budibase/packages/server/src/api/index.ts

import Router from "@koa/router"
import { errors, auth } from "@budibase/backend-core"
import currentApp from "../middleware/currentapp"
import zlib from "zlib"
import { mainRoutes, staticRoutes, publicRoutes } from "./routes"
import pkg from "../../package.json"
import env from "../environment"
import { middleware as pro } from "@budibase/pro"
export { shutdown } from "./routes/public"
const compress = require("koa-compress")

export const router: Router = new Router()

router.get("/health", ctx => (ctx.status = 200))
router.get("/version", ctx => (ctx.body = pkg.version))

router
  .use(
    compress({
      threshold: 2048,
      gzip: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      deflate: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      br: false,
    })
  )
  .use(async (ctx, next) => {
    ctx.config = {
      jwtSecret: env.JWT_SECRET,
      useAppRootPath: true,
    }
    await next()
  })
  // re-direct before any middlewares occur
  .redirect("/", "/builder")
  .use(
    auth.buildAuthMiddleware([], {
      publicAllowed: true,
    })
  )
  // nothing in the server should allow query string tenants
  // the server can be public anywhere, so nowhere should throw errors
  // if the tenancy has not been set, it'll have to be discovered at application layer
  .use(
    auth.buildTenancyMiddleware([], [], {
      noTenancyRequired: true,
    })
  )
  .use(pro.licensing())
  // @ts-ignore
  .use(currentApp)
  .use(auth.auditLog)

// error handling middleware
router.use(async (ctx, next) => {
  try {
    await next()
  } catch (err: any) {
    ctx.status = err.status || err.statusCode || 500
    const error = errors.getPublicError(err)
    ctx.body = {
      message: err.message,
      status: ctx.status,
      validationErrors: err.validation,
      error,
    }
    ctx.log.error(err)
    // unauthorised errors don't provide a useful trace
    if (!env.isTest()) {
      console.trace(err)
    }
  }
})

// authenticated routes
for (let route of mainRoutes) {
  router.use(route.routes())
  router.use(route.allowedMethods())
}

router.use(publicRoutes.routes())
router.use(publicRoutes.allowedMethods())

// WARNING - static routes will catch everything else after them this must be last
router.use(staticRoutes.routes())
router.use(staticRoutes.allowedMethods())
Finally removing all usages of backend-core/ type imports from server, including some further typescript conversions. 2022-11-23 08:49:59 +13:00			`import Router from "@koa/router"`
			`import { errors, auth } from "@budibase/backend-core"`
			`import currentApp from "../middleware/currentapp"`
			`import zlib from "zlib"`
			`import { mainRoutes, staticRoutes, publicRoutes } from "./routes"`
			`import pkg from "../../package.json"`
			`import env from "../environment"`
			`import { middleware as pro } from "@budibase/pro"`
			`export { shutdown } from "./routes/public"`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const compress = require("koa-compress")`
scripting block 2021-03-27 03:56:34 +13:00
Finally removing all usages of backend-core/ type imports from server, including some further typescript conversions. 2022-11-23 08:49:59 +13:00			`export const router: Router = new Router()`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00
Fix test 2022-03-25 03:24:56 +13:00			`router.get("/health", ctx => (ctx.status = 200))`
			`router.get("/version", ctx => (ctx.body = pkg.version))`

