@budibase/backend-core 2.8.29 → 2.8.31-alpha.0

package/src/logging/system.ts

@@ -0,0 +1,81 @@
+import fs from "fs"
+import path from "path"
+import * as rfs from "rotating-file-stream"
+
+import env from "../environment"
+import { budibaseTempDir } from "../objectStore"
+
+const logsFileName = `budibase.log`
+const budibaseLogsHistoryFileName = "budibase-logs-history.txt"
+
+const logsPath = path.join(budibaseTempDir(), "systemlogs")
+
+function getFullPath(fileName: string) {
+  return path.join(logsPath, fileName)
+}
+
+export function getSingleFileMaxSizeInfo(totalMaxSize: string) {
+  const regex = /(\d+)([A-Za-z])/
+  const match = totalMaxSize?.match(regex)
+  if (!match) {
+    console.warn(`totalMaxSize does not have a valid value`, {
+      totalMaxSize,
+    })
+    return undefined
+  }
+
+  const size = +match[1]
+  const unit = match[2]
+  if (size === 1) {
+    switch (unit) {
+      case "B":
+        return { size: `${size}B`, totalHistoryFiles: 1 }
+      case "K":
+        return { size: `${(size * 1000) / 2}B`, totalHistoryFiles: 1 }
+      case "M":
+        return { size: `${(size * 1000) / 2}K`, totalHistoryFiles: 1 }
+      case "G":
+        return { size: `${(size * 1000) / 2}M`, totalHistoryFiles: 1 }
+      default:
+        return undefined
+    }
+  }
+
+  if (size % 2 === 0) {
+    return { size: `${size / 2}${unit}`, totalHistoryFiles: 1 }
+  }
+
+  return { size: `1${unit}`, totalHistoryFiles: size - 1 }
+}
+
+export function localFileDestination() {
+  const fileInfo = getSingleFileMaxSizeInfo(env.ROLLING_LOG_MAX_SIZE)
+  const outFile = rfs.createStream(logsFileName, {
+    // As we have a rolling size, we want to half the max size
+    size: fileInfo?.size,
+    path: logsPath,
+    maxFiles: fileInfo?.totalHistoryFiles || 1,
+    immutable: true,
+    history: budibaseLogsHistoryFileName,
+    initialRotation: false,
+  })
+
+  return outFile
+}
+
+export function getLogReadStream() {
+  const streams = []
+  const historyFile = getFullPath(budibaseLogsHistoryFileName)
+  if (fs.existsSync(historyFile)) {
+    const fileContent = fs.readFileSync(historyFile, "utf-8")
+    const historyFiles = fileContent.split("\n")
+    for (const historyFile of historyFiles.filter(x => x)) {
+      streams.push(fs.readFileSync(historyFile))
+    }
+  }
+
+  streams.push(fs.readFileSync(getFullPath(logsFileName)))
+
+  const combinedContent = Buffer.concat(streams)
+  return combinedContent
+}

package/src/logging/tests/system.spec.ts

@@ -0,0 +1,61 @@
+import { getSingleFileMaxSizeInfo } from "../system"
+
+describe("system", () => {
+  describe("getSingleFileMaxSizeInfo", () => {
+    it.each([
+      ["100B", "50B"],
+      ["200K", "100K"],
+      ["20M", "10M"],
+      ["4G", "2G"],
+    ])(
+      "Halving even number (%s) returns halved size and 1 history file (%s)",
+      (totalValue, expectedMaxSize) => {
+        const result = getSingleFileMaxSizeInfo(totalValue)
+        expect(result).toEqual({
+          size: expectedMaxSize,
+          totalHistoryFiles: 1,
+        })
+      }
+    )
+
+    it.each([
+      ["5B", "1B", 4],
+      ["17K", "1K", 16],
+      ["21M", "1M", 20],
+      ["3G", "1G", 2],
+    ])(
+      "Halving an odd number (%s) returns as many files as size (-1) (%s)",
+      (totalValue, expectedMaxSize, totalHistoryFiles) => {
+        const result = getSingleFileMaxSizeInfo(totalValue)
+        expect(result).toEqual({
+          size: expectedMaxSize,
+          totalHistoryFiles,
+        })
+      }
+    )
+
+    it.each([
+      ["1B", "1B"],
+      ["1K", "500B"],
+      ["1M", "500K"],
+      ["1G", "500M"],
+    ])(
+      "Halving '%s' returns halved unit (%s)",
+      (totalValue, expectedMaxSize) => {
+        const result = getSingleFileMaxSizeInfo(totalValue)
+        expect(result).toEqual({
+          size: expectedMaxSize,
+          totalHistoryFiles: 1,
+        })
+      }
+    )
+
+    it.each([[undefined], [""], ["50"], ["wrongvalue"]])(
+      "Halving wrongly formatted value ('%s') returns undefined",
+      totalValue => {
+        const result = getSingleFileMaxSizeInfo(totalValue!)
+        expect(result).toBeUndefined()
+      }
+    )
+  })
+})

package/src/middleware/adminOnly.ts

@@ -1,10 +1,8 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isAdmin } from "../users"
 
-export default async (ctx: BBContext, next: any) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
-  ) {
+export default async (ctx: UserCtx, next: any) => {
+  if (!ctx.internal && !isAdmin(ctx.user)) {
     ctx.throw(403, "Admin user only endpoint.")
   }
   return next()

package/src/middleware/builderOnly.ts

@@ -1,10 +1,19 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isBuilder, hasBuilderPermissions } from "../users"
+import { getAppId } from "../context"
+import env from "../environment"
 
