@budibase/backend-core 3.2.5 → 3.2.7

package/src/middleware/builderOnly.ts

@@ -1,21 +0,0 @@
-import { UserCtx } from "@budibase/types"
-import { isBuilder, hasBuilderPermissions } from "../users"
-import { getAppId } from "../context"
-import env from "../environment"
-
-export default async (ctx: UserCtx, next: any) => {
-  const appId = getAppId()
-  const builderFn =
-    env.isWorker() || !appId
-      ? hasBuilderPermissions
-      : env.isApps()
-      ? isBuilder
-      : undefined
-  if (!builderFn) {
-    throw new Error("Service name unknown - middleware inactive.")
-  }
-  if (!ctx.internal && !builderFn(ctx.user, appId)) {
-    ctx.throw(403, "Builder user only endpoint.")
-  }
-  return next()
-}

package/src/middleware/builderOrAdmin.ts

@@ -1,21 +0,0 @@
-import { UserCtx } from "@budibase/types"
-import { isBuilder, isAdmin, hasBuilderPermissions } from "../users"
-import { getAppId } from "../context"
-import env from "../environment"
-
-export default async (ctx: UserCtx, next: any) => {
-  const appId = getAppId()
-  const builderFn =
-    env.isWorker() || !appId
-      ? hasBuilderPermissions
-      : env.isApps()
-      ? isBuilder
-      : undefined
-  if (!builderFn) {
-    throw new Error("Service name unknown - middleware inactive.")
-  }
-  if (!ctx.internal && !builderFn(ctx.user, appId) && !isAdmin(ctx.user)) {
-    ctx.throw(403, "Admin/Builder user only endpoint.")
-  }
-  return next()
-}

package/src/middleware/contentSecurityPolicy.ts

@@ -1,113 +0,0 @@
-import crypto from "crypto"
-
-const CSP_DIRECTIVES = {
-  "default-src": ["'self'"],
-  "script-src": [
-    "'self'",
-    "'unsafe-eval'",
-    "https://*.budibase.net",
-    "https://cdn.budi.live",
-    "https://js.intercomcdn.com",
-    "https://widget.intercom.io",
-    "https://d2l5prqdbvm3op.cloudfront.net",
-    "https://us-assets.i.posthog.com",
-  ],
-  "style-src": [
-    "'self'",
-    "'unsafe-inline'",
-    "https://cdn.jsdelivr.net",
-    "https://fonts.googleapis.com",
-    "https://rsms.me",
-    "https://maxcdn.bootstrapcdn.com",
-  ],
-  "object-src": ["'none'"],
-  "base-uri": ["'self'"],
-  "connect-src": [
-    "'self'",
-    "https://*.budibase.app",
-    "https://*.budibaseqa.app",
-    "https://*.budibase.net",
-    "https://api-iam.intercom.io",
-    "https://api-ping.intercom.io",
-    "https://app.posthog.com",
-    "https://us.i.posthog.com",
-    "wss://nexus-websocket-a.intercom.io",
-    "wss://nexus-websocket-b.intercom.io",
-    "https://nexus-websocket-a.intercom.io",
-    "https://nexus-websocket-b.intercom.io",
-    "https://uploads.intercomcdn.com",
-    "https://uploads.intercomusercontent.com",
-    "https://*.amazonaws.com",
-    "https://*.s3.amazonaws.com",
-    "https://*.s3.us-east-2.amazonaws.com",
-    "https://*.s3.us-east-1.amazonaws.com",
-    "https://*.s3.us-west-1.amazonaws.com",
-    "https://*.s3.us-west-2.amazonaws.com",
-    "https://*.s3.af-south-1.amazonaws.com",
-    "https://*.s3.ap-east-1.amazonaws.com",
-    "https://*.s3.ap-south-1.amazonaws.com",
-    "https://*.s3.ap-northeast-2.amazonaws.com",
-    "https://*.s3.ap-southeast-1.amazonaws.com",
-    "https://*.s3.ap-southeast-2.amazonaws.com",
-    "https://*.s3.ap-northeast-1.amazonaws.com",
-    "https://*.s3.ca-central-1.amazonaws.com",
-    "https://*.s3.cn-north-1.amazonaws.com",
-    "https://*.s3.cn-northwest-1.amazonaws.com",
-    "https://*.s3.eu-central-1.amazonaws.com",
-    "https://*.s3.eu-west-1.amazonaws.com",
-    "https://*.s3.eu-west-2.amazonaws.com",
-    "https://*.s3.eu-south-1.amazonaws.com",
-    "https://*.s3.eu-west-3.amazonaws.com",
-    "https://*.s3.eu-north-1.amazonaws.com",
-    "https://*.s3.sa-east-1.amazonaws.com",
-    "https://*.s3.me-south-1.amazonaws.com",
-    "https://*.s3.us-gov-east-1.amazonaws.com",
-    "https://*.s3.us-gov-west-1.amazonaws.com",
-    "https://api.github.com",
-  ],
-  "font-src": [
-    "'self'",
-    "data:",
-    "https://cdn.jsdelivr.net",
-    "https://fonts.gstatic.com",
-    "https://rsms.me",
-    "https://maxcdn.bootstrapcdn.com",
-    "https://js.intercomcdn.com",
-    "https://fonts.intercomcdn.com",
-  ],
-  "frame-src": ["'self'", "https:"],
-  "img-src": ["http:", "https:", "data:", "blob:"],
-  "manifest-src": ["'self'"],
-  "media-src": [
-    "'self'",
-    "https://js.intercomcdn.com",
-    "https://cdn.budi.live",
-  ],
-  "worker-src": ["blob:"],
-}
-
-export async function contentSecurityPolicy(ctx: any, next: any) {
-  try {
-    const nonce = crypto.randomBytes(16).toString("base64")
-
-    const directives = { ...CSP_DIRECTIVES }
-    directives["script-src"] = [
-      ...CSP_DIRECTIVES["script-src"],
-      `'nonce-${nonce}'`,
-    ]
-
-    ctx.state.nonce = nonce
-
-    const cspHeader = Object.entries(directives)
-      .map(([key, sources]) => `${key} ${sources.join(" ")}`)
-      .join("; ")
-    ctx.set("Content-Security-Policy", cspHeader)
-    await next()
-  } catch (err: any) {
-    console.error(
-      `Error occurred in Content-Security-Policy middleware: ${err}`
-    )
-  }
-}
-
-export default contentSecurityPolicy

