2022-08-26 06:41:47 +12:00
|
|
|
import Router from "@koa/router"
|
2023-11-21 09:52:29 +13:00
|
|
|
|
2020-12-17 08:50:02 +13:00
|
|
|
const compress = require("koa-compress")
|
2023-11-21 09:52:29 +13:00
|
|
|
|
2023-04-17 21:27:37 +12:00
|
|
|
import zlib from "zlib"
|
2022-08-26 06:41:47 +12:00
|
|
|
import { routes } from "./routes"
|
2024-05-22 05:13:54 +12:00
|
|
|
import { middleware as pro, sdk } from "@budibase/pro"
|
2024-07-09 01:21:07 +12:00
|
|
|
import { auth, middleware, env } from "@budibase/backend-core"
|
2024-05-22 05:13:54 +12:00
|
|
|
|
|
|
|
if (env.SQS_SEARCH_ENABLE) {
|
|
|
|
sdk.auditLogs.useSQLSearch()
|
|
|
|
}
|
2021-08-03 05:34:43 +12:00
|
|
|
|
2021-05-06 02:10:28 +12:00
|
|
|
const PUBLIC_ENDPOINTS = [
|
2022-11-12 00:10:07 +13:00
|
|
|
// deprecated single tenant sso callback
|
2021-08-05 23:00:33 +12:00
|
|
|
{
|
|
|
|
route: "/api/admin/auth/google/callback",
|
|
|
|
method: "GET",
|
|
|
|
},
|
2022-11-12 00:10:07 +13:00
|
|
|
// deprecated single tenant sso callback
|
2021-08-05 23:00:33 +12:00
|
|
|
{
|
|
|
|
route: "/api/admin/auth/oidc/callback",
|
|
|
|
method: "GET",
|
|
|
|
},
|
2021-04-29 05:13:21 +12:00
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
// this covers all of the POST auth routes
|
|
|
|
route: "/api/global/auth/:tenantId",
|
2021-04-29 05:13:21 +12:00
|
|
|
method: "POST",
|
|
|
|
},
|
2021-05-06 02:10:28 +12:00
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
// this covers all of the GET auth routes
|
|
|
|
route: "/api/global/auth/:tenantId",
|
2021-06-28 02:46:04 +12:00
|
|
|
method: "GET",
|
2021-04-29 05:13:21 +12:00
|
|
|
},
|
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
// this covers all of the public config routes
|
|
|
|
route: "/api/global/configs/public",
|
2021-04-29 05:13:21 +12:00
|
|
|
method: "GET",
|
|
|
|
},
|
2021-05-06 02:10:28 +12:00
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
route: "/api/global/configs/checklist",
|
2021-08-04 21:02:24 +12:00
|
|
|
method: "GET",
|
2021-05-06 02:10:28 +12:00
|
|
|
},
|
2021-05-06 22:56:53 +12:00
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
route: "/api/global/users/init",
|
2021-07-17 02:08:58 +12:00
|
|
|
method: "POST",
|
2021-05-06 22:56:53 +12:00
|
|
|
},
|
2024-03-28 23:46:58 +13:00
|
|
|
{
|
|
|
|
route: "/api/global/users/sso",
|
|
|
|
method: "POST",
|
|
|
|
},
|
2021-08-04 02:32:25 +12:00
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
route: "/api/global/users/invite/accept",
|
|
|
|
method: "POST",
|
2021-08-04 02:32:25 +12:00
|
|
|
},
|
|
|
|
{
|
2022-11-17 02:06:30 +13:00
|
|
|
route: "/api/system/environment",
|
2021-08-04 21:02:24 +12:00
|
|
|
method: "GET",
|
|
|
|
},
|
2022-02-25 03:41:24 +13:00
|
|
|
{
|
2022-11-17 02:06:30 +13:00
|
|
|
route: "/api/system/status",
|
2022-02-25 03:41:24 +13:00
|
|
|
method: "GET",
|
|
|
|
},
|
2022-11-12 00:10:07 +13:00
|
|
|
// TODO: This should be an internal api
|
2021-09-07 22:22:11 +12:00
|
|
|
{
|
|
|
|
route: "/api/global/users/tenant/:id",
|
|
|
|
method: "GET",
|
|
|
|
},
|
2022-11-12 00:10:07 +13:00
|
|
|
// TODO: This should be an internal api
|
2022-10-27 21:48:37 +13:00
|
|
|
{
|
|
|
|
route: "/api/system/restored",
|
|
|
|
method: "POST",
|
|
|
|
},
|
2023-01-28 02:44:57 +13:00
|
|
|
{
|
|
|
|
route: "/api/global/users/invite",
|
|
|
|
method: "GET",
|
|
|
|
},
|
2024-06-11 23:16:15 +12:00
|
|
|
{
|
|
|
|
route: "/api/global/tenant",
|
|
|
|
method: "POST",
|
|
|
|
},
|
2021-08-05 20:59:08 +12:00
|
|
|
]
|
|
|
|
|
|
|
|
const NO_TENANCY_ENDPOINTS = [
|
2022-11-12 00:10:07 +13:00
|
|
|
// system endpoints are not specific to any tenant
|
2021-08-04 21:02:24 +12:00
|
|
|
{
|
2021-08-05 20:59:08 +12:00
|
|
|
route: "/api/system",
|
|
|
|
method: "ALL",
|
2021-08-04 02:32:25 +12:00
|
|
|
},
|
2022-11-12 00:10:07 +13:00
