diff --git a/.vscode/settings.json b/.vscode/settings.json index d471924fe0..4838a4fd89 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,5 +3,17 @@ "editor.codeActionsOnSave": { "source.fixAll": true }, - "editor.defaultFormatter": "svelte.svelte-vscode" + "editor.defaultFormatter": "svelte.svelte-vscode", + "[json]": { + "editor.defaultFormatter": "vscode.json-language-features" + }, + "[javascript]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "debug.javascript.terminalOptions": { + "skipFiles": [ + "${workspaceFolder}/packages/backend-core/node_modules/**", + "/**" + ] + }, } diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json index d69d57b88b..c0f5bf6e02 100644 --- a/packages/backend-core/package.json +++ b/packages/backend-core/package.json @@ -36,6 +36,7 @@ "passport-google-oauth": "2.0.0", "passport-jwt": "4.0.0", "passport-local": "1.0.0", + "passport-oauth2-refresh": "^2.1.0", "posthog-node": "1.3.0", "pouchdb": "7.3.0", "pouchdb-find": "7.2.2", diff --git a/packages/backend-core/src/auth.js b/packages/backend-core/src/auth.js index b13cd932c6..58c00c92c3 100644 --- a/packages/backend-core/src/auth.js +++ b/packages/backend-core/src/auth.js @@ -2,6 +2,9 @@ const passport = require("koa-passport") const LocalStrategy = require("passport-local").Strategy const JwtStrategy = require("passport-jwt").Strategy const { getGlobalDB } = require("./tenancy") +const refresh = require("passport-oauth2-refresh") +const { Configs } = require("./constants") +const { getScopedConfig } = require("./db/utils") const { jwt, local, @@ -34,6 +37,55 @@ passport.deserializeUser(async (user, done) => { } }) +//requestAccessStrategy +//refreshOAuthAccessToken + +//configId for google and OIDC?? +async function reUpToken(refreshToken, configId) { + const db = getGlobalDB() + console.log(refreshToken, configId) + const config = await getScopedConfig(db, { + type: Configs.OIDC, + group: {}, //ctx.query.group, this was an empty object when authentication initially + }) + + const chosenConfig = config.configs[0] //.filter((c) => c.uuid === configId)[0] + let callbackUrl = await oidc.oidcCallbackUrl(db, chosenConfig) + + //Remote Config + const enrichedConfig = await oidc.fetchOIDCStrategyConfig( + chosenConfig, + callbackUrl + ) + + const strategy = await oidc.strategyFactory(enrichedConfig, () => { + console.log("saveFn RETURN ARGS", JSON.stringify(arguments)) + }) + + try { + refresh.use(strategy, { + setRefreshOAuth2() { + return strategy._getOAuth2Client(enrichedConfig) + }, + }) + console.log("Testing") + + // By default, the strat calls itself "openidconnect" + + // refresh.requestNewAccessToken( + // 'openidconnect', + // refToken, + // (err, accessToken, refreshToken) => { + // console.log("REAUTH CB", err, accessToken, refreshToken); + // }) + } catch (err) { + console.error(err) + throw new Error("Error constructing OIDC refresh strategy", err) + } + + console.log("end") +} + module.exports = { buildAuthMiddleware: authenticated, passport, @@ -46,4 +98,5 @@ module.exports = { authError, buildCsrfMiddleware: csrf, internalApi, + reUpToken, } diff --git a/packages/backend-core/src/db/utils.ts b/packages/backend-core/src/db/utils.ts index dc7a0454c3..ac2c7df345 100644 --- a/packages/backend-core/src/db/utils.ts +++ b/packages/backend-core/src/db/utils.ts @@ -384,7 +384,10 @@ export const getScopedFullConfig = async function ( if (type === Configs.SETTINGS) { if (scopedConfig && scopedConfig.doc) { // overrides affected by environment variables - scopedConfig.doc.config.platformUrl = await getPlatformUrl() + scopedConfig.doc.config.platformUrl = await getPlatformUrl( + { tenantAware: true }, + db + ) scopedConfig.doc.config.analyticsEnabled = await events.analytics.enabled() } else { @@ -393,7 +396,7 @@ export const getScopedFullConfig = async function ( doc: { _id: generateConfigID({ type, user, workspace }), config: { - platformUrl: await