Merge pull request #2560 from Budibase/fix/multi-tenancy-prod

Fixing issues with multi-tenancy breaking various server endpoints in prod
This commit is contained in:
Martin McKeaveney 2021-09-06 16:36:43 +01:00 committed by GitHub
commit cfa1ab8971
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 38 deletions

View File

@ -2,12 +2,13 @@ const { setTenantId } = require("../tenancy")
const ContextFactory = require("../tenancy/FunctionContext")
const { buildMatcherRegex, matches } = require("./matchers")
module.exports = (allowQueryStringPatterns, noTenancyPatterns) => {
module.exports = (allowQueryStringPatterns, noTenancyPatterns, opts = {}) => {
const allowQsOptions = buildMatcherRegex(allowQueryStringPatterns)
const noTenancyOptions = buildMatcherRegex(noTenancyPatterns)
return ContextFactory.getMiddleware(ctx => {
const allowNoTenant = !!matches(ctx, noTenancyOptions)
const allowNoTenant =
opts.noTenancyRequired || !!matches(ctx, noTenancyOptions)
const allowQs = !!matches(ctx, allowQsOptions)
setTenantId(ctx, { allowQs, allowNoTenant })
})

View File

@ -6,8 +6,16 @@ import {
SearchFilters,
SortJson,
} from "../../../definitions/datasource"
import {Datasource, FieldSchema, Row, Table} from "../../../definitions/common"
import {breakRowIdField, generateRowIdField} from "../../../integrations/utils"
import {
Datasource,
FieldSchema,
Row,
Table,
} from "../../../definitions/common"
import {
breakRowIdField,
generateRowIdField,
} from "../../../integrations/utils"
import { RelationshipTypes } from "../../../constants"
interface ManyRelationship {
@ -387,7 +395,11 @@ module External {
* isn't supposed to exist anymore and delete those. This is better than the usual method of delete them
* all and then re-create, as theres no chance of losing data (e.g. delete succeed, but write fail).
*/
async handleManyRelationships(mainTableId: string, row: Row, relationships: ManyRelationship[]) {
async handleManyRelationships(
mainTableId: string,
row: Row,
relationships: ManyRelationship[]
) {
const { appId } = this
// if we're creating (in a through table) need to wipe the existing ones first
const promises = []
@ -399,8 +411,10 @@ module External {
// @ts-ignore
const linkPrimary = linkTable.primary[0]
const rows = related[key].rows || []
const found = rows.find((row: { [key: string]: any }) =>
row[linkPrimary] === relationship.id || row[linkPrimary] === body[linkPrimary]
const found = rows.find(
(row: { [key: string]: any }) =>
row[linkPrimary] === relationship.id ||
row[linkPrimary] === body[linkPrimary]
)
const operation = isUpdate
? DataSourceOperation.UPDATE
@ -420,13 +434,17 @@ module External {
}
}
// finally cleanup anything that needs to be removed
for (let [colName, {isMany, rows, tableId}] of Object.entries(related)) {
for (let [colName, { isMany, rows, tableId }] of Object.entries(
related
)) {
const table = this.getTable(tableId)
for (let row of rows) {
const filters = buildFilters(generateIdForRow(row, table), {}, table)
// safety check, if there are no filters on deletion bad things happen
if (Object.keys(filters).length !== 0) {
const op = isMany ? DataSourceOperation.DELETE : DataSourceOperation.UPDATE
const op = isMany
? DataSourceOperation.DELETE
: DataSourceOperation.UPDATE
const body = isMany ? null : { [colName]: null }
promises.push(
makeExternalQuery(this.appId, {
@ -448,7 +466,10 @@ module External {
* Creating the specific list of fields that we desire, and excluding the ones that are no use to us
* is more performant and has the added benefit of protecting against this scenario.
*/
buildFields(table: Table, includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE) {
buildFields(
table: Table,
includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE
) {
function extractNonLinkFieldNames(table: Table, existing: string[] = []) {
return Object.entries(table.schema)
.filter(
@ -523,7 +544,10 @@ module External {
// can't really use response right now
const response = await makeExternalQuery(appId, json)
// handle many to many relationships now if we know the ID (could be auto increment)
if (operation !== DataSourceOperation.READ && processed.manyRelationships) {
if (
operation !== DataSourceOperation.READ &&
processed.manyRelationships
) {
await this.handleManyRelationships(
table._id || "",
response[0],

View File

@ -10,27 +10,6 @@ const env = require("../environment")
const router = new Router()
const NO_TENANCY_ENDPOINTS = [
{
route: "/api/analytics",
method: "GET",
},
{
route: "/builder",
method: "GET",
},
// when using this locally there can be pass through, need
// to allow all pass through endpoints to go without tenancy
{
route: "/api/global",
method: "ALL",
},
{
route: "/api/system",
method: "ALL",
},
]
router
.use(
compress({
@ -53,13 +32,21 @@ router
})
.use("/health", ctx => (ctx.status = 200))
.use("/version", ctx => (ctx.body = pkg.version))
// re-direct before any middlewares occur
.redirect("/", "/builder")
.use(
buildAuthMiddleware(null, {
publicAllowed: true,
})
)
// nothing in the server should allow query string tenants
.use(buildTenancyMiddleware(null, NO_TENANCY_ENDPOINTS))
// the server can be public anywhere, so nowhere should throw errors
// if the tenancy has not been set, it'll have to be discovered at application layer
.use(
buildTenancyMiddleware(null, null, {
noTenancyRequired: true,
})
)
.use(currentApp)
.use(auditLog)
@ -93,7 +80,4 @@ for (let route of mainRoutes) {
router.use(staticRoutes.routes())
router.use(staticRoutes.allowedMethods())
// add a redirect for when hitting server directly
router.redirect("/", "/builder")
module.exports = router

View File

@ -42,7 +42,7 @@ export enum SourceNames {
export enum IncludeRelationships {
INCLUDE = 1,
EXCLUDE = 0
EXCLUDE = 0,
}
export interface QueryDefinition {