npm - @intranefr/superbackend - Versions diffs - 1.5.2 → 1.6.3 - Mend

@intranefr/superbackend 1.5.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/cookies.txt +6 -0
package/cookies1.txt +6 -0
package/cookies2.txt +6 -0
package/cookies3.txt +6 -0
package/cookies4.txt +5 -0
package/cookies_old.txt +5 -0
package/cookies_old_test.txt +6 -0
package/cookies_super.txt +5 -0
package/cookies_super_test.txt +6 -0
package/cookies_test.txt +6 -0
package/index.js +9 -0
package/manage.js +745 -0
package/package.json +6 -2
package/plugins/core-waiting-list-migration/README.md +118 -0
package/plugins/core-waiting-list-migration/index.js +438 -0
package/plugins/global-settings-presets/index.js +20 -0
package/plugins/hello-cli/index.js +17 -0
package/plugins/ui-components-seeder/components/suiAlert.js +212 -0
package/plugins/ui-components-seeder/components/suiToast.js +186 -0
package/plugins/ui-components-seeder/index.js +31 -0
package/public/js/admin-ui-components-preview.js +281 -0
package/public/js/admin-ui-components.js +408 -0
package/public/js/llm-provider-model-picker.js +193 -0
package/public/test-iframe-fix.html +63 -0
package/public/test-iframe.html +14 -0
package/src/admin/endpointRegistry.js +68 -0
package/src/controllers/admin.controller.js +36 -10
package/src/controllers/adminAgents.controller.js +37 -0
package/src/controllers/adminDataCleanup.controller.js +45 -0
package/src/controllers/adminLlm.controller.js +19 -8
package/src/controllers/adminLogin.controller.js +269 -0
package/src/controllers/adminMarkdowns.controller.js +157 -0
package/src/controllers/adminPlugins.controller.js +55 -0
package/src/controllers/adminRegistry.controller.js +106 -0
package/src/controllers/adminScripts.controller.js +138 -0
package/src/controllers/adminStats.controller.js +4 -4
package/src/controllers/adminTelegram.controller.js +72 -0
package/src/controllers/markdowns.controller.js +42 -0
package/src/controllers/registry.controller.js +32 -0
package/src/controllers/waitingList.controller.js +52 -74
package/src/helpers/mongooseHelper.js +6 -6
package/src/helpers/scriptBase.js +2 -2
package/src/middleware/auth.js +71 -1
package/src/middleware/rbac.js +62 -0
package/src/middleware.js +584 -176
package/src/models/Agent.js +105 -0
package/src/models/AgentMessage.js +82 -0
package/src/models/GlobalSetting.js +11 -1
package/src/models/Markdown.js +75 -0
package/src/models/ScriptRun.js +8 -0
package/src/models/TelegramBot.js +42 -0
package/src/models/UiComponent.js +2 -0
package/src/models/User.js +1 -1
package/src/routes/admin.routes.js +3 -3
package/src/routes/adminAgents.routes.js +13 -0
package/src/routes/adminAssets.routes.js +11 -11
package/src/routes/adminBlog.routes.js +2 -2
package/src/routes/adminBlogAi.routes.js +2 -2
package/src/routes/adminBlogAutomation.routes.js +2 -2
package/src/routes/adminCache.routes.js +2 -2
package/src/routes/adminConsoleManager.routes.js +2 -2
package/src/routes/adminCrons.routes.js +2 -2
package/src/routes/adminDataCleanup.routes.js +26 -0
package/src/routes/adminDbBrowser.routes.js +2 -2
package/src/routes/adminEjsVirtual.routes.js +2 -2
package/src/routes/adminFeatureFlags.routes.js +6 -6
