@budibase/backend-core 2.9.19-alpha.0 → 2.9.20

package/src/users/lookup.ts

@@ -1,102 +0,0 @@
-import {
-  AccountMetadata,
-  PlatformUser,
-  PlatformUserByEmail,
-  User,
-} from "@budibase/types"
-import * as dbUtils from "../db"
-import { ViewName } from "../constants"
-
-/**
- * Apply a system-wide search on emails:
- * - in tenant
- * - cross tenant
- * - accounts
- * return an array of emails that match the supplied emails.
- */
-export async function searchExistingEmails(emails: string[]) {
-  let matchedEmails: string[] = []
-
-  const existingTenantUsers = await getExistingTenantUsers(emails)
-  matchedEmails.push(...existingTenantUsers.map(user => user.email))
-
-  const existingPlatformUsers = await getExistingPlatformUsers(emails)
-  matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
-
-  const existingAccounts = await getExistingAccounts(emails)
-  matchedEmails.push(...existingAccounts.map(account => account.email))
-
-  return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
-}
-
-// lookup, could be email or userId, either will return a doc
-export async function getPlatformUser(
-  identifier: string
-): Promise<PlatformUser | null> {
-  // use the view here and allow to find anyone regardless of casing
-  // Use lowercase to ensure email login is case insensitive
-  return (await dbUtils.queryPlatformView(ViewName.PLATFORM_USERS_LOWERCASE, {
-    keys: [identifier.toLowerCase()],
-    include_docs: true,
-  })) as PlatformUser
-}
-
-export async function getExistingTenantUsers(
-  emails: string[]
-): Promise<User[]> {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-
-  return (await dbUtils.queryGlobalView(
-    ViewName.USER_BY_EMAIL,
-    params,
-    undefined,
-    opts
-  )) as User[]
-}
-
-export async function getExistingPlatformUsers(
-  emails: string[]
-): Promise<PlatformUserByEmail[]> {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-  return (await dbUtils.queryPlatformView(
-    ViewName.PLATFORM_USERS_LOWERCASE,
-    params,
-    opts
-  )) as PlatformUserByEmail[]
-}
-
-export async function getExistingAccounts(
-  emails: string[]
-): Promise<AccountMetadata[]> {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-
-  return (await dbUtils.queryPlatformView(
-    ViewName.ACCOUNT_BY_EMAIL,
-    params,
-    opts
-  )) as AccountMetadata[]
-}