package/src/middleware/csrf.ts

@@ -1,81 +0,0 @@
-import { Header } from "../constants"
-import { buildMatcherRegex, matches } from "./matchers"
-import { BBContext, EndpointMatcher } from "@budibase/types"
-
-/**
- * GET, HEAD and OPTIONS methods are considered safe operations
- *
- * POST, PUT, PATCH, and DELETE methods, being state changing verbs,
- * should have a CSRF token attached to the request
- */
-const EXCLUDED_METHODS = ["GET", "HEAD", "OPTIONS"]
-
-/**
- * There are only three content type values that can be used in cross domain requests.
- * If any other value is used, e.g. application/json, the browser will first make a OPTIONS
- * request which will be protected by CORS.
- */
-const INCLUDED_CONTENT_TYPES = [
-  "application/x-www-form-urlencoded",
-  "multipart/form-data",
-  "text/plain",
-]
-
-/**
- * Validate the CSRF token generated aganst the user session.
- * Compare the token with the x-csrf-token header.
- *
- * If the token is not found within the request or the value provided
- * does not match the value within the user session, the request is rejected.
- *
- * CSRF protection provided using the 'Synchronizer Token Pattern'
- * https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
- *
- */
-export default function (
-  opts: { noCsrfPatterns: EndpointMatcher[] } = { noCsrfPatterns: [] }
-) {
-  const noCsrfOptions = buildMatcherRegex(opts.noCsrfPatterns)
-  return async (ctx: BBContext | any, next: any) => {
-    // don't apply for excluded paths
-    const found = matches(ctx, noCsrfOptions)
-    if (found) {
-      return next()
-    }
-
-    // don't apply for the excluded http methods
-    if (EXCLUDED_METHODS.indexOf(ctx.method) !== -1) {
-      return next()
-    }
-
-    // don't apply when the content type isn't supported
-    let contentType = ctx.get("content-type")
-      ? ctx.get("content-type").toLowerCase()
-      : ""
-    if (
-      !INCLUDED_CONTENT_TYPES.filter(type => contentType.includes(type)).length
-    ) {
-      return next()
-    }
-
-    // don't apply csrf when the internal api key has been used
-    if (ctx.internal) {
-      return next()
-    }
-
-    // apply csrf when there is a token in the session (new logins)
-    // in future there should be a hard requirement that the token is present
-    const userToken = ctx.user?.csrfToken
-    if (!userToken) {
-      return next()
-    }
-
-    // reject if no token in request or mismatch
-    const requestToken = ctx.get(Header.CSRF_TOKEN)
-    if (!requestToken || requestToken !== userToken) {
-      ctx.throw(403, "Invalid CSRF token")
-    }
-
-    return next()
-  }
-}

