@budibase/backend-core 3.2.4 → 3.2.6

package/src/auth/auth.ts

@@ -1,210 +0,0 @@
-const _passport = require("koa-passport")
-const LocalStrategy = require("passport-local").Strategy
-
-import { getGlobalDB } from "../context"
-import { Cookie } from "../constants"
-import { getSessionsForUser, invalidateSessions } from "../security/sessions"
-import {
-  authenticated,
-  csrf,
-  google,
-  local,
-  oidc,
-  tenancy,
-} from "../middleware"
-import * as userCache from "../cache/user"
-import { invalidateUser } from "../cache/user"
-import {
-  ConfigType,
-  GoogleInnerConfig,
-  OIDCInnerConfig,
-  PlatformLogoutOpts,
-  SessionCookie,
-  SSOProviderType,
-} from "@budibase/types"
-import * as events from "../events"
-import * as configs from "../configs"
-import { clearCookie, getCookie } from "../utils"
-import { ssoSaveUserNoOp } from "../middleware/passport/sso/sso"
-
-const refresh = require("passport-oauth2-refresh")
-
-export {
-  auditLog,
-  authError,
-  internalApi,
-  ssoCallbackUrl,
-  adminOnly,
-  builderOnly,
-  builderOrAdmin,
-  joiValidator,
-  google,
-  oidc,
-} from "../middleware"
-export const buildAuthMiddleware = authenticated
-export const buildTenancyMiddleware = tenancy
-export const buildCsrfMiddleware = csrf
-export const passport = _passport
-
-// Strategies
-_passport.use(new LocalStrategy(local.options, local.authenticate))
-
-async function refreshOIDCAccessToken(
-  chosenConfig: OIDCInnerConfig,
-  refreshToken: string
-): Promise<RefreshResponse> {
-  const callbackUrl = await oidc.getCallbackUrl()
-  let enrichedConfig: any
-  let strategy: any
-
-  try {
-    enrichedConfig = await oidc.fetchStrategyConfig(chosenConfig, callbackUrl)
-    if (!enrichedConfig) {
-      throw new Error("OIDC Config contents invalid")
-    }
-    strategy = await oidc.strategyFactory(enrichedConfig, ssoSaveUserNoOp)
-  } catch (err) {
-    throw new Error("Could not refresh OAuth Token")
-  }
-
-  refresh.use(strategy, {
-    setRefreshOAuth2() {
-      return strategy._getOAuth2Client(enrichedConfig)
-    },
-  })
-
-  return new Promise(resolve => {
-    refresh.requestNewAccessToken(
-      ConfigType.OIDC,
-      refreshToken,
-      (err: any, accessToken: string, refreshToken: any, params: any) => {
-        resolve({ err, accessToken, refreshToken, params })
-      }
-    )
-  })
-}
-
-async function refreshGoogleAccessToken(
-  config: GoogleInnerConfig,
-  refreshToken: any
-): Promise<RefreshResponse> {
-  let callbackUrl = await google.getCallbackUrl(config)
-
-  let strategy
-  try {
-    strategy = await google.strategyFactory(
-      config,
-      callbackUrl,
-      ssoSaveUserNoOp
-    )
-  } catch (err: any) {
-    throw new Error(
-      `Error constructing OIDC refresh strategy: message=${err.message}`
-    )
-  }
-
-  refresh.use(strategy)
-
-  return new Promise(resolve => {
-    refresh.requestNewAccessToken(
-      ConfigType.GOOGLE,
-      refreshToken,
-      (err: any, accessToken: string, refreshToken: string, params: any) => {
-        resolve({ err, accessToken, refreshToken, params })
-      }
-    )
-  })
-}
-
-interface RefreshResponse {
-  err?: {
-    data?: string
-  }
-  accessToken?: string
-  refreshToken?: string
-  params?: any
-}
-
-export async function refreshOAuthToken(
-  refreshToken: string,
-  providerType: SSOProviderType,
-  configId?: string
-): Promise<RefreshResponse> {
-  switch (providerType) {
-    case SSOProviderType.OIDC: {
-      if (!configId) {
-        return { err: { data: "OIDC config id not provided" } }
-      }
-      const oidcConfig = await configs.getOIDCConfigById(configId)
-      if (!oidcConfig) {
-        return { err: { data: "OIDC configuration not found" } }
-      }
-      return refreshOIDCAccessToken(oidcConfig, refreshToken)
-    }
-    case SSOProviderType.GOOGLE: {
-      let googleConfig = await configs.getGoogleConfig()
-      if (!googleConfig) {
-        return { err: { data: "Google configuration not found" } }
-      }
-      return refreshGoogleAccessToken(googleConfig, refreshToken)
-    }
-  }
-}
-
-// TODO: Refactor to use user save function instead to prevent the need for
-// manually saving and invalidating on callback
-export async function updateUserOAuth(userId: string, oAuthConfig: any) {
-  const details = {
-    accessToken: oAuthConfig.accessToken,
-    refreshToken: oAuthConfig.refreshToken,
-  }
-
-  try {
-    const db = getGlobalDB()
-    const dbUser = await db.get<any>(userId)
-
-    //Do not overwrite the refresh token if a valid one is not provided.
-    if (typeof details.refreshToken !== "string") {
-      delete details.refreshToken
-    }
-
-    dbUser.oauth2 = {
-      ...dbUser.oauth2,
-      ...details,
-    }
-
-    await db.put(dbUser)
-
-    await invalidateUser(userId)
-  } catch (e) {
-    console.error("Could not update OAuth details for current user", e)
-  }
-}
-
-/**
- * Logs a user out from budibase. Re-used across account portal and builder.
- */
-export async function platformLogout(opts: PlatformLogoutOpts) {
-  const ctx = opts.ctx
-  const userId = opts.userId
-  const keepActiveSession = opts.keepActiveSession
-
-  if (!ctx) throw new Error("Koa context must be supplied to logout.")
-
-  const currentSession = getCookie<SessionCookie>(ctx, Cookie.Auth)
-  let sessions = await getSessionsForUser(userId)
-
-  if (currentSession && keepActiveSession) {
-    sessions = sessions.filter(
-      session => session.sessionId !== currentSession.sessionId
-    )
-  } else {
-    // clear cookies
-    clearCookie(ctx, Cookie.Auth)
-  }
-
-  const sessionIds = sessions.map(({ sessionId }) => sessionId)
-  await invalidateSessions(userId, { sessionIds, reason: "logout" })
-  await events.auth.logout(ctx.user?.email)
-  await userCache.invalidateUser(userId)
-}

