@frangoteam/fuxa-min 1.2.4 → 1.2.5

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019-2021 frangoteam 4frango@gmail.com
+Copyright (c) 2019-2025 frangoteam info@frangoteam.org
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/api/command/index.js

@@ -71,8 +71,8 @@ module.exports = {
             const permission = checkGroupsFnc(req);
             if (res.statusCode === 403) {
                 runtime.logger.error("api get getTagValue: Tocken Expired");
-            } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+            } else if (!authJwt.haveAdminPermission(permission) && !runtime.scriptsMgr.isAuthorisedByScriptName(req.query.sourceScriptName, permission)) {
+                res.status(400).json({error:"unauthorized_error", message: "Unauthorized!"});
                 runtime.logger.error("api get getTagValue: Unauthorized");
             } else {
                 try {

package/api/index.js

@@ -134,6 +134,11 @@ function init(_server, _runtime) {
                     } else {
                         res.end();
                     }
+                } else if (req.userId === 'guest') {
+                    res.status(200).json({
+                        message: 'guest',
+                        token: authJwt.getGuestToken()
+                    });
                 } else {
                     res.end();
                 }

package/api/jwt-helper.js

@@ -20,7 +20,7 @@ function init(_secureEnabled, _secretCode, _tokenExpires) {
 
 /**
  * Verify token
- * @param {*} token 
+ * @param {*} token
  */
 function verify (token) {
     return new Promise ((resolve, reject) => {
@@ -31,29 +31,28 @@ function verify (token) {
             } else {
                 resolve(true);
             }
-        });    
+        });
     });
 }
 
 /**
  * Verify WebAPI token (take from header)
- * @param {*} req 
+ * @param {*} req
  * @param {*} res
  * @param {*} next
  */
 function verifyToken (req, res, next) {
     let token = req.headers['x-access-token'];
 
+    if (!token) {
+        token = getGuestToken();
+    }
+
     if (token) {
         jwt.verify(token, secretCode, (err, decoded) => {
             if (err) {
-                req.userId = null;
-                req.userGroups = null;
-                if (err.name === 'TokenExpiredError' || err.name === 'JsonWebTokenError') {
-                    req.tokenExpired = true;
-                    res.status(403).json({error:"unauthorized_error", message: "Token Expired!"});
-                }
-                next();
+                req.userId = "guest";
+                req.userGroups = ["guest"];
             } else {
                 req.userId = decoded.id;
                 req.userGroups = decoded.groups;
@@ -63,8 +62,8 @@ function verifyToken (req, res, next) {
                         res.status(403).json({ error: "unauthorized_error", message: "User Profile Corrupted!" });
                     }
                 }
-                next();
             }
+            next();
         });
     } else {
         // notice that no token was provided...}
@@ -84,13 +83,24 @@ function getNewToken(headers) {
             id: authUser.user,
             groups: authUser.groups
         },
-        secretCode, { 
-            expiresIn: tokenExpiresIn 
+        secretCode, {
+            expiresIn: tokenExpiresIn
         });
     }
     return null;
 }
 
+function getGuestToken() {
+    const token = jwt.sign({
+            id: "guest",
+            groups: ["guest"]
+        },
+        secretCode, {
+            expiresIn: tokenExpiresIn
+        });
+    return token;
+}
+
 function haveAdminPermission(permission) {
     if (permission === null || permission === undefined) {
         return false;
@@ -110,6 +120,7 @@ module.exports = {
     verify: verify,
     verifyToken: verifyToken,
     getNewToken: getNewToken,
+    getGuestToken: getGuestToken,
     get secretCode() { return secretCode },
     get tokenExpiresIn() { return tokenExpiresIn },
     haveAdminPermission: haveAdminPermission,

package/api/projects/index.js

@@ -29,7 +29,7 @@ module.exports = {
 
         /**
          * GET Project data
-         * Take from project storage and reply 
+         * Take from project storage and reply
          */
         prjApp.get("/api/project", secureFnc, function(req, res) {
             const permission = checkGroupsFnc(req);
@@ -113,7 +113,7 @@ module.exports = {
 
         /**
          * GET Project demo data
-         * Take the project demo file from server folder 
+         * Take the project demo file from server folder
          */
         prjApp.get("/api/projectdemo", secureFnc, function (req, res) {
             const data = runtime.project.getProjectDemo();
@@ -129,7 +129,7 @@ module.exports = {
 