package/src/middleware/errorHandling.ts

@@ -1,43 +0,0 @@
-import { APIError } from "@budibase/types"
-import * as errors from "../errors"
-import environment from "../environment"
-import { stringContainsSecret } from "../security/secrets"
-
-export async function errorHandling(ctx: any, next: any) {
-  try {
-    await next()
-  } catch (err: any) {
-    const status = err.status || err.statusCode || 500
-    ctx.status = status
-
-    if (status >= 400 && status < 500) {
-      console.warn(err)
-    } else {
-      console.error("Got 400 response code", err)
-    }
-
-    let error: APIError = {
-      message: err.message,
-      status,
-      validationErrors: err.validation,
-      error: errors.getPublicError(err),
-    }
-
-    if (stringContainsSecret(JSON.stringify(error))) {
-      error = {
-        message: "Unexpected error",
-        status,
-        error: "Unexpected error",
-      }
-    }
-
-    if (environment.isTest() && ctx.headers["x-budibase-include-stacktrace"]) {
-      // @ts-ignore
-      error.stack = err.stack
-    }
-
-    ctx.body = error
-  }
-}
-
-export default errorHandling

package/src/middleware/index.ts

@@ -1,24 +0,0 @@
-export * as local from "./passport/local"
-export * as google from "./passport/sso/google"
-export * as oidc from "./passport/sso/oidc"
-import * as datasourceGoogle from "./passport/datasource/google"
-
-export const datasource = {
-  google: datasourceGoogle,
-}
-export { authError, ssoCallbackUrl } from "./passport/utils"
-export { default as authenticated } from "./authenticated"
-export { default as auditLog } from "./auditLog"
-export { default as tenancy } from "./tenancy"
-export { default as internalApi } from "./internalApi"
-export { default as csrf } from "./csrf"
-export { default as adminOnly } from "./adminOnly"
-export { default as builderOrAdmin } from "./builderOrAdmin"
-export { default as builderOnly } from "./builderOnly"
-export { default as pino } from "../logging/pino/middleware"
-export { default as correlation } from "../logging/correlation/middleware"
-export { default as errorHandling } from "./errorHandling"
-export { default as querystringToBody } from "./querystringToBody"
-export { default as csp } from "./contentSecurityPolicy"
-export * as joiValidator from "./joi-validator"
-export { default as ip } from "./ip"

package/src/middleware/internalApi.ts

@@ -1,23 +0,0 @@
-import { Header } from "../constants"
-import { BBContext } from "@budibase/types"
-import { isValidInternalAPIKey } from "../utils"
-
-/**
- * API Key only endpoint.
- */
-export default async (ctx: BBContext, next: any) => {
-  const apiKey = ctx.request.headers[Header.API_KEY]
-  if (!apiKey) {
-    ctx.throw(403, "Unauthorized")
-  }
-
-  if (Array.isArray(apiKey)) {
-    ctx.throw(403, "Unauthorized")
-  }
-
-  if (!isValidInternalAPIKey(apiKey)) {
-    ctx.throw(403, "Unauthorized")
-  }
-
-  return next()
-}

package/src/middleware/ip.ts

@@ -1,12 +0,0 @@
-import { Ctx } from "@budibase/types"
-import { doInIPContext } from "../context"
-
-export default async (ctx: Ctx, next: any) => {
-  if (ctx.ip) {
-    return await doInIPContext(ctx.ip, () => {
-      return next()
-    })
-  } else {
-    return next()
-  }
-}