|
|
|
// tenant is determined in request body
|
|
|
|
// used for creating the tenant
|
2021-08-04 02:32:25 +12:00
|
|
|
{
|
2022-11-12 00:10:07 +13:00
|
|
|
route: "/api/global/users/init",
|
|
|
|
method: "POST",
|
|
|
|
},
|
2024-03-28 23:46:58 +13:00
|
|
|
// tenant is retrieved from the user found by the requested email
|
|
|
|
{
|
|
|
|
route: "/api/global/users/sso",
|
|
|
|
method: "POST",
|
|
|
|
},
|
2022-11-12 00:10:07 +13:00
|
|
|
// deprecated single tenant sso callback
|
|
|
|
{
|
|
|
|
route: "/api/admin/auth/google/callback",
|
|
|
|
method: "GET",
|
|
|
|
},
|
|
|
|
// deprecated single tenant sso callback
|
|
|
|
{
|
|
|
|
route: "/api/admin/auth/oidc/callback",
|
2021-08-04 02:32:25 +12:00
|
|
|
method: "GET",
|
|
|
|
},
|
2024-05-30 03:40:53 +12:00
|
|
|
// global user search - no tenancy
|
|
|
|
// :id is user id
|
|
|
|
// TODO: this should really be `/api/system/users/:id`
|
|
|
|
{
|
|
|
|
route: "/api/global/users/tenant/:id",
|
|
|
|
method: "GET",
|
|
|
|
},
|
2022-11-12 00:10:07 +13:00
|
|
|
// tenant is determined from code in redis
|
2022-02-15 07:11:35 +13:00
|
|
|
{
|
2022-11-12 00:10:07 +13:00
|
|
|
route: "/api/global/users/invite/accept",
|
|
|
|
method: "POST",
|
|
|
|
},
|
|
|
|
{
|
2024-05-30 03:40:53 +12:00
|
|
|
route: "/api/global/users/invite/:code",
|
2022-02-15 07:11:35 +13:00
|
|
|
method: "GET",
|
|
|
|
},
|
2024-06-11 23:16:15 +12:00
|
|
|
{
|
|
|
|
route: "/api/global/tenant",
|
|
|
|
method: "POST",
|
|
|
|
},
|
2024-06-17 21:22:44 +12:00
|
|
|
{
|
|
|
|
route: "/api/global/tenant/:id",
|
|
|
|
method: "GET",
|
|
|
|
},
|
2021-04-27 02:44:28 +12:00
|
|
|
]
|
2020-12-17 08:50:02 +13:00
|
|
|
|
2022-01-26 11:54:50 +13:00
|
|
|
// most public endpoints are gets, but some are posts
|
|
|
|
// add them all to be safe
|
|
|
|
const NO_CSRF_ENDPOINTS = [...PUBLIC_ENDPOINTS]
|
|
|
|
|
2022-11-24 07:25:20 +13:00
|
|
|
const router: Router = new Router()
|
2023-02-14 00:53:01 +13:00
|
|
|
|
2020-12-17 08:50:02 +13:00
|
|
|
router
|
2023-02-14 00:53:01 +13:00
|
|
|
.use(middleware.errorHandling)
|
2020-12-17 08:50:02 +13:00
|
|
|
.use(
|
|
|
|
compress({
|
|
|
|
threshold: 2048,
|
|
|
|
gzip: {
|
2021-03-30 03:06:00 +13:00
|
|
|
flush: zlib.constants.Z_SYNC_FLUSH,
|
2020-12-17 08:50:02 +13:00
|
|
|
},
|
|
|
|
deflate: {
|
2021-03-30 03:06:00 +13:00
|
|
|
flush: zlib.constants.Z_SYNC_FLUSH,
|
2020-12-17 08:50:02 +13:00
|
|
|
},
|
|
|
|
br: false,
|
|
|
|
})
|
|
|
|
)
|
2021-05-04 22:32:22 +12:00
|
|
|
.use("/health", ctx => (ctx.status = 200))
|
2022-08-26 09:56:58 +12:00
|
|
|
.use(auth.buildAuthMiddleware(PUBLIC_ENDPOINTS))
|
|
|
|
.use(auth.buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
|
|
|
|
.use(auth.buildCsrfMiddleware({ noCsrfPatterns: NO_CSRF_ENDPOINTS }))
|
2022-03-18 21:01:31 +13:00
|
|
|
.use(pro.licensing())
|
2021-04-24 05:07:39 +12:00
|
|
|
// for now no public access is allowed to worker (bar health check)
|
|
|
|
.use((ctx, next) => {
|
2021-09-16 02:45:43 +12:00
|
|
|
if (ctx.publicEndpoint) {
|
|
|
|
return next()
|
|
|
|
}
|
2022-08-05 01:49:56 +12:00
|
|
|
if (
|
|
|
|
(!ctx.isAuthenticated || (ctx.user && !ctx.user.budibaseAccess)) &&
|
|
|
|
!ctx.internal
|
|
|
|
) {
|
2023-02-14 00:53:01 +13:00
|
|
|
ctx.throw(403, "Unauthorized")
|
2021-05-12 23:38:49 +12:00
|
|
|
}
|
2021-04-24 05:07:39 +12:00
|
|
|
return next()
|
|
|
|
})
|
2022-08-26 09:56:58 +12:00
|
|
|
.use(middleware.auditLog)
|
2020-12-17 08:50:02 +13:00
|
|
|
|
2021-05-04 22:32:22 +12:00
|
|
|
router.get("/health", ctx => (ctx.status = 200))
|
2020-12-17 08:50:02 +13:00
|
|
|
|
|
|
|
// authenticated routes
|
|
|
|
for (let route of routes) {
|
|
|
|
router.use(route.routes())
|
|
|
|
router.use(route.allowedMethods())
|
|
|
|
}
|
|
|
|
|
2022-11-29 06:54:04 +13:00
|
|
|
export default router
|