@budibase/backend-core 2.5.9 → 2.5.10-alpha.1

package/src/plugin/tests/validation.spec.ts

@@ -0,0 +1,83 @@
+import { validate } from "../utils"
+import fetch from "node-fetch"
+import { PluginType } from "@budibase/types"
+
+const repoUrl =
+  "https://raw.githubusercontent.com/Budibase/budibase-skeleton/master"
+const automationLink = `${repoUrl}/automation/schema.json.hbs`
+const componentLink = `${repoUrl}/component/schema.json.hbs`
+const datasourceLink = `${repoUrl}/datasource/schema.json.hbs`
+
+async function getSchema(link: string) {
+  const response = await fetch(link)
+  if (response.status > 300) {
+    return
+  }
+  const text = await response.text()
+  return JSON.parse(text)
+}
+
+async function runTest(opts: { link?: string; schema?: any }) {
+  let error
+  try {
+    let schema = opts.schema
+    if (opts.link) {
+      schema = await getSchema(opts.link)
+    }
+    validate(schema)
+  } catch (err) {
+    error = err
+  }
+  return error
+}
+
+describe("it should be able to validate an automation schema", () => {
+  it("should return automation skeleton schema is valid", async () => {
+    const error = await runTest({ link: automationLink })
+    expect(error).toBeUndefined()
+  })
+
+  it("should fail given invalid automation schema", async () => {
+    const error = await runTest({
+      schema: {
+        type: PluginType.AUTOMATION,
+        schema: {},
+      },
+    })
+    expect(error).toBeDefined()
+  })
+})
+
+describe("it should be able to validate a component schema", () => {
+  it("should return component skeleton schema is valid", async () => {
+    const error = await runTest({ link: componentLink })
+    expect(error).toBeUndefined()
+  })
+
+  it("should fail given invalid component schema", async () => {
+    const error = await runTest({
+      schema: {
+        type: PluginType.COMPONENT,
+        schema: {},
+      },
+    })
+    expect(error).toBeDefined()
+  })
+})
+
+describe("it should be able to validate a datasource schema", () => {
+  it("should return datasource skeleton schema is valid", async () => {
+    const error = await runTest({ link: datasourceLink })
+    expect(error).toBeUndefined()
+  })
+
+  it("should fail given invalid datasource schema", async () => {
+    const error = await runTest({
+      schema: {
+        type: PluginType.DATASOURCE,
+        schema: {},
+      },
+    })
+    expect(error).toBeDefined()
+  })
+})

package/src/plugin/utils.ts

@@ -1,4 +1,12 @@
-import { DatasourceFieldType, QueryType, PluginType } from "@budibase/types"
+import {
+  DatasourceFieldType,
+  QueryType,
+  PluginType,
+  AutomationStepType,
+  AutomationStepIdArray,
+  AutomationIOType,
+  AutomationCustomIOType,
+} from "@budibase/types"
 import joi from "joi"
 
 const DATASOURCE_TYPES = [
@@ -19,7 +27,7 @@ function runJoi(validator: joi.Schema, schema: any) {
 
 function validateComponent(schema: any) {
   const validator = joi.object({
-    type: joi.string().allow("component").required(),
+    type: joi.string().allow(PluginType.COMPONENT).required(),
     metadata: joi.object().unknown(true).required(),
     hash: joi.string().optional(),
     version: joi.string().optional(),
@@ -53,7 +61,7 @@ function validateDatasource(schema: any) {
     .required()
 
   const validator = joi.object({
-    type: joi.string().allow("datasource").required(),
+    type: joi.string().allow(PluginType.DATASOURCE).required(),
     metadata: joi.object().unknown(true).required(),
     hash: joi.string().optional(),
     version: joi.string().optional(),
@@ -82,6 +90,55 @@ function validateDatasource(schema: any) {
   runJoi(validator, schema)
 }
 
