budibase/packages/server/src/api/index.js

const Router = require("@koa/router")
const {
  buildAuthMiddleware,
  auditLog,
  buildTenancyMiddleware,
} = require("@budibase/backend-core/auth")
const { errors } = require("@budibase/backend-core")
const currentApp = require("../middleware/currentapp")
const compress = require("koa-compress")
const zlib = require("zlib")
const { mainRoutes, staticRoutes, publicRoutes } = require("./routes")
const pkg = require("../../package.json")
const env = require("../environment")
const { middleware: pro } = require("@budibase/pro")
const { shutdown } = require("./routes/public")

const router = new Router()

router.get("/health", ctx => (ctx.status = 200))
router.get("/version", ctx => (ctx.body = pkg.version))

router
  .use(
    compress({
      threshold: 2048,
      gzip: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      deflate: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      br: false,
    })
  )
  .use(async (ctx, next) => {
    ctx.config = {
      jwtSecret: env.JWT_SECRET,
      useAppRootPath: true,
    }
    await next()
  })
  // re-direct before any middlewares occur
  .redirect("/", "/builder")
  .use(
    buildAuthMiddleware(null, {
      publicAllowed: true,
    })
  )
  // nothing in the server should allow query string tenants
  // the server can be public anywhere, so nowhere should throw errors
  // if the tenancy has not been set, it'll have to be discovered at application layer
  .use(
    buildTenancyMiddleware(null, null, {
      noTenancyRequired: true,
    })
  )
  .use(pro.licensing())
  .use(currentApp)
  .use(auditLog)

// error handling middleware
router.use(async (ctx, next) => {
  try {
    await next()
  } catch (err) {
    ctx.status = err.status || err.statusCode || 500
    const error = errors.getPublicError(err)
    ctx.body = {
      message: err.message,
      status: ctx.status,
      validationErrors: err.validation,
      error,
    }
    ctx.log.error(err)
    // unauthorised errors don't provide a useful trace
    if (!env.isTest()) {
      console.trace(err)
    }
  }
})

// authenticated routes
for (let route of mainRoutes) {
  router.use(route.routes())
  router.use(route.allowedMethods())
}

router.use(publicRoutes.routes())
router.use(publicRoutes.allowedMethods())

// WARNING - static routes will catch everything else after them this must be last
router.use(staticRoutes.routes())
router.use(staticRoutes.allowedMethods())

module.exports.router = router
module.exports.shutdown = shutdown
running prettier over codebase, removing merge files 2020-02-03 22:24:25 +13:00			`const Router = require("@koa/router")`
Fixing issue with multi-tenancy and public apps, when the tenant isn't necessarily known, it can be found in the app ID, building a middleware to manage this. 2021-09-10 00:27:18 +12:00			`const {`
			`buildAuthMiddleware,`
			`auditLog,`
			`buildTenancyMiddleware,`
Refactoring core library usage in monorepo, make it a bit cleaner/easier to search/more standardised. 2022-01-13 00:32:14 +13:00			`} = require("@budibase/backend-core/auth")`
Better error handling around license errors 2022-03-17 06:29:47 +13:00			`const { errors } = require("@budibase/backend-core")`
Some work towards implementing the current app cookie, removing some old dead code and re-working some of the different middlewares involved. 2021-04-13 05:31:58 +12:00			`const currentApp = require("../middleware/currentapp")`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const compress = require("koa-compress")`
			`const zlib = require("zlib")`
Adding variables to generator. 2022-02-17 07:23:38 +13:00			`const { mainRoutes, staticRoutes, publicRoutes } = require("./routes")`
import and export apps 2021-01-28 02:55:46 +13:00			`const pkg = require("../../package.json")`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`const env = require("../environment")`
Move day pass middleware from authenticated to licensing, sent activity to account portal 2022-09-07 03:24:36 +12:00			`const { middleware: pro } = require("@budibase/pro")`
Fixing issue with server not shutting down correctly when an error occurs, making sure that everything clears up gracefully. 2022-05-31 08:22:06 +12:00			`const { shutdown } = require("./routes/public")`
scripting block 2021-03-27 03:56:34 +13:00
further simplification of server code 2020-05-08 01:04:32 +12:00			`const router = new Router()`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00
Fix test 2022-03-25 03:24:56 +13:00			`router.get("/health", ctx => (ctx.status = 200))`
			`router.get("/version", ctx => (ctx.body = pkg.version))`