further simplification of server code 2020-05-08 01:04:32 +12:00			`router`
			`.use(`
			`compress({`
			`threshold: 2048,`
			`gzip: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`},`
			`deflate: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`},`
brotli lint 2020-05-19 01:58:39 +12:00			`br: false,`
Auth working 2020-05-07 07:29:47 +12:00			`})`
further simplification of server code 2020-05-08 01:04:32 +12:00			`)`
			`.use(async (ctx, next) => {`
			`ctx.config = {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`jwtSecret: env.JWT_SECRET,`
bugfix: links not respecting appRootPath 2020-06-03 23:29:42 +12:00			`useAppRootPath: true,`
adding test structure 2020-04-09 03:57:27 +12:00			`}`
further simplification of server code 2020-05-08 01:04:32 +12:00			`await next()`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`})`
Fixing an issue with redirect having the middleware applied before the redirection 2021-09-07 02:48:46 +12:00			`// re-direct before any middlewares occur`
			`.redirect("/", "/builder")`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`.use(`
Fixes based on server build so far. 2022-11-27 04:10:41 +13:00			`auth.buildAuthMiddleware([], {`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`publicAllowed: true,`
			`})`
			`)`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`// nothing in the server should allow query string tenants`
Allowing all server endpoints to run without tenant information, as most endpoints in server can be public. 2021-09-07 03:01:45 +12:00			`// the server can be public anywhere, so nowhere should throw errors`
			`// if the tenancy has not been set, it'll have to be discovered at application layer`
			`.use(`
Fixes based on server build so far. 2022-11-27 04:10:41 +13:00			`auth.buildTenancyMiddleware([], [], {`
Allowing all server endpoints to run without tenant information, as most endpoints in server can be public. 2021-09-07 03:01:45 +12:00			`noTenancyRequired: true,`
			`})`
			`)`
Add developer usage restrictions to SSO user creation 2022-03-18 21:01:31 +13:00			`.use(pro.licensing())`
Finally removing all usages of backend-core/ type imports from server, including some further typescript conversions. 2022-11-23 08:49:59 +13:00			`// @ts-ignore`
Move day pass middleware from authenticated to licensing, sent activity to account portal 2022-09-07 03:24:36 +12:00			`.use(currentApp)`
Finally removing all usages of backend-core/ type imports from server, including some further typescript conversions. 2022-11-23 08:49:59 +13:00			`.use(auth.auditLog)`
further simplification of server code 2020-05-08 01:04:32 +12:00
			`// error handling middleware`
			`router.use(async (ctx, next) => {`
			`try {`
			`await next()`
Finally removing all usages of backend-core/ type imports from server, including some further typescript conversions. 2022-11-23 08:49:59 +13:00			`} catch (err: any) {`
further simplification of server code 2020-05-08 01:04:32 +12:00			`ctx.status = err.status \|\| err.statusCode \|\| 500`
Better error handling around license errors 2022-03-17 06:29:47 +13:00			`const error = errors.getPublicError(err)`
further simplification of server code 2020-05-08 01:04:32 +12:00			`ctx.body = {`
			`message: err.message,`
			`status: ctx.status,`
fix lint issues 2021-08-17 08:07:15 +12:00			`validationErrors: err.validation,`
Better error handling around license errors 2022-03-17 06:29:47 +13:00			`error,`
further simplification of server code 2020-05-08 01:04:32 +12:00			`}`
builder / app / app preview served events 2022-04-09 01:07:11 +12:00			`ctx.log.error(err)`
Removing spam of unauthorised traces from tests, may be causing stack overflow. 2022-07-05 03:34:59 +12:00			`// unauthorised errors don't provide a useful trace`
			`if (!env.isTest()) {`
			`console.trace(err)`
			`}`
further simplification of server code 2020-05-08 01:04:32 +12:00			`}`
			`})`
adding test structure 2020-04-09 03:57:27 +12:00
further simplification of server code 2020-05-08 01:04:32 +12:00			`// authenticated routes`
Updating to have proper access control via an accessController and nearly ready to spit out the routing structure. 2020-11-17 07:04:44 +13:00			`for (let route of mainRoutes) {`
			`router.use(route.routes())`
			`router.use(route.allowedMethods())`
			`}`
serve determines whether analytics are enabled 2020-09-30 04:23:34 +13:00
Adding variables to generator. 2022-02-17 07:23:38 +13:00			`router.use(publicRoutes.routes())`
			`router.use(publicRoutes.allowedMethods())`

Updating to have proper access control via an accessController and nearly ready to spit out the routing structure. 2020-11-17 07:04:44 +13:00			`// WARNING - static routes will catch everything else after them this must be last`
further simplification of server code 2020-05-08 01:04:32 +12:00			`router.use(staticRoutes.routes())`
			`router.use(staticRoutes.allowedMethods())`