+function validateAutomation(schema: any) {
+  const basePropsValidator = joi.object().pattern(joi.string(), {
+    type: joi
+      .string()
+      .allow(...Object.values(AutomationIOType))
+      .required(),
+    customType: joi.string().allow(...Object.values(AutomationCustomIOType)),
+    title: joi.string(),
+    description: joi.string(),
+    enum: joi.array().items(joi.string()),
+    pretty: joi.array().items(joi.string()),
+  })
+  const stepSchemaValidator = joi
+    .object({
+      properties: basePropsValidator,
+      required: joi.array().items(joi.string()),
+    })
+    .concat(basePropsValidator)
+    .required()
+  const validator = joi.object({
+    type: joi.string().allow(PluginType.AUTOMATION).required(),
+    metadata: joi.object().unknown(true).required(),
+    hash: joi.string().optional(),
+    version: joi.string().optional(),
+    schema: joi.object({
+      name: joi.string().required(),
+      tagline: joi.string().required(),
+      icon: joi.string().required(),
+      description: joi.string().required(),
+      type: joi
+        .string()
+        .allow(AutomationStepType.ACTION, AutomationStepType.LOGIC)
+        .required(),
+      stepId: joi
+        .string()
+        .disallow(...AutomationStepIdArray)
+        .required(),
+      inputs: joi.object().optional(),
+      schema: joi
+        .object({
+          inputs: stepSchemaValidator,
+          outputs: stepSchemaValidator,
+        })
+        .required(),
+    }),
+  })
+  runJoi(validator, schema)
+}
+
 export function validate(schema: any) {
   switch (schema?.type) {
     case PluginType.COMPONENT:
@@ -90,6 +147,9 @@ export function validate(schema: any) {
     case PluginType.DATASOURCE:
       validateDatasource(schema)
       break
+    case PluginType.AUTOMATION:
+      validateAutomation(schema)
+      break
     default:
       throw new Error(`Unknown plugin type - check schema.json: ${schema.type}`)
   }

package/src/queue/constants.ts

@@ -2,4 +2,5 @@ export enum JobQueue {
   AUTOMATION = "automationQueue",
   APP_BACKUP = "appBackupQueue",
   AUDIT_LOG = "auditLogQueue",
+  SYSTEM_EVENT_QUEUE = "systemEventQueue",
 }

package/src/redis/redlockImpl.ts

@@ -1,10 +1,16 @@
-import Redlock, { Options } from "redlock"
+import Redlock from "redlock"
 import { getLockClient } from "./init"
 import { LockOptions, LockType } from "@budibase/types"
 import * as context from "../context"
 import env from "../environment"
 
-const getClient = async (type: LockType): Promise<Redlock> => {
+const getClient = async (
+  type: LockType,
+  opts?: Redlock.Options
+): Promise<Redlock> => {
+  if (type === LockType.CUSTOM) {
+    return newRedlock(opts)
+  }
   if (env.isTest() && type !== LockType.TRY_ONCE) {
     return newRedlock(OPTIONS.TEST)
   }
@@ -56,7 +62,7 @@ const OPTIONS = {
   },
 }
 
-const newRedlock = async (opts: Options = {}) => {
+const newRedlock = async (opts: Redlock.Options = {}) => {
   let options = { ...OPTIONS.DEFAULT, ...opts }
   const redisWrapper = await getLockClient()
   const client = redisWrapper.getClient()

package/src/security/encryption.ts

@@ -12,7 +12,7 @@ export enum SecretOption {
   ENCRYPTION = "encryption",
 }
 
-function getSecret(secretOption: SecretOption): string {
+export function getSecret(secretOption: SecretOption): string {
   let secret, secretName
   switch (secretOption) {
     case SecretOption.ENCRYPTION:

package/src/security/permissions.ts

@@ -24,7 +24,7 @@ export enum PermissionType {
   QUERY = "query",
 }
 
-class Permission {
+export class Permission {
   type: PermissionType
   level: PermissionLevel
 
