@budibase/backend-core 2.9.39-alpha.0 → 2.9.39-alpha.2

package/dist/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@budibase/backend-core",
-  "version": "2.9.39-alpha.0",
+  "version": "2.9.39-alpha.2",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/index.js",
   "types": "dist/src/index.d.ts",
   "exports": {
     ".": "./dist/index.js",
-    "./tests": "./dist/tests.js",
+    "./tests": "./dist/tests/index.js",
     "./*": "./dist/*.js"
   },
   "author": "Budibase",
@@ -23,8 +23,8 @@
   "dependencies": {
     "@budibase/nano": "10.1.2",
     "@budibase/pouchdb-replication-stream": "1.2.10",
-    "@budibase/shared-core": "2.9.39-alpha.0",
-    "@budibase/types": "2.9.39-alpha.0",
+    "@budibase/shared-core": "2.9.39-alpha.2",
+    "@budibase/types": "2.9.39-alpha.2",
     "@techpass/passport-openidconnect": "0.3.2",
     "aws-cloudfront-sign": "2.2.0",
     "aws-sdk": "2.1030.0",
@@ -104,5 +104,5 @@
       }
     }
   },
-  "gitHead": "a090d99e5c942eafaf36ccf946f40cf5c37c1f37"
+  "gitHead": "a3ff9553f4e684713db0cde60bf524af51ce1bd2"
 }

package/dist/src/accounts/accounts.js

@@ -0,0 +1,100 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var accounts_exports = {};
+__export(accounts_exports, {
+  getAccount: () => getAccount,
+  getAccountByTenantId: () => getAccountByTenantId,
+  getStatus: () => getStatus
+});
+module.exports = __toCommonJS(accounts_exports);
+var import_api = __toESM(require("./api"));
+var import_environment = __toESM(require("../environment"));
+var import_constants = require("../constants");
+const api = new import_api.default(import_environment.default.ACCOUNT_PORTAL_URL);
+const EXIT_EARLY = import_environment.default.SELF_HOSTED || import_environment.default.DISABLE_ACCOUNT_PORTAL;
+const getAccount = async (email) => {
+  if (EXIT_EARLY) {
+    return;
+  }
+  const payload = {
+    email
+  };
+  const response = await api.post(`/api/accounts/search`, {
+    body: payload,
+    headers: {
+      [import_constants.Header.API_KEY]: import_environment.default.ACCOUNT_PORTAL_API_KEY
+    }
+  });
+  if (response.status !== 200) {
+    throw new Error(`Error getting account by email ${email}`);
+  }
+  const json = await response.json();
+  return json[0];
+};
+const getAccountByTenantId = async (tenantId) => {
+  if (EXIT_EARLY) {
+    return;
+  }
+  const payload = {
+    tenantId
+  };
+  const response = await api.post(`/api/accounts/search`, {
+    body: payload,
+    headers: {
+      [import_constants.Header.API_KEY]: import_environment.default.ACCOUNT_PORTAL_API_KEY
+    }
+  });
+  if (response.status !== 200) {
+    throw new Error(`Error getting account by tenantId ${tenantId}`);
+  }
+  const json = await response.json();
+  return json[0];
+};
+const getStatus = async () => {
+  if (EXIT_EARLY) {
+    return;
+  }
+  const response = await api.get(`/api/status`, {
+    headers: {
+      [import_constants.Header.API_KEY]: import_environment.default.ACCOUNT_PORTAL_API_KEY
+    }
+  });
+  const json = await response.json();
+  if (response.status !== 200) {
+    throw new Error(`Error getting status`);
+  }
+  return json;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getAccount,
+  getAccountByTenantId,
+  getStatus
+});
+//# sourceMappingURL=accounts.js.map

