@frangoteam/fuxa-min 1.2.3 → 1.2.5

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019-2021 frangoteam 4frango@gmail.com
+Copyright (c) 2019-2025 frangoteam info@frangoteam.org
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -4,7 +4,7 @@ FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. With F
 
 ![fuxa editor](/screenshot/fuxa-editor.png) 
 
-![fuxa ani](/screenshot/fuxa-ani.gif)
+![fuxa ani](/screenshot/fuxa-thinglinks.gif)
 
 ![fuxa action](/screenshot/feature-action-move.gif)
 
@@ -20,6 +20,7 @@ Here is a [live demo](https://frangoteam.github.io) example of FUXA editor.
 FUXA is developed with NodeJS (backend) and Angular (frontend).
 
 **WARNING** You need to have installed [Node](https://nodejs.org/en/about/previous-releases) Version 14 || 16 || 18
+If you don't intend communicate with Siemens PLCs via S7 (node-snap7 library) you can install from [NPM @frangoteam/fuxa-min](https://www.npmjs.com/package/@frangoteam/fuxa-min)
 
 Install from [NPM](https://www.npmjs.com/package/@frangoteam/fuxa)
 ```

package/api/command/index.js

@@ -71,8 +71,8 @@ module.exports = {
             const permission = checkGroupsFnc(req);
             if (res.statusCode === 403) {
                 runtime.logger.error("api get getTagValue: Tocken Expired");
-            } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+            } else if (!authJwt.haveAdminPermission(permission) && !runtime.scriptsMgr.isAuthorisedByScriptName(req.query.sourceScriptName, permission)) {
+                res.status(400).json({error:"unauthorized_error", message: "Unauthorized!"});
                 runtime.logger.error("api get getTagValue: Unauthorized");
             } else {
                 try {

package/api/index.js

@@ -134,6 +134,11 @@ function init(_server, _runtime) {
                     } else {
                         res.end();
                     }
+                } else if (req.userId === 'guest') {
+                    res.status(200).json({
+                        message: 'guest',
+                        token: authJwt.getGuestToken()
+                    });
                 } else {
                     res.end();
                 }

package/api/jwt-helper.js

@@ -20,7 +20,7 @@ function init(_secureEnabled, _secretCode, _tokenExpires) {
 
 /**
  * Verify token
- * @param {*} token 
+ * @param {*} token
  */
 function verify (token) {
     return new Promise ((resolve, reject) => {
@@ -31,29 +31,28 @@ function verify (token) {
             } else {
                 resolve(true);
             }
-        });    
+        });
     });
 }
 
 /**
  * Verify WebAPI token (take from header)
- * @param {*} req 
+ * @param {*} req
  * @param {*} res
  * @param {*} next
  */
 function verifyToken (req, res, next) {
     let token = req.headers['x-access-token'];
 
+    if (!token) {
+        token = getGuestToken();
+    }
+
     if (token) {
         jwt.verify(token, secretCode, (err, decoded) => {
             if (err) {
-                req.userId = null;
-                req.userGroups = null;
-                if (err.name === 'TokenExpiredError' || err.name === 'JsonWebTokenError') {
-                    req.tokenExpired = true;
-                    res.status(403).json({error:"unauthorized_error", message: "Token Expired!"});
-                }
-                next();
+                req.userId = "guest";
+                req.userGroups = ["guest"];
             } else {
                 req.userId = decoded.id;
                 req.userGroups = decoded.groups;
@@ -63,8 +62,8 @@ function verifyToken (req, res, next) {
                         res.status(403).json({ error: "unauthorized_error", message: "User Profile Corrupted!" });
                     }
                 }
-                next();
             }
+            next();
         });
     } else {
         // notice that no token was provided...}
@@ -84,13 +83,24 @@ function getNewToken(headers) {
             id: authUser.user,
             groups: authUser.groups
         },
-        secretCode, { 
-            expiresIn: tokenExpiresIn 
+        secretCode, {
+            expiresIn: tokenExpiresIn
         });
     }
     return null;
 }
 
+function getGuestToken() {
+    const token = jwt.sign({
+            id: "guest",
+            groups: ["guest"]
+        },
+        secretCode, {
+            expiresIn: tokenExpiresIn
+        });
+    return token;
+}
+
 function haveAdminPermission(permission) {
     if (permission === null || permission === undefined) {
         return false;
@@ -110,6 +120,7 @@ module.exports = {
     verify: verify,
     verifyToken: verifyToken,
     getNewToken: getNewToken,
+    getGuestToken: getGuestToken,
     get secretCode() { return secretCode },
     get tokenExpiresIn() { return tokenExpiresIn },
     haveAdminPermission: haveAdminPermission,

package/api/projects/index.js

@@ -29,7 +29,7 @@ module.exports = {
 
         /**
          * GET Project data
-         * Take from project storage and reply 
+         * Take from project storage and reply
          */
         prjApp.get("/api/project", secureFnc, function(req, res) {
             const permission = checkGroupsFnc(req);
@@ -113,7 +113,7 @@ module.exports = {
 
         /**
          * GET Project demo data
