CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-07-05 22:40:39 +12:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:Budibase/budibase into feature/sql-query-aliasing

Browse source
This commit is contained in:
mike12345567 2023-12-07 13:12:16 +00:00
parent 7eccbb851d cab2a0cddb
commit 8110a33fd8
71 changed files with 1318 additions and 600 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/stale_bot.yml vendored
View file

@ -10,6 +10,7 @@ jobs:
steps:
- uses: actions/stale@v8
with:
days-before-stale: 330
operations-per-run: 1
# stale rules for PRs
days-before-pr-stale: 7

9
charts/budibase/Chart.lock
View file

@ -1,9 +1,6 @@
dependencies:
- name: couchdb
repository: https://apache.github.io/couchdb-helm
version: 3.3.4
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
version: 4.0.13
digest: sha256:20892705c2d8e64c98257d181063a514ac55013e2b43399a6e54868a97f97845
generated: "2021-12-30T18:55:30.878411Z"
version: 4.3.0
digest: sha256:94449a7f195b186f5af33ec5aa66d58b36bede240fae710f021ca87837b30606
generated: "2023-11-20T17:43:02.777596Z"

6
charts/budibase/Chart.yaml
View file

@ -17,10 +17,6 @@ version: 0.0.0
appVersion: 0.0.0
dependencies:
- name: couchdb
version: 3.3.4
version: 4.3.0
repository: https://apache.github.io/couchdb-helm
condition: services.couchdb.enabled
- name: ingress-nginx
version: 4.0.13
repository: https://kubernetes.github.io/ingress-nginx
condition: ingress.nginx

228
charts/budibase/README.md
View file

@ -1,39 +1,217 @@
# Budibase
# budibase
[Budibase](https://budibase.com/) Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes.
## TL;DR;
```console
$ cd chart
$ helm install budibase .
```
## Introduction
This chart bootstraps a [Budibase](https://budibase.com/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes.
## Prerequisites
- helm v3 or above
- `helm` v3 or above
- Kubernetes 1.4+
- PV provisioner support in the underlying infrastructure (with persistence storage enabled)
- A storage controller (if you want to use persistent storage)
- An ingress controller (if you want to define an `Ingress` resource)
- `metrics-server` (if you want to make use of horizontal pod autoscaling)
## Installing the Chart
## Chart dependencies
To install the chart with the release name `budi-release`:
This chart depends on the official Apache CouchDB chart. You can see its
documentation here:
<https://github.com/apache/couchdb-helm/tree/couchdb-4.3.0/couchdb>.
## Upgrading
### `2.x` to `3.0.0`
We made a number of breaking changes in this release to make the chart more
idiomatic and easier to use.
1. We no longer bundle `ingress-nginx`. If you were relying on this to supply
an ingress controller to your cluster, you will now need to deploy that
separately. You'll find guidance for that here:
<https://kubernetes.github.io/ingress-nginx/>.
2. We've upgraded the version of the [CouchDB chart](https://github.com/apache/couchdb-helm)
we use from `3.3.4` to `4.3.0`. The primary motivation for this was to align
the CouchDB chart used with the CouchDB version used, which has also updated
from 3.1.1 to 3.2.1. Additionally, we're moving away from the official CouchDB
to one we're building ourselves.
3. We've separated out the supplied AWS ALB ingress resource for those deploying
into EKS. Where previously you enabled this by setting `ingress.enabled: false`
and `ingress.aws: true`, you now set `awsAlbIngress.enabled: true` and all
configuration for it is under `awsAlbIngress`.
4. The `HorizontalPodAutoscaler` that was configured at `hpa.enabled: true` has
been split into 3 separate HPAs, one for each of `apps`, `worker`, and `proxy`.
They are configured at `services.{apps,worker,proxy}.autoscaling`.
## Installing
To install the chart from our repository:
```console
$ helm install budi-release .
$ helm repo add budibase https://budibase.github.io/budibase/
$ helm repo update
$ helm install --create-namespace --namespace budibase budibase budibase/budibase
```
The command deploys Budibase on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
To install the chart from this repo:
```console
$ helm delete my-release
$ git clone git@github.com:budibase/budibase.git
$ cd budibase/charts/budibase
$ helm install --create-namespace --namespace budibase budibase .
```
## Example minimal configuration
Here's an example `values.yaml` that would get a Budibase instance running in a home
cluster using an nginx ingress controller and NFS as cluster storage (basically one of our
staff's homelabs).
<details>
```yaml
ingress:
enabled: true
className: "nginx"
hosts:
- host: budibase.local # set this to whatever DNS name you'd use
paths:
- backend:
service:
name: proxy-service
port:
number: 10000
path: /
pathType: Prefix
couchdb:
persistentVolume:
enabled: true
storageClass: "nfs-client"
adminPassword: admin
services:
objectStore:
storageClass: "nfs-client"
redis:
storageClass: "nfs-client"
```
If you wanted to use this when bringing up Budibase in your own cluster, you could save it
to your hard disk and run the following:
```console
$ helm install --create-namespace --namespace budibase budibase . -f values.yaml
```
</details>
## Configuring
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Sets the affinity for all pods created by this chart. Should not ordinarily need to be changed. See <https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/> for more information on affinity. |
| awsAlbIngress.certificateArn | string | `""` | If you're wanting to use HTTPS, you'll need to create an ACM certificate and specify the ARN here. |
| awsAlbIngress.enabled | bool | `false` | Whether to create an ALB Ingress resource pointing to the Budibase proxy. Requires the AWS ALB Ingress Controller. |
| couchdb.clusterSize | int | `1` | The number of replicas to run in the CouchDB cluster. We set this to 1 by default to make things simpler, but you can set it to 3 if you need a high-availability CouchDB cluster. |
| couchdb.couchdbConfig.couchdb.uuid | string | `"budibase-couchdb"` | Unique identifier for this CouchDB server instance. You shouldn't need to change this. |
| couchdb.image | object | `{}` | We use a custom CouchDB image for running Budibase and we don't support using any other CouchDB image. You shouldn't change this, and if you do we can't guarantee that Budibase will work. |
| globals.apiEncryptionKey | string | `""` | Used for encrypting API keys and environment variables when stored in the database. You don't need to set this if `createSecrets` is true. |
| globals.appVersion | string | `""` | The version of Budibase to deploy. Defaults to what's specified by {{ .Chart.AppVersion }}. Ends up being used as the image version tag for the apps, proxy, and worker images. |
| globals.automationMaxIterations | string | `"200"` | The maximum number of iterations allows for an automation loop step. You can read more about looping here: <https://docs.budibase.com/docs/looping>. |
| globals.budibaseEnv | string | `"PRODUCTION"` | Sets the environment variable BUDIBASE_ENVIRONMENT for the apps and worker pods. Should not ordinarily need to be changed. |
| globals.cookieDomain | string | `""` | Sets the domain attribute of the cookie that Budibase uses to store session information. See <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent> for details on why you might want to set this. |
| globals.createSecrets | bool | `true` | Create an internal API key, JWT secret, object store access key and secret, and store them in a Kubernetes `Secret`. |
| globals.enableAnalytics | string | `"1"` | Whether to enable analytics or not. You can read more about our analytics here: <https://docs.budibase.com/docs/analytics>. |
| globals.google | object | `{"clientId":"","secret":""}` | Google OAuth settings. These can also be set in the Budibase UI, see <https://docs.budibase.com/docs/sso-with-google> for details. |
| globals.google.clientId | string | `""` | Client ID of your Google OAuth app. |
| globals.google.secret | string | `""` | Client secret of your Google OAuth app. |
| globals.httpMigrations | string | `"0"` | Whether or not to enable doing data migrations over the HTTP API. If this is set to "0", migrations are run on startup. You shouldn't ordinarily need to change this. |
| globals.internalApiKey | string | `""` | API key used for internal Budibase API calls. You don't need to set this if `createSecrets` is true. |
| globals.internalApiKeyFallback | string | `""` | A fallback value for `internalApiKey`. If you're rotating your encryption key, you can set this to the old value for the duration of the rotation. |
| globals.jwtSecret | string | `""` | Secret used for signing JWTs. You don't need to set this if `createSecrets` is true. |
| globals.jwtSecretFallback | string | `""` | A fallback value for `jwtSecret`. If you're rotating your JWT secret, you can set this to the old value for the duration of the rotation. |
| globals.platformUrl | string | `""` | Set the `platformUrl` binding. You can also do this in Settings > Organisation if you are self-hosting. |
| globals.smtp.enabled | bool | `false` | Whether to enable SMTP or not. |
| globals.smtp.from | string | `""` | The email address to use in the "From:" field of emails sent by Budibase. |
| globals.smtp.host | string | `""` | The hostname of your SMTP server. |
| globals.smtp.password | string | `""` | The password to use when authenticating with your SMTP server. |
| globals.smtp.port | string | `"587"` | The port of your SMTP server. |
| globals.smtp.user | string | `""` | The username to use when authenticating with your SMTP server. |
| globals.tenantFeatureFlags | string | `"*:LICENSING,*:USER_GROUPS,*:ONBOARDING_TOUR"` | Sets what feature flags are enabled and for which tenants. Should not ordinarily need to be changed. |
| imagePullSecrets | list | `[]` | Passed to all pods created by this chart. Should not ordinarily need to be changed. |
| ingress.className | string | `""` | What ingress class to use. |
| ingress.enabled | bool | `true` | Whether to create an Ingress resource pointing to the Budibase proxy. |
| ingress.hosts | list | `[]` | Standard hosts block for the Ingress resource. Defaults to pointing to the Budibase proxy. |
| nameOverride | string | `""` | Override the name of the deploymen. Defaults to {{ .Chart.Name }}. |
| service.port | int | `10000` | Port to expose on the service. |
| service.type | string | `"ClusterIP"` | Service type for the service that points to the main Budibase proxy pod. |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| services.apps.autoscaling.enabled | bool | `false` | Whether to enable horizontal pod autoscaling for the apps service. |
| services.apps.autoscaling.maxReplicas | int | `10` | |
| services.apps.autoscaling.minReplicas | int | `1` | |
| services.apps.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage for the apps service. Note that for autoscaling to work, you will need to have metrics-server configured, and resources set for the apps pods. |
| services.apps.httpLogging | int | `1` | Whether or not to log HTTP requests to the apps service. |
| services.apps.livenessProbe | object | HTTP health checks. | Liveness probe configuration for apps pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.apps.logLevel | string | `"info"` | The log level for the apps service. |
| services.apps.readinessProbe | object | HTTP health checks. | Readiness probe configuration for apps pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.apps.replicaCount | int | `1` | The number of apps replicas to run. |
| services.apps.resources | object | `{}` | The resources to use for apps pods. See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for more information on how to set these. |
| services.apps.startupProbe | object | HTTP health checks. | Startup probe configuration for apps pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.couchdb.backup.enabled | bool | `false` | Whether or not to enable periodic CouchDB backups. This works by replicating to another CouchDB instance. |
| services.couchdb.backup.interval | string | `""` | Backup interval in seconds |
| services.couchdb.backup.resources | object | `{}` | The resources to use for CouchDB backup pods. See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for more information on how to set these. |
| services.couchdb.backup.target | string | `""` | Target couchDB instance to back up to, either a hostname or an IP address. |
| services.couchdb.enabled | bool | `true` | Whether or not to spin up a CouchDB instance in your cluster. True by default, and the configuration for the CouchDB instance is under the `couchdb` key at the root of this file. You can see what options are available to you by looking at the official CouchDB Helm chart: <https://github.com/apache/couchdb-helm/tree/couchdb-4.3.0/couchdb>. |
| services.couchdb.port | int | `5984` | |
| services.dns | string | `"cluster.local"` | The DNS suffix to use for service discovery. You only need to change this if you've configured your cluster to use a different DNS suffix. |
| services.objectStore.accessKey | string | `""` | AWS_ACCESS_KEY if using S3 |
| services.objectStore.browser | bool | `true` | Whether to enable the Minio web console or not. If you're exposing Minio to the Internet (via a custom Ingress record, for example), you should set this to false. If you're only exposing Minio to your cluster, you can leave this as true. |
| services.objectStore.cloudfront.cdn | string | `""` | Set the url of a distribution to enable cloudfront. |
| services.objectStore.cloudfront.privateKey64 | string | `""` | Base64 encoded private key for the above public key. |
| services.objectStore.cloudfront.publicKeyId | string | `""` | ID of public key stored in cloudfront. |
| services.objectStore.minio | bool | `true` | Set to false if using another object store, such as S3. You will need to set `services.objectStore.url` to point to your bucket if you do this. |
| services.objectStore.region | string | `""` | AWS_REGION if using S3 |
| services.objectStore.resources | object | `{}` | The resources to use for Minio pods. See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for more information on how to set these. |
| services.objectStore.secretKey | string | `""` | AWS_SECRET_ACCESS_KEY if using S3 |
| services.objectStore.storage | string | `"100Mi"` | How much storage to give Minio in its PersistentVolumeClaim. |
| services.objectStore.storageClass | string | `""` | If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| services.objectStore.url | string | `"http://minio-service:9000"` | URL to use for object storage. Only change this if you're using an external object store, such as S3. Remember to set `minio: false` if you do this. |
| services.proxy.autoscaling.enabled | bool | `false` | Whether to enable horizontal pod autoscaling for the proxy service. |
| services.proxy.autoscaling.maxReplicas | int | `10` | |
| services.proxy.autoscaling.minReplicas | int | `1` | |
| services.proxy.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage for the proxy service. Note that for autoscaling to work, you will need to have metrics-server configured, and resources set for the proxy pods. |
| services.proxy.livenessProbe | object | HTTP health checks. | Liveness probe configuration for proxy pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.proxy.readinessProbe | object | HTTP health checks. | Readiness probe configuration for proxy pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.proxy.replicaCount | int | `1` | The number of proxy replicas to run. |
| services.proxy.resources | object | `{}` | The resources to use for proxy pods. See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for more information on how to set these. |
| services.proxy.startupProbe | object | HTTP health checks. | Startup probe configuration for proxy pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.redis.enabled | bool | `true` | Whether or not to deploy a Redis pod into your cluster. |
| services.redis.password | string | `"budibase"` | The password to use when connecting to Redis. It's recommended that you change this from the default if you're running Redis in-cluster. |
| services.redis.port | int | `6379` | Port to expose Redis on. |
| services.redis.resources | object | `{}` | The resources to use for Redis pods. See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for more information on how to set these. |
| services.redis.storage | string | `"100Mi"` | How much persistent storage to allocate to Redis. |
| services.redis.storageClass | string | `""` | If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| services.redis.url | string | `""` | If you choose to run Redis externally to this chart, you can specify the connection details here. |
| services.worker.autoscaling.enabled | bool | `false` | Whether to enable horizontal pod autoscaling for the worker service. |
| services.worker.autoscaling.maxReplicas | int | `10` | |
| services.worker.autoscaling.minReplicas | int | `1` | |
| services.worker.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage for the worker service. Note that for autoscaling to work, you will need to have metrics-server configured, and resources set for the worker pods. |
| services.worker.httpLogging | int | `1` | Whether or not to log HTTP requests to the worker service. |
| services.worker.livenessProbe | object | HTTP health checks. | Liveness probe configuration for worker pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.worker.logLevel | string | `"info"` | The log level for the worker service. |
| services.worker.readinessProbe | object | HTTP health checks. | Readiness probe configuration for worker pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| services.worker.replicaCount | int | `1` | The number of worker replicas to run. |
| services.worker.resources | object | `{}` | The resources to use for worker pods. See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for more information on how to set these. |
| services.worker.startupProbe | object | HTTP health checks. | Startup probe configuration for worker pods. You shouldn't need to change this, but if you want to you can find more information here: <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/> |
| tolerations | list | `[]` | Sets the tolerations for all pods created by this chart. Should not ordinarily need to be changed. See <https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/> for more information on tolerations. |
## Uninstalling
To uninstall the chart, assuming you named the release `budibase` (both commands in the installation section do so):
```console
$ helm uninstall --namespace budibase budibase
```
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