package/dist/src/accounts/accounts.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/accounts/accounts.ts"],
+  "sourcesContent": ["import API from \"./api\"\nimport env from \"../environment\"\nimport { Header } from \"../constants\"\nimport { CloudAccount, HealthStatusResponse } from \"@budibase/types\"\n\nconst api = new API(env.ACCOUNT_PORTAL_URL)\n\n/**\n * This client is intended to be used in a cloud hosted deploy only.\n * Rather than relying on each consumer to perform the necessary environmental checks\n * we use the following check to exit early with a undefined response which should be\n * handled by the caller.\n */\nconst EXIT_EARLY = env.SELF_HOSTED || env.DISABLE_ACCOUNT_PORTAL\n\nexport const getAccount = async (\n  email: string\n): Promise<CloudAccount | undefined> => {\n  if (EXIT_EARLY) {\n    return\n  }\n  const payload = {\n    email,\n  }\n  const response = await api.post(`/api/accounts/search`, {\n    body: payload,\n    headers: {\n      [Header.API_KEY]: env.ACCOUNT_PORTAL_API_KEY,\n    },\n  })\n\n  if (response.status !== 200) {\n    throw new Error(`Error getting account by email ${email}`)\n  }\n\n  const json: CloudAccount[] = await response.json()\n  return json[0]\n}\n\nexport const getAccountByTenantId = async (\n  tenantId: string\n): Promise<CloudAccount | undefined> => {\n  if (EXIT_EARLY) {\n    return\n  }\n  const payload = {\n    tenantId,\n  }\n  const response = await api.post(`/api/accounts/search`, {\n    body: payload,\n    headers: {\n      [Header.API_KEY]: env.ACCOUNT_PORTAL_API_KEY,\n    },\n  })\n\n  if (response.status !== 200) {\n    throw new Error(`Error getting account by tenantId ${tenantId}`)\n  }\n\n  const json: CloudAccount[] = await response.json()\n  return json[0]\n}\n\nexport const getStatus = async (): Promise<\n  HealthStatusResponse | undefined\n> => {\n  if (EXIT_EARLY) {\n    return\n  }\n  const response = await api.get(`/api/status`, {\n    headers: {\n      [Header.API_KEY]: env.ACCOUNT_PORTAL_API_KEY,\n    },\n  })\n  const json = await response.json()\n\n  if (response.status !== 200) {\n    throw new Error(`Error getting status`)\n  }\n\n  return json\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,iBAAgB;AAChB,yBAAgB;AAChB,uBAAuB;AAGvB,MAAM,MAAM,IAAI,WAAAA,QAAI,mBAAAC,QAAI,kBAAkB;AAQ1C,MAAM,aAAa,mBAAAA,QAAI,eAAe,mBAAAA,QAAI;AAEnC,MAAM,aAAa,OACxB,UACsC;AACtC,MAAI,YAAY;AACd;AAAA,EACF;AACA,QAAM,UAAU;AAAA,IACd;AAAA,EACF;AACA,QAAM,WAAW,MAAM,IAAI,KAAK,wBAAwB;AAAA,IACtD,MAAM;AAAA,IACN,SAAS;AAAA,MACP,CAAC,wBAAO,OAAO,GAAG,mBAAAA,QAAI;AAAA,IACxB;AAAA,EACF,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,IAAI,MAAM,kCAAkC,KAAK,EAAE;AAAA,EAC3D;AAEA,QAAM,OAAuB,MAAM,SAAS,KAAK;AACjD,SAAO,KAAK,CAAC;AACf;AAEO,MAAM,uBAAuB,OAClC,aACsC;AACtC,MAAI,YAAY;AACd;AAAA,EACF;AACA,QAAM,UAAU;AAAA,IACd;AAAA,EACF;AACA,QAAM,WAAW,MAAM,IAAI,KAAK,wBAAwB;AAAA,IACtD,MAAM;AAAA,IACN,SAAS;AAAA,MACP,CAAC,wBAAO,OAAO,GAAG,mBAAAA,QAAI;AAAA,IACxB;AAAA,EACF,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,IAAI,MAAM,qCAAqC,QAAQ,EAAE;AAAA,EACjE;AAEA,QAAM,OAAuB,MAAM,SAAS,KAAK;AACjD,SAAO,KAAK,CAAC;AACf;AAEO,MAAM,YAAY,YAEpB;AACH,MAAI,YAAY;AACd;AAAA,EACF;AACA,QAAM,WAAW,MAAM,IAAI,IAAI,eAAe;AAAA,IAC5C,SAAS;AAAA,MACP,CAAC,wBAAO,OAAO,GAAG,mBAAAA,QAAI;AAAA,IACxB;AAAA,EACF,CAAC;AACD,QAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,IAAI,MAAM,sBAAsB;AAAA,EACxC;AAEA,SAAO;AACT;",
+  "names": ["API", "env"]
+}

