budibase/packages/worker/src/api/routes/global/users.js

const Router = require("@koa/router")
const controller = require("../../controllers/global/users")
const { joiValidator } = require("@budibase/backend-core/auth")
const { adminOnly } = require("@budibase/backend-core/auth")
const Joi = require("joi")
const cloudRestricted = require("../../../middleware/cloudRestricted")
const { users } = require("../validation")
const selfController = require("../../controllers/global/self")
const { builderOrAdmin } = require("@budibase/backend-core/auth")

const router = new Router()

function buildAdminInitValidation() {
  return joiValidator.body(
    Joi.object({
      email: Joi.string().required(),
      password: Joi.string(),
      tenantId: Joi.string().required(),
    })
      .required()
      .unknown(false)
  )
}

function buildInviteValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    email: Joi.string().required(),
    userInfo: Joi.object().optional(),
  }).required())
}

function buildInviteMultipleValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.array().required().items(
    Joi.object({
      email: Joi.string(),
      userInfo: Joi.object().optional(),
    })
  ))
}

function buildInviteAcceptValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    inviteCode: Joi.string().required(),
    password: Joi.string().required(),
  }).required().unknown(true))
}

router
  .post(
    "/api/global/users",
    adminOnly,
    users.buildUserSaveValidation(),
    controller.save
  )
  .post(
    "/api/global/users/bulk",
    adminOnly,
    users.buildUserBulkUserValidation(),
    controller.bulkUpdate
  )

  .get("/api/global/users", builderOrAdmin, controller.fetch)
  .post("/api/global/users/search", builderOrAdmin, controller.search)
  .delete("/api/global/users/:id", adminOnly, controller.destroy)
  .get("/api/global/users/count/:appId", builderOrAdmin, controller.countByApp)
  .get("/api/global/roles/:appId")
  .post(
    "/api/global/users/invite",
    adminOnly,
    buildInviteValidation(),
    controller.invite
  )
  .post(
    "/api/global/users/multi/invite",
    adminOnly,
    buildInviteMultipleValidation(),
    controller.inviteMultiple
  )

  // non-global endpoints
  .post(
    "/api/global/users/invite/accept",
    buildInviteAcceptValidation(),
    controller.inviteAccept
  )
  .post(
    "/api/global/users/init",
    cloudRestricted,
    buildAdminInitValidation(),
    controller.adminUser
  )
  .get("/api/global/users/tenant/:id", controller.tenantUserLookup)
  // global endpoint but needs to come at end (blocks other endpoints otherwise)
  .get("/api/global/users/:id", builderOrAdmin, controller.find)
  // DEPRECATED - use new versions with self API
  .get("/api/global/users/self", selfController.getSelf)
  .post(
    "/api/global/users/self",
    users.buildUserSaveValidation(true),
    selfController.updateSelf
  )

module.exports = router
basic group apis 2021-04-19 22:34:07 +12:00			`const Router = require("@koa/router")`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`const controller = require("../../controllers/global/users")`
move worker middleware to backend-core 2022-07-22 22:50:51 +12:00			`const { joiValidator } = require("@budibase/backend-core/auth")`
			`const { adminOnly } = require("@budibase/backend-core/auth")`
basic group apis 2021-04-19 22:34:07 +12:00			`const Joi = require("joi")`
Add API keys between account portal and budibase 2021-10-05 01:40:50 +13:00			`const cloudRestricted = require("../../../middleware/cloudRestricted")`
user / rbac events + tests 2022-04-08 12:28:22 +12:00			`const { users } = require("../validation")`
Shifting over all of self API, deprecating old endpoints. 2022-02-15 07:11:35 +13:00			`const selfController = require("../../controllers/global/self")`
Some more logging, moving middlewares to backend-core. 2022-08-05 06:03:50 +12:00			`const { builderOrAdmin } = require("@budibase/backend-core/auth")`
basic group apis 2021-04-19 22:34:07 +12:00
Some updates, typescripting some more APIs, as well as fixing a lot of Router creation which did not specify the 'new' operator. 2022-09-23 01:59:28 +12:00			`const router = new Router()`
basic group apis 2021-04-19 22:34:07 +12:00
Adding some changes for to redis library, allowing reconnection. 2021-05-25 01:54:47 +12:00			`function buildAdminInitValidation() {`
Formatting. 2021-05-25 01:56:23 +12:00			`return joiValidator.body(`
			`Joi.object({`
			`email: Joi.string().required(),`
Cloud SSO flow and auto login on verification 2021-09-22 05:20:26 +12:00			`password: Joi.string(),`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`tenantId: Joi.string().required(),`
Formatting. 2021-05-25 01:56:23 +12:00			`})`
			`.required()`
			`.unknown(false)`
			`)`
Adding some changes for to redis library, allowing reconnection. 2021-05-25 01:54:47 +12:00			`}`

Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`function buildInviteValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`email: Joi.string().required(),`
Updating system to allow setting builder/admin as a toggle during the invitation phase of a user. 2021-05-25 05:45:43 +12:00			`userInfo: Joi.object().optional(),`
Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`}).required())`
			`}`

group / user app assignment 2022-07-05 20:21:59 +12:00			`function buildInviteMultipleValidation() {`
			`// prettier-ignore`
Fix users invited by email not being able to take priveleged roles 2022-08-04 02:16:26 +12:00			`return joiValidator.body(Joi.array().required().items(`
			`Joi.object({`
			`email: Joi.string(),`
			`userInfo: Joi.object().optional(),`
			`})`
			`))`
group / user app assignment 2022-07-05 20:21:59 +12:00			`}`

Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`function buildInviteAcceptValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`inviteCode: Joi.string().required(),`
			`password: Joi.string().required(),`
			`}).required().unknown(true))`
basic group apis 2021-04-19 22:34:07 +12:00			`}`

			`router`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`.post(`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`"/api/global/users",`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`adminOnly,`
user / rbac events + tests 2022-04-08 12:28:22 +12:00			`users.buildUserSaveValidation(),`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`controller.save`
			`)`
improve performance of adding users and groups 2022-07-12 02:29:39 +12:00			`.post(`
Updating user API to user a single bulk endpoint rather than case sensitive named endpoints. 2022-09-22 05:05:45 +12:00			`"/api/global/users/bulk",`
improve performance of adding users and groups 2022-07-12 02:29:39 +12:00			`adminOnly,`
Updating user API to user a single bulk endpoint rather than case sensitive named endpoints. 2022-09-22 05:05:45 +12:00			`users.buildUserBulkUserValidation(),`
			`controller.bulkUpdate`
improve performance of adding users and groups 2022-07-12 02:29:39 +12:00			`)`

fix users list on app overview 2022-06-02 02:20:56 +12:00			`.get("/api/global/users", builderOrAdmin, controller.fetch)`
Updating to maintain the old worker API for deprecation purposes, but removing from frontend usage. 2022-07-01 03:01:14 +12:00			`.post("/api/global/users/search", builderOrAdmin, controller.search)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`.delete("/api/global/users/:id", adminOnly, controller.destroy)`
use correct middleware 2022-08-04 01:37:41 +12:00			`.get("/api/global/users/count/:appId", builderOrAdmin, controller.countByApp)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`.get("/api/global/roles/:appId")`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`.post(`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`"/api/global/users/invite",`
Adding the ability to get all apps, with the status attached. 2021-05-20 02:09:57 +12:00			`adminOnly,`
			`buildInviteValidation(),`
			`controller.invite`
			`)`
group / user app assignment 2022-07-05 20:21:59 +12:00			`.post(`
Update multi-user invite endpoint 2022-08-04 06:20:33 +12:00			`"/api/global/users/multi/invite",`
group / user app assignment 2022-07-05 20:21:59 +12:00			`adminOnly,`
			`buildInviteMultipleValidation(),`
			`controller.inviteMultiple`
			`)`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`// non-global endpoints`
Formatting. 2021-05-06 02:19:44 +12:00			`.post(`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`"/api/global/users/invite/accept",`
Formatting. 2021-05-06 02:19:44 +12:00			`buildInviteAcceptValidation(),`
			`controller.inviteAccept`
			`)`
Formatting. 2021-05-25 01:56:23 +12:00			`.post(`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`"/api/global/users/init",`
Add API keys between account portal and budibase 2021-10-05 01:40:50 +13:00			`cloudRestricted,`
Formatting. 2021-05-25 01:56:23 +12:00			`buildAdminInitValidation(),`
			`controller.adminUser`
			`)`
Password reset for budibase users 2021-09-18 00:41:22 +12:00			`.get("/api/global/users/tenant/:id", controller.tenantUserLookup)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`// global endpoint but needs to come at end (blocks other endpoints otherwise)`
prevent redirect on app overview by allowing builders access to user endpoint 2022-07-13 22:49:23 +12:00			`.get("/api/global/users/:id", builderOrAdmin, controller.find)`
Shifting over all of self API, deprecating old endpoints. 2022-02-15 07:11:35 +13:00			`// DEPRECATED - use new versions with self API`
			`.get("/api/global/users/self", selfController.getSelf)`
			`.post(`
			`"/api/global/users/self",`
user / rbac events + tests 2022-04-08 12:28:22 +12:00			`users.buildUserSaveValidation(true),`
Shifting over all of self API, deprecating old endpoints. 2022-02-15 07:11:35 +13:00			`selfController.updateSelf`
			`)`
basic group apis 2021-04-19 22:34:07 +12:00
			`module.exports = router`