budibase/packages/worker/src/api/controllers/admin/configs.js

const {
  generateConfigID,
  getConfigParams,
  getGlobalUserParams,
  getScopedFullConfig,
  getGlobalDBFromCtx,
  getGlobalDB,
  getAllApps,
} = require("@budibase/auth/db")
const { Configs } = require("../../../constants")
const email = require("../../../utilities/email")
const { upload, ObjectStoreBuckets } = require("@budibase/auth").objectStore

exports.save = async function (ctx) {
  const db = getGlobalDBFromCtx(ctx)
  const { type, workspace, user, config } = ctx.request.body

  // Config does not exist yet
  if (!ctx.request.body._id) {
    ctx.request.body._id = generateConfigID({
      type,
      workspace,
      user,
    })
  }

  try {
    // verify the configuration
    switch (type) {
      case Configs.SMTP:
        await email.verifyConfig(config)
        break
    }
  } catch (err) {
    ctx.throw(400, err)
  }

  try {
    const response = await db.put(ctx.request.body)
    ctx.body = {
      type,
      _id: response.id,
      _rev: response.rev,
    }
  } catch (err) {
    ctx.throw(400, err)
  }
}

exports.fetch = async function (ctx) {
  const db = getGlobalDBFromCtx(ctx)
  const response = await db.allDocs(
    getConfigParams(
      { type: ctx.params.type },
      {
        include_docs: true,
      }
    )
  )
  ctx.body = response.rows.map(row => row.doc)
}

/**
 * Gets the most granular config for a particular configuration type.
 * The hierarchy is type -> workspace -> user.
 */
exports.find = async function (ctx) {
  const db = getGlobalDBFromCtx(ctx)

  const { userId, workspaceId } = ctx.query
  if (workspaceId && userId) {
    const workspace = await db.get(workspaceId)
    const userInWorkspace = workspace.users.some(
      workspaceUser => workspaceUser === userId
    )
    if (!ctx.user.admin && !userInWorkspace) {
      ctx.throw(400, `User is not in specified workspace: ${workspace}.`)
    }
  }

  try {
    // Find the config with the most granular scope based on context
    const scopedConfig = await getScopedFullConfig(db, {
      type: ctx.params.type,
      user: userId,
      workspace: workspaceId,
    })

    if (scopedConfig) {
      ctx.body = scopedConfig
    } else {
      // don't throw an error, there simply is nothing to return
      ctx.body = {}
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.publicOidc = async function (ctx) {
  const db = getGlobalDBFromCtx(ctx)
  try {
    // Find the config with the most granular scope based on context
    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })

    if (!oidcConfig) {
      ctx.body = {}
    } else {
      ctx.body = oidcConfig.config.configs.map(config => ({
        logo: config.logo,
        name: config.name,
        uuid: config.uuid,
      }))
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.publicSettings = async function (ctx) {
  const db = getGlobalDBFromCtx(ctx)

  try {
    // Find the config with the most granular scope based on context
    const publicConfig = await getScopedFullConfig(db, {
      type: Configs.SETTINGS,
    })

    const googleConfig = await getScopedFullConfig(db, {
      type: Configs.GOOGLE,
    })

    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })

    let config
    if (!publicConfig) {
      config = {
        config: {},
      }
    } else {
      config = publicConfig
    }

    config.config.google = !googleConfig
      ? !!googleConfig
      : googleConfig.config.activated
    config.config.oidc = !oidcConfig
      ? !!oidcConfig
      : oidcConfig.config.configs[0].activated
    ctx.body = config
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.upload = async function (ctx) {
  if (ctx.request.files == null || ctx.request.files.file.length > 1) {
    ctx.throw(400, "One file must be uploaded.")
  }
  const file = ctx.request.files.file
  const { type, name } = ctx.params

  const bucket = ObjectStoreBuckets.GLOBAL
  const key = `${type}/${name}`
  await upload({
    bucket,
    filename: key,
    path: file.path,
    type: file.type,
  })

