@nocobase/client-v2 2.1.0-beta.34 → 2.1.0-beta.36

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nocobase/client-v2",
-  "version": "2.1.0-beta.34",
+  "version": "2.1.0-beta.36",
   "license": "Apache-2.0",
   "main": "lib/index.js",
   "module": "es/index.mjs",
@@ -26,10 +26,11 @@
     "@formily/antd-v5": "1.2.3",
     "@formily/react": "^2.2.27",
     "@formily/shared": "^2.2.27",
-    "@nocobase/evaluators": "2.1.0-beta.34",
-    "@nocobase/flow-engine": "2.1.0-beta.34",
-    "@nocobase/sdk": "2.1.0-beta.34",
-    "@nocobase/shared": "2.1.0-beta.34",
+    "@nocobase/evaluators": "2.1.0-beta.36",
+    "@nocobase/flow-engine": "2.1.0-beta.36",
+    "@nocobase/sdk": "2.1.0-beta.36",
+    "@nocobase/shared": "2.1.0-beta.36",
+    "@nocobase/utils": "2.1.0-beta.36",
     "ahooks": "^3.7.2",
     "antd": "5.24.2",
     "antd-style": "3.7.1",
@@ -43,5 +44,5 @@
     "react-i18next": "^11.15.1",
     "react-router-dom": "^6.30.1"
   },
-  "gitHead": "ca804833299c547f8d49f8d58f73273a4bfcd03c"
+  "gitHead": "397d45c744f6eb48b3a0cd785c87cbf1257c3513"
 }

package/src/BaseApplication.tsx

@@ -40,6 +40,7 @@ import type {
   RouterOptions,
 } from './RouterManager';
 import { WebSocketClient, type WebSocketClientOptions } from './WebSocketClient';
+import { getOperators } from './json-logic/globalOperators';
 import { compose, normalizeContainer } from './utils';
 import { defineGlobalDeps } from './utils/globalDeps';
 import { getRequireJs } from './utils/requirejs';
@@ -57,6 +58,11 @@ type AuthTokenPayload = {
   token: string;
   authenticator: string | null;
 };
+export type JsonLogic = {
+  apply: (logic: any, data?: any) => any;
+  addOperation: (name: string, fn?: any) => void;
+  rmOperation: (name: string) => void;
+};
 
 const LEADING_SLASHES_REGEXP = /^\/+/;
 const TRAILING_SLASHES_REGEXP = /\/+$/;
@@ -123,6 +129,7 @@ export abstract class BaseApplication<
   public favicon!: string;
   public flowEngine: FlowEngine;
   public dataSourceManager: any;
+  public jsonLogic!: JsonLogic;
   public context: FlowEngineContext & {
     routeRepository: RouteRepository;
     appInfo: Promise<Record<string, any>>;
@@ -220,6 +227,7 @@ export abstract class BaseApplication<
 
   protected afterManagersInitialized() {
     this.aiManager = new AIManager(this);
+    this.jsonLogic = getOperators();
   }
 
   protected configureContext() {
@@ -360,11 +368,11 @@ export abstract class BaseApplication<
     });
   }
 
-  updateFavicon(favicon?: string) {
+  updateFavicon(favicon?: string | null) {
     let faviconLinkElement = document.querySelector('link[rel="shortcut icon"]') as HTMLLinkElement;
 
-    if (favicon) {
-      this.favicon = favicon;
+    if (arguments.length > 0) {
+      this.favicon = favicon || '';
     }
 
     const iconHref = this.favicon || '/favicon/favicon.ico';

package/src/PluginManager.ts

@@ -26,6 +26,8 @@ export type PluginData = {
   version: string;
   url: string;
   clientV2Url?: string;
+  devMode?: 'esm';
+  appDevDependencies?: string[];
   type: 'local' | 'upload' | 'npm';
 };
 

package/src/PluginSettingsManager.ts

@@ -432,7 +432,7 @@ export class PluginSettingsManager<TApp extends BaseApplication<any> = BaseAppli
       return null;
     }
 
-    const { title, aclSnippet, key, menuKey, name, ...others } = page;
+    const { title, aclSnippet, key, menuKey, name, icon, ...others } = page;
 
     return {
       ...others,
@@ -443,6 +443,7 @@ export class PluginSettingsManager<TApp extends BaseApplication<any> = BaseAppli
       name,
       title,
       label: title,
+      icon: this.renderIcon(icon),
       path: this.getRoutePath(name),
       sort: page.sort,
       isAllow,

package/src/__tests__/PluginSettingsManager.test.ts

@@ -76,6 +76,25 @@ describe('PluginSettingsManager v2', () => {
     expect(app.router.get('admin.settings.demo.advanced')).toMatchObject({ path: 'advanced' });
   });
 
+  it('should render string icon on both menu and page tab via renderIcon', () => {
+    // Previously `renderPage` spread the raw `icon` string straight to the antd
+    // Menu item, which displayed "LockOutlinedTitle" as text. Both `renderMenuItem`
+    // and `renderPage` must coerce string icon names to React elements.
+    const app = createMockClient();
+
+    app.pluginSettingsManager.addMenuItem({ key: 'demo', title: 'Demo', icon: 'TeamOutlined' });
+    app.pluginSettingsManager.addPageTabItem({
+      menuKey: 'demo',
+      key: 'index',
+      title: 'Overview',
+      icon: 'LockOutlined',
+    });
+
+    const list = app.pluginSettingsManager.getList();
+    expect(React.isValidElement(list[0].icon)).toBe(true);
+    expect(React.isValidElement(list[0].children?.[0].icon)).toBe(true);
+  });
+
   it('should support componentLoader on page item', () => {
     const app = createMockClient();
     const componentLoader = async () => ({

package/src/__tests__/PoweredBy.test.tsx

@@ -0,0 +1,130 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { render, screen, waitFor } from '@testing-library/react';
+import React from 'react';
+import { createMockClient } from '../MockApplication';
+import { Plugin } from '../Plugin';
+import PoweredBy from '../components/PoweredBy';
+
+class PoweredByRoutePlugin extends Plugin {
+  async load() {
+    this.router.add('root', {
+      path: '/',
+      Component: PoweredBy,
+    });
+  }
+}
+
+class MockCustomBrandPlugin extends Plugin {}
+
+const renderPoweredBy = async (plugins: any[] = [], appInfoData: Record<string, any> = { version: '1.2.3' }) => {
+  const app = createMockClient({
+    plugins: [PoweredByRoutePlugin as any, ...plugins],
+  });
+
+  app.apiMock.onGet('app:getInfo').reply(200, {
+    data: appInfoData,
+  });
+
+  const Root = app.getRootComponent();
+  const result = render(<Root />);
+
+  await waitFor(() => {
+    expect(document.querySelector('.ant-spin-spinning')).not.toBeInTheDocument();
+  });
+
+  return result;
+};
+
+describe('PoweredBy', () => {
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it('should render the default brand when custom-brand is not installed', async () => {
+    const { container } = await renderPoweredBy();
+
+    expect(screen.getByRole('link', { name: 'NocoBase' })).toHaveAttribute('href', 'https://www.nocobase.com');
+    expect(container).toHaveTextContent('Powered by NocoBase');
+    // The `.nb-brand` className is reserved for the custom-brand HTML branch
+    // so downstream stylesheets can selectively target customised content
+    // without leaking onto the default footer.
+    expect(container.querySelector('.nb-brand')).not.toBeInTheDocument();
+  });
+
+  it('should render custom-brand HTML and replace appVersion', async () => {
+    const { container } = await renderPoweredBy([
+      [
+        MockCustomBrandPlugin,
+        {
+          packageName: '@nocobase/plugin-custom-brand',
+          options: {
+            brand: '<span>Custom Brand</span>{{appVersion}}',
+          },
+        },
+      ],
+    ]);
+
+    await waitFor(() => {
+      expect(container.querySelector('.nb-brand')).toHaveTextContent('Custom Brandv1.2.3');
+    });
+    expect(container.querySelector('.nb-app-version')).toHaveTextContent('v1.2.3');
+    expect(screen.queryByText('Powered by')).not.toBeInTheDocument();
+  });
+
+  it('should not render undefined appVersion when app version is unavailable', async () => {
+    const { container } = await renderPoweredBy(
+      [
+        [
+          MockCustomBrandPlugin,
+          {
+            packageName: '@nocobase/plugin-custom-brand',
+            options: {
+              brand: '<span>Custom Brand</span>{{appVersion}}',
+            },
+          },
+        ],
+      ],
+      {},
+    );
+
+    expect(container.querySelector('.nb-brand')).toHaveTextContent('Custom Brand');
+    expect(container.querySelector('.nb-brand')).not.toHaveTextContent('undefined');
+    expect(container.querySelector('.nb-app-version')).not.toBeInTheDocument();
+  });
+
+  it('should escape custom-brand appVersion placeholder', async () => {
+    // Defence in depth: even if the back-end ever returns a tampered
+    // `app:getInfo` payload, the version string must be HTML-escaped
+    // before being interpolated into the custom-brand template — never
+    // produce a live `<script>` node in the DOM.