package/src/users/users.ts

@@ -1,276 +0,0 @@
-import {
-  directCouchFind,
-  DocumentType,
-  generateAppUserID,
-  getGlobalUserParams,
-  getProdAppID,
-  getUsersByAppParams,
-  pagination,
-  queryGlobalView,
-  queryGlobalViewRaw,
-  SEPARATOR,
-  UNICODE_MAX,
-  ViewName,
-} from "../db"
-import {
-  BulkDocsResponse,
-  SearchUsersRequest,
-  User,
-  ContextUser,
-} from "@budibase/types"
-import { getGlobalDB } from "../context"
-import * as context from "../context"
-import { user as userCache } from "../cache"
-
-type GetOpts = { cleanup?: boolean }
-
-function removeUserPassword(users: User | User[]) {
-  if (Array.isArray(users)) {
-    return users.map(user => {
-      if (user) {
-        delete user.password
-        return user
-      }
-    })
-  } else if (users) {
-    delete users.password
-    return users
-  }
-  return users
-}
-
-export const bulkGetGlobalUsersById = async (
-  userIds: string[],
-  opts?: GetOpts
-) => {
-  const db = getGlobalDB()
-  let users = (
-    await db.allDocs({
-      keys: userIds,
-      include_docs: true,
-    })
-  ).rows.map(row => row.doc) as User[]
-  if (opts?.cleanup) {
-    users = removeUserPassword(users) as User[]
-  }
-  return users
-}
-
-export const getAllUserIds = async () => {
-  const db = getGlobalDB()
-  const startKey = `${DocumentType.USER}${SEPARATOR}`
-  const response = await db.allDocs({
-    startkey: startKey,
-    endkey: `${startKey}${UNICODE_MAX}`,
-  })
-  return response.rows.map(row => row.id)
-}
-
-export const bulkUpdateGlobalUsers = async (users: User[]) => {
-  const db = getGlobalDB()
-  return (await db.bulkDocs(users)) as BulkDocsResponse
-}
-
-export async function getById(id: string, opts?: GetOpts): Promise<User> {
-  const db = context.getGlobalDB()
-  let user = await db.get<User>(id)
-  if (opts?.cleanup) {
-    user = removeUserPassword(user) as User
-  }
-  return user
-}
-
-/**
- * Given an email address this will use a view to search through
- * all the users to find one with this email address.
- */
-export const getGlobalUserByEmail = async (
-  email: String,
-  opts?: GetOpts
-): Promise<User | undefined> => {
-  if (email == null) {
-    throw "Must supply an email address to view"
-  }
-
-  const response = await queryGlobalView<User>(ViewName.USER_BY_EMAIL, {
-    key: email.toLowerCase(),
-    include_docs: true,
-  })
-
-  if (Array.isArray(response)) {
-    // shouldn't be able to happen, but need to handle just in case
-    throw new Error(`Multiple users found with email address: ${email}`)
-  }
-
-  let user = response as User
-  if (opts?.cleanup) {
-    user = removeUserPassword(user) as User
-  }
-
-  return user
-}
-
-export const searchGlobalUsersByApp = async (
-  appId: any,
-  opts: any,
-  getOpts?: GetOpts
-) => {
-  if (typeof appId !== "string") {
-    throw new Error("Must provide a string based app ID")
-  }
-  const params = getUsersByAppParams(appId, {
-    include_docs: true,
-  })
-  params.startkey = opts && opts.startkey ? opts.startkey : params.startkey
-  let response = await queryGlobalView(ViewName.USER_BY_APP, params)
-
-  if (!response) {
-    response = []
-  }
-  let users: User[] = Array.isArray(response) ? response : [response]
-  if (getOpts?.cleanup) {
-    users = removeUserPassword(users) as User[]
-  }
-  return users
-}
-
-/*
-  Return any user who potentially has access to the application
-  Admins, developers and app users with the explicitly role.
-*/
-export const searchGlobalUsersByAppAccess = async (appId: any, opts: any) => {
-  const roleSelector = `roles.${appId}`
-
-  let orQuery: any[] = [
-    {
-      "builder.global": true,
-    },
-    {
-      "admin.global": true,
-    },
-  ]
-
-  if (appId) {
-    const roleCheck = {
-      [roleSelector]: {
-        $exists: true,
-      },
-    }
-    orQuery.push(roleCheck)
-  }
-
-  let searchOptions = {
-    selector: {
-      $or: orQuery,
-      _id: {
-        $regex: "^us_",
-      },
-    },
-    limit: opts?.limit || 50,
-  }
-
-  const resp = await directCouchFind(context.getGlobalDBName(), searchOptions)
-  return resp?.rows
-}
-
-export const getGlobalUserByAppPage = (appId: string, user: User) => {
-  if (!user) {
-    return
-  }
-  return generateAppUserID(getProdAppID(appId)!, user._id!)
-}
-
-/**
- * Performs a starts with search on the global email view.
- */
-export const searchGlobalUsersByEmail = async (
-  email: string | unknown,
-  opts: any,
-  getOpts?: GetOpts
-) => {
-  if (typeof email !== "string") {
-    throw new Error("Must provide a string to search by")
-  }
-  const lcEmail = email.toLowerCase()
-  // handle if passing up startkey for pagination
-  const startkey = opts && opts.startkey ? opts.startkey : lcEmail
-  let response = await queryGlobalView<User>(ViewName.USER_BY_EMAIL, {
-    ...opts,
-    startkey,
-    endkey: `${lcEmail}${UNICODE_MAX}`,
-  })
-  if (!response) {
-    response = []
-  }
-  let users: User[] = Array.isArray(response) ? response : [response]
-  if (getOpts?.cleanup) {
-    users = removeUserPassword(users) as User[]
-  }
-  return users
-}
-
-const PAGE_LIMIT = 8
-export const paginatedUsers = async ({
-  page,
-  email,
-  appId,
-}: SearchUsersRequest = {}) => {
-  const db = getGlobalDB()
-  // get one extra document, to have the next page
-  const opts: any = {
-    include_docs: true,
-    limit: PAGE_LIMIT + 1,
-  }
-  // add a startkey if the page was specified (anchor)
-  if (page) {
-    opts.startkey = page
-  }
-  // property specifies what to use for the page/anchor
-  let userList: User[],
-    property = "_id",
-    getKey
-  if (appId) {
-    userList = await searchGlobalUsersByApp(appId, opts)
-    getKey = (doc: any) => getGlobalUserByAppPage(appId, doc)
-  } else if (email) {
-    userList = await searchGlobalUsersByEmail(email, opts)
-    property = "email"
-  } else {
-    // no search, query allDocs
-    const response = await db.allDocs(getGlobalUserParams(null, opts))
-    userList = response.rows.map((row: any) => row.doc)
-  }
-  return pagination(userList, PAGE_LIMIT, {
-    paginate: true,
-    property,
-    getKey,
-  })
-}
-
-export async function getUserCount() {
-  const response = await queryGlobalViewRaw(ViewName.USER_BY_EMAIL, {
-    limit: 0, // to be as fast as possible - we just want the total rows count
-    include_docs: false,
-  })
-  return response.total_rows
-}
-
-// used to remove the builder/admin permissions, for processing the
-// user as an app user (they may have some specific role/group
-export function removePortalUserPermissions(user: User | ContextUser) {
-  delete user.admin
-  delete user.builder
-  return user
-}
-
-export function cleanseUserObject(user: User | ContextUser, base?: User) {
-  delete user.admin
-  delete user.builder
-  delete user.roles
-  if (base) {
-    user.admin = base.admin
-    user.builder = base.builder
-    user.roles = base.roles
-  }
-  return user
-}

