npm - @budibase/worker - Versions diffs - 3.18.2 → 3.18.4 - Mend

@budibase/worker 3.18.2 → 3.18.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/package.json +2 -2
package/src/api/controllers/global/roles.ts +5 -5
package/src/api/controllers/global/self.ts +0 -10
package/src/api/controllers/system/environment.ts +7 -3
package/src/api/routes/global/roles.ts +3 -2
package/src/api/routes/global/tests/roles.spec.ts +27 -4
package/src/api/routes/global/tests/users.spec.ts +42 -3
package/src/api/routes/global/users.ts +9 -7
package/src/api/routes/system/tests/environment.spec.ts +3 -1
package/src/environment.ts +2 -1
package/src/sdk/tenants/tenants.ts +3 -3
package/src/tests/TestConfiguration.ts +14 -14

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "3.18.2",
+  "version": "3.18.4",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -109,5 +109,5 @@
       }
     }
   },
-  "gitHead": "43d59f5579dd910575d8aebefb40fae25570c05d"
+  "gitHead": "b82c05d3d0949d198b49415d20980e72cc61ca5b"
 }

package/src/api/controllers/global/roles.ts CHANGED Viewed

@@ -1,18 +1,18 @@
 import {
+  cache,
+  context,
   db as dbCore,
   roles,
-  context,
-  cache,
   tenancy,
 } from "@budibase/backend-core"
-import sdk from "../../../sdk"
 import {
   Ctx,
-  App,
   FetchGlobalRolesResponse,
   FindGlobalRoleResponse,
   RemoveAppRoleResponse,
+  Workspace,
 } from "@budibase/types"
+import sdk from "../../../sdk"
 export async function fetch(ctx: Ctx<void, FetchGlobalRolesResponse>) {
   const tenantId = ctx.user!.tenantId
@@ -43,7 +43,7 @@ export async function find(ctx: Ctx<void, FindGlobalRoleResponse>) {
   const appId = ctx.params.appId
   await context.doInAppContext(dbCore.getDevAppID(appId), async () => {
     const db = context.getAppDB()
-    const app = await db.get<App>(dbCore.DocumentType.APP_METADATA)
+    const app = await db.get<Workspace>(dbCore.DocumentType.APP_METADATA)
     ctx.body = {
       roles: await roles.getAllRoles(),
       name: app.name,

package/src/api/controllers/global/self.ts CHANGED Viewed

@@ -15,9 +15,6 @@ import {
   GenerateAPIKeyRequest,
   GenerateAPIKeyResponse,
   GetGlobalSelfResponse,
-  QuotaType,
-  QuotaUsageType,
-  StaticQuotaName,
   UpdateSelfRequest,
   UpdateSelfResponse,
   User,
@@ -126,13 +123,6 @@ export async function getSelf(ctx: UserCtx<void, GetGlobalSelfResponse>) {
       }
     : undefined
-  if (flags?.WORKSPACES) {
-    // TODO: once the flag is clean, we should rename the original object instead
-    sessionAttributes.license.quotas[QuotaType.USAGE][QuotaUsageType.STATIC][
-      StaticQuotaName.APPS
-    ].name = "Workspaces"
-  }
   ctx.body = {
     ...enrichedUser,
     ...sessionAttributes,

package/src/api/controllers/system/environment.ts CHANGED Viewed

@@ -1,8 +1,8 @@
-import { Ctx, GetEnvironmentResponse, MaintenanceType } from "@budibase/types"
-import env from "../../../environment"
 import { env as coreEnv, db as dbCore } from "@budibase/backend-core"
-import nodeFetch from "node-fetch"
 import { helpers } from "@budibase/shared-core"
+import { Ctx, GetEnvironmentResponse, MaintenanceType } from "@budibase/types"
+import nodeFetch from "node-fetch"
+import env from "../../../environment"
 let sqsAvailable: boolean
 async function isSqsAvailable() {
@@ -49,6 +49,10 @@ export const fetch = async (ctx: Ctx<void, GetEnvironmentResponse>) => {
     isDev: env.isDev() && !env.isTest(),
     maintenance: [],
     passwordMinLength: env.PASSWORD_MIN_LENGTH,
+    serveDevClientFromStorage:
+      env.DEV_USE_CLIENT_FROM_STORAGE !== undefined
+        ? !!env.DEV_USE_CLIENT_FROM_STORAGE
+        : false,
   }
   if (env.SELF_HOSTED) {

package/src/api/routes/global/roles.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import * as controller from "../../controllers/global/roles"
-import { builderOrAdminRoutes } from "../endpointGroups"
+import { adminRoutes, builderOrAdminRoutes } from "../endpointGroups"
 builderOrAdminRoutes
   .get("/api/global/roles", controller.fetch)
   .get("/api/global/roles/:appId", controller.find)
-  .delete("/api/global/roles/:appId", controller.removeAppRole)
+adminRoutes.delete("/api/global/roles/:appId", controller.removeAppRole)

