@budibase/backend-core 2.9.40-alpha.6 → 2.10.1

package/src/utils/utils.ts

@@ -0,0 +1,239 @@
+import { getAllApps } from "../db"
+import { Header, MAX_VALID_DATE, DocumentType, SEPARATOR } from "../constants"
+import env from "../environment"
+import * as tenancy from "../tenancy"
+import * as context from "../context"
+import {
+  App,
+  AuditedEventFriendlyName,
+  Ctx,
+  Event,
+  TenantResolutionStrategy,
+} from "@budibase/types"
+import { SetOption } from "cookies"
+const jwt = require("jsonwebtoken")
+
+const APP_PREFIX = DocumentType.APP + SEPARATOR
+const PROD_APP_PREFIX = "/app/"
+
+const BUILDER_PREVIEW_PATH = "/app/preview"
+const BUILDER_PREFIX = "/builder"
+const BUILDER_APP_PREFIX = `${BUILDER_PREFIX}/app/`
+const PUBLIC_API_PREFIX = "/api/public/v"
+
+function confirmAppId(possibleAppId: string | undefined) {
+  return possibleAppId && possibleAppId.startsWith(APP_PREFIX)
+    ? possibleAppId
+    : undefined
+}
+
+export async function resolveAppUrl(ctx: Ctx) {
+  const appUrl = ctx.path.split("/")[2]
+  let possibleAppUrl = `/${appUrl.toLowerCase()}`
+
+  let tenantId: string | null = context.getTenantId()
+  if (env.MULTI_TENANCY) {
+    // always use the tenant id from the subdomain in multi tenancy
+    // this ensures the logged-in user tenant id doesn't overwrite
+    // e.g. in the case of viewing a public app while already logged-in to another tenant
+    tenantId = tenancy.getTenantIDFromCtx(ctx, {
+      includeStrategies: [TenantResolutionStrategy.SUBDOMAIN],
+    })
+  }
+
+  // search prod apps for a url that matches
+  const apps: App[] = await context.doInTenant(
+    tenantId,
+    () => getAllApps({ dev: false }) as Promise<App[]>
+  )
+  const app = apps.filter(
+    a => a.url && a.url.toLowerCase() === possibleAppUrl
+  )[0]
+
+  return app && app.appId ? app.appId : undefined
+}
+
+export function isServingApp(ctx: Ctx) {
+  // dev app
+  if (ctx.path.startsWith(`/${APP_PREFIX}`)) {
+    return true
+  }
+  // prod app
+  if (ctx.path.startsWith(PROD_APP_PREFIX)) {
+    return true
+  }
+  return false
+}
+
+export function isServingBuilder(ctx: Ctx): boolean {
+  return ctx.path.startsWith(BUILDER_APP_PREFIX)
+}
+
+export function isServingBuilderPreview(ctx: Ctx): boolean {
+  return ctx.path.startsWith(BUILDER_PREVIEW_PATH)
+}
+
+export function isPublicApiRequest(ctx: Ctx): boolean {
+  return ctx.path.startsWith(PUBLIC_API_PREFIX)
+}
+
+/**
+ * Given a request tries to find the appId, which can be located in various places
+ * @param {object} ctx The main request body to look through.
+ * @returns {string|undefined} If an appId was found it will be returned.
+ */
+export async function getAppIdFromCtx(ctx: Ctx) {
+  // look in headers
+  const options = [ctx.request.headers[Header.APP_ID]]
+  let appId
+  for (let option of options) {
+    appId = confirmAppId(option as string)
+    if (appId) {
+      break
+    }
+  }
+
+  // look in body
+  if (!appId && ctx.request.body && ctx.request.body.appId) {
+    appId = confirmAppId(ctx.request.body.appId)
+  }
+
+  // look in the path
+  const pathId = parseAppIdFromUrl(ctx.path)
+  if (!appId && pathId) {
+    appId = confirmAppId(pathId)
+  }
+
+  // lookup using custom url - prod apps only
+  // filter out the builder preview path which collides with the prod app path
+  // to ensure we don't load all apps excessively
+  const isBuilderPreview = ctx.path.startsWith(BUILDER_PREVIEW_PATH)
