npm - @budibase/backend-core - Versions diffs - 2.9.40-alpha.6 → 2.10.1 - Mend

@budibase/backend-core 2.9.40-alpha.6 → 2.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

package/dist/index.js +5 -4
package/dist/index.js.map +2 -2
package/dist/index.js.meta.json +1 -1
package/dist/package.json +6 -6
package/dist/src/cache/appMetadata.js +1 -1
package/dist/src/cache/appMetadata.js.map +1 -1
package/dist/src/constants/misc.d.ts +0 -2
package/dist/src/constants/misc.js +0 -2
package/dist/src/constants/misc.js.map +1 -1
package/dist/src/environment.js +5 -4
package/dist/src/environment.js.map +1 -1
package/dist/src/logging/system.d.ts +1 -1
package/dist/src/timers/timers.d.ts +1 -1
package/package.json +6 -6
package/src/accounts/accounts.ts +82 -0
package/src/accounts/api.ts +59 -0
package/src/accounts/index.ts +1 -0
package/src/auth/auth.ts +208 -0
package/src/auth/index.ts +1 -0
package/src/auth/tests/auth.spec.ts +14 -0
package/src/blacklist/blacklist.ts +54 -0
package/src/blacklist/index.ts +1 -0
package/src/blacklist/tests/blacklist.spec.ts +46 -0
package/src/cache/appMetadata.ts +88 -0
package/src/cache/base/index.ts +92 -0
package/src/cache/generic.ts +30 -0
package/src/cache/index.ts +5 -0
package/src/cache/tests/writethrough.spec.ts +138 -0
package/src/cache/user.ts +83 -0
package/src/cache/writethrough.ts +133 -0
package/src/configs/configs.ts +257 -0
package/src/configs/index.ts +1 -0
package/src/configs/tests/configs.spec.ts +184 -0
package/src/constants/db.ts +63 -0
package/src/constants/index.ts +2 -0
package/src/constants/misc.ts +50 -0
package/src/context/Context.ts +14 -0
package/src/context/identity.ts +58 -0
package/src/context/index.ts +3 -0
package/src/context/mainContext.ts +310 -0
package/src/context/tests/index.spec.ts +147 -0
package/src/context/types.ts +11 -0
package/src/db/Replication.ts +84 -0
package/src/db/constants.ts +10 -0
package/src/db/couch/DatabaseImpl.ts +238 -0
package/src/db/couch/connections.ts +77 -0
package/src/db/couch/index.ts +5 -0
package/src/db/couch/pouchDB.ts +97 -0
package/src/db/couch/pouchDump.ts +0 -0
package/src/db/couch/utils.ts +50 -0
package/src/db/db.ts +43 -0
package/src/db/errors.ts +14 -0
package/src/db/index.ts +12 -0
package/src/db/lucene.ts +750 -0
package/src/db/searchIndexes/index.ts +1 -0
package/src/db/searchIndexes/searchIndexes.ts +62 -0
package/src/db/tests/index.spec.js +25 -0
package/src/db/tests/lucene.spec.ts +368 -0
package/src/db/tests/pouch.spec.js +62 -0
package/src/db/tests/utils.spec.ts +63 -0
package/src/db/utils.ts +207 -0
package/src/db/views.ts +241 -0
package/src/docIds/conversions.ts +59 -0
package/src/docIds/ids.ts +113 -0
package/src/docIds/index.ts +2 -0
package/src/docIds/newid.ts +5 -0
package/src/docIds/params.ts +174 -0
package/src/docUpdates/index.ts +29 -0
package/src/environment.ts +201 -0
package/src/errors/errors.ts +119 -0
package/src/errors/index.ts +1 -0
package/src/events/analytics.ts +6 -0
package/src/events/asyncEvents/index.ts +2 -0
package/src/events/asyncEvents/publisher.ts +12 -0
package/src/events/asyncEvents/queue.ts +22 -0
package/src/events/backfill.ts +183 -0
package/src/events/documentId.ts +56 -0
package/src/events/events.ts +40 -0
package/src/events/identification.ts +310 -0
package/src/events/index.ts +14 -0
package/src/events/processors/AnalyticsProcessor.ts +64 -0
package/src/events/processors/AuditLogsProcessor.ts +93 -0
