Account portal cors and auth changes

2024-07-01 12:30:41 +12:00 · 2021-09-07 11:22:11 +01:00 · 2021-09-07 11:22:11 +01:00 · 3d15db2223
parent 221a67fe5a
commit 3d15db2223
8 changed files with 76 additions and 1095 deletions
--- a/packages/server/src/api/controllers/row/ExternalRequest.ts
+++ b/packages/server/src/api/controllers/row/ExternalRequest.ts
@ -6,8 +6,16 @@ import {
  SearchFilters,
  SortJson,
 } from "../../../definitions/datasource"
-import {Datasource, FieldSchema, Row, Table} from "../../../definitions/common"
-import {breakRowIdField, generateRowIdField} from "../../../integrations/utils"
+import {
+  Datasource,
+  FieldSchema,
+  Row,
+  Table,
+} from "../../../definitions/common"
+import {
+  breakRowIdField,
+  generateRowIdField,
+} from "../../../integrations/utils"
 import { RelationshipTypes } from "../../../constants"

 interface ManyRelationship {
@ -348,7 +356,7 @@ module External {
     * information.
     */
    async lookupRelations(tableId: string, row: Row) {
-      const related: {[key: string]: any} = {}
+      const related: { [key: string]: any } = {}
      const { tableName } = breakExternalTableId(tableId)
      const table = this.tables[tableName]
      // @ts-ignore
@ -387,7 +395,11 @@ module External {
     * isn't supposed to exist anymore and delete those. This is better than the usual method of delete them
     * all and then re-create, as theres no chance of losing data (e.g. delete succeed, but write fail).
     */
-    async handleManyRelationships(mainTableId: string, row: Row, relationships: ManyRelationship[]) {
+    async handleManyRelationships(
+      mainTableId: string,
+      row: Row,
+      relationships: ManyRelationship[]
+    ) {
      const { appId } = this
      // if we're creating (in a through table) need to wipe the existing ones first
      const promises = []
@ -399,8 +411,10 @@ module External {
        // @ts-ignore
        const linkPrimary = linkTable.primary[0]
        const rows = related[key].rows || []
-        const found = rows.find((row: { [key: string]: any }) =>
-          row[linkPrimary] === relationship.id || row[linkPrimary] === body[linkPrimary]
+        const found = rows.find(
+          (row: { [key: string]: any }) =>
+            row[linkPrimary] === relationship.id ||
+            row[linkPrimary] === body[linkPrimary]
        )
        const operation = isUpdate
          ? DataSourceOperation.UPDATE
@ -420,13 +434,17 @@ module External {
        }
      }
      // finally cleanup anything that needs to be removed
-      for (let [colName, {isMany, rows, tableId}] of Object.entries(related)) {
+      for (let [colName, { isMany, rows, tableId }] of Object.entries(
+        related
+      )) {
        const table = this.getTable(tableId)
        for (let row of rows) {
          const filters = buildFilters(generateIdForRow(row, table), {}, table)
          // safety check, if there are no filters on deletion bad things happen
          if (Object.keys(filters).length !== 0) {
-            const op = isMany ? DataSourceOperation.DELETE : DataSourceOperation.UPDATE
+            const op = isMany
+              ? DataSourceOperation.DELETE
+              : DataSourceOperation.UPDATE
            const body = isMany ? null : { [colName]: null }
            promises.push(
              makeExternalQuery(this.appId, {
@ -448,7 +466,10 @@ module External {
     * Creating the specific list of fields that we desire, and excluding the ones that are no use to us
     * is more performant and has the added benefit of protecting against this scenario.
     */
-    buildFields(table: Table, includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE) {
+    buildFields(
+      table: Table,
+      includeRelations: IncludeRelationships = IncludeRelationships.INCLUDE
+    ) {
      function extractNonLinkFieldNames(table: Table, existing: string[] = []) {
        return Object.entries(table.schema)
          .filter(
@ -523,7 +544,10 @@ module External {
      // can't really use response right now
      const response = await makeExternalQuery(appId, json)
      // handle many to many relationships now if we know the ID (could be auto increment)
-      if (operation !== DataSourceOperation.READ && processed.manyRelationships) {
+      if (
+        operation !== DataSourceOperation.READ &&
+        processed.manyRelationships
+      ) {
        await this.handleManyRelationships(
          table._id || "",
          response[0],
--- a/packages/server/src/definitions/datasource.ts
+++ b/packages/server/src/definitions/datasource.ts
@ -42,7 +42,7 @@ export enum SourceNames {