package/src/auth/index.ts

@@ -1 +0,0 @@
-export * from "./auth"

package/src/auth/tests/auth.spec.ts

@@ -1,14 +0,0 @@
-import { structures } from "../../../tests"
-import { testEnv } from "../../../tests/extra"
-import * as auth from "../auth"
-import * as events from "../../events"
-
-describe("platformLogout", () => {
-  it("should call platform logout", async () => {
-    await testEnv.withTenant(async () => {
-      const ctx = structures.koa.newContext()
-      await auth.platformLogout({ ctx, userId: "test" })
-      expect(events.auth.logout).toHaveBeenCalledTimes(1)
-    })
-  })
-})

package/src/blacklist/blacklist.ts

@@ -1,54 +0,0 @@
-import dns from "dns"
-import net from "net"
-import env from "../environment"
-import { promisify } from "util"
-
-let blackListArray: string[] | undefined
-const performLookup = promisify(dns.lookup)
-
-async function lookup(address: string): Promise<string[]> {
-  if (!net.isIP(address)) {
-    // need this for URL parsing simply
-    if (!address.startsWith("http")) {
-      address = `https://${address}`
-    }
-    address = new URL(address).hostname
-  }
-  const addresses = await performLookup(address, {
-    all: true,
-  })
-  return addresses.map(addr => addr.address)
-}
-
-export async function refreshBlacklist() {
-  const blacklist = env.BLACKLIST_IPS
-  const list = blacklist?.split(",") || []
-  let final: string[] = []
-  for (let addr of list) {
-    const trimmed = addr.trim()
-    if (!net.isIP(trimmed)) {
-      const addresses = await lookup(trimmed)
-      final = final.concat(addresses)
-    } else {
-      final.push(trimmed)
-    }
-  }
-  blackListArray = final
-}
-
-export async function isBlacklisted(address: string): Promise<boolean> {
-  if (!blackListArray) {
-    await refreshBlacklist()
-  }
-  if (blackListArray?.length === 0) {
-    return false
-  }
-  // no need for DNS
-  let ips: string[]
-  if (!net.isIP(address)) {
-    ips = await lookup(address)
-  } else {
-    ips = [address]
-  }
-  return !!blackListArray?.find(addr => ips.includes(addr))
-}

