npm - @jsreport/jsreport-core - Versions diffs - 3.8.1 → 3.10.0 - Mend

@jsreport/jsreport-core 3.8.1 → 3.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +15 -0
package/lib/main/folders/validateDuplicatedName.js +2 -10
package/lib/main/profiler.js +1 -0
package/lib/main/reporter.js +23 -3
package/lib/main/store/checkDuplicatedId.js +2 -10
package/lib/main/store/collection.js +38 -10
package/lib/main/store/mainActions.js +21 -2
package/lib/main/store/setupValidateShortid.js +2 -9
package/lib/main/templates.js +2 -2
package/lib/shared/adminRequest.js +17 -0
package/lib/shared/createError.js +31 -9
package/lib/shared/normalizeError.js +31 -0
package/lib/shared/reporter.js +3 -1
package/lib/shared/request.js +9 -1
package/lib/worker/documentStore.js +19 -8
package/lib/worker/render/executeEngine.js +44 -9
package/lib/worker/render/profiler.js +2 -1
package/lib/worker/render/render.js +30 -4
package/lib/worker/sandbox/createSandbox.js +5 -1
package/lib/worker/sandbox/runInSandbox.js +39 -39
package/lib/worker/templates.js +37 -6
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -282,6 +282,21 @@ jsreport.documentStore.collection('templates')
 ## Changelog
+### 3.10.0
+- `mainReporter.executeWorkerAction` now supports cancellation with `AbortController.signal`
+- add support for specifying what are the main document properties of templates entitySet
+### 3.9.0
+- add more store methods `collection.findAdmin`, `collection.findOneAdmin`, `reporter.adminRequest` to easily allow execure store queries without taking into account permissions
+- improve logging for child requests and user level logs
+- differentiate between template not found errors and permissions related errors (it is now more clean what is the cause of specific error)
+- normalize to error when non-errors are throw (like throw "string")
+- improve errors in helpers (it now includes the helper name)
+- improve error message when template was not found in child request
+- improve error handling in sandbox
 ### 3.8.1
 - update vm2 for fix security issue

package/lib/main/folders/validateDuplicatedName.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const omit = require('lodash.omit')
 const resolveEntityPath = require('../../shared/folders/resolveEntityPath')
 async function findEntity (reporter, name, folder, req) {
@@ -7,18 +6,11 @@ async function findEntity (reporter, name, folder, req) {
       continue
     }
-    const localReq = req ? reporter.Request(req) : req
-    // we should validate against all entities without caring about permissions
-    if (localReq) {
-      localReq.context = localReq.context ? omit(localReq.context, 'user') : localReq.context
-    }
-    const allEntities = await reporter.documentStore.collection(c).find({
+    const allEntities = await reporter.documentStore.collection(c).findAdmin({
       folder
     }, {
       name: 1
-    }, localReq)
+    }, req)
     const existingEntity = allEntities.find((entity) => {
       if (entity.name) {

package/lib/main/profiler.js CHANGED Viewed

@@ -211,6 +211,7 @@ module.exports = (reporter) => {
     profilerRequestMap.set(req.context.rootId, req)
     const template = await reporter.templates.resolveTemplate(req)
     if (template && template._id) {
       req.context.resolvedTemplate = extend(true, {}, template)

package/lib/main/reporter.js CHANGED Viewed

@@ -345,13 +345,14 @@ class MainReporter extends Reporter {
     }
     if (err.code === 'WORKER_ABORTED') {
-      err.message = 'Report cancelled'
+      err.message = 'Report cancelled by the client or closed network'
       err.weak = true
     }
     if (!err.logged) {
       const logFn = err.weak ? this.logger.warn : this.logger.error
-      logFn(`Report render failed: ${err.message}${err.stack != null ? ' ' + err.stack : ''}`, req)
+      const errorMessage = this.createError('Report render failed', { original: err }).message
+      logFn(`${errorMessage}${err.stack != null ? '\n' + err.stack : ''}`, req)
     }
     await this.renderErrorListeners.fire(req, res, err)
     throw err
@@ -556,6 +557,16 @@ class MainReporter extends Reporter {
         timeout
       })
+    const handleAbortSignal = () => {
+      if (worker) {
+        worker.release(req).catch((e) => this.logger.error('Failed to release worker ' + e))
+      }
+    }
+    if (options.signal && !options.worker) {
+      options.signal.addEventListener('abort', handleAbortSignal, { once: true })
+    }
     try {
       const result = await worker.execute({
         actionName,
@@ -578,7 +589,16 @@ class MainReporter extends Reporter {
       return result
     } finally {
       if (!options.worker) {
-        await worker.release(req)
+        let shouldRelease = true
+        if (options.signal) {
+          options.signal.removeEventListener('abort', handleAbortSignal)
+          shouldRelease = options.signal.aborted !== true
+        }
+        if (shouldRelease) {
+          await worker.release(req)
+        }
       }
     }
   }

