CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-05-22 21:33:45 +12:00
Code Issues Projects Releases Wiki Activity
budibase/packages/server/src/api/routes/public/index.ts
mike12345567 fcb6f985a6 Updating some enums, plural to single.
2022-11-17 14:59:18 +00:00

140 lines
4 KiB
TypeScript
Raw Blame History

import appEndpoints from "./applications"
import queryEndpoints from "./queries"
import tableEndpoints from "./tables"
import rowEndpoints from "./rows"
import userEndpoints from "./users"
import authorized from "../../../middleware/authorized"
import publicApi from "../../../middleware/publicApi"
import { paramResource, paramSubResource } from "../../../middleware/resourceId"
import { CtxFn } from "./utils/Endpoint"
import mapperMiddleware from "./middleware/mapper"
import env from "../../../environment"
// below imports don't have declaration files
const Router = require("@koa/router")
const { RateLimit, Stores } = require("koa2-ratelimit")
const {
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const { getRedisOptions } = require("@budibase/backend-core/redis").utils
const PREFIX = "/api/public/v1"
// allow a lot more requests when in test
const DEFAULT_API_REQ_LIMIT_PER_SEC = env.isTest() ? 100 : 10
function getApiLimitPerSecond(): number {
if (!env.API_REQ_LIMIT_PER_SEC) {
return DEFAULT_API_REQ_LIMIT_PER_SEC
}
return parseInt(env.API_REQ_LIMIT_PER_SEC)
}
let rateLimitStore: any = null
if (!env.isTest()) {
const REDIS_OPTS = getRedisOptions()
let options
if (REDIS_OPTS.redisProtocolUrl) {
// fully qualified redis URL
options = {
url: REDIS_OPTS.redisProtocolUrl,
}
} else {
options = {
socket: {
host: REDIS_OPTS.host,
port: REDIS_OPTS.port,
},
password: REDIS_OPTS.opts.password,
database: 1,
}
}
rateLimitStore = new Stores.Redis(options)
RateLimit.defaultOptions({
store: rateLimitStore,
})
}
// rate limiting, allows for 2 requests per second
const limiter = RateLimit.middleware({
interval: { sec: 1 },
// per ip, per interval
max: getApiLimitPerSecond(),
})
const publicRouter = new Router({
prefix: PREFIX,
})
publicRouter.use(limiter)
function addMiddleware(
endpoints: any,
middleware: CtxFn,
opts: { output: boolean } = { output: false }
) {
if (!endpoints) {
return
}
if (!Array.isArray(endpoints)) {
endpoints = [endpoints]
}
for (let endpoint of endpoints) {
if (opts?.output) {
endpoint.addOutputMiddleware(middleware)
} else {
endpoint.addMiddleware(middleware)
}
}
}
function addToRouter(endpoints: any) {
if (endpoints) {
for (let endpoint of endpoints) {
endpoint.apply(publicRouter)
}
}
}
function applyRoutes(
endpoints: any,
permType: string,
resource: string,
subResource?: string
) {
const paramMiddleware = subResource
? paramSubResource(resource, subResource)
: paramResource(resource)
const publicApiMiddleware = publicApi({
requiresAppId:
permType !== PermissionType.APP && permType !== PermissionType.USER,
})
addMiddleware(endpoints.read, publicApiMiddleware)
addMiddleware(endpoints.write, publicApiMiddleware)
// add the parameter capture middleware
addMiddleware(endpoints.read, paramMiddleware)
addMiddleware(endpoints.write, paramMiddleware)
// add the authorization middleware, using the correct perm type
addMiddleware(endpoints.read, authorized(permType, PermissionLevel.READ))
addMiddleware(endpoints.write, authorized(permType, PermissionLevel.WRITE))
// add the output mapper middleware
addMiddleware(endpoints.read, mapperMiddleware, { output: true })
addMiddleware(endpoints.write, mapperMiddleware, { output: true })
addToRouter(endpoints.read)
addToRouter(endpoints.write)
}
applyRoutes(appEndpoints, PermissionType.APP, "appId")
applyRoutes(tableEndpoints, PermissionType.TABLE, "tableId")
applyRoutes(userEndpoints, PermissionType.USER, "userId")
applyRoutes(queryEndpoints, PermissionType.QUERY, "queryId")
// needs to be applied last for routing purposes, don't override other endpoints
applyRoutes(rowEndpoints, PermissionType.TABLE, "tableId", "rowId")
export default publicRouter
export const shutdown = () => {
if (rateLimitStore) {
rateLimitStore.client.disconnect()
rateLimitStore = null
}
}
Reference in a new issue View git blame Copy permalink