getPlatformUrl(), + platformUrl: await getPlatformUrl({ tenantAware: true }, db), analyticsEnabled: await events.analytics.enabled(), }, }, @@ -404,7 +407,10 @@ export const getScopedFullConfig = async function ( return scopedConfig && scopedConfig.doc } -export const getPlatformUrl = async (opts = { tenantAware: true }) => { +export const getPlatformUrl = async ( + opts = { tenantAware: true }, + db = null +) => { let platformUrl = env.PLATFORM_URL || "http://localhost:10000" if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) { @@ -414,11 +420,11 @@ export const getPlatformUrl = async (opts = { tenantAware: true }) => { platformUrl = platformUrl.replace("://", `://${tenantId}.`) } } else if (env.SELF_HOSTED) { - const db = getGlobalDB() + const dbx = db ? db : getGlobalDB() // get the doc directly instead of with getScopedConfig to prevent loop let settings try { - settings = await db.get(generateConfigID({ type: Configs.SETTINGS })) + settings = await dbx.get(generateConfigID({ type: Configs.SETTINGS })) } catch (e: any) { if (e.status !== 404) { throw e diff --git a/packages/backend-core/src/middleware/passport/oidc.js b/packages/backend-core/src/middleware/passport/oidc.js index 1e93e20b1c..ef785f8aeb 100644 --- a/packages/backend-core/src/middleware/passport/oidc.js +++ b/packages/backend-core/src/middleware/passport/oidc.js @@ -1,6 +1,7 @@ const fetch = require("node-fetch") const OIDCStrategy = require("@techpass/passport-openidconnect").Strategy const { authenticateThirdParty } = require("./third-party-common") +const { ssoCallbackUrl } = require("./utils") const buildVerifyFn = saveUserFn => { /** @@ -89,11 +90,22 @@ function validEmail(value) { * from couchDB rather than environment variables, using this factory is necessary for dynamically configuring passport. * @returns Dynamically configured Passport OIDC Strategy */ -exports.strategyFactory = async function (config, callbackUrl, saveUserFn) { +exports.strategyFactory = async function (config, saveUserFn) { + try { + const verify = buildVerifyFn(saveUserFn) + return new OIDCStrategy(config, verify) + } catch (err) { + console.error(err) + throw new Error("Error constructing OIDC authentication strategy", err) + } +} + +export const fetchOIDCStrategyConfig = async (config, callbackUrl) => { try { const { clientID, clientSecret, configUrl } = config if (!clientID || !clientSecret || !callbackUrl || !configUrl) { + //check for remote config and all required elements throw new Error( "Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl" ) @@ -109,24 +121,24 @@ exports.strategyFactory = async function (config, callbackUrl, saveUserFn) { const body = await response.json() - const verify = buildVerifyFn(saveUserFn) - return new OIDCStrategy( - { - issuer: body.issuer, - authorizationURL: body.authorization_endpoint, - tokenURL: body.token_endpoint, - userInfoURL: body.userinfo_endpoint, - clientID: clientID, - clientSecret: clientSecret, - callbackURL: callbackUrl, - }, - verify - ) + return { + issuer: body.issuer, + authorizationURL: body.authorization_endpoint, + tokenURL: body.token_endpoint, + userInfoURL: body.userinfo_endpoint, + clientID: clientID, + clientSecret: clientSecret, + callbackURL: callbackUrl, + } } catch (err) { console.error(err) - throw new Error("Error constructing OIDC authentication strategy", err) + throw new Error("Error constructing OIDC authentication configuration", err) } } +export const oidcCallbackUrl = async (db, config) => { + return ssoCallbackUrl(db, config, "oidc") +} + // expose for testing exports.buildVerifyFn = buildVerifyFn diff --git a/packages/backend-core/src/middleware/passport/utils.js b/packages/backend-core/src/middleware/passport/utils.js index cbb93bfa3b..ddc87c6cd0 100644 --- a/packages/backend-core/src/middleware/passport/utils.js +++ b/packages/backend-core/src/middleware/passport/utils.js @@ -1,3 +1,7 @@ +const { getGlobalDB, isMultiTenant, getTenantId } = require("../../tenancy") +const { getScopedConfig } = require("../../db/utils") +const { Configs } = require("../../constants") + /** * Utility to handle authentication errors. * @@ -5,6 +9,7 @@ * @param {*} message Message that will be returned in the response body * @param {*} err (Optional) error that will be logged */ + exports.authError = function (done, message, err = null) { return done( err, @@ -12,3 +17,23 @@ exports.authError = function (done, message, err = null) { { message: message } ) } + +exports.ssoCallbackUrl = async (db, config, type) => { + // incase there is a callback URL from before + if (config && config.callbackURL) { + return config.callbackURL + } + + const dbx = db ? db : getGlobalDB() + const publicConfig = await getScopedConfig(dbx, { + type: Configs.SETTINGS, + }) + + let callbackUrl = `/api/global/auth` + if (isMultiTenant()) { + callbackUrl += `/${getTenantId()}` + } + callbackUrl += `/${type}/callback` + + return `${publicConfig.platformUrl}${callbackUrl}` +} diff --git a/packages/backend-core/yarn.lock b/packages/backend-core/yarn.lock index 01d1a43b64..29ba61d327 100644 --- a/packages/backend-core/yarn.lock +++ b/packages/backend-core/yarn.lock @@ -291,6 +291,11 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== +"@budibase/types@^1.0.206": + version "1.0.208" + resolved "https://registry.yarnpkg.com/@budibase/types/-/types-1.0.208.tgz#c45cb494fb5b85229e15a34c6ac1805bae5be867" + integrity sha512-zKIHg6TGK+soVxMNZNrGypP3DCrd3jhlUQEFeQ+rZR6/tCue1G74bjzydY5FjnLEsXeLH1a0hkS5HulTmvQ2bA== + "@istanbuljs/load-nyc-config@^1.0.0": version "1.1.0" resolved "https://registry.yarnpkg.com/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz#fd3db1d59ecf7cf121e80650bb86712f9b55eced" @@ -3965,6 +3970,11 @@ passport-oauth1@1.x.x: passport-strategy "1.x.x" utils-merge "1.x.x" +passport-oauth2-refresh@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/passport-oauth2-refresh/-/passport-oauth2-refresh-2.1.0.tgz#c31cd133826383f5539d16ad8ab4f35ca73ce4a4" + integrity sha512-4ML7ooCESCqiTgdDBzNUFTBcPR8zQq9iM6eppEUGMMvLdsjqRL93jKwWm4Az3OJcI+Q2eIVyI8sVRcPFvxcF/A== + passport-oauth2@1.x.x: version "1.6.1" resolved "https://registry.yarnpkg.com/passport-oauth2/-/passport-oauth2-1.6.1.tgz#c5aee8f849ce8bd436c7f81d904a3cd1666f181b" diff --git a/packages/builder/src/builderStore/dataBinding.js b/packages/builder/src/builderStore/dataBinding.js index 8cbc629291..da3269ba81 100644 --- a/packages/builder/src/builderStore/dataBinding.js +++ b/packages/builder/src/builderStore/dataBinding.js @@ -49,6 +49,43 @@ export const getBindableProperties = (asset, componentId) => { ] } +/** + * Gets all rest bindable data fields + */ +export const getRestBindings = () => { + const userBindings = getUserBindings() + const oauthBindings = getAuthBindings() + return [...userBindings, ...oauthBindings] +} + +/** + * Utility - coverting a map of readable bindings to runtime + */ +export const readableToRuntimeMap = (bindings, ctx) => { + if (!bindings || !ctx) { + return {} + } + return Object.keys(ctx).reduce((acc, key) => { + let parsedQuery = readableToRuntimeBinding(bindings, ctx[key]) + acc[key] = parsedQuery + return acc + }, {}) +} + +/** + * Utility - coverting a map of runtime bindings to readable + */ +export const runtimeToReadableMap = (bindings, ctx) => { + if (!bindings || !ctx) { + return {} + } + return Object.keys(ctx).reduce((acc, key) => { + let parsedQuery = runtimeToReadableBinding(bindings, ctx[key]) + acc[key] = parsedQuery + return acc + }, {}) +} + /** * Gets the bindable properties exposed by a certain component. */ @@ -298,10 +335,22 @@ const getUserBindings = () => { providerId: "user", }) }) - return bindings } +const getAuthBindings = () => { + return [ + { + type: "context", + runtimeBinding: `${makePropSafe("user")}.${makePropSafe( + "oauth2" + )}.${makePropSafe("accessToken")}`, + readableBinding: "OAuthToken", + providerId: "user", + }, + ] +} + /** * Gets all device bindings that are globally available. */ diff --git a/packages/server/src/api/controllers/query/index.ts b/packages/server/src/api/controllers/query/index.ts index 2abd83140a..73b508f028 100644 --- a/packages/server/src/api/controllers/query/index.ts +++ b/packages/server/src/api/controllers/query/index.ts @@ -8,6 +8,8 @@ import { QUERY_THREAD_TIMEOUT } from "../../../environment" import { getAppDB } from "@budibase/backend-core/context" import { quotas } from "@budibase/pro" import { events } from "@budibase/backend-core" +import { getCookie } from "@budibase/backend-core/utils" +import { Cookies } from "@budibase/backend-core/constants" const Runner = new Thread(ThreadType.QUERY, { timeoutMs: QUERY_THREAD_TIMEOUT || 10000, @@ -119,6 +121,10 @@ export async function preview(ctx: any) { // this stops dynamic variables from calling the same query const { fields, parameters, queryVerb, transformer, queryId } = query + //check for oAuth elements here? + const configId = getCookie(ctx, Cookies.OIDC_CONFIG) + console.log(configId) + try { const runFn = () => Runner.run({ @@ -130,7 +136,6 @@ export async function preview(ctx: any) { transformer, queryId, }) - const { rows, keys, info, extra } = await quotas.addQuery(runFn) await events.query.previewed(datasource, query) ctx.body = { diff --git a/packages/server/src/threads/query.js b/packages/server/src/threads/query.js index ec9d9a6fa6..6e6822d6f5 100644 --- a/packages/server/src/threads/query.js +++ b/packages/server/src/threads/query.js @@ -4,6 +4,7 @@ const ScriptRunner = require("../utilities/scriptRunner") const { integrations } = require("../integrations") const { processStringSync } = require("@budibase/string-templates") const { doInAppContext, getAppDB } = require("@budibase/backend-core/context") +// const { reUpToken } = require("@budibase/backend-core/auth") const { isSQL } = require("../integrations/utils") const { enrichQueryFields, @@ -30,6 +31,11 @@ class QueryRunner { async execute() { let { datasource, fields, queryVerb, transformer } = this + + // if(this.ctx.user.oauth2?.refreshToken){ + // reUpToken(this.ctx.user.oauth2?.refreshToken) + // } + const Integration = integrations[datasource.source] if (!Integration) { throw "Integration type does not exist." @@ -79,6 +85,7 @@ class QueryRunner { this.cachedVariables.length > 0 && !this.hasRerun ) { + // return { info } this.hasRerun = true // invalidate the cache value await threadUtils.invalidateDynamicVariables(this.cachedVariables) diff --git a/packages/worker/src/api/controllers/global/auth.ts b/packages/worker/src/api/controllers/global/auth.ts index 896a7c48de..bd399a29fc 100644 --- a/packages/worker/src/api/controllers/global/auth.ts +++ b/packages/worker/src/api/controllers/global/auth.ts @@ -224,7 +224,7 @@ export const googleAuth = async (ctx: any, next: any) => { )(ctx, next) } -async function oidcStrategyFactory(ctx: any, configId: any) { +export const oidcStrategyFactory = async (ctx: any, configId: any) => { const db = getGlobalDB() const config = await core.db.getScopedConfig(db, { type: Configs.OIDC, @@ -234,7 +234,12 @@ async function oidcStrategyFactory(ctx: any, configId: any) { const chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0] let callbackUrl = await exports.oidcCallbackUrl(chosenConfig) - return oidc.strategyFactory(chosenConfig, callbackUrl, users.save) + //Remote Config + const enrichedConfig = await oidc.fetchOIDCStrategyConfig( + chosenConfig, + callbackUrl + ) + return oidc.strategyFactory(enrichedConfig, users.save) } /** @@ -249,7 +254,7 @@ export const oidcPreAuth = async (ctx: any, next: any) => { return passport.authenticate(strategy, { // required 'openid' scope is added by oidc strategy factory - scope: ["profile", "email"], + scope: ["profile", "email", "offline_access"], //auth0 offline_access scope required for the refresh token behaviour. })(ctx, next) }