package/dist/src/accounts/api.js

@@ -0,0 +1,78 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var api_exports = {};
+__export(api_exports, {
+  default: () => API
+});
+module.exports = __toCommonJS(api_exports);
+var import_node_fetch = __toESM(require("node-fetch"));
+var logging = __toESM(require("../logging"));
+class API {
+  constructor(host) {
+    this.host = host;
+  }
+  async apiCall(method, url, options) {
+    if (!options.headers) {
+      options.headers = {};
+    }
+    if (!options.headers["Content-Type"]) {
+      options.headers = {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+        ...options.headers
+      };
+    }
+    let json = options.headers["Content-Type"] === "application/json";
+    logging.correlation.setHeader(options.headers);
+    const requestOptions = {
+      method,
+      body: json ? JSON.stringify(options.body) : options.body,
+      headers: options.headers,
+      // TODO: See if this is necessary
+      credentials: "include"
+    };
+    return await (0, import_node_fetch.default)(`${this.host}${url}`, requestOptions);
+  }
+  async post(url, options) {
+    return this.apiCall("POST", url, options);
+  }
+  async get(url, options) {
+    return this.apiCall("GET", url, options);
+  }
+  async patch(url, options) {
+    return this.apiCall("PATCH", url, options);
+  }
+  async del(url, options) {
+    return this.apiCall("DELETE", url, options);
+  }
+  async put(url, options) {
+    return this.apiCall("PUT", url, options);
+  }
+}
+//# sourceMappingURL=api.js.map

package/dist/src/accounts/api.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/accounts/api.ts"],
+  "sourcesContent": ["import fetch from \"node-fetch\"\nimport * as logging from \"../logging\"\n\nexport default class API {\n  host: string\n\n  constructor(host: string) {\n    this.host = host\n  }\n\n  async apiCall(method: string, url: string, options?: any) {\n    if (!options.headers) {\n      options.headers = {}\n    }\n\n    if (!options.headers[\"Content-Type\"]) {\n      options.headers = {\n        \"Content-Type\": \"application/json\",\n        Accept: \"application/json\",\n        ...options.headers,\n      }\n    }\n\n    let json = options.headers[\"Content-Type\"] === \"application/json\"\n\n    // add x-budibase-correlation-id header\n    logging.correlation.setHeader(options.headers)\n\n    const requestOptions = {\n      method: method,\n      body: json ? JSON.stringify(options.body) : options.body,\n      headers: options.headers,\n      // TODO: See if this is necessary\n      credentials: \"include\",\n    }\n\n    return await fetch(`${this.host}${url}`, requestOptions)\n  }\n\n  async post(url: string, options?: any) {\n    return this.apiCall(\"POST\", url, options)\n  }\n\n  async get(url: string, options?: any) {\n    return this.apiCall(\"GET\", url, options)\n  }\n\n  async patch(url: string, options?: any) {\n    return this.apiCall(\"PATCH\", url, options)\n  }\n\n  async del(url: string, options?: any) {\n    return this.apiCall(\"DELETE\", url, options)\n  }\n\n  async put(url: string, options?: any) {\n    return this.apiCall(\"PUT\", url, options)\n  }\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAAkB;AAClB,cAAyB;AAEzB,MAAO,IAAkB;AAAA,EAGvB,YAAY,MAAc;AACxB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,MAAM,QAAQ,QAAgB,KAAa,SAAe;AACxD,QAAI,CAAC,QAAQ,SAAS;AACpB,cAAQ,UAAU,CAAC;AAAA,IACrB;AAEA,QAAI,CAAC,QAAQ,QAAQ,cAAc,GAAG;AACpC,cAAQ,UAAU;AAAA,QAChB,gBAAgB;AAAA,QAChB,QAAQ;AAAA,QACR,GAAG,QAAQ;AAAA,MACb;AAAA,IACF;AAEA,QAAI,OAAO,QAAQ,QAAQ,cAAc,MAAM;AAG/C,YAAQ,YAAY,UAAU,QAAQ,OAAO;AAE7C,UAAM,iBAAiB;AAAA,MACrB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI,QAAQ;AAAA,MACpD,SAAS,QAAQ;AAAA;AAAA,MAEjB,aAAa;AAAA,IACf;AAEA,WAAO,UAAM,kBAAAA,SAAM,GAAG,KAAK,IAAI,GAAG,GAAG,IAAI,cAAc;AAAA,EACzD;AAAA,EAEA,MAAM,KAAK,KAAa,SAAe;AACrC,WAAO,KAAK,QAAQ,QAAQ,KAAK,OAAO;AAAA,EAC1C;AAAA,EAEA,MAAM,IAAI,KAAa,SAAe;AACpC,WAAO,KAAK,QAAQ,OAAO,KAAK,OAAO;AAAA,EACzC;AAAA,EAEA,MAAM,MAAM,KAAa,SAAe;AACtC,WAAO,KAAK,QAAQ,SAAS,KAAK,OAAO;AAAA,EAC3C;AAAA,EAEA,MAAM,IAAI,KAAa,SAAe;AACpC,WAAO,KAAK,QAAQ,UAAU,KAAK,OAAO;AAAA,EAC5C;AAAA,EAEA,MAAM,IAAI,KAAa,SAAe;AACpC,WAAO,KAAK,QAAQ,OAAO,KAAK,OAAO;AAAA,EACzC;AACF;",
+  "names": ["fetch"]
+}

