@intranefr/superbackend 1.5.1 → 1.5.2

package/src/services/scriptsRunner.service.js

@@ -1,11 +1,76 @@
 const { EventEmitter } = require('events');
 const { spawn } = require('child_process');
 const { NodeVM } = require('vm2');
+const mongoose = require('mongoose');
 
 const ScriptRun = require('../models/ScriptRun');
+const { mongooseHelper } = require('../helpers/mongooseHelper');
 
 const MAX_TAIL_BYTES = 64 * 1024;
 
+ function isTruthyEnv(v) {
+   const s = String(v || '').trim().toLowerCase();
+   return s === '1' || s === 'true' || s === 'yes' || s === 'y' || s === 'on';
+ }
+
+ function shouldAutoWrapAsyncScripts() {
+   if (process.env.SCRIPT_AUTO_ASYNC_WRAP === undefined) return true;
+   return isTruthyEnv(process.env.SCRIPT_AUTO_ASYNC_WRAP);
+ }
+
+ function detectTopLevelAwait(code) {
+   const s = String(code || '');
+   if (!/\bawait\b/.test(s)) return false;
+   if (/^\s*\(\s*async\s*\(/.test(s)) return false;
+   if (/^\s*async\s+function\b/.test(s)) return false;
+   if (/\bmodule\.exports\b/.test(s) || /\bexports\./.test(s)) return false;
+   return true;
+ }
+
+ function wrapInAsyncIife(code) {
+   const body = String(code || '');
+   return [
+     '(async () => {',
+     body,
+     '})().catch((err) => {',
+     '  try { console.error(err && err.stack ? err.stack : err); } catch {}',
+     '});',
+     '',
+   ].join('\n');
+ }
+
+ function prepareVmCodeForExecution(code) {
+   const raw = String(code || '');
+   if (!shouldAutoWrapAsyncScripts()) return { code: raw, wrapped: false };
+   if (!detectTopLevelAwait(raw)) return { code: raw, wrapped: false };
+   return { code: wrapInAsyncIife(raw), wrapped: true };
+ }
+
+ function buildAwaitSyntaxHelpMessage() {
+   return [
+     'Your script uses `await` at top-level.',
+     'Wrap it in an async IIFE, or rely on auto-wrapping:',
+     '',
+     '(async () => {',
+     '  const count = await countCollectionDocuments("users");',
+     '  console.log("count:", count);',
+     '})();',
+     '',
+   ].join('\n');
+ }
+
+// Helper function to decode script content
+function decodeScriptContent(script, format) {
+  if (format === 'base64') {
+    try {
+      return Buffer.from(script, 'base64').toString('utf8');
+    } catch (err) {
+      throw new Error('Failed to decode base64 script content');
+    }
+  }
+  return script;
+}
+
 function nowIso() {
   return new Date().toISOString();
 }
@@ -114,24 +179,16 @@ async function startRun(scriptDef, options) {
           runId: runDoc._id,
           bus,
           command: 'bash',
-          args: ['-lc', scriptDef.script],
+          args: ['-lc', decodeScriptContent(scriptDef.script, scriptDef.scriptFormat)],
           env,
           cwd,
           timeoutMs,
         });
       } else if (scriptDef.type === 'node') {
         if (scriptDef.runner === 'vm2') {
-          exitCode = await runVm2({ runId: runDoc._id, bus, code: scriptDef.script, timeoutMs });
+          exitCode = await runVm2({ runId: runDoc._id, bus, code: decodeScriptContent(scriptDef.script, scriptDef.scriptFormat), timeoutMs });
         } else if (scriptDef.runner === 'host') {
-          exitCode = await runSpawned({
-            runId: runDoc._id,
-            bus,
-            command: 'node',
-            args: ['-e', scriptDef.script],
-            env,
-            cwd,
-            timeoutMs,
-          });
+          exitCode = await runHostWithDatabase({ runId: runDoc._id, bus, code: decodeScriptContent(scriptDef.script, scriptDef.scriptFormat), env, cwd, timeoutMs });
         } else {
           throw Object.assign(new Error('Invalid runner for node script'), { code: 'VALIDATION' });
         }
@@ -213,6 +270,144 @@ async function runSpawned({ runId, bus, command, args, env, cwd, timeoutMs }) {
   });
 }
 