117
charts/budibase/README.md.gotmpl Normal file
View file

@ -0,0 +1,117 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
## Prerequisites
- `helm` v3 or above
- Kubernetes 1.4+
- A storage controller (if you want to use persistent storage)
- An ingress controller (if you want to define an `Ingress` resource)
- `metrics-server` (if you want to make use of horizontal pod autoscaling)
## Chart dependencies
This chart depends on the official Apache CouchDB chart. You can see its
documentation here:
<https://github.com/apache/couchdb-helm/tree/couchdb-4.3.0/couchdb>.
## Upgrading
### `2.x` to `3.0.0`
We made a number of breaking changes in this release to make the chart more
idiomatic and easier to use.
1. We no longer bundle `ingress-nginx`. If you were relying on this to supply
an ingress controller to your cluster, you will now need to deploy that
separately. You'll find guidance for that here:
<https://kubernetes.github.io/ingress-nginx/>.
2. We've upgraded the version of the [CouchDB chart](https://github.com/apache/couchdb-helm)
we use from `3.3.4` to `4.3.0`. The primary motivation for this was to align
the CouchDB chart used with the CouchDB version used, which has also updated
from 3.1.1 to 3.2.1. Additionally, we're moving away from the official CouchDB
to one we're building ourselves.
3. We've separated out the supplied AWS ALB ingress resource for those deploying
into EKS. Where previously you enabled this by setting `ingress.enabled: false`
and `ingress.aws: true`, you now set `awsAlbIngress.enabled: true` and all
configuration for it is under `awsAlbIngress`.
4. The `HorizontalPodAutoscaler` that was configured at `hpa.enabled: true` has
been split into 3 separate HPAs, one for each of `apps`, `worker`, and `proxy`.
They are configured at `services.{apps,worker,proxy}.autoscaling`.
## Installing
To install the chart from our repository:
```console
$ helm repo add budibase https://budibase.github.io/budibase/
$ helm repo update
$ helm install --create-namespace --namespace budibase budibase budibase/budibase
```
To install the chart from this repo:
```console
$ git clone git@github.com:budibase/budibase.git
$ cd budibase/charts/budibase
$ helm install --create-namespace --namespace budibase budibase .
```
## Example minimal configuration
Here's an example `values.yaml` that would get a Budibase instance running in a home
cluster using an nginx ingress controller and NFS as cluster storage (basically one of our
staff's homelabs).
<details>
```yaml
ingress:
enabled: true
className: "nginx"
hosts:
- host: budibase.local # set this to whatever DNS name you'd use
paths:
- backend:
service:
name: proxy-service
port:
number: 10000
path: /
pathType: Prefix
couchdb:
persistentVolume:
enabled: true
storageClass: "nfs-client"
adminPassword: admin
services:
objectStore:
storageClass: "nfs-client"
redis:
storageClass: "nfs-client"
```
If you wanted to use this when bringing up Budibase in your own cluster, you could save it
to your hard disk and run the following:
```console
$ helm install --create-namespace --namespace budibase budibase . -f values.yaml
```
</details>
## Configuring
{{ template "chart.valuesTable" . }}
## Uninstalling
To uninstall the chart, assuming you named the release `budibase` (both commands in the installation section do so):
```console
$ helm uninstall --namespace budibase budibase
```
{{ template "helm-docs.versionFooter" . }}

BIN
charts/budibase/charts/couchdb-3.3.4.tgz
View file

Binary file not shown.

BIN
charts/budibase/charts/couchdb-4.3.0.tgz Normal file
View file

Binary file not shown.

BIN
charts/budibase/charts/ingress-nginx-4.0.13.tgz
View file

Binary file not shown.

16
charts/budibase/templates/alb-ingress.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.ingress.aws }}
{{- if .Values.awsAlbIngress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@ -9,22 +9,22 @@ metadata:
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthcheck-path: '/health'
{{- if .Values.ingress.certificateArn }}
{{- if .Values.awsAlbIngress.certificateArn }}
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.certificateArn }}
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.awsAlbIngress.certificateArn }}
{{- end }}
{{- if .Values.ingress.sslPolicy }}
alb.ingress.kubernetes.io/actions.ssl-policy: {{ .Values.ingress.sslPolicy }}
{{- if .Values.awsAlbIngress.sslPolicy }}
alb.ingress.kubernetes.io/actions.ssl-policy: {{ .Values.awsAlbIngress.sslPolicy }}
{{- end }}
{{- if .Values.ingress.securityGroups }}
alb.ingress.kubernetes.io/security-groups: {{ .Values.ingress.securityGroups }}
{{- if .Values.awsAlbIngress.securityGroups }}
alb.ingress.kubernetes.io/security-groups: {{ .Values.awsAlbIngress.securityGroups }}
{{- end }}
spec:
rules:
- http:
paths:
{{- if .Values.ingress.certificateArn }}
{{- if .Values.awsAlbIngress.certificateArn }}
- path: /
pathType: Prefix
backend:

6
charts/budibase/templates/app-service-deployment.yaml
View file

@ -2,12 +2,9 @@ apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
{{ if .Values.services.apps.deploymentAnnotations }}
{{- toYaml .Values.services.apps.deploymentAnnotations | indent 4 -}}
{{ end }}
creationTimestamp: null
labels:
io.kompose.service: app-service
{{ if .Values.services.apps.deploymentLabels }}
@ -24,12 +21,9 @@ spec:
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
{{ if .Values.services.apps.templateAnnotations }}
{{- toYaml .Values.services.apps.templateAnnotations | indent 8 -}}
{{ end }}
creationTimestamp: null
labels:
io.kompose.service: app-service
{{ if .Values.services.apps.templateLabels }}

32
charts/budibase/templates/app-service-hpa.yaml Normal file
View file

@ -0,0 +1,32 @@
{{- if .Values.services.apps.autoscaling.enabled }}
apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "budibase.fullname" . }}-apps
labels:
{{- include "budibase.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: app-service
minReplicas: {{ .Values.services.apps.autoscaling.minReplicas }}
maxReplicas: {{ .Values.services.apps.autoscaling.maxReplicas }}
metrics:
{{- if .Values.services.apps.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.services.apps.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.services.apps.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.services.apps.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

4
charts/budibase/templates/app-service-service.yaml
View file

@ -1,10 +1,6 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: app-service
name: app-service

8
charts/budibase/templates/couchdb-backup.yaml
View file

@ -2,10 +2,6 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
app.kubernetes.io/name: couchdb-backup
name: couchdb-backup
@ -18,10 +14,6 @@ spec:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
app.kubernetes.io/name: couchdb-backup
spec:

28
charts/budibase/templates/hpa.yaml
View file

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "budibase.fullname" . }}
labels:
{{- include "budibase.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "budibase.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

1
charts/budibase/templates/minio-data-persistentvolumeclaim.yaml
View file

@ -2,7 +2,6 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: minio-data
name: minio-data

8
charts/budibase/templates/minio-service-deployment.yaml
View file

@ -2,10 +2,6 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: minio-service
name: minio-service
@ -18,10 +14,6 @@ spec:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: minio-service
spec:

4
charts/budibase/templates/minio-service-service.yaml
View file

@ -2,10 +2,6 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: minio-service
name: minio-service

7
charts/budibase/templates/proxy-service-deployment.yaml
View file

@ -2,12 +2,9 @@ apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
{{ if .Values.services.proxy.deploymentAnnotations }}
{{- toYaml .Values.services.proxy.deploymentAnnotations | indent 4 -}}
{{ end }}
creationTimestamp: null
labels:
app.kubernetes.io/name: budibase-proxy
{{ if .Values.services.proxy.deploymentLabels }}
@ -19,17 +16,15 @@ spec:
selector:
matchLabels:
app.kubernetes.io/name: budibase-proxy
minReadySeconds: 10
strategy:
type: RollingUpdate
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
{{ if .Values.services.proxy.templateAnnotations }}
{{- toYaml .Values.services.proxy.templateAnnotations | indent 8 -}}
{{ end }}
creationTimestamp: null
labels:
app.kubernetes.io/name: budibase-proxy
{{ if .Values.services.proxy.templateLabels }}