package/src/middleware/joi-validator.ts

@@ -1,58 +0,0 @@
-import Joi from "joi"
-import { Ctx } from "@budibase/types"
-
-function validate(
-  schema: Joi.ObjectSchema | Joi.ArraySchema,
-  property: string,
-  opts?: { errorPrefix?: string; allowUnknown?: boolean }
-) {
-  const errorPrefix = opts?.errorPrefix ?? `Invalid ${property}`
-  // Return a Koa middleware function
-  return (ctx: Ctx, next: any) => {
-    if (!schema) {
-      return next()
-    }
-    let params = null
-    // @ts-ignore
-    let reqProp = ctx.request?.[property]
-    if (ctx[property] != null) {
-      params = ctx[property]
-    } else if (reqProp != null) {
-      params = reqProp
-    }
-
-    // not all schemas have the append property e.g. array schemas
-    if ((schema as Joi.ObjectSchema).append) {
-      schema = (schema as Joi.ObjectSchema).append({
-        createdAt: Joi.any().optional(),
-        updatedAt: Joi.any().optional(),
-      })
-    }
-
-    const { error } = schema.validate(params, {
-      allowUnknown: opts?.allowUnknown,
-    })
-    if (error) {
-      let message = error.message
-      if (errorPrefix) {
-        message = `Invalid ${property} - ${message}`
-      }
-      ctx.throw(400, message)
-    }
-    return next()
-  }
-}
-
-export function body(
-  schema: Joi.ObjectSchema | Joi.ArraySchema,
-  opts?: { errorPrefix?: string; allowUnknown?: boolean }
-) {
-  return validate(schema, "body", opts)
-}
-
-export function params(
-  schema: Joi.ObjectSchema | Joi.ArraySchema,
-  opts?: { errorPrefix: string }
-) {
-  return validate(schema, "params", opts)
-}

package/src/middleware/matchers.ts

@@ -1,39 +0,0 @@
-import { BBContext, EndpointMatcher, RegexMatcher } from "@budibase/types"
-
-const PARAM_REGEX = /\/:(.*?)(\/.*)?$/g
-
-export const buildMatcherRegex = (
-  patterns: EndpointMatcher[]
-): RegexMatcher[] => {
-  if (!patterns) {
-    return []
-  }
-  return patterns.map(pattern => {
-    let route = pattern.route
-    const method = pattern.method
-
-    // if there is a param in the route
-    // use a wildcard pattern
-    const matches = route.match(PARAM_REGEX)
-    if (matches) {
-      for (let match of matches) {
-        const suffix = match.endsWith("/") ? "/" : ""
-        const pattern = "/.*" + suffix
-        route = route.replace(match, pattern)
-      }
-    }
-
-    return { regex: new RegExp(route), method, route }
-  })
-}
-
-export const matches = (ctx: BBContext, options: RegexMatcher[]) => {
-  return options.find(({ regex, method }) => {
-    const urlMatch = regex.test(ctx.request.url)
-    const methodMatch =
-      method === "ALL"
-        ? true
-        : ctx.request.method.toLowerCase() === method.toLowerCase()
-    return urlMatch && methodMatch
-  })
-}

package/src/middleware/passport/datasource/google.ts

@@ -1,102 +0,0 @@
-import * as google from "../sso/google"
-import { Cookie } from "../../../constants"
-import * as configs from "../../../configs"
-import * as cache from "../../../cache"
-import * as utils from "../../../utils"
-import { UserCtx, SSOProfile } from "@budibase/types"
-import { ssoSaveUserNoOp } from "../sso/sso"
-
-const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
-
-type Passport = {
-  authenticate: any
-}
-
-async function fetchGoogleCreds() {
-  let config = await configs.getGoogleDatasourceConfig()
-
-  if (!config) {
-    throw new Error("No google configuration found")
-  }
-  return config
-}
-
-export async function preAuth(
-  passport: Passport,
-  ctx: UserCtx,
-  next: Function
-) {
-  // get the relevant config
-  const googleConfig = await fetchGoogleCreds()
-  const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
-
-  let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
-  const strategy = await google.strategyFactory(
-    googleConfig,
-    callbackUrl,
-    ssoSaveUserNoOp
-  )
-
-  if (!ctx.query.appId) {
-    ctx.throw(400, "appId query param not present.")
-  }
-
-  return passport.authenticate(strategy, {
-    scope: ["profile", "email", "https://www.googleapis.com/auth/spreadsheets"],
-    accessType: "offline",
-    prompt: "consent",
-  })(ctx, next)
-}
-
-export async function postAuth(
-  passport: Passport,
-  ctx: UserCtx,
-  next: Function
-) {
-  // get the relevant config
-  const config = await fetchGoogleCreds()
-  const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
-
-  let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
-  const authStateCookie = utils.getCookie<{ appId: string }>(
-    ctx,
-    Cookie.DatasourceAuth
-  )
-
-  if (!authStateCookie) {
-    throw new Error("Unable to fetch datasource auth cookie")
-  }
-
-  return passport.authenticate(
-    new GoogleStrategy(
-      {
-        clientID: config.clientID,
-        clientSecret: config.clientSecret,
-        callbackURL: callbackUrl,
-      },
-      (
-        accessToken: string,
-        refreshToken: string,
-        _profile: SSOProfile,
-        done: Function
-      ) => {
-        utils.clearCookie(ctx, Cookie.DatasourceAuth)
-        done(null, { accessToken, refreshToken })
-      }
-    ),
-    { successRedirect: "/", failureRedirect: "/error" },
-    async (err: any, tokens: string[]) => {
-      const baseUrl = `/builder/app/${authStateCookie.appId}/data`
-
-      const id = utils.newid()
-      await cache.store(
-        `datasource:creation:${authStateCookie.appId}:google:${id}`,
-        {
-          tokens,
-        }
-      )
-
-      ctx.redirect(`${baseUrl}/new?continue_google_setup=${id}`)
-    }
-  )(ctx, next)
-}

