@budibase/backend-core 2.7.36-alpha.2 → 2.7.36

package/jest.config.ts

@@ -31,6 +31,4 @@ const config: Config.InitialOptions = {
   coverageReporters: ["lcov", "json", "clover"],
 }
 
-process.env.DISABLE_PINO_LOGGER = "1"
-
 export default config

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/backend-core",
-  "version": "2.7.36-alpha.2",
+  "version": "2.7.36",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
@@ -22,12 +22,12 @@
   "dependencies": {
     "@budibase/nano": "10.1.2",
     "@budibase/pouchdb-replication-stream": "1.2.10",
-    "@budibase/types": "2.7.36-alpha.2",
+    "@budibase/types": "2.7.36",
     "@shopify/jest-koa-mocks": "5.0.1",
     "@techpass/passport-openidconnect": "0.3.2",
     "aws-cloudfront-sign": "2.2.0",
     "aws-sdk": "2.1030.0",
-    "bcrypt": "5.1.0",
+    "bcrypt": "5.0.1",
     "bcryptjs": "2.4.3",
     "bull": "4.10.1",
     "correlation-id": "4.0.0",
@@ -101,5 +101,5 @@
       }
     }
   },
-  "gitHead": "9e73358c0b5d945e052a08f6a9277a4d263eec01"
+  "gitHead": "66929c1a9739fa64aae8cbb1b9af50919d9a306d"
 }

package/src/db/Replication.ts

@@ -57,9 +57,6 @@ class Replication {
   appReplicateOpts() {
     return {
       filter: (doc: any) => {
-        if (doc._id && doc._id.startsWith(DocumentType.AUTOMATION_LOG)) {
-          return false
-        }
         return doc._id !== DocumentType.APP_METADATA
       },
     }

package/src/docIds/ids.ts

@@ -81,19 +81,8 @@ export function generateAppUserID(prodAppId: string, userId: string) {
  * Generates a new role ID.
  * @returns {string} The new role ID which the role doc can be stored under.
  */
-export function generateRoleID(name: string) {
-  const prefix = `${DocumentType.ROLE}${SEPARATOR}`
-  if (name.startsWith(prefix)) {
-    return name
-  }
-  return `${prefix}${name}`
-}
-
-/**
- * Utility function to be more verbose.
- */
-export function prefixRoleID(name: string) {
-  return generateRoleID(name)
+export function generateRoleID(id?: any) {
+  return `${DocumentType.ROLE}${SEPARATOR}${id || newid()}`
 }
 
 /**

package/src/events/publishers/serve.ts

@@ -14,15 +14,10 @@ async function servedBuilder(timezone: string) {
   await publishEvent(Event.SERVED_BUILDER, properties)
 }
 
-async function servedApp(
-  app: App,
-  timezone: string,
-  embed?: boolean | undefined
-) {
+async function servedApp(app: App, timezone: string) {
   const properties: AppServedEvent = {
     appVersion: app.version,
     timezone,
-    embed: embed === true,
   }
   await publishEvent(Event.SERVED_APP, properties)
 }

package/src/middleware/passport/datasource/google.ts

@@ -1,11 +1,10 @@
 import * as google from "../sso/google"
 import { Cookie } from "../../../constants"
+import { clearCookie, getCookie } from "../../../utils"
+import { doWithDB } from "../../../db"
 import * as configs from "../../../configs"
-import * as cache from "../../../cache"
-import * as utils from "../../../utils"
-import { UserCtx, SSOProfile } from "@budibase/types"
+import { BBContext, Database, SSOProfile } from "@budibase/types"
 import { ssoSaveUserNoOp } from "../sso/sso"
-
 const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
 
 type Passport = {
@@ -23,7 +22,7 @@ async function fetchGoogleCreds() {
 
 export async function preAuth(
   passport: Passport,
-  ctx: UserCtx,
+  ctx: BBContext,
   next: Function
 ) {
   // get the relevant config
@@ -37,8 +36,8 @@ export async function preAuth(
     ssoSaveUserNoOp
   )
 