package/src/blacklist/index.ts

@@ -1 +0,0 @@
-export * from "./blacklist"

package/src/blacklist/tests/blacklist.spec.ts

@@ -1,46 +0,0 @@
-import { refreshBlacklist, isBlacklisted } from ".."
-import env from "../../environment"
-
-describe("blacklist", () => {
-  beforeAll(async () => {
-    env._set(
-      "BLACKLIST_IPS",
-      "www.google.com,192.168.1.1, 1.1.1.1,2.2.2.2/something"
-    )
-    await refreshBlacklist()
-  })
-
-  it("should blacklist 192.168.1.1", async () => {
-    expect(await isBlacklisted("192.168.1.1")).toBe(true)
-  })
-
-  it("should allow 192.168.1.2", async () => {
-    expect(await isBlacklisted("192.168.1.2")).toBe(false)
-  })
-
-  it("should blacklist www.google.com", async () => {
-    expect(await isBlacklisted("www.google.com")).toBe(true)
-  })
-
-  it("should handle a complex domain", async () => {
-    expect(
-      await isBlacklisted("https://www.google.com/derp/?something=1")
-    ).toBe(true)
-  })
-
-  it("should allow www.microsoft.com", async () => {
-    expect(await isBlacklisted("www.microsoft.com")).toBe(false)
-  })
-
-  it("should blacklist an IP that needed trimming", async () => {
-    expect(await isBlacklisted("1.1.1.1")).toBe(true)
-  })
-
-  it("should blacklist 1.1.1.1/something", async () => {
-    expect(await isBlacklisted("1.1.1.1/something")).toBe(true)
-  })
-
-  it("should blacklist 2.2.2.2", async () => {
-    expect(await isBlacklisted("2.2.2.2")).toBe(true)
-  })
-})

package/src/cache/appMetadata.ts

@@ -1,88 +0,0 @@
-import { getAppClient } from "../redis/init"
-import { doWithDB, DocumentType } from "../db"
-import { Database, App } from "@budibase/types"
-
-export enum AppState {
-  INVALID = "invalid",
-}
-
-export interface DeletedApp {
-  state: AppState
-}
-
-const EXPIRY_SECONDS = 3600
-const INVALID_EXPIRY_SECONDS = 60
-
-/**
- * The default populate app metadata function
- */
-async function populateFromDB(appId: string) {
-  return doWithDB(
-    appId,
-    (db: Database) => {
-      return db.get<App>(DocumentType.APP_METADATA)
-    },
-    { skip_setup: true }
-  )
-}
-
-function isInvalid(metadata?: { state: string }) {
-  return !metadata || metadata.state === AppState.INVALID
-}
-
-/**
- * Get the requested app metadata by id.
- * Use redis cache to first read the app metadata.
- * If not present fallback to loading the app metadata directly and re-caching.
- * @param appId the id of the app to get metadata from.
- * @returns the app metadata.
- */
-export async function getAppMetadata(appId: string): Promise<App | DeletedApp> {
-  const client = await getAppClient()
-  // try cache
-  let metadata = await client.get(appId)
-  if (!metadata) {
-    let expiry: number | undefined = EXPIRY_SECONDS
-    try {
-      metadata = await populateFromDB(appId)
-    } catch (err: any) {
-      // app DB left around, but no metadata, it is invalid
-      if (err && err.status === 404) {
-        metadata = { state: AppState.INVALID }
-        // expire invalid apps regularly, in-case it was only briefly invalid
-        expiry = INVALID_EXPIRY_SECONDS
-      } else {
-        throw err
-      }
-    }
-    // needed for some scenarios where the caching happens
-    // so quickly the requests can get slightly out of sync
-    // might store its invalid just before it stores its valid
-    if (isInvalid(metadata)) {
-      const temp = await client.get(appId)
-      if (temp) {
-        metadata = temp
-      }
-    }
-    await client.store(appId, metadata, expiry)
-  }
-
-  return metadata
-}
-
-/**
- * Invalidate/reset the cached metadata when a change occurs in the db.
- * @param appId the cache key to bust/update.
- * @param newMetadata optional - can simply provide the new metadata to update with.
- * @return will respond with success when cache is updated.
- */
-export async function invalidateAppMetadata(appId: string, newMetadata?: any) {
-  if (!appId) {
-    throw "Cannot invalidate if no app ID provided."
-  }
-  const client = await getAppClient()
-  await client.delete(appId)
-  if (newMetadata) {
-    await client.store(appId, newMetadata, EXPIRY_SECONDS)
-  }
-}