@@ -34,7 +34,7 @@ class Permission {
   }
 }
 
-function levelToNumber(perm: PermissionLevel) {
+export function levelToNumber(perm: PermissionLevel) {
   switch (perm) {
     // not everything has execute privileges
     case PermissionLevel.EXECUTE:
@@ -55,7 +55,7 @@ function levelToNumber(perm: PermissionLevel) {
  * @param {string} userPermLevel The permission level of the user.
  * @return {string[]} All the permission levels this user is allowed to carry out.
  */
-function getAllowedLevels(userPermLevel: PermissionLevel) {
+export function getAllowedLevels(userPermLevel: PermissionLevel): string[] {
   switch (userPermLevel) {
     case PermissionLevel.EXECUTE:
       return [PermissionLevel.EXECUTE]
@@ -64,9 +64,9 @@ function getAllowedLevels(userPermLevel: PermissionLevel) {
     case PermissionLevel.WRITE:
     case PermissionLevel.ADMIN:
       return [
+        PermissionLevel.EXECUTE,
         PermissionLevel.READ,
         PermissionLevel.WRITE,
-        PermissionLevel.EXECUTE,
       ]
     default:
       return []
@@ -81,7 +81,7 @@ export enum BuiltinPermissionID {
   POWER = "power",
 }
 
-const BUILTIN_PERMISSIONS = {
+export const BUILTIN_PERMISSIONS = {
   PUBLIC: {
     _id: BuiltinPermissionID.PUBLIC,
     name: "Public",

package/src/security/tests/encryption.spec.ts

@@ -0,0 +1,31 @@
+import { encrypt, decrypt, SecretOption, getSecret } from "../encryption"
+import env from "../../environment"
+
+describe("encryption", () => {
+  it("should throw an error if API encryption key is not set", () => {
+    const jwt = getSecret(SecretOption.API)
+    expect(jwt).toBe(env.JWT_SECRET)
+  })
+
+  it("should throw an error if encryption key is not set", () => {
+    expect(() => getSecret(SecretOption.ENCRYPTION)).toThrow(
+      'Secret "ENCRYPTION_KEY" has not been set in environment.'
+    )
+  })
+
+  it("should encrypt and decrypt a string using API encryption key", () => {
+    env._set("API_ENCRYPTION_KEY", "api_secret")
+    const plaintext = "budibase"
+    const apiEncrypted = encrypt(plaintext, SecretOption.API)
+    const decrypted = decrypt(apiEncrypted, SecretOption.API)
+    expect(decrypted).toEqual(plaintext)
+  })
+
+  it("should encrypt and decrypt a string using encryption key", () => {
+    env._set("ENCRYPTION_KEY", "normal_secret")
+    const plaintext = "budibase"
+    const encryptionEncrypted = encrypt(plaintext, SecretOption.ENCRYPTION)
+    const decrypted = decrypt(encryptionEncrypted, SecretOption.ENCRYPTION)
+    expect(decrypted).toEqual(plaintext)
+  })
+})