-  if (!ctx.query.appId) {
-    ctx.throw(400, "appId query param not present.")
+  if (!ctx.query.appId || !ctx.query.datasourceId) {
+    ctx.throw(400, "appId and datasourceId query params not present.")
   }
 
   return passport.authenticate(strategy, {
@@ -50,7 +49,7 @@ export async function preAuth(
 
 export async function postAuth(
   passport: Passport,
-  ctx: UserCtx,
+  ctx: BBContext,
   next: Function
 ) {
   // get the relevant config
@@ -58,7 +57,7 @@ export async function postAuth(
   const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
 
   let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
-  const authStateCookie = utils.getCookie(ctx, Cookie.DatasourceAuth)
+  const authStateCookie = getCookie(ctx, Cookie.DatasourceAuth)
 
   return passport.authenticate(
     new GoogleStrategy(
@@ -70,26 +69,33 @@ export async function postAuth(
       (
         accessToken: string,
         refreshToken: string,
-        _profile: SSOProfile,
+        profile: SSOProfile,
         done: Function
       ) => {
-        utils.clearCookie(ctx, Cookie.DatasourceAuth)
+        clearCookie(ctx, Cookie.DatasourceAuth)
         done(null, { accessToken, refreshToken })
       }
     ),
     { successRedirect: "/", failureRedirect: "/error" },
     async (err: any, tokens: string[]) => {
       const baseUrl = `/builder/app/${authStateCookie.appId}/data`
-
-      const id = utils.newid()
-      await cache.store(
-        `datasource:creation:${authStateCookie.appId}:google:${id}`,
-        {
-          tokens,
+      // update the DB for the datasource with all the user info
+      await doWithDB(authStateCookie.appId, async (db: Database) => {
+        let datasource
+        try {
+          datasource = await db.get(authStateCookie.datasourceId)
+        } catch (err: any) {
+          if (err.status === 404) {
+            ctx.redirect(baseUrl)
+          }
         }
-      )
-
-      ctx.redirect(`${baseUrl}/new?continue_google_setup=${id}`)
+        if (!datasource.config) {
+          datasource.config = {}
+        }
+        datasource.config.auth = { type: "google", ...tokens }
+        await db.put(datasource)
+        ctx.redirect(`${baseUrl}/datasource/${authStateCookie.datasourceId}`)
+      })
     }
   )(ctx, next)
 }

package/src/security/encryption.ts

@@ -1,17 +1,12 @@
 import crypto from "crypto"
-import fs from "fs"
-import zlib from "zlib"
 import env from "../environment"
-import { join } from "path"
 
 const ALGO = "aes-256-ctr"
 const SEPARATOR = "-"
 const ITERATIONS = 10000
+const RANDOM_BYTES = 16
 const STRETCH_LENGTH = 32
 
-const SALT_LENGTH = 16
-const IV_LENGTH = 16
-
 export enum SecretOption {
   API = "api",
   ENCRYPTION = "encryption",
@@ -36,15 +31,15 @@ export function getSecret(secretOption: SecretOption): string {
   return secret
 }
 
-function stretchString(secret: string, salt: Buffer) {
-  return crypto.pbkdf2Sync(secret, salt, ITERATIONS, STRETCH_LENGTH, "sha512")
+function stretchString(string: string, salt: Buffer) {
+  return crypto.pbkdf2Sync(string, salt, ITERATIONS, STRETCH_LENGTH, "sha512")
 }
 