package/dist/src/accounts/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var accounts_exports = {};
+module.exports = __toCommonJS(accounts_exports);
+__reExport(accounts_exports, require("./accounts"), module.exports);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ...require("./accounts")
+});
+//# sourceMappingURL=index.js.map

package/dist/src/accounts/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/accounts/index.ts"],
+  "sourcesContent": ["export * from \"./accounts\"\n"],
+  "mappings": ";;;;;;;;;;;;;;;AAAA;AAAA;AAAA,6BAAc,uBAAd;",
+  "names": []
+}

package/dist/src/auth/auth.js

@@ -0,0 +1,208 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var auth_exports = {};
+__export(auth_exports, {
+  adminOnly: () => import_middleware2.adminOnly,
+  auditLog: () => import_middleware2.auditLog,
+  authError: () => import_middleware2.authError,
+  buildAuthMiddleware: () => buildAuthMiddleware,
+  buildCsrfMiddleware: () => buildCsrfMiddleware,
+  buildTenancyMiddleware: () => buildTenancyMiddleware,
+  builderOnly: () => import_middleware2.builderOnly,
+  builderOrAdmin: () => import_middleware2.builderOrAdmin,
+  google: () => import_middleware2.google,
+  internalApi: () => import_middleware2.internalApi,
+  joiValidator: () => import_middleware2.joiValidator,
+  jwt: () => jwt,
+  oidc: () => import_middleware2.oidc,
+  passport: () => passport,
+  platformLogout: () => platformLogout,
+  refreshOAuthToken: () => refreshOAuthToken,
+  ssoCallbackUrl: () => import_middleware2.ssoCallbackUrl,
+  updateUserOAuth: () => updateUserOAuth
+});
+module.exports = __toCommonJS(auth_exports);
+var import_context = require("../context");
+var import_constants = require("../constants");
+var import_sessions = require("../security/sessions");
+var import_middleware = require("../middleware");
+var userCache = __toESM(require("../cache/user"));
+var import_user = require("../cache/user");
+var import_types = require("@budibase/types");
+var events = __toESM(require("../events"));
+var configs = __toESM(require("../configs"));
+var import_utils = require("../utils");
+var import_sso = require("../middleware/passport/sso/sso");
+var import_middleware2 = require("../middleware");
+const _passport = require("koa-passport");
+const LocalStrategy = require("passport-local").Strategy;
+const refresh = require("passport-oauth2-refresh");
+const buildAuthMiddleware = import_middleware.authenticated;
+const buildTenancyMiddleware = import_middleware.tenancy;
+const buildCsrfMiddleware = import_middleware.csrf;
+const passport = _passport;
+const jwt = require("jsonwebtoken");
+_passport.use(new LocalStrategy(import_middleware.local.options, import_middleware.local.authenticate));
+async function refreshOIDCAccessToken(chosenConfig, refreshToken) {
+  const callbackUrl = await import_middleware.oidc.getCallbackUrl();
+  let enrichedConfig;
+  let strategy;
+  try {
+    enrichedConfig = await import_middleware.oidc.fetchStrategyConfig(chosenConfig, callbackUrl);
+    if (!enrichedConfig) {
+      throw new Error("OIDC Config contents invalid");
+    }
+    strategy = await import_middleware.oidc.strategyFactory(enrichedConfig, import_sso.ssoSaveUserNoOp);
+  } catch (err) {
+    console.error(err);
+    throw new Error("Could not refresh OAuth Token");
+  }
+  refresh.use(strategy, {
+    setRefreshOAuth2() {
+      return strategy._getOAuth2Client(enrichedConfig);
+    }
+  });
+  return new Promise((resolve) => {
+    refresh.requestNewAccessToken(
+      import_types.ConfigType.OIDC,
+      refreshToken,
+      (err, accessToken, refreshToken2, params) => {
+        resolve({ err, accessToken, refreshToken: refreshToken2, params });
+      }
+    );
+  });
+}
+async function refreshGoogleAccessToken(config, refreshToken) {
+  let callbackUrl = await import_middleware.google.getCallbackUrl(config);
+  let strategy;
+  try {
+    strategy = await import_middleware.google.strategyFactory(
+      config,
+      callbackUrl,
+      import_sso.ssoSaveUserNoOp
+    );
+  } catch (err) {
+    console.error(err);
+    throw new Error(
+      `Error constructing OIDC refresh strategy: message=${err.message}`
+    );
+  }
+  refresh.use(strategy);
+  return new Promise((resolve) => {
+    refresh.requestNewAccessToken(
+      import_types.ConfigType.GOOGLE,
+      refreshToken,
+      (err, accessToken, refreshToken2, params) => {
+        resolve({ err, accessToken, refreshToken: refreshToken2, params });
+      }
+    );
+  });
+}
+async function refreshOAuthToken(refreshToken, providerType, configId) {
+  switch (providerType) {
+    case import_types.SSOProviderType.OIDC:
+      if (!configId) {
+        return { err: { data: "OIDC config id not provided" } };
+      }
+      const oidcConfig = await configs.getOIDCConfigById(configId);
+      if (!oidcConfig) {
+        return { err: { data: "OIDC configuration not found" } };
+      }
+      return refreshOIDCAccessToken(oidcConfig, refreshToken);
+    case import_types.SSOProviderType.GOOGLE:
+      let googleConfig = await configs.getGoogleConfig();
+      if (!googleConfig) {
+        return { err: { data: "Google configuration not found" } };
+      }
+      return refreshGoogleAccessToken(googleConfig, refreshToken);
+  }
+}
+async function updateUserOAuth(userId, oAuthConfig) {
+  const details = {
+    accessToken: oAuthConfig.accessToken,
+    refreshToken: oAuthConfig.refreshToken
+  };
+  try {
+    const db = (0, import_context.getGlobalDB)();
+    const dbUser = await db.get(userId);
+    if (typeof details.refreshToken !== "string") {
+      delete details.refreshToken;
+    }
+    dbUser.oauth2 = {
+      ...dbUser.oauth2,
+      ...details
+    };
+    await db.put(dbUser);
+    await (0, import_user.invalidateUser)(userId);
+  } catch (e) {
+    console.error("Could not update OAuth details for current user", e);
+  }
+}
+async function platformLogout(opts) {
+  const ctx = opts.ctx;
+  const userId = opts.userId;
+  const keepActiveSession = opts.keepActiveSession;
+  if (!ctx)
+    throw new Error("Koa context must be supplied to logout.");
+  const currentSession = (0, import_utils.getCookie)(ctx, import_constants.Cookie.Auth);
+  let sessions = await (0, import_sessions.getSessionsForUser)(userId);
+  if (keepActiveSession) {
+    sessions = sessions.filter(
+      (session) => session.sessionId !== currentSession.sessionId
+    );
+  } else {
+    (0, import_utils.clearCookie)(ctx, import_constants.Cookie.Auth);
+  }
+  const sessionIds = sessions.map(({ sessionId }) => sessionId);
+  await (0, import_sessions.invalidateSessions)(userId, { sessionIds, reason: "logout" });
+  await events.auth.logout(ctx.user?.email);
+  await userCache.invalidateUser(userId);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  adminOnly,
+  auditLog,
+  authError,
+  buildAuthMiddleware,
+  buildCsrfMiddleware,
+  buildTenancyMiddleware,
+  builderOnly,
+  builderOrAdmin,
+  google,
+  internalApi,
+  joiValidator,
+  jwt,
+  oidc,
+  passport,
+  platformLogout,
+  refreshOAuthToken,
+  ssoCallbackUrl,
+  updateUserOAuth
+});
+//# sourceMappingURL=auth.js.map