package/src/events/processors/LoggingProcessor.ts +37 -0
package/src/events/processors/Processors.ts +52 -0
package/src/events/processors/async/DocumentUpdateProcessor.ts +43 -0
package/src/events/processors/index.ts +19 -0
package/src/events/processors/posthog/PosthogProcessor.ts +118 -0
package/src/events/processors/posthog/index.ts +2 -0
package/src/events/processors/posthog/rateLimiting.ts +106 -0
package/src/events/processors/posthog/tests/PosthogProcessor.spec.ts +168 -0
package/src/events/processors/types.ts +1 -0
package/src/events/publishers/account.ts +35 -0
package/src/events/publishers/app.ts +155 -0
package/src/events/publishers/auditLog.ts +26 -0
package/src/events/publishers/auth.ts +73 -0
package/src/events/publishers/automation.ts +110 -0
package/src/events/publishers/backfill.ts +74 -0
package/src/events/publishers/backup.ts +42 -0
package/src/events/publishers/datasource.ts +48 -0
package/src/events/publishers/email.ts +17 -0
package/src/events/publishers/environmentVariable.ts +38 -0
package/src/events/publishers/group.ts +99 -0
package/src/events/publishers/index.ts +24 -0
package/src/events/publishers/installation.ts +38 -0
package/src/events/publishers/layout.ts +26 -0
package/src/events/publishers/license.ts +84 -0
package/src/events/publishers/org.ts +37 -0
package/src/events/publishers/plugin.ts +47 -0
package/src/events/publishers/query.ts +88 -0
package/src/events/publishers/role.ts +62 -0
package/src/events/publishers/rows.ts +29 -0
package/src/events/publishers/screen.ts +36 -0
package/src/events/publishers/serve.ts +43 -0
package/src/events/publishers/table.ts +70 -0
package/src/events/publishers/user.ts +202 -0
package/src/events/publishers/view.ts +107 -0
package/src/features/index.ts +78 -0
package/src/features/installation.ts +17 -0
package/src/features/tests/featureFlags.spec.ts +85 -0
package/src/helpers.ts +9 -0
package/src/index.ts +54 -0
package/src/installation.ts +107 -0
package/src/logging/alerts.ts +26 -0
package/src/logging/correlation/correlation.ts +13 -0
package/src/logging/correlation/index.ts +1 -0
package/src/logging/correlation/middleware.ts +17 -0
package/src/logging/index.ts +4 -0
package/src/logging/pino/logger.ts +232 -0
package/src/logging/pino/middleware.ts +45 -0
package/src/logging/system.ts +81 -0
package/src/logging/tests/system.spec.ts +61 -0
package/src/middleware/adminOnly.ts +9 -0
package/src/middleware/auditLog.ts +6 -0
package/src/middleware/authenticated.ts +193 -0
package/src/middleware/builderOnly.ts +21 -0
package/src/middleware/builderOrAdmin.ts +21 -0
package/src/middleware/csrf.ts +81 -0
package/src/middleware/errorHandling.ts +29 -0
package/src/middleware/index.ts +21 -0
package/src/middleware/internalApi.ts +23 -0
package/src/middleware/joi-validator.ts +45 -0
package/src/middleware/matchers.ts +47 -0
package/src/middleware/passport/datasource/google.ts +95 -0
package/src/middleware/passport/local.ts +54 -0
package/src/middleware/passport/sso/google.ts +77 -0
package/src/middleware/passport/sso/oidc.ts +154 -0
package/src/middleware/passport/sso/sso.ts +165 -0
package/src/middleware/passport/sso/tests/google.spec.ts +67 -0
package/src/middleware/passport/sso/tests/oidc.spec.ts +152 -0
package/src/middleware/passport/sso/tests/sso.spec.ts +197 -0
package/src/middleware/passport/utils.ts +38 -0
package/src/middleware/querystringToBody.ts +28 -0
package/src/middleware/tenancy.ts +36 -0
