
ACCOUNT_PORTAL_URL: "http://localhost:10001",
ACCOUNT_PORTAL_API_KEY: "budibase",
PLATFORM_URL: "http://localhost:10000",
APPS_URL: "http://localhost:4001",
}
let envFile = ""
Object.keys(envFileJson).forEach(key => {

8
packages/worker/src/api/controllers/global/users.js
View File

@ -19,6 +19,7 @@ const {
} = require("@budibase/auth/tenancy")
const { removeUserFromInfoDB } = require("@budibase/auth/deprovision")
const env = require("../../../environment")
const { syncUserInApps } = require("../../../utilities/appService")
async function allUsers() {
const db = getGlobalDB()
@ -32,7 +33,10 @@ async function allUsers() {
exports.save = async ctx => {
try {
ctx.body = await saveUser(ctx.request.body, getTenantId())
const user = await saveUser(ctx.request.body, getTenantId())
// let server know to sync user
await syncUserInApps(user._id)
ctx.body = user
} catch (err) {
ctx.throw(err.status || 400, err)
}
@ -129,6 +133,8 @@ exports.destroy = async ctx => {
await db.remove(dbUser._id, dbUser._rev)
await userCache.invalidateUser(dbUser._id)
await invalidateSessions(dbUser._id)
// let server know to sync user
await syncUserInApps(dbUser._id)
ctx.body = {
message: `User ${ctx.params.id} deleted.`,
}

8
packages/worker/src/environment.js
View File

@ -42,6 +42,7 @@ module.exports = {
SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
PLATFORM_URL: process.env.PLATFORM_URL,
COOKIE_DOMAIN: process.env.COOKIE_DOMAIN,
APPS_URL: process.env.APPS_URL,
_set(key, value) {
process.env[key] = value
module.exports[key] = value
@ -53,6 +54,13 @@ module.exports = {
},
}
// if some var haven't been set, define them
if (!module.exports.APPS_URL) {
module.exports.APPS_URL = isDev()
? "http://localhost:4001"
: "http://app-service:4002"
}
// clean up any environment variable edge cases
for (let [key, value] of Object.entries(module.exports)) {
// handle the edge case of "0" to disable an environment variable

26
packages/worker/src/utilities/appService.js Normal file
View File

@ -0,0 +1,26 @@
const fetch = require("node-fetch")
const { Headers } = require("@budibase/auth/constants")
const { getTenantId, isTenantIdSet } = require("@budibase/auth/tenancy")
const { checkSlashesInUrl } = require("../utilities")
const env = require("../environment")
exports.syncUserInApps = async userId => {
if (env.isTest()) {
return
}
const request = { headers: {} }
request.headers[Headers.API_KEY] = env.INTERNAL_API_KEY
if (isTenantIdSet()) {
request.headers[Headers.TENANT_ID] = getTenantId()
}
request.headers["Content-Type"] = "application/json"
request.body = JSON.stringify({})
request.method = "POST"
const response = await fetch(
checkSlashesInUrl(env.APPS_URL + `/api/users/sync/${userId}`),
request
)
if (response.status !== 200) {
throw "Unable to sync user."
}
}