package/src/middleware/passport/local.ts

@@ -1,54 +0,0 @@
-import { UserStatus } from "../../constants"
-import { compare } from "../../utils"
-import * as users from "../../users"
-import { authError } from "./utils"
-import { BBContext } from "@budibase/types"
-
-const INVALID_ERR = "Invalid credentials"
-const EXPIRED = "This account has expired. Please reset your password"
-
-export const options = {
-  passReqToCallback: true,
-}
-
-/**
- * Passport Local Authentication Middleware.
- * @param ctx the request structure
- * @param email username to login with
- * @param password plain text password to log in with
- * @param done callback from passport to return user information and errors
- * @returns The authenticated user, or errors if they occur
- */
-export async function authenticate(
-  ctx: BBContext,
-  email: string,
-  password: string,
-  done: Function
-) {
-  if (!email) return authError(done, "Email Required")
-  if (!password) return authError(done, "Password Required")
-
-  const dbUser = await users.getGlobalUserByEmail(email)
-  if (dbUser == null) {
-    console.info(`user=${email} could not be found`)
-    return authError(done, INVALID_ERR)
-  }
-
-  if (dbUser.status === UserStatus.INACTIVE) {
-    console.info(`user=${email} is inactive`, dbUser)
-    return authError(done, INVALID_ERR)
-  }
-
-  if (!dbUser.password) {
-    console.info(`user=${email} has no password set`, dbUser)
-    return authError(done, EXPIRED)
-  }
-
-  if (!(await compare(password, dbUser.password))) {
-    return authError(done, INVALID_ERR)
-  }
-
-  // intentionally remove the users password in payload
-  delete dbUser.password
-  return done(null, dbUser)
-}

package/src/middleware/passport/sso/google.ts

@@ -1,77 +0,0 @@
-import { ssoCallbackUrl } from "../utils"
-import * as sso from "./sso"
-import {
-  ConfigType,
-  SSOProfile,
-  SSOAuthDetails,
-  SSOProviderType,
-  SaveSSOUserFunction,
-  GoogleInnerConfig,
-} from "@budibase/types"
-
-const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
-
-export function buildVerifyFn(saveUserFn: SaveSSOUserFunction) {
-  return (
-    accessToken: string,
-    refreshToken: string,
-    profile: SSOProfile,
-    done: Function
-  ) => {
-    const details: SSOAuthDetails = {
-      provider: "google",
-      providerType: SSOProviderType.GOOGLE,
-      userId: profile.id,
-      profile: profile,
-      email: profile._json.email,
-      oauth2: {
-        accessToken,
-        refreshToken,
-      },
-    }
-
-    return sso.authenticate(
-      details,
-      true, // require local accounts to exist
-      done,
-      saveUserFn
-    )
-  }
-}
-
-/**
- * Create an instance of the google passport strategy. This wrapper fetches the configuration
- * from couchDB rather than environment variables, using this factory is necessary for dynamically configuring passport.
- * @returns Dynamically configured Passport Google Strategy
- */
-export async function strategyFactory(
-  config: GoogleInnerConfig,
-  callbackUrl: string,
-  saveUserFn: SaveSSOUserFunction
-) {
-  try {
-    const { clientID, clientSecret } = config
-
-    if (!clientID || !clientSecret) {
-      throw new Error(
-        "Configuration invalid. Must contain google clientID and clientSecret"
-      )
-    }
-
-    const verify = buildVerifyFn(saveUserFn)
-    return new GoogleStrategy(
-      {
-        clientID: config.clientID,
-        clientSecret: config.clientSecret,
-        callbackURL: callbackUrl,
-      },
-      verify
-    )
-  } catch (err: any) {
-    throw new Error(`Error constructing google authentication strategy: ${err}`)
-  }
-}
-
-export async function getCallbackUrl(config: GoogleInnerConfig) {
-  return ssoCallbackUrl(ConfigType.GOOGLE, config)
-}