+async function runHostWithDatabase({ runId, bus, code, env, cwd, timeoutMs }) {
+  let tail = '';
+
+  function pushLog(stream, line) {
+    const s = String(line || '');
+    tail = appendTail(tail, s);
+    bus.push({ type: 'log', ts: nowIso(), stream, line: s });
+    return ScriptRun.updateOne({ _id: runId }, { $set: { outputTail: tail } });
+  }
+
+  try {
+    // Use existing app connection if available, otherwise create new one
+    if (mongoose.connection.readyState !== 1) {
+      await pushLog('stdout', 'No existing connection found, establishing new connection...\n');
+      await mongooseHelper.connect();
+      
+      // Wait for connection to be fully ready
+      await mongooseHelper.waitForConnection(5000);
+    } else {
+      await pushLog('stdout', 'Using existing app database connection\n');
+    }
+    
+    // Validate connection is ready
+    if (mongoose.connection.readyState !== 1) {
+      throw new Error('Database connection is not ready');
+    }
+    
+    const prepared = prepareVmCodeForExecution(code);
+    if (prepared.wrapped) {
+      await pushLog('stdout', 'Auto-wrapping script in async function (detected top-level await)\n');
+    }
+
+    // Create a VM with database context
+    const vm = new NodeVM({
+      console: 'inherit',
+      sandbox: {
+        // Expose pre-connected mongoose instance
+        mongoose: mongoose,
+        db: mongoose.connection.db,
+        
+        // Expose helper functions
+        countCollectionDocuments: async (collectionName, query = {}) => {
+          try {
+            // Ensure connection is still valid
+            if (mongoose.connection.readyState !== 1) {
+              throw new Error('Database connection lost during operation');
+            }
+            
+            const db = mongoose.connection.db;
+            if (!db) {
+              throw new Error('Database instance not available');
+            }
+            
+            const collection = db.collection(collectionName);
+            const count = await collection.countDocuments(query);
+            return count;
+          } catch (error) {
+            throw new Error(`Failed to count documents in ${collectionName}: ${error.message}`);
+          }
+        },
+        
+        // Expose connection status helper
+        getConnectionStatus: () => {
+          const readyStateMap = {
+            0: 'disconnected',
+            1: 'connected',
+            2: 'connecting',
+            3: 'disconnecting'
+          };
+          
+          return {
+            readyState: mongoose.connection.readyState,
+            readyStateText: readyStateMap[mongoose.connection.readyState] || 'unknown',
+            host: mongoose.connection.host,
+            name: mongoose.connection.name,
+            hasActiveConnection: mongoose.connection.readyState === 1
+          };
+        },
+        
+        // Expose models if available
+        models: mongoose.models || {},
+        
+        // Global objects
+        JSON,
+        Date,
+        Math,
+        parseInt,
+        parseFloat,
+        String,
+        Number,
+        Object,
+        Array,
+        
+        // Process environment
+        process: {
+          env: { ...process.env, ...env }
+        }
+      },
+      require: {
+        external: false,
+        builtin: ['util', 'path', 'os'], // Allow some basic built-ins
+      },
+      timeout: timeoutMs,
+      eval: false,
+      wasm: false,
+    });
+
+    // Set up console redirection
+    vm.on('console.log', (...args) => {
+      pushLog('stdout', args.map((a) => (typeof a === 'string' ? a : JSON.stringify(a))).join(' ') + '\n');
+    });
+    vm.on('console.error', (...args) => {
+      pushLog('stderr', args.map((a) => (typeof a === 'string' ? a : JSON.stringify(a))).join(' ') + '\n');
+    });
+
+    // Run the script code with better error handling
+    try {
+      vm.run(prepared.code, 'script.host.js');
+    } catch (vmError) {
+      const baseMsg = vmError?.message || 'Unknown VM error';
+      const help = baseMsg.includes('await is only valid in async functions') ? `\n\n${buildAwaitSyntaxHelpMessage()}` : '';
+      const errorMsg = `VM execution error: ${baseMsg}${help}`;
+      await pushLog('stderr', errorMsg + '\n');
+      return 1;
+    }
+    
+    return 0;
+    
+  } catch (err) {
+    const msg = err?.message || 'Host script error';
+    await pushLog('stderr', msg + '\n');
+    return 1;
+  } finally {
+    // Don't disconnect here - let mongooseHelper manage connection pooling
+    // The connection will be cleaned up when the helper decides
+  }
+}
+
 async function runVm2({ runId, bus, code, timeoutMs }) {
   let tail = '';
 
@@ -243,11 +438,16 @@ async function runVm2({ runId, bus, code, timeoutMs }) {
   });
 
   try {
-    vm.run(code, 'script.vm2.js');
+    const prepared = prepareVmCodeForExecution(code);
+    if (prepared.wrapped) {
+      await pushLog('stdout', 'Auto-wrapping script in async function (detected top-level await)\n');
+    }
+    vm.run(prepared.code, 'script.vm2.js');
     return 0;
   } catch (err) {
-    const msg = err?.message || 'vm2 error';
-    await pushLog('stderr', msg + '\n');
+    const baseMsg = err?.message || 'vm2 error';
+    const help = baseMsg.includes('await is only valid in async functions') ? `\n\n${buildAwaitSyntaxHelpMessage()}` : '';
+    await pushLog('stderr', baseMsg + help + '\n');
     return 1;
   }
 }

package/src/utils/rbac/rightsRegistry.js

@@ -6,6 +6,10 @@ const DEFAULT_RIGHTS = [
   'rbac:grants:read',
   'rbac:grants:write',
   'rbac:test',
+  'experiments:*',
+  'experiments:read',
+  'experiments:events:write',
+  'experiments:admin',
   'file_manager:*',
   'file_manager:access',
   'file_manager:drives:read',

package/views/admin-dashboard.ejs

@@ -222,6 +222,10 @@
                 const paletteQuery = ref('');
                 const paletteCursor = ref(0);
                 const paletteInput = ref(null);
+                
+                // Toggle safeguards and debugging
+                let toggleTimeout = null;
+                let lastToggleTime = 0;
 