package/src/api/routes/global/tests/roles.spec.ts CHANGED Viewed

@@ -1,11 +1,11 @@
-import { structures, TestConfiguration } from "../../../../tests"
 import { context, db, roles } from "@budibase/backend-core"
 import {
-  App,
-  Database,
   BuiltinPermissionID,
+  Database,
   WithoutDocMetadata,
+  Workspace,
 } from "@budibase/types"
+import { structures, TestConfiguration } from "../../../../tests"
 jest.mock("@budibase/backend-core", () => {
   const core = jest.requireActual("@budibase/backend-core")
@@ -35,7 +35,9 @@ async function addAppMetadata() {
   })
 }
-async function updateAppMetadata(update: Partial<WithoutDocMetadata<App>>) {
+async function updateAppMetadata(
+  update: Partial<WithoutDocMetadata<Workspace>>
+) {
   const app = await appDb.get("app_metadata")
   await appDb.put({
     ...app,
@@ -140,6 +142,18 @@ describe("/api/global/roles", () => {
   })
   describe("DELETE /api/global/roles/:appId", () => {
+    async function createBuilderUser() {
+      const saveResponse = await config.api.users.saveUser(
+        structures.users.builderUser(),
+        200
+      )
+      const { body: user } = await config.api.users.getUser(
+        saveResponse.body._id
+      )
+      await config.login(user)
+      return user
+    }
     it("removes an app role", async () => {
       let user = structures.users.user()
       user.roles = {
@@ -151,5 +165,14 @@ describe("/api/global/roles", () => {
       expect(updatedUser.body.roles).not.toHaveProperty(appId)
       expect(res.body.message).toEqual("App role removed from all users")
     })
+    it("should not allow creator users to remove app roles", async () => {
+      const builderUser = await createBuilderUser()
+      const res = await config.withUser(builderUser, () =>
+        config.api.roles.remove(appId, { status: 403 })
+      )
+      expect(res.body.message).toBe("Admin user only endpoint.")
+    })
   })
 })

package/src/api/routes/global/tests/users.spec.ts CHANGED Viewed

@@ -1,8 +1,8 @@
-import { InviteUsersResponse, User, OIDCUser } from "@budibase/types"
+import { InviteUsersResponse, OIDCUser, User } from "@budibase/types"
-import { TestConfiguration, mocks, structures } from "../../../../tests"
-import { events, tenancy, accounts as _accounts } from "@budibase/backend-core"
+import { accounts as _accounts, events, tenancy } from "@budibase/backend-core"
 import * as userSdk from "../../../../sdk/users"
+import { TestConfiguration, mocks, structures } from "../../../../tests"
 jest.mock("nodemailer")
 const sendMailMock = mocks.email.mock()
@@ -24,6 +24,16 @@ describe("/api/global/users", () => {
     jest.clearAllMocks()
   })
+  async function createBuilderUser() {
+    const saveResponse = await config.api.users.saveUser(
+      structures.users.builderUser(),
+      200
+    )
+    const { body: user } = await config.api.users.getUser(saveResponse.body._id)
+    await config.login(user)
+    return user
+  }
   describe("POST /api/global/users/invite", () => {
     it("should be able to generate an invitation", async () => {
       const email = structures.users.newEmail()
@@ -73,6 +83,19 @@ describe("/api/global/users", () => {
       expect(events.user.invited).toHaveBeenCalledTimes(0)
     })
+    it("should not allow creator users to access single invite endpoint", async () => {
+      const user = await createBuilderUser()
+      const { res } = await config.withUser(user, () =>
+        config.api.users.sendUserInvite(
+          sendMailMock,
+          structures.users.newEmail(),
+          403
+        )
+      )
+      expect(res.body.message).toBe("Admin user only endpoint.")
+    })
     it("should be able to create new user from invite", async () => {
       const email = structures.users.newEmail()
       const { code } = await config.api.users.sendUserInvite(
@@ -137,6 +160,22 @@ describe("/api/global/users", () => {
       expect(sendMailMock).toHaveBeenCalledTimes(0)
       expect(events.user.invited).toHaveBeenCalledTimes(0)
     })
+    it("should not allow creator users to access multi-invite endpoint", async () => {
+      const user = await createBuilderUser()
+      const request = [
+        {
+          email: structures.users.newEmail(),
+          userInfo: { admin: { global: true } },
+        },
+      ]
+      const res = await config.withUser(user, () =>
+        config.api.users.sendMultiUserInvite(request, 403)
+      )
+      expect(res.body.message).toBe("Admin user only endpoint.")
+    })
   })
   describe("POST /api/global/users/bulk", () => {