package/src/middleware/tests/builder.spec.ts +180 -0
package/src/middleware/tests/matchers.spec.ts +134 -0
package/src/migrations/definitions.ts +40 -0
package/src/migrations/index.ts +2 -0
package/src/migrations/migrations.ts +191 -0
package/src/migrations/tests/__snapshots__/migrations.spec.ts.snap +11 -0
package/src/migrations/tests/migrations.spec.ts +64 -0
package/src/objectStore/buckets/app.ts +40 -0
package/src/objectStore/buckets/global.ts +29 -0
package/src/objectStore/buckets/index.ts +3 -0
package/src/objectStore/buckets/plugins.ts +71 -0
package/src/objectStore/buckets/tests/app.spec.ts +171 -0
package/src/objectStore/buckets/tests/global.spec.ts +74 -0
package/src/objectStore/buckets/tests/plugins.spec.ts +111 -0
package/src/objectStore/cloudfront.ts +41 -0
package/src/objectStore/index.ts +3 -0
package/src/objectStore/objectStore.ts +440 -0
package/src/objectStore/utils.ts +27 -0
package/src/platform/index.ts +3 -0
package/src/platform/platformDb.ts +6 -0
package/src/platform/tenants.ts +101 -0
package/src/platform/tests/tenants.spec.ts +26 -0
package/src/platform/users.ts +90 -0
package/src/plugin/index.ts +1 -0
package/src/plugin/tests/validation.spec.ts +83 -0
package/src/plugin/utils.ts +156 -0
package/src/queue/constants.ts +6 -0
package/src/queue/inMemoryQueue.ts +141 -0
package/src/queue/index.ts +2 -0
package/src/queue/listeners.ts +195 -0
package/src/queue/queue.ts +54 -0
package/src/redis/index.ts +6 -0
package/src/redis/init.ts +86 -0
package/src/redis/redis.ts +308 -0
package/src/redis/redlockImpl.ts +139 -0
package/src/redis/utils.ts +117 -0
package/src/security/encryption.ts +179 -0
package/src/security/permissions.ts +158 -0
package/src/security/roles.ts +389 -0
package/src/security/sessions.ts +120 -0
package/src/security/tests/encryption.spec.ts +31 -0
package/src/security/tests/permissions.spec.ts +145 -0
package/src/security/tests/sessions.spec.ts +12 -0
package/src/tenancy/db.ts +6 -0
package/src/tenancy/index.ts +2 -0
package/src/tenancy/tenancy.ts +140 -0
package/src/tenancy/tests/tenancy.spec.ts +184 -0
package/src/timers/index.ts +1 -0
package/src/timers/timers.ts +22 -0
package/src/users/db.ts +484 -0
package/src/users/events.ts +176 -0
package/src/users/index.ts +4 -0
package/src/users/lookup.ts +102 -0
package/src/users/users.ts +276 -0
package/src/users/utils.ts +55 -0
package/src/utils/hashing.ts +14 -0
package/src/utils/index.ts +3 -0
package/src/utils/stringUtils.ts +8 -0
package/src/utils/tests/utils.spec.ts +191 -0
package/src/utils/utils.ts +239 -0
package/tests/core/logging.ts +34 -0
package/tests/core/utilities/index.ts +6 -0
package/tests/core/utilities/jestUtils.ts +30 -0
package/tests/core/utilities/mocks/alerts.ts +3 -0
package/tests/core/utilities/mocks/date.ts +2 -0
package/tests/core/utilities/mocks/events.ts +131 -0
package/tests/core/utilities/mocks/fetch.ts +17 -0
package/tests/core/utilities/mocks/index.ts +10 -0
package/tests/core/utilities/mocks/licenses.ts +115 -0
package/tests/core/utilities/mocks/posthog.ts +7 -0
package/tests/core/utilities/structures/Chance.ts +20 -0
package/tests/core/utilities/structures/accounts.ts +115 -0
package/tests/core/utilities/structures/apps.ts +21 -0
package/tests/core/utilities/structures/common.ts +7 -0
package/tests/core/utilities/structures/db.ts +12 -0
package/tests/core/utilities/structures/documents/index.ts +1 -0
package/tests/core/utilities/structures/documents/platform/index.ts +1 -0