         /**
          * GET Device property like security
-         * Take from project storage and reply 
+         * Take from project storage and reply
          */
         prjApp.get("/api/device", secureFnc, function(req, res) {
             const permission = checkGroupsFnc(req);
@@ -181,7 +181,7 @@ module.exports = {
                         res.status(400).json({error:"unexpected_error", message: err});
                         runtime.logger.error("api post device: " + err);
                     }
-                });                
+                });
             }
         });
 
@@ -198,20 +198,25 @@ module.exports = {
                 // let basedata = file.data.replace(/^data:.*,/, '');
                 // let basedata = file.data.replace(/^data:image\/png;base64,/, "");
                 let fileName = file.name.replace(new RegExp('../', 'g'), '');
+                let fullPath = file.fullPath || file.name;
+                fullPath = fullPath.replace(/(\.\.[/\\])/g, '');
+                fullPath = path.normalize(fullPath).replace(/^(\.\.[/\\])+/, '');
+
                 if (file.type !== 'svg') {
                     basedata = file.data.replace(/^data:.*,/, '');
                     encoding = {encoding: 'base64'};
                 }
-                var filePath = path.join(runtime.settings.uploadFileDir, fileName);
+                var filePath = path.join(runtime.settings.uploadFileDir, fullPath || fileName);
                 if (destination) {
                     const destinationDir = path.resolve(runtime.settings.appDir, `_${destination}`);
-                    if (!fs.existsSync(destinationDir)) {
-                        fs.mkdirSync(destinationDir);
+                    filePath = path.join(destinationDir, fullPath || fileName);
+                    const dir = path.dirname(filePath);
+                    if (!fs.existsSync(dir)) {
+                        fs.mkdirSync(dir, { recursive: true });
                     }
-                    filePath = path.join(destinationDir, fileName);
                 }
                 fs.writeFileSync(filePath, basedata, encoding);
-                let result = {'location': '/' + runtime.settings.httpUploadFileStatic + '/' + fileName };
+                let result = {'location': '/' + runtime.settings.httpUploadFileStatic + '/' + fullPath || fileName };
                 res.json(result);
             } catch (err) {
                 if (err && err.code) {

package/api/resources/index.js

@@ -120,7 +120,7 @@ module.exports = {
                         var wwwSubDir =  path.join('_widgets', resourcesDirs[i]);
                         var files =  getFiles(dirPath, ['.svg']);
                         for (var x = 0; x < files.length; x++) {
-                            var filename = files[x].replace(/\.[^\/.]+$/, '');
+                            var filename = files[x];
                             group.items.push({ path:  path.join(wwwSubDir, files[x]).split(path.sep).join(path.posix.sep), name: filename });
                         }
                         result.groups.push(group);
@@ -137,6 +137,51 @@ module.exports = {
             }
         });
 
+        /**
+         * POST Remove Server widget item
+         */
+        resourcesApp.post('/api/resources/removeWidget', secureFnc, function (req, res) {
+            const permission = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api resources/removeWidget: Tocken Expired");
+            } else if (!authJwt.haveAdminPermission(permission)) {
+                runtime.logger.error("api resources/removeWidget: Unauthorized!");
+                return res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+            }
+            try {
+                const relPath = req.body?.path;
+                if (!relPath || typeof relPath !== 'string') {
+                    return res.status(400).json({ error: "invalid_path", message: "Missing or invalid widget path." });
+                }
+                const basePath = path.resolve(runtime.settings.appDir);
+                const fullPath = path.resolve(basePath, relPath);
+
+                if (!fullPath.startsWith(basePath)) {
+                    runtime.logger.error("api resources/widgets: security_violation " + fullPath);
+                    return res.status(403).json({ error: 'security_violation', message: 'Invalid path' });
+                }
+
+                if (!fs.existsSync(fullPath)) {
+                    return res.status(404).json({ error: "not_found", message: "Widget file not found." });
+                }
+
+                try {
+                    fs.unlinkSync(fullPath);
+                    res.json({ success: true, path: relPath });
+                } catch (err) {
+                    runtime.logger.error("api removeWidget: " + err.message);
+                    res.status(500).json({ error: "delete_failed", message: err.message });
+                }
+            } catch (err) {
+                if (err.code) {
+                    res.status(400).json({ error: err.code, message: err.message });
+                } else {
+                    res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                }
+                runtime.logger.error("api resources/removeWidget: " + err.message);
+            }
+        });
+
         return resourcesApp;
     }
 }