32
charts/budibase/templates/proxy-service-hpa.yaml Normal file
View file

@ -0,0 +1,32 @@
{{- if .Values.services.proxy.autoscaling.enabled }}
apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "budibase.fullname" . }}-proxy
labels:
{{- include "budibase.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: proxy-service
minReplicas: {{ .Values.services.proxy.autoscaling.minReplicas }}
maxReplicas: {{ .Values.services.proxy.autoscaling.maxReplicas }}
metrics:
{{- if .Values.services.proxy.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.services.proxy.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.services.proxy.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.services.proxy.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

6
charts/budibase/templates/proxy-service-service.yaml
View file

@ -1,10 +1,6 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
app.kubernetes.io/name: budibase-proxy
name: proxy-service
@ -16,4 +12,4 @@ spec:
selector:
app.kubernetes.io/name: budibase-proxy
status:
loadBalancer: {}
loadBalancer: {}

1
charts/budibase/templates/redis-data-persistentvolumeclaim.yaml
View file

@ -2,7 +2,6 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: redis-data
name: redis-data

8
charts/budibase/templates/redis-service-deployment.yaml
View file

@ -2,10 +2,6 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: redis-service
name: redis-service
@ -18,10 +14,6 @@ spec:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: redis-service
spec:

4
charts/budibase/templates/redis-service-service.yaml
View file

@ -2,10 +2,6 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: redis-service
name: redis-service

6
charts/budibase/templates/worker-service-deployment.yaml
View file

@ -2,12 +2,9 @@ apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
{{ if .Values.services.worker.deploymentAnnotations }}
{{- toYaml .Values.services.worker.deploymentAnnotations | indent 4 -}}
{{ end }}
creationTimestamp: null
labels:
io.kompose.service: worker-service
{{ if .Values.services.worker.deploymentLabels }}
@ -24,12 +21,9 @@ spec:
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
{{ if .Values.services.worker.templateAnnotations }}
{{- toYaml .Values.services.worker.templateAnnotations | indent 8 -}}
{{ end }}
creationTimestamp: null
labels:
io.kompose.service: worker-service
{{ if .Values.services.worker.templateLabels }}

32
charts/budibase/templates/worker-service-hpa.yaml Normal file
View file

@ -0,0 +1,32 @@
{{- if .Values.services.worker.autoscaling.enabled }}
apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "budibase.fullname" . }}-worker
labels:
{{- include "budibase.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: worker-service
minReplicas: {{ .Values.services.worker.autoscaling.minReplicas }}
maxReplicas: {{ .Values.services.worker.autoscaling.maxReplicas }}
metrics:
{{- if .Values.services.worker.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.services.worker.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.services.worker.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.services.worker.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

4
charts/budibase/templates/worker-service-service.yaml
View file

@ -1,10 +1,6 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: worker-service
name: worker-service

