@budibase/worker 3.35.10 → 3.36.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +2 -2
  2. package/src/api/routes/global/license.ts +10 -4
  3. package/src/api/routes/global/tests/license.spec.ts +132 -0
  4. package/src/tests/api/license.ts +7 -2
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/worker",
3
3
  "email": "hi@budibase.com",
4
- "version": "3.35.10",
4
+ "version": "3.36.2",
5
5
  "description": "Budibase background service",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -79,5 +79,5 @@
79
79
  "supertest": "6.3.3",
80
80
  "timekeeper": "2.2.0"
81
81
  },
82
- "gitHead": "e2fa586beb21f730b22350e561d21ec1e2c5c2f0"
82
+ "gitHead": "af5c4987e639f4c3f801e5baa9570277080cef14"
83
83
  }
package/src/api/routes/global/license.ts CHANGED
@@ -1,7 +1,11 @@
1
1
  import * as controller from "../../controllers/global/license"
2
2
  import { middleware } from "@budibase/backend-core"
3
3
  import Joi from "joi"
4
- import { loggedInRoutes } from "../endpointGroups"
4
+ import {
5
+ adminRoutes,
6
+ builderOrAdminRoutes,
7
+ loggedInRoutes,
8
+ } from "../endpointGroups"
5
9
 
6
10
  const activateLicenseKeyValidator = middleware.joiValidator.body(
7
11
  Joi.object({
@@ -15,9 +19,12 @@ const activateOfflineLicenseValidator = middleware.joiValidator.body(
15
19
  }).required()
16
20
  )
17
21
 
18
- loggedInRoutes
22
+ loggedInRoutes.get("/api/global/license/usage", controller.getQuotaUsage)
23
+
24
+ builderOrAdminRoutes.get("/api/global/license/key", controller.getLicenseKey)
25
+
26
+ adminRoutes
19
27
  .post("/api/global/license/refresh", controller.refresh)
20
- .get("/api/global/license/usage", controller.getQuotaUsage)
21
28
  .get("/api/global/install", controller.getInstallInfo)
22
29
  // LICENSE KEY
23
30
  .post(
@@ -25,7 +32,6 @@ loggedInRoutes
25
32
  activateLicenseKeyValidator,
26
33
  controller.activateLicenseKey
27
34
  )
28
- .get("/api/global/license/key", controller.getLicenseKey)
29
35
  .delete("/api/global/license/key", controller.deleteLicenseKey)
30
36
  // OFFLINE LICENSE
31
37
  .post(
package/src/api/routes/global/tests/license.spec.ts CHANGED
@@ -6,6 +6,26 @@ const quotas = mocks.pro.quotas
6
6
  describe("/api/global/license", () => {
7
7
  const config = new TestConfiguration()
8
8
 
9
+ async function createNonAdminUser() {
10
+ const user = await config.createUser()
11
+ await config.login(user)
12
+ return user
13
+ }
14
+
15
+ async function createBuilderUser() {
16
+ const user = await config.createUser(structures.users.builderUser())
17
+ await config.login(user)
18
+ return user
19
+ }
20
+
21
+ async function createCreatorUser() {
22
+ const user = await config.createUser(
23
+ structures.users.user({ builder: { creator: true } })
24
+ )
25
+ await config.login(user)
26
+ return user
27
+ }
28
+
9
29
  beforeAll(async () => {
10
30
  await config.beforeAll()
11
31
  })
@@ -14,6 +34,10 @@ describe("/api/global/license", () => {
14
34
  await config.afterAll()
15
35
  })
16
36
 
37
+ beforeEach(() => {
38
+ mocks.licenses.useUnlimited()
39
+ })
40
+
17
41
  afterEach(() => {
18
42
  jest.resetAllMocks()
19
43
  })
@@ -34,6 +58,19 @@ describe("/api/global/license", () => {
34
58
  expect(res.status).toBe(200)
35
59
  expect(res.body).toEqual(usage)
36
60
  })
61
+
62
+ it("allows non-admin access", async () => {
63
+ const user = await createNonAdminUser()
64
+ const usage = structures.quotas.usage()
65
+ quotas.getQuotaUsage.mockResolvedValue(usage)
66
+
67
+ const res = await config.withUser(user, () =>
68
+ config.api.license.getUsage()
69
+ )
70
+
71
+ expect(res.status).toBe(200)
72
+ expect(res.body).toEqual(usage)
73
+ })
37
74
  })
38
75
 