package/api/scripts/index.js

@@ -36,11 +36,11 @@ module.exports = {
                 runtime.logger.error("api post runscript: Tocken Expired");
                 //runtime.settings.secureEnabled
             } else if (!runtime.scriptsMgr.isAuthorised(req.body.params.script, permission)) {
-                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                res.status(400).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api post runscript: Unauthorized");
             } else {
                 //req.body.params.script.parameters.permission = groups;
-                runtime.scriptsMgr.runScript(req.body.params.script).then(function (result) {
+                runtime.scriptsMgr.runScript(req.body.params.script, req.body.params.toLogEvent).then(function (result) {
                     res.json(result);
                 }).catch(function (err) {
                     if (err.code) {
@@ -62,7 +62,7 @@ module.exports = {
             if (res.statusCode === 403) {
                 runtime.logger.error("api post runSysFunction: Tocken Expired");
             } else if (authJwt.adminGroups.indexOf(groups) === -1 ) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(400).json({error:"unauthorized_error", message: "Unauthorized!"});
                 runtime.logger.error("api post runSysFunction: Unauthorized");
             } else {
                 try {

package/dist/assets/i18n/de.json

@@ -326,7 +326,7 @@
     "graph.property-datalabels-show": "Anzeigen",
     "graph.property-datalabels-fontsize": "Schriftgröße",
     "graph.property-datalabels-align": "Ausrichten",
-    
+
     "graph.rangetype-last1h": "Letzte Stunde",
     "graph.rangetype-last1d": "Letzter Tag",
     "graph.rangetype-last3d": "Letzte 3 Tage",
@@ -353,7 +353,7 @@
     "table.property-row-height": "Höhe",
     "table.property-row-background": "Hintergrund",
     "table.property-row-color": "Farbe",
-    "table.property-row-fontSize": "Schriftgröße",    
+    "table.property-row-fontSize": "Schriftgröße",
     "table.property-layout": "Layout",
     "table.property-filter": "Filter",
     "table.property-paginator": "Paginator",
@@ -806,7 +806,7 @@
     "device.topic-name-exist": "Der Topic-Name '{{value}}' existiert bereits",
     "device.topic-subs-address-exist": "Das zu abonnierende Topic mit der Adresse '{{value}}' existiert bereits",
     "device.topic-pubs-address-exist": "Das zu veröffentlichende Thema mit der Adresse '{{value}}' existiert bereits",
-    
+
     "device.property-mqtt-address": "Adresse (mqtt://[Server]:[Port])",
     "device.tag-property-title": "Tag-Eigenschaft",
     "device.browsetag-property-title": "Tags im Server durchsuchen",
@@ -823,8 +823,8 @@
     "device.tag-property-obj-name": "Name",
     "device.tag-property-path": "Pfad",
     "device.tag-property-unit": "Einheit",
-    "device.tag-property-digits": "Dezimal",    
-    "device.tag-property-initvalue": "Initialwert",    
+    "device.tag-property-digits": "Dezimal",
+    "device.tag-property-initvalue": "Initialwert",
     "device.tag-array-id": "Array-ID:",
     "device.tag-array-value": "Wert:",
     "device-tag-dialog-title": "Tag-Auswahl",
@@ -843,7 +843,7 @@
     "device.tag-raw-high": "Raw High",
     "device.tag-scaled-low": "Skaliert niedrig",
     "device.tag-scaled-high": "Skaliert hoch",
-    
+
     "device.connect-ok": "Ok",
     "device.connect-error": "Fehler",
     "device.connect-failed": "Fehlgeschlagen",
@@ -1120,7 +1120,7 @@
     "report.item-interval-min10": "10 Minuten",
     "report.item-interval-min30": "30 Minuten",
     "report.item-interval-hour": "1 Stunde",
-    "report.item-interval-day": "1 Tag",    
+    "report.item-interval-day": "1 Tag",
     "report.item-function-type": "Funktionstyp",
     "report.item-function-min": "Min",
     "report.item-function-max": "Max",
@@ -1162,6 +1162,11 @@
     "texts.list-group": "Gruppe",
     "texts.list-value": "Text",
 
+    "text.settings-title": "Text",
+    "text.settings-id": "ID",
+    "text.settings-group": "Group",
+    "text.settings-value": "Text",
+
     "gui.range-number-min": "Min",
     "gui.range-number-max": "Max",
     "gui.range-number-boolean": "Maskenwert",
@@ -1171,11 +1176,6 @@
 