package/src/cache/base/index.ts

@@ -1,150 +0,0 @@
-import { getTenantId } from "../../context"
-import * as redis from "../../redis/init"
-import { Client } from "../../redis"
-
-function generateTenantKey(key: string) {
-  const tenantId = getTenantId()
-  return `${key}:${tenantId}`
-}
-
-export default class BaseCache {
-  client: Client | undefined
-
-  constructor(client: Client | undefined = undefined) {
-    this.client = client
-  }
-
-  async getClient() {
-    return !this.client ? await redis.getCacheClient() : this.client
-  }
-
-  async keys(pattern: string) {
-    const client = await this.getClient()
-    return client.keys(pattern)
-  }
-
-  async exists(key: string, opts = { useTenancy: true }) {
-    key = opts.useTenancy ? generateTenantKey(key) : key
-    const client = await this.getClient()
-    return client.exists(key)
-  }
-
-  async scan(key: string, opts = { useTenancy: true }) {
-    key = opts.useTenancy ? generateTenantKey(key) : key
-    const client = await this.getClient()
-    return client.scan(key)
-  }
-
-  /**
-   * Read only from the cache.
-   */
-  async get(key: string, opts = { useTenancy: true }) {
-    key = opts.useTenancy ? generateTenantKey(key) : key
-    const client = await this.getClient()
-    return client.get(key)
-  }
-
-  /**
-   * Read only from the cache.
-   */
-  async bulkGet<T>(keys: string[], opts = { useTenancy: true }) {
-    keys = opts.useTenancy ? keys.map(key => generateTenantKey(key)) : keys
-    const client = await this.getClient()
-    return client.bulkGet<T>(keys)
-  }
-
-  /**
-   * Write to the cache.
-   */
-  async store(
-    key: string,
-    value: any,
-    ttl: number | null = null,
-    opts = { useTenancy: true }
-  ) {
-    key = opts.useTenancy ? generateTenantKey(key) : key
-    const client = await this.getClient()
-    await client.store(key, value, ttl)
-  }
-
-  /**
-   * Bulk write to the cache.
-   */
-  async bulkStore(
-    data: Record<string, any>,
-    ttl: number | null = null,
-    opts = { useTenancy: true }
-  ) {
-    if (opts.useTenancy) {
-      data = Object.entries(data).reduce((acc, [key, value]) => {
-        acc[generateTenantKey(key)] = value
-        return acc
-      }, {} as Record<string, any>)
-    }
-
-    const client = await this.getClient()
-    await client.bulkStore(data, ttl)
-  }
-
-  /**
-   * Remove from cache.
-   */
-  async delete(key: string, opts = { useTenancy: true }) {
-    key = opts.useTenancy ? generateTenantKey(key) : key
-    const client = await this.getClient()
-    return client.delete(key)
-  }
-
-  /**
-   * Remove from cache.
-   */
-  async bulkDelete(keys: string[], opts = { useTenancy: true }) {
-    keys = opts.useTenancy ? keys.map(key => generateTenantKey(key)) : keys
-    const client = await this.getClient()
-    return client.bulkDelete(keys)
-  }
-
-  /**
-   * Read from the cache. Write to the cache if not exists.
-   */
-  async withCache<T>(
-    key: string,
-    ttl: number | null = null,
-    fetchFn: () => Promise<T> | T,
-    opts = { useTenancy: true }
-  ): Promise<T> {
-    const cachedValue = await this.get(key, opts)
-    if (cachedValue) {
-      return cachedValue
-    }
-
-    try {
-      const fetchedValue = await fetchFn()
-
-      await this.store(key, fetchedValue, ttl, opts)
-      return fetchedValue
-    } catch (err) {
-      console.error("Error fetching before cache - ", err)
-      throw err
-    }
-  }
-
-  async bustCache(key: string) {
-    const client = await this.getClient()
-    try {
-      await client.delete(generateTenantKey(key))
-    } catch (err) {
-      console.error("Error busting cache - ", err)
-      throw err
-    }
-  }
-
-  /**
-   * Delete the entry if the provided value matches the stored one.
-   */
-  async deleteIfValue(key: string, value: any, opts = { useTenancy: true }) {
-    key = opts.useTenancy ? generateTenantKey(key) : key
-    const client = await this.getClient()
-    await client.deleteIfValue(key, value)
-  }
-}

