budibase/packages/server/src/api/index.js

const Router = require("@koa/router")
const { buildAuthMiddleware, auditLog, buildTenancyMiddleware } =
  require("@budibase/auth").auth
const currentApp = require("../middleware/currentapp")
const compress = require("koa-compress")
const zlib = require("zlib")
const { mainRoutes, staticRoutes } = require("./routes")
const pkg = require("../../package.json")
const env = require("../environment")

const router = new Router()

const NO_TENANCY_ENDPOINTS = [
  {
    route: "/api/analytics",
    method: "GET",
  },
  {
    route: "/builder",
    method: "GET",
  },
  // when using this locally there can be pass through, need
  // to allow all pass through endpoints to go without tenancy
  {
    route: "/api/global",
    method: "ALL",
  },
  {
    route: "/api/system",
    method: "ALL",
  },
]

router
  .use(
    compress({
      threshold: 2048,
      gzip: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      deflate: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      br: false,
    })
  )
  .use(async (ctx, next) => {
    ctx.config = {
      jwtSecret: env.JWT_SECRET,
      useAppRootPath: true,
    }
    await next()
  })
  .use("/health", ctx => (ctx.status = 200))
  .use("/version", ctx => (ctx.body = pkg.version))
  .use(
    buildAuthMiddleware(null, {
      publicAllowed: true,
    })
  )
  // nothing in the server should allow query string tenants
  .use(buildTenancyMiddleware(null, NO_TENANCY_ENDPOINTS))
  .use(currentApp)
  .use(auditLog)

// error handling middleware
router.use(async (ctx, next) => {
  try {
    await next()
  } catch (err) {
    ctx.status = err.status || err.statusCode || 500
    ctx.body = {
      message: err.message,
      status: ctx.status,
      validationErrors: err.validation,
    }
    if (env.NODE_ENV !== "jest") {
      ctx.log.error(err)
      console.trace(err)
    }
  }
})

router.get("/health", ctx => (ctx.status = 200))

// authenticated routes
for (let route of mainRoutes) {
  router.use(route.routes())
  router.use(route.allowedMethods())
}

// WARNING - static routes will catch everything else after them this must be last
router.use(staticRoutes.routes())
router.use(staticRoutes.allowedMethods())

// add a redirect for when hitting server directly
router.redirect("/", "/builder")

module.exports = router
running prettier over codebase, removing merge files 2020-02-03 22:24:25 +13:00			`const Router = require("@koa/router")`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`const { buildAuthMiddleware, auditLog, buildTenancyMiddleware } =`
			`require("@budibase/auth").auth`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`const currentApp = require("../middleware/currentapp")`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const compress = require("koa-compress")`
			`const zlib = require("zlib")`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00			`const { mainRoutes, staticRoutes } = require("./routes")`
import and export apps 2021-01-28 02:55:46 +13:00			`const pkg = require("../../package.json")`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`const env = require("../environment")`
scripting block 2021-03-27 03:56:34 +13:00
further simplification of server code 2020-05-08 01:04:32 +12:00			`const router = new Router()`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`const NO_TENANCY_ENDPOINTS = [`
			`{`
			`route: "/api/analytics",`
			`method: "GET",`
			`},`
Fixing an issue in prod where the /builder endpoint wasn't being allowed past without tenancy. 2021-09-07 00:36:41 +12:00			`{`
			`route: "/builder",`
			`method: "GET",`
			`},`
			`// when using this locally there can be pass through, need`
			`// to allow all pass through endpoints to go without tenancy`
			`{`
			`route: "/api/global",`
			`method: "ALL",`
			`},`
			`{`
			`route: "/api/system",`
			`method: "ALL",`
			`},`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`]`

further simplification of server code 2020-05-08 01:04:32 +12:00			`router`
			`.use(`
			`compress({`
			`threshold: 2048,`
			`gzip: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`},`
			`deflate: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`},`
brotli lint 2020-05-19 01:58:39 +12:00			`br: false,`
Auth working 2020-05-07 07:29:47 +12:00			`})`
further simplification of server code 2020-05-08 01:04:32 +12:00			`)`
			`.use(async (ctx, next) => {`
			`ctx.config = {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`jwtSecret: env.JWT_SECRET,`
bugfix: links not respecting appRootPath 2020-06-03 23:29:42 +12:00			`useAppRootPath: true,`
adding test structure 2020-04-09 03:57:27 +12:00			`}`
further simplification of server code 2020-05-08 01:04:32 +12:00			`await next()`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`})`
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`.use("/health", ctx => (ctx.status = 200))`
			`.use("/version", ctx => (ctx.body = pkg.version))`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`.use(`
			`buildAuthMiddleware(null, {`
			`publicAllowed: true,`
			`})`
			`)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`// nothing in the server should allow query string tenants`
			`.use(buildTenancyMiddleware(null, NO_TENANCY_ENDPOINTS))`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`.use(currentApp)`
adding watchtower to docker config 2021-05-28 21:09:32 +12:00			`.use(auditLog)`
further simplification of server code 2020-05-08 01:04:32 +12:00
			`// error handling middleware`
			`router.use(async (ctx, next) => {`
			`try {`
			`await next()`
			`} catch (err) {`
			`ctx.status = err.status \|\| err.statusCode \|\| 500`
			`ctx.body = {`
			`message: err.message,`
			`status: ctx.status,`
fix lint issues 2021-08-17 08:07:15 +12:00			`validationErrors: err.validation,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`}`
Updating row tests, reducing console logging during tests for speed and clarity, testing some misc endpoints and updating search functionality to use a starts with operator when working with strings on rows. 2021-03-11 06:55:42 +13:00			`if (env.NODE_ENV !== "jest") {`
			`ctx.log.error(err)`
			`console.trace(err)`
			`}`
further simplification of server code 2020-05-08 01:04:32 +12:00			`}`
			`})`
adding test structure 2020-04-09 03:57:27 +12:00
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`router.get("/health", ctx => (ctx.status = 200))`
remove cf invalidation, adding validation around successful deploys only 2020-11-11 06:08:02 +13:00
further simplification of server code 2020-05-08 01:04:32 +12:00			`// authenticated routes`
Updating to have proper access control via an accessController and nearly ready to spit out the routing structure. 2020-11-17 07:04:44 +13:00			`for (let route of mainRoutes) {`
			`router.use(route.routes())`
			`router.use(route.allowedMethods())`
			`}`
serve determines whether analytics are enabled 2020-09-30 04:23:34 +13:00
Updating to have proper access control via an accessController and nearly ready to spit out the routing structure. 2020-11-17 07:04:44 +13:00			`// WARNING - static routes will catch everything else after them this must be last`
further simplification of server code 2020-05-08 01:04:32 +12:00			`router.use(staticRoutes.routes())`
			`router.use(staticRoutes.allowedMethods())`
restructuring server routers 2020-04-07 01:05:57 +12:00
Other minor fixes after doing some initial setup testing. 2021-05-11 00:18:05 +12:00			`// add a redirect for when hitting server directly`
			`router.redirect("/", "/builder")`

further simplification of server code 2020-05-08 01:04:32 +12:00			`module.exports = router`