package/src/routes/adminHeadless.routes.js +2 -2
package/src/routes/adminHealthChecks.routes.js +2 -2
package/src/routes/adminI18n.routes.js +2 -2
package/src/routes/adminJsonConfigs.routes.js +8 -8
package/src/routes/adminLlm.routes.js +8 -7
package/src/routes/adminLogin.routes.js +23 -0
package/src/routes/adminMarkdowns.routes.js +10 -0
package/src/routes/adminMigration.routes.js +12 -12
package/src/routes/adminPages.routes.js +2 -2
package/src/routes/adminPlugins.routes.js +15 -0
package/src/routes/adminProxy.routes.js +2 -2
package/src/routes/adminRateLimits.routes.js +8 -8
package/src/routes/adminRbac.routes.js +2 -2
package/src/routes/adminRegistry.routes.js +24 -0
package/src/routes/adminScripts.routes.js +6 -3
package/src/routes/adminSeoConfig.routes.js +10 -10
package/src/routes/adminTelegram.routes.js +14 -0
package/src/routes/adminTerminals.routes.js +2 -2
package/src/routes/adminUiComponents.routes.js +2 -2
package/src/routes/adminUploadNamespaces.routes.js +7 -7
package/src/routes/blogInternal.routes.js +2 -2
package/src/routes/experiments.routes.js +2 -2
package/src/routes/formsAdmin.routes.js +6 -6
package/src/routes/globalSettings.routes.js +8 -8
package/src/routes/internalExperiments.routes.js +2 -2
package/src/routes/markdowns.routes.js +16 -0
package/src/routes/notificationAdmin.routes.js +7 -7
package/src/routes/orgAdmin.routes.js +16 -16
package/src/routes/pages.routes.js +3 -3
package/src/routes/registry.routes.js +11 -0
package/src/routes/stripeAdmin.routes.js +12 -12
package/src/routes/userAdmin.routes.js +7 -7
package/src/routes/waitingListAdmin.routes.js +2 -2
package/src/routes/workflows.routes.js +3 -3
package/src/services/agent.service.js +546 -0
package/src/services/agentHistory.service.js +345 -0
package/src/services/agentTools.service.js +578 -0
package/src/services/dataCleanup.service.js +286 -0
package/src/services/jsonConfigs.service.js +284 -10
package/src/services/llm.service.js +219 -6
package/src/services/markdowns.service.js +522 -0
package/src/services/plugins.service.js +348 -0
package/src/services/registry.service.js +452 -0
package/src/services/scriptsRunner.service.js +328 -37
package/src/services/telegram.service.js +130 -0
package/src/services/uiComponents.service.js +180 -0
package/src/services/waitingListJson.service.js +401 -0
package/src/utils/rbac/rightsRegistry.js +118 -0
package/test-access.js +63 -0
package/test-iframe-fix.html +63 -0
package/test-iframe.html +14 -0
package/views/admin-403.ejs +92 -0
package/views/admin-agents.ejs +273 -0
package/views/admin-coolify-deploy.ejs +8 -8
package/views/admin-dashboard-home.ejs +52 -2
package/views/admin-dashboard.ejs +179 -7
package/views/admin-data-cleanup.ejs +357 -0
package/views/admin-experiments.ejs +1 -1
package/views/admin-login.ejs +286 -0
package/views/admin-markdowns.ejs +905 -0
package/views/admin-plugins-system.ejs +223 -0
package/views/admin-scripts.ejs +221 -4
package/views/admin-telegram.ejs +269 -0
package/views/admin-ui-components.ejs +82 -402
package/views/admin-users.ejs +207 -11
package/views/partials/dashboard/nav-items.ejs +5 -0
package/views/partials/llm-provider-model-picker.ejs +0 -161
package/analysis-only.skill +0 -0