                 // Flattened modules for search
                 const allModules = computed(() => {
@@ -285,19 +289,34 @@
                 };
 
                 // Palette methods
-                const togglePalette = () => {
+                const togglePalette = (source = 'unknown') => {
+                    // Prevent rapid successive toggles
+                    const now = Date.now();
+                    if (now - lastToggleTime < 100) {
+                        return;
+                    }
+                    lastToggleTime = now;
+                    
+                    clearTimeout(toggleTimeout);
+                    
                     showPalette.value = !showPalette.value;
                     if (showPalette.value) {
                         paletteQuery.value = '';
                         paletteCursor.value = 0;
-                        nextTick(() => {
-                            if (paletteInput.value) paletteInput.value.focus();
-                        });
+                        // Use setTimeout instead of nextTick for better timing
+                        toggleTimeout = setTimeout(() => {
+                            if (paletteInput.value) {
+                                paletteInput.value.focus();
+                            }
+                        }, 50);
                     }
                 };
 
-                const closePalette = () => {
-                    showPalette.value = false;
+                const closePalette = (source = 'unknown') => {
+                    if (showPalette.value) {
+                        showPalette.value = false;
+                        clearTimeout(toggleTimeout);
+                    }
                 };
 
                 const navigatePalette = (dir) => {
@@ -325,13 +344,14 @@
                 const handleKeydown = (e) => {
                     if ((e.ctrlKey || e.metaKey) && e.key === 'k') {
                         e.preventDefault();
-                        togglePalette();
+                        e.stopPropagation();
+                        togglePalette('keyboard-ctrl-k');
                     }
                 };
 
                 const handleMessage = (e) => {
                     if (e.data && e.data.type === 'keydown' && e.data.ctrlK) {
-                        togglePalette();
+                        togglePalette('iframe-message');
                     }
                 };
 

package/views/admin-experiments.ejs

@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Experiments</title>
+    <link rel="stylesheet" href="<%= baseUrl %><%= adminPath %>/assets/styles.css" />
+    <style>
+      body { font-family: system-ui, -apple-system, Segoe UI, Roboto, sans-serif; padding: 16px; }
+      .row { display: flex; gap: 12px; align-items: center; flex-wrap: wrap; }
+      input, select, button { padding: 8px 10px; }
+      table { width: 100%; border-collapse: collapse; margin-top: 12px; }
+      th, td { border-bottom: 1px solid #e5e7eb; padding: 10px; text-align: left; }
+      .muted { color: #6b7280; }
+      .pill { display: inline-block; padding: 2px 8px; border-radius: 999px; background: #f3f4f6; }
+    </style>
+  </head>
+  <body>
+    <h1>Experiments</h1>
+
+    <div class="row">
+      <label>
+        orgId
+        <input id="orgId" placeholder="(required for RBAC)" style="min-width: 320px" />
+      </label>
+      <button id="refresh">Refresh</button>
+      <span id="status" class="muted"></span>
+    </div>
+
+    <table>
+      <thead>
+        <tr>
+          <th>Code</th>
+          <th>Status</th>
+          <th>Org</th>
+          <th>Winner</th>
+          <th>Updated</th>
+        </tr>
+      </thead>
+      <tbody id="tbody"></tbody>
+    </table>
+
+    <script>
+      const statusEl = document.getElementById('status');
+      const tbody = document.getElementById('tbody');
+      const orgIdEl = document.getElementById('orgId');
+
+      function esc(s) {
+        return String(s ?? '').replace(/[&<>"']/g, (c) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c]));
+      }
+
+      async function load() {
+        const orgId = orgIdEl.value.trim();
+        statusEl.textContent = 'Loading...';
+        tbody.innerHTML = '';
+
+        const url = new URL('<%= baseUrl %>/api/admin/experiments', window.location.origin);
+        if (orgId) url.searchParams.set('orgId', orgId);
+
+        const res = await fetch(url.toString(), { headers: { 'Content-Type': 'application/json' } });
+        const json = await res.json().catch(() => ({}));
+
+        if (!res.ok) {
+          statusEl.textContent = `Error: ${json.error || res.status}`;
+          return;
+        }
+
+        const items = Array.isArray(json.items) ? json.items : [];
+        statusEl.textContent = `${items.length} experiments`;
+
+        tbody.innerHTML = items
+          .map((e) => {
+            const winner = e.winnerVariantKey ? esc(e.winnerVariantKey) : '<span class="muted">-</span>';
+            return `
+              <tr>
+                <td><span class="pill">${esc(e.code)}</span></td>
+                <td>${esc(e.status)}</td>
+                <td class="muted">${esc(e.organizationId || '')}</td>
+                <td>${winner}</td>
+                <td class="muted">${esc(e.updatedAt || '')}</td>
+              </tr>
+            `;
+          })
+          .join('');
+      }
+
+      document.getElementById('refresh').addEventListener('click', () => load());
+      load();
+    </script>
+  </body>
+</html>