package/src/users/utils.ts

@@ -1,55 +0,0 @@
-import { CloudAccount } from "@budibase/types"
-import * as accountSdk from "../accounts"
-import env from "../environment"
-import { getPlatformUser } from "./lookup"
-import { EmailUnavailableError } from "../errors"
-import { getTenantId } from "../context"
-import { sdk } from "@budibase/shared-core"
-import { getAccountByTenantId } from "../accounts"
-
-// extract from shared-core to make easily accessible from backend-core
-export const isBuilder = sdk.users.isBuilder
-export const isAdmin = sdk.users.isAdmin
-export const isGlobalBuilder = sdk.users.isGlobalBuilder
-export const isAdminOrBuilder = sdk.users.isAdminOrBuilder
-export const hasAdminPermissions = sdk.users.hasAdminPermissions
-export const hasBuilderPermissions = sdk.users.hasBuilderPermissions
-export const hasAppBuilderPermissions = sdk.users.hasAppBuilderPermissions
-
-export async function validateUniqueUser(email: string, tenantId: string) {
-  // check budibase users in other tenants
-  if (env.MULTI_TENANCY) {
-    const tenantUser = await getPlatformUser(email)
-    if (tenantUser != null && tenantUser.tenantId !== tenantId) {
-      throw new EmailUnavailableError(email)
-    }
-  }
-
-  // check root account users in account portal
-  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
-    const account = await accountSdk.getAccount(email)
-    if (account && account.verified && account.tenantId !== tenantId) {
-      throw new EmailUnavailableError(email)
-    }
-  }
-}
-
-/**
- * For the given user id's, return the account holder if it is in the ids.
- */
-export async function getAccountHolderFromUserIds(
-  userIds: string[]
-): Promise<CloudAccount | undefined> {
-  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
-    const tenantId = getTenantId()
-    const account = await getAccountByTenantId(tenantId)
-    if (!account) {
-      throw new Error(`Account not found for tenantId=${tenantId}`)
-    }
-
-    const budibaseUserId = account.budibaseUserId
-    if (userIds.includes(budibaseUserId)) {
-      return account
-    }
-  }
-}

package/src/utils/hashing.ts

@@ -1,14 +0,0 @@
-import env from "../environment"
-export * from "../docIds/newid"
-const bcrypt = env.JS_BCRYPT ? require("bcryptjs") : require("bcrypt")
-
-const SALT_ROUNDS = env.SALT_ROUNDS || 10
-
-export async function hash(data: string) {
-  const salt = await bcrypt.genSalt(SALT_ROUNDS)
-  return bcrypt.hash(data, salt)
-}
-
-export async function compare(data: string, encrypted: string) {
-  return bcrypt.compare(data, encrypted)
-}

package/src/utils/index.ts

@@ -1,3 +0,0 @@
-export * from "./hashing"
-export * from "./utils"
-export * from "./stringUtils"

package/src/utils/stringUtils.ts

@@ -1,8 +0,0 @@
-export function validEmail(value: string) {
-  return (
-    value &&
-    !!value.match(
-      /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
-    )
-  )
-}