  // add to configuration structure
  // TODO: right now this only does a global level
  const db = getGlobalDBFromCtx(ctx)
  let cfgStructure = await getScopedFullConfig(db, { type })
  if (!cfgStructure) {
    cfgStructure = {
      _id: generateConfigID({ type }),
      config: {},
    }
  }
  const url = `/${bucket}/${key}`
  cfgStructure.config[`${name}`] = url
  // write back to db with url updated
  await db.put(cfgStructure)

  ctx.body = {
    message: "File has been uploaded and url stored to config.",
    url,
  }
}

exports.destroy = async function (ctx) {
  const db = getGlobalDBFromCtx(ctx)
  const { id, rev } = ctx.params

  try {
    await db.remove(id, rev)
    ctx.body = { message: "Config deleted successfully" }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.configChecklist = async function (ctx) {
  const tenantId = ctx.request.query.tenantId
  const db = tenantId ? getGlobalDB(tenantId) : getGlobalDBFromCtx(ctx)

  try {
    // TODO: Watch get started video

    // Apps exist
    const apps = await getAllApps({ tenantId })

    // They have set up SMTP
    const smtpConfig = await getScopedFullConfig(db, {
      type: Configs.SMTP,
    })

    // They have set up Google Auth
    const googleConfig = await getScopedFullConfig(db, {
      type: Configs.GOOGLE,
    })

    // They have set up OIDC
    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })
    // They have set up an admin user
    const users = await db.allDocs(
      getGlobalUserParams(null, {
        include_docs: true,
      })
    )
    const adminUser = users.rows.some(row => row.doc.admin)

    ctx.body = {
      apps: apps.length,
      smtp: !!smtpConfig,
      adminUser,
      sso: !!googleConfig || !!oidcConfig,
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}
Fleshing out the main work behind the email generation. 2021-04-23 04:57:38 +12:00			`const {`
			`generateConfigID,`
			`getConfigParams,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`getGlobalUserParams,`
Making some changes to how configs are scoped. 2021-05-06 21:51:21 +12:00			`getScopedFullConfig,`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`getGlobalDBFromCtx,`
Updating auth to utilise the tenant system. 2021-07-17 02:08:58 +12:00			`getGlobalDB,`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`getAllApps,`
			`} = require("@budibase/auth/db")`
Updating config management for SMTP as well as finalising the work around generating and sending emails. 2021-04-24 00:49:47 +12:00			`const { Configs } = require("../../../constants")`
			`const email = require("../../../utilities/email")`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`const { upload, ObjectStoreBuckets } = require("@budibase/auth").objectStore`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00
lint:fix 2021-05-03 19:31:09 +12:00			`exports.save = async function (ctx) {`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`const db = getGlobalDBFromCtx(ctx)`
Renaming groups to workspaces. 2021-07-14 04:27:04 +12:00			`const { type, workspace, user, config } = ctx.request.body`
config creation and management APIs 2021-04-21 05:14:36 +12:00
			`// Config does not exist yet`
google oauth UI 2021-05-05 04:31:06 +12:00			`if (!ctx.request.body._id) {`
			`ctx.request.body._id = generateConfigID({`
config specificity 2021-04-22 22:45:22 +12:00			`type,`
Renaming groups to workspaces. 2021-07-14 04:27:04 +12:00			`workspace,`
config specificity 2021-04-22 22:45:22 +12:00			`user,`
			`})`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`}`

Updating SMTP config to show better errors. 2021-06-10 02:45:54 +12:00			`try {`
			`// verify the configuration`
			`switch (type) {`
			`case Configs.SMTP:`
			`await email.verifyConfig(config)`
			`break`
			`}`
			`} catch (err) {`
			`ctx.throw(400, err)`
Updating config management for SMTP as well as finalising the work around generating and sending emails. 2021-04-24 00:49:47 +12:00			`}`

config creation and management APIs 2021-04-21 05:14:36 +12:00			`try {`
google oauth UI 2021-05-05 04:31:06 +12:00			`const response = await db.put(ctx.request.body)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`ctx.body = {`
config specificity 2021-04-22 22:45:22 +12:00			`type,`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`_id: response.id,`
			`_rev: response.rev,`
			`}`
			`} catch (err) {`
Updating SMTP config to show better errors. 2021-06-10 02:45:54 +12:00			`ctx.throw(400, err)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`}`
			`}`

lint:fix 2021-05-03 19:31:09 +12:00			`exports.fetch = async function (ctx) {`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`const db = getGlobalDBFromCtx(ctx)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const response = await db.allDocs(`
Formatting. 2021-05-06 03:00:15 +12:00			`getConfigParams(`
			`{ type: ctx.params.type },`
			`{`
			`include_docs: true,`
			`}`
			`)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`)`
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`ctx.body = response.rows.map(row => row.doc)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`}`