package/tests/core/utilities/structures/documents/platform/installation.ts +12 -0
package/tests/core/utilities/structures/generator.ts +2 -0
package/tests/core/utilities/structures/index.ts +15 -0
package/tests/core/utilities/structures/koa.ts +16 -0
package/tests/core/utilities/structures/licenses.ts +167 -0
package/tests/core/utilities/structures/plugins.ts +19 -0
package/tests/core/utilities/structures/quotas.ts +67 -0
package/tests/core/utilities/structures/scim.ts +80 -0
package/tests/core/utilities/structures/shared.ts +19 -0
package/tests/core/utilities/structures/sso.ts +119 -0
package/tests/core/utilities/structures/tenants.ts +5 -0
package/tests/core/utilities/structures/userGroups.ts +10 -0
package/tests/core/utilities/structures/users.ts +73 -0
package/tests/core/utilities/testContainerUtils.ts +85 -0
package/tests/core/utilities/utils/index.ts +1 -0
package/tests/core/utilities/utils/time.ts +3 -0
package/tests/extra/DBTestConfiguration.ts +36 -0
package/tests/extra/index.ts +2 -0
package/tests/extra/testEnv.ts +95 -0
package/tests/index.ts +1 -0
package/tests/jestEnv.ts +6 -0
package/tests/jestSetup.ts +28 -0

package/src/security/encryption.ts ADDED Viewed

@@ -0,0 +1,179 @@
+import crypto from "crypto"
+import fs from "fs"
+import zlib from "zlib"
+import env from "../environment"
+import { join } from "path"
+const ALGO = "aes-256-ctr"
+const SEPARATOR = "-"
+const ITERATIONS = 10000
+const STRETCH_LENGTH = 32
+const SALT_LENGTH = 16
+const IV_LENGTH = 16
+export enum SecretOption {
+  API = "api",
+  ENCRYPTION = "encryption",
+}
+export function getSecret(secretOption: SecretOption): string {
+  let secret, secretName
+  switch (secretOption) {
+    case SecretOption.ENCRYPTION:
+      secret = env.ENCRYPTION_KEY
+      secretName = "ENCRYPTION_KEY"
+      break
+    case SecretOption.API:
+    default:
+      secret = env.API_ENCRYPTION_KEY
+      secretName = "API_ENCRYPTION_KEY"
+      break
+  }
+  if (!secret) {
+    throw new Error(`Secret "${secretName}" has not been set in environment.`)
+  }
+  return secret
+}
+function stretchString(secret: string, salt: Buffer) {
+  return crypto.pbkdf2Sync(secret, salt, ITERATIONS, STRETCH_LENGTH, "sha512")
+}
+export function encrypt(
+  input: string,
+  secretOption: SecretOption = SecretOption.API
+) {
+  const salt = crypto.randomBytes(SALT_LENGTH)
+  const stretched = stretchString(getSecret(secretOption), salt)
+  const cipher = crypto.createCipheriv(ALGO, stretched, salt)
+  const base = cipher.update(input)
+  const final = cipher.final()
+  const encrypted = Buffer.concat([base, final]).toString("hex")
+  return `${salt.toString("hex")}${SEPARATOR}${encrypted}`
+}
+export function decrypt(
+  input: string,
+  secretOption: SecretOption = SecretOption.API
+) {
+  const [salt, encrypted] = input.split(SEPARATOR)
+  const saltBuffer = Buffer.from(salt, "hex")
+  const stretched = stretchString(getSecret(secretOption), saltBuffer)
+  const decipher = crypto.createDecipheriv(ALGO, stretched, saltBuffer)
+  const base = decipher.update(Buffer.from(encrypted, "hex"))
+  const final = decipher.final()
+  return Buffer.concat([base, final]).toString()
+}
+export async function encryptFile(
+  { dir, filename }: { dir: string; filename: string },
+  secret: string
+) {
+  const outputFileName = `${filename}.enc`
+  const filePath = join(dir, filename)