package/dist/src/auth/auth.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/auth/auth.ts"],
+  "sourcesContent": ["const _passport = require(\"koa-passport\")\nconst LocalStrategy = require(\"passport-local\").Strategy\nimport { getGlobalDB } from \"../context\"\nimport { Cookie } from \"../constants\"\nimport { getSessionsForUser, invalidateSessions } from \"../security/sessions\"\nimport {\n  authenticated,\n  csrf,\n  google,\n  local,\n  oidc,\n  tenancy,\n} from \"../middleware\"\nimport * as userCache from \"../cache/user\"\nimport { invalidateUser } from \"../cache/user\"\nimport {\n  ConfigType,\n  GoogleInnerConfig,\n  OIDCInnerConfig,\n  PlatformLogoutOpts,\n  SSOProviderType,\n} from \"@budibase/types\"\nimport * as events from \"../events\"\nimport * as configs from \"../configs\"\nimport { clearCookie, getCookie } from \"../utils\"\nimport { ssoSaveUserNoOp } from \"../middleware/passport/sso/sso\"\n\nconst refresh = require(\"passport-oauth2-refresh\")\nexport {\n  auditLog,\n  authError,\n  internalApi,\n  ssoCallbackUrl,\n  adminOnly,\n  builderOnly,\n  builderOrAdmin,\n  joiValidator,\n  google,\n  oidc,\n} from \"../middleware\"\nexport const buildAuthMiddleware = authenticated\nexport const buildTenancyMiddleware = tenancy\nexport const buildCsrfMiddleware = csrf\nexport const passport = _passport\nexport const jwt = require(\"jsonwebtoken\")\n\n// Strategies\n_passport.use(new LocalStrategy(local.options, local.authenticate))\n\nasync function refreshOIDCAccessToken(\n  chosenConfig: OIDCInnerConfig,\n  refreshToken: string\n): Promise<RefreshResponse> {\n  const callbackUrl = await oidc.getCallbackUrl()\n  let enrichedConfig: any\n  let strategy: any\n\n  try {\n    enrichedConfig = await oidc.fetchStrategyConfig(chosenConfig, callbackUrl)\n    if (!enrichedConfig) {\n      throw new Error(\"OIDC Config contents invalid\")\n    }\n    strategy = await oidc.strategyFactory(enrichedConfig, ssoSaveUserNoOp)\n  } catch (err) {\n    console.error(err)\n    throw new Error(\"Could not refresh OAuth Token\")\n  }\n\n  refresh.use(strategy, {\n    setRefreshOAuth2() {\n      return strategy._getOAuth2Client(enrichedConfig)\n    },\n  })\n\n  return new Promise(resolve => {\n    refresh.requestNewAccessToken(\n      ConfigType.OIDC,\n      refreshToken,\n      (err: any, accessToken: string, refreshToken: any, params: any) => {\n        resolve({ err, accessToken, refreshToken, params })\n      }\n    )\n  })\n}\n\nasync function refreshGoogleAccessToken(\n  config: GoogleInnerConfig,\n  refreshToken: any\n): Promise<RefreshResponse> {\n  let callbackUrl = await google.getCallbackUrl(config)\n\n  let strategy\n  try {\n    strategy = await google.strategyFactory(\n      config,\n      callbackUrl,\n      ssoSaveUserNoOp\n    )\n  } catch (err: any) {\n    console.error(err)\n    throw new Error(\n      `Error constructing OIDC refresh strategy: message=${err.message}`\n    )\n  }\n\n  refresh.use(strategy)\n\n  