Rory Powell
e116941750
Rotatable secrets ( #9982 )
...
* Rotatable secrets
* Set new api encryption key var
* Lint
* Use fallback keys instead of array
* Point api encryption key to dedicated value
* Add API_ENCRYPTION_KEY to cli
* Lint + add api encryption key to env files
2023-03-13 15:02:59 +00:00
mike12345567
c645a9bc21
Some type updates and an improvement to encryption to allow selecting the secret from an option list.
2023-01-16 18:15:43 +00:00
mike12345567
69b9af51ff
Merge branch 'develop' of github.com:Budibase/budibase into feature/environment-variables
2023-01-11 18:08:49 +00:00
mike12345567
03df57d077
Adding in basic implementation of variable usage, getting from pro and enriching through new datasource SDK.
2023-01-11 17:57:51 +00:00
Rory Powell
fba7ef26ad
Replace ts-jest with swc/jest ( #9289 )
...
- Add swc dependencies
- Add transform change to jest.config.ts
- Replace `export =` with `export default` in src code to enable code coverage to work with swc transformer
- Restructure backend-core errors package to allow for exporting error classes with ESM syntax
- Update backend-core to no longer use `export =`, export individual packages instead of replacing with `export default` for backwards compatibility
- Update event publishers to use `export default` - this was required for the `jest.spyOn` usage inside backend-core common mocks
- Restructure some jest.mock usages where declaring the jest.fn as a variable outside of the package mock threw an error
2023-01-11 09:37:37 +00:00
mike12345567
d3c4c99e16
Complete conversion of backend-core to Typescript.
2022-11-24 18:48:51 +00:00
mike12345567
4959a491d7
Merge branch 'develop' of github.com:Budibase/budibase into refactor/backend-core-import
2022-11-23 10:30:57 +00:00
Rory Powell
6f3f858d81
Account portal <-> backend-core fixes
2022-11-22 22:24:45 +00:00
mike12345567
92210144ff
More controller typescript conversions.
2022-11-22 16:52:25 +00:00
mike12345567
8a4da7d4ce
Typescript conversion of the table controllers.
2022-11-22 13:56:01 +00:00
mike12345567
31c198888a
Updating some enums, plural to single.
2022-11-17 14:59:18 +00:00
mike12345567
0557219140
Fixing permission types.
2022-11-17 14:47:52 +00:00
mike12345567
c63c3b48c5
Typescript conversions, as well as updating context to just use an object map.
2022-11-10 17:38:26 +00:00
Michael Drury
41a65bbe47
Exporting roles differently to fix issue raised by test.
2022-11-08 20:01:01 +00:00
Michael Drury
2240b060d4
Quick fix to not expose the builder ID outside of the role impl.
2022-11-08 19:48:16 +00:00
mike12345567
eb251fb48e
Exporting some functions that were previously exported.
2022-11-08 18:35:21 +00:00
mike12345567
693d6b6242
Typescript re-write of the roles layer, this is the backbone of a lot of our security features, and I believe the issue was generally to do with a lack of handling of null-ish inputs.
2022-11-08 18:25:37 +00:00
mike12345567
e3f054470a
Updating a few core endpoints to better integrate the groups system and make sure users always have the correct role ID updated onto them.
2022-09-22 18:27:43 +01:00
Rory Powell
818e7fd5f4
Day pass middleware
2022-09-06 12:25:57 +01:00
Rory Powell
59a53736ac
update bulk create and bulk delete backend
2022-08-25 19:41:47 +01:00
mike12345567
b803a3fd93
Replacing all plural TS enumerations with singular - this involves a major rename of the DocumentTypes.
2022-08-11 13:50:05 +01:00
Rory Powell
fe17ffffb6
Bulk session wipe fix + logging
2022-08-08 09:34:45 +01:00
mike12345567
2dea5c5614
Some various session fixes based on current data.
2022-08-05 21:35:26 +01:00
mike12345567
52d16d1099
Updating sessions to TS, adding env var to set the session update length, adding reasons for invalidation, making sure errors are never considered authenticated.