     "dlg.bitmask-title": "Bitmaske",
 
-    "dlg.textproperty-title": "Text",
-    "dlg.textproperty-id": "ID",
-    "dlg.textproperty-group": "Gruppe",
-    "dlg.textproperty-value": "Text",
-
     "dlg.plugins-title": "Plugins",
     "dlg.plugins-name": "Name",
     "dlg.plugins-version": "Version",

package/dist/assets/i18n/en.json

@@ -66,6 +66,7 @@
     "dlg.layout-lbl-margin-right": "Margin right",
     "dlg.layout-lbl-login-info": "Login info",
     "dlg.layout-lbl-custom-styles": "Custom styles",
+    "dlg.layout-lbl-show-language": "Show language",
 
     "dlg.menuitem-title": "Menu Item",
     "dlg.menuitem-image": "[My Image...]",
@@ -137,6 +138,7 @@
     "dlg.userproperty-groups": "Authorization Groups",
     "dlg.userproperty-roles": "Authorization Roles",
     "dlg.useraccess-groups": "Authorization (void = full for everyone)",
+    "dlg.userproperty-language": "Language",
     "dlg.userproperty-start": "Start View",
 
     "dlg.gauge-permission-title": "Authorization",
@@ -217,6 +219,11 @@
     "item.logininfo-type-fullname": "Full name",
     "item.logininfo-type-both": "Username & Full name",
 
+    "item.language-show-mode-nothing": "Hide",
+    "item.language-show-mode-simple": "Show",
+    "item.language-show-mode-key": "Show with Key",
+    "item.language-show-mode-fullname": "Show with Full name",
+
     "item.zoommode-disabled": "Disabled",
     "item.zoommode-enabled": "Manually",
     "item.zoommode-autoresize": "Auto-resize",
@@ -283,6 +290,7 @@
     "chart.property-date-last-range": "Date range",
     "chart.property-refresh-interval": "Refresh interval (min.)",
     "chart.property-hide-toolbar": "Hide toolbar",
+    "chart.property-thouch-zoom": "Thouch Zoom",
     "chart.property-load-old-values": "Load history",
     "chart.property-date.format": "Date format",
     "chart.property-time.format": "Time format",
@@ -634,6 +642,8 @@
     "editor.transform-change-image-title": "NOTE: This image cannot be embedded. It will depend on this path to be displayed",
     "editor.transform-angle": "angle",
     "editor.transform-angle-title": "Change rotation angle",
+    "editor.transform-hide": "Hide",
+    "editor.transform-lock": "Lock",
 
     "editor.align": "Align",
     "editor.align-left-title": "Align Left",
@@ -845,6 +855,7 @@
     "device.list-remove-all": "Remove all Tags",
     "device.list-options": "Tag options",
     "device.list-clipboard": "Copy Tag object to clipboard",
+    "device.list-direction": "Direction",
 
     "devices.export": "Export Devices",
     "devices.export-json": "JSON",
@@ -970,6 +981,11 @@
     "device.tag-property-digits": "Decimal",
     "device.tag-property-initvalue": "Init value",
     "device.tag-property-description": "Description",
+    "device.tag-property-direction": "Direction",
+    "device.tag-property-edge": "Edge",
+    "device.tag-property-gpio": "GPIO Number",
+
+
     "device.tag-array-id": "Array ID:",
     "device.tag-array-value": "Value:",
     "device-tag-dialog-title": "Tag Selection",
@@ -1126,6 +1142,7 @@
     "gauges.property-tag-label": "Tag",
     "gauges.property-tag-internal-title": "Set placeholder of Destination (or Tag of internal device)",
     "gauges.property-input-range": "Allowed input range",
+    "gauges.property-language-text": "Text or @TextID",
 
     "bag.property-ticks": "Ticks",
     "bag.property-divisions": "Divisions",
@@ -1348,6 +1365,11 @@
     "script.template-chart-data-tooltip": "Code template of customized chart data to return",
     "script.template-invoke-chart-update-options-text": "Update Chart options",
     "script.template-invoke-chart-update-options-tooltip": "Code template to update Chart options (Y-axis scale range). CLIENT mode only!",
+    "script.template-getHistoricalTagsoptions-text": "Get Historical Tags values",
+    "script.template-getHistoricalTagsoptions-tooltip": "Code template to get Historical Tags values.",
+
+    "client.script-access-title": "Client Scripts access",
+    "client.script-access-info": "Configure access to system functions from the frontend (e.g. widgets) via window.fuxaScriptAPI.",
 