further simplification of server code 2020-05-08 01:04:32 +12:00			`router`
			`.use(`
			`compress({`
			`threshold: 2048,`
			`gzip: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`},`
			`deflate: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`},`
brotli lint 2020-05-19 01:58:39 +12:00			`br: false,`
Auth working 2020-05-07 07:29:47 +12:00			`})`
further simplification of server code 2020-05-08 01:04:32 +12:00			`)`
			`.use(async (ctx, next) => {`
			`ctx.config = {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`jwtSecret: env.JWT_SECRET,`
bugfix: links not respecting appRootPath 2020-06-03 23:29:42 +12:00			`useAppRootPath: true,`
adding test structure 2020-04-09 03:57:27 +12:00			`}`
further simplification of server code 2020-05-08 01:04:32 +12:00			`await next()`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`})`
Fixing an issue with redirect having the middleware applied before the redirection 2021-09-07 02:48:46 +12:00			`// re-direct before any middlewares occur`
			`.redirect("/", "/builder")`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`.use(`
			`buildAuthMiddleware(null, {`
			`publicAllowed: true,`
			`})`
			`)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`// nothing in the server should allow query string tenants`
Allowing all server endpoints to run without tenant information, as most endpoints in server can be public. 2021-09-07 03:01:45 +12:00			`// the server can be public anywhere, so nowhere should throw errors`
			`// if the tenancy has not been set, it'll have to be discovered at application layer`
			`.use(`
			`buildTenancyMiddleware(null, null, {`
			`noTenancyRequired: true,`
			`})`
			`)`
Add developer usage restrictions to SSO user creation 2022-03-18 21:01:31 +13:00			`.use(pro.licensing())`
Move day pass middleware from authenticated to licensing, sent activity to account portal 2022-09-07 03:24:36 +12:00			`.use(currentApp)`
adding watchtower to docker config 2021-05-28 21:09:32 +12:00			`.use(auditLog)`
further simplification of server code 2020-05-08 01:04:32 +12:00
			`// error handling middleware`
			`router.use(async (ctx, next) => {`
			`try {`
			`await next()`
			`} catch (err) {`
			`ctx.status = err.status \|\| err.statusCode \|\| 500`
Better error handling around license errors 2022-03-17 06:29:47 +13:00			`const error = errors.getPublicError(err)`
further simplification of server code 2020-05-08 01:04:32 +12:00			`ctx.body = {`
			`message: err.message,`
			`status: ctx.status,`
fix lint issues 2021-08-17 08:07:15 +12:00			`validationErrors: err.validation,`
Better error handling around license errors 2022-03-17 06:29:47 +13:00			`error,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`}`
builder / app / app preview served events 2022-04-09 01:07:11 +12:00			`ctx.log.error(err)`
Removing spam of unauthorised traces from tests, may be causing stack overflow. 2022-07-05 03:34:59 +12:00			`// unauthorised errors don't provide a useful trace`
			`if (!env.isTest()) {`
			`console.trace(err)`
			`}`
further simplification of server code 2020-05-08 01:04:32 +12:00			`}`
			`})`
adding test structure 2020-04-09 03:57:27 +12:00
further simplification of server code 2020-05-08 01:04:32 +12:00			`// authenticated routes`
Updating to have proper access control via an accessController and nearly ready to spit out the routing structure. 2020-11-17 07:04:44 +13:00			`for (let route of mainRoutes) {`
			`router.use(route.routes())`
			`router.use(route.allowedMethods())`
			`}`
serve determines whether analytics are enabled 2020-09-30 04:23:34 +13:00
Adding variables to generator. 2022-02-17 07:23:38 +13:00			`router.use(publicRoutes.routes())`
			`router.use(publicRoutes.allowedMethods())`

Updating to have proper access control via an accessController and nearly ready to spit out the routing structure. 2020-11-17 07:04:44 +13:00			`// WARNING - static routes will catch everything else after them this must be last`
further simplification of server code 2020-05-08 01:04:32 +12:00			`router.use(staticRoutes.routes())`
			`router.use(staticRoutes.allowedMethods())`
restructuring server routers 2020-04-07 01:05:57 +12:00
Fixing issue with server not shutting down correctly when an error occurs, making sure that everything clears up gracefully. 2022-05-31 08:22:06 +12:00			`module.exports.router = router`
			`module.exports.shutdown = shutdown`