budibase/packages/worker/src/api/controllers/admin/configs.js

const CouchDB = require("../../../db")
const {
  generateConfigID,
  StaticDatabases,
  getConfigParams,
  getGlobalUserParams,
  getScopedFullConfig,
} = require("@budibase/auth").db
const { Configs } = require("../../../constants")
const email = require("../../../utilities/email")
const { upload, ObjectStoreBuckets } = require("@budibase/auth").objectStore

const APP_PREFIX = "app_"

const GLOBAL_DB = StaticDatabases.GLOBAL.name

exports.save = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  const { type, group, user, config } = ctx.request.body

  // Config does not exist yet
  if (!ctx.request.body._id) {
    ctx.request.body._id = generateConfigID({
      type,
      group,
      user,
    })
  }

  try {
    // verify the configuration
    switch (type) {
      case Configs.SMTP:
        await email.verifyConfig(config)
        break
    }
  } catch (err) {
    ctx.throw(400, err)
  }

  try {
    const response = await db.put(ctx.request.body)
    ctx.body = {
      type,
      _id: response.id,
      _rev: response.rev,
    }
  } catch (err) {
    ctx.throw(400, err)
  }
}

exports.fetch = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  const response = await db.allDocs(
    getConfigParams(
      { type: ctx.params.type },
      {
        include_docs: true,
      }
    )
  )
  ctx.body = response.rows.map(row => row.doc)
}

/**
 * Gets the most granular config for a particular configuration type.
 * The hierarchy is type -> group -> user.
 */
exports.find = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)

  const { userId, groupId } = ctx.query
  if (groupId && userId) {
    const group = await db.get(groupId)
    const userInGroup = group.users.some(groupUser => groupUser === userId)
    if (!ctx.user.admin && !userInGroup) {
      ctx.throw(400, `User is not in specified group: ${group}.`)
    }
  }

  try {
    // Find the config with the most granular scope based on context
    const scopedConfig = await getScopedFullConfig(db, {
      type: ctx.params.type,
      user: userId,
      group: groupId,
    })

    if (scopedConfig) {
      ctx.body = scopedConfig
    } else {
      // don't throw an error, there simply is nothing to return
      ctx.body = {}
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.publicSettings = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  try {
    // Find the config with the most granular scope based on context
    const publicConfig = await getScopedFullConfig(db, {
      type: Configs.SETTINGS,
    })

    if (!publicConfig) {
      ctx.body = {}
    } else {
      ctx.body = publicConfig
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.upload = async function (ctx) {
  if (ctx.request.files == null || ctx.request.files.file.length > 1) {
    ctx.throw(400, "One file must be uploaded.")
  }
  const file = ctx.request.files.file
  const { type, name } = ctx.params

  const bucket = ObjectStoreBuckets.GLOBAL
  const key = `${type}/${name}`
  await upload({
    bucket,
    filename: key,
    path: file.path,
    type: file.type,
  })

  // add to configuration structure
  // TODO: right now this only does a global level
  const db = new CouchDB(GLOBAL_DB)
  let cfgStructure = await getScopedFullConfig(db, { type })
  if (!cfgStructure) {
    cfgStructure = {
      _id: generateConfigID({ type }),
      config: {},
    }
  }
  const url = `/${bucket}/${key}`
  cfgStructure.config[`${name}`] = url
  // write back to db with url updated
  await db.put(cfgStructure)

  ctx.body = {
    message: "File has been uploaded and url stored to config.",
    url,
  }
}

exports.destroy = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)
  const { id, rev } = ctx.params

  try {
    await db.remove(id, rev)
    ctx.body = { message: "Config deleted successfully" }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}

exports.configChecklist = async function (ctx) {
  const db = new CouchDB(GLOBAL_DB)

  try {
    // TODO: Watch get started video

    // Apps exist
    let allDbs = await CouchDB.allDbs()
    const appDbNames = allDbs.filter(dbName => dbName.startsWith(APP_PREFIX))

    // They have set up SMTP
    const smtpConfig = await getScopedFullConfig(db, {
      type: Configs.SMTP,
    })

    // They have set up Google Auth
    const oauthConfig = await getScopedFullConfig(db, {
      type: Configs.GOOGLE,
    })