 export function encrypt(
   input: string,
   secretOption: SecretOption = SecretOption.API
 ) {
-  const salt = crypto.randomBytes(SALT_LENGTH)
+  const salt = crypto.randomBytes(RANDOM_BYTES)
   const stretched = stretchString(getSecret(secretOption), salt)
   const cipher = crypto.createCipheriv(ALGO, stretched, salt)
   const base = cipher.update(input)
@@ -65,115 +60,3 @@ export function decrypt(
   const final = decipher.final()
   return Buffer.concat([base, final]).toString()
 }
-
-export async function encryptFile(
-  { dir, filename }: { dir: string; filename: string },
-  secret: string
-) {
-  const outputFileName = `${filename}.enc`
-
-  const filePath = join(dir, filename)
-  const inputFile = fs.createReadStream(filePath)
-  const outputFile = fs.createWriteStream(join(dir, outputFileName))
-
-  const salt = crypto.randomBytes(SALT_LENGTH)
-  const iv = crypto.randomBytes(IV_LENGTH)
-  const stretched = stretchString(secret, salt)
-  const cipher = crypto.createCipheriv(ALGO, stretched, iv)
-
-  outputFile.write(salt)
-  outputFile.write(iv)
-
-  inputFile.pipe(zlib.createGzip()).pipe(cipher).pipe(outputFile)
-
-  return new Promise<{ filename: string; dir: string }>(r => {
-    outputFile.on("finish", () => {
-      r({
-        filename: outputFileName,
-        dir,
-      })
-    })
-  })
-}
-
-async function getSaltAndIV(path: string) {
-  const fileStream = fs.createReadStream(path)
-
-  const salt = await readBytes(fileStream, SALT_LENGTH)
-  const iv = await readBytes(fileStream, IV_LENGTH)
-  fileStream.close()
-  return { salt, iv }
-}
-
-export async function decryptFile(
-  inputPath: string,
-  outputPath: string,
-  secret: string
-) {
-  const { salt, iv } = await getSaltAndIV(inputPath)
-  const inputFile = fs.createReadStream(inputPath, {
-    start: SALT_LENGTH + IV_LENGTH,
-  })
-
-  const outputFile = fs.createWriteStream(outputPath)
-
-  const stretched = stretchString(secret, salt)
-  const decipher = crypto.createDecipheriv(ALGO, stretched, iv)
-
-  const unzip = zlib.createGunzip()
-
-  inputFile.pipe(decipher).pipe(unzip).pipe(outputFile)
-
-  return new Promise<void>((res, rej) => {
-    outputFile.on("finish", () => {
-      outputFile.close()
-      res()
-    })
-
-    inputFile.on("error", e => {
-      outputFile.close()
-      rej(e)
-    })
-
-    decipher.on("error", e => {
-      outputFile.close()
-      rej(e)
-    })
-
-    unzip.on("error", e => {
-      outputFile.close()
-      rej(e)
-    })
-
-    outputFile.on("error", e => {
-      outputFile.close()
-      rej(e)
-    })
-  })
-}
-
-function readBytes(stream: fs.ReadStream, length: number) {
-  return new Promise<Buffer>((resolve, reject) => {
-    let bytesRead = 0
-    const data: Buffer[] = []
-
-    stream.on("readable", () => {
-      let chunk
-
-      while ((chunk = stream.read(length - bytesRead)) !== null) {
-        data.push(chunk)
-        bytesRead += chunk.length
-      }
-
-      resolve(Buffer.concat(data))
-    })
-
-    stream.on("end", () => {
-      reject(new Error("Insufficient data in the stream."))
-    })
-
-    stream.on("error", error => {
-      reject(error)
-    })
-  })
-}

package/src/security/roles.ts

@@ -1,5 +1,5 @@
 import { BuiltinPermissionID, PermissionLevel } from "./permissions"
-import { prefixRoleID, getRoleParams, DocumentType, SEPARATOR } from "../db"
+import { generateRoleID, getRoleParams, DocumentType, SEPARATOR } from "../db"
 import { getAppDB } from "../context"
 import { doWithDB } from "../db"
 import { Screen, Role as RoleDoc } from "@budibase/types"
@@ -25,28 +25,18 @@ const EXTERNAL_BUILTIN_ROLE_IDS = [
   BUILTIN_IDS.PUBLIC,
 ]
 