package/src/utils/tests/utils.spec.ts

@@ -1,191 +0,0 @@
-import { structures } from "../../../tests"
-import { DBTestConfiguration } from "../../../tests/extra"
-import * as utils from "../../utils"
-import * as db from "../../db"
-import { Header } from "../../constants"
-import { newid } from "../../utils"
-import env from "../../environment"
-import { BBContext } from "@budibase/types"
-
-describe("utils", () => {
-  const config = new DBTestConfiguration()
-
-  describe("getAppIdFromCtx", () => {
-    it("gets appId from header", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.request.headers = {
-        [Header.APP_ID]: expected,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("gets appId from body", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.request.body = {
-        appId: expected,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("gets appId from path", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.path = `/apps/${expected}`
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("gets appId from url", async () => {
-      await config.doInTenant(async () => {
-        const url = "http://test.com"
-        env._set("PLATFORM_URL", url)
-
-        const ctx = structures.koa.newContext()
-        ctx.host = `${config.tenantId}.test.com`
-
-        const expected = db.generateAppID(config.tenantId)
-        const app = structures.apps.app(expected)
-
-        // set custom url
-        const appUrl = newid()
-        app.url = `/${appUrl}`
-        ctx.path = `/app/${appUrl}`
-
-        // save the app
-        const database = db.getDB(expected)
-        await database.put(app)
-
-        const actual = await utils.getAppIdFromCtx(ctx)
-        expect(actual).toBe(expected)
-      })
-    })
-
-    it("doesn't get appId from url when previewing", async () => {
-      const ctx = structures.koa.newContext()
-      const appId = db.generateAppID()
-      const app = structures.apps.app(appId)
-
-      // set custom url
-      const appUrl = "preview"
-      app.url = `/${appUrl}`
-      ctx.path = `/app/${appUrl}`
-
-      // save the app
-      const database = db.getDB(appId)
-      await database.put(app)
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(undefined)
-    })
-
-    it("gets appId from referer", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.request.headers = {
-        referer: `http://test.com/builder/app/${expected}/design/screen_123/screens`,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("doesn't get appId from referer when not builder", async () => {
-      const ctx = structures.koa.newContext()
-      const appId = db.generateAppID()
-      ctx.request.headers = {
-        referer: `http://test.com/foo/app/${appId}/bar`,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(undefined)
-    })
-  })
-
-  describe("isServingBuilder", () => {
-    let ctx: BBContext
-
-    const expectResult = (result: boolean) =>
-      expect(utils.isServingBuilder(ctx)).toBe(result)
-
-    beforeEach(() => {
-      ctx = structures.koa.newContext()
-    })
-
-    it("returns true if current path is in builder", async () => {
-      ctx.path = "/builder/app/app_"
-      expectResult(true)
-    })
-
-    it("returns false if current path doesn't have '/' suffix", async () => {
-      ctx.path = "/builder/app"
-      expectResult(false)
-
-      ctx.path = "/xx"
-      expectResult(false)
-    })
-  })
-
-  describe("isServingBuilderPreview", () => {
-    let ctx: BBContext
-
-    const expectResult = (result: boolean) =>
-      expect(utils.isServingBuilderPreview(ctx)).toBe(result)
-
-    beforeEach(() => {
-      ctx = structures.koa.newContext()
-    })
-
-    it("returns true if current path is in builder preview", async () => {
-      ctx.path = "/app/preview/xx"
-      expectResult(true)
-    })
-
-    it("returns false if current path is not in builder preview", async () => {
-      ctx.path = "/builder"
-      expectResult(false)
-
-      ctx.path = "/xx"
-      expectResult(false)
-    })
-  })
-
-  describe("isPublicAPIRequest", () => {
-    let ctx: BBContext
-
-    const expectResult = (result: boolean) =>
-      expect(utils.isPublicApiRequest(ctx)).toBe(result)
-
-    beforeEach(() => {
-      ctx = structures.koa.newContext()
-    })
-
-    it("returns true if current path remains to public API", async () => {
-      ctx.path = "/api/public/v1/invoices"
-      expectResult(true)
-
-      ctx.path = "/api/public/v1"
-      expectResult(true)
-
-      ctx.path = "/api/public/v2"
-      expectResult(true)
-
-      ctx.path = "/api/public/v21"
-      expectResult(true)
-    })
-
-    it("returns false if current path doesn't remain to public API", async () => {
-      ctx.path = "/api/public"
-      expectResult(false)
-
-      ctx.path = "/xx"
-      expectResult(false)
-    })
-  })
-})