-export default async (ctx: BBContext, next: any) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
-  ) {
+export default async (ctx: UserCtx, next: any) => {
+  const appId = getAppId()
+  const builderFn = env.isWorker()
+    ? hasBuilderPermissions
+    : env.isApps()
+    ? isBuilder
+    : undefined
+  if (!builderFn) {
+    throw new Error("Service name unknown - middleware inactive.")
+  }
+  if (!ctx.internal && !builderFn(ctx.user, appId)) {
     ctx.throw(403, "Builder user only endpoint.")
   }
   return next()

package/src/middleware/builderOrAdmin.ts

@@ -1,12 +1,20 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isBuilder, isAdmin, hasBuilderPermissions } from "../users"
+import { getAppId } from "../context"
+import env from "../environment"
 
-export default async (ctx: BBContext, next: any) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global) &&
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
-  ) {
-    ctx.throw(403, "Builder user only endpoint.")
+export default async (ctx: UserCtx, next: any) => {
+  const appId = getAppId()
+  const builderFn = env.isWorker()
+    ? hasBuilderPermissions
+    : env.isApps()
+    ? isBuilder
+    : undefined
+  if (!builderFn) {
+    throw new Error("Service name unknown - middleware inactive.")
+  }
+  if (!ctx.internal && !builderFn(ctx.user, appId) && !isAdmin(ctx.user)) {
+    ctx.throw(403, "Admin/Builder user only endpoint.")
   }
   return next()
 }

package/src/middleware/tests/builder.spec.ts

@@ -0,0 +1,180 @@
+import adminOnly from "../adminOnly"
+import builderOnly from "../builderOnly"
+import builderOrAdmin from "../builderOrAdmin"
+import { structures } from "../../../tests"
+import { ContextUser, ServiceType } from "@budibase/types"
+import { doInAppContext } from "../../context"
+import env from "../../environment"
+env._set("SERVICE_TYPE", ServiceType.APPS)
+
+const appId = "app_aaa"
+const basicUser = structures.users.user()
+const adminUser = structures.users.adminUser()
+const adminOnlyUser = structures.users.adminOnlyUser()
+const builderUser = structures.users.builderUser()
+const appBuilderUser = structures.users.appBuilderUser(appId)
+
+function buildUserCtx(user: ContextUser) {
+  return {
+    internal: false,
+    user,
+    throw: jest.fn(),
+  } as any
+}
+
+function passed(throwFn: jest.Func, nextFn: jest.Func) {
+  expect(throwFn).not.toBeCalled()
+  expect(nextFn).toBeCalled()
+}
+
+function threw(throwFn: jest.Func) {
+  // cant check next, the throw function doesn't actually throw - so it still continues
+  expect(throwFn).toBeCalled()
+}
+
+describe("adminOnly middleware", () => {
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    threw(ctx.throw)
+  })
+
+  it("should not allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("builderOnly middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+
+  it("should allow admin and builder user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    threw(ctx.throw)
+  })
+
+  it("should not allow app builder user to different app", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext("app_bbb", () => {
+      builderOnly(ctx, next)
+    })
+    threw(ctx.throw)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("builderOrAdmin middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow builder and admin user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOrAdmin(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("check service difference", () => {
+  it("should not allow without app ID in apps", () => {
+    env._set("SERVICE_TYPE", ServiceType.APPS)
+    const appId = "app_a"
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: [appId],
+      },
+    })
+    const next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+    doInAppContext("app_b", () => {
+      builderOnly(ctx, next)
+    })
+    threw(ctx.throw)
+  })
+
+  it("should allow without app ID in worker", () => {
+    env._set("SERVICE_TYPE", ServiceType.WORKER)
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: ["app_a"],
+      },
+    })
+    const next = jest.fn()
+    doInAppContext("app_b", () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+})

package/src/security/permissions.ts

@@ -1,29 +1,12 @@
-const { flatten } = require("lodash")
-const { cloneDeep } = require("lodash/fp")
+import { PermissionType, PermissionLevel } from "@budibase/types"
+export { PermissionType, PermissionLevel } from "@budibase/types"
+import flatten from "lodash/flatten"
+import cloneDeep from "lodash/fp/cloneDeep"
 
 export type RoleHierarchy = {
   permissionId: string
 }[]
 
-export enum PermissionLevel {
-  READ = "read",
-  WRITE = "write",
-  EXECUTE = "execute",
-  ADMIN = "admin",
-}
-
-// these are the global types, that govern the underlying default behaviour
-export enum PermissionType {
-  APP = "app",
-  TABLE = "table",
-  USER = "user",
-  AUTOMATION = "automation",
-  WEBHOOK = "webhook",
-  BUILDER = "builder",
-  VIEW = "view",
-  QUERY = "query",
-}
-
 export class Permission {
   type: PermissionType
   level: PermissionLevel
@@ -173,3 +156,4 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
 
 // utility as a lot of things need simply the builder permission
 export const BUILDER = PermissionType.BUILDER
+export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER

package/src/security/roles.ts

@@ -3,7 +3,7 @@ import { prefixRoleID, getRoleParams, DocumentType, SEPARATOR } from "../db"
 import { getAppDB } from "../context"
 import { doWithDB } from "../db"
 import { Screen, Role as RoleDoc } from "@budibase/types"
-const { cloneDeep } = require("lodash/fp")
+import cloneDeep from "lodash/fp/cloneDeep"
 
 export const BUILTIN_ROLE_IDS = {
   ADMIN: "ADMIN",

package/src/security/tests/permissions.spec.ts

@@ -1,4 +1,4 @@
-import { cloneDeep } from "lodash"
+import cloneDeep from "lodash/cloneDeep"
 import * as permissions from "../permissions"
 import { BUILTIN_ROLE_IDS } from "../roles"