-export const RoleIDVersion = {
-  // original version, with a UUID based ID
-  UUID: undefined,
-  // new version - with name based ID
-  NAME: "name",
-}
-
 export class Role implements RoleDoc {
   _id: string
   _rev?: string
   name: string
   permissionId: string
   inherits?: string
-  version?: string
   permissions = {}
 
   constructor(id: string, name: string, permissionId: string) {
     this._id = id
     this.name = name
     this.permissionId = permissionId
-    // version for managing the ID - removing the role_ when responding
-    this.version = RoleIDVersion.NAME
   }
 
   addInheritance(inherits: string) {
@@ -150,13 +140,9 @@ export function lowerBuiltinRoleID(roleId1?: string, roleId2?: string): string {
  * Gets the role object, this is mainly useful for two purposes, to check if the level exists and
  * to check if the role inherits any others.
  * @param {string|null} roleId The level ID to lookup.
- * @param {object|null} opts options for the function, like whether to halt errors, instead return public.
  * @returns {Promise<Role|object|null>} The role object, which may contain an "inherits" property.
  */
-export async function getRole(
-  roleId?: string,
-  opts?: { defaultPublic?: boolean }
-): Promise<RoleDoc | undefined> {
+export async function getRole(roleId?: string): Promise<RoleDoc | undefined> {
   if (!roleId) {
     return undefined
   }
@@ -167,20 +153,14 @@ export async function getRole(
     role = cloneDeep(
       Object.values(BUILTIN_ROLES).find(role => role._id === roleId)
     )
-  } else {
-    // make sure has the prefix (if it has it then it won't be added)
-    roleId = prefixRoleID(roleId)
   }
   try {
     const db = getAppDB()
     const dbRole = await db.get(getDBRoleID(roleId))
     role = Object.assign(role, dbRole)
     // finalise the ID
-    role._id = getExternalRoleID(role._id, role.version)
+    role._id = getExternalRoleID(role._id)
   } catch (err) {
-    if (!isBuiltin(roleId) && opts?.defaultPublic) {
-      return cloneDeep(BUILTIN_ROLES.PUBLIC)
-    }
     // only throw an error if there is no role at all
     if (Object.keys(role).length === 0) {
       throw err
@@ -274,9 +254,6 @@ export async function getAllRoles(appId?: string) {
         })
       )
       roles = body.rows.map((row: any) => row.doc)
-      roles.forEach(
-        role => (role._id = getExternalRoleID(role._id!, role.version))
-      )
     }
     const builtinRoles = getBuiltinRoles()
 
@@ -284,15 +261,14 @@ export async function getAllRoles(appId?: string) {
     for (let builtinRoleId of EXTERNAL_BUILTIN_ROLE_IDS) {
       const builtinRole = builtinRoles[builtinRoleId]
       const dbBuiltin = roles.filter(
-        dbRole =>
-          getExternalRoleID(dbRole._id!, dbRole.version) === builtinRoleId
+        dbRole => getExternalRoleID(dbRole._id) === builtinRoleId
       )[0]
       if (dbBuiltin == null) {
         roles.push(builtinRole || builtinRoles.BASIC)
       } else {
         // remove role and all back after combining with the builtin
         roles = roles.filter(role => role._id !== dbBuiltin._id)
-        dbBuiltin._id = getExternalRoleID(dbBuiltin._id!, dbBuiltin.version)
+        dbBuiltin._id = getExternalRoleID(dbBuiltin._id)
         roles.push(Object.assign(builtinRole, dbBuiltin))
       }
     }
@@ -398,22 +374,19 @@ export class AccessController {
 /**
  * Adds the "role_" for builtin role IDs which are to be written to the DB (for permissions).
  */
-export function getDBRoleID(roleName: string) {
-  if (roleName?.startsWith(DocumentType.ROLE)) {
-    return roleName
+export function getDBRoleID(roleId?: string) {
+  if (roleId?.startsWith(DocumentType.ROLE)) {
+    return roleId
   }
-  return prefixRoleID(roleName)
+  return generateRoleID(roleId)
 }
 
 /**
  * Remove the "role_" from builtin role IDs that have been written to the DB (for permissions).
  */
-export function getExternalRoleID(roleId: string, version?: string) {
+export function getExternalRoleID(roleId?: string) {
   // for built-in roles we want to remove the DB role ID element (role_)
-  if (
-    (roleId.startsWith(DocumentType.ROLE) && isBuiltin(roleId)) ||
-    version === RoleIDVersion.NAME
-  ) {
+  if (roleId?.startsWith(DocumentType.ROLE) && isBuiltin(roleId)) {
     return roleId.split(`${DocumentType.ROLE}${SEPARATOR}`)[1]
   }
   return roleId