package/src/security/tests/permissions.spec.ts

@@ -0,0 +1,145 @@
+import { cloneDeep } from "lodash"
+import * as permissions from "../permissions"
+import { BUILTIN_ROLE_IDS } from "../roles"
+
+describe("levelToNumber", () => {
+  it("should return 0 for EXECUTE", () => {
+    expect(permissions.levelToNumber(permissions.PermissionLevel.EXECUTE)).toBe(
+      0
+    )
+  })
+
+  it("should return 1 for READ", () => {
+    expect(permissions.levelToNumber(permissions.PermissionLevel.READ)).toBe(1)
+  })
+
+  it("should return 2 for WRITE", () => {
+    expect(permissions.levelToNumber(permissions.PermissionLevel.WRITE)).toBe(2)
+  })
+
+  it("should return 3 for ADMIN", () => {
+    expect(permissions.levelToNumber(permissions.PermissionLevel.ADMIN)).toBe(3)
+  })
+
+  it("should return -1 for an unknown permission level", () => {
+    expect(
+      permissions.levelToNumber("unknown" as permissions.PermissionLevel)
+    ).toBe(-1)
+  })
+})
+describe("getAllowedLevels", () => {
+  it('should return ["execute"] for EXECUTE', () => {
+    expect(
+      permissions.getAllowedLevels(permissions.PermissionLevel.EXECUTE)
+    ).toEqual([permissions.PermissionLevel.EXECUTE])
+  })
+
+  it('should return ["execute", "read"] for READ', () => {
+    expect(
+      permissions.getAllowedLevels(permissions.PermissionLevel.READ)
+    ).toEqual([
+      permissions.PermissionLevel.EXECUTE,
+      permissions.PermissionLevel.READ,
+    ])
+  })
+
+  it('should return ["execute", "read", "write"] for WRITE', () => {
+    expect(
+      permissions.getAllowedLevels(permissions.PermissionLevel.WRITE)
+    ).toEqual([
+      permissions.PermissionLevel.EXECUTE,
+      permissions.PermissionLevel.READ,
+      permissions.PermissionLevel.WRITE,
+    ])
+  })
+
+  it('should return ["execute", "read", "write"] for ADMIN', () => {
+    expect(
+      permissions.getAllowedLevels(permissions.PermissionLevel.ADMIN)
+    ).toEqual([
+      permissions.PermissionLevel.EXECUTE,
+      permissions.PermissionLevel.READ,
+      permissions.PermissionLevel.WRITE,
+    ])
+  })
+
+  it("should return [] for an unknown permission level", () => {
+    expect(
+      permissions.getAllowedLevels("unknown" as permissions.PermissionLevel)
+    ).toEqual([])
+  })
+})
+
+describe("doesHaveBasePermission", () => {
+  it("should return true if base permission has the required level", () => {
+    const permType = permissions.PermissionType.USER
+    const permLevel = permissions.PermissionLevel.READ
+    const rolesHierarchy = [
+      {
+        roleId: BUILTIN_ROLE_IDS.ADMIN,
+        permissionId: permissions.BuiltinPermissionID.ADMIN,
+      },
+    ]
+    expect(
+      permissions.doesHaveBasePermission(permType, permLevel, rolesHierarchy)
+    ).toBe(true)
+  })
+
+  it("should return false if base permission does not have the required level", () => {
+    const permType = permissions.PermissionType.APP
+    const permLevel = permissions.PermissionLevel.READ
+    const rolesHierarchy = [
+      {
+        roleId: BUILTIN_ROLE_IDS.PUBLIC,
+        permissionId: permissions.BuiltinPermissionID.PUBLIC,
+      },
+    ]
+    expect(
+      permissions.doesHaveBasePermission(permType, permLevel, rolesHierarchy)
+    ).toBe(false)
+  })
+})
+
+describe("isPermissionLevelHigherThanRead", () => {
+  it("should return true if level is higher than read", () => {
+    expect(
+      permissions.isPermissionLevelHigherThanRead(
+        permissions.PermissionLevel.WRITE
+      )
+    ).toBe(true)
+  })
+
+  it("should return false if level is read or lower", () => {
+    expect(
+      permissions.isPermissionLevelHigherThanRead(
+        permissions.PermissionLevel.READ
+      )
+    ).toBe(false)
+  })
+})
+
+describe("getBuiltinPermissions", () => {
+  it("returns a clone of the builtin permissions", () => {
+    const builtins = permissions.getBuiltinPermissions()
+    expect(builtins).toEqual(cloneDeep(permissions.BUILTIN_PERMISSIONS))
+    expect(builtins).not.toBe(permissions.BUILTIN_PERMISSIONS)
+  })
+})
+
+describe("getBuiltinPermissionByID", () => {
+  it("returns correct permission object for valid ID", () => {
+    const expectedPermission = {
+      _id: permissions.BuiltinPermissionID.PUBLIC,
+      name: "Public",
+      permissions: [
+        new permissions.Permission(
+          permissions.PermissionType.WEBHOOK,
+          permissions.PermissionLevel.EXECUTE
+        ),
+      ],
+    }
+    expect(permissions.getBuiltinPermissionByID("public")).toEqual(
+      expectedPermission
+    )
+  })
+})