+  const isViewingProdApp =
+    ctx.path.startsWith(PROD_APP_PREFIX) && !isBuilderPreview
+  if (!appId && isViewingProdApp) {
+    appId = confirmAppId(await resolveAppUrl(ctx))
+  }
+
+  // look in the referer - builder only
+  // make sure this is performed after prod app url resolution, in case the
+  // referer header is present from a builder redirect
+  const referer = ctx.request.headers.referer
+  if (!appId && referer?.includes(BUILDER_APP_PREFIX)) {
+    const refererId = parseAppIdFromUrl(ctx.request.headers.referer)
+    appId = confirmAppId(refererId)
+  }
+
+  return appId
+}
+
+function parseAppIdFromUrl(url?: string) {
+  if (!url) {
+    return
+  }
+  return url.split("/").find(subPath => subPath.startsWith(APP_PREFIX))
+}
+
+/**
+ * opens the contents of the specified encrypted JWT.
+ * @return {object} the contents of the token.
+ */
+export function openJwt(token: string) {
+  if (!token) {
+    return token
+  }
+  try {
+    return jwt.verify(token, env.JWT_SECRET)
+  } catch (e) {
+    if (env.JWT_SECRET_FALLBACK) {
+      // fallback to enable rotation
+      return jwt.verify(token, env.JWT_SECRET_FALLBACK)
+    } else {
+      throw e
+    }
+  }
+}
+
+export function isValidInternalAPIKey(apiKey: string) {
+  if (env.INTERNAL_API_KEY && env.INTERNAL_API_KEY === apiKey) {
+    return true
+  }
+  // fallback to enable rotation
+  if (
+    env.INTERNAL_API_KEY_FALLBACK &&
+    env.INTERNAL_API_KEY_FALLBACK === apiKey
+  ) {
+    return true
+  }
+  return false
+}
+
+/**
+ * Get a cookie from context, and decrypt if necessary.
+ * @param {object} ctx The request which is to be manipulated.
+ * @param {string} name The name of the cookie to get.
+ */
+export function getCookie(ctx: Ctx, name: string) {
+  const cookie = ctx.cookies.get(name)
+
+  if (!cookie) {
+    return cookie
+  }
+
+  return openJwt(cookie)
+}
+
+/**
+ * Store a cookie for the request - it will not expire.
+ * @param {object} ctx The request which is to be manipulated.
+ * @param {string} name The name of the cookie to set.
+ * @param {string|object} value The value of cookie which will be set.
+ * @param {object} opts options like whether to sign.
+ */
+export function setCookie(
+  ctx: Ctx,
+  value: any,
+  name = "builder",
+  opts = { sign: true }
+) {
+  if (value && opts && opts.sign) {
+    value = jwt.sign(value, env.JWT_SECRET)
+  }
+
+  const config: SetOption = {
+    expires: MAX_VALID_DATE,
+    path: "/",
+    httpOnly: false,
+    overwrite: true,
+  }
+
+  if (env.COOKIE_DOMAIN) {
+    config.domain = env.COOKIE_DOMAIN
+  }
+
+  ctx.cookies.set(name, value, config)
+}
+
+/**
+ * Utility function, simply calls setCookie with an empty string for value
+ */
+export function clearCookie(ctx: Ctx, name: string) {
+  setCookie(ctx, null, name)
+}
+
+/**
+ * Checks if the API call being made (based on the provided ctx object) is from the client. If
+ * the call is not from a client app then it is from the builder.
+ * @param {object} ctx The koa context object to be tested.
+ * @return {boolean} returns true if the call is from the client lib (a built app rather than the builder).
+ */
+export function isClient(ctx: Ctx) {
+  return ctx.headers[Header.TYPE] === "client"
+}
+
+export function timeout(timeMs: number) {
+  return new Promise(resolve => setTimeout(resolve, timeMs))
+}
+
+export function isAudited(event: Event) {
+  return !!AuditedEventFriendlyName[event]
+}