-         * Take the project demo file from server folder 
+         * Take the project demo file from server folder
          */
         prjApp.get("/api/projectdemo", secureFnc, function (req, res) {
             const data = runtime.project.getProjectDemo();
@@ -129,7 +129,7 @@ module.exports = {
 
         /**
          * GET Device property like security
-         * Take from project storage and reply 
+         * Take from project storage and reply
          */
         prjApp.get("/api/device", secureFnc, function(req, res) {
             const permission = checkGroupsFnc(req);
@@ -181,7 +181,7 @@ module.exports = {
                         res.status(400).json({error:"unexpected_error", message: err});
                         runtime.logger.error("api post device: " + err);
                     }
-                });                
+                });
             }
         });
 
@@ -198,20 +198,25 @@ module.exports = {
                 // let basedata = file.data.replace(/^data:.*,/, '');
                 // let basedata = file.data.replace(/^data:image\/png;base64,/, "");
                 let fileName = file.name.replace(new RegExp('../', 'g'), '');
+                let fullPath = file.fullPath || file.name;
+                fullPath = fullPath.replace(/(\.\.[/\\])/g, '');
+                fullPath = path.normalize(fullPath).replace(/^(\.\.[/\\])+/, '');
+
                 if (file.type !== 'svg') {
                     basedata = file.data.replace(/^data:.*,/, '');
                     encoding = {encoding: 'base64'};
                 }
-                var filePath = path.join(runtime.settings.uploadFileDir, fileName);
+                var filePath = path.join(runtime.settings.uploadFileDir, fullPath || fileName);
                 if (destination) {
                     const destinationDir = path.resolve(runtime.settings.appDir, `_${destination}`);
-                    if (!fs.existsSync(destinationDir)) {
-                        fs.mkdirSync(destinationDir);
+                    filePath = path.join(destinationDir, fullPath || fileName);
+                    const dir = path.dirname(filePath);
+                    if (!fs.existsSync(dir)) {
+                        fs.mkdirSync(dir, { recursive: true });
                     }
-                    filePath = path.join(destinationDir, fileName);
                 }
                 fs.writeFileSync(filePath, basedata, encoding);
-                let result = {'location': '/' + runtime.settings.httpUploadFileStatic + '/' + fileName };
+                let result = {'location': '/' + runtime.settings.httpUploadFileStatic + '/' + fullPath || fileName };
                 res.json(result);
             } catch (err) {
                 if (err && err.code) {

package/api/resources/index.js

@@ -120,7 +120,7 @@ module.exports = {
                         var wwwSubDir =  path.join('_widgets', resourcesDirs[i]);
                         var files =  getFiles(dirPath, ['.svg']);
                         for (var x = 0; x < files.length; x++) {
-                            var filename = files[x].replace(/\.[^\/.]+$/, '');
+                            var filename = files[x];
                             group.items.push({ path:  path.join(wwwSubDir, files[x]).split(path.sep).join(path.posix.sep), name: filename });
                         }
                         result.groups.push(group);
@@ -137,6 +137,51 @@ module.exports = {
             }
         });
 
+        /**
+         * POST Remove Server widget item
+         */
+        resourcesApp.post('/api/resources/removeWidget', secureFnc, function (req, res) {
+            const permission = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api resources/removeWidget: Tocken Expired");
+            } else if (!authJwt.haveAdminPermission(permission)) {
+                runtime.logger.error("api resources/removeWidget: Unauthorized!");
+                return res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+            }
+            try {
+                const relPath = req.body?.path;
+                if (!relPath || typeof relPath !== 'string') {
+                    return res.status(400).json({ error: "invalid_path", message: "Missing or invalid widget path." });
+                }
+                const basePath = path.resolve(runtime.settings.appDir);
+                const fullPath = path.resolve(basePath, relPath);
+
+                if (!fullPath.startsWith(basePath)) {
+                    runtime.logger.error("api resources/widgets: security_violation " + fullPath);
+                    return res.status(403).json({ error: 'security_violation', message: 'Invalid path' });
+                }
+
+                if (!fs.existsSync(fullPath)) {
+                    return res.status(404).json({ error: "not_found", message: "Widget file not found." });
+                }
+
+                try {
+                    fs.unlinkSync(fullPath);
+                    res.json({ success: true, path: relPath });
+                } catch (err) {
+                    runtime.logger.error("api removeWidget: " + err.message);
+                    res.status(500).json({ error: "delete_failed", message: err.message });
+                }
+            } catch (err) {
