budibase/packages/worker/src/api/index.ts

import Router from "@koa/router"

const compress = require("koa-compress")

import zlib from "zlib"
import { routes } from "./routes"
import { middleware as pro, sdk } from "@budibase/pro"
import { auth, middleware, env } from "@budibase/backend-core"

if (env.SQS_SEARCH_ENABLE) {
  sdk.auditLogs.useSQLSearch()
}

const PUBLIC_ENDPOINTS = [
  // deprecated single tenant sso callback
  {
    route: "/api/admin/auth/google/callback",
    method: "GET",
  },
  // deprecated single tenant sso callback
  {
    route: "/api/admin/auth/oidc/callback",
    method: "GET",
  },
  {
    // this covers all of the POST auth routes
    route: "/api/global/auth/:tenantId",
    method: "POST",
  },
  {
    // this covers all of the GET auth routes
    route: "/api/global/auth/:tenantId",
    method: "GET",
  },
  {
    // this covers all of the public config routes
    route: "/api/global/configs/public",
    method: "GET",
  },
  {
    route: "/api/global/configs/checklist",
    method: "GET",
  },
  {
    route: "/api/global/users/init",
    method: "POST",
  },
  {
    route: "/api/global/users/sso",
    method: "POST",
  },
  {
    route: "/api/global/users/invite/accept",
    method: "POST",
  },
  {
    route: "/api/system/environment",
    method: "GET",
  },
  {
    route: "/api/system/status",
    method: "GET",
  },
  // TODO: This should be an internal api
  {
    route: "/api/global/users/tenant/:id",
    method: "GET",
  },
  // TODO: This should be an internal api
  {
    route: "/api/system/restored",
    method: "POST",
  },
  {
    route: "/api/global/users/invite",
    method: "GET",
  },
  {
    route: "/api/global/tenant",
    method: "POST",
  },
]

const NO_TENANCY_ENDPOINTS = [
  // system endpoints are not specific to any tenant
  {
    route: "/api/system",
    method: "ALL",
  },
  // tenant is determined in request body
  // used for creating the tenant
  {
    route: "/api/global/users/init",
    method: "POST",
  },
  // tenant is retrieved from the user found by the requested email
  {
    route: "/api/global/users/sso",
    method: "POST",
  },
  // deprecated single tenant sso callback
  {
    route: "/api/admin/auth/google/callback",
    method: "GET",
  },
  // deprecated single tenant sso callback
  {
    route: "/api/admin/auth/oidc/callback",
    method: "GET",
  },
  // global user search - no tenancy
  // :id is user id
  // TODO: this should really be `/api/system/users/:id`
  {
    route: "/api/global/users/tenant/:id",
    method: "GET",
  },
  // tenant is determined from code in redis
  {
    route: "/api/global/users/invite/accept",
    method: "POST",
  },
  {
    route: "/api/global/users/invite/:code",
    method: "GET",
  },
  {
    route: "/api/global/tenant",
    method: "POST",
  },
  {
    route: "/api/global/tenant/:id",
    method: "GET",
  },
]

// most public endpoints are gets, but some are posts
// add them all to be safe
const NO_CSRF_ENDPOINTS = [...PUBLIC_ENDPOINTS]

const router: Router = new Router()

router
  .use(middleware.errorHandling)
  .use(
    compress({
      threshold: 2048,
      gzip: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      deflate: {
        flush: zlib.constants.Z_SYNC_FLUSH,
      },
      br: false,
    })
  )
  .use("/health", ctx => (ctx.status = 200))
  .use(auth.buildAuthMiddleware(PUBLIC_ENDPOINTS))
  .use(auth.buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
  .use(auth.buildCsrfMiddleware({ noCsrfPatterns: NO_CSRF_ENDPOINTS }))
  .use(pro.licensing())
  // for now no public access is allowed to worker (bar health check)
  .use((ctx, next) => {
    if (ctx.publicEndpoint) {
      return next()
    }
    if (
      (!ctx.isAuthenticated || (ctx.user && !ctx.user.budibaseAccess)) &&
      !ctx.internal
    ) {
      ctx.throw(403, "Unauthorized")
    }
    return next()
  })
  .use(middleware.auditLog)

router.get("/health", ctx => (ctx.status = 200))

