From 3379ab8e0345cc5dd61838804241976f6a01edba Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 6 Sep 2021 15:48:46 +0100 Subject: [PATCH 1/4] Fixing an issue with redirect having the middleware applied before the redirection --- packages/server/src/api/index.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/server/src/api/index.js b/packages/server/src/api/index.js index fc86058d08..6b81fb229b 100644 --- a/packages/server/src/api/index.js +++ b/packages/server/src/api/index.js @@ -53,6 +53,8 @@ router }) .use("/health", ctx => (ctx.status = 200)) .use("/version", ctx => (ctx.body = pkg.version)) + // re-direct before any middlewares occur + .redirect("/", "/builder") .use( buildAuthMiddleware(null, { publicAllowed: true, @@ -93,7 +95,4 @@ for (let route of mainRoutes) { router.use(staticRoutes.routes()) router.use(staticRoutes.allowedMethods()) -// add a redirect for when hitting server directly -router.redirect("/", "/builder") - module.exports = router From 9e4ab9054ea67cd284b3c85bd0417618678874af Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 6 Sep 2021 16:01:45 +0100 Subject: [PATCH 2/4] Allowing all server endpoints to run without tenant information, as most endpoints in server can be public. --- packages/auth/src/middleware/tenancy.js | 8 +++++-- packages/server/src/api/index.js | 29 ++++++------------------- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/packages/auth/src/middleware/tenancy.js b/packages/auth/src/middleware/tenancy.js index b80b9a6763..68d5051895 100644 --- a/packages/auth/src/middleware/tenancy.js +++ b/packages/auth/src/middleware/tenancy.js @@ -2,12 +2,16 @@ const { setTenantId } = require("../tenancy") const ContextFactory = require("../tenancy/FunctionContext") const { buildMatcherRegex, matches } = require("./matchers") -module.exports = (allowQueryStringPatterns, noTenancyPatterns) => { +module.exports = ( + allowQueryStringPatterns, + noTenancyPatterns, + { noTenancyRequired } +) => { const allowQsOptions = buildMatcherRegex(allowQueryStringPatterns) const noTenancyOptions = buildMatcherRegex(noTenancyPatterns) return ContextFactory.getMiddleware(ctx => { - const allowNoTenant = !!matches(ctx, noTenancyOptions) + const allowNoTenant = noTenancyRequired || !!matches(ctx, noTenancyOptions) const allowQs = !!matches(ctx, allowQsOptions) setTenantId(ctx, { allowQs, allowNoTenant }) }) diff --git a/packages/server/src/api/index.js b/packages/server/src/api/index.js index 6b81fb229b..24567b54a6 100644 --- a/packages/server/src/api/index.js +++ b/packages/server/src/api/index.js @@ -10,27 +10,6 @@ const env = require("../environment") const router = new Router() -const NO_TENANCY_ENDPOINTS = [ - { - route: "/api/analytics", - method: "GET", - }, - { - route: "/builder", - method: "GET", - }, - // when using this locally there can be pass through, need - // to allow all pass through endpoints to go without tenancy - { - route: "/api/global", - method: "ALL", - }, - { - route: "/api/system", - method: "ALL", - }, -] - router .use( compress({ @@ -61,7 +40,13 @@ router }) ) // nothing in the server should allow query string tenants - .use(buildTenancyMiddleware(null, NO_TENANCY_ENDPOINTS)) + // the server can be public anywhere, so nowhere should throw errors + // if the tenancy has not been set, it'll have to be discovered at application layer + .use( + buildTenancyMiddleware(null, null, { + noTenancyRequired: true, + }) + ) .use(currentApp) .use(auditLog) From 53aebdf5858b079a74db2cbfad581280b5d89eda Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 6 Sep 2021 16:18:50 +0100 Subject: [PATCH 3/4] fix test failure --- packages/auth/src/middleware/tenancy.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/auth/src/middleware/tenancy.js b/packages/auth/src/middleware/tenancy.js index 68d5051895..c8b24d12e0 100644 --- a/packages/auth/src/middleware/tenancy.js +++ b/packages/auth/src/middleware/tenancy.js @@ -5,13 +5,13 @@ const { buildMatcherRegex, matches } = require("./matchers") module.exports = ( allowQueryStringPatterns, noTenancyPatterns, - { noTenancyRequired } + opts = {} ) => { const allowQsOptions = buildMatcherRegex(allowQueryStringPatterns) const noTenancyOptions = buildMatcherRegex(noTenancyPatterns) return ContextFactory.getMiddleware(ctx => { - const allowNoTenant = noTenancyRequired || !!matches(ctx, noTenancyOptions) + const allowNoTenant = opts.noTenancyRequired || !!matches(ctx, noTenancyOptions) const allowQs = !!matches(ctx, allowQsOptions) setTenantId(ctx, { allowQs, allowNoTenant }) }) From 9e73dcdd441cbe177f62e2b32c3a1af3fbfe4654 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 6 Sep 2021 16:24:51 +0100 Subject: [PATCH 4/4] lint --- packages/auth/src/middleware/tenancy.js | 9 ++-- .../api/controllers/row/ExternalRequest.ts | 44 ++++++++++++++----- packages/server/src/definitions/datasource.ts | 2 +- 3 files changed, 38 insertions(+), 17 deletions(-) diff --git a/packages/auth/src/middleware/tenancy.js b/packages/auth/src/middleware/tenancy.js index c8b24d12e0..19cce82273 100644 --- a/packages/auth/src/middleware/tenancy.js +++ b/packages/auth/src/middleware/tenancy.js @@ -2,16 +2,13 @@ const { setTenantId } = require("../tenancy") const ContextFactory = require("../tenancy/FunctionContext") const { buildMatcherRegex, matches } = require("./matchers") -module.exports = ( - allowQueryStringPatterns, - noTenancyPatterns, - opts = {} -) => { +module.exports = (allowQueryStringPatterns, noTenancyPatterns, opts = {}) => { const allowQsOptions = buildMatcherRegex(allowQueryStringPatterns) const noTenancyOptions = buildMatcherRegex(noTenancyPatterns) return ContextFactory.getMiddleware(ctx => { - const allowNoTenant = opts.noTenancyRequired || !!matches(ctx, noTenancyOptions) + const allowNoTenant = + opts.noTenancyRequired || !!matches(ctx, noTenancyOptions) const allowQs = !!matches(ctx, allowQsOptions) setTenantId(ctx, { allowQs, allowNoTenant }) }) diff --git a/packages/server/src/api/controllers/row/ExternalRequest.ts b/packages/server/src/api/controllers/row/ExternalRequest.ts index 648c94bff5..b87e27c067 100644 --- a/packages/server/src/api/controllers/row/ExternalRequest.ts +++ b/packages/server/src/api/controllers/row/ExternalRequest.ts @@ -6,8 +6,16 @@ import { SearchFilters, SortJson, } from "../../../definitions/datasource" -import {Datasource, FieldSchema, Row, Table} from "../../../definitions/common" -import {breakRowIdField, generateRowIdField} from "../../../integrations/utils" +import { + Datasource, + FieldSchema, + Row, + Table, +} from "../../../definitions/common" +import { + breakRowIdField, + generateRowIdField, +} from "../../../integrations/utils" import { RelationshipTypes } from "../../../constants" interface ManyRelationship { @@ -348,7 +356,7 @@ module External { * information. */ async lookupRelations(tableId: string, row: Row) { - const related: {[key: string]: any} = {} + const related: { [key: string]: any } = {} const { tableName } = breakExternalTableId(tableId) const table = this.tables[tableName] // @ts-ignore @@ -387,7 +395,11 @@ module External { * isn't supposed to exist anymore and delete those. This is better than the usual method of delete them * all and then re-create, as theres no chance of losing data (e.g. delete succeed, but write fail). */ - async handleManyRelationships(mainTableId: string, row: Row, relationships: ManyRelationship[]) { + async handleManyRelationships( + mainTableId: string, + row: Row, + relationships: ManyRelationship[] + ) { const { appId } = this // if we're creating (in a through table) need to wipe the existing ones first const promises = [] @@ -399,8 +411,10 @@ module External { // @ts-ignore const linkPrimary = linkTable.primary[0] const rows = related[key].rows || [] - const found = rows.find((row: { [key: string]: any }) => - row[linkPrimary] === relationship.id || row[linkPrimary] === body[linkPrimary] + const found = rows.find( + (row: { [key: string]: any }) => + row[linkPrimary] === relationship.id || + row[linkPrimary] === body[linkPrimary] ) const operation = isUpdate ? DataSourceOperation.UPDATE @@ -420,13 +434,17 @@ module External { } } // finally cleanup anything that needs to be removed - for (let [colName, {isMany, rows, tableId}] of Object.entries(related)) { + for (let [colName, { isMany, rows, tableId }] of Object.entries( + related + )) { const table = this.getTable(tableId) for (let row of rows) { const filters = buildFilters(generateIdForRow(row, table), {}, table) // safety check, if there are no filters on deletion bad things happen if (Object.keys(filters).length !== 0) { - const op = isMany ? DataSourceOperation.DELETE : DataSourceOperation.UPDATE + const op = isMany + ? DataSourceOperation.DELETE + : DataSourceOperation.UPDATE const body = isMany ? null : { [colName]: null } promises.push( makeExternalQuery(this.appId, { @@ -448,7 +466,10 @@ module External { * Creating the specific list of fields that we desire, and excluding the ones that are no use to us * is more performant and has the added benefit of protecting against this scenario. */ - buildFields(table: Table, includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE) { + buildFields( + table: Table, + includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE + ) { function extractNonLinkFieldNames(table: Table, existing: string[] = []) { return Object.entries(table.schema) .filter( @@ -523,7 +544,10 @@ module External { // can't really use response right now const response = await makeExternalQuery(appId, json) // handle many to many relationships now if we know the ID (could be auto increment) - if (operation !== DataSourceOperation.READ && processed.manyRelationships) { + if ( + operation !== DataSourceOperation.READ && + processed.manyRelationships + ) { await this.handleManyRelationships( table._id || "", response[0], diff --git a/packages/server/src/definitions/datasource.ts b/packages/server/src/definitions/datasource.ts index a43573ecf7..48fd24e1cf 100644 --- a/packages/server/src/definitions/datasource.ts +++ b/packages/server/src/definitions/datasource.ts @@ -42,7 +42,7 @@ export enum SourceNames { export enum IncludeRelationships { INCLUDE = 1, - EXCLUDE = 0 + EXCLUDE = 0, } export interface QueryDefinition {