2022-08-05 17:13:03 +01:00
mike12345567
f3418c4107
Some more logging, moving middlewares to backend-core.
2022-08-04 19:03:50 +01:00
mike12345567
382a2a3050
Adding logging for session invalidation.
2022-08-04 16:06:59 +01:00
Andrew Kingston
7c4bf7aedd
Fix crashing when determining roles when no apps exist
2022-08-02 16:01:38 +01:00
Peter Clement
f3fa67e802
split out id parsing into pro repo
2022-07-15 11:29:20 +01:00
mike12345567
b4bed6c0ce
Updating redis to use typescript and adding the option of a writethrough cache which can be used, by passing a DB and a value to be written + a delay for writes.
2022-06-23 20:22:51 +01:00
Martin McKeaveney
4bbfae3880
add better logging on session invalidation
2022-05-25 13:02:15 +01:00
Martin McKeaveney
06fbcc4573
catch block in invalidate sessions
2022-05-24 22:57:32 +01:00
Rory Powell
a57c35ee76
Add execute automation to basic user / write permission set
2022-05-12 17:35:31 +01:00
Martin McKeaveney
9ca4dacbaa
merge with master
2022-04-26 10:21:45 +01:00
mike12345567
192fb1307e
Initial version of memory leak protection, making sure that PouchDB databases are closed correctly after use, using a combination of closures wrapping DB gets (this replaces the getDB, leaving only a dangerousGetDB function which can be used in very very specific scenarios) and then closing the DB as part of CLS hooked functions finishing. Also moving the GlobalDB init to the tenancy middleware as this is used everywhere in the worker/app services - means that not all getGlobalDB calls require an async closure around them.
2022-04-19 19:42:52 +01:00
Dean
352c021955
Refactored the invalidate session functionality.
2022-04-07 12:32:00 +01:00
Martin McKeaveney
bff43d37d5
Merge pull request #5151 from mslourens/prevent_multiple_sessions
...
invalidate sessions before login
2022-04-06 22:18:17 +01:00
Maurits Lourens
5f91841a26
move invalidation to the creation of a session
2022-03-29 11:59:16 +02:00
mike12345567
88437e11d0
Fix for #5103 - some templates are built on an older version that stored permissions differently, we can't migrate these as they will keep being added, easiest to just support the old method (apply the old rule and convert to the new format when retrieving roles).
2022-03-28 16:34:50 +01:00
mike12345567
8685abf99e
Refactoring how endpoints are specified so that the middlewares can be applied in a more generic fashion.
2022-02-22 18:40:09 +00:00
Michael Drury
02479e4112
Using 10K iteration string stretching for encryption.
2022-02-14 21:37:40 +00:00
mike12345567
df4af0fb9a
Adding basic encrypt/decrypt pathway.
2022-02-14 18:32:09 +00:00
mike12345567
249b2dbba8
Adding tenancy to the API key, making the authenticated middleware aware of new user API keys, using a view to lookup the user by API key.
2022-02-11 22:24:48 +00:00
mike12345567
d87b8c0563
Fix for #4267 - allow admins to access all roles.
2022-02-04 17:34:39 +00:00
mike12345567
72534c6ed2
Refactoring backend-core tenancy to context, splitting out tenancy functionality to its own area.
2022-01-31 17:53:19 +00:00
mike12345567
e718b18127
Merge branch 'develop' of github.com:Budibase/budibase into lab-day/refactor-app-db
2022-01-31 14:09:07 +00:00
mike12345567
91a90e62b2
Fixing some issues discovered by the cypress tests, cleaning up how Couch is used.
2022-01-28 18:52:34 +00:00
mike12345567
d2fe119d90
Main body of work, refactoring most usages.
2022-01-27 18:18:31 +00:00
Rory Powell
ffcf5354eb
Add CSRF Token
2022-01-25 22:54:50 +00:00
mike12345567
12ae9993ca
Changing directory.
2022-01-10 19:30:35 +00:00