@budibase/backend-core 3.2.4 → 3.2.6

package/src/utils/tests/utils.spec.ts

@@ -1,204 +0,0 @@
-import { structures } from "../../../tests"
-import { DBTestConfiguration } from "../../../tests/extra"
-import * as utils from "../../utils"
-import * as db from "../../db"
-import { Header } from "../../constants"
-import { newid } from "../../utils"
-import env from "../../environment"
-import { BBContext } from "@budibase/types"
-
-describe("utils", () => {
-  const config = new DBTestConfiguration()
-
-  describe("getAppIdFromCtx", () => {
-    it("gets appId from header", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.request.headers = {
-        [Header.APP_ID]: expected,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("gets appId from body", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.request.body = {
-        appId: expected,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("gets appId from path", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.path = `/apps/${expected}`
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("gets appId from url", async () => {
-      await config.doInTenant(async () => {
-        const url = "http://example.com"
-        env._set("PLATFORM_URL", url)
-
-        const ctx = structures.koa.newContext()
-        ctx.host = `${config.tenantId}.example.com`
-
-        const expected = db.generateAppID(config.tenantId)
-        const app = structures.apps.app(expected)
-
-        // set custom url
-        const appUrl = newid()
-        app.url = `/${appUrl}`
-        ctx.path = `/app/${appUrl}`
-
-        // save the app
-        const database = db.getDB(expected)
-        await database.put(app)
-
-        const actual = await utils.getAppIdFromCtx(ctx)
-        expect(actual).toBe(expected)
-      })
-    })
-
-    it("doesn't get appId from url when previewing", async () => {
-      const ctx = structures.koa.newContext()
-      const appId = db.generateAppID()
-      const app = structures.apps.app(appId)
-
-      // set custom url
-      const appUrl = "preview"
-      app.url = `/${appUrl}`
-      ctx.path = `/app/${appUrl}`
-
-      // save the app
-      const database = db.getDB(appId)
-      await database.put(app)
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(undefined)
-    })
-
-    it("gets appId from referer", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      ctx.request.headers = {
-        referer: `http://example.com/builder/app/${expected}/design/screen_123/screens`,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
-    })
-
-    it("doesn't get appId from referer when not builder", async () => {
-      const ctx = structures.koa.newContext()
-      const appId = db.generateAppID()
-      ctx.request.headers = {
-        referer: `http://example.com/foo/app/${appId}/bar`,
-      }
-
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(undefined)
-    })
-  })
-
-  describe("isServingBuilder", () => {
-    let ctx: BBContext
-
-    const expectResult = (result: boolean) =>
-      expect(utils.isServingBuilder(ctx)).toBe(result)
-
-    beforeEach(() => {
-      ctx = structures.koa.newContext()
-    })
-
-    it("returns true if current path is in builder", async () => {
-      ctx.path = "/builder/app/app_"
-      expectResult(true)
-    })
-
-    it("returns false if current path doesn't have '/' suffix", async () => {
-      ctx.path = "/builder/app"
-      expectResult(false)
-
-      ctx.path = "/xx"
-      expectResult(false)
-    })
-  })
-
-  describe("isServingBuilderPreview", () => {
-    let ctx: BBContext
-
-    const expectResult = (result: boolean) =>
-      expect(utils.isServingBuilderPreview(ctx)).toBe(result)
-
-    beforeEach(() => {
-      ctx = structures.koa.newContext()
-    })
-
-    it("returns true if current path is in builder preview", async () => {
-      ctx.path = "/app/preview/xx"
-      expectResult(true)
-    })
-
-    it("returns false if current path is not in builder preview", async () => {
-      ctx.path = "/builder"
-      expectResult(false)
-
-      ctx.path = "/xx"
-      expectResult(false)
-    })
-  })
-
-  describe("isPublicAPIRequest", () => {
-    let ctx: BBContext
-
-    const expectResult = (result: boolean) =>
-      expect(utils.isPublicApiRequest(ctx)).toBe(result)
-
-    beforeEach(() => {
-      ctx = structures.koa.newContext()
-    })
-
-    it("returns true if current path remains to public API", async () => {
-      ctx.path = "/api/public/v1/invoices"
-      expectResult(true)
-
-      ctx.path = "/api/public/v1"
-      expectResult(true)
-
-      ctx.path = "/api/public/v2"
-      expectResult(true)
-
-      ctx.path = "/api/public/v21"
-      expectResult(true)
-    })
-
-    it("returns false if current path doesn't remain to public API", async () => {
-      ctx.path = "/api/public"
-      expectResult(false)
-
-      ctx.path = "/xx"
-      expectResult(false)
-    })
-  })
-
-  describe("hasCircularStructure", () => {
-    it("should detect a circular structure", () => {
-      const a: any = { b: "b" }
-      const b = { a }
-      a.b = b
-      expect(utils.hasCircularStructure(b)).toBe(true)
-    })
-
-    it("should allow none circular structures", () => {
-      expect(utils.hasCircularStructure({ a: "b" })).toBe(false)
-    })
-  })
-})