    // They have set up OIDC
    const oidcConfig = await getScopedFullConfig(db, {
      type: Configs.OIDC,
    })
    // They have set up an admin user
    const users = await db.allDocs(
      getGlobalUserParams(null, {
        include_docs: true,
      })
    )
    const adminUser = users.rows.some(row => row.doc.admin)

    ctx.body = {
      apps: appDbNames.length,
      smtp: !!smtpConfig,
      adminUser,
      oauth: !!oauthConfig,
      oidc: !!oidcConfig,
    }
  } catch (err) {
    ctx.throw(err.status, err)
  }
}
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const CouchDB = require("../../../db")`
Fleshing out the main work behind the email generation. 2021-04-23 04:57:38 +12:00			`const {`
			`generateConfigID,`
			`StaticDatabases,`
			`getConfigParams,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`getGlobalUserParams,`
Making some changes to how configs are scoped. 2021-05-06 21:51:21 +12:00			`getScopedFullConfig,`
Fleshing out the main work behind the email generation. 2021-04-23 04:57:38 +12:00			`} = require("@budibase/auth").db`
Updating config management for SMTP as well as finalising the work around generating and sending emails. 2021-04-24 00:49:47 +12:00			`const { Configs } = require("../../../constants")`
			`const email = require("../../../utilities/email")`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`const { upload, ObjectStoreBuckets } = require("@budibase/auth").objectStore`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00
			`const APP_PREFIX = "app_"`
config creation and management APIs 2021-04-21 05:14:36 +12:00
			`const GLOBAL_DB = StaticDatabases.GLOBAL.name`

lint:fix 2021-05-03 19:31:09 +12:00			`exports.save = async function (ctx) {`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const db = new CouchDB(GLOBAL_DB)`
google oauth UI 2021-05-05 04:31:06 +12:00			`const { type, group, user, config } = ctx.request.body`
config creation and management APIs 2021-04-21 05:14:36 +12:00
			`// Config does not exist yet`
google oauth UI 2021-05-05 04:31:06 +12:00			`if (!ctx.request.body._id) {`
			`ctx.request.body._id = generateConfigID({`
config specificity 2021-04-22 22:45:22 +12:00			`type,`
			`group,`
			`user,`
			`})`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`}`

Updating SMTP config to show better errors. 2021-06-10 02:45:54 +12:00			`try {`
			`// verify the configuration`
			`switch (type) {`
			`case Configs.SMTP:`
			`await email.verifyConfig(config)`
			`break`
			`}`
			`} catch (err) {`
			`ctx.throw(400, err)`
Updating config management for SMTP as well as finalising the work around generating and sending emails. 2021-04-24 00:49:47 +12:00			`}`

config creation and management APIs 2021-04-21 05:14:36 +12:00			`try {`
google oauth UI 2021-05-05 04:31:06 +12:00			`const response = await db.put(ctx.request.body)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`ctx.body = {`
config specificity 2021-04-22 22:45:22 +12:00			`type,`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`_id: response.id,`
			`_rev: response.rev,`
			`}`
			`} catch (err) {`
Updating SMTP config to show better errors. 2021-06-10 02:45:54 +12:00			`ctx.throw(400, err)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`}`
			`}`

lint:fix 2021-05-03 19:31:09 +12:00			`exports.fetch = async function (ctx) {`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const db = new CouchDB(GLOBAL_DB)`
			`const response = await db.allDocs(`
Formatting. 2021-05-06 03:00:15 +12:00			`getConfigParams(`
			`{ type: ctx.params.type },`
			`{`
			`include_docs: true,`
			`}`
			`)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`)`
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`ctx.body = response.rows.map(row => row.doc)`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`}`

config specificity 2021-04-22 22:45:22 +12:00			`/**`
			`* Gets the most granular config for a particular configuration type.`
			`* The hierarchy is type -> group -> user.`
			`*/`
lint:fix 2021-05-03 19:31:09 +12:00			`exports.find = async function (ctx) {`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const db = new CouchDB(GLOBAL_DB)`
config specificity 2021-04-22 22:45:22 +12:00
Updating configs API based on some feedback during the development of the settings frontend. 2021-05-06 02:59:24 +12:00			`const { userId, groupId } = ctx.query`
			`if (groupId && userId) {`
			`const group = await db.get(groupId)`
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`const userInGroup = group.users.some(groupUser => groupUser === userId)`
config specificity 2021-04-22 22:45:22 +12:00			`if (!ctx.user.admin && !userInGroup) {`
			ctx.throw(400, `User is not in specified group: ${group}.`)
			`}`
			`}`

config creation and management APIs 2021-04-21 05:14:36 +12:00			`try {`
config specificity 2021-04-22 22:45:22 +12:00			`// Find the config with the most granular scope based on context`
Making some changes to how configs are scoped. 2021-05-06 21:51:21 +12:00			`const scopedConfig = await getScopedFullConfig(db, {`
scoped configuration management 2021-04-23 00:46:54 +12:00			`type: ctx.params.type,`
			`user: userId,`
Updating configs API based on some feedback during the development of the settings frontend. 2021-05-06 02:59:24 +12:00			`group: groupId,`
config specificity 2021-04-22 22:45:22 +12:00			`})`