507
charts/budibase/values.yaml
View file

@ -1,56 +1,32 @@
# Default values for budibase.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# -- Passed to all pods created by this chart. Should not ordinarily need to be changed.
imagePullSecrets: []
# -- Override the name of the deploymen. Defaults to {{ .Chart.Name }}.
nameOverride: ""
# fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
# -- Specifies whether a service account should be created
create: true
# Annotations to add to the service account
# -- Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
{}
# fsGroup: 2000
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
# -- Service type for the service that points to the main Budibase proxy pod.
type: ClusterIP
# -- Port to expose on the service.
port: 10000
ingress:
# -- Whether to create an Ingress resource pointing to the Budibase proxy.
enabled: true
aws: false
nginx: true
certificateArn: ""
# -- What ingress class to use.
className: ""
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/client-max-body-size: 150M
nginx.ingress.kubernetes.io/proxy-body-size: 50m
# -- Standard hosts block for the Ingress resource. Defaults to pointing to the Budibase proxy.
hosts:
- host: # change if using custom domain
# @ignore
- host:
paths:
- path: /
pathType: Prefix
@ -60,361 +36,426 @@ ingress:
port:
number: 10000
autoscaling:
awsAlbIngress:
# -- Whether to create an ALB Ingress resource pointing to the Budibase proxy. Requires the AWS ALB Ingress Controller.
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
# -- If you're wanting to use HTTPS, you'll need to create an ACM certificate and specify the ARN here.
certificateArn: ""
# -- Sets the tolerations for all pods created by this chart. Should not ordinarily need to be changed.
# See <https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/> for more information
# on tolerations.
tolerations: []
# -- Sets the affinity for all pods created by this chart. Should not ordinarily
# need to be changed. See
# <https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/>
# for more information on affinity.
affinity: {}
globals:
appVersion: "" # Use as an override to .Chart.AppVersion
# -- The version of Budibase to deploy. Defaults to what's specified by {{ .Chart.AppVersion }}.
# Ends up being used as the image version tag for the apps, proxy, and worker images.
appVersion: ""
# -- Sets the environment variable BUDIBASE_ENVIRONMENT for the apps and worker pods. Should not
# ordinarily need to be changed.
budibaseEnv: PRODUCTION
# -- Sets what feature flags are enabled and for which tenants. Should not ordinarily need to be
# changed.
tenantFeatureFlags: "*:LICENSING,*:USER_GROUPS,*:ONBOARDING_TOUR"
# -- Whether to enable analytics or not. You can read more about our analytics here:
# <https://docs.budibase.com/docs/analytics>.
enableAnalytics: "1"
# @ignore (only used if enableAnalytics is set to 1)
posthogToken: "phc_bIjZL7oh2GEUd2vqvTBH8WvrX0fWTFQMs6H5KQxiUxU"
selfHosted: "1" # set to 0 for budibase cloud environment, set to 1 for self-hosted setup
multiTenancy: "0" # set to 0 to disable multiple orgs, set to 1 to enable multiple orgs
offlineMode: "0" # set to 1 to enable offline mode
# @ignore (should not normally need to be changed, we only set this to "0"
# when deploying to our Cloud environment)
selfHosted: "1"
# @ignore (doesn't work out of the box for self-hosted users, only meant for Budicloud)
multiTenancy: "0"
# @ignore (only currently used to determine whether to fetch licenses offline or not, should
# not normally need to be changed, and only applies to Enterprise customers)
offlineMode: "0"
# @ignore (only needs to be set in our cloud environment)
accountPortalUrl: ""
# @ignore (only needs to be set in our cloud environment)
accountPortalApiKey: ""
# -- Sets the domain attribute of the cookie that Budibase uses to store session information.
# See <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent>
# for details on why you might want to set this.
cookieDomain: ""
# -- Set the `platformUrl` binding. You can also do this in Settings > Organisation if you are
# self-hosting.
platformUrl: ""
# -- Whether or not to enable doing data migrations over the HTTP API. If this is set to "0",
# migrations are run on startup. You shouldn't ordinarily need to change this.
httpMigrations: "0"
# -- Google OAuth settings. These can also be set in the Budibase UI, see
# <https://docs.budibase.com/docs/sso-with-google> for details.
google:
# -- Client ID of your Google OAuth app.
clientId: ""
# -- Client secret of your Google OAuth app.
secret: ""
# -- The maximum number of iterations allows for an automation loop step. You can read more about
# looping here: <https://docs.budibase.com/docs/looping>.
automationMaxIterations: "200"
createSecrets: true # creates an internal API key, JWT secrets and redis password for you
# -- Create an internal API key, JWT secret, object store access key and
# secret, and store them in a Kubernetes `Secret`.
createSecrets: true
# if createSecrets is set to false, you can hard-code your secrets here
# -- Used for encrypting API keys and environment variables when stored in the database.
# You don't need to set this if `createSecrets` is true.
apiEncryptionKey: ""
# -- API key used for internal Budibase API calls. You don't need to set this
# if `createSecrets` is true.
internalApiKey: ""
# -- Secret used for signing JWTs. You don't need to set this if `createSecrets` is true.
jwtSecret: ""
cdnUrl: ""
# fallback values used during live rotation
# -- A fallback value for `internalApiKey`. If you're rotating your encryption key, you can
# set this to the old value for the duration of the rotation.
internalApiKeyFallback: ""
# -- A fallback value for `jwtSecret`. If you're rotating your JWT secret, you can set this
# to the old value for the duration of the rotation.
jwtSecretFallback: ""
smtp:
# -- Whether to enable SMTP or not.
enabled: false
# globalAgentHttpProxy:
# globalAgentHttpsProxy:
# globalAgentNoProxy:
# -- The hostname of your SMTP server.
host: ""
# -- The port of your SMTP server.
port: "587"
# -- The email address to use in the "From:" field of emails sent by Budibase.
from: ""
# -- The username to use when authenticating with your SMTP server.
user: ""
# -- The password to use when authenticating with your SMTP server.
password: ""
services:
budibaseVersion: latest
# -- The DNS suffix to use for service discovery. You only need to change this
# if you've configured your cluster to use a different DNS suffix.
dns: cluster.local
# tlsRejectUnauthorized: 0
proxy:
# @ignore (you shouldn't need to change this)
port: 10000
# -- The number of proxy replicas to run.
replicaCount: 1
# @ignore (you should never need to change this)
upstreams:
apps: "http://app-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.apps.port }}"
worker: "http://worker-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.worker.port }}"
minio: "http://minio-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.objectStore.port }}"
couchdb: "http://{{ .Release.Name }}-svc-couchdb:{{ .Values.services.couchdb.port }}"
# -- The resources to use for proxy pods. See
# <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>
# for more information on how to set these.
resources: {}
# -- Startup probe configuration for proxy pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
startupProbe:
# @ignore
httpGet:
path: /health
port: 10000
scheme: HTTP
# @ignore
failureThreshold: 30
# @ignore
periodSeconds: 3
# -- Readiness probe configuration for proxy pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
readinessProbe:
# @ignore
httpGet:
path: /health
port: 10000
scheme: HTTP
# @ignore
periodSeconds: 3
# @ignore
failureThreshold: 1
# -- Liveness probe configuration for proxy pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
livenessProbe:
# @ignore
httpGet:
path: /health
port: 10000
scheme: HTTP
# @ignore
failureThreshold: 3
# @ignore
periodSeconds: 5
# annotations:
# co.elastic.logs/module: nginx
# co.elastic.logs/fileset.stdout: access
# co.elastic.logs/fileset.stderr: error
autoscaling:
# -- Whether to enable horizontal pod autoscaling for the proxy service.
enabled: false
minReplicas: 1
maxReplicas: 10
# -- Target CPU utilization percentage for the proxy service. Note that
# for autoscaling to work, you will need to have metrics-server
# configured, and resources set for the proxy pods.
targetCPUUtilizationPercentage: 80
apps:
# @ignore (you shouldn't need to change this)
port: 4002
# -- The number of apps replicas to run.
replicaCount: 1
# -- The log level for the apps service.
logLevel: info
# -- Whether or not to log HTTP requests to the apps service.
httpLogging: 1
# -- The resources to use for apps pods. See
# <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>
# for more information on how to set these.
resources: {}
# -- Startup probe configuration for apps pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
startupProbe:
# @ignore
httpGet:
path: /health
port: 4002
scheme: HTTP
# @ignore
failureThreshold: 30
# @ignore
periodSeconds: 3
# -- Readiness probe configuration for apps pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
readinessProbe:
# @ignore
httpGet:
path: /health
port: 4002
scheme: HTTP
# @ignore
periodSeconds: 3
# @ignore
failureThreshold: 1
# -- Liveness probe configuration for apps pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
livenessProbe:
# @ignore
httpGet:
path: /health
port: 4002
scheme: HTTP
# @ignore
failureThreshold: 3
# @ignore
periodSeconds: 5
# nodeDebug: "" # set the value of NODE_DEBUG
# annotations:
# co.elastic.logs/multiline.type: pattern
# co.elastic.logs/multiline.pattern: '^[[:space:]]'
# co.elastic.logs/multiline.negate: false
# co.elastic.logs/multiline.match: after
autoscaling:
# -- Whether to enable horizontal pod autoscaling for the apps service.
enabled: false
minReplicas: 1
maxReplicas: 10
# -- Target CPU utilization percentage for the apps service. Note that for
# autoscaling to work, you will need to have metrics-server configured,
# and resources set for the apps pods.
targetCPUUtilizationPercentage: 80
worker:
# @ignore (you shouldn't need to change this)
port: 4003
# -- The number of worker replicas to run.
replicaCount: 1
# -- The log level for the worker service.
logLevel: info
# -- Whether or not to log HTTP requests to the worker service.
httpLogging: 1
# -- The resources to use for worker pods. See
# <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>
# for more information on how to set these.
resources: {}
# -- Startup probe configuration for worker pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
startupProbe:
# @ignore
httpGet:
path: /health
port: 4003
scheme: HTTP
# @ignore
failureThreshold: 30
# @ignore
periodSeconds: 3
# -- Readiness probe configuration for worker pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
readinessProbe:
# @ignore
httpGet:
path: /health
port: 4003
scheme: HTTP
# @ignore
periodSeconds: 3
# @ignore
failureThreshold: 1
# -- Liveness probe configuration for worker pods. You shouldn't need to
# change this, but if you want to you can find more information here:
# <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>
# @default -- HTTP health checks.
livenessProbe:
# @ignore
httpGet:
path: /health
port: 4003
scheme: HTTP
# @ignore
failureThreshold: 3
# @ignore
periodSeconds: 5
# annotations:
# co.elastic.logs/multiline.type: pattern
# co.elastic.logs/multiline.pattern: '^[[:space:]]'
# co.elastic.logs/multiline.negate: false
# co.elastic.logs/multiline.match: after
autoscaling:
# -- Whether to enable horizontal pod autoscaling for the worker service.
enabled: false
minReplicas: 1
maxReplicas: 10
# -- Target CPU utilization percentage for the worker service. Note that
# for autoscaling to work, you will need to have metrics-server
# configured, and resources set for the worker pods.
targetCPUUtilizationPercentage: 80
couchdb:
# -- Whether or not to spin up a CouchDB instance in your cluster. True by
# default, and the configuration for the CouchDB instance is under the
# `couchdb` key at the root of this file. You can see what options are
# available to you by looking at the official CouchDB Helm chart:
# <https://github.com/apache/couchdb-helm/tree/couchdb-4.3.0/couchdb>.
enabled: true
# url: "" # only change if pointing to existing couch server
# user: "" # only change if pointing to existing couch server
# password: "" # only change if pointing to existing couch server
port: 5984
backup:
# -- Whether or not to enable periodic CouchDB backups. This works by replicating
# to another CouchDB instance.
enabled: false
# target couchDB instance to back up to
# -- Target couchDB instance to back up to, either a hostname or an IP address.
target: ""
# backup interval in seconds
# -- Backup interval in seconds
interval: ""
# -- The resources to use for CouchDB backup pods. See
# <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>
# for more information on how to set these.
resources: {}
redis:
enabled: true # disable if using external redis
# -- Whether or not to deploy a Redis pod into your cluster.
enabled: true
# -- Port to expose Redis on.
port: 6379
# @ignore (you should leave this as 1, we don't support clustering Redis)
replicaCount: 1
url: "" # only change if pointing to existing redis cluster and enabled: false
password: "budibase" # recommended to override if using built-in redis
# -- If you choose to run Redis externally to this chart, you can specify the
# connection details here.
url: ""
# -- The password to use when connecting to Redis. It's recommended that you change
# this from the default if you're running Redis in-cluster.
password: "budibase"
# -- How much persistent storage to allocate to Redis.
storage: 100Mi
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner.
# -- If defined, storageClassName: <storageClass> If set to "-",
# storageClassName: "", which disables dynamic provisioning If undefined
# (the default) or set to null, no storageClassName spec is set, choosing
# the default provisioner.
storageClass: ""
# -- The resources to use for Redis pods. See
# <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>
# for more information on how to set these.
resources: {}
objectStore:
# Set to false if using another object store such as S3
# -- Set to false if using another object store, such as S3. You will need
# to set `services.objectStore.url` to point to your bucket if you do this.
minio: true
# -- Whether to enable the Minio web console or not. If you're exposing
# Minio to the Internet (via a custom Ingress record, for example), you
# should set this to false. If you're only exposing Minio to your cluster,
# you can leave this as true.
browser: true
# @ignore
port: 9000
# @ignore (you should leave this as 1, we don't support clustering Minio)
replicaCount: 1
accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key
secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret
region: "" # AWS_REGION if using S3 or existing minio secret
url: "http://minio-service:9000" # only change if pointing to existing minio cluster or S3 and minio: false
# -- AWS_ACCESS_KEY if using S3
accessKey: ""
# -- AWS_SECRET_ACCESS_KEY if using S3
secretKey: ""
# -- AWS_REGION if using S3
region: ""
# -- URL to use for object storage. Only change this if you're using an
# external object store, such as S3. Remember to set `minio: false` if you
# do this.
url: "http://minio-service:9000"
# -- How much storage to give Minio in its PersistentVolumeClaim.
storage: 100Mi
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner.
# -- If defined, storageClassName: <storageClass> If set to "-",
# storageClassName: "", which disables dynamic provisioning If undefined
# (the default) or set to null, no storageClassName spec is set, choosing
# the default provisioner.
storageClass: ""
# -- The resources to use for Minio pods. See
# <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>
# for more information on how to set these.
resources: {}
cloudfront:
# Set the url of a distribution to enable cloudfront
# -- Set the url of a distribution to enable cloudfront.
cdn: ""
# ID of public key stored in cloudfront
# -- ID of public key stored in cloudfront.
publicKeyId: ""
# Base64 encoded private key for the above public key
# -- Base64 encoded private key for the above public key.
privateKey64: ""
# Override values in couchDB subchart
# Override values in couchDB subchart. We're only specifying the values we're changing.
# If you want to see all of the available values, see:
# https://github.com/apache/couchdb-helm/tree/couchdb-4.3.0/couchdb
couchdb:
## clusterSize is the initial size of the CouchDB cluster.
# -- The number of replicas to run in the CouchDB cluster. We set this to
# 1 by default to make things simpler, but you can set it to 3 if you need
# a high-availability CouchDB cluster.
clusterSize: 1
allowAdminParty: false
# Secret Management
createAdminSecret: true
# adminUsername: budibase
# adminPassword: budibase
# adminHash: -pbkdf2-this_is_not_necessarily_secure_either
# cookieAuthSecret: admin
## When enabled, will deploy a networkpolicy that allows CouchDB pods to
## communicate with each other for clustering and ingress on port 5984
networkPolicy:
enabled: true
# Use a service account
serviceAccount:
enabled: true
create: true
# name:
# imagePullSecrets:
# - name: myimagepullsecret
## The storage volume used by each Pod in the StatefulSet. If a
## persistentVolume is not enabled, the Pods will use `emptyDir` ephemeral
## local storage. Setting the storageClass attribute to "-" disables dynamic
## provisioning of Persistent Volumes; leaving it unset will invoke the default
## provisioner.
persistentVolume:
enabled: false
accessModes:
- ReadWriteOnce
size: 10Gi
storageClass: ""
## The CouchDB image
# -- We use a custom CouchDB image for running Budibase and we don't support
# using any other CouchDB image. You shouldn't change this, and if you do we
# can't guarantee that Budibase will work.
image:
repository: couchdb
tag: 3.1.1
pullPolicy: IfNotPresent
## Experimental integration with Lucene-powered fulltext search
enableSearch: true
searchImage:
repository: kocolosk/couchdb-search
tag: 0.2.0
pullPolicy: IfNotPresent
initImage:
repository: busybox
tag: latest
# @ignore
repository: budibase/couchdb
# @ignore
tag: v3.2.1
# @ignore
pullPolicy: Always
## CouchDB is happy to spin up cluster nodes in parallel, but if you encounter
## problems you can try setting podManagementPolicy to the StatefulSet default
## `OrderedReady`
podManagementPolicy: Parallel
# @ignore
# This should remain false. We ship Clouseau ourselves as part of the
# budibase/couchdb image, and it's not possible to disable it because it's a
# core part of the Budibase experience.
enableSearch: false
## Optional pod annotations
annotations: {}
## Optional tolerations
tolerations: []
affinity: {}
service:
# annotations:
enabled: true
type: ClusterIP
externalPort: 5984
## An Ingress resource can provide name-based virtual hosting and TLS
## termination among other things for CouchDB deployments which are accessed
## from outside the Kubernetes cluster.
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: false
hosts:
- chart-example.local
path: /
annotations:
[]
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## Optional resource requests and limits for the CouchDB container
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
{}
# requests:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 56
# memory: 256Gi
## erlangFlags is a map that is passed to the Erlang VM as flags using the
## ERL_FLAGS env. `name` and `setcookie` flags are minimally required to
## establish connectivity between cluster nodes.
## ref: http://erlang.org/doc/man/erl.html#init_flags
erlangFlags:
name: couchdb
setcookie: monster
## couchdbConfig will override default CouchDB configuration settings.
## The contents of this map are reformatted into a .ini file laid down
## by a ConfigMap object.
## ref: http://docs.couchdb.org/en/latest/config/index.html
couchdbConfig:
couchdb:
uuid: budibase-couchdb # REQUIRED: Unique identifier for this CouchDB server instance
# cluster:
# q: 8 # Create 8 shards for each database
chttpd:
bind_address: any
# chttpd.require_valid_user disables all the anonymous requests to the port
# 5984 when is set to true.
require_valid_user: false
# Kubernetes local cluster domain.
# This is used to generate FQDNs for peers when joining the CouchDB cluster.
dns:
clusterDomainSuffix: cluster.local
## Configure liveness and readiness probe values
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
# FOR COUCHDB
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
# -- Unique identifier for this CouchDB server instance. You shouldn't need
# to change this.
uuid: budibase-couchdb

2
hosting/nginx.dev.conf
View file

@ -42,7 +42,7 @@ http {
server {
listen 10000 default_server;
server_name _;
client_max_body_size 1000m;
client_max_body_size 50000m;
ignore_invalid_headers off;
proxy_buffering off;

26
hosting/proxy/nginx.prod.conf
View file

@ -249,4 +249,30 @@ http {
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}
# From https://docs.datadoghq.com/integrations/nginx/?tab=kubernetes
server {
listen 81;
server_name localhost;
access_log off;
allow 127.0.0.1;
deny all;
location /nginx_status {
# Choose your status module
# freely available with open source NGINX
stub_status;
# for open source NGINX < version 1.7.5
# stub_status on;
# available only with NGINX Plus
# status;
# ensures the version information can be retrieved
server_tokens on;
}
}
}

2
lerna.json
View file

@ -1,5 +1,5 @@
{
"version": "2.13.30",
"version": "2.13.35",
"npmClient": "yarn",
"packages": [
"packages/*"

6
packages/backend-core/src/auth/auth.ts
View file

@ -19,6 +19,7 @@ import {
GoogleInnerConfig,
OIDCInnerConfig,
PlatformLogoutOpts,
SessionCookie,
SSOProviderType,
} from "@budibase/types"
import * as events from "../events"
@ -44,7 +45,6 @@ export const buildAuthMiddleware = authenticated
export const buildTenancyMiddleware = tenancy
export const buildCsrfMiddleware = csrf
export const passport = _passport
export const jwt = require("jsonwebtoken")
// Strategies
_passport.use(new LocalStrategy(local.options, local.authenticate))
@ -191,10 +191,10 @@ export async function platformLogout(opts: PlatformLogoutOpts) {
if (!ctx) throw new Error("Koa context must be supplied to logout.")
const currentSession = getCookie(ctx, Cookie.Auth)
const currentSession = getCookie<SessionCookie>(ctx, Cookie.Auth)
let sessions = await getSessionsForUser(userId)
if (keepActiveSession) {
if (currentSession && keepActiveSession) {
sessions = sessions.filter(
session => session.sessionId !== currentSession.sessionId
)