+                if (err.code) {
+                    res.status(400).json({ error: err.code, message: err.message });
+                } else {
+                    res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                }
+                runtime.logger.error("api resources/removeWidget: " + err.message);
+            }
+        });
+
         return resourcesApp;
     }
 }

package/api/scripts/index.js

@@ -36,11 +36,11 @@ module.exports = {
                 runtime.logger.error("api post runscript: Tocken Expired");
                 //runtime.settings.secureEnabled
             } else if (!runtime.scriptsMgr.isAuthorised(req.body.params.script, permission)) {
-                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                res.status(400).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api post runscript: Unauthorized");
             } else {
                 //req.body.params.script.parameters.permission = groups;
-                runtime.scriptsMgr.runScript(req.body.params.script).then(function (result) {
+                runtime.scriptsMgr.runScript(req.body.params.script, req.body.params.toLogEvent).then(function (result) {
                     res.json(result);
                 }).catch(function (err) {
                     if (err.code) {
@@ -62,7 +62,7 @@ module.exports = {
             if (res.statusCode === 403) {
                 runtime.logger.error("api post runSysFunction: Tocken Expired");
             } else if (authJwt.adminGroups.indexOf(groups) === -1 ) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(400).json({error:"unauthorized_error", message: "Unauthorized!"});
                 runtime.logger.error("api post runSysFunction: Unauthorized");
             } else {
                 try {

package/dist/3rdpartylicenses.txt

@@ -815,6 +815,36 @@ indexof
 isarray
 MIT
 
+leaflet
+BSD-2-Clause
+BSD 2-Clause License
+
+Copyright (c) 2010-2023, Volodymyr Agafonkin
+Copyright (c) 2010-2011, CloudMade
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
 lodash-es
 MIT
 Copyright OpenJS Foundation and other contributors <https://openjsf.org/>

package/dist/assets/i18n/de.json

@@ -326,7 +326,7 @@
     "graph.property-datalabels-show": "Anzeigen",
     "graph.property-datalabels-fontsize": "Schriftgröße",
     "graph.property-datalabels-align": "Ausrichten",
-    
+
     "graph.rangetype-last1h": "Letzte Stunde",
     "graph.rangetype-last1d": "Letzter Tag",
     "graph.rangetype-last3d": "Letzte 3 Tage",
@@ -353,7 +353,7 @@
     "table.property-row-height": "Höhe",
     "table.property-row-background": "Hintergrund",
     "table.property-row-color": "Farbe",
-    "table.property-row-fontSize": "Schriftgröße",    
+    "table.property-row-fontSize": "Schriftgröße",
     "table.property-layout": "Layout",
     "table.property-filter": "Filter",
     "table.property-paginator": "Paginator",
@@ -806,7 +806,7 @@
     "device.topic-name-exist": "Der Topic-Name '{{value}}' existiert bereits",
     "device.topic-subs-address-exist": "Das zu abonnierende Topic mit der Adresse '{{value}}' existiert bereits",
     "device.topic-pubs-address-exist": "Das zu veröffentlichende Thema mit der Adresse '{{value}}' existiert bereits",
-    
+
     "device.property-mqtt-address": "Adresse (mqtt://[Server]:[Port])",
     "device.tag-property-title": "Tag-Eigenschaft",
     "device.browsetag-property-title": "Tags im Server durchsuchen",
@@ -823,8 +823,8 @@
     "device.tag-property-obj-name": "Name",
     "device.tag-property-path": "Pfad",
     "device.tag-property-unit": "Einheit",
-    "device.tag-property-digits": "Dezimal",    
-    "device.tag-property-initvalue": "Initialwert",    
+    "device.tag-property-digits": "Dezimal",
+    "device.tag-property-initvalue": "Initialwert",
     "device.tag-array-id": "Array-ID:",
     "device.tag-array-value": "Wert:",
     "device-tag-dialog-title": "Tag-Auswahl",
@@ -843,7 +843,7 @@
     "device.tag-raw-high": "Raw High",
     "device.tag-scaled-low": "Skaliert niedrig",
     "device.tag-scaled-high": "Skaliert hoch",
-    
+
     "device.connect-ok": "Ok",
     "device.connect-error": "Fehler",
     "device.connect-failed": "Fehlgeschlagen",
@@ -1120,7 +1120,7 @@
     "report.item-interval-min10": "10 Minuten",
     "report.item-interval-min30": "30 Minuten",
     "report.item-interval-hour": "1 Stunde",
-    "report.item-interval-day": "1 Tag",    
+    "report.item-interval-day": "1 Tag",
     "report.item-function-type": "Funktionstyp",
     "report.item-function-min": "Min",
     "report.item-function-max": "Max",
@@ -1162,6 +1162,11 @@
     "texts.list-group": "Gruppe",
     "texts.list-value": "Text",
 
+    "text.settings-title": "Text",
+    "text.settings-id": "ID",
+    "text.settings-group": "Group",
+    "text.settings-value": "Text",
+
     "gui.range-number-min": "Min",
     "gui.range-number-max": "Max",
     "gui.range-number-boolean": "Maskenwert",
@@ -1171,11 +1176,6 @@
 
     "dlg.bitmask-title": "Bitmaske",
 
-    "dlg.textproperty-title": "Text",
-    "dlg.textproperty-id": "ID",
-    "dlg.textproperty-group": "Gruppe",
-    "dlg.textproperty-value": "Text",
-
     "dlg.plugins-title": "Plugins",
     "dlg.plugins-name": "Name",
     "dlg.plugins-version": "Version",