39
76
  describe("POST /api/global/license/key", () => {
@@ -53,6 +90,35 @@ describe("/api/global/license", () => {
53
90
  const res = await config.api.license.getLicenseKey()
54
91
  expect(res.status).toBe(404)
55
92
  })
93
+
94
+ it("allows builder access", async () => {
95
+ const user = await createBuilderUser()
96
+ licensing.keys.getLicenseKey.mockResolvedValue("licenseKey")
97
+
98
+ const res = await config.withUser(user, () =>
99
+ config.api.license.getLicenseKey()
100
+ )
101
+
102
+ expect(res.status).toBe(200)
103
+ expect(res.body).toEqual({
104
+ licenseKey: "*",
105
+ })
106
+ })
107
+
108
+ it("allows creator access", async () => {
109
+ const user = await createCreatorUser()
110
+ licensing.keys.getLicenseKey.mockResolvedValue("licenseKey")
111
+
112
+ const res = await config.withUser(user, () =>
113
+ config.api.license.getLicenseKey()
114
+ )
115
+
116
+ expect(res.status).toBe(200)
117
+ expect(res.body).toEqual({
118
+ licenseKey: "*",
119
+ })
120
+ })
121
+
56
122
  it("returns 200 + license key", async () => {
57
123
  licensing.keys.getLicenseKey.mockResolvedValue("licenseKey")
58
124
  const res = await config.api.license.getLicenseKey()
@@ -120,4 +186,70 @@ describe("/api/global/license", () => {
120
186
  })
121
187
  })
122
188
  })
189
+
190
+ describe("authorisation", () => {
191
+ it.each([
192
+ [
193
+ "GET /api/global/license/key",
194
+ () => config.api.license.getLicenseKey(),
195
+ { message: "Admin/Builder user only endpoint.", status: 403 },
196
+ ],
197
+ [
198
+ "POST /api/global/license/refresh",
199
+ () => config.api.license.refresh(),
200
+ config.adminOnlyResponse(),
201
+ ],
202
+ [
203
+ "GET /api/global/install",
204
+ () => config.api.license.getInstallInfo(),
205
+ config.adminOnlyResponse(),
206
+ ],
207
+ [
208
+ "POST /api/global/license/key",
209
+ () =>
210
+ config.api.license.activateLicenseKey({
211
+ licenseKey: "licenseKey",
212
+ }),
213
+ config.adminOnlyResponse(),
214
+ ],
215
+ [
216
+ "DELETE /api/global/license/key",
217
+ () => config.api.license.deleteLicenseKey(),
218
+ config.adminOnlyResponse(),
219
+ ],
220
+ [
221
+ "POST /api/global/license/offline",
222
+ () =>
223
+ config.api.license.activateOfflineLicense({
224
+ offlineLicenseToken: "offlineLicenseToken",
225
+ }),
226
+ config.adminOnlyResponse(),
227
+ ],
228
+ [
229
+ "GET /api/global/license/offline",
230
+ () => config.api.license.getOfflineLicense(),
231
+ config.adminOnlyResponse(),
232
+ ],
233
+ [
234
+ "DELETE /api/global/license/offline",
235
+ () => config.api.license.deleteOfflineLicense(),
236
+ config.adminOnlyResponse(),
237
+ ],
238
+ [
239
+ "GET /api/global/license/offline/identifier",
240
+ () => config.api.license.getOfflineLicenseIdentifier(),
241
+ config.adminOnlyResponse(),
242
+ ],
243
+ ])(
244
+ "returns 403 for non-admin access to %s",
245
+ async (_path, request, expectedBody) => {
246
+ const user = await createNonAdminUser()
247
+
248
+ const res = await config.withUser(user, () => request())
249
+
250
+ expect(res.status).toBe(403)
251
+ expect(res.body).toEqual(expectedBody)
252
+ }
253
+ )
254
+ })
123
255
  })
package/src/tests/api/license.ts CHANGED
@@ -10,12 +10,17 @@ export class LicenseAPI extends TestAPI {
10
10
  .post("/api/global/license/refresh")
11
11
  .set(this.config.defaultHeaders())
12
12
  }
13
- getUsage = async () => {
13
+ getUsage = async (status = 200) => {
14
14
  return this.request
15
15
  .get("/api/global/license/usage")
16
16
  .set(this.config.defaultHeaders())
17
17
  .expect("Content-Type", /json/)
18
- .expect(200)
18
+ .expect(status)
19
+ }
20
+ getInstallInfo = async () => {
21
+ return this.request
22
+ .get("/api/global/install")
23
+ .set(this.config.defaultHeaders())
19
24
  }
20
25
  activateLicenseKey = async (body: ActivateLicenseKeyRequest) => {
21
26
  return this.request