// authenticated routes
for (let route of routes) {
  router.use(route.routes())
  router.use(route.allowedMethods())
}

export default router
update bulk create and bulk delete backend 2022-08-26 06:41:47 +12:00			`import Router from "@koa/router"`
eslint import/newline-after-import 2023-11-21 09:52:29 +13:00
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00			`const compress = require("koa-compress")`
eslint import/newline-after-import 2023-11-21 09:52:29 +13:00
Replace usages 2023-04-17 21:27:37 +12:00			`import zlib from "zlib"`
update bulk create and bulk delete backend 2022-08-26 06:41:47 +12:00			`import { routes } from "./routes"`
Some work to allow toggling between lucene search and SQL search for audit logs. 2024-05-22 05:13:54 +12:00			`import { middleware as pro, sdk } from "@budibase/pro"`
Finish implementation, fix tests. 2024-07-09 01:21:07 +12:00			`import { auth, middleware, env } from "@budibase/backend-core"`
Some work to allow toggling between lucene search and SQL search for audit logs. 2024-05-22 05:13:54 +12:00
			`if (env.SQS_SEARCH_ENABLE) {`
			`sdk.auditLogs.useSQLSearch()`
			`}`
re-write, to use the ideas that Rory put in place, still WIP, un-tested but all implemented. 2021-08-03 05:34:43 +12:00
Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`const PUBLIC_ENDPOINTS = [`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// deprecated single tenant sso callback`
Making old google/oidc callback endpoints public. 2021-08-05 23:00:33 +12:00			`{`
			`route: "/api/admin/auth/google/callback",`
			`method: "GET",`
			`},`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// deprecated single tenant sso callback`
Making old google/oidc callback endpoints public. 2021-08-05 23:00:33 +12:00			`{`
			`route: "/api/admin/auth/oidc/callback",`
			`method: "GET",`
			`},`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`// this covers all of the POST auth routes`
			`route: "/api/global/auth/:tenantId",`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`method: "POST",`
			`},`
Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`// this covers all of the GET auth routes`
			`route: "/api/global/auth/:tenantId",`
Proof of concept OIDC implementation 2021-06-28 02:46:04 +12:00			`method: "GET",`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`},`
			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`// this covers all of the public config routes`
			`route: "/api/global/configs/public",`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`method: "GET",`
			`},`
Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`route: "/api/global/configs/checklist",`
Revert "Multi-tenancy/organisations" 2021-08-04 21:02:24 +12:00			`method: "GET",`
Finalising the usage of redis in the password reset and invitation systems. 2021-05-06 02:10:28 +12:00			`},`
merge with next 2021-05-06 22:56:53 +12:00			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`route: "/api/global/users/init",`
Updating auth to utilise the tenant system. 2021-07-17 02:08:58 +12:00			`method: "POST",`
merge with next 2021-05-06 22:56:53 +12:00			`},`
Adds POST /api/global/users/sso endpoint 2024-03-28 23:46:58 +13:00			`{`
			`route: "/api/global/users/sso",`
			`method: "POST",`
			`},`
Implementing some changes to how context gets set for tenancy, after testing, as well as updating server. 2021-08-04 02:32:25 +12:00			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`route: "/api/global/users/invite/accept",`
			`method: "POST",`
Implementing some changes to how context gets set for tenancy, after testing, as well as updating server. 2021-08-04 02:32:25 +12:00			`},`
			`{`
Test fixes 2022-11-17 02:06:30 +13:00			`route: "/api/system/environment",`
Revert "Multi-tenancy/organisations" 2021-08-04 21:02:24 +12:00			`method: "GET",`
			`},`
Add status banner that reacts to cypress healthcheck failures 2022-02-25 03:41:24 +13:00			`{`
Test fixes 2022-11-17 02:06:30 +13:00			`route: "/api/system/status",`
Add status banner that reacts to cypress healthcheck failures 2022-02-25 03:41:24 +13:00			`method: "GET",`
			`},`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// TODO: This should be an internal api`
Account portal cors and auth changes 2021-09-07 22:22:11 +12:00			`{`
			`route: "/api/global/users/tenant/:id",`
			`method: "GET",`
			`},`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// TODO: This should be an internal api`
Adding a fix for checklist being incorrect after restoring from the CLI. 2022-10-27 21:48:37 +13:00			`{`
			`route: "/api/system/restored",`
			`method: "POST",`
			`},`
UI Onboarding UI/UX auth refactoring 2023-01-28 02:44:57 +13:00			`{`
			`route: "/api/global/users/invite",`
			`method: "GET",`
			`},`
Create Tenant endpoint + tenant_info doc (#13902) * Create Tenant endpoint + tenant_info doc * Don't catch on tenant_info put * PR comments * unit test 2024-06-11 23:16:15 +12:00			`{`
			`route: "/api/global/tenant",`
			`method: "POST",`
			`},`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`]`