config specificity 2021-04-22 22:45:22 +12:00			`/**`
			`* Gets the most granular config for a particular configuration type.`
Renaming groups to workspaces. 2021-07-14 04:27:04 +12:00			`* The hierarchy is type -> workspace -> user.`
config specificity 2021-04-22 22:45:22 +12:00			`*/`
lint:fix 2021-05-03 19:31:09 +12:00			`exports.find = async function (ctx) {`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`const db = getGlobalDBFromCtx(ctx)`
config specificity 2021-04-22 22:45:22 +12:00
Renaming groups to workspaces. 2021-07-14 04:27:04 +12:00			`const { userId, workspaceId } = ctx.query`
			`if (workspaceId && userId) {`
			`const workspace = await db.get(workspaceId)`
Linting. 2021-07-14 04:28:05 +12:00			`const userInWorkspace = workspace.users.some(`
			`workspaceUser => workspaceUser === userId`
			`)`
Renaming groups to workspaces. 2021-07-14 04:27:04 +12:00			`if (!ctx.user.admin && !userInWorkspace) {`
			ctx.throw(400, `User is not in specified workspace: ${workspace}.`)
config specificity 2021-04-22 22:45:22 +12:00			`}`
			`}`

config creation and management APIs 2021-04-21 05:14:36 +12:00			`try {`
config specificity 2021-04-22 22:45:22 +12:00			`// Find the config with the most granular scope based on context`
Making some changes to how configs are scoped. 2021-05-06 21:51:21 +12:00			`const scopedConfig = await getScopedFullConfig(db, {`
scoped configuration management 2021-04-23 00:46:54 +12:00			`type: ctx.params.type,`
			`user: userId,`
Renaming groups to workspaces. 2021-07-14 04:27:04 +12:00			`workspace: workspaceId,`
config specificity 2021-04-22 22:45:22 +12:00			`})`

			`if (scopedConfig) {`
			`ctx.body = scopedConfig`
			`} else {`
Fixing authentication with API key issue. 2021-06-22 04:13:06 +12:00			`// don't throw an error, there simply is nothing to return`
			`ctx.body = {}`
config specificity 2021-04-22 22:45:22 +12:00			`}`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

improve structure of OIDC config 2021-07-14 01:54:20 +12:00			`exports.publicOidc = async function (ctx) {`
Merge branch 'develop' of github.com:Budibase/budibase into feature/multi-tenants 2021-07-21 02:56:12 +12:00			`const db = getGlobalDBFromCtx(ctx)`
improve structure of OIDC config 2021-07-14 01:54:20 +12:00			`try {`
			`// Find the config with the most granular scope based on context`
			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`

			`if (!oidcConfig) {`
			`ctx.body = {}`
			`} else {`
Merge branch 'develop' of github.com:Budibase/budibase into feature/multi-tenants 2021-07-21 02:56:12 +12:00			`ctx.body = oidcConfig.config.configs.map(config => ({`
			`logo: config.logo,`
			`name: config.name,`
			`uuid: config.uuid,`
			`}))`
improve structure of OIDC config 2021-07-14 01:54:20 +12:00			`}`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`exports.publicSettings = async function (ctx) {`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`const db = getGlobalDBFromCtx(ctx)`
Default public config.config when missing 2021-07-16 03:50:57 +12:00
Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`try {`
			`// Find the config with the most granular scope based on context`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00			`const publicConfig = await getScopedFullConfig(db, {`
Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`type: Configs.SETTINGS,`
			`})`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00
add new logic to support oauth and oidc buttons 2021-07-16 02:49:06 +12:00			`const googleConfig = await getScopedFullConfig(db, {`
			`type: Configs.GOOGLE,`
			`})`