package/src/controllers/waitingList.controller.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const WaitingList = require('../models/WaitingList');
+const waitingListService = require('../services/waitingListJson.service');
 const { validateEmail, sanitizeString } = require('../utils/validation');
 // Subscribe to waiting list
@@ -31,36 +31,51 @@ exports.subscribe = async (req, res) => {
       });
     }
-    // Check if email already exists
-    const existingEntry = await WaitingList.findOne({ email: sanitizedEmail.toLowerCase() });
-    if (existingEntry) {
-      return res.status(409).json({
-        error: 'This email is already on our waiting list',
-        field: 'email'
+    // Check if email already exists and create new entry using JSON Configs service
+    try {
+      const waitingListEntry = await waitingListService.addWaitingListEntry({
+        email: sanitizedEmail.toLowerCase(),
+        type: sanitizedType.trim(),
+        referralSource: sanitizeString(referralSource) || 'website'
       });
-    }
-    // Create new waiting list entry
-    const waitingListEntry = new WaitingList({
-      email: sanitizedEmail.toLowerCase(),
-      type: sanitizedType.trim(),
-      referralSource: sanitizeString(referralSource) || 'website'
-    });
-    await waitingListEntry.save();
+      // Return success response without sensitive data
+      const response = { ...waitingListEntry };
+      delete response.email; // Don't return email in response for privacy
-    // Return success response without sensitive data
-    const response = waitingListEntry.toJSON();
-    delete response.email; // Don't return email in response for privacy
-    res.status(201).json({
-      message: 'Successfully joined the waiting list!',
-      data: response
-    });
+      res.status(201).json({
+        message: 'Successfully joined the waiting list!',
+        data: response
+      });
+    } catch (serviceError) {
+      // Handle validation and duplicate errors from service
+      if (serviceError.code === 'VALIDATION') {
+        return res.status(400).json({
+          error: serviceError.message,
+          field: 'general'
+        });
+      }
+      if (serviceError.code === 'DUPLICATE_EMAIL' || serviceError.code === 'DUPLICATE' || serviceError.message.includes('already exists')) {
+        return res.status(409).json({
+          error: 'This email is already on our waiting list',
+          field: 'email'
+        });
+      }
+      if (serviceError.code === 'INITIALIZATION_FAILED') {
+        return res.status(500).json({
+          error: 'Service temporarily unavailable - please try again',
+          field: 'general'
+        });
+      }
+      throw serviceError; // Re-throw for general error handling
+    }
   } catch (error) {
     console.error('Waiting list subscription error:', error);
-    // Handle specific MongoDB errors
+    // Handle specific errors
     if (error.code === 11000) {
       return res.status(409).json({
         error: 'This email is already on our waiting list',
@@ -86,35 +101,10 @@ exports.subscribe = async (req, res) => {
 // Get waiting list stats (public)
 exports.getStats = async (req, res) => {
   try {
-    const totalSubscribers = await WaitingList.countDocuments({ status: 'active' });
-    const typeAgg = await WaitingList.aggregate([
-      { $match: { status: 'active' } },
-      { $group: { _id: '$type', count: { $sum: 1 } } },
-      { $sort: { count: -1, _id: 1 } },
-    ]);
-    const typeCounts = (typeAgg || []).reduce((acc, row) => {
-      if (!row?._id) return acc;
-      acc[String(row._id)] = row.count || 0;
-      return acc;
-    }, {});
-    // Backward compatibility fields (legacy UI/tests)
-    const buyerCount = (typeCounts.buyer || 0) + (typeCounts.both || 0);
-    const sellerCount = (typeCounts.seller || 0) + (typeCounts.both || 0);
-    // Add some mock growth data for demonstration
-    const growthThisWeek = Math.floor(totalSubscribers * 0.05); // 5% growth
+    // Use JSON Configs service for cached statistics
+    const stats = await waitingListService.getWaitingListStats();
-    res.json({
-      totalSubscribers,
-      buyerCount,
-      sellerCount,
-      typeCounts,
-      growthThisWeek,
-      lastUpdated: new Date().toISOString()
-    });
+    res.json(stats);
   } catch (error) {
     console.error('Waiting list stats error:', error);
     res.status(500).json({
@@ -135,31 +125,19 @@ exports.adminList = async (req, res) => {
       offset = 0,
     } = req.query;
-    const query = {};
-    if (status) query.status = String(status);
-    if (type) query.type = String(type);
-    if (email) query.email = String(email).trim().toLowerCase();
     const parsedLimit = Math.min(500, Math.max(1, parseInt(limit, 10) || 50));
     const parsedOffset = Math.max(0, parseInt(offset, 10) || 0);
-    const entries = await WaitingList.find(query)
-      .sort({ createdAt: -1 })
-      .limit(parsedLimit)
-      .skip(parsedOffset)
-      .select('email type status referralSource createdAt updatedAt')
-      .lean();
-    const total = await WaitingList.countDocuments(query);
-    return res.json({
-      entries,
-      pagination: {
-        total,
-        limit: parsedLimit,
-        offset: parsedOffset,
-      },
+    // Use JSON Configs service for admin data with filtering and pagination
+    const result = await waitingListService.getWaitingListEntriesAdmin({
+      status,
+      type,
+      email,
+      limit: parsedLimit,
+      offset: parsedOffset
     });
+    return res.json(result);
   } catch (error) {
     console.error('Waiting list admin list error:', error);
     return res.status(500).json({ error: 'Failed to list entries' });

