@intranefr/superbackend 1.6.5 → 1.6.7

package/src/middleware.js

@@ -26,7 +26,7 @@ const ejs = require("ejs");
 const session = require("express-session");
 const MongoStore = require("connect-mongo");
 const { adminSessionAuth } = require("./middleware/auth");
-const { requireModuleAccess } = require("./middleware/rbac");
+const { requireModuleAccess, isBasicAuthSuperAdmin } = require("./middleware/rbac");
 const endpointRegistry = require("./admin/endpointRegistry");
 const {
   createFeatureFlagsEjsMiddleware,
@@ -96,9 +96,16 @@ function createMiddleware(options = {}) {
   const router = express.Router();
   const adminPath = options.adminPath || "/admin";
   const pagesPrefix = options.pagesPrefix || "/";
+  const isJest = Boolean(process.env.JEST_WORKER_ID);
 
   const bootstrapPluginsRuntime = async () => {
     try {
+      if (options.plugins?.extraRoots) {
+        const roots = Array.isArray(options.plugins.extraRoots) ? options.plugins.extraRoots : [];
+        for (const root of roots) {
+          await pluginsService.loadAllPluginsFromFolder(root, { context: {} });
+        }
+      }
       const superbackend = globalThis.superbackend || globalThis.saasbackend || {};
       await pluginsService.bootstrap({
         context: {
@@ -203,6 +210,11 @@ function createMiddleware(options = {}) {
       attachExperimentsWebsocketServer,
     } = require("./services/experimentsWs.service");
     attachExperimentsWebsocketServer(server);
+
+    const {
+      attachSuperDemosWebsocketServer,
+    } = require("./services/superDemosWs.service");
+    attachSuperDemosWebsocketServer(server);
   };
 
   if (!errorCaptureInitialized) {
@@ -237,19 +249,19 @@ function createMiddleware(options = {}) {
         console.log("✅ Middleware: Connected to MongoDB");
         
         // Start cron scheduler after DB connection (only if enabled)
-        if (options.cron?.enabled !== false) {
+        if (!isJest && options.cron?.enabled !== false) {
           await cronScheduler.start();
           await healthChecksScheduler.start();
           await healthChecksBootstrap.bootstrap();
           await blogCronsBootstrap.bootstrap();
           await require("./services/experimentsCronsBootstrap.service").bootstrap();
         } else {
-          console.log("🔍 Cron scheduler disabled - cron.enabled:", options.cron?.enabled);
+          console.log("🔍 Cron scheduler disabled - cron.enabled:", options.cron?.enabled, isJest ? '(jest)' : '');
         }
         
         // Initialize Telegram bots (check telegram config)
         const telegramEnabled = options.telegram?.enabled !== false;
-        if (telegramEnabled) {
+        if (!isJest && telegramEnabled) {
           const telegramInitializer =
             (telegramService && typeof telegramService.initialize === "function"
               ? telegramService.initialize.bind(telegramService)
@@ -267,7 +279,9 @@ function createMiddleware(options = {}) {
           console.log("🔍 Telegram bots disabled - telegram.enabled:", options.telegram?.enabled);
         }
 
-        await bootstrapPluginsRuntime();
+        if (!isJest) {
+          await bootstrapPluginsRuntime();
+        }
 
         // Console manager is already initialized early in the middleware
         console.log("[Console Manager] MongoDB connection established");
@@ -381,7 +395,7 @@ function createMiddleware(options = {}) {
     console.log("✅ Middleware: Using existing MongoDB connection");
     
     // Start cron scheduler for existing connection (only if enabled)
-    if (options.cron?.enabled !== false) {
+    if (!isJest && options.cron?.enabled !== false) {
       cronScheduler.start().catch((err) => {
         console.error("Failed to start cron scheduler:", err);
       });
@@ -401,12 +415,12 @@ function createMiddleware(options = {}) {
           console.error("Failed to bootstrap experiments crons:", err);
         });
     } else {
-      console.log("🔍 Cron scheduler disabled - cron.enabled:", options.cron?.enabled, "(existing connection)");
+      console.log("🔍 Cron scheduler disabled - cron.enabled:", options.cron?.enabled, "(existing connection)", isJest ? '(jest)' : '');
     }
     
     // Initialize Telegram bots for existing connection (check telegram config)
     const telegramEnabled = options.telegram?.enabled !== false;
-    if (telegramEnabled) {
+    if (!isJest && telegramEnabled) {
       const telegramInitializer =
         (telegramService && typeof telegramService.initialize === "function"
           ? telegramService.initialize.bind(telegramService)
@@ -426,9 +440,11 @@ function createMiddleware(options = {}) {
       console.log("🔍 Telegram bots disabled - telegram.enabled:", options.telegram?.enabled, "(existing connection)");
     }
 
-    bootstrapPluginsRuntime().catch((err) => {
-      console.error("Failed to bootstrap plugins runtime (existing connection):", err);
-    });
+    if (!isJest) {
+      bootstrapPluginsRuntime().catch((err) => {
+        console.error("Failed to bootstrap plugins runtime (existing connection):", err);
+      });
+    }
     
     // Initialize console manager AFTER database is already connected
     if (process.env.NODE_ENV !== "test" && !process.env.JEST_WORKER_ID) {
@@ -524,6 +540,15 @@ function createMiddleware(options = {}) {
   }
 
   // Session middleware for admin authentication
+  const sessionMongoUrl = options.mongodbUri || process.env.MONGODB_URI || process.env.MONGO_URI;
+  const sessionStore = !isJest && sessionMongoUrl
+    ? MongoStore.create({
+      mongoUrl: sessionMongoUrl,
+      collectionName: 'admin_sessions',
+      ttl: 24 * 60 * 60 // 24 hours in seconds
+    })
+    : undefined;
+
   const sessionMiddleware = session({
     secret: process.env.SESSION_SECRET || 'superbackend-session-secret-fallback',
     resave: false,
@@ -534,11 +559,7 @@ function createMiddleware(options = {}) {
       maxAge: 24 * 60 * 60 * 1000, // 24 hours
       sameSite: 'lax'
     },
-    store: MongoStore.create({
-      mongoUrl: options.mongodbUri || process.env.MONGODB_URI,
-      collectionName: 'admin_sessions',
-      ttl: 24 * 60 * 60 // 24 hours in seconds
-    }),
+    store: sessionStore,
     name: 'superbackend.admin.session'
   });
 
@@ -852,7 +873,8 @@ router.get(`${adminPath}/stats/dashboard-home`, checkIframeAuth, (req, res) => {
             baseUrl: req.baseUrl,
             adminPath,
             endpointRegistry,
-            isIframe: req.isIframe || false
+            isIframe: req.isIframe || false,
+            serverPort: process.env.PORT || 3000
           },
           {
             filename: templatePath,
@@ -1104,6 +1126,10 @@ router.get(`${adminPath}/stats/dashboard-home`, checkIframeAuth, (req, res) => {
     "/api/admin/ui-components",
     require("./routes/adminUiComponents.routes"),
   );
+  router.use(
+    "/api/admin/superdemos",
+    require("./routes/adminSuperDemos.routes"),
+  );
   router.use("/api/admin/migration", require("./routes/adminMigration.routes"));
   router.use(
     "/api/admin/errors",
@@ -1145,6 +1171,7 @@ router.get(`${adminPath}/stats/dashboard-home`, checkIframeAuth, (req, res) => {
   router.use("/api/log", require("./routes/log.routes"));
   router.use("/api/error-tracking", require("./routes/errorTracking.routes"));
   router.use("/api/ui-components", require("./routes/uiComponentsPublic.routes"));
+  router.use("/api/superdemos", require("./routes/superDemos.routes"));
   router.use("/api/rbac", require("./routes/rbac.routes"));
   router.use("/registry", require("./routes/registry.routes"));
   router.use("/api/file-manager", require("./routes/fileManager.routes"));
@@ -1175,13 +1202,36 @@ router.get(`${adminPath}/stats/dashboard-home`, checkIframeAuth, (req, res) => {
   }, require("./routes/adminLogin.routes"));
 
   // Admin dashboard (redirect to login if not authenticated)
-  router.get(adminPath, adminSessionAuth, (req, res) => {
+  router.get(adminPath, adminSessionAuth, async (req, res) => {
     const templatePath = path.join(
       __dirname,
       "..",
       "views",
       "admin-dashboard.ejs",
     );
+    
+    // Get max tabs configuration
+    let maxTabs = 5; // default
+    try {
+      // Environment variable takes priority
+      if (process.env.ADMIN_MAX_TABS) {
+        const envValue = parseInt(process.env.ADMIN_MAX_TABS, 10);
+        if (!isNaN(envValue) && envValue > 0) {
+          maxTabs = envValue;
+        }
+      } else {
+        // Fallback to global settings
+        const settingValue = await globalSettingsService.getSettingValue("ADMIN_MAX_TABS", "5");
+        const parsedValue = parseInt(settingValue, 10);
+        if (!isNaN(parsedValue) && parsedValue > 0) {
+          maxTabs = parsedValue;
+        }
+      }
+    } catch (error) {
+      console.error("Error fetching max tabs configuration:", error);
+      // Use default value
+    }
+    
     fs.readFile(templatePath, "utf8", (err, template) => {
       if (err) {
         console.error("Error reading template:", err);
@@ -1190,7 +1240,12 @@ router.get(`${adminPath}/stats/dashboard-home`, checkIframeAuth, (req, res) => {
       try {
         const html = ejs.render(
           template,
-          { baseUrl: req.baseUrl, adminPath, isIframe: req.isIframe || false },
+          { 
+            baseUrl: req.baseUrl, 
+            adminPath, 
+            isIframe: req.isIframe || false,
+            maxTabs
+          },
           { filename: templatePath },
         );
         res.send(html);
@@ -1723,6 +1778,40 @@ router.get(`${adminPath}/file-manager`, requireModuleAccessWithIframe('file-mana
     });
   });
 
+  // Admin SuperDemos page
+  router.get(`${adminPath}/superdemos`, requireModuleAccessWithIframe('superdemos', 'read'), (req, res) => {
+    const templatePath = path.join(
+      __dirname,
+      "..",
+      "views",
+      "admin-superdemos.ejs",
+    );
+    fs.readFile(templatePath, "utf8", (err, template) => {
+      if (err) {
+        console.error("Error reading template:", err);
+        return res.status(500).send("Error loading page");
+      }
+      try {
+        const html = ejs.render(
+          template,
+          {
+            baseUrl: req.baseUrl || '',
+            adminPath,
+            endpointRegistry,
+            isIframe: req.isIframe || false,
+          },
+          {
+            filename: templatePath,
+          },
+        );
+        res.send(html);
+      } catch (renderErr) {
+        console.error("Error rendering template:", renderErr);
+        res.status(500).send("Error rendering page");
+      }
+    });
+  });
+
   // Admin JSON configs page (protected by basic auth)
   router.get(`${adminPath}/json-configs`, requireModuleAccessWithIframe('json-configs', 'read'), (req, res) => {
     const templatePath = path.join(

package/src/models/BlogAutomationLock.js

@@ -1,14 +1,14 @@
-const mongoose = require('mongoose');
+const mongoose = require("mongoose");
 
 const blogAutomationLockSchema = new mongoose.Schema(
   {
-    key: { type: String, required: true, unique: true, index: true },
+    key: { type: String, required: true, unique: true },
     lockedUntil: { type: Date, required: true },
     ownerId: { type: String, required: true },
   },
-  { timestamps: true, collection: 'blog_automation_locks' },
+  { timestamps: true, collection: "blog_automation_locks" },
 );
 
 module.exports =
   mongoose.models.BlogAutomationLock ||
-  mongoose.model('BlogAutomationLock', blogAutomationLockSchema);
+  mongoose.model("BlogAutomationLock", blogAutomationLockSchema);

package/src/models/BlogPost.js

@@ -1,28 +1,27 @@
-const mongoose = require('mongoose');
+const mongoose = require("mongoose");
 
 const blogPostSchema = new mongoose.Schema(
   {
     title: { type: String, required: true },
-    slug: { type: String, required: true, index: true },
+    slug: { type: String, required: true },
     status: {
       type: String,
-      enum: ['draft', 'scheduled', 'published', 'archived'],
-      default: 'draft',
-      index: true,
+      enum: ["draft", "scheduled", "published", "archived"],
+      default: "draft",
     },
-    excerpt: { type: String, default: '' },
-    markdown: { type: String, default: '' },
-    html: { type: String, default: '' },
-    coverImageUrl: { type: String, default: '' },
-    category: { type: String, default: '' },
+    excerpt: { type: String, default: "" },
+    markdown: { type: String, default: "" },
+    html: { type: String, default: "" },
+    coverImageUrl: { type: String, default: "" },
+    category: { type: String, default: "" },
     tags: { type: [String], default: [] },
-    authorName: { type: String, default: '' },
-    seoTitle: { type: String, default: '' },
-    seoDescription: { type: String, default: '' },
+    authorName: { type: String, default: "" },
+    seoTitle: { type: String, default: "" },
+    seoDescription: { type: String, default: "" },
     scheduledAt: { type: Date },
     publishedAt: { type: Date },
   },
-  { timestamps: true, collection: 'blog_posts' },
+  { timestamps: true, collection: "blog_posts" },
 );
 
 blogPostSchema.index({ status: 1, publishedAt: -1 });
@@ -34,9 +33,10 @@ blogPostSchema.index(
   {
     unique: true,
     partialFilterExpression: {
-      status: { $in: ['draft', 'scheduled', 'published'] },
+      status: { $in: ["draft", "scheduled", "published"] },
     },
   },
 );
 
-module.exports = mongoose.models.BlogPost || mongoose.model('BlogPost', blogPostSchema);
+module.exports =
+  mongoose.models.BlogPost || mongoose.model("BlogPost", blogPostSchema);

package/src/models/CacheEntry.js

@@ -1,12 +1,17 @@
-const mongoose = require('mongoose');
+const mongoose = require("mongoose");
 
 const cacheEntrySchema = new mongoose.Schema(
   {
     namespace: { type: String, required: true, index: true },
-    key: { type: String, required: true, index: true },
+    key: { type: String, required: true },
 
     value: { type: String, required: true },
-    atRestFormat: { type: String, enum: ['string', 'base64'], default: 'string', index: true },
+    atRestFormat: {
+      type: String,
+      enum: ["string", "base64"],
+      default: "string",
+      index: true,
+    },
 
     sizeBytes: { type: Number, default: 0 },
 
@@ -15,12 +20,18 @@ const cacheEntrySchema = new mongoose.Schema(
     hits: { type: Number, default: 0 },
     lastAccessAt: { type: Date, default: null },
 
-    source: { type: String, enum: ['offloaded', 'manual'], default: 'manual', index: true },
+    source: {
+      type: String,
+      enum: ["offloaded", "manual"],
+      default: "manual",
+      index: true,
+    },
   },
-  { timestamps: true, collection: 'cache_entries' },
+  { timestamps: true, collection: "cache_entries" },
 );
 
 cacheEntrySchema.index({ namespace: 1, key: 1 }, { unique: true });
 cacheEntrySchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
 
-module.exports = mongoose.models.CacheEntry || mongoose.model('CacheEntry', cacheEntrySchema);
+module.exports =
+  mongoose.models.CacheEntry || mongoose.model("CacheEntry", cacheEntrySchema);

package/src/models/JsonConfig.js

@@ -1,4 +1,4 @@
-const mongoose = require('mongoose');
+const mongoose = require("mongoose");
 
 const jsonConfigSchema = new mongoose.Schema(
   {
@@ -10,13 +10,11 @@ const jsonConfigSchema = new mongoose.Schema(
       type: String,
       required: true,
       unique: true,
-      index: true,
     },
     alias: {
       type: String,
       unique: true,
       sparse: true,
-      index: true,
     },
     publicEnabled: {
       type: Boolean,
@@ -43,4 +41,4 @@ const jsonConfigSchema = new mongoose.Schema(
 // jsonConfigSchema.index({ slug: 1 }); // Removed duplicate index
 // jsonConfigSchema.index({ alias: 1 }); // Removed duplicate index
 
-module.exports = mongoose.model('JsonConfig', jsonConfigSchema);
+module.exports = mongoose.model("JsonConfig", jsonConfigSchema);

package/src/models/RateLimitMetricBucket.js

@@ -1,4 +1,4 @@
-const mongoose = require('mongoose');
+const mongoose = require("mongoose");
 
 const rateLimitMetricBucketSchema = new mongoose.Schema(
   {
@@ -9,12 +9,17 @@ const rateLimitMetricBucketSchema = new mongoose.Schema(
     allowed: { type: Number, default: 0 },
     blocked: { type: Number, default: 0 },
 
-    expiresAt: { type: Date, default: null, index: true },
+    expiresAt: { type: Date, default: null },
   },
-  { timestamps: true, collection: 'rate_limit_metric_buckets' },
+  { timestamps: true, collection: "rate_limit_metric_buckets" },
 );
 
-rateLimitMetricBucketSchema.index({ limiterId: 1, bucketStart: 1 }, { unique: true });
+rateLimitMetricBucketSchema.index(
+  { limiterId: 1, bucketStart: 1 },
+  { unique: true },
+);
 rateLimitMetricBucketSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
 
-module.exports = mongoose.models.RateLimitMetricBucket || mongoose.model('RateLimitMetricBucket', rateLimitMetricBucketSchema);
+module.exports =
+  mongoose.models.RateLimitMetricBucket ||
+  mongoose.model("RateLimitMetricBucket", rateLimitMetricBucketSchema);

package/src/models/SuperDemo.js

@@ -0,0 +1,38 @@
+const mongoose = require('mongoose');
+
+const superDemoSchema = new mongoose.Schema(
+  {
+    demoId: {
+      type: String,
+      required: true,
+      unique: true,
+      index: true,
+      trim: true,
+      match: [/^demo_[a-z0-9]{8,32}$/, 'Invalid demoId'],
+    },
+    projectId: { type: String, required: true, index: true, trim: true },
+
+    name: { type: String, required: true, trim: true },
+
+    status: {
+      type: String,
+      enum: ['draft', 'published'],
+      default: 'draft',
+      index: true,
+    },
+
+    publishedVersion: { type: Number, default: 0 },
+    publishedAt: { type: Date, default: null },
+
+    // Minimal targeting for v1.
+    // Interpreted as a substring match against window.location.href unless otherwise specified.
+    startUrlPattern: { type: String, default: null },
+
+    isActive: { type: Boolean, default: true, index: true },
+  },
+  { timestamps: true, collection: 'super_demos' },
+);
+
+superDemoSchema.index({ projectId: 1, status: 1, isActive: 1 });
+
+module.exports = mongoose.models.SuperDemo || mongoose.model('SuperDemo', superDemoSchema);

package/src/models/SuperDemoProject.js

@@ -0,0 +1,32 @@
+const mongoose = require('mongoose');
+
+const superDemoProjectSchema = new mongoose.Schema(
+  {
+    projectId: {
+      type: String,
+      required: true,
+      unique: true,
+      index: true,
+      trim: true,
+      match: [/^sdp_[a-z0-9]{8,32}$/, 'Invalid projectId'],
+    },
+    name: { type: String, required: true, trim: true },
+
+    isPublic: { type: Boolean, default: true, index: true },
+    apiKeyHash: { type: String, default: null },
+
+    allowedOrigins: { type: [String], default: [] },
+    stylePreset: {
+      type: String,
+      enum: ['default', 'glass-dark', 'high-contrast', 'soft-purple'],
+      default: 'default',
+    },
+    styleOverrides: { type: String, default: '' },
+
+    isActive: { type: Boolean, default: true, index: true },
+  },
+  { timestamps: true, collection: 'super_demo_projects' },
+);
+
+module.exports = mongoose.models.SuperDemoProject ||
+  mongoose.model('SuperDemoProject', superDemoProjectSchema);

package/src/models/SuperDemoStep.js

@@ -0,0 +1,27 @@
+const mongoose = require('mongoose');
+
+const superDemoStepSchema = new mongoose.Schema(
+  {
+    demoId: { type: String, required: true, index: true, trim: true },
+    order: { type: Number, required: true, index: true },
+
+    selector: { type: String, required: true },
+    selectorHints: { type: mongoose.Schema.Types.Mixed, default: null },
+
+    message: { type: String, required: true },
+    placement: {
+      type: String,
+      enum: ['top', 'bottom', 'left', 'right', 'auto'],
+      default: 'auto',
+    },
+
+    waitFor: { type: mongoose.Schema.Types.Mixed, default: null },
+    advance: { type: mongoose.Schema.Types.Mixed, default: { type: 'manualNext' } },
+  },
+  { timestamps: true, collection: 'super_demo_steps' },
+);
+
+superDemoStepSchema.index({ demoId: 1, order: 1 }, { unique: true });
+
+module.exports = mongoose.models.SuperDemoStep ||
+  mongoose.model('SuperDemoStep', superDemoStepSchema);

package/src/routes/adminAgents.routes.js

@@ -1,6 +1,7 @@
 const express = require('express');
 const router = express.Router();
 const adminAgentsController = require('../controllers/adminAgents.controller');
+const adminAgentsChatController = require('../controllers/adminAgentsChat.controller');
 const { adminSessionAuth } = require('../middleware/auth');
 
 router.use(adminSessionAuth);
@@ -10,4 +11,13 @@ router.post('/', adminAgentsController.createAgent);
 router.put('/:id', adminAgentsController.updateAgent);
 router.delete('/:id', adminAgentsController.deleteAgent);
 
+router.post('/chat/session/new', adminAgentsChatController.newSession);
+router.get('/chat/sessions', adminAgentsChatController.listSessions);
+router.post('/chat/session/rename', adminAgentsChatController.renameSession);
+router.post('/chat/session/compact', adminAgentsChatController.compactSession);
+router.get('/chat/session/:chatId/messages', adminAgentsChatController.loadSessionMessages);
+router.post('/chat/message', adminAgentsChatController.sendMessage);
+router.post('/chat/stream', adminAgentsChatController.streamMessage);
+router.get('/chat/health', adminAgentsChatController.chatHealth);
+
 module.exports = router;

package/src/routes/adminMarkdowns.routes.js

@@ -5,6 +5,9 @@ const { adminSessionAuth } = require('../middleware/auth');
 const adminMarkdownsController = require('../controllers/adminMarkdowns.controller');
 
 router.use(adminSessionAuth);
+router.get('/', adminMarkdownsController.list);
+router.get('/group-codes/:category', adminMarkdownsController.getGroupCodes);
+router.get('/folder/:category/:group_code', adminMarkdownsController.getFolderContents);
 router.post('/validate-path', adminSessionAuth, adminMarkdownsController.validatePath);
 
 module.exports = router;

package/src/routes/adminSuperDemos.routes.js

@@ -0,0 +1,31 @@
+const express = require('express');
+const router = express.Router();
+
+const { adminSessionAuth } = require('../middleware/auth');
+const controller = require('../controllers/adminSuperDemos.controller');
+
+router.use(express.json({ limit: '1mb' }));
+router.use(adminSessionAuth);
+
+// Projects
+router.get('/projects', controller.listProjects);
+router.post('/projects', controller.createProject);
+router.put('/projects/:projectId', controller.updateProject);
+router.post('/projects/:projectId/rotate-key', controller.rotateProjectKey);
+
+// Demos
+router.get('/projects/:projectId/demos', controller.listProjectDemos);
+router.post('/projects/:projectId/demos', controller.createDemo);
+router.get('/demos/:demoId', controller.getDemo);
+router.put('/demos/:demoId', controller.updateDemo);
+router.post('/demos/:demoId/publish', controller.publishDemo);
+
+// Steps
+router.get('/demos/:demoId/steps', controller.listSteps);
+router.put('/demos/:demoId/steps', controller.replaceSteps);
+
+// Authoring sessions
+router.post('/authoring-sessions', controller.createAuthoringSession);
+router.delete('/authoring-sessions/:sessionId', controller.deleteAuthoringSession);
+
+module.exports = router;

package/src/routes/superDemos.routes.js

@@ -0,0 +1,9 @@
+const express = require('express');
+const router = express.Router();
+
+const controller = require('../controllers/superDemosPublic.controller');
+
+router.get('/projects/:projectId/demos/published', controller.listPublishedDemos);
+router.get('/demos/:demoId/definition', controller.getPublishedDemoDefinition);
+
+module.exports = router;