package/tests/core/logging.ts

@@ -0,0 +1,34 @@
+export enum LogLevel {
+  TRACE = "trace",
+  DEBUG = "debug",
+  INFO = "info",
+  WARN = "warn",
+  ERROR = "error",
+}
+
+const LOG_INDEX: { [key in LogLevel]: number } = {
+  [LogLevel.TRACE]: 1,
+  [LogLevel.DEBUG]: 2,
+  [LogLevel.INFO]: 3,
+  [LogLevel.WARN]: 4,
+  [LogLevel.ERROR]: 5,
+}
+
+const setIndex = LOG_INDEX[process.env.LOG_LEVEL as LogLevel]
+
+if (setIndex > LOG_INDEX.trace) {
+  global.console.trace = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.debug) {
+  global.console.debug = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.info) {
+  global.console.info = jest.fn()
+  global.console.log = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.warn) {
+  global.console.warn = jest.fn()
+}

package/tests/core/utilities/index.ts

@@ -0,0 +1,6 @@
+export * as mocks from "./mocks"
+export * as structures from "./structures"
+export { generator } from "./structures"
+export * as testContainerUtils from "./testContainerUtils"
+export * as utils from "./utils"
+export * from "./jestUtils"

package/tests/core/utilities/jestUtils.ts

@@ -0,0 +1,30 @@
+import { db } from "../../../src"
+
+export function expectFunctionWasCalledTimesWith(
+  jestFunction: any,
+  times: number,
+  argument: any
+) {
+  expect(
+    jestFunction.mock.calls.filter((call: any) => call[0] === argument).length
+  ).toBe(times)
+}
+
+export const expectAnyInternalColsAttributes: {
+  [K in (typeof db.CONSTANT_INTERNAL_ROW_COLS)[number]]: any
+} = {
+  tableId: expect.anything(),
+  type: expect.anything(),
+  _id: expect.anything(),
+  _rev: expect.anything(),
+  createdAt: expect.anything(),
+  updatedAt: expect.anything(),
+}
+
+export const expectAnyExternalColsAttributes: {
+  [K in (typeof db.CONSTANT_EXTERNAL_ROW_COLS)[number]]: any
+} = {
+  tableId: expect.anything(),
+  _id: expect.anything(),
+  _rev: expect.anything(),
+}

package/tests/core/utilities/mocks/alerts.ts

@@ -0,0 +1,3 @@
+jest.mock("../../../../src/logging/alerts")
+import * as _alerts from "../../../../src/logging/alerts"
+export const alerts = jest.mocked(_alerts)

package/tests/core/utilities/mocks/date.ts

@@ -0,0 +1,2 @@
+export const MOCK_DATE = new Date("2020-01-01T00:00:00.000Z")
+export const MOCK_DATE_TIMESTAMP = 1577836800000