return new Promise(resolve => {\n    refresh.requestNewAccessToken(\n      ConfigType.GOOGLE,\n      refreshToken,\n      (err: any, accessToken: string, refreshToken: string, params: any) => {\n        resolve({ err, accessToken, refreshToken, params })\n      }\n    )\n  })\n}\n\ninterface RefreshResponse {\n  err?: {\n    data?: string\n  }\n  accessToken?: string\n  refreshToken?: string\n  params?: any\n}\n\nexport async function refreshOAuthToken(\n  refreshToken: string,\n  providerType: SSOProviderType,\n  configId?: string\n): Promise<RefreshResponse> {\n  switch (providerType) {\n    case SSOProviderType.OIDC:\n      if (!configId) {\n        return { err: { data: \"OIDC config id not provided\" } }\n      }\n      const oidcConfig = await configs.getOIDCConfigById(configId)\n      if (!oidcConfig) {\n        return { err: { data: \"OIDC configuration not found\" } }\n      }\n      return refreshOIDCAccessToken(oidcConfig, refreshToken)\n    case SSOProviderType.GOOGLE:\n      let googleConfig = await configs.getGoogleConfig()\n      if (!googleConfig) {\n        return { err: { data: \"Google configuration not found\" } }\n      }\n      return refreshGoogleAccessToken(googleConfig, refreshToken)\n  }\n}\n\n// TODO: Refactor to use user save function instead to prevent the need for\n// manually saving and invalidating on callback\nexport async function updateUserOAuth(userId: string, oAuthConfig: any) {\n  const details = {\n    accessToken: oAuthConfig.accessToken,\n    refreshToken: oAuthConfig.refreshToken,\n  }\n\n  try {\n    const db = getGlobalDB()\n    const dbUser = await db.get<any>(userId)\n\n    //Do not overwrite the refresh token if a valid one is not provided.\n    if (typeof details.refreshToken !== \"string\") {\n      delete details.refreshToken\n    }\n\n    dbUser.oauth2 = {\n      ...dbUser.oauth2,\n      ...details,\n    }\n\n    await db.put(dbUser)\n\n    await invalidateUser(userId)\n  } catch (e) {\n    console.error(\"Could not update OAuth details for current user\", e)\n  }\n}\n\n/**\n * Logs a user out from budibase. Re-used across account portal and builder.\n */\nexport async function platformLogout(opts: PlatformLogoutOpts) {\n  const ctx = opts.ctx\n  const userId = opts.userId\n  const keepActiveSession = opts.keepActiveSession\n\n  if (!ctx) throw new Error(\"Koa context must be supplied to logout.\")\n\n  const currentSession = getCookie(ctx, Cookie.Auth)\n  let sessions = await getSessionsForUser(userId)\n\n  if (keepActiveSession) {\n    sessions = sessions.filter(\n      session => session.sessionId !