package/src/tenancy/tenancy.ts

@@ -3,8 +3,8 @@ import {
   getTenantId,
   getTenantIDFromAppID,
   isMultiTenant,
+  getPlatformURL,
 } from "../context"
-import env from "../environment"
 import {
   BBContext,
   TenantResolutionStrategy,
@@ -93,7 +93,7 @@ export const getTenantIDFromCtx = (
   // subdomain
   if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
     // e.g. budibase.app or local.com:10000
-    const platformHost = new URL(env.PLATFORM_URL).host.split(":")[0]
+    const platformHost = new URL(getPlatformURL()).host.split(":")[0]
     // e.g. tenant.budibase.app or tenant.local.com
     const requestHost = ctx.host
     // parse the tenant id from the difference

package/src/tenancy/tests/tenancy.spec.ts

@@ -0,0 +1,184 @@
+import { TenantResolutionStrategy } from "@budibase/types"
+import { addTenantToUrl, isUserInAppTenant, getTenantIDFromCtx } from "../"
+import { isMultiTenant, getTenantIDFromAppID } from "../../context"
+
+jest.mock("../../context", () => ({
+  getTenantId: jest.fn(() => "budibase"),
+  isMultiTenant: jest.fn(() => true),
+  getTenantIDFromAppID: jest.fn(),
+  getPlatformURL: jest.fn(() => "https://app.com"),
+  DEFAULT_TENANT_ID: "default",
+}))
+
+const mockedIsMultiTenant = isMultiTenant as jest.MockedFunction<
+  typeof isMultiTenant
+>
+const mockedGetTenantIDFromAppID = getTenantIDFromAppID as jest.MockedFunction<
+  typeof getTenantIDFromAppID
+>
+
+describe("addTenantToUrl", () => {
+  it("should append tenantId parameter to the URL", () => {
+    const url = "https://budibase.com"
+    const expectedUrl = "https://budibase.com?tenantId=budibase"
+    expect(addTenantToUrl(url)).toEqual(expectedUrl)
+  })
+
+  it("should append tenantId parameter to the URL query string", () => {
+    const url = "https://budibase.com?var=test"
+    const expectedUrl = "https://budibase.com?var=test&tenantId=budibase"
+    expect(addTenantToUrl(url)).toEqual(expectedUrl)
+  })
+
+  it("should not append tenantId parameter to the URL if isMultiTenant is false", () => {
+    mockedIsMultiTenant.mockImplementation(() => false)
+
+    const url = "https://budibase.com"
+    const expectedUrl = "https://budibase.com"
+    expect(addTenantToUrl(url)).toEqual(expectedUrl)
+  })
+})
+
+describe("isUserInAppTenant", () => {
+  mockedGetTenantIDFromAppID.mockImplementation(() => "budibase")
+  const mockUser = { tenantId: "budibase" }
+
+  it("returns true if user tenant ID matches app tenant ID", () => {
+    const appId = "app-budibase"
+    const result = isUserInAppTenant(appId, mockUser)
+    expect(result).toBe(true)
+  })
+
+  it("uses default tenant ID if user is not provided", () => {
+    const appId = "app-budibase"
+    const result = isUserInAppTenant(appId)
+    expect(result).toBe(true)
+  })
+
+  it("uses default tenant ID if app tenant ID is not found", () => {
+    const appId = "not-budibase-app"
+    const result = isUserInAppTenant(appId, mockUser)
+    expect(result).toBe(true)
+  })
+
+  it("returns false if user tenant ID does not match app tenant ID", () => {
+    const appId = "app-budibase"
+    mockedGetTenantIDFromAppID.mockImplementation(() => "not-budibase")
+    const result = isUserInAppTenant(appId, mockUser)
+    expect(result).toBe(false)
+  })
+})
+
+let mockOpts: any = {}
+function createCtx(opts: {
+  originalUrl?: string
+  headers?: Record<string, string>
+  qsTenantId?: string
+  userTenantId?: string
+  host?: string
+  path?: string
+}) {
+  const createdCtx: any = {
+    originalUrl: opts.originalUrl || "budibase.com",