package/src/utils/utils.ts

@@ -1,249 +0,0 @@
-import { getAllApps } from "../db"
-import { Header, MAX_VALID_DATE, DocumentType, SEPARATOR } from "../constants"
-import env from "../environment"
-import * as tenancy from "../tenancy"
-import * as context from "../context"
-import {
-  App,
-  AuditedEventFriendlyName,
-  Ctx,
-  Event,
-  TenantResolutionStrategy,
-} from "@budibase/types"
-import type { SetOption } from "cookies"
-import jwt, { Secret } from "jsonwebtoken"
-
-const APP_PREFIX = DocumentType.APP + SEPARATOR
-const PROD_APP_PREFIX = "/app/"
-
-const BUILDER_PREVIEW_PATH = "/app/preview"
-const BUILDER_PREFIX = "/builder"
-const BUILDER_APP_PREFIX = `${BUILDER_PREFIX}/app/`
-const PUBLIC_API_PREFIX = "/api/public/v"
-
-function confirmAppId(possibleAppId: string | undefined) {
-  return possibleAppId && possibleAppId.startsWith(APP_PREFIX)
-    ? possibleAppId
-    : undefined
-}
-
-export async function resolveAppUrl(ctx: Ctx) {
-  const appUrl = ctx.path.split("/")[2]
-  let possibleAppUrl = `/${appUrl.toLowerCase()}`
-
-  let tenantId: string | undefined = context.getTenantId()
-  if (!env.isDev() && env.MULTI_TENANCY) {
-    // always use the tenant id from the subdomain in multi tenancy
-    // this ensures the logged-in user tenant id doesn't overwrite
-    // e.g. in the case of viewing a public app while already logged-in to another tenant
-    tenantId = tenancy.getTenantIDFromCtx(ctx, {
-      includeStrategies: [TenantResolutionStrategy.SUBDOMAIN],
-    })
-  }
-
-  // search prod apps for an url that matches
-  const apps: App[] = await context.doInTenant(
-    tenantId,
-    () => getAllApps({ dev: false }) as Promise<App[]>
-  )
-  const app = apps.filter(
-    a => a.url && a.url.toLowerCase() === possibleAppUrl
-  )[0]
-
-  return app && app.appId ? app.appId : undefined
-}
-
-export function isServingApp(ctx: Ctx) {
-  // dev app
-  if (ctx.path.startsWith(`/${APP_PREFIX}`)) {
-    return true
-  }
-  // prod app
-  return ctx.path.startsWith(PROD_APP_PREFIX)
-}
-
-export function isServingBuilder(ctx: Ctx): boolean {
-  return ctx.path.startsWith(BUILDER_APP_PREFIX)
-}
-
-export function isServingBuilderPreview(ctx: Ctx): boolean {
-  return ctx.path.startsWith(BUILDER_PREVIEW_PATH)
-}
-
-export function isPublicApiRequest(ctx: Ctx): boolean {
-  return ctx.path.startsWith(PUBLIC_API_PREFIX)
-}
-
-/**
- * Given a request tries to find the appId, which can be located in various places
- * @param ctx The main request body to look through.
- * @returns If an appId was found it will be returned.
- */
-export async function getAppIdFromCtx(ctx: Ctx) {
-  // look in headers
-  const options = [ctx.request.headers[Header.APP_ID]]
-  let appId
-  for (let option of options) {
-    appId = confirmAppId(option as string)
-    if (appId) {
-      break
-    }
-  }
-
-  // look in body
-  if (!appId && ctx.request.body && ctx.request.body.appId) {
-    appId = confirmAppId(ctx.request.body.appId)
-  }
-
-  // look in the path
-  const pathId = parseAppIdFromUrlPath(ctx.path)
-  if (!appId && pathId) {
-    appId = confirmAppId(pathId)
-  }
-
-  // lookup using custom url - prod apps only
-  // filter out the builder preview path which collides with the prod app path
-  // to ensure we don't load all apps excessively
-  const isBuilderPreview = ctx.path.startsWith(BUILDER_PREVIEW_PATH)
-  const isViewingProdApp =
-    ctx.path.startsWith(PROD_APP_PREFIX) && !isBuilderPreview
-  if (!appId && isViewingProdApp) {
-    appId = confirmAppId(await resolveAppUrl(ctx))
-  }
-