== currentSession.sessionId\n    )\n  } else {\n    // clear cookies\n    clearCookie(ctx, Cookie.Auth)\n  }\n\n  const sessionIds = sessions.map(({ sessionId }) => sessionId)\n  await invalidateSessions(userId, { sessionIds, reason: \"logout\" })\n  await events.auth.logout(ctx.user?.email)\n  await userCache.invalidateUser(userId)\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAA4B;AAC5B,uBAAuB;AACvB,sBAAuD;AACvD,wBAOO;AACP,gBAA2B;AAC3B,kBAA+B;AAC/B,mBAMO;AACP,aAAwB;AACxB,cAAyB;AACzB,mBAAuC;AACvC,iBAAgC;AAGhC,IAAAA,qBAWO;AAvCP,MAAM,YAAY,QAAQ,cAAc;AACxC,MAAM,gBAAgB,QAAQ,gBAAgB,EAAE;AA0BhD,MAAM,UAAU,QAAQ,yBAAyB;AAa1C,MAAM,sBAAsB;AAC5B,MAAM,yBAAyB;AAC/B,MAAM,sBAAsB;AAC5B,MAAM,WAAW;AACjB,MAAM,MAAM,QAAQ,cAAc;AAGzC,UAAU,IAAI,IAAI,cAAc,wBAAM,SAAS,wBAAM,YAAY,CAAC;AAElE,eAAe,uBACb,cACA,cAC0B;AAC1B,QAAM,cAAc,MAAM,uBAAK,eAAe;AAC9C,MAAI;AACJ,MAAI;AAEJ,MAAI;AACF,qBAAiB,MAAM,uBAAK,oBAAoB,cAAc,WAAW;AACzE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AACA,eAAW,MAAM,uBAAK,gBAAgB,gBAAgB,0BAAe;AAAA,EACvE,SAAS,KAAK;AACZ,YAAQ,MAAM,GAAG;AACjB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACjD;AAEA,UAAQ,IAAI,UAAU;AAAA,IACpB,mBAAmB;AACjB,aAAO,SAAS,iBAAiB,cAAc;AAAA,IACjD;AAAA,EACF,CAAC;AAED,SAAO,IAAI,QAAQ,aAAW;AAC5B,YAAQ;AAAA,MACN,wBAAW;AAAA,MACX;AAAA,MACA,CAAC,KAAU,aAAqBC,eAAmB,WAAgB;AACjE,gBAAQ,EAAE,KAAK,aAAa,cAAAA,eAAc,OAAO,CAAC;AAAA,MACpD;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEA,eAAe,yBACb,QACA,cAC0B;AAC1B,MAAI,cAAc,MAAM,yBAAO,eAAe,MAAM;AAEpD,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,yBAAO;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,KAAU;AACjB,YAAQ,MAAM,GAAG;AACjB,UAAM,IAAI;AAAA,MACR,qDAAqD,IAAI,OAAO;AAAA,IAClE;AAAA,EACF;AAEA,UAAQ,IAAI,QAAQ;AAEpB,SAAO,IAAI,QAAQ,aAAW;AAC5B,YAAQ;AAAA,MACN,wBAAW;AAAA,MACX;AAAA,MACA,CAAC,KAAU,aAAqBA,eAAsB,WAAgB;AACpE,gBAAQ,EAAE,KAAK,aAAa,cAAAA,eAAc,OAAO,CAAC;AAAA,MACpD;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAWA,eAAsB,kBACpB,cACA,cACA,UAC0B;AAC1B,UAAQ,cAAc;AAAA,IACpB,KAAK,6BAAgB;AACnB,UAAI,CAAC,UAAU;AACb,eAAO,EAAE,KAAK,EAAE,MAAM,8BAA8B,EAAE;AAAA,MACxD;AACA,YAAM,aAAa,MAAM,QAAQ,kBAAkB,QAAQ;AAC3D,UAAI,CAAC,YAAY;AACf,eAAO,EAAE,KAAK,EAAE,MAAM,+BAA+B,EAAE;AAAA,MACzD;AACA,aAAO,uBAAuB,YAAY,YAAY;AAAA,IACxD,KAAK,6BAAgB;AACnB,UAAI,eAAe,MAAM,QAAQ,gBAAgB;AACjD,UAAI,CAAC,cAAc;AACjB,eAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,EAAE;AAAA,MAC3D;AACA,aAAO,yBAAyB,cAAc,YAAY;AAAA,EAC9D;AACF;AAIA,eAAsB,gBAAgB,QAAgB,aAAkB;AACtE,QAAM,UAAU;AAAA,IACd,aAAa,YAAY;AAAA,IACzB,cAAc,YAAY;AAAA,EAC5B;AAEA,MAAI;AACF,UAAM,SAAK,4BAAY;AACvB,UAAM,SAAS,MAAM,GAAG,IAAS,MAAM;AAGvC,QAAI,OAAO,QAAQ,iBAAiB,UAAU;AAC5C,aAAO,QAAQ;AAAA,IACjB;AAEA,WAAO,SAAS;AAAA,MACd,GAAG,OAAO;AAAA,MACV,GAAG;AAAA,IACL;AAEA,UAAM,GAAG,IAAI,MAAM;AAEnB,cAAM,4BAAe,MAAM;AAAA,EAC7B,SAAS,GAAG;AACV,YAAQ,MAAM,mDAAmD,CAAC;AAAA,EACpE;AACF;AAKA,eAAsB,eAAe,MAA0B;AAC7D,QAAM,MAAM,KAAK;AACjB,QAAM,SAAS,KAAK;AACpB,QAAM,oBAAoB,KAAK;AAE/B,MAAI,CAAC;AAAK,UAAM,IAAI,MAAM,yCAAyC;AAEnE,QAAM,qBAAiB,wBAAU,KAAK,wBAAO,IAAI;AACjD,MAAI,WAAW,UAAM,oCAAmB,MAAM;AAE9C,MAAI,mBAAmB;AACrB,eAAW,SAAS;AAAA,MAClB,aAAW,QAAQ,cAAc,eAAe;AAAA,IAClD;AAAA,EACF,OAAO;AAEL,kCAAY,KAAK,wBAAO,IAAI;AAAA,EAC9B;AAEA,QAAM,aAAa,SAAS,IAAI,CAAC,EAAE,UAAU,MAAM,SAAS;AAC5D,YAAM,oCAAmB,QAAQ,EAAE,YAAY,QAAQ,SAAS,CAAC;AACjE,QAAM,OAAO,KAAK,OAAO,IAAI,MAAM,KAAK;AACxC,QAAM,UAAU,eAAe,MAAM;AACvC;",
+  "names": ["import_middleware", "refreshToken"]
+}