+  const inputFile = fs.createReadStream(filePath)
+  const outputFile = fs.createWriteStream(join(dir, outputFileName))
+  const salt = crypto.randomBytes(SALT_LENGTH)
+  const iv = crypto.randomBytes(IV_LENGTH)
+  const stretched = stretchString(secret, salt)
+  const cipher = crypto.createCipheriv(ALGO, stretched, iv)
+  outputFile.write(salt)
+  outputFile.write(iv)
+  inputFile.pipe(zlib.createGzip()).pipe(cipher).pipe(outputFile)
+  return new Promise<{ filename: string; dir: string }>(r => {
+    outputFile.on("finish", () => {
+      r({
+        filename: outputFileName,
+        dir,
+      })
+    })
+  })
+}
+async function getSaltAndIV(path: string) {
+  const fileStream = fs.createReadStream(path)
+  const salt = await readBytes(fileStream, SALT_LENGTH)
+  const iv = await readBytes(fileStream, IV_LENGTH)
+  fileStream.close()
+  return { salt, iv }
+}
+export async function decryptFile(
+  inputPath: string,
+  outputPath: string,
+  secret: string
+) {
+  const { salt, iv } = await getSaltAndIV(inputPath)
+  const inputFile = fs.createReadStream(inputPath, {
+    start: SALT_LENGTH + IV_LENGTH,
+  })
+  const outputFile = fs.createWriteStream(outputPath)
+  const stretched = stretchString(secret, salt)
+  const decipher = crypto.createDecipheriv(ALGO, stretched, iv)
+  const unzip = zlib.createGunzip()
+  inputFile.pipe(decipher).pipe(unzip).pipe(outputFile)
+  return new Promise<void>((res, rej) => {
+    outputFile.on("finish", () => {
+      outputFile.close()
+      res()
+    })
+    inputFile.on("error", e => {
+      outputFile.close()
+      rej(e)
+    })
+    decipher.on("error", e => {
+      outputFile.close()
+      rej(e)
+    })
+    unzip.on("error", e => {
+      outputFile.close()
+      rej(e)
+    })
+    outputFile.on("error", e => {
+      outputFile.close()
+      rej(e)
+    })
+  })
+}
+function readBytes(stream: fs.ReadStream, length: number) {
+  return new Promise<Buffer>((resolve, reject) => {
+    let bytesRead = 0
+    const data: Buffer[] = []
+    stream.on("readable", () => {
+      let chunk
+      while ((chunk = stream.read(length - bytesRead)) !== null) {
+        data.push(chunk)
+        bytesRead += chunk.length
+      }
+      resolve(Buffer.concat(data))
+    })
+    stream.on("end", () => {
+      reject(new Error("Insufficient data in the stream."))
+    })
+    stream.on("error", error => {
+      reject(error)
+    })
+  })
+}

package/src/security/permissions.ts ADDED Viewed

@@ -0,0 +1,158 @@
+import { PermissionType, PermissionLevel } from "@budibase/types"
+export { PermissionType, PermissionLevel } from "@budibase/types"
+import flatten from "lodash/flatten"
+import cloneDeep from "lodash/fp/cloneDeep"
+export type RoleHierarchy = {
+  permissionId: string
+}[]
+export class Permission {
+  type: PermissionType
+  level: PermissionLevel
+  constructor(type: PermissionType, level: PermissionLevel) {
+    this.type = type
+    this.level = level
+  }
+}
+export function levelToNumber(perm: PermissionLevel) {
+  switch (perm) {
+    // not everything has execute privileges
+    case PermissionLevel.EXECUTE:
+      return 0
+    case PermissionLevel.READ:
+      return 1
+    case PermissionLevel.WRITE:
+      return 2
+    case PermissionLevel.ADMIN:
+      return 3
+    default:
+      return -1
+  }
+}
+/**
+ * Given the specified permission level for the user return the levels they are allowed to carry out.