-  // look in the referer - builder only
-  // make sure this is performed after prod app url resolution, in case the
-  // referer header is present from a builder redirect
-  const referer = ctx.request.headers.referer
-  if (!appId && referer?.includes(BUILDER_APP_PREFIX)) {
-    const refererId = parseAppIdFromUrlPath(ctx.request.headers.referer)
-    appId = confirmAppId(refererId)
-  }
-
-  return appId
-}
-
-function parseAppIdFromUrlPath(url?: string) {
-  if (!url) {
-    return
-  }
-  return url
-    .split("?")[0] // Remove any possible query string
-    .split("/")
-    .find(subPath => subPath.startsWith(APP_PREFIX))
-}
-
-/**
- * opens the contents of the specified encrypted JWT.
- * @return the contents of the token.
- */
-export function openJwt<T>(token?: string): T | undefined {
-  if (!token) {
-    return undefined
-  }
-  try {
-    return jwt.verify(token, env.JWT_SECRET as Secret) as T
-  } catch (e) {
-    if (env.JWT_SECRET_FALLBACK) {
-      // fallback to enable rotation
-      return jwt.verify(token, env.JWT_SECRET_FALLBACK) as T
-    } else {
-      throw e
-    }
-  }
-}
-
-export function isValidInternalAPIKey(apiKey: string) {
-  if (env.INTERNAL_API_KEY && env.INTERNAL_API_KEY === apiKey) {
-    return true
-  }
-  // fallback to enable rotation
-  return !!(
-    env.INTERNAL_API_KEY_FALLBACK && env.INTERNAL_API_KEY_FALLBACK === apiKey
-  )
-}
-
-/**
- * Get a cookie from context, and decrypt if necessary.
- * @param ctx The request which is to be manipulated.
- * @param name The name of the cookie to get.
- */
-export function getCookie<T>(ctx: Ctx, name: string) {
-  const cookie = ctx.cookies.get(name)
-
-  if (!cookie) {
-    return undefined
-  }
-
-  return openJwt<T>(cookie)
-}
-
-/**
- * Store a cookie for the request - it will not expire.
- * @param ctx The request which is to be manipulated.
- * @param name The name of the cookie to set.
- * @param value The value of cookie which will be set.
- * @param opts options like whether to sign.
- */
-export function setCookie(
-  ctx: Ctx,
-  value: any,
-  name = "builder",
-  opts = { sign: true }
-) {
-  if (value && opts && opts.sign) {
-    value = jwt.sign(value, env.JWT_SECRET as Secret)
-  }
-
-  const config: SetOption = {
-    expires: MAX_VALID_DATE,
-    path: "/",
-    httpOnly: false,
-    overwrite: true,
-  }
-
-  if (env.COOKIE_DOMAIN) {
-    config.domain = env.COOKIE_DOMAIN
-  }
-
-  ctx.cookies.set(name, value, config)
-}
-
-/**
- * Utility function, simply calls setCookie with an empty string for value
- */
-export function clearCookie(ctx: Ctx, name: string) {
-  setCookie(ctx, null, name)
-}
-
-/**
- * Checks if the API call being made (based on the provided ctx object) is from the client. If
- * the call is not from a client app then it is from the builder.
- * @param ctx The koa context object to be tested.
- * @return returns true if the call is from the client lib (a built app rather than the builder).
- */
-export function isClient(ctx: Ctx) {
-  return ctx.headers[Header.TYPE] === "client"
-}
-
-export function timeout(timeMs: number) {
-  return new Promise(resolve => setTimeout(resolve, timeMs))
-}
-
-export function isAudited(event: Event) {
-  return !!AuditedEventFriendlyName[event]
-}
-
-export function hasCircularStructure(json: any) {
-  if (typeof json !== "object") {
-    return false
-  }
-  try {
-    JSON.stringify(json)
-  } catch (err) {
-    if (err instanceof Error && err?.message.includes("circular structure")) {
-      return true
-    }
-  }
-  return false
-}