package/src/helpers/mongooseHelper.js CHANGED Viewed

@@ -83,7 +83,7 @@ class MongooseHelper {
       const uri = this.getMongoUri();
       const options = this.getConnectionOptions();
-      console.log(`[MongooseHelper] Connecting to MongoDB...`);
+      if (!process.env.TUI_MODE) console.log(`[MongooseHelper] Connecting to MongoDB...`);
       // Clear any existing connection
       if (mongoose.connection.readyState !== 0) {
@@ -94,7 +94,7 @@ class MongooseHelper {
       this.isConnected = true;
-      console.log(`[MongooseHelper] ✅ Connected to MongoDB`);
+      if (!process.env.TUI_MODE) console.log(`[MongooseHelper] ✅ Connected to MongoDB`);
       // Setup connection error handling
       mongoose.connection.on('error', (error) => {
@@ -104,13 +104,13 @@ class MongooseHelper {
       });
       mongoose.connection.on('disconnected', () => {
-        console.log('[MongooseHelper] Disconnected from MongoDB');
+        if (!process.env.TUI_MODE) console.log('[MongooseHelper] Disconnected from MongoDB');
         this.isConnected = false;
         this.connectionPromise = null;
       });
       mongoose.connection.on('reconnected', () => {
-        console.log('[MongooseHelper] Reconnected to MongoDB');
+        if (!process.env.TUI_MODE) console.log('[MongooseHelper] Reconnected to MongoDB');
         this.isConnected = true;
       });
@@ -136,7 +136,7 @@ class MongooseHelper {
     if (this.connectionCount <= 0) {
       try {
         await mongoose.disconnect();
-        console.log('[MongooseHelper] ✅ Disconnected from MongoDB');
+        if (!process.env.TUI_MODE) console.log('[MongooseHelper] ✅ Disconnected from MongoDB');
       } catch (error) {
         console.error('[MongooseHelper] Disconnect error:', error);
       } finally {
@@ -155,7 +155,7 @@ class MongooseHelper {
     try {
       if (mongoose.connection.readyState !== 0) {
         await mongoose.disconnect();
-        console.log('[MongooseHelper] ✅ Force disconnected from MongoDB');
+        if (!process.env.TUI_MODE) console.log('[MongooseHelper] ✅ Force disconnected from MongoDB');
       }
     } catch (error) {
       console.error('[MongooseHelper] Force disconnect error:', error);

package/src/helpers/scriptBase.js CHANGED Viewed

@@ -55,13 +55,13 @@ class ScriptBase {
     });
     try {
-      console.log(`[${this.name}] Starting script execution...`);
+      if (!process.env.TUI_MODE) console.log(`[${this.name}] Starting script execution...`);
       const executionPromise = this._executeWithConnection();
       const result = await Promise.race([executionPromise, timeoutPromise]);
       const duration = Date.now() - this.startTime;
-      console.log(`[${this.name}] ✅ Completed in ${duration}ms`);
+      if (!process.env.TUI_MODE) console.log(`[${this.name}] ✅ Completed in ${duration}ms`);
       return result;
     } catch (error) {

package/src/middleware/auth.js CHANGED Viewed

@@ -70,4 +70,74 @@ const requireAdmin = (req, res, next) => {
   next();
 };
-module.exports = { authenticate, basicAuth, requireAdmin };
+// Admin session authentication middleware - checks session for authenticated admin user
+const adminSessionAuth = (req, res, next) => {
+  // Check if session exists and user is authenticated
+  if (!req.session || !req.session.authenticated) {
+    // Store the originally requested URL for redirect after login
+    req.session = req.session || {};
+    req.session.returnTo = req.originalUrl;
+    // For API routes, return JSON error
+    if (req.xhr || req.headers.accept?.includes('application/json')) {
+      return res.status(401).json({
+        error: "Authentication required",
+        redirectTo: `${req.adminPath || '/admin'}/login`
+      });
+    }
+    // For web routes, redirect to login page
+    return res.redirect(`${req.adminPath || '/admin'}/login`);
+  }
+  // Verify session is still valid (check login time)
+  const loginTime = new Date(req.session.loginTime);
+  const now = new Date();
+  const sessionAge = (now - loginTime) / (1000 * 60 * 60); // hours
+  // Session expires after 24 hours
+  if (sessionAge > 24) {
+    req.session.destroy((err) => {
+      if (err) console.error('Error destroying expired session:', err);
+    });
+    if (req.xhr || req.headers.accept?.includes('application/json')) {
+      return res.status(401).json({
+        error: "Session expired",
+        redirectTo: `${req.adminPath || '/admin'}/login`
+      });
+    }
+    return res.redirect(`${req.adminPath || '/admin'}/login?error=Session expired`);
+  }
+  // Attach user info to request for consistency with other auth middleware
+  req.user = {
+    authenticated: true,
+    authType: req.session.authType,
+    role: req.session.role
+  };
+  if (req.session.authType === 'iam') {
+    req.user.id = req.session.userId;
+    req.user.email = req.session.email;
+    req.user.name = req.session.name;
+  } else {
+    req.user.username = req.session.username;
+  }
+  next();
+};
+// Admin authentication middleware that supports both session and basic auth
+const adminAuth = (req, res, next) => {
+  // First try session authentication
+  if (req.session && req.session.authenticated) {
+    return adminSessionAuth(req, res, next);
+  }
+  // Fallback to basic auth for backward compatibility
+  return basicAuth(req, res, next);
+};
+module.exports = { authenticate, basicAuth, requireAdmin, adminSessionAuth, adminAuth };

package/src/middleware/rbac.js CHANGED Viewed

@@ -56,7 +56,69 @@ function requireRight(requiredRight, options = {}) {
   };
 }
+/**
+ * Middleware for module-level access control in admin panel
+ * Checks specific permissions for admin modules like audit, users, etc.
+ */
+function requireModuleAccess(moduleId, action = 'read') {
+  return async (req, res, next) => {
+    try {
+      // Check for basic auth superadmin bypass
+      if (isBasicAuthSuperAdmin(req)) {
+        return next();
+      }
+      // Get user ID from session
+      const userId = req.session?.authData?.userId;
+      if (!userId) {
+        return res.redirect(`${req.adminPath || '/admin'}/login`);
+      }
+      // Check RBAC permission for specific module
+      const hasAccess = await rbacService.checkRight({
+        userId,
+        orgId: null, // Global admin permissions
+        right: `admin_panel__${moduleId}:${action}`
+      });
+      if (!hasAccess.allowed) {
+        // For API routes, return JSON error
+        if (req.path.startsWith('/api/')) {
+          return res.status(403).json({
+            error: 'Access denied',
+            reason: hasAccess.reason,
+            required: `admin_panel__${moduleId}:${action}`,
+            moduleId,
+            action
+          });
+        }
+        // For page routes, render 403 page
+        return res.status(403).render('admin-403', {
+          moduleId,
+          action,
+          required: `admin_panel__${moduleId}:${action}`,
+          reason: hasAccess.reason,
+          user: req.session.authData,
+          adminPath: req.adminPath || '/admin'
+        });
+      }
+      next();
+    } catch (error) {
+      console.error('Module access check error:', error);
+      if (req.path.startsWith('/api/')) {
+        return res.status(500).json({ error: 'Access check failed' });
+      } else {
+        return res.status(500).send('Access check failed');
+      }
+    }
+  };
+}
 module.exports = {
   requireRight,
+  requireModuleAccess,
   isBasicAuthSuperAdmin,
 };