package/tests/core/utilities/mocks/events.ts

@@ -0,0 +1,131 @@
+beforeAll(async () => {
+  const processors = await import("../../../../src/events/processors")
+  const events = await import("../../../../src/events")
+  jest.spyOn(processors.analyticsProcessor, "processEvent")
+
+  jest.spyOn(events.identification, "identifyTenantGroup")
+  jest.spyOn(events.identification, "identifyUser")
+
+  jest.spyOn(events.backfill, "appSucceeded")
+  jest.spyOn(events.backfill, "tenantSucceeded")
+
+  jest.spyOn(events.account, "created")
+  jest.spyOn(events.account, "deleted")
+  jest.spyOn(events.account, "verified")
+
+  jest.spyOn(events.app, "created")
+  jest.spyOn(events.app, "updated")
+  jest.spyOn(events.app, "deleted")
+  jest.spyOn(events.app, "published")
+  jest.spyOn(events.app, "unpublished")
+  jest.spyOn(events.app, "templateImported")
+  jest.spyOn(events.app, "fileImported")
+  jest.spyOn(events.app, "versionUpdated")
+  jest.spyOn(events.app, "versionReverted")
+  jest.spyOn(events.app, "reverted")
+  jest.spyOn(events.app, "exported")
+
+  jest.spyOn(events.auth, "login")
+  jest.spyOn(events.auth, "logout")
+  jest.spyOn(events.auth, "SSOCreated")
+  jest.spyOn(events.auth, "SSOUpdated")
+  jest.spyOn(events.auth, "SSOActivated")
+  jest.spyOn(events.auth, "SSODeactivated")
+
+  jest.spyOn(events.automation, "created")
+  jest.spyOn(events.automation, "deleted")
+  jest.spyOn(events.automation, "tested")
+  jest.spyOn(events.automation, "stepCreated")
+  jest.spyOn(events.automation, "stepDeleted")
+  jest.spyOn(events.automation, "triggerUpdated")
+
+  jest.spyOn(events.datasource, "created")
+  jest.spyOn(events.datasource, "updated")
+  jest.spyOn(events.datasource, "deleted")
+
+  jest.spyOn(events.email, "SMTPCreated")
+  jest.spyOn(events.email, "SMTPUpdated")
+
+  jest.spyOn(events.layout, "created")
+  jest.spyOn(events.layout, "deleted")
+
+  jest.spyOn(events.org, "nameUpdated")
+  jest.spyOn(events.org, "logoUpdated")
+  jest.spyOn(events.org, "platformURLUpdated")
+  jest.spyOn(events.org, "analyticsOptOut")
+
+  jest.spyOn(events.installation, "versionChecked")
+
+  jest.spyOn(events.query, "created")
+  jest.spyOn(events.query, "updated")
+  jest.spyOn(events.query, "deleted")
+  jest.spyOn(events.query, "imported")
+  jest.spyOn(events.query, "previewed")
+
+  jest.spyOn(events.role, "created")
+  jest.spyOn(events.role, "updated")
+  jest.spyOn(events.role, "deleted")
+  jest.spyOn(events.role, "assigned")
+  jest.spyOn(events.role, "unassigned")
+
+  jest.spyOn(events.rows, "imported")
+  jest.spyOn(events.rows, "created")
+
+  jest.spyOn(events.screen, "created")
+  jest.spyOn(events.screen, "deleted")
+
+  jest.spyOn(events.user, "created")
+  jest.spyOn(events.user, "updated")
+  jest.spyOn(events.user, "deleted")
+  jest.spyOn(events.user, "permissionAdminAssigned")
+  jest.spyOn(events.user, "permissionAdminRemoved")
+  jest.spyOn(events.user, "permissionBuilderAssigned")
+  jest.spyOn(events.user, "permissionBuilderRemoved")
+  jest.spyOn(events.user, "invited")
+  jest.spyOn(events.user, "inviteAccepted")
+  jest.spyOn(events.user, "passwordForceReset")
+  jest.spyOn(events.user, "passwordUpdated")
+  jest.spyOn(events.user, "passwordResetRequested")
+  jest.spyOn(events.user, "passwordReset")
+
+  jest.spyOn(events.group, "created")
+  jest.spyOn(events.group, "updated")
+  jest.spyOn(events.group, "deleted")
+  jest.spyOn(events.group, "usersAdded")
+  jest.spyOn(events.group, "usersDeleted")
+  jest.spyOn(events.group, "createdOnboarding")
+  jest.spyOn(events.group, "permissionsEdited")
+
+  jest.spyOn(events.serve, "servedBuilder")
+  jest.spyOn(events.serve, "servedApp")
+  jest.spyOn(events.serve, "servedAppPreview")
+
+  jest.spyOn(events.table, "created")
+  jest.spyOn(events.table, "updated")
+  jest.spyOn(events.table, "deleted")
+  jest.spyOn(events.table, "exported")
+  jest.spyOn(events.table, "imported")
+
+  jest.spyOn(events.view, "created")
+  jest.spyOn(events.view, "updated")
+  jest.spyOn(events.view, "deleted")
+  jest.spyOn(events.view, "exported")
+  jest.spyOn(events.view, "filterCreated")
+  jest.spyOn(events.view, "filterUpdated")
+  jest.spyOn(events.view, "filterDeleted")
+  jest.spyOn(events.view, "calculationCreated")
+  jest.spyOn(events.view, "calculationUpdated")
+  jest.spyOn(events.view, "calculationDeleted")
+
+  jest.spyOn(events.plugin, "init")
+  jest.spyOn(events.plugin, "imported")
+  jest.spyOn(events.plugin, "deleted")
+
+  jest.spyOn(events.license, "planChanged")
+  jest.spyOn(events.license, "activated")
+  jest.spyOn(events.license, "checkoutOpened")
+  jest.spyOn(events.license, "checkoutSuccess")
+  jest.spyOn(events.license, "portalOpened")
+  jest.spyOn(events.license, "paymentFailed")
+  jest.spyOn(events.license, "paymentRecovered")
+})

package/tests/core/utilities/mocks/fetch.ts

@@ -0,0 +1,17 @@
+const mockFetch = jest.fn((url: any, opts: any) => {
+  const fetch = jest.requireActual("node-fetch")
+  const env = jest.requireActual("../../../../src/environment").default
+  if (url.includes(env.COUCH_DB_URL) || url.includes("raw.github")) {
+    return fetch(url, opts)
+  }
+  return undefined
+})
+
+const enable = () => {
+  jest.mock("node-fetch", () => mockFetch)
+}
+
+export default {
+  ...mockFetch,
+  enable,
+}

package/tests/core/utilities/mocks/index.ts

@@ -0,0 +1,10 @@
+jest.mock("../../../../src/accounts")
+import * as _accounts from "../../../../src/accounts"
+export const accounts = jest.mocked(_accounts)
+
+export * as date from "./date"
+export * as licenses from "./licenses"
+export { default as fetch } from "./fetch"
+export * from "./alerts"
+import "./events"
+import "./posthog"