package/dist/src/auth/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var auth_exports = {};
+module.exports = __toCommonJS(auth_exports);
+__reExport(auth_exports, require("./auth"), module.exports);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ...require("./auth")
+});
+//# sourceMappingURL=index.js.map

package/dist/src/auth/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/auth/index.ts"],
+  "sourcesContent": ["export * from \"./auth\"\n"],
+  "mappings": ";;;;;;;;;;;;;;;AAAA;AAAA;AAAA,yBAAc,mBAAd;",
+  "names": []
+}

package/dist/src/auth/tests/auth.spec.js

@@ -0,0 +1,37 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var import_tests = require("../../../tests");
+var import_extra = require("../../../tests/extra");
+var auth = __toESM(require("../auth"));
+var events = __toESM(require("../../events"));
+describe("platformLogout", () => {
+  it("should call platform logout", async () => {
+    await import_extra.testEnv.withTenant(async () => {
+      const ctx = import_tests.structures.koa.newContext();
+      await auth.platformLogout({ ctx, userId: "test" });
+      expect(events.auth.logout).toBeCalledTimes(1);
+    });
+  });
+});
+//# sourceMappingURL=auth.spec.js.map

package/dist/src/auth/tests/auth.spec.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/auth/tests/auth.spec.ts"],
+  "sourcesContent": ["import { structures } from \"../../../tests\"\nimport { testEnv } from \"../../../tests/extra\"\nimport * as auth from \"../auth\"\nimport * as events from \"../../events\"\n\ndescribe(\"platformLogout\", () => {\n  it(\"should call platform logout\", async () => {\n    await testEnv.withTenant(async () => {\n      const ctx = structures.koa.newContext()\n      await auth.platformLogout({ ctx, userId: \"test\" })\n      expect(events.auth.logout).toBeCalledTimes(1)\n    })\n  })\n})\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;AAAA,mBAA2B;AAC3B,mBAAwB;AACxB,WAAsB;AACtB,aAAwB;AAExB,SAAS,kBAAkB,MAAM;AAC/B,KAAG,+BAA+B,YAAY;AAC5C,UAAM,qBAAQ,WAAW,YAAY;AACnC,YAAM,MAAM,wBAAW,IAAI,WAAW;AACtC,YAAM,KAAK,eAAe,EAAE,KAAK,QAAQ,OAAO,CAAC;AACjD,aAAO,OAAO,KAAK,MAAM,EAAE,gBAAgB,CAAC;AAAA,IAC9C,CAAC;AAAA,EACH,CAAC;AACH,CAAC;",
+  "names": []
+}