+ * @param {string} userPermLevel The permission level of the user.
+ * @return {string[]} All the permission levels this user is allowed to carry out.
+ */
+export function getAllowedLevels(userPermLevel: PermissionLevel): string[] {
+  switch (userPermLevel) {
+    case PermissionLevel.EXECUTE:
+      return [PermissionLevel.EXECUTE]
+    case PermissionLevel.READ:
+      return [PermissionLevel.EXECUTE, PermissionLevel.READ]
+    case PermissionLevel.WRITE:
+    case PermissionLevel.ADMIN:
+      return [
+        PermissionLevel.EXECUTE,
+        PermissionLevel.READ,
+        PermissionLevel.WRITE,
+      ]
+    default:
+      return []
+  }
+}
+export enum BuiltinPermissionID {
+  PUBLIC = "public",
+  READ_ONLY = "read_only",
+  WRITE = "write",
+  ADMIN = "admin",
+  POWER = "power",
+}
+export const BUILTIN_PERMISSIONS = {
+  PUBLIC: {
+    _id: BuiltinPermissionID.PUBLIC,
+    name: "Public",
+    permissions: [
+      new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE),
+    ],
+  },
+  READ_ONLY: {
+    _id: BuiltinPermissionID.READ_ONLY,
+    name: "Read only",
+    permissions: [
+      new Permission(PermissionType.QUERY, PermissionLevel.READ),
+      new Permission(PermissionType.TABLE, PermissionLevel.READ),
+    ],
+  },
+  WRITE: {
+    _id: BuiltinPermissionID.WRITE,
+    name: "Read/Write",
+    permissions: [
+      new Permission(PermissionType.QUERY, PermissionLevel.WRITE),
+      new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
+      new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
+      new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
+    ],
+  },
+  POWER: {
+    _id: BuiltinPermissionID.POWER,
+    name: "Power",
+    permissions: [
+      new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
+      new Permission(PermissionType.USER, PermissionLevel.READ),
+      new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
+      new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
+      new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
+    ],
+  },
+  ADMIN: {
+    _id: BuiltinPermissionID.ADMIN,
+    name: "Admin",
+    permissions: [
+      new Permission(PermissionType.TABLE, PermissionLevel.ADMIN),
+      new Permission(PermissionType.USER, PermissionLevel.ADMIN),
+      new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
+      new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
+      new Permission(PermissionType.QUERY, PermissionLevel.ADMIN),
+      new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
+    ],
+  },
+}
+export function getBuiltinPermissions() {
+  return cloneDeep(BUILTIN_PERMISSIONS)
+}
+export function getBuiltinPermissionByID(id: string) {
+  const perms = Object.values(BUILTIN_PERMISSIONS)
+  return perms.find(perm => perm._id === id)
+}
+export function doesHaveBasePermission(
+  permType: PermissionType,
+  permLevel: PermissionLevel,
+  rolesHierarchy: RoleHierarchy
+) {
+  const basePermissions = [
+    ...new Set(rolesHierarchy.map(role => role.permissionId)),
+  ]
+  const builtins = Object.values(BUILTIN_PERMISSIONS)
+  let permissions = flatten(
+    builtins
+      .filter(builtin => basePermissions.indexOf(builtin._id) !== -1)
+      .map(builtin => builtin.permissions)
+  )
+  for (let permission of permissions) {
+    if (
+      permission.type === permType &&
+      getAllowedLevels(permission.level).indexOf(permLevel) !== -1
+    ) {
+      return true
+    }
+  }
+  return false
+}
+export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
+  return levelToNumber(level) > 1
+}
+// utility as a lot of things need simply the builder permission
+export const BUILDER = PermissionType.BUILDER
+export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER