@intranefr/superbackend 1.5.3 → 1.6.3

package/public/js/llm-provider-model-picker.js

@@ -0,0 +1,193 @@
+(function () {
+  // Only initialize if Vue has indicated it's ready (prevents premature execution in Vue contexts)
+  if (typeof window !== 'undefined' && window.__llmProviderModelPickerReady === true) {
+    initializeLlmProviderModelPicker();
+  } else if (typeof window !== 'undefined') {
+    // Queue initialization for when Vue indicates readiness
+    window.__llmProviderModelPickerQueue = window.__llmProviderModelPickerQueue || [];
+    window.__llmProviderModelPickerQueue.push(initializeLlmProviderModelPicker);
+  }
+
+  function initializeLlmProviderModelPicker() {
+    if (!window.__llmProviderModelPicker) {
+      window.__llmProviderModelPicker = { instances: {} };
+    }
+
+    function safeJsonParse(raw, fallback) {
+      try {
+        return JSON.parse(raw);
+      } catch (_) {
+        return fallback;
+      }
+    }
+
+    async function fetchJson(url) {
+      const res = await fetch(url);
+      const data = await res.json();
+      if (!res.ok) {
+        throw new Error(data?.error || 'Request failed');
+      }
+      return data;
+    }
+
+    function setDatalistOptions(datalistEl, items) {
+      datalistEl.innerHTML = '';
+      const uniq = Array.from(new Set((items || []).filter(Boolean)));
+      for (const item of uniq) {
+        const opt = document.createElement('option');
+        opt.value = String(item);
+        datalistEl.appendChild(opt);
+      }
+    }
+
+    function trim(v) {
+      return String(v || '').trim();
+    }
+
+    function isOpenRouterProvider({ providerKey, providerConfig }) {
+      const pk = String(providerKey || '').trim().toLowerCase();
+      if (pk === 'openrouter') return true;
+
+      const baseUrl = providerConfig && typeof providerConfig === 'object'
+        ? String(providerConfig.baseUrl || providerConfig.baseURL || '').trim().toLowerCase()
+        : '';
+
+      return Boolean(baseUrl && baseUrl.includes('openrouter'));
+    }
+
+    function getInstanceKey({ providerInputId, modelInputId }) {
+      return `${String(providerInputId || '').trim()}::${String(modelInputId || '').trim()}`;
+    }
+
+    function getOrCreateInstance(opts) {
+      const key = getInstanceKey(opts);
+      const existing = window.__llmProviderModelPicker.instances[key];
+      if (existing) {
+        console.log('[LLM Picker Debug] Using existing instance:', key, 'apiBase:', existing.apiBase);
+        return existing;
+      }
+
+      const apiBase = opts.apiBase !== undefined ? opts.apiBase : (window.__llmProviderModelPicker.defaultApiBase || null);
+      console.log('[LLM Picker Debug] Creating new instance:', key, 'opts.apiBase:', opts.apiBase, 'defaultApiBase:', window.__llmProviderModelPicker.defaultApiBase, 'final apiBase:', apiBase);
+      
+      const inst = {
+        apiBase: apiBase,
+        providerInputId: opts.providerInputId,
+        modelInputId: opts.modelInputId,
+        providers: {},
+        providerModels: {},
+      };
+
+      window.__llmProviderModelPicker.instances[key] = inst;
+      return inst;
+    }
+
+    async function loadConfig(inst) {
+      const url = `${inst.apiBase}/api/admin/llm/config`;
+      console.log('[LLM Picker Debug] loadConfig called with apiBase:', inst.apiBase, 'full URL:', url);
+      const data = await fetchJson(url);
+      inst.providers = data.providers || {};
+      inst.providerModels = data.providerModels || {};
+      return data;
+    }
+
+    function renderProviderOptions(inst) {
+      const providerInput = document.getElementById(inst.providerInputId);
+      const providerList = document.getElementById(`${inst.providerInputId}__datalist`);
+      if (!providerInput || !providerList) return;
+
+      const providerKeys = Object.keys(inst.providers || {}).sort();
+      setDatalistOptions(providerList, providerKeys);
+    }
+
+    function renderModelOptions(inst) {
+      const providerInput = document.getElementById(inst.providerInputId);
+      const modelList = document.getElementById(`${inst.modelInputId}__datalist`);
+      if (!providerInput || !modelList) return;
+
+      const providerKey = trim(providerInput.value);
+      const models = providerKey && inst.providerModels && typeof inst.providerModels === 'object'
+        ? inst.providerModels[providerKey]
+        : null;
+
+      setDatalistOptions(modelList, Array.isArray(models) ? models : []);
+    }
+
+    async function maybeAutoFetchOpenRouterModels(inst) {
+      try {
+        const providerInput = document.getElementById(inst.providerInputId);
+        if (!providerInput) return;
+
+        const providerKey = trim(providerInput.value);
+        const providerConfig = inst.providers && typeof inst.providers === 'object' ? inst.providers[providerKey] : null;
+        if (!isOpenRouterProvider({ providerKey, providerConfig })) return;
+
+        const existing = inst.providerModels && typeof inst.providerModels === 'object' ? inst.providerModels.openrouter : null;
+        if (Array.isArray(existing) && existing.length > 0) return;
+
+        await fetchOpenRouterModels({
+          apiBase: inst.apiBase,
+          providerInputId: inst.providerInputId,
+          modelInputId: inst.modelInputId,
+        });
+      } catch {
+        // ignore
+      }
+    }
+
+    async function fetchOpenRouterModels(opts) {
+      console.log('[LLM Picker Debug] fetchOpenRouterModels called with opts:', opts);
+      const inst = getOrCreateInstance(opts || {});
+      console.log('[LLM Picker Debug] fetchOpenRouterModels - inst.apiBase before update:', inst.apiBase);
+      inst.apiBase = (opts && opts.apiBase !== undefined) ? opts.apiBase : (inst.apiBase !== undefined ? inst.apiBase : (window.__llmProviderModelPicker.defaultApiBase || null));
+      console.log('[LLM Picker Debug] fetchOpenRouterModels - inst.apiBase after update:', inst.apiBase);
+      if (inst.apiBase == null) {
+        console.error('[LLM Picker] No apiBase available for fetchOpenRouterModels');
+        return;
+      }
+
+      const data = await fetchJson(`${inst.apiBase}/api/admin/llm/openrouter/models`);
+      const models = Array.isArray(data?.models) ? data.models : [];
+
+      inst.providerModels = inst.providerModels && typeof inst.providerModels === 'object' ? inst.providerModels : {};
+      inst.providerModels.openrouter = models;
+      renderModelOptions(inst);
+    }
+
+    async function init(opts) {
+      console.log('[LLM Picker Debug] init called with opts:', opts);
+      const inst = getOrCreateInstance(opts || {});
+
+      if (opts && opts.apiBase) {
+        console.log('[LLM Picker Debug] Setting apiBase to:', opts.apiBase);
+        window.__llmProviderModelPicker.defaultApiBase = opts.apiBase;
+        // Update apiBase for this instance and all existing instances
+        inst.apiBase = opts.apiBase;
+        // Update all existing instances to have the correct apiBase
+        Object.values(window.__llmProviderModelPicker.instances).forEach(existingInst => {
+          console.log('[LLM Picker Debug] Updating existing instance apiBase from', existingInst.apiBase, 'to', opts.apiBase);
+          existingInst.apiBase = opts.apiBase;
+        });
+      }
+
+      console.log('[LLM Picker Debug] About to call loadConfig, inst.apiBase:', inst.apiBase);
+      await loadConfig(inst);
+      renderProviderOptions(inst);
+      renderModelOptions(inst);
+      await maybeAutoFetchOpenRouterModels(inst);
+
+      const providerInput = document.getElementById(inst.providerInputId);
+      if (providerInput) {
+        providerInput.addEventListener('change', async () => {
+          renderModelOptions(inst);
+          await maybeAutoFetchOpenRouterModels(inst);
+        });
+        providerInput.addEventListener('input', () => renderModelOptions(inst));
+      }
+    }
+
+    window.__llmProviderModelPicker.init = init;
+    window.__llmProviderModelPicker.fetchOpenRouterModels = fetchOpenRouterModels;
+    window.__llmProviderModelPicker._util = { safeJsonParse };
+  }
+})();

package/public/test-iframe-fix.html

@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Iframe Fix Test</title>
+    <style>
+        body { font-family: Arial, sans-serif; padding: 20px; }
+        .test-container { margin: 20px 0; }
+        iframe { width: 100%; height: 400px; border: 2px solid #ccc; }
+        .success { color: green; font-weight: bold; }
+        .error { color: red; font-weight: bold; }
+    </style>
+</head>
+<body>
+    <h1>Iframe Authentication Fix Test</h1>
+    
+    <div class="test-container">
+        <h2>Test 1: Iframe with Token (Should Work)</h2>
+        <iframe src="/admin/stats/dashboard-home?iframe_token=authenticated"></iframe>
+        <p id="test1-result">Loading...</p>
+    </div>
+    
+    <div class="test-container">
+        <h2>Test 2: Iframe without Token (Should Redirect to Login)</h2>
+        <iframe src="/admin/stats/dashboard-home"></iframe>
+        <p id="test2-result">Loading...</p>
+    </div>
+
+    <script>
+        // Test if iframe loads correctly
+        setTimeout(() => {
+            const iframes = document.querySelectorAll('iframe');
+            
+            // Test 1 - should show Command Center
+            iframes[0].contentDocument && iframes[0].contentDocument.body) {
+                const content = iframes[0].contentDocument.body.innerText;
+                if (content.includes('Command Center')) {
+                    document.getElementById('test1-result').innerHTML = '<span class="success">✅ SUCCESS: Iframe with token loads correctly</span>';
+                } else if (content.includes('login') || content.includes('Login')) {
+                    document.getElementById('test1-result').innerHTML = '<span class="error">❌ FAILED: Iframe with token redirected to login</span>';
+                } else {
+                    document.getElementById('test1-result').innerHTML = '<span class="error">❌ UNKNOWN: Could not determine iframe content</span>';
+                }
+            } else {
+                document.getElementById('test1-result').innerHTML = '<span class="error">❌ FAILED: Could not access iframe content (cross-origin)</span>';
+            }
+            
+            // Test 2 - should redirect to login
+            if (iframes[1].contentDocument && iframes[1].contentDocument.body) {
+                const content = iframes[1].contentDocument.body.innerText;
+                if (content.includes('login') || content.includes('Login')) {
+                    document.getElementById('test2-result').innerHTML = '<span class="success">✅ SUCCESS: Iframe without token correctly redirects to login</span>';
+                } else if (content.includes('Command Center')) {
+                    document.getElementById('test2-result').innerHTML = '<span class="error">❌ FAILED: Iframe without token loaded content (security issue)</span>';
+                } else {
+                    document.getElementById('test2-result').innerHTML = '<span class="error">❌ UNKNOWN: Could not determine iframe content</span>';
+                }
+            } else {
+                document.getElementById('test2-result').innerHTML = '<span class="error">❌ FAILED: Could not access iframe content (cross-origin)</span>';
+            }
+        }, 3000);
+    </script>
+</body>
+</html>

package/public/test-iframe.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Iframe Test</title>
+</head>
+<body>
+    <h1>Iframe Test</h1>
+    <p>Testing iframe loading of admin dashboard content...</p>
+    
+    <iframe src="/admin/stats/dashboard-home" width="100%" height="500" style="border: 1px solid #ccc;"></iframe>
+    
+    <p>If you see the admin dashboard content above, iframes work. If you see a login page, there's a cookie/session issue.</p>
+</body>
+</html>

package/src/admin/endpointRegistry.js

@@ -415,6 +415,74 @@ const endpointRegistry = [
       },
     ],
   },
+  {
+    id: "open-registry",
+    title: "Open Registry",
+    endpoints: [
+      {
+        id: "registry-auth",
+        method: "GET",
+        path: "/registry/plugins/auth",
+        auth: "none|bearer",
+      },
+      {
+        id: "registry-list",
+        method: "GET",
+        path: "/registry/plugins/list?category=plugins&minimal=true",
+        auth: "none|bearer",
+      },
+      {
+        id: "admin-registries-list",
+        method: "GET",
+        path: "/api/admin/registries",
+        auth: "basic",
+      },
+      {
+        id: "admin-registries-create",
+        method: "POST",
+        path: "/api/admin/registries",
+        auth: "basic",
+        bodyExample: { id: "plugins", name: "Plugins Registry", public: true, categories: ["plugins"] },
+      },
+      {
+        id: "admin-registry-item-upsert",
+        method: "POST",
+        path: "/api/admin/registries/plugins/items",
+        auth: "basic",
+        bodyExample: { id: "hello-cli", name: "hello-cli", category: "plugins", version: 1, versions: [1], description: "Sample" },
+      },
+    ],
+  },
+  {
+    id: "plugins-system",
+    title: "Plugins System",
+    endpoints: [
+      {
+        id: "plugins-list",
+        method: "GET",
+        path: "/api/admin/plugins",
+        auth: "basic",
+      },
+      {
+        id: "plugins-enable",
+        method: "POST",
+        path: "/api/admin/plugins/:id/enable",
+        auth: "basic",
+      },
+      {
+        id: "plugins-disable",
+        method: "POST",
+        path: "/api/admin/plugins/:id/disable",
+        auth: "basic",
+      },
+      {
+        id: "plugins-install",
+        method: "POST",
+        path: "/api/admin/plugins/:id/install",
+        auth: "basic",
+      },
+    ],
+  },
 ];
 
 module.exports = endpointRegistry;

package/src/controllers/admin.controller.js

@@ -7,6 +7,8 @@ const Notification = require('../models/Notification');
 const Invite = require('../models/Invite');
 const EmailLog = require('../models/EmailLog');
 const FormSubmission = require('../models/FormSubmission');
+const RbacRole = require('../models/RbacRole');
+const RbacUserRole = require('../models/RbacUserRole');
 const asyncHandler = require('../utils/asyncHandler');
 const fs = require('fs');
 const path = require('path');
@@ -56,10 +58,6 @@ const registerUser = asyncHandler(async (req, res) => {
     return res.status(400).json({ error: 'Password must be at least 6 characters' });
   }
 
-  if (!['user', 'admin'].includes(role)) {
-    return res.status(400).json({ error: 'Role must be either "user" or "admin"' });
-  }
-
   const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
   if (!emailRegex.test(email)) {
     return res.status(400).json({ error: 'Invalid email format' });
@@ -76,11 +74,33 @@ const registerUser = asyncHandler(async (req, res) => {
     email: email.toLowerCase(),
     passwordHash: password, // Will be hashed by pre-save hook
     name: name || '',
-    role: role
+    role: role // Keep for backward compatibility
   });
 
   await user.save();
 
+  // Assign RBAC role if it's not 'user'
+  if (role !== 'user') {
+    try {
+      // Find the RBAC role
+      const rbacRole = await RbacRole.findOne({ key: role, status: 'active' });
+      if (rbacRole) {
+        // Create user-role assignment
+        const userRoleAssignment = new RbacUserRole({
+          userId: user._id,
+          roleId: rbacRole._id
+        });
+        await userRoleAssignment.save();
+        console.log(`Assigned RBAC role '${role}' to user ${user.email}`);
+      } else {
+        console.warn(`RBAC role '${role}' not found, user created without RBAC role assignment`);
+      }
+    } catch (error) {
+      console.error('Error assigning RBAC role:', error);
+      // Don't fail the user creation if RBAC assignment fails
+    }
+  }
+
   // Log the admin action
   console.log(`Admin registered new user: ${user.email} with role: ${user.role}`);
 

package/src/controllers/adminDataCleanup.controller.js

@@ -0,0 +1,45 @@
+const dataCleanup = require('../services/dataCleanup.service');
+
+exports.getOverview = async (req, res) => {
+  try {
+    const data = await dataCleanup.getOverviewStats();
+    return res.json(data);
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.dryRun = async (req, res) => {
+  try {
+    const out = await dataCleanup.dryRunCollectionCleanup(req.body || {});
+    return res.json(out);
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.execute = async (req, res) => {
+  try {
+    const out = await dataCleanup.executeCollectionCleanup(req.body || {});
+    return res.json(out);
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.inferFields = async (req, res) => {
+  try {
+    const { collection } = req.query;
+    if (!collection) {
+      return res.status(400).json({ error: 'collection query parameter is required' });
+    }
+    const fields = await dataCleanup.inferCollectionFields(collection);
+    return res.json({ fields });
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/adminLlm.controller.js

@@ -43,10 +43,6 @@ async function setStringSetting(key, value, description) {
     await existing.save();
     return existing;
   }
-  // Ensure we never create a document with an undefined value
-  if (stringValue === undefined) {
-    throw new Error(`Cannot save GlobalSetting with undefined value for key: ${key}`);
-  }
   const created = new GlobalSetting({
     key,
     value: stringValue,
@@ -79,10 +75,6 @@ async function setJsonSetting(key, value) {
     await existing.save();
     return existing;
   }
-  // Ensure we never create a document with an empty value
-  if (!stringValue) {
-    throw new Error(`Cannot save GlobalSetting with empty value for key: ${key}`);
-  }
   const created = new GlobalSetting({
     key,
     value: stringValue,