			`const NO_TENANCY_ENDPOINTS = [`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// system endpoints are not specific to any tenant`
Revert "Multi-tenancy/organisations" 2021-08-04 21:02:24 +12:00			`{`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 4834b765be85b95d9e102f8e7964604ea2f78a90, reversing changes made to 2456e6948340e409ff07f3712acbaec0448082bf. 2021-08-05 20:59:08 +12:00			`route: "/api/system",`
			`method: "ALL",`
Implementing some changes to how context gets set for tenancy, after testing, as well as updating server. 2021-08-04 02:32:25 +12:00			`},`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// tenant is determined in request body`
			`// used for creating the tenant`
Implementing some changes to how context gets set for tenancy, after testing, as well as updating server. 2021-08-04 02:32:25 +12:00			`{`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`route: "/api/global/users/init",`
			`method: "POST",`
			`},`
Adds POST /api/global/users/sso endpoint 2024-03-28 23:46:58 +13:00			`// tenant is retrieved from the user found by the requested email`
			`{`
			`route: "/api/global/users/sso",`
			`method: "POST",`
			`},`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// deprecated single tenant sso callback`
			`{`
			`route: "/api/admin/auth/google/callback",`
			`method: "GET",`
			`},`
			`// deprecated single tenant sso callback`
			`{`
			`route: "/api/admin/auth/oidc/callback",`
Implementing some changes to how context gets set for tenancy, after testing, as well as updating server. 2021-08-04 02:32:25 +12:00			`method: "GET",`
			`},`
If a user starts the onboarding process, make sure they can still accept an invite (#13794) * Add free_trial to deploy camunda script * Getting invite details should not require tenancy * make sure onboarding cookie is complete * Make sure password is atleast 8 characters * yarn lock * update pro and account-portal * update account-portal 2024-05-30 03:40:53 +12:00			`// global user search - no tenancy`
			`// :id is user id`
			// TODO: this should really be `/api/system/users/:id`
			`{`
			`route: "/api/global/users/tenant/:id",`
			`method: "GET",`
			`},`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`// tenant is determined from code in redis`
Shifting over all of self API, deprecating old endpoints. 2022-02-15 07:11:35 +13:00			`{`
Support path variable tenancy detection, add /api/system/* tests, update no tenancy matchers to be more accurate 2022-11-12 00:10:07 +13:00			`route: "/api/global/users/invite/accept",`
			`method: "POST",`
			`},`
			`{`
If a user starts the onboarding process, make sure they can still accept an invite (#13794) * Add free_trial to deploy camunda script * Getting invite details should not require tenancy * make sure onboarding cookie is complete * Make sure password is atleast 8 characters * yarn lock * update pro and account-portal * update account-portal 2024-05-30 03:40:53 +12:00			`route: "/api/global/users/invite/:code",`
Shifting over all of self API, deprecating old endpoints. 2022-02-15 07:11:35 +13:00			`method: "GET",`
			`},`
Create Tenant endpoint + tenant_info doc (#13902) * Create Tenant endpoint + tenant_info doc * Don't catch on tenant_info put * PR comments * unit test 2024-06-11 23:16:15 +12:00			`{`
			`route: "/api/global/tenant",`
			`method: "POST",`
			`},`
Add endpoint to GET tenant info from tenant global DB. (#13923) * Add GET tenant info endpoint * Add GET global tenant to endpoint list. * Use correct not found code * Fix unit test * Code review comments * Ignore account portal check types * remove account-portal-ui from type check ignore * Remove ignore account-portal-ui from type check 2024-06-17 21:22:44 +12:00			`{`
			`route: "/api/global/tenant/:id",`
			`method: "GET",`
			`},`
Adding auth endpoints to no auth list. 2021-04-27 02:44:28 +12:00			`]`
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00
Add CSRF Token 2022-01-26 11:54:50 +13:00			`// most public endpoints are gets, but some are posts`
			`// add them all to be safe`
			`const NO_CSRF_ENDPOINTS = [...PUBLIC_ENDPOINTS]`