package/src/api/routes/global/users.ts CHANGED Viewed

@@ -1,13 +1,13 @@
-import * as controller from "../../controllers/global/users"
 import { auth } from "@budibase/backend-core"
 import Joi from "joi"
-import { users } from "../validation"
+import * as controller from "../../controllers/global/users"
 import {
-  loggedInRoutes,
-  cloudRestrictedRoutes,
-  builderOrAdminRoutes,
   adminRoutes,
+  builderOrAdminRoutes,
+  cloudRestrictedRoutes,
+  loggedInRoutes,
 } from "../endpointGroups"
+import { users } from "../validation"
 const OPTIONAL_STRING = Joi.string().optional().allow(null).allow("")
@@ -100,6 +100,10 @@ adminRoutes
 builderOrAdminRoutes
   .get("/api/global/users", controller.fetch)
   .get("/api/global/users/count/:appId", controller.countByApp)
+  .get("/api/global/users/invites", controller.getUserInvites)
+  .get("/api/global/users/:id", controller.find)
+adminRoutes
   .post("/api/global/users/invite", buildInviteValidation(), controller.invite)
   .post(
     "/api/global/users/onboard",
@@ -116,8 +120,6 @@ builderOrAdminRoutes
     controller.removeMultipleInvites
   )
   .post("/api/global/users/invite/update/:code", controller.updateInvite)
-  .get("/api/global/users/invites", controller.getUserInvites)
-  .get("/api/global/users/:id", controller.find)
 loggedInRoutes
   // search can be used by any user now, to retrieve users for user column

package/src/api/routes/system/tests/environment.spec.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { TestConfiguration } from "../../../../tests"
 import { withEnv } from "../../../../environment"
+import { TestConfiguration } from "../../../../tests"
 jest.unmock("node-fetch")
@@ -29,6 +29,7 @@ describe("/api/system/environment", () => {
         baseUrl: "http://localhost:10000",
         offlineMode: false,
         maintenance: [],
+        serveDevClientFromStorage: false,
       })
     })
@@ -43,6 +44,7 @@ describe("/api/system/environment", () => {
           baseUrl: "http://localhost:10000",
           offlineMode: false,
           maintenance: [],
+          serveDevClientFromStorage: false,
         })
       })
     })

package/src/environment.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { env as coreEnv } from "@budibase/backend-core"
 import { ServiceType } from "@budibase/types"
-import { join, resolve } from "path"
 import cloneDeep from "lodash/cloneDeep"
+import { join, resolve } from "path"
 coreEnv._set("SERVICE_TYPE", ServiceType.WORKER)
@@ -55,6 +55,7 @@ const environment = {
   SMTP_FALLBACK_ENABLED: process.env.SMTP_FALLBACK_ENABLED,
   DISABLE_DEVELOPER_LICENSE: process.env.DISABLE_DEVELOPER_LICENSE,
   BUDIBASE_ENVIRONMENT: process.env.BUDIBASE_ENVIRONMENT,
+  DEV_USE_CLIENT_FROM_STORAGE: process.env.DEV_USE_CLIENT_FROM_STORAGE,
   // smtp
   SMTP_USER: process.env.SMTP_USER,
   SMTP_PASSWORD: process.env.SMTP_PASSWORD,

package/src/sdk/tenants/tenants.ts CHANGED Viewed

@@ -1,6 +1,6 @@
-import { App } from "@budibase/types"
-import { tenancy, db as dbCore, platform } from "@budibase/backend-core"
+import { db as dbCore, platform, tenancy } from "@budibase/backend-core"
 import { quotas } from "@budibase/pro"
+import { Workspace } from "@budibase/types"
 export async function deleteTenant(tenantId: string) {
   await quotas.bustCache()
@@ -21,7 +21,7 @@ async function removeGlobalDB(tenantId: string) {
 async function removeTenantApps(tenantId: string) {
   try {
-    const apps = (await dbCore.getAllApps({ all: true })) as App[]
+    const apps = (await dbCore.getAllApps({ all: true })) as Workspace[]
     const destroyPromises = apps.map(app => {
       const db = dbCore.getDB(app.appId)
       return db.destroy()

package/src/tests/TestConfiguration.ts CHANGED Viewed

@@ -7,37 +7,37 @@ mocks.licenses.init(mocks.pro)
 mocks.licenses.useUnlimited()
 import * as dbConfig from "../db"
-dbConfig.init()
 import env from "../environment"
 import * as controllers from "./controllers"
+dbConfig.init()
 import supertest from "supertest"
-import { Config } from "../constants"
 import {
-  users,
-  context,
-  sessions,
   constants,
+  context,
   env as coreEnv,
   db as dbCore,
   encryption,
+  sessions,
+  users,
   utils,
 } from "@budibase/backend-core"
-import structures, { CSRF_TOKEN } from "./structures"
 import {
-  SaveUserResponse,
-  User,
   AuthToken,
-  SCIMConfig,
   ConfigType,
+  SaveUserResponse,
+  SCIMConfig,
   SMTPConfig,
   SMTPInnerConfig,
+  User,
 } from "@budibase/types"
-import API from "./api"
-import jwt, { Secret } from "jsonwebtoken"
 import http from "http"
+import jwt, { Secret } from "jsonwebtoken"
+import { Config } from "../constants"
+import API from "./api"
+import structures, { CSRF_TOKEN } from "./structures"
 class TestConfiguration {
   server: http.Server<typeof http.IncomingMessage, typeof http.ServerResponse> =
@@ -223,11 +223,11 @@ class TestConfiguration {
     }
   }
-  async withUser(user: User, f: () => Promise<void>) {
+  async withUser<T>(user: User, f: () => Promise<T>): Promise<T> {
     const oldUser = this.user
     this.user = user
     try {
-      await f()
+      return await f()
     } finally {
       this.user = oldUser
     }