package/src/cache/docWritethrough.ts

@@ -1,105 +0,0 @@
-import { AnyDocument, Database } from "@budibase/types"
-
-import { JobQueue, Queue, createQueue } from "../queue"
-import * as dbUtils from "../db"
-
-interface ProcessDocMessage {
-  dbName: string
-  docId: string
-  data: Record<string, any>
-}
-
-const PERSIST_MAX_ATTEMPTS = 100
-let processor: DocWritethroughProcessor | undefined
-
-export class DocWritethroughProcessor {
-  private static _queue: Queue
-
-  public static get queue() {
-    if (!DocWritethroughProcessor._queue) {
-      DocWritethroughProcessor._queue = createQueue<ProcessDocMessage>(
-        JobQueue.DOC_WRITETHROUGH_QUEUE,
-        {
-          jobOptions: {
-            attempts: PERSIST_MAX_ATTEMPTS,
-          },
-        }
-      )
-    }
-
-    return DocWritethroughProcessor._queue
-  }
-
-  init() {
-    DocWritethroughProcessor.queue.process(async message => {
-      try {
-        await this.persistToDb(message.data)
-      } catch (err: any) {
-        if (err.status === 409) {
-          // If we get a 409, it means that another job updated it meanwhile. We want to retry it to persist it again.
-          throw new Error(
-            `Conflict persisting message ${message.id}. Attempt ${message.attemptsMade}`
-          )
-        }
-
-        throw err
-      }
-    })
-    return this
-  }
-
-  private async persistToDb({
-    dbName,
-    docId,
-    data,
-  }: {
-    dbName: string
-    docId: string
-    data: Record<string, any>
-  }) {
-    const db = dbUtils.getDB(dbName)
-    let doc: AnyDocument | undefined
-    try {
-      doc = await db.get(docId)
-    } catch {
-      doc = { _id: docId }
-    }
-
-    doc = { ...doc, ...data }
-    await db.put(doc)
-  }
-}
-
-export class DocWritethrough {
-  private db: Database
-  private _docId: string
-
-  constructor(db: Database, docId: string) {
-    this.db = db
-    this._docId = docId
-  }
-
-  get docId() {
-    return this._docId
-  }
-
-  async patch(data: Record<string, any>) {
-    await DocWritethroughProcessor.queue.add({
-      dbName: this.db.name,
-      docId: this.docId,
-      data,
-    })
-  }
-}
-
-export function init(): DocWritethroughProcessor {
-  processor = new DocWritethroughProcessor().init()
-  return processor
-}
-
-export function getProcessor(): DocWritethroughProcessor {
-  if (!processor) {
-    return init()
-  }
-  return processor
-}

package/src/cache/generic.ts

@@ -1,33 +0,0 @@
-import BaseCache from "./base"
-
-const GENERIC = new BaseCache()
-
-export enum CacheKey {
-  CHECKLIST = "checklist",
-  INSTALLATION = "installation",
-  ANALYTICS_ENABLED = "analyticsEnabled",
-  UNIQUE_TENANT_ID = "uniqueTenantId",
-  EVENTS = "events",
-  BACKFILL_METADATA = "backfillMetadata",
-  EVENTS_RATE_LIMIT = "eventsRateLimit",
-}
-
-export enum TTL {
-  ONE_MINUTE = 600,
-  ONE_HOUR = 3600,
-  ONE_DAY = 86400,
-}
-
-export const keys = (...args: Parameters<typeof GENERIC.keys>) =>
-  GENERIC.keys(...args)
-export const get = (...args: Parameters<typeof GENERIC.get>) =>
-  GENERIC.get(...args)
-export const store = (...args: Parameters<typeof GENERIC.store>) =>
-  GENERIC.store(...args)
-export const destroy = (...args: Parameters<typeof GENERIC.delete>) =>
-  GENERIC.delete(...args)
-export const withCache = <T>(
-  ...args: Parameters<typeof GENERIC.withCache<T>>
-) => GENERIC.withCache(...args)
-export const bustCache = (...args: Parameters<typeof GENERIC.bustCache>) =>
-  GENERIC.bustCache(...args)