 export enum IncludeRelationships {
  INCLUDE = 1,
-  EXCLUDE = 0
+  EXCLUDE = 0,
 }

 export interface QueryDefinition {
--- a/packages/server/yarn.lock
+++ b/packages/server/yarn.lock
--- a/packages/worker/package.json
+++ b/packages/worker/package.json
@ -34,6 +34,7 @@
    "joi": "^17.4.0",
    "koa": "^2.7.0",
    "koa-body": "^4.2.0",
+    "@koa/cors": "^3.1.0",
    "koa-compress": "^4.0.1",
    "koa-passport": "^4.1.4",
    "koa-pino-logger": "^3.0.0",
--- a/packages/worker/src/api/index.js
+++ b/packages/worker/src/api/index.js
@ -35,6 +35,7 @@ const PUBLIC_ENDPOINTS = [
    method: "GET",
  },
  {
+    // TODO: Add an provisioning API key to this endpoint in the cloud
    route: "/api/global/users/init",
    method: "POST",
  },
@ -46,6 +47,10 @@ const PUBLIC_ENDPOINTS = [
    route: "api/system/flags",
    method: "GET",
  },
+  {
+    route: "/api/global/users/tenant/:id",
+    method: "GET",
+  },
 ]

 const NO_TENANCY_ENDPOINTS = [
--- a/packages/worker/src/api/routes/global/users.js
+++ b/packages/worker/src/api/routes/global/users.js
@ -94,7 +94,7 @@ router
    controller.adminUser
  )
  .get("/api/global/users/self", controller.getSelf)
-  .get("/api/global/users/tenant/:id", adminOnly, controller.tenantLookup)
+  .get("/api/global/users/tenant/:id", controller.tenantLookup)
  // global endpoint but needs to come at end (blocks other endpoints otherwise)
  .get("/api/global/users/:id", adminOnly, controller.find)

--- a/packages/worker/src/index.js
+++ b/packages/worker/src/index.js
@ -6,6 +6,7 @@ const Koa = require("koa")
 const destroyable = require("server-destroy")
 const koaBody = require("koa-body")
 const koaSession = require("koa-session")
+const cors = require("@koa/cors")
 const { passport } = require("@budibase/auth").auth
 const logger = require("koa-pino-logger")
 const http = require("http")
@ -14,6 +15,14 @@ const redis = require("./utilities/redis")

 const app = new Koa()

+// TODO: Remove this when using envoy / nginx
+const accountPortalCors = {
+  origin: "http://localhost:3001",
+  credentials: true,
+}
+
+app.use(cors(accountPortalCors))
+
 app.keys = ["secret", "key"]

 // set up top level koa middleware
--- a/packages/worker/yarn.lock
+++ b/packages/worker/yarn.lock
@ -499,6 +499,13 @@
    "@types/yargs" "^15.0.0"
    chalk "^4.0.0"

+"@koa/cors@^3.1.0":
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/@koa/cors/-/cors-3.1.0.tgz#618bb073438cfdbd3ebd0e648a76e33b84f3a3b2"
+  integrity sha512-7ulRC1da/rBa6kj6P4g2aJfnET3z8Uf3SWu60cjbtxTA5g8lxRdX/Bd2P92EagGwwAhANeNw8T8if99rJliR6Q==
+  dependencies:
+    vary "^1.1.2"
+
 "@koa/router@^8.0.0":
  version "8.0.8"
  resolved "https://registry.yarnpkg.com/@koa/router/-/router-8.0.8.tgz#95f32d11373d03d89dcb63fabe9ac6f471095236"