			`if (scopedConfig) {`
			`ctx.body = scopedConfig`
			`} else {`
Fixing authentication with API key issue. 2021-06-22 04:13:06 +12:00			`// don't throw an error, there simply is nothing to return`
			`ctx.body = {}`
config specificity 2021-04-22 22:45:22 +12:00			`}`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`exports.publicSettings = async function (ctx) {`
			`const db = new CouchDB(GLOBAL_DB)`
			`try {`
			`// Find the config with the most granular scope based on context`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00			`const publicConfig = await getScopedFullConfig(db, {`
Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`type: Configs.SETTINGS,`
			`})`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00
Linting and Optimisation 2021-07-10 02:05:39 +12:00			`if (!publicConfig) {`
			`ctx.body = {}`
			`} else {`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00			`ctx.body = publicConfig`
Fixing issues discovered by cypress tests. 2021-06-22 05:37:14 +12:00			`}`
Implementing feature #1700 and making it possible to remove logo. 2021-06-22 05:01:25 +12:00			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`

Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`exports.upload = async function (ctx) {`
			`if (ctx.request.files == null \|\| ctx.request.files.file.length > 1) {`
			`ctx.throw(400, "One file must be uploaded.")`
			`}`
			`const file = ctx.request.files.file`
			`const { type, name } = ctx.params`

			`const bucket = ObjectStoreBuckets.GLOBAL`
Add oidc icon and name to public api for login page 2021-07-09 20:49:16 +12:00			const key = `${type}/${name}`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`await upload({`
			`bucket,`
			`filename: key,`
			`path: file.path,`
			`type: file.type,`
			`})`

			`// add to configuration structure`
			`// TODO: right now this only does a global level`
			`const db = new CouchDB(GLOBAL_DB)`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-13 01:27:33 +12:00			`let cfgStructure = await getScopedFullConfig(db, { type })`
			`if (!cfgStructure) {`
			`cfgStructure = {`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`_id: generateConfigID({ type }),`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-13 01:27:33 +12:00			`config: {},`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`}`
			`}`
			const url = `/${bucket}/${key}`
Allow user uploaded icons in oidc config 2021-07-08 00:41:09 +12:00			cfgStructure.config[`${name}`] = url
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00			`// write back to db with url updated`
Fixing an issue with the upload URL not being inserted in correct location. 2021-05-13 01:27:33 +12:00			`await db.put(cfgStructure)`
Updating with a tested and functional API for uploading files for configs. 2021-05-08 00:55:30 +12:00
			`ctx.body = {`
			`message: "File has been uploaded and url stored to config.",`
			`url,`
			`}`
			`}`

lint:fix 2021-05-03 19:31:09 +12:00			`exports.destroy = async function (ctx) {`
config creation and management APIs 2021-04-21 05:14:36 +12:00			`const db = new CouchDB(GLOBAL_DB)`
			`const { id, rev } = ctx.params`

			`try {`
			`await db.remove(id, rev)`
			`ctx.body = { message: "Config deleted successfully" }`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00
lint :sparkles: 2021-05-06 21:57:24 +12:00			`exports.configChecklist = async function (ctx) {`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`const db = new CouchDB(GLOBAL_DB)`

			`try {`
			`// TODO: Watch get started video`

			`// Apps exist`
Linting and fixing an issue with the dev pass through. 2021-05-25 03:20:02 +12:00			`let allDbs = await CouchDB.allDbs()`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`const appDbNames = allDbs.filter(dbName => dbName.startsWith(APP_PREFIX))`

			`// They have set up SMTP`
update scoped config imports 2021-05-06 23:09:35 +12:00			`const smtpConfig = await getScopedFullConfig(db, {`
lint :sparkles: 2021-05-06 21:57:24 +12:00			`type: Configs.SMTP,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`})`

simpler check using checklist 2021-05-22 01:55:11 +12:00			`// They have set up Google Auth`
			`const oauthConfig = await getScopedFullConfig(db, {`
			`type: Configs.GOOGLE,`
			`})`

Add validation to backend for OIDC configuration 2021-07-06 01:27:19 +12:00			`// They have set up OIDC`
			`const oidcConfig = await getScopedFullConfig(db, {`
			`type: Configs.OIDC,`
			`})`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`// They have set up an admin user`
			`const users = await db.allDocs(`
			`getGlobalUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`const adminUser = users.rows.some(row => row.doc.admin)`

lint :sparkles: 2021-05-06 21:57:24 +12:00			`ctx.body = {`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`apps: appDbNames.length,`
			`smtp: !!smtpConfig,`
lint :sparkles: 2021-05-06 21:57:24 +12:00			`adminUser,`
simpler check using checklist 2021-05-22 01:55:11 +12:00			`oauth: !!oauthConfig,`
Add OIDC icon to login page 2021-07-08 04:39:26 +12:00			`oidc: !!oidcConfig,`
endpoint for budibase configuration checklist 2021-05-06 07:58:31 +12:00			`}`
			`} catch (err) {`
			`ctx.throw(err.status, err)`
			`}`
			`}`