			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`

Merge branch 'develop' of github.com:Budibase/budibase into feature/multi-tenants 2021-07-21 02:56:12 +12:00			`let config`
Default public config.config when missing 2021-07-16 03:50:57 +12:00			`if (!publicConfig) {`
			`config = {`
			`config: {},`
add new logic to support oauth and oidc buttons 2021-07-16 02:49:06 +12:00			`}`
Fixing issues discovered by cypress tests. 2021-06-22 05:37:14 +12:00			`} else {`
Default public config.config when missing 2021-07-16 03:50:57 +12:00			`config = publicConfig`
Fixing issues discovered by cypress tests. 2021-06-22 05:37:14 +12:00			`}`
Default public config.config when missing 2021-07-16 03:50:57 +12:00
Add activated toggle and login functionality to support this 2021-07-20 20:27:12 +12:00			`config.config.google = !googleConfig`
			`? !!googleConfig`
Merge branch 'develop' of github.com:Budibase/budibase into feature/multi-tenants 2021-07-21 02:56:12 +12:00			`: googleConfig.config.activated`
Add activated toggle and login functionality to support this 2021-07-20 20:27:12 +12:00			`config.config.oidc = !oidcConfig`
			`? !!oidcConfig`
Merge branch 'develop' of github.com:Budibase/budibase into feature/multi-tenants 2021-07-21 02:56:12 +12:00			`: oidcConfig.config.configs[0].activated`
Default public config.config when missing 2021-07-16 03:50:57 +12:00			`ctx.body = config`
Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`exports.upload = async function (ctx) {`
			`if (ctx.request.files == null \|\| ctx.request.files.file.length > 1) {`
			`ctx.throw(400, "One file must be uploaded.")`
			`}`
			`const file = ctx.request.files.file`
			`const { type, name } = ctx.params`

			`const bucket = ObjectStoreBuckets.GLOBAL`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00			const key = `${type}/${name}`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`await upload({`
			`bucket,`
			`filename: key,`
			`path: file.path,`
			`type: file.type,`
			`})`

			`// add to configuration structure`
			`// TODO: right now this only does a global level`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`const db = getGlobalDBFromCtx(ctx)`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-13 01:27:33 +12:00			`let cfgStructure = await getScopedFullConfig(db, { type })`
			`if (!cfgStructure) {`
			`cfgStructure = {`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`_id: generateConfigID({ type }),`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-13 01:27:33 +12:00			`config: {},`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`}`
			`}`
			const url = `/${bucket}/${key}`
Allow user uploaded icons in oidc config 2021-07-08 00:41:09 +12:00			cfgStructure.config[`${name}`] = url
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`// write back to db with url updated`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-13 01:27:33 +12:00			`await db.put(cfgStructure)`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00
			`ctx.body = {`
			`message: "File has been uploaded and url stored to config.",`
			`url,`
			`}`
			`}`

lint:fix 2021-05-03 19:31:09 +12:00			`exports.destroy = async function (ctx) {`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`const db = getGlobalDBFromCtx(ctx)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const { id, rev } = ctx.params`

			`try {`
			`await db.remove(id, rev)`
			`ctx.body = { message: "Config deleted successfully" }`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00
lint :sparkles: 2021-05-06 21:57:24 +12:00			`exports.configChecklist = async function (ctx) {`
Further work, tenancy now working but some more work to be done. 2021-07-17 05:04:49 +12:00			`const tenantId = ctx.request.query.tenantId`
Updating auth to utilise the tenant system. 2021-07-17 02:08:58 +12:00			`const db = tenantId ? getGlobalDB(tenantId) : getGlobalDBFromCtx(ctx)`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00
			`try {`
			`// TODO: Watch get started video`

			`// Apps exist`
Further work, tenancy now working but some more work to be done. 2021-07-17 05:04:49 +12:00			`const apps = await getAllApps({ tenantId })`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00
			`// They have set up SMTP`
update scoped config imports 2021-05-06 23:09:35 +12:00			`const smtpConfig = await getScopedFullConfig(db, {`
lint :sparkles: 2021-05-06 21:57:24 +12:00			`type: Configs.SMTP,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`})`

simpler check using checklist 2021-05-22 01:55:11 +12:00			`// They have set up Google Auth`
Update config checklist to handle multiple sso sources 2021-07-14 04:30:17 +12:00			`const googleConfig = await getScopedFullConfig(db, {`
simpler check using checklist 2021-05-22 01:55:11 +12:00			`type: Configs.GOOGLE,`
			`})`

Add validation to backend for OIDC configuration 2021-07-06 01:27:19 +12:00			`// They have set up OIDC`
			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`// They have set up an admin user`
			`const users = await db.allDocs(`
			`getGlobalUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`const adminUser = users.rows.some(row => row.doc.admin)`

lint :sparkles: 2021-05-06 21:57:24 +12:00			`ctx.body = {`
First version of multi-tenancy, work still to be done. 2021-07-16 04:57:02 +12:00			`apps: apps.length,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`smtp: !!smtpConfig,`
lint :sparkles: 2021-05-06 21:57:24 +12:00			`adminUser,`
Fix config form saving bugs 2021-07-14 08:46:50 +12:00			`sso: !!googleConfig \|\| !!oidcConfig,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`}`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`