package/tests/core/logging.ts

@@ -1,34 +0,0 @@
-export enum LogLevel {
-  TRACE = "trace",
-  DEBUG = "debug",
-  INFO = "info",
-  WARN = "warn",
-  ERROR = "error",
-}
-
-const LOG_INDEX: { [key in LogLevel]: number } = {
-  [LogLevel.TRACE]: 1,
-  [LogLevel.DEBUG]: 2,
-  [LogLevel.INFO]: 3,
-  [LogLevel.WARN]: 4,
-  [LogLevel.ERROR]: 5,
-}
-
-const setIndex = LOG_INDEX[process.env.LOG_LEVEL as LogLevel]
-
-if (setIndex > LOG_INDEX.trace) {
-  global.console.trace = jest.fn()
-}
-
-if (setIndex > LOG_INDEX.debug) {
-  global.console.debug = jest.fn()
-}
-
-if (setIndex > LOG_INDEX.info) {
-  global.console.info = jest.fn()
-  global.console.log = jest.fn()
-}
-
-if (setIndex > LOG_INDEX.warn) {
-  global.console.warn = jest.fn()
-}

package/tests/core/users/users.spec.js

@@ -1,53 +0,0 @@
-const _ = require("lodash/fp")
-const { structures } = require("../../../tests")
-
-jest.mock("../../../src/context")
-jest.mock("../../../src/db")
-
-const context = require("../../../src/context")
-const db = require("../../../src/db")
-
-const { getCreatorCount } = require("../../../src/users/users")
-
-describe("Users", () => {
-  let getGlobalDBMock
-  let getGlobalUserParamsMock
-  let paginationMock
-
-  beforeEach(() => {
-    jest.resetAllMocks()
-
-    getGlobalDBMock = jest.spyOn(context, "getGlobalDB")
-    getGlobalUserParamsMock = jest.spyOn(db, "getGlobalUserParams")
-    paginationMock = jest.spyOn(db, "pagination")
-  })
-
-  it("Retrieves the number of creators", async () => {
-    const getUsers = (offset, limit, creators = false) => {
-      const range = _.range(offset, limit)
-      const opts = creators ? { builder: { global: true } } : undefined
-      return range.map(() => structures.users.user(opts))
-    }
-    const page1Data = getUsers(0, 8)
-    const page2Data = getUsers(8, 12, true)
-    getGlobalDBMock.mockImplementation(() => ({
-      name: "fake-db",
-      allDocs: () => ({
-        rows: [...page1Data, ...page2Data],
-      }),
-    }))
-    paginationMock.mockImplementationOnce(() => ({
-      data: page1Data,
-      hasNextPage: true,
-      nextPage: "1",
-    }))
-    paginationMock.mockImplementation(() => ({
-      data: page2Data,
-      hasNextPage: false,
-      nextPage: undefined,
-    }))
-    const creatorsCount = await getCreatorCount()
-    expect(creatorsCount).toBe(4)
-    expect(paginationMock).toHaveBeenCalledTimes(2)
-  })
-})

package/tests/core/utilities/index.ts

@@ -1,7 +0,0 @@
-export * as mocks from "./mocks"
-export * as structures from "./structures"
-export { generator } from "./structures"
-export * as testContainerUtils from "./testContainerUtils"
-export * as utils from "./utils"
-export * from "./jestUtils"
-export * as queue from "./queue"

package/tests/core/utilities/jestUtils.ts

@@ -1,33 +0,0 @@
-import {
-  PROTECTED_EXTERNAL_COLUMNS,
-  PROTECTED_INTERNAL_COLUMNS,
-} from "@budibase/shared-core"
-
-export function expectFunctionWasCalledTimesWith(
-  jestFunction: any,
-  times: number,
-  argument: any
-) {
-  expect(
-    jestFunction.mock.calls.filter((call: any) => call[0] === argument).length
-  ).toBe(times)
-}
-
-export const expectAnyInternalColsAttributes: {
-  [K in (typeof PROTECTED_INTERNAL_COLUMNS)[number]]: any
-} = {
-  tableId: expect.anything(),
-  type: expect.anything(),
-  _id: expect.anything(),
-  _rev: expect.anything(),
-  createdAt: expect.anything(),
-  updatedAt: expect.anything(),
-}
-
-export const expectAnyExternalColsAttributes: {
-  [K in (typeof PROTECTED_EXTERNAL_COLUMNS)[number]]: any
-} = {
-  tableId: expect.anything(),
-  _id: expect.anything(),
-  _rev: expect.anything(),
-}

package/tests/core/utilities/mocks/alerts.ts

@@ -1,4 +0,0 @@
-jest.mock("../../../../src/logging/alerts")
-import * as _alerts from "../../../../src/logging/alerts"
-
-export const alerts = jest.mocked(_alerts)

package/tests/core/utilities/mocks/date.ts

@@ -1,3 +0,0 @@
-export const MOCK_DATE = new Date("2020-01-01T00:00:00.000Z")
-
-export const MOCK_DATE_TIMESTAMP = 1577836800000