+    matched: [{ name: "name" }],
+    throw: jest.fn(),
+    request: { headers: {} },
+  }
+  if (opts.headers) {
+    createdCtx.request.headers = opts.headers
+  }
+  if (opts.qsTenantId) {
+    createdCtx.request.query = { tenantId: opts.qsTenantId }
+  }
+  if (opts.userTenantId) {
+    createdCtx.user = { tenantId: opts.userTenantId }
+  }
+  if (opts.host) {
+    createdCtx.host = opts.host
+  }
+  if (opts.path) {
+    createdCtx.matched = [
+      {
+        paramNames: [{ name: "tenantId" }],
+        params: () => ({ tenantId: opts.path }),
+        captures: jest.fn(),
+      },
+    ]
+  }
+
+  return createdCtx as any
+}
+
+describe("getTenantIDFromCtx", () => {
+  describe("when tenant can be found", () => {
+    it("returns the tenant ID from the user object", () => {
+      mockedIsMultiTenant.mockImplementation(() => true)
+      const ctx = createCtx({ userTenantId: "budibase" })
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toEqual("budibase")
+    })
+
+    it("returns the tenant ID from the header", () => {
+      mockedIsMultiTenant.mockImplementation(() => true)
+      const ctx = createCtx({ headers: { "x-budibase-tenant-id": "budibase" } })
+      mockOpts = { includeStrategies: [TenantResolutionStrategy.HEADER] }
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toEqual("budibase")
+    })
+
+    it("returns the tenant ID from the query param", () => {
+      mockedIsMultiTenant.mockImplementation(() => true)
+      mockOpts = { includeStrategies: [TenantResolutionStrategy.QUERY] }
+      const ctx = createCtx({ qsTenantId: "budibase" })
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toEqual("budibase")
+    })
+
+    it("returns the tenant ID from the subdomain", () => {
+      mockedIsMultiTenant.mockImplementation(() => true)
+      const ctx = createCtx({ host: "bb.app.com" })
+      mockOpts = { includeStrategies: [TenantResolutionStrategy.SUBDOMAIN] }
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toEqual("bb")
+    })
+
+    it("returns the tenant ID from the path", () => {
+      mockedIsMultiTenant.mockImplementation(() => true)
+      const ctx = createCtx({ path: "bb" })
+      mockOpts = { includeStrategies: [TenantResolutionStrategy.PATH] }
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toEqual("bb")
+    })
+  })
+
+  describe("when tenant cannot be found", () => {
+    it("throws a 403 error if allowNoTenant is false", () => {
+      const ctx = createCtx({})
+      mockOpts = {
+        allowNoTenant: false,
+        excludeStrategies: [
+          TenantResolutionStrategy.QUERY,
+          TenantResolutionStrategy.SUBDOMAIN,
+          TenantResolutionStrategy.PATH,
+        ],
+      }
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toBeNull()
+      expect(ctx.throw).toBeCalledTimes(1)
+      expect(ctx.throw).toBeCalledWith(403, "Tenant id not set")
+    })
+
+    it("returns null if allowNoTenant is true", () => {
+      const ctx = createCtx({})
+      mockOpts = {
+        allowNoTenant: true,
+        excludeStrategies: [
+          TenantResolutionStrategy.QUERY,
+          TenantResolutionStrategy.SUBDOMAIN,
+          TenantResolutionStrategy.PATH,
+        ],
+      }
+      expect(getTenantIDFromCtx(ctx, mockOpts)).toBeNull()
+    })
+  })
+
+  it("returns the default tenant ID when isMultiTenant() returns false", () => {
+    mockedIsMultiTenant.mockImplementation(() => false)
+    const ctx = createCtx({})
+    expect(getTenantIDFromCtx(ctx, mockOpts)).toEqual("default")
+  })
+})