budibase/packages/worker/src/api/routes/global/auth.js

const Router = require("@koa/router")
const authController = require("../../controllers/global/auth")
const { joiValidator } = require("@budibase/backend-core/auth")
const Joi = require("joi")
const { updateTenantId } = require("@budibase/backend-core/tenancy")

const router = new Router()

function buildAuthValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    username: Joi.string().required(),
    password: Joi.string().required(),
  }).required().unknown(false))
}

function buildResetValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    email: Joi.string().required(),
  }).required().unknown(false))
}

function buildResetUpdateValidation() {
  // prettier-ignore
  return joiValidator.body(Joi.object({
    resetCode: Joi.string().required(),
    password: Joi.string().required(),
  }).required().unknown(false))
}

function updateTenant(ctx, next) {
  if (ctx.params) {
    updateTenantId(ctx.params.tenantId)
  }
  return next()
}

router
  .post(
    "/api/global/auth/:tenantId/login",
    buildAuthValidation(),
    updateTenant,
    authController.authenticate
  )
  .post(
    "/api/global/auth/:tenantId/reset",
    buildResetValidation(),
    updateTenant,
    authController.reset
  )
  .post(
    "/api/global/auth/:tenantId/reset/update",
    buildResetUpdateValidation(),
    updateTenant,
    authController.resetUpdate
  )
  .post("/api/global/auth/logout", authController.logout)
  .post("/api/global/auth/init", authController.setInitInfo)
  .get("/api/global/auth/init", authController.getInitInfo)
  .get(
    "/api/global/auth/:tenantId/google",
    updateTenant,
    authController.googlePreAuth
  )
  .get(
    "/api/global/auth/:tenantId/datasource/:provider",
    updateTenant,
    authController.datasourcePreAuth
  )
  // single tenancy endpoint
  .get("/api/global/auth/google/callback", authController.googleAuth)
  .get(
    "/api/global/auth/datasource/:provider/callback",
    authController.datasourceAuth
  )
  // multi-tenancy endpoint
  .get(
    "/api/global/auth/:tenantId/google/callback",
    updateTenant,
    authController.googleAuth
  )
  .get(
    "/api/global/auth/:tenantId/datasource/:provider/callback",
    updateTenant,
    authController.datasourceAuth
  )
  .get(
    "/api/global/auth/:tenantId/oidc/configs/:configId",
    updateTenant,
    authController.oidcPreAuth
  )
  // single tenancy endpoint
  .get("/api/global/auth/oidc/callback", authController.oidcAuth)
  // multi-tenancy endpoint
  .get(
    "/api/global/auth/:tenantId/oidc/callback",
    updateTenant,
    authController.oidcAuth
  )
  // deprecated - used by the default system before tenancy
  .get("/api/admin/auth/google/callback", authController.googleAuth)
  .get("/api/admin/auth/oidc/callback", authController.oidcAuth)

module.exports = router
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`const Router = require("@koa/router")`
			`const authController = require("../../controllers/global/auth")`
move worker middleware to backend-core 2022-07-22 22:50:51 +12:00			`const { joiValidator } = require("@budibase/backend-core/auth")`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`const Joi = require("joi")`
Switching out @budibase/auth to @budibase/backend-core. 2022-01-11 08:33:00 +13:00			`const { updateTenantId } = require("@budibase/backend-core/tenancy")`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00
Some updates, typescripting some more APIs, as well as fixing a lot of Router creation which did not specify the 'new' operator. 2022-09-23 01:59:28 +12:00			`const router = new Router()`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00
			`function buildAuthValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`username: Joi.string().required(),`
			`password: Joi.string().required(),`
			`}).required().unknown(false))`
			`}`

			`function buildResetValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`email: Joi.string().required(),`
			`}).required().unknown(false))`
			`}`

			`function buildResetUpdateValidation() {`
			`// prettier-ignore`
			`return joiValidator.body(Joi.object({`
			`resetCode: Joi.string().required(),`
			`password: Joi.string().required(),`
			`}).required().unknown(false))`
			`}`

			`function updateTenant(ctx, next) {`
Fixing an issue with OIDC URL for preauth. 2021-08-06 01:36:10 +12:00			`if (ctx.params) {`
			`updateTenantId(ctx.params.tenantId)`
			`}`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`return next()`
			`}`

			`router`
			`.post(`
			`"/api/global/auth/:tenantId/login",`
			`buildAuthValidation(),`
			`updateTenant,`
			`authController.authenticate`
			`)`
			`.post(`
			`"/api/global/auth/:tenantId/reset",`
			`buildResetValidation(),`
			`updateTenant,`
			`authController.reset`
			`)`
			`.post(`
			`"/api/global/auth/:tenantId/reset/update",`
			`buildResetUpdateValidation(),`
			`updateTenant,`
			`authController.resetUpdate`
			`)`
			`.post("/api/global/auth/logout", authController.logout)`
cookie based approach 2021-11-05 02:03:18 +13:00			`.post("/api/global/auth/init", authController.setInitInfo)`
			`.get("/api/global/auth/init", authController.getInitInfo)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`.get(`
			`"/api/global/auth/:tenantId/google",`
			`updateTenant,`
			`authController.googlePreAuth`
			`)`
google auth working 2022-01-06 21:08:54 +13:00			`.get(`
more flexible datasource auth config 2022-01-18 03:52:10 +13:00			`"/api/global/auth/:tenantId/datasource/:provider",`
google auth working 2022-01-06 21:08:54 +13:00			`updateTenant,`
more flexible datasource auth config 2022-01-18 03:52:10 +13:00			`authController.datasourcePreAuth`
google auth working 2022-01-06 21:08:54 +13:00			`)`
Fixing issue #2579. 2021-09-10 04:59:44 +12:00			`// single tenancy endpoint`
			`.get("/api/global/auth/google/callback", authController.googleAuth)`
more flexible datasource auth config 2022-01-18 03:52:10 +13:00			`.get(`
			`"/api/global/auth/datasource/:provider/callback",`
			`authController.datasourceAuth`
			`)`
Fixing issue #2579. 2021-09-10 04:59:44 +12:00			`// multi-tenancy endpoint`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`.get(`
			`"/api/global/auth/:tenantId/google/callback",`
			`updateTenant,`
			`authController.googleAuth`
			`)`
use env platform URL for datasource auth to prevent tenant overrides 2022-02-10 06:33:29 +13:00			`.get(`
			`"/api/global/auth/:tenantId/datasource/:provider/callback",`
			`updateTenant,`
			`authController.datasourceAuth`
			`)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`.get(`
			`"/api/global/auth/:tenantId/oidc/configs/:configId",`
			`updateTenant,`
			`authController.oidcPreAuth`
			`)`
Fixing issue #2579. 2021-09-10 04:59:44 +12:00			`// single tenancy endpoint`
			`.get("/api/global/auth/oidc/callback", authController.oidcAuth)`
			`// multi-tenancy endpoint`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`.get(`
			`"/api/global/auth/:tenantId/oidc/callback",`
			`updateTenant,`
			`authController.oidcAuth`
			`)`
			`// deprecated - used by the default system before tenancy`
			`.get("/api/admin/auth/google/callback", authController.googleAuth)`
			`.get("/api/admin/auth/oidc/callback", authController.oidcAuth)`

			`module.exports = router`