Refactoring worker, converting all controllers/routes to Typescript and all imports of backend-core to new style. 2022-11-24 07:25:20 +13:00			`const router: Router = new Router()`
Configurable test log levels and common error handling 2023-02-14 00:53:01 +13:00
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00			`router`
Configurable test log levels and common error handling 2023-02-14 00:53:01 +13:00			`.use(middleware.errorHandling)`
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00			`.use(`
			`compress({`
			`threshold: 2048,`
			`gzip: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00			`},`
			`deflate: {`
Replacing deprecated symbols. 2021-03-30 03:06:00 +13:00			`flush: zlib.constants.Z_SYNC_FLUSH,`
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00			`},`
			`br: false,`
			`})`
			`)`
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`.use("/health", ctx => (ctx.status = 200))`
Update user creation UI 2022-08-26 09:56:58 +12:00			`.use(auth.buildAuthMiddleware(PUBLIC_ENDPOINTS))`
			`.use(auth.buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))`
			`.use(auth.buildCsrfMiddleware({ noCsrfPatterns: NO_CSRF_ENDPOINTS }))`
Add developer usage restrictions to SSO user creation 2022-03-18 21:01:31 +13:00			`.use(pro.licensing())`
Updating test cases and some re-work of the email system. 2021-04-24 05:07:39 +12:00			`// for now no public access is allowed to worker (bar health check)`
			`.use((ctx, next) => {`
Access controls for cloud, self, and regular budibase users 2021-09-16 02:45:43 +12:00			`if (ctx.publicEndpoint) {`
			`return next()`
			`}`
Sync global-info users to fix login + prevent double password hashing 2022-08-05 01:49:56 +12:00			`if (`
			`(!ctx.isAuthenticated \|\| (ctx.user && !ctx.user.budibaseAccess)) &&`
			`!ctx.internal`
			`) {`
Configurable test log levels and common error handling 2023-02-14 00:53:01 +13:00			`ctx.throw(403, "Unauthorized")`
fixes from PR 2021-05-12 23:38:49 +12:00			`}`
Updating test cases and some re-work of the email system. 2021-04-24 05:07:39 +12:00			`return next()`
			`})`
Update user creation UI 2022-08-26 09:56:58 +12:00			`.use(middleware.auditLog)`
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00
Add explicit prettier options 2021-05-04 22:32:22 +12:00			`router.get("/health", ctx => (ctx.status = 200))`
Adding a deployment service which takes over from the lambdas in local operation, this may become part of the hosting portal if we ever decide to opensource that part of it. 2020-12-17 08:50:02 +13:00
			`// authenticated routes`
			`for (let route of routes) {`
			`router.use(route.routes())`
			`router.use(route.allowedMethods())`
			`}`

General work after running some tests in CI - general refactoring as well. 2022-11-29 06:54:04 +13:00			`export default router`