package/lib/main/store/checkDuplicatedId.js CHANGED Viewed

@@ -1,5 +1,3 @@
-const omit = require('lodash.omit')
-const Request = require('../../shared/request')
 module.exports = async function checkDuplicatedId (store, collectionName, idValue, req) {
   if (idValue == null) {
@@ -12,16 +10,10 @@ module.exports = async function checkDuplicatedId (store, collectionName, idValu
 }
 async function findEntity (store, collectionName, idValue, req) {
-  const localReq = req ? Request(req) : req
   // we should validate without caring about permissions
-  if (localReq) {
-    localReq.context = localReq.context ? omit(localReq.context, 'user') : localReq.context
-  }
-  const existingEntity = await store.collection(collectionName).findOne({
+  const existingEntity = await store.collection(collectionName).findOneAdmin({
     _id: idValue
-  }, localReq)
+  }, req)
   return existingEntity
 }

package/lib/main/store/collection.js CHANGED Viewed

@@ -1,6 +1,8 @@
-const createListenerCollection = require('../../shared/listenerCollection')
 const { resolvePropDefinition } = require('./typeUtils')
+const adminRequest = require('../../shared/adminRequest')
+const createListenerCollection = require('../../shared/listenerCollection')
 const createError = require('../../shared/createError')
+const Request = require('../../shared/request')
 const validateEntityName = require('../validateEntityName')
 module.exports = (entitySet, provider, model, validator, encryption, transactions) => ({
@@ -74,6 +76,41 @@ module.exports = (entitySet, provider, model, validator, encryption, transaction
     })
   },
+  findAdmin (q, p, req) {
+    if (p && p.__isJsreportRequest__ === true) {
+      req = p
+      p = {}
+    }
+    p = p || {}
+    req = adminRequest(req, Request)
+    return this.find(q, p, req)
+  },
+  async findOne (...args) {
+    const res = await this.find(...args)
+    if (res.length > 0) {
+      return res[0]
+    }
+    return null
+  },
+  findOneAdmin (q, p, req) {
+    if (p && p.__isJsreportRequest__ === true) {
+      req = p
+      p = {}
+    }
+    p = p || {}
+    req = adminRequest(req, Request)
+    return this.findOne(q, p, req)
+  },
   count (...args) {
     return this.find(...args).count()
   },
@@ -154,15 +191,6 @@ module.exports = (entitySet, provider, model, validator, encryption, transaction
     })
   },
-  async findOne (...args) {
-    const res = await this.find(...args)
-    if (res.length > 0) {
-      return res[0]
-    }
-    return null
-  },
   async serializeProperties (docs, customTypeDef) {
     let typeDef

package/lib/main/store/mainActions.js CHANGED Viewed

@@ -1,15 +1,34 @@
 module.exports = (reporter) => {
   reporter.registerMainAction('documentStore.collection.find', async (spec, originalReq) => {
     const localReq = reporter.Request(originalReq)
     localReq.context.userFindCall = true
-    const res = await reporter.documentStore.collection(spec.collection).find(spec.query, localReq)
+    const collection = reporter.documentStore.collection(spec.collection)
+    let method = 'find'
+    if (spec.admin) {
+      method = 'findAdmin'
+    }
+    const res = await collection[method](spec.query, localReq)
     return res
   })
   reporter.registerMainAction('documentStore.collection.findOne', async (spec, originalReq) => {
     const localReq = reporter.Request(originalReq)
     localReq.context.userFindCall = true
-    const res = await reporter.documentStore.collection(spec.collection).findOne(spec.query, localReq)
+    const collection = reporter.documentStore.collection(spec.collection)
+    let method = 'findOne'
+    if (spec.admin) {
+      method = 'findOneAdmin'
+    }
+    const res = await collection[method](spec.query, localReq)
     return res
   })

package/lib/main/store/setupValidateShortid.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const omit = require('lodash.omit')
 module.exports = (reporter) => {
   reporter.initializeListeners.add('core-validate-shortid', () => {
@@ -60,16 +59,10 @@ async function validateShortid (reporter, collectionName, doc, originalIdValue,
 }
 async function findEntity (reporter, collectionName, shortid, req) {
-  const localReq = req ? reporter.Request(req) : req
   // we should validate without caring about permissions
-  if (localReq) {
-    localReq.context = localReq.context ? omit(localReq.context, 'user') : localReq.context
-  }
-  const existingEntity = await reporter.documentStore.collection(collectionName).findOne({
+  const existingEntity = await reporter.documentStore.collection(collectionName).findOneAdmin({
     shortid
-  }, localReq)
+  }, req)
   return existingEntity
 }

package/lib/main/templates.js CHANGED Viewed

@@ -2,9 +2,9 @@
 module.exports = (reporter) => {
   reporter.documentStore.registerEntityType('TemplateType', {
     name: { type: 'Edm.String' },
-    content: { type: 'Edm.String', document: { extension: 'html', engine: true } },
+    content: { type: 'Edm.String', document: { main: true, extension: 'html', engine: true } },
     recipe: { type: 'Edm.String' },
-    helpers: { type: 'Edm.String', document: { extension: 'js' }, schema: { type: 'object' } },
+    helpers: { type: 'Edm.String', document: { main: true, extension: 'js' }, schema: { type: 'object' } },
     engine: { type: 'Edm.String' }
   }, true)

package/lib/shared/adminRequest.js ADDED Viewed

@@ -0,0 +1,17 @@
+const omit = require('lodash.omit')
+module.exports = function adminRequest (req, Request) {
+  if (req == null) {
+    return req
+  }
+  let targetReq = req
+  if (Request != null) {
+    targetReq = Request(targetReq)
+  }
+  targetReq.context = targetReq.context ? omit(targetReq.context, 'user') : targetReq.context
+  return targetReq
+}

package/lib/shared/createError.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const _omit = require('lodash.omit')
+const normalizeError = require('./normalizeError')
 module.exports = function (message, options = {}) {
   const { original } = options
@@ -10,23 +10,37 @@ module.exports = function (message, options = {}) {
     error = new Error(message)
     if (original != null) {
-      error.entity = original.entity
-      error.lineNumber = original.lineNumber
-      error.property = original.property
+      // because in js you can throw <anything>, not specifically Error
+      const originalNormalized = normalizeError(original)
+      error.entity = originalNormalized.entity
+      error.lineNumber = originalNormalized.lineNumber
+      error.property = originalNormalized.property
+      if (originalNormalized.statusCode != null) {
+        error.statusCode = originalNormalized.statusCode
+      }
+      if (originalNormalized.weak != null) {
+        error.weak = originalNormalized.weak
+      }
       if (error.message == null || error.message === '') {
-        error.message = `${original.message}`
+        error.message = `${originalNormalized.message}`
       } else {
-        error.message += `. ${original.message}`
+        error.message += `\n(because) ${lowerCaseFirstLetter(originalNormalized.message)}`
       }
-      if (error.stack != null && original.stack != null) {
-        error.stack += `\ncaused by: ${original.stack}`
+      // stack is printed in reverse order (from cause to more high level error)
+      if (error.stack != null && originalNormalized.stack != null) {
+        error.stack = `${originalNormalized.stack}\nwrapped by:\n${error.stack}`
       }
     }
   }
-  Object.assign(error, _omit(options, 'original'))
+  const { original: originalInOptions, ...restOfOptions } = options
+  Object.assign(error, restOfOptions)
   if ((error.statusCode === 400 || error.statusCode === 404) && error.weak == null) {
     error.weak = true
@@ -34,3 +48,11 @@ module.exports = function (message, options = {}) {
   return error
 }
+function lowerCaseFirstLetter (str) {
+  if (str === '' || typeof str !== 'string') {
+    return str
+  }
+  return str.charAt(0).toLowerCase() + str.slice(1)
+}

