budibase/packages/server/src/utilities/workerRequests.js

const fetch = require("node-fetch")
const env = require("../environment")
const { checkSlashesInUrl } = require("./index")
const { getProdAppID } = require("@budibase/backend-core/db")
const { updateAppRole } = require("./global")
const { Headers } = require("@budibase/backend-core/constants")
const { getTenantId, isTenantIdSet } = require("@budibase/backend-core/tenancy")

function request(ctx, request) {
  if (!request.headers) {
    request.headers = {}
  }
  if (!ctx) {
    request.headers[Headers.API_KEY] = env.INTERNAL_API_KEY
    if (isTenantIdSet()) {
      request.headers[Headers.TENANT_ID] = getTenantId()
    }
  }
  if (request.body && Object.keys(request.body).length > 0) {
    request.headers["Content-Type"] = "application/json"
    request.body =
      typeof request.body === "object"
        ? JSON.stringify(request.body)
        : request.body
  } else {
    delete request.body
  }
  if (ctx && ctx.headers) {
    request.headers.cookie = ctx.headers.cookie
  }
  return request
}

exports.request = request

// have to pass in the tenant ID as this could be coming from an automation
exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {
  // tenant ID will be set in header
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`),
    request(null, {
      method: "POST",
      body: {
        email: to,
        from,
        contents,
        subject,
        purpose: "custom",
        automation,
      },
    })
  )

  if (response.status !== 200) {
    const error = await response.text()
    throw `Unable to send email - ${error}`
  }
  return response.json()
}

exports.getGlobalSelf = async (ctx, appId = null) => {
  const endpoint = `/api/global/self`
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    // we don't want to use API key when getting self
    request(ctx, { method: "GET" })
  )
  if (response.status !== 200) {
    ctx.throw(400, "Unable to get self globally.")
  }
  let json = await response.json()
  if (appId) {
    json = updateAppRole(json)
  }
  return json
}

exports.removeAppFromUserRoles = async (ctx, appId) => {
  const prodAppId = getProdAppID(appId)
  const response = await fetch(
    checkSlashesInUrl(env.WORKER_URL + `/api/global/roles/${prodAppId}`),
    request(ctx, {
      method: "DELETE",
    })
  )
  if (response.status !== 200) {
    throw "Unable to remove app role"
  }
  return response.json()
}
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`const fetch = require("node-fetch")`
			`const env = require("../environment")`
			`const { checkSlashesInUrl } = require("./index")`
Review comments, renaming deployed -> prod in terms of app IDs. 2022-02-01 06:42:51 +13:00			`const { getProdAppID } = require("@budibase/backend-core/db")`
Fixing issue with user's being logged in and trying to access other tenants public apps, this work makes sure that users from other tenants will not be 403'd immediately (too aggressive) but instead they will have all other their RBAC roles revoked. 2021-10-08 03:49:26 +13:00			`const { updateAppRole } = require("./global")`
Switching out @budibase/auth to @budibase/backend-core. 2022-01-11 08:33:00 +13:00			`const { Headers } = require("@budibase/backend-core/constants")`
			`const { getTenantId, isTenantIdSet } = require("@budibase/backend-core/tenancy")`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`function request(ctx, request) {`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`if (!request.headers) {`
			`request.headers = {}`
			`}`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`if (!ctx) {`
Adding concept of version to APIs. 2021-07-24 02:29:14 +12:00			`request.headers[Headers.API_KEY] = env.INTERNAL_API_KEY`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`if (isTenantIdSet()) {`
			`request.headers[Headers.TENANT_ID] = getTenantId()`
			`}`
Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps. 2021-06-04 23:13:29 +12:00			`}`
Other minor fixes after doing some initial setup testing. 2021-05-11 00:18:05 +12:00			`if (request.body && Object.keys(request.body).length > 0) {`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`request.headers["Content-Type"] = "application/json"`
			`request.body =`
			`typeof request.body === "object"`
			`? JSON.stringify(request.body)`
			`: request.body`
Other minor fixes after doing some initial setup testing. 2021-05-11 00:18:05 +12:00			`} else {`
			`delete request.body`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`}`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 23:02:29 +12:00			`if (ctx && ctx.headers) {`
Updating some test cases to work with new system. 2021-04-10 04:33:21 +12:00			`request.headers.cookie = ctx.headers.cookie`
			`}`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`return request`
			`}`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-16 02:57:55 +12:00			`exports.request = request`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`// have to pass in the tenant ID as this could be coming from an automation`
prevent SMTP fallback for automations 2021-09-28 04:28:39 +13:00			`exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`// tenant ID will be set in header`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 23:02:29 +12:00			`const response = await fetch(`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`),
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 23:02:29 +12:00			`request(null, {`
			`method: "POST",`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-12 02:08:59 +12:00			`body: {`
			`email: to,`
			`from,`
			`contents,`
			`subject,`
			`purpose: "custom",`
prevent SMTP fallback for automations 2021-09-28 04:28:39 +13:00			`automation,`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-12 02:08:59 +12:00			`},`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 23:02:29 +12:00			`})`
			`)`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-12 02:08:59 +12:00
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-02 02:58:40 +12:00			`if (response.status !== 200) {`
Quick fix for worker, API key was not considered good enough to access worker, updated this and added better error to smtp action. 2021-10-02 01:29:08 +13:00			`const error = await response.text()`
			throw `Unable to send email - ${error}`
Updating to support SMTP email automation action, as well as some general work around from and subject which previously we'ren't fully implemented. 2021-05-12 02:08:59 +12:00			`}`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-02 02:58:40 +12:00			`return response.json()`
Some updates, working towards supporting automation send smtp email also removing the styling template, adding to base. 2021-05-11 23:02:29 +12:00			`}`

Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`exports.getGlobalSelf = async (ctx, appId = null) => {`
Shifting over all of self API, deprecating old endpoints. 2022-02-15 07:11:35 +13:00			const endpoint = `/api/global/self`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`const response = await fetch(`
			`checkSlashesInUrl(env.WORKER_URL + endpoint),`
Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps. 2021-06-04 23:13:29 +12:00			`// we don't want to use API key when getting self`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`request(ctx, { method: "GET" })`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`)`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-02 02:58:40 +12:00			`if (response.status !== 200) {`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`ctx.throw(400, "Unable to get self globally.")`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`}`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-02 02:58:40 +12:00			`let json = await response.json()`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`if (appId) {`
Main body of work, refactoring most usages. 2022-01-28 07:18:31 +13:00			`json = updateAppRole(json)`
Updating permissions to allow roles other than builder/admin to use apps properly. 2021-05-28 01:53:41 +12:00			`}`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`return json`
			`}`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`exports.removeAppFromUserRoles = async (ctx, appId) => {`
Review comments, renaming deployed -> prod in terms of app IDs. 2022-02-01 06:42:51 +13:00			`const prodAppId = getProdAppID(appId)`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-02 02:58:40 +12:00			`const response = await fetch(`
Review comments, renaming deployed -> prod in terms of app IDs. 2022-02-01 06:42:51 +13:00			checkSlashesInUrl(env.WORKER_URL + `/api/global/roles/${prodAppId}`),
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`request(ctx, {`
Fixing issue with roles not being added correctly to global users and cleaning up roles when an app is deleted. 2021-06-02 02:58:40 +12:00			`method: "DELETE",`
			`})`
			`)`
			`if (response.status !== 200) {`
			`throw "Unable to remove app role"`
			`}`
			`return response.json()`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`}`