     "reports.list-title": "Reports settings",
     "reports.list-name": "Name",
@@ -1467,12 +1489,29 @@
     "resource.list-title-fonts": "Fonts list",
     "resources.lib-widgets": "Widgets",
 
-    "texts.list-title": "Texts settings",
+    "widgets.kiosk-title": "Widgets Kiosk",
+    "widget.remove": "Remove Widget",
+
+    "texts.list-title": "Language settings",
     "texts.list-filter": "Filter",
     "texts.list-filter-group": "Group",
     "texts.list-id": "ID",
     "texts.list-group": "Group",
-    "texts.list-value": "Text",
+    "texts.list-value": "Text (default)",
+    "texts.list-add-text": "Add Text",
+    "texts.list-edit-language": "Edit Language",
+    "language.settings-title": "Language settings",
+    "language.settings-add-tooltip": "Add Language",
+    "language.settings-id": "Key",
+    "language.settings-default-id": "Key (default)",
+    "language.settings-id-placeholder": "ex: EN",
+    "language.settings-name": "Name",
+    "language.settings-default-name": "Name (default)",
+    "language.settings-name-placeholder": "ex: English",
+    "text.settings-title": "Text",
+    "text.settings-id": "Name (Allowed letters and numbers, no spaces)",
+    "text.settings-group": "Group",
+    "text.settings-value": "Text (default)",
 
     "gui.range-number-min": "Min",
     "gui.range-number-max": "Max",
@@ -1483,11 +1522,6 @@
 
     "dlg.bitmask-title": "Bitmask",
 
-    "dlg.textproperty-title": "Text",
-    "dlg.textproperty-id": "ID",
-    "dlg.textproperty-group": "Group",
-    "dlg.textproperty-value": "Text",
-
     "dlg.plugins-title": "Server Plugins",
     "dlg.plugins-info": "Not installed plugins can be installed in the server manually: 'npm install [package name]@[version]'",
     "dlg.plugins-type": "Type",
@@ -1519,11 +1553,13 @@
     "dlg.setup-scripts": "Scripts",
     "dlg.setup-reports": "Reports",
     "dlg.setup-settings": "Settings",
+    "dlg.setup-client-access": "Frontend Scripts",
     "dlg.setup-logs": "Logs",
     "dlg.setup-notifications": "Notifications",
     "dlg.setup-events": "Events",
     "dlg.setup-resources": "Resources",
     "dlg.setup-fonts": "Fonts",
+    "dlg.setup-language": "Language",
     "dlg.app-settings-title": "Settings",
     "dlg.app-settings-system": "System",
     "dlg.app-settings-smtp": "SMTP",
@@ -1541,6 +1577,7 @@
     "dlg.app-language-ua": "Ukrainian",
     "dlg.app-language-zh-cn": "Chinese",
     "dlg.app-language-pt": "Portuguese",
+	"dlg.app-language-sv": "Swedish",
     "dlg.app-language-tr": "Turkish",
     "dlg.app-language-ko": "Korean",
     "dlg.app-language-es": "Spanish",
@@ -1645,6 +1682,7 @@
     "msg.device-tags-request-result": "Load {{value}} of {{current}}",
     "msg.chart-with-script": "The defined script receives the list of chart lines as a parameter and then returns the completed list with the data. Code sample in script 'Templates'",
     "msg.script-name-exist": "Script name exist!",
+    "msg.invalid-script-name": "Invalid script name!",
     "msg.templates-exist-ask-overwrite": "The template with name '{{value}}' already exist. Do you want to overwrite it?",
     "msg.templates-save-success": "Template save successful!",
     "msg.view-name-exist": "View name exist!",
@@ -1652,5 +1690,8 @@
     "msg.file-remove": "Would you like to remove '{{value}}'?",
     "msg.notification-remove": "Would you like to remove Notification '{{value}}'?",
     "msg.maps-location-remove": "Would you like to remove Maps Location '{{value}}'?",
-    "msg.maps-location-name-exist": "The Maps Location name already exist!"
+    "msg.maps-location-name-exist": "The Maps Location name already exist!",
+    "msg.text-name-exist": "Text name already exist!",
+    "msg.texts-text-remove": "Would you like to remove Text '{{value}}'?",
+    "msg.operation-unauthorized": "Operation Unauthorized!"
 }