package/lib/shared/normalizeError.js ADDED Viewed

@@ -0,0 +1,31 @@
+module.exports = function normalizeError (errValue, normalizedErrorPrefix = 'User code threw with non-Error: ') {
+  let newError
+  const isErrorObj = (
+    typeof errValue === 'object' &&
+      typeof errValue.hasOwnProperty === 'function' &&
+      Object.prototype.hasOwnProperty.call(errValue, 'message')
+  )
+  const isValidError = (
+    isErrorObj ||
+      typeof errValue === 'string'
+  )
+  if (!isValidError) {
+    if (Object.prototype.toString.call(errValue) === '[object Object]') {
+      newError = new Error(`${normalizedErrorPrefix}${JSON.stringify(errValue)}`)
+    } else {
+      newError = new Error(`${normalizedErrorPrefix}${errValue}`)
+    }
+  } else {
+    if (typeof errValue === 'string') {
+      newError = new Error(errValue)
+    } else {
+      newError = errValue
+    }
+  }
+  return newError
+}

package/lib/shared/reporter.js CHANGED Viewed

@@ -6,7 +6,8 @@ const Folders = require('./folders')
 const createOrExtendError = require('./createError')
 const tempFilesHandler = require('./tempFilesHandler')
 const encryption = require('./encryption')
-const generateRequestId = require('../shared/generateRequestId')
+const generateRequestId = require('./generateRequestId')
+const adminRequest = require('./adminRequest')
 class Reporter extends EventEmitter {
   constructor (options) {
@@ -14,6 +15,7 @@ class Reporter extends EventEmitter {
     this.options = options || {}
     this.Request = Request
+    this.adminRequest = adminRequest
     // since `reporter` instance will be used for other extensions,
     // it will quickly reach the limit of `10` listeners,

package/lib/shared/request.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const extend = require('node.extend.without.arrays')
 const omit = require('lodash.omit')
+const createError = require('./createError')
 module.exports = (obj, parent) => {
   if (parent && !parent.__isJsreportRequest__) {
@@ -57,7 +58,14 @@ module.exports = (obj, parent) => {
 function normalizeJSONData (data) {
   if (typeof data === 'string') {
-    return JSON.parse(data)
+    try {
+      return JSON.parse(data)
+    } catch (parseError) {
+      throw createError('Unable to parse request data', {
+        weak: true,
+        original: parseError
+      })
+    }
   }
   return data

package/lib/worker/documentStore.js CHANGED Viewed

@@ -2,14 +2,10 @@ module.exports = ({ model, collections }, executeMainAction) => {
   const store = {
     model,
     collection: (name) => ({
-      find: (q, req) => executeMainAction('documentStore.collection.find', {
-        query: q,
-        collection: name
-      }, req),
-      findOne: (q, req) => executeMainAction('documentStore.collection.findOne', {
-        query: q,
-        collection: name
-      }, req),
+      find: findMethod('documentStore.collection.find', name, false, executeMainAction),
+      findOne: findMethod('documentStore.collection.findOne', name, false, executeMainAction),
+      findAdmin: findMethod('documentStore.collection.find', name, true, executeMainAction),
+      findOneAdmin: findMethod('documentStore.collection.findOne', name, true, executeMainAction),
       insert: async (doc, req) => {
         const entity = await executeMainAction('documentStore.collection.insert', {
           doc,
@@ -47,3 +43,18 @@ module.exports = ({ model, collections }, executeMainAction) => {
   return store
 }
+function findMethod (actionName, collectionName, admin, executeMainAction) {
+  return async (q, req) => {
+    const payload = {
+      query: q,
+      collection: collectionName
+    }
+    if (admin) {
+      payload.admin = admin
+    }
+    return executeMainAction(actionName, payload, req)
+  }
+}