package/tests/core/utilities/mocks/licenses.ts

@@ -0,0 +1,115 @@
+import { Feature, License, Quotas } from "@budibase/types"
+import cloneDeep from "lodash/cloneDeep"
+
+let CLOUD_FREE_LICENSE: License
+let UNLIMITED_LICENSE: License
+let getCachedLicense: any
+
+// init for the packages other than pro
+export function init(proPkg: any) {
+  initInternal({
+    CLOUD_FREE_LICENSE: proPkg.constants.licenses.CLOUD_FREE_LICENSE,
+    UNLIMITED_LICENSE: proPkg.constants.licenses.UNLIMITED_LICENSE,
+    getCachedLicense: proPkg.licensing.cache.getCachedLicense,
+  })
+}
+
+// init for the pro package
+export function initInternal(opts: {
+  CLOUD_FREE_LICENSE: License
+  UNLIMITED_LICENSE: License
+  getCachedLicense: any
+}) {
+  CLOUD_FREE_LICENSE = opts.CLOUD_FREE_LICENSE
+  UNLIMITED_LICENSE = opts.UNLIMITED_LICENSE
+  getCachedLicense = opts.getCachedLicense
+}
+
+export interface UseLicenseOpts {
+  features?: Feature[]
+  quotas?: Quotas
+}
+
+// LICENSES
+
+export const useLicense = (license: License, opts?: UseLicenseOpts) => {
+  if (opts) {
+    if (opts.features) {
+      license.features.push(...opts.features)
+    }
+    if (opts.quotas) {
+      license.quotas = opts.quotas
+    }
+  }
+
+  getCachedLicense.mockReturnValue(license)
+
+  return license
+}
+
+export const useUnlimited = (opts?: UseLicenseOpts) => {
+  return useLicense(UNLIMITED_LICENSE, opts)
+}
+
+export const useCloudFree = () => {
+  return useLicense(CLOUD_FREE_LICENSE)
+}
+
+// FEATURES
+
+const useFeature = (feature: Feature) => {
+  const license = cloneDeep(UNLIMITED_LICENSE)
+  const opts: UseLicenseOpts = {
+    features: [feature],
+  }
+
+  return useLicense(license, opts)
+}
+
+export const useBackups = () => {
+  return useFeature(Feature.APP_BACKUPS)
+}
+
+export const useEnforceableSSO = () => {
+  return useFeature(Feature.ENFORCEABLE_SSO)
+}
+
+export const useGroups = () => {
+  return useFeature(Feature.USER_GROUPS)
+}
+
+export const useEnvironmentVariables = () => {
+  return useFeature(Feature.ENVIRONMENT_VARIABLES)
+}
+
+export const useAuditLogs = () => {
+  return useFeature(Feature.AUDIT_LOGS)
+}
+
+export const usePublicApiUserRoles = () => {
+  return useFeature(Feature.USER_ROLE_PUBLIC_API)
+}
+
+export const useScimIntegration = () => {
+  return useFeature(Feature.SCIM)
+}
+
+export const useSyncAutomations = () => {
+  return useFeature(Feature.SYNC_AUTOMATIONS)
+}
+
+export const useAppBuilders = () => {
+  return useFeature(Feature.APP_BUILDERS)
+}
+
+export const useViewPermissions = () => {
+  return useFeature(Feature.VIEW_PERMISSIONS)
+}
+
+// QUOTAS
+
+export const setAutomationLogsQuota = (value: number) => {
+  const license = cloneDeep(UNLIMITED_LICENSE)
+  license.quotas.constant.automationLogRetentionDays.value = value
+  return useLicense(license)
+}

package/tests/core/utilities/mocks/posthog.ts

@@ -0,0 +1,7 @@
+jest.mock("posthog-node", () => {
+  return jest.fn().mockImplementation(() => {
+    return {
+      capture: jest.fn(),
+    }
+  })
+})

package/tests/core/utilities/structures/Chance.ts

@@ -0,0 +1,20 @@
+import Chance from "chance"
+
+export default class CustomChance extends Chance {
+  arrayOf<T>(
+    generateFn: () => T,
+    opts: { min?: number; max?: number } = {}
+  ): T[] {
+    const itemCount = this.integer({
+      min: opts.min != null ? opts.min : 1,
+      max: opts.max != null ? opts.max : 50,
+    })
+
+    const items = []
+    for (let i = 0; i < itemCount; i++) {
+      items.push(generateFn())
+    }
+
+    return items
+  }
+}