46
packages/backend-core/src/context/mainContext.ts
View file

@ -99,6 +99,8 @@ function updateContext(updates: ContextMap): ContextMap {
}
async function newContext<T>(updates: ContextMap, task: () => T) {
guardMigration()
// see if there already is a context setup
let context: ContextMap = updateContext(updates)
return Context.run(context, task)
@ -145,23 +147,27 @@ export async function doInTenant<T>(
}
export async function doInAppContext<T>(
appId: string | null,
appId: string,
task: () => T
): Promise<T> {
if (!appId && !env.isTest()) {
return _doInAppContext(appId, task)
}
async function _doInAppContext<T>(
appId: string,
task: () => T,
extraContextSettings?: ContextMap
): Promise<T> {
if (!appId) {
throw new Error("appId is required")
}
let updates: ContextMap
if (!appId) {
updates = { appId: "" }
} else {
const tenantId = getTenantIDFromAppID(appId)
updates = { appId }
if (tenantId) {
updates.tenantId = tenantId
}
const tenantId = getTenantIDFromAppID(appId)
const updates: ContextMap = { appId, ...extraContextSettings }
if (tenantId) {
updates.tenantId = tenantId
}
return newContext(updates, task)
}
@ -182,6 +188,24 @@ export async function doInIdentityContext<T>(
return newContext(context, task)
}
function guardMigration() {
const context = Context.get()
if (context?.isMigrating) {
throw new Error(
"The context cannot be changed, a migration is currently running"
)
}
}
export async function doInAppMigrationContext<T>(
appId: string,
task: () => T
): Promise<T> {
return _doInAppContext(appId, task, {
isMigrating: true,
})
}
export function getIdentity(): IdentityContext | undefined {
try {
const context = Context.get()

108
packages/backend-core/src/context/tests/index.spec.ts
View file

@ -1,6 +1,11 @@
import { testEnv } from "../../../tests/extra"
import * as context from "../"
import { DEFAULT_TENANT_ID } from "../../constants"
import { structures } from "../../../tests"
import { db } from "../.."
import Context from "../Context"
import { ContextMap } from "../types"
import { IdentityType } from "@budibase/types"
describe("context", () => {
describe("doInTenant", () => {
@ -144,4 +149,107 @@ describe("context", () => {
expect(isScim).toBe(false)
})
})
describe("doInAppMigrationContext", () => {
it("the context is set correctly", async () => {
const appId = db.generateAppID()
await context.doInAppMigrationContext(appId, () => {
const context = Context.get()
const expected: ContextMap = {
appId,
isMigrating: true,
}
expect(context).toEqual(expected)
})
})
it("the context is set correctly when running in a tenant id", async () => {
const tenantId = structures.tenant.id()
const appId = db.generateAppID(tenantId)
await context.doInAppMigrationContext(appId, () => {
const context = Context.get()
const expected: ContextMap = {
appId,
isMigrating: true,
tenantId,
}
expect(context).toEqual(expected)
})
})
it("the context is not modified outside the delegate", async () => {
const appId = db.generateAppID()
expect(Context.get()).toBeUndefined()
await context.doInAppMigrationContext(appId, () => {
const context = Context.get()
const expected: ContextMap = {
appId,
isMigrating: true,
}
expect(context).toEqual(expected)
})
expect(Context.get()).toBeUndefined()
})
it.each([
[
"doInAppMigrationContext",
() => context.doInAppMigrationContext(db.generateAppID(), () => {}),
],
[
"doInAppContext",
() => context.doInAppContext(db.generateAppID(), () => {}),
],
[
"doInAutomationContext",
() =>
context.doInAutomationContext({
appId: db.generateAppID(),
automationId: structures.generator.guid(),
task: () => {},
}),
],
["doInContext", () => context.doInContext(db.generateAppID(), () => {})],
[
"doInEnvironmentContext",
() => context.doInEnvironmentContext({}, () => {}),
],
[
"doInIdentityContext",
() =>
context.doInIdentityContext(
{
account: undefined,
type: IdentityType.USER,
_id: structures.users.user()._id!,
},
() => {}
),
],
["doInScimContext", () => context.doInScimContext(() => {})],
[
"doInTenant",
() => context.doInTenant(structures.tenant.id(), () => {}),
],
])(
"a nested context.%s function cannot run",
async (_, otherContextCall: () => Promise<void>) => {
await expect(
context.doInAppMigrationContext(db.generateAppID(), async () => {
await otherContextCall()
})
).rejects.toThrowError(
"The context cannot be changed, a migration is currently running"
)
}
)
})
})

1
packages/backend-core/src/context/types.ts
View file

@ -8,4 +8,5 @@ export type ContextMap = {
environmentVariables?: Record<string, string>
isScim?: boolean
automationId?: string
isMigrating?: boolean
}

6
packages/backend-core/src/middleware/authenticated.ts
View file

@ -13,7 +13,7 @@ import { getGlobalDB, doInTenant } from "../context"
import { decrypt } from "../security/encryption"
import * as identity from "../context/identity"
import env from "../environment"
import { Ctx, EndpointMatcher } from "@budibase/types"
import { Ctx, EndpointMatcher, SessionCookie } from "@budibase/types"
import { InvalidAPIKeyError, ErrorCode } from "../errors"
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
@ -98,7 +98,9 @@ export default function (
// check the actual user is authenticated first, try header or cookie
let headerToken = ctx.request.headers[Header.TOKEN]
const authCookie = getCookie(ctx, Cookie.Auth) || openJwt(headerToken)
const authCookie =
getCookie<SessionCookie>(ctx, Cookie.Auth) ||
openJwt<SessionCookie>(headerToken)
let apiKey = ctx.request.headers[Header.API_KEY]
if (!apiKey && ctx.request.headers[Header.AUTHORIZATION]) {

11
packages/backend-core/src/middleware/passport/datasource/google.ts
View file

@ -3,7 +3,7 @@ import { Cookie } from "../../../constants"
import * as configs from "../../../configs"
import * as cache from "../../../cache"
import * as utils from "../../../utils"
import { UserCtx, SSOProfile } from "@budibase/types"
import { UserCtx, SSOProfile, DatasourceAuthCookie } from "@budibase/types"
import { ssoSaveUserNoOp } from "../sso/sso"
const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
@ -58,7 +58,14 @@ export async function postAuth(
const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
const authStateCookie = utils.getCookie(ctx, Cookie.DatasourceAuth)
const authStateCookie = utils.getCookie<{ appId: string }>(
ctx,
Cookie.DatasourceAuth
)
if (!authStateCookie) {
throw new Error("Unable to fetch datasource auth cookie")
}
return passport.authenticate(
new GoogleStrategy(

27
packages/backend-core/src/objectStore/objectStore.ts
View file

@ -305,20 +305,33 @@ export async function retrieveDirectory(bucketName: string, path: string) {
let writePath = join(budibaseTempDir(), v4())
fs.mkdirSync(writePath)
const objects = await listAllObjects(bucketName, path)
let fullObjects = await Promise.all(
objects.map(obj => retrieve(bucketName, obj.Key!))
let streams = await Promise.all(
objects.map(obj => getReadStream(bucketName, obj.Key!))
)
let count = 0
const writePromises: Promise<Error>[] = []
for (let obj of objects) {
const filename = obj.Key!
const data = fullObjects[count++]
const stream = streams[count++]
const possiblePath = filename.split("/")
if (possiblePath.length > 1) {
const dirs = possiblePath.slice(0, possiblePath.length - 1)
fs.mkdirSync(join(writePath, ...dirs), { recursive: true })
const dirs = possiblePath.slice(0, possiblePath.length - 1)
const possibleDir = join(writePath, ...dirs)
if (possiblePath.length > 1 && !fs.existsSync(possibleDir)) {
fs.mkdirSync(possibleDir, { recursive: true })
}
fs.writeFileSync(join(writePath, ...possiblePath), data)
const writeStream = fs.createWriteStream(join(writePath, ...possiblePath), {
mode: 0o644,
})
stream.pipe(writeStream)
writePromises.push(
new Promise((resolve, reject) => {
stream.on("finish", resolve)
stream.on("error", reject)
writeStream.on("error", reject)
})
)
}
await Promise.all(writePromises)
return writePath
}

2
packages/backend-core/src/redis/redlockImpl.ts
View file

@ -109,7 +109,7 @@ export async function doWithLock<T>(
): Promise<RedlockExecution<T>> {
const redlock = await getClient(opts.type, opts.customOptions)
let lock: Redlock.Lock | undefined
let timeout: NodeJS.Timeout | undefined
let timeout
try {
const name = getLockName(opts)

6
packages/backend-core/src/security/encryption.ts
View file

@ -73,6 +73,9 @@ export async function encryptFile(
const outputFileName = `${filename}.enc`
const filePath = join(dir, filename)
if (fs.lstatSync(filePath).isDirectory()) {
throw new Error("Unable to encrypt directory")
}
const inputFile = fs.createReadStream(filePath)
const outputFile = fs.createWriteStream(join(dir, outputFileName))
@ -110,6 +113,9 @@ export async function decryptFile(
outputPath: string,
secret: string
) {
if (fs.lstatSync(inputPath).isDirectory()) {
throw new Error("Unable to encrypt directory")
}
const { salt, iv } = await getSaltAndIV(inputPath)
const inputFile = fs.createReadStream(inputPath, {
start: SALT_LENGTH + IV_LENGTH,

12
packages/backend-core/src/tenancy/tenancy.ts
View file

@ -93,11 +93,19 @@ export const getTenantIDFromCtx = (
// subdomain
if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
// e.g. budibase.app or local.com:10000
const platformHost = new URL(getPlatformURL()).host.split(":")[0]
let platformHost
try {
platformHost = new URL(getPlatformURL()).host.split(":")[0]
} catch (err: any) {
// if invalid URL, just don't try to process subdomain
if (err.code !== "ERR_INVALID_URL") {
throw err
}
}
// e.g. tenant.budibase.app or tenant.local.com
const requestHost = ctx.host
// parse the tenant id from the difference
if (requestHost.includes(platformHost)) {
if (platformHost && requestHost.includes(platformHost)) {
const tenantId = requestHost.substring(
0,
requestHost.indexOf(`.${platformHost}`)

34
packages/backend-core/src/utils/utils.ts
View file

@ -11,8 +11,7 @@ import {
TenantResolutionStrategy,
} from "@budibase/types"
import type { SetOption } from "cookies"
const jwt = require("jsonwebtoken")
import jwt, { Secret } from "jsonwebtoken"
const APP_PREFIX = DocumentType.APP + SEPARATOR
const PROD_APP_PREFIX = "/app/"
@ -60,10 +59,7 @@ export function isServingApp(ctx: Ctx) {
return true
}
// prod app
if (ctx.path.startsWith(PROD_APP_PREFIX)) {
return true
}
return false
return ctx.path.startsWith(PROD_APP_PREFIX)
}
export function isServingBuilder(ctx: Ctx): boolean {
@ -138,16 +134,16 @@ function parseAppIdFromUrl(url?: string) {
* opens the contents of the specified encrypted JWT.
* @return the contents of the token.
*/
export function openJwt(token: string) {
export function openJwt<T>(token?: string): T | undefined {
if (!token) {
return token
return undefined
}
try {
return jwt.verify(token, env.JWT_SECRET)
return jwt.verify(token, env.JWT_SECRET as Secret) as T
} catch (e) {
if (env.JWT_SECRET_FALLBACK) {
// fallback to enable rotation
return jwt.verify(token, env.JWT_SECRET_FALLBACK)
return jwt.verify(token, env.JWT_SECRET_FALLBACK) as T
} else {
throw e
}
@ -159,13 +155,9 @@ export function isValidInternalAPIKey(apiKey: string) {
return true
}
// fallback to enable rotation
if (
env.INTERNAL_API_KEY_FALLBACK &&
env.INTERNAL_API_KEY_FALLBACK === apiKey
) {
return true
}
return false
return !!(
env.INTERNAL_API_KEY_FALLBACK && env.INTERNAL_API_KEY_FALLBACK === apiKey
)
}
/**
@ -173,14 +165,14 @@ export function isValidInternalAPIKey(apiKey: string) {
* @param ctx The request which is to be manipulated.
* @param name The name of the cookie to get.
*/
export function getCookie(ctx: Ctx, name: string) {
export function getCookie<T>(ctx: Ctx, name: string) {
const cookie = ctx.cookies.get(name)
if (!cookie) {
return cookie
return undefined
}
return openJwt(cookie)
return openJwt<T>(cookie)
}
/**
@ -197,7 +189,7 @@ export function setCookie(
opts = { sign: true }
) {
if (value && opts && opts.sign) {
value = jwt.sign(value, env.JWT_SECRET)
value = jwt.sign(value, env.JWT_SECRET as Secret)
}
const config: SetOption = {

2
packages/bbui/src/Form/Core/Dropzone.svelte
View file

@ -53,7 +53,7 @@
$: {
if (selectedImage?.url) {
selectedUrl = selectedImage?.url
} else if (selectedImage) {
} else if (selectedImage && isImage) {
try {
let reader = new FileReader()
reader.readAsDataURL(selectedImage)

9
packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowChart.svelte
View file

@ -57,16 +57,11 @@
}}
class="buttons"
>
<Icon hoverable size="M" name="Play" />
<Icon size="M" name="Play" />
<div>Run test</div>
</div>
<div class="buttons">
<Icon
disabled={!$automationStore.testResults}
hoverable
size="M"
name="Multiple"
/>
<Icon disabled={!$automationStore.testResults} size="M" name="Multiple" />
<div
class:disabled={!$automationStore.testResults}
on:click={() => {

27
packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItemHeader.svelte
View file

@ -97,6 +97,7 @@
class:typing={typing && !automationNameError}
class:typing-error={automationNameError}
class="blockSection"
on:click={() => dispatch("toggle")}
>
<div class="splitHeader">
<div class="center-items">
@ -138,7 +139,20 @@
on:input={e => {
automationName = e.target.value.trim()
}}
on:click={startTyping}
on:click={e => {
e.stopPropagation()
startTyping()
}}
on:keydown={async e => {
if (e.key === "Enter") {
typing = false
if (automationNameError) {
automationName = stepNames[block.id] || block?.name
} else {
await saveName()
}
}
}}
on:blur={async () => {
typing = false
if (automationNameError) {
@ -168,7 +182,11 @@
</StatusLight>
</div>
<Icon
on:click={() => dispatch("toggle")}
e.stopPropagation()
on:click={e => {
e.stopPropagation()
dispatch("toggle")
}}
hoverable
name={open ? "ChevronUp" : "ChevronDown"}
/>
@ -195,7 +213,10 @@
{/if}
{#if !showTestStatus}
<Icon
on:click={() => dispatch("toggle")}
on:click={e => {
e.stopPropagation()
dispatch("toggle")
}}
hoverable
name={open ? "ChevronUp" : "ChevronDown"}
/>

81
packages/builder/src/components/automation/AutomationBuilder/FlowChart/TestDataModal.svelte
View file

@ -1,11 +1,9 @@
<script>
import {
ModalContent,
Tabs,
Tab,
TextArea,
Label,
notifications,
ActionButton,
} from "@budibase/bbui"
import { automationStore, selectedAutomation } from "builderStore"
import AutomationBlockSetup from "../../SetupPanel/AutomationBlockSetup.svelte"
@ -55,50 +53,69 @@
notifications.error(error)
}
}
const toggle = () => {
selectedValues = !selectedValues
selectedJSON = !selectedJSON
}
let selectedValues = true
let selectedJSON = false
</script>
<ModalContent
title="Add test data"
confirmText="Test"
size="M"
confirmText="Run test"
size="L"
showConfirmButton={true}
disabled={isError}
onConfirm={testAutomation}
cancelText="Cancel"
>
<Tabs selected="Form" quiet>
<Tab icon="Form" title="Form">
<div class="tab-content-padding">
<AutomationBlockSetup
{testData}
{schemaProperties}
isTestModal
block={trigger}
/>
</div></Tab
>
<Tab icon="FileJson" title="JSON">
<div class="tab-content-padding">
<Label>JSON</Label>
<div class="text-area-container">
<TextArea
value={JSON.stringify($selectedAutomation.testData, null, 2)}
error={failedParse}
on:change={e => parseTestJSON(e)}
/>
</div>
</div>
</Tab>
</Tabs>
<div class="size">
<div class="options">
<ActionButton quiet selected={selectedValues} on:click={toggle}
>Use values</ActionButton
>
<ActionButton quiet selected={selectedJSON} on:click={toggle}
>Use JSON</ActionButton
>
</div>
</div>
{#if selectedValues}
<div class="tab-content-padding">
<AutomationBlockSetup
{testData}
{schemaProperties}
isTestModal
block={trigger}
/>
</div>
{/if}
{#if selectedJSON}
<div class="text-area-container">
<TextArea
value={JSON.stringify($selectedAutomation.testData, null, 2)}
error={failedParse}
on:change={e => parseTestJSON(e)}
/>
</div>
{/if}
</ModalContent>
<style>
.text-area-container :global(textarea) {
min-height: 200px;
height: 200px;
min-height: 300px;
height: 300px;
}
.tab-content-padding {
padding: 0 var(--spacing-xl);
padding: 0 var(--spacing-s);
}
.options {
display: flex;
align-items: center;
gap: 8px;
}
</style>

3
packages/builder/src/components/automation/AutomationBuilder/TestPanel.svelte
View file

@ -9,7 +9,7 @@
<div class="title">
<div class="title-text">
<Icon name="MultipleCheck" />
<div style="padding-left: var(--spacing-l)">Test Details</div>
<div style="padding-left: var(--spacing-l); ">Test Details</div>
</div>
<div style="padding-right: var(--spacing-xl)">
<Icon
@ -40,6 +40,7 @@
display: flex;
flex-direction: row;
align-items: center;
padding-top: var(--spacing-s);
}
.title :global(h1) {

34
packages/builder/src/components/automation/AutomationPanel/AutomationPanel.svelte
View file

@ -1,20 +1,44 @@
<script>
import AutomationList from "./AutomationList.svelte"
import CreateAutomationModal from "./CreateAutomationModal.svelte"
import { Modal, Button, Layout } from "@budibase/bbui"
import { Modal, Icon } from "@budibase/bbui"
import Panel from "components/design/Panel.svelte"
export let modal
export let webhookModal
</script>
<Panel title="Automations" borderRight>
<Layout paddingX="L" paddingY="XL" gap="S">
<Button cta on:click={modal.show}>Add automation</Button>
</Layout>
<Panel title="Automations" borderRight noHeaderBorder titleCSS={false}>
<span class="panel-title-content" slot="panel-title-content">
<div class="header">
<div>Automations</div>
<div on:click={modal.show} class="add-automation-button">
<Icon name="Add" />
</div>
</div>
</span>
<AutomationList />
</Panel>
<Modal bind:this={modal}>
<CreateAutomationModal {webhookModal} />
</Modal>
<style>
.header {
display: flex;
align-items: center;
justify-content: space-between;
gap: var(--spacing-m);
}
.add-automation-button {
margin-left: 130px;
color: var(--grey-7);
cursor: pointer;
}
.add-automation-button:hover {
color: var(--ink);
}
</style>

25
packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
View file

@ -149,7 +149,6 @@
}
const initialiseField = (field, savingColumn) => {
isCreating = !field
if (field && !savingColumn) {
editableColumn = cloneDeep(field)
originalName = editableColumn.name ? editableColumn.name + "" : null
@ -171,7 +170,8 @@
relationshipPart2 = part2
}
}
} else if (!savingColumn) {
}
if (!savingColumn) {
let highestNumber = 0
Object.keys(table.schema).forEach(columnName => {
const columnNumber = extractColumnNumber(columnName)
@ -307,12 +307,6 @@
dispatch("updatecolumns")
gridDispatch("close-edit-column")
if (saveColumn.type === LINK_TYPE) {
// Fetching the new tables
tables.fetch()
// Fetching the new relationships
datasources.fetch()
}
if (originalName) {
notifications.success("Column updated successfully")
} else {
@ -339,11 +333,6 @@
confirmDeleteDialog.hide()
dispatch("updatecolumns")
gridDispatch("close-edit-column")
if (editableColumn.type === LINK_TYPE) {
// Updating the relationships
datasources.fetch()
}
}
} catch (error) {
notifications.error(`Error deleting column: ${error.message}`)
@ -540,8 +529,16 @@
<Layout noPadding gap="S">
{#if mounted}
<Input
value={editableColumn.name}
autofocus
bind:value={editableColumn.name}
on:input={e => {
if (
!uneditable &&
!(linkEditDisabled && editableColumn.type === LINK_TYPE)
) {
editableColumn.name = e.target.value
}
}}
disabled={uneditable ||
(linkEditDisabled && editableColumn.type === LINK_TYPE)}
error={errors?.name}

10
packages/builder/src/components/design/Panel.svelte
View file

@ -16,7 +16,8 @@
export let wide = false
export let extraWide = false
export let closeButtonIcon = "Close"
export let noHeaderBorder = false
export let titleCSS = true
$: customHeaderContent = $$slots["panel-header-content"]
$: customTitleContent = $$slots["panel-title-content"]
</script>
@ -32,6 +33,7 @@
class="header"
class:custom={customHeaderContent}
class:borderBottom={borderBottomHeader}
class:noHeaderBorder
>
{#if showBackButton}
<Icon name="ArrowLeft" hoverable on:click={onClickBackButton} />
@ -41,7 +43,7 @@
<Icon name={icon} />
</AbsTooltip>
{/if}
<div class="title">
<div class:title={titleCSS}>
{#if customTitleContent}
<slot name="panel-title-content" />
{:else}
@ -106,6 +108,10 @@
padding: 0 var(--spacing-l);
gap: var(--spacing-m);
}
.noHeaderBorder {
border-bottom: none !important;
}
.header.borderBottom {
border-bottom: var(--border-light);
}

20
packages/builder/src/components/start/ExportAppModal.svelte
View file

@ -13,7 +13,7 @@
export let app
export let published
let includeInternalTablesRows = true
let encypt = true
let encrypt = true
let password = null
const validation = createValidationStore()
@ -27,9 +27,9 @@
$: stepConfig = {
[Step.CONFIG]: {
title: published ? "Export published app" : "Export latest app",
confirmText: encypt ? "Continue" : exportButtonText,
confirmText: encrypt ? "Continue" : exportButtonText,
onConfirm: () => {
if (!encypt) {
if (!encrypt) {
exportApp()
} else {
currentStep = Step.SET_PASSWORD
@ -46,7 +46,7 @@
if (!$validation.valid) {
return keepOpen
}
exportApp(password)
await exportApp(password)
},
isValid: $validation.valid,
},
@ -109,13 +109,13 @@
text="Export rows from internal tables"
bind:value={includeInternalTablesRows}
/>
<Toggle text="Encrypt my export" bind:value={encypt} />
<Toggle text="Encrypt my export" bind:value={encrypt} />
</Body>
{#if !encypt}
<InlineAlert
header="Do not share your budibase application exports publicly as they may contain sensitive information such as database credentials or secret keys."
/>
{/if}
<InlineAlert
header={encrypt
? "Please note Budibase does not encrypt attachments during the export process to ensure efficient export of large attachments."
: "Do not share your Budibase application exports publicly as they may contain sensitive information such as database credentials or secret keys."}
/>
{/if}
{#if currentStep === Step.SET_PASSWORD}
<Input

2
packages/builder/src/pages/builder/app/[application]/automation/_layout.svelte
View file

@ -110,7 +110,7 @@
}
.setup {
padding-top: var(--spectrum-global-dimension-size-200);
padding-top: 9px;
border-left: var(--border-light);
display: flex;
flex-direction: column;

14
packages/builder/src/stores/backend/tables.js
View file

@ -81,13 +81,21 @@ export function createTablesStore() {
replaceTable(savedTable._id, savedTable)
select(savedTable._id)
// make sure tables up to date (related)
let tableIdsToFetch = []
let newTableIds = []
for (let column of Object.values(updatedTable?.schema || {})) {
if (column.type === FIELDS.LINK.type) {
tableIdsToFetch.push(column.tableId)
newTableIds.push(column.tableId)
}
}
tableIdsToFetch = [...new Set(tableIdsToFetch)]
let oldTableIds = []
for (let column of Object.values(oldTable?.schema || {})) {
if (column.type === FIELDS.LINK.type) {
oldTableIds.push(column.tableId)
}
}
const tableIdsToFetch = [...new Set([...newTableIds, ...oldTableIds])]
// too many tables to fetch, just get all
if (tableIdsToFetch.length > 3) {
await fetch()

4
packages/server/src/api/controllers/query/index.ts
View file

@ -9,7 +9,7 @@ import { quotas } from "@budibase/pro"
import { events, context, utils, constants } from "@budibase/backend-core"
import sdk from "../../../sdk"
import { QueryEvent } from "../../../threads/definitions"
import { ConfigType, Query, UserCtx } from "@budibase/types"
import { ConfigType, Query, UserCtx, SessionCookie } from "@budibase/types"
import { ValidQueryNameRegex } from "@budibase/shared-core"
const Runner = new Thread(ThreadType.QUERY, {
@ -113,7 +113,7 @@ function getOAuthConfigCookieId(ctx: UserCtx) {
}
function getAuthConfig(ctx: UserCtx) {
const authCookie = utils.getCookie(ctx, constants.Cookie.Auth)
const authCookie = utils.getCookie<SessionCookie>(ctx, constants.Cookie.Auth)
let authConfigCtx: any = {}
authConfigCtx["configId"] = getOAuthConfigCookieId(ctx)
authConfigCtx["sessionId"] = authCookie ? authCookie.sessionId : null

1
packages/server/src/environment.ts
View file

@ -59,6 +59,7 @@ const environment = {
BB_ADMIN_USER_PASSWORD: process.env.BB_ADMIN_USER_PASSWORD,
PLUGINS_DIR: process.env.PLUGINS_DIR || "/plugins",
OPENAI_API_KEY: process.env.OPENAI_API_KEY,
MAX_IMPORT_SIZE_MB: process.env.MAX_IMPORT_SIZE_MB,
// flags
ALLOW_DEV_AUTOMATIONS: process.env.ALLOW_DEV_AUTOMATIONS,
DISABLE_THREADING: process.env.DISABLE_THREADING,

13
packages/server/src/integrations/microsoftSqlServer.ts
View file

@ -17,7 +17,7 @@ import {
import {
getSqlQuery,
buildExternalTableId,
convertSqlType,
generateColumnDefinition,
finaliseExternalTables,
SqlClient,
checkExternalTables,
@ -429,15 +429,12 @@ class SqlServerIntegration extends Sql implements DatasourcePlus {
const hasDefault = def.COLUMN_DEFAULT
const isAuto = !!autoColumns.find(col => col === name)
const required = !!requiredColumns.find(col => col === name)
schema[name] = {
schema[name] = generateColumnDefinition({
autocolumn: isAuto,
name: name,
constraints: {
presence: required && !isAuto && !hasDefault,
},
...convertSqlType(def.DATA_TYPE),
name,
presence: required && !isAuto && !hasDefault,
externalType: def.DATA_TYPE,
}
})
}
tables[tableName] = {
_id: buildExternalTableId(datasourceId, tableName),

18
packages/server/src/integrations/mysql.ts
View file

@ -12,12 +12,13 @@ import {
SourceName,
Schema,
TableSourceType,
FieldType,
} from "@budibase/types"
import {
getSqlQuery,
SqlClient,
buildExternalTableId,
convertSqlType,
generateColumnDefinition,
finaliseExternalTables,
checkExternalTables,
} from "./utils"
@ -305,16 +306,17 @@ class MySQLIntegration extends Sql implements DatasourcePlus {
(column.Extra === "auto_increment" ||
column.Extra.toLowerCase().includes("generated"))
const required = column.Null !== "YES"
const constraints = {
presence: required && !isAuto && !hasDefault,
}
schema[columnName] = {
schema[columnName] = generateColumnDefinition({
name: columnName,
autocolumn: isAuto,
constraints,
...convertSqlType(column.Type),
presence: required && !isAuto && !hasDefault,
externalType: column.Type,
}
options: column.Type.startsWith("enum")
? column.Type.substring(5, column.Type.length - 1)
.split(",")
.map(str => str.replace(/^'(.*)'$/, "$1"))
: undefined,
})
}
if (!tables[tableName]) {
tables[tableName] = {

22
packages/server/src/integrations/oracle.ts
View file

@ -15,7 +15,7 @@ import {
import {
buildExternalTableId,
checkExternalTables,
convertSqlType,
generateColumnDefinition,
finaliseExternalTables,
getSqlQuery,
SqlClient,
@ -250,14 +250,6 @@ class OracleIntegration extends Sql implements DatasourcePlus {
)
}
private internalConvertType(column: OracleColumn) {
if (this.isBooleanType(column)) {
return { type: FieldTypes.BOOLEAN }
}
return convertSqlType(column.type)
}
/**
* Fetches the tables from the oracle table and assigns them to the datasource.
* @param datasourceId - datasourceId to fetch
@ -302,13 +294,15 @@ class OracleIntegration extends Sql implements DatasourcePlus {
const columnName = oracleColumn.name
let fieldSchema = table.schema[columnName]
if (!fieldSchema) {
fieldSchema = {
fieldSchema = generateColumnDefinition({
autocolumn: OracleIntegration.isAutoColumn(oracleColumn),
name: columnName,
constraints: {
presence: false,
},
...this.internalConvertType(oracleColumn),
presence: false,
externalType: oracleColumn.type,
})
if (this.isBooleanType(oracleColumn)) {
fieldSchema.type = FieldTypes.BOOLEAN
}
table.schema[columnName] = fieldSchema

33
packages/server/src/integrations/postgres.ts
View file

@ -16,7 +16,7 @@ import {
import {
getSqlQuery,
buildExternalTableId,
convertSqlType,
generateColumnDefinition,
finaliseExternalTables,
SqlClient,
checkExternalTables,
@ -162,6 +162,14 @@ class PostgresIntegration extends Sql implements DatasourcePlus {
WHERE pg_namespace.nspname = '${this.config.schema}';
`
ENUM_VALUES = () => `
SELECT t.typname,
e.enumlabel
FROM pg_type t
JOIN pg_enum e on t.oid = e.enumtypid
JOIN pg_catalog.pg_namespace n ON n.oid = t.typnamespace;
`
constructor(config: PostgresConfig) {
super(SqlClient.POSTGRES)
this.config = config
@ -303,6 +311,18 @@ class PostgresIntegration extends Sql implements DatasourcePlus {
const tables: { [key: string]: Table } = {}
// Fetch enum values
const enumsResponse = await this.client.query(this.ENUM_VALUES())
const enumValues = enumsResponse.rows?.reduce((acc, row) => {
if (!acc[row.typname]) {
return {
[row.typname]: [row.enumlabel],
}
}
acc[row.typname].push(row.enumlabel)
return acc
}, {})
for (let column of columnsResponse.rows) {
const tableName: string = column.table_name
const columnName: string = column.column_name
@ -333,16 +353,13 @@ class PostgresIntegration extends Sql implements DatasourcePlus {
column.is_generated && column.is_generated !== "NEVER"
const isAuto: boolean = hasNextVal || identity || isGenerated
const required = column.is_nullable === "NO"
const constraints = {
presence: required && !hasDefault && !isGenerated,
}
tables[tableName].schema[columnName] = {
tables[tableName].schema[columnName] = generateColumnDefinition({
autocolumn: isAuto,
name: columnName,
constraints,
...convertSqlType(column.data_type),
presence: required && !hasDefault && !isGenerated,
externalType: column.data_type,
}
options: enumValues?.[column.udt_name],
})
}
let finalizedTables = finaliseExternalTables(tables, entities)

43
packages/server/src/integrations/utils.ts
View file

@ -67,6 +67,10 @@ const SQL_BOOLEAN_TYPE_MAP = {
tinyint: FieldType.BOOLEAN,
}
const SQL_OPTIONS_TYPE_MAP = {
"user-defined": FieldType.OPTIONS,
}
const SQL_MISC_TYPE_MAP = {
json: FieldType.JSON,
bigint: FieldType.BIGINT,
@ -78,6 +82,7 @@ const SQL_TYPE_MAP = {
...SQL_STRING_TYPE_MAP,
...SQL_BOOLEAN_TYPE_MAP,
...SQL_MISC_TYPE_MAP,
...SQL_OPTIONS_TYPE_MAP,
}
export enum SqlClient {
@ -178,25 +183,49 @@ export function breakRowIdField(_id: string | { _id: string }): any[] {
}
}
export function convertSqlType(type: string) {
export function generateColumnDefinition(config: {
externalType: string
autocolumn: boolean
name: string
presence: boolean
options?: string[]
}) {
let { externalType, autocolumn, name, presence, options } = config
let foundType = FieldType.STRING
const lcType = type.toLowerCase()
const lowerCaseType = externalType.toLowerCase()
let matchingTypes = []
for (let [external, internal] of Object.entries(SQL_TYPE_MAP)) {
if (lcType.includes(external)) {
if (lowerCaseType.includes(external)) {
matchingTypes.push({ external, internal })
}
}
//Set the foundType based the longest match
// Set the foundType based the longest match
if (matchingTypes.length > 0) {
foundType = matchingTypes.reduce((acc, val) => {
return acc.external.length >= val.external.length ? acc : val
}).internal
}
const schema: any = { type: foundType }
const constraints: {
presence: boolean
inclusion?: string[]
} = {
presence,
}
if (foundType === FieldType.OPTIONS) {
constraints.inclusion = options
}
const schema: any = {
type: foundType,
externalType,
autocolumn,
name,
constraints,
}
if (foundType === FieldType.DATETIME) {
schema.dateOnly = SQL_DATE_ONLY_TYPES.includes(lcType)
schema.timeOnly = SQL_TIME_ONLY_TYPES.includes(lcType)
schema.dateOnly = SQL_DATE_ONLY_TYPES.includes(lowerCaseType)
schema.timeOnly = SQL_TIME_ONLY_TYPES.includes(lowerCaseType)
}
return schema
}

5
packages/server/src/koa.ts
View file

@ -1,5 +1,5 @@
import env from "./environment"
import Koa, { ExtendableContext } from "koa"
import Koa from "koa"
import koaBody from "koa-body"
import http from "http"
import * as api from "./api"
@ -27,6 +27,9 @@ export default function createKoaApp() {
// @ts-ignore
enableTypes: ["json", "form", "text"],
parsedMethods: ["POST", "PUT", "PATCH", "DELETE"],
formidable: {
maxFileSize: parseInt(env.MAX_IMPORT_SIZE_MB || "100") * 1024 * 1024,
},
})
)

41
packages/server/src/middleware/currentapp.ts
View file

@ -5,6 +5,7 @@ import {
tenancy,
context,
users,
auth,
} from "@budibase/backend-core"
import { generateUserMetadataID, isDevAppID } from "../db/utils"
import { getCachedSelf } from "../utilities/global"
@ -69,28 +70,34 @@ export default async (ctx: UserCtx, next: any) => {
return next()
}
return context.doInAppContext(appId, async () => {
// if the user not in the right tenant then make sure they have no permissions
// need to judge this only based on the request app ID,
if (
env.MULTI_TENANCY &&
ctx.user?._id &&
requestAppId &&
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
) {
// don't error, simply remove the users rights (they are a public user)
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
}
const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined
// if the user is not in the right tenant then make sure to wipe their cookie
// also cleanse any information about them that has been allocated
// this avoids apps making calls to say the worker which are cross tenant,
// we simply remove the authentication
if (
env.MULTI_TENANCY &&
userId &&
requestAppId &&
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
) {
// clear out the user
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
// remove the cookie, so future calls are public
await auth.platformLogout({
ctx,
userId,
})
}
return context.doInAppContext(appId, async () => {
ctx.appId = appId
if (roleId) {
ctx.roleId = roleId
const globalId = ctx.user ? ctx.user._id : undefined
const userId = ctx.user
? generateUserMetadataID(ctx.user._id!)
: undefined
ctx.user = {
...ctx.user!,
// override userID with metadata one

1
packages/server/src/sdk/app/backups/constants.ts
View file

@ -1,3 +1,4 @@
export const DB_EXPORT_FILE = "db.txt"
export const GLOBAL_DB_EXPORT_FILE = "global.txt"
export const STATIC_APP_FILES = ["manifest.json", "budibase-client.js"]
export const ATTACHMENT_DIRECTORY = "attachments"

31
packages/server/src/sdk/app/backups/exports.ts
View file

@ -8,13 +8,15 @@ import {
TABLE_ROW_PREFIX,
USER_METDATA_PREFIX,
} from "../../../db/utils"
import { DB_EXPORT_FILE, STATIC_APP_FILES } from "./constants"
import {
DB_EXPORT_FILE,
STATIC_APP_FILES,
ATTACHMENT_DIRECTORY,
} from "./constants"
import fs from "fs"
import { join } from "path"
import env from "../../../environment"
const uuid = require("uuid/v4")
import { v4 as uuid } from "uuid"
import tar from "tar"
const MemoryStream = require("memorystream")
@ -30,12 +32,11 @@ export interface ExportOpts extends DBDumpOpts {
encryptPassword?: string
}
function tarFilesToTmp(tmpDir: string, files: string[]) {
async function tarFilesToTmp(tmpDir: string, files: string[]) {
const fileName = `${uuid()}.tar.gz`
const exportFile = join(budibaseTempDir(), fileName)
tar.create(
await tar.create(
{
sync: true,
gzip: true,
file: exportFile,
noDirRecurse: false,
@ -150,19 +151,21 @@ export async function exportApp(appId: string, config?: ExportOpts) {
for (let file of fs.readdirSync(tmpPath)) {
const path = join(tmpPath, file)
await encryption.encryptFile(
{ dir: tmpPath, filename: file },
config.encryptPassword
)
fs.rmSync(path)
// skip the attachments - too big to encrypt
if (file !== ATTACHMENT_DIRECTORY) {
await encryption.encryptFile(
{ dir: tmpPath, filename: file },
config.encryptPassword
)
fs.rmSync(path)
}
}
}
// if tar requested, return where the tarball is
if (config?.tar) {
// now the tmpPath contains both the DB export and attachments, tar this
const tarPath = tarFilesToTmp(tmpPath, fs.readdirSync(tmpPath))
const tarPath = await tarFilesToTmp(tmpPath, fs.readdirSync(tmpPath))
// cleanup the tmp export files as tarball returned
fs.rmSync(tmpPath, { recursive: true, force: true })

28
packages/server/src/sdk/app/backups/imports.ts
View file

@ -6,17 +6,20 @@ import {
AutomationTriggerStepId,
RowAttachment,
} from "@budibase/types"
import { getAutomationParams, TABLE_ROW_PREFIX } from "../../../db/utils"
import { getAutomationParams } from "../../../db/utils"
import { budibaseTempDir } from "../../../utilities/budibaseDir"
import { DB_EXPORT_FILE, GLOBAL_DB_EXPORT_FILE } from "./constants"
import {
DB_EXPORT_FILE,
GLOBAL_DB_EXPORT_FILE,
ATTACHMENT_DIRECTORY,
} from "./constants"
import { downloadTemplate } from "../../../utilities/fileSystem"
import { ObjectStoreBuckets } from "../../../constants"
import { join } from "path"
import fs from "fs"
import sdk from "../../"
const uuid = require("uuid/v4")
const tar = require("tar")
import { v4 as uuid } from "uuid"
import tar from "tar"
type TemplateType = {
file?: {
@ -114,12 +117,11 @@ async function getTemplateStream(template: TemplateType) {
}
}
export function untarFile(file: { path: string }) {
export async function untarFile(file: { path: string }) {
const tmpPath = join(budibaseTempDir(), uuid())
fs.mkdirSync(tmpPath)
// extract the tarball
tar.extract({
sync: true,
await tar.extract({
cwd: tmpPath,
file: file.path,
})
@ -130,9 +132,11 @@ async function decryptFiles(path: string, password: string) {
try {
for (let file of fs.readdirSync(path)) {
const inputPath = join(path, file)
const outputPath = inputPath.replace(/\.enc$/, "")
await encryption.decryptFile(inputPath, outputPath, password)
fs.rmSync(inputPath)
if (!inputPath.endsWith(ATTACHMENT_DIRECTORY)) {
const outputPath = inputPath.replace(/\.enc$/, "")
await encryption.decryptFile(inputPath, outputPath, password)
fs.rmSync(inputPath)
}
}
} catch (err: any) {
if (err.message === "incorrect header check") {
@ -162,7 +166,7 @@ export async function importApp(
const isDirectory =
template.file && fs.lstatSync(template.file.path).isDirectory()
if (template.file && (isTar || isDirectory)) {
const tmpPath = isTar ? untarFile(template.file) : template.file.path
const tmpPath = isTar ? await untarFile(template.file) : template.file.path
if (isTar && template.file.password) {
await decryptFiles(tmpPath, template.file.password)
}

15
packages/server/src/tests/utilities/TestConfiguration.ts
View file

@ -56,6 +56,7 @@ import {
import API from "./api"
import { cloneDeep } from "lodash"
import jwt, { Secret } from "jsonwebtoken"
mocks.licenses.init(pro)
@ -137,6 +138,10 @@ class TestConfiguration {
}
getAppId() {
if (!this.appId) {
throw "appId has not been initialised properly"
}
return this.appId
}
@ -387,7 +392,7 @@ class TestConfiguration {
sessionId: "sessionid",
tenantId: this.getTenantId(),
}
const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET)
const authToken = jwt.sign(authObj, coreEnv.JWT_SECRET as Secret)
// returning necessary request headers
await cache.user.invalidateUser(userId)
@ -408,7 +413,7 @@ class TestConfiguration {
sessionId: "sessionid",
tenantId,
}
const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET)
const authToken = jwt.sign(authObj, coreEnv.JWT_SECRET as Secret)
const headers: any = {
Accept: "application/json",
@ -510,7 +515,7 @@ class TestConfiguration {
// create dev app
// clear any old app
this.appId = null
this.app = await context.doInAppContext(null, async () => {
this.app = await context.doInTenant(this.tenantId!, async () => {
const app = await this._req(
{ name: appName },
null,
@ -519,7 +524,7 @@ class TestConfiguration {
this.appId = app.appId!
return app
})
return await context.doInAppContext(this.appId, async () => {
return await context.doInAppContext(this.getAppId(), async () => {
// create production app
this.prodApp = await this.publish()
@ -817,7 +822,7 @@ class TestConfiguration {
}
async getAutomationLogs() {
return context.doInAppContext(this.appId, async () => {
return context.doInAppContext(this.getAppId(), async () => {
const now = new Date()
return await pro.sdk.automations.logs.logSearch({
startDate: new Date(now.getTime() - 100000).toISOString(),

4
packages/server/src/utilities/rowProcessor/index.ts
View file

@ -249,7 +249,9 @@ export async function outputProcessing<T extends Row[] | Row>(
continue
}
row[property].forEach((attachment: RowAttachment) => {
attachment.url ??= objectStore.getAppFileUrl(attachment.key)
if (!attachment.url) {
attachment.url = objectStore.getAppFileUrl(attachment.key)
}
})
}
} else if (

44
packages/server/src/utilities/rowProcessor/tests/outputProcessing.spec.ts
View file

@ -3,6 +3,7 @@ import {
FieldType,
FieldTypeSubtypes,
INTERNAL_TABLE_SOURCE_ID,
RowAttachment,
Table,
TableSourceType,
} from "@budibase/types"
@ -70,6 +71,49 @@ describe("rowProcessor - outputProcessing", () => {
)
})
it("should handle attachments correctly", async () => {
const table: Table = {
_id: generator.guid(),
name: "TestTable",
type: "table",
sourceId: INTERNAL_TABLE_SOURCE_ID,
sourceType: TableSourceType.INTERNAL,
schema: {
attach: {
type: FieldType.ATTACHMENT,
name: "attach",
constraints: {},
},
},
}
const row: { attach: RowAttachment[] } = {
attach: [
{
size: 10,
name: "test",
extension: "jpg",
key: "test.jpg",
},
],
}
const output = await outputProcessing(table, row, { squash: false })
expect(output.attach[0].url).toBe(
"/files/signed/prod-budi-app-assets/test.jpg"
)
row.attach[0].url = ""
const output2 = await outputProcessing(table, row, { squash: false })
expect(output2.attach[0].url).toBe(
"/files/signed/prod-budi-app-assets/test.jpg"
)
row.attach[0].url = "aaaa"
const output3 = await outputProcessing(table, row, { squash: false })
expect(output3.attach[0].url).toBe("aaaa")
})
it("process output even when the field is not empty", async () => {
const table: Table = {
_id: generator.guid(),

9
packages/types/src/api/web/cookies.ts Normal file
View file

@ -0,0 +1,9 @@
export interface DatasourceAuthCookie {
appId: string
provider: string
}
export interface SessionCookie {
sessionId: string
userId: string
}

1
packages/types/src/api/web/index.ts
View file

@ -9,3 +9,4 @@ export * from "./app"
export * from "./global"
export * from "./pagination"
export * from "./searchFilter"
export * from "./cookies"

9
packages/worker/src/api/controllers/global/auth.ts
View file

@ -15,6 +15,7 @@ import {
PasswordResetRequest,
PasswordResetUpdateRequest,
GoogleInnerConfig,
DatasourceAuthCookie,
} from "@budibase/types"
import env from "../../../environment"
@ -148,7 +149,13 @@ export const datasourcePreAuth = async (ctx: any, next: any) => {
}
export const datasourceAuth = async (ctx: any, next: any) => {
const authStateCookie = getCookie(ctx, Cookie.DatasourceAuth)
const authStateCookie = getCookie<DatasourceAuthCookie>(
ctx,
Cookie.DatasourceAuth
)
if (!authStateCookie) {
throw new Error("Unable to retrieve datasource authentication cookie")
}
const provider = authStateCookie.provider
const { middleware } = require(`@budibase/backend-core`)
const handler = middleware.datasource[provider]

5
packages/worker/src/tests/TestConfiguration.ts
View file

@ -35,6 +35,7 @@ import {
ConfigType,
} from "@budibase/types"
import API from "./api"
import jwt, { Secret } from "jsonwebtoken"
class TestConfiguration {
server: any
@ -209,7 +210,7 @@ class TestConfiguration {
sessionId: "sessionid",
tenantId: user.tenantId,
}
const authCookie = auth.jwt.sign(authToken, coreEnv.JWT_SECRET)
const authCookie = jwt.sign(authToken, coreEnv.JWT_SECRET as Secret)
return {
Accept: "application/json",
...this.cookieHeader([`${constants.Cookie.Auth}=${authCookie}`]),
@ -327,7 +328,7 @@ class TestConfiguration {
// CONFIGS - OIDC
getOIDConfigCookie(configId: string) {
const token = auth.jwt.sign(configId, coreEnv.JWT_SECRET)
const token = jwt.sign(configId, coreEnv.JWT_SECRET as Secret)
return this.cookieHeader([[`${constants.Cookie.OIDC_CONFIG}=${token}`]])
}