package/lib/worker/render/executeEngine.js CHANGED Viewed

@@ -203,10 +203,13 @@ module.exports = (reporter) => {
       const wrappedTopLevelFunctions = {}
       for (const h of Object.keys(topLevelFunctions)) {
+        // extra wrapping for enhance the error with the helper name
+        wrappedTopLevelFunctions[h] = wrapHelperForHelperNameWhenError(topLevelFunctions[h], h)
         if (engine.getWrappingHelpersEnabled && engine.getWrappingHelpersEnabled(req) === false) {
-          wrappedTopLevelFunctions[h] = engine.wrapHelper(topLevelFunctions[h], { context })
+          wrappedTopLevelFunctions[h] = engine.wrapHelper(wrappedTopLevelFunctions[h], { context })
         } else {
-          wrappedTopLevelFunctions[h] = wrapHelperForAsyncSupport(topLevelFunctions[h], asyncResultMap)
+          wrappedTopLevelFunctions[h] = wrapHelperForAsyncSupport(wrappedTopLevelFunctions[h], asyncResultMap)
         }
       }
@@ -279,10 +282,14 @@ module.exports = (reporter) => {
       const nestedErrorWithEntity = e.entity != null
       const templatePath = req.template._id ? await reporter.folders.resolveEntityPath(req.template, 'templates', req) : 'anonymous'
+      const newError = reporter.createError(`Error when evaluating engine ${engine.name} for template ${templatePath}`, { original: e })
       if (templatePath !== 'anonymous' && !nestedErrorWithEntity) {
         const templateFound = await reporter.folders.resolveEntityFromPath(templatePath, 'templates', req)
         if (templateFound != null) {
-          e.entity = {
+          newError.entity = {
             shortid: templateFound.entity.shortid,
             name: templateFound.entity.name,
             content
@@ -290,24 +297,29 @@ module.exports = (reporter) => {
         }
       }
-      e.message = `Error when evaluating engine ${engine.name} for template ${templatePath}\n` + e.message
       if (!nestedErrorWithEntity && e.property !== 'content') {
-        e.property = 'helpers'
+        newError.property = 'helpers'
       }
       if (nestedErrorWithEntity) {
         // errors from nested assets evals needs an unwrap for some reason
-        e.entity = { ...e.entity }
+        newError.entity = { ...e.entity }
       }
-      throw e
+      // we remove the decoratedSuffix (created from sandbox) from the stack trace (if it is there) because it
+      // just creates noise and duplication when printing the error,
+      // we just want the decoration on the message not in the stack trace
+      if (e.decoratedSuffix != null && newError.stack.includes(e.decoratedSuffix)) {
+        newError.stack = newError.stack.replace(e.decoratedSuffix, '')
+      }
+      throw newError
     }
   }
   function wrapHelperForAsyncSupport (fn, asyncResultMap) {
     return function (...args) {
-    // important to call the helper with the current this to preserve the same behavior
+      // important to call the helper with the current this to preserve the same behavior
       const fnResult = fn.call(this, ...args)
       if (fnResult == null || typeof fnResult.then !== 'function') {
@@ -320,4 +332,27 @@ module.exports = (reporter) => {
       return `{#asyncHelperResult ${asyncResultId}}`
     }
   }
+  function wrapHelperForHelperNameWhenError (fn, helperName) {
+    return function (...args) {
+      let fnResult
+      const getEnhancedHelperError = (e) => reporter.createError(`"${helperName}" helper call failed`, { original: e })
+      try {
+        // important to call the helper with the current this to preserve the same behavior
+        fnResult = fn.call(this, ...args)
+      } catch (syncError) {
+        throw getEnhancedHelperError(syncError)
+      }
+      if (fnResult == null || typeof fnResult.then !== 'function') {
+        return fnResult
+      }
+      return fnResult.catch((asyncError) => {
+        throw getEnhancedHelperError(asyncError)
+      })
+    }
+  }
 }

package/lib/worker/render/profiler.js CHANGED Viewed

@@ -126,8 +126,9 @@ class Profiler {
     if (parentReq) {
       template = await this.reporter.templates.resolveTemplate(req)
       // store a copy to prevent side-effects
-      req.context.resolvedTemplate = extend(true, {}, template)
+      req.context.resolvedTemplate = template != null ? extend(true, {}, template) : template
     } else {
       template = req.context.resolvedTemplate
     }

package/lib/worker/render/render.js CHANGED Viewed

@@ -130,7 +130,7 @@ module.exports = (reporter) => {
         reporter.requestModulesCache.set(request.context.rootId, Object.create(null))
       }
-      reporter.logger.info(`Starting rendering request ${request.context.reportCounter} (user: ${(request.context.user ? request.context.user.name : 'null')})`, request)
+      reporter.logger.info(`Starting rendering${childMsgDecorate(request)} request${counterMsgDecorate(request)}${userMsgDecorate(request)}`, request)
       // TODO
       /* if (reporter.entityTypeValidator.getSchema('TemplateType') != null) {
@@ -147,7 +147,7 @@ module.exports = (reporter) => {
       await invokeRender(reporter, request, response)
       await afterRender(reporter, request, response)
-      reporter.logger.info(`Rendering request ${request.context.reportCounter} finished in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
+      reporter.logger.info(`Rendering${childMsgDecorate(request)} request${counterMsgDecorate(request)} finished in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
       response.meta.logs = request.context.logs
@@ -164,9 +164,11 @@ module.exports = (reporter) => {
       const logFn = e.weak ? reporter.logger.warn : reporter.logger.error
-      logFn(`Error when processing render request ${request.context.reportCounter} ${e.message}${e.stack != null ? ' ' + e.stack : ''}`, request)
+      const errorMessage = reporter.createError(`Error when processing${childMsgDecorate(request)} render request${counterMsgDecorate(request)}`, { original: e }).message
-      logFn(`Rendering request ${request.context.reportCounter} finished with error in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
+      logFn(`${errorMessage}${e.stack != null ? '\n' + e.stack : ''}`, request)
+      logFn(`Rendering${childMsgDecorate(request)} request${counterMsgDecorate(request)} finished with error in ${(new Date().getTime() - request.context.startTimestamp)} ms`, request)
       if (
         parentReq &&
@@ -196,3 +198,27 @@ module.exports = (reporter) => {
     }
   }
 }
+function childMsgDecorate (req) {
+  if (!req.context.isChildRequest) {
+    return ''
+  }
+  return ' (child)'
+}
+function counterMsgDecorate (req) {
+  if (req.context.isChildRequest) {
+    return ''
+  }
+  return ` ${req.context.reportCounter}`
+}
+function userMsgDecorate (req) {
+  if (!req.context.user) {
+    return ''
+  }
+  return ` (user: ${req.context.user.name})`
+}

package/lib/worker/sandbox/createSandbox.js CHANGED Viewed

@@ -372,7 +372,11 @@ function decorateErrorMessage (e, sourceFilesInfo) {
     }
     if (suffix !== '') {
-      e.message = `${e.message}\n\n${suffix}`
+      suffix = `\n\n${suffix}`
+      e.message = `${e.message}${suffix}`
+      // we store the suffix we added to the message so we can use it later
+      // to detect if we need to strip this from the stack or not
+      e.decoratedSuffix = suffix
     }
   }

package/lib/worker/sandbox/runInSandbox.js CHANGED Viewed

@@ -1,8 +1,9 @@
 const LRU = require('lru-cache')
 const stackTrace = require('stack-trace')
 const { customAlphabet } = require('nanoid')
-const createSandbox = require('./createSandbox')
 const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz', 10)
+const createSandbox = require('./createSandbox')
+const normalizeError = require('../../shared/normalizeError')
 module.exports = (reporter) => {
   const functionsCache = LRU(reporter.options.sandbox.cache)
@@ -36,7 +37,16 @@ module.exports = (reporter) => {
       onLog: (log) => {
         // we mark any log done in sandbox as userLevel: true, this allows us to detect which logs belongs to user
         // and can potentially contain sensitive information
-        reporter.logger[log.level](log.message, { ...req, timestamp: log.timestamp, userLevel: true })
+        let consoleType = log.level
+        if (consoleType === 'debug') {
+          consoleType = 'log'
+        } else if (consoleType === 'warn') {
+          consoleType = 'warning'
+        }
+        reporter.logger.debug(`(console:${consoleType}) ${log.message}`, { ...req, timestamp: log.timestamp, userLevel: true })
       },
       formatError: (error, moduleName) => {
         error.message += ` To be able to require custom modules you need to add to configuration { "trustUserCode": true } or enable just specific module using { sandbox: { allowedModules": ["${moduleName}"] }`
@@ -135,10 +145,14 @@ module.exports = (reporter) => {
       const initScriptInfo = await initFn(_getTopLevelFunctions, compileScript)
       if (initScriptInfo) {
-        await run(initScriptInfo.script, {
-          filename: initScriptInfo.filename || 'sandbox-init.js',
-          source: initScriptInfo.source
-        })
+        try {
+          await run(initScriptInfo.script, {
+            filename: initScriptInfo.filename || 'sandbox-init.js',
+            source: initScriptInfo.source
+          })
+        } catch (e) {
+          handleError(reporter, e)
+        }
       }
     }
@@ -162,43 +176,29 @@ module.exports = (reporter) => {
           })
         }).catch(__handleError);`
-    return run(executionCode, {
-      filename: 'sandbox.js',
-      source: userCode,
-      errorLineNumberOffset
-    })
+    try {
+      return await run(executionCode, {
+        filename: 'sandbox.js',
+        source: userCode,
+        errorLineNumberOffset
+      })
+    } catch (e) {
+      handleError(reporter, e)
+    }
   }
 }
 function handleError (reporter, errValue) {
-  let newError
-  const isErrorObj = (
-    typeof errValue === 'object' &&
-      typeof errValue.hasOwnProperty === 'function' &&
-      Object.prototype.hasOwnProperty.call(errValue, 'message')
-  )
-  const isValidError = (
-    isErrorObj ||
-      typeof errValue === 'string'
-  )
-  if (!isValidError) {
-    if (Object.prototype.toString.call(errValue) === '[object Object]') {
-      newError = new Error(`User code threw with non-Error: ${JSON.stringify(errValue)}`)
-    } else {
-      newError = new Error(`User code threw with non-Error: ${errValue}`)
-    }
-  } else {
-    if (typeof errValue === 'string') {
-      newError = new Error(errValue)
-    } else {
-      newError = new Error(errValue.message)
-      Object.assign(newError, errValue)
-      if (errValue.stack) {
-        newError.stack = errValue.stack
-      }
+  let newError = normalizeError(errValue)
+  if (newError === errValue) {
+    // here it means the original error was valid in the first place,
+    // so it was not normalized
+    newError = new Error(errValue.message)
+    Object.assign(newError, errValue)
+    if (errValue.stack) {
+      newError.stack = errValue.stack
     }
   }

package/lib/worker/templates.js CHANGED Viewed

@@ -28,12 +28,43 @@ module.exports = (reporter) => {
     const template = req.context.resolvedTemplate
     if (!template && !req.template.content) {
-      throw reporter.createError(`Unable to find specified template or user does not have permissions to read it: ${
-        (req.template._id || req.template.shortid || req.template.name)
-      }`, {
-        weak: true,
-        statusCode: 404
-      })
+      let error
+      if (
+        req.template._id ||
+        req.template.shortid ||
+        req.template.name
+      ) {
+        const query = {}
+        if (req.template._id) {
+          query._id = req.template._id
+        } else if (req.template.shortid) {
+          query.shortid = req.template.shortid
+        } else if (req.template.name) {
+          query.name = req.template.name
+        }
+        const templateFromLocal = await reporter.documentStore.collection('templates').findOneAdmin(query, req)
+        if (templateFromLocal == null) {
+          error = reporter.createError(`Unable to find specified template (${
+            (req.template.name || req.template.shortid || req.template._id)
+          })`, {
+            weak: true,
+            statusCode: 404
+          })
+        } else {
+          error = reporter.createError(`User does not have permissions to read template (${
+            (req.template.name || req.template.shortid || req.template._id)
+          })`, {
+            weak: true,
+            statusCode: 403
+          })
+        }
+      }
+      throw error
     }
     // store a copy to prevent side-effects, we ignore name from the req.template because it can be path "/path/to/template"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jsreport/jsreport-core",
-  "version": "3.8.1",
+  "version": "3.10.0",
   "description": "javascript based business reporting",
   "keywords": [
     "report",
@@ -54,7 +54,7 @@
     "diff-match-patch": "1.0.5",
     "enhanced-resolve": "5.8.3",
     "has-own-deep": "1.1.0",
-    "isbinaryfile": "4.0.0",
+    "isbinaryfile": "5.0.0",
     "listener-collection": "2.0.0",
     "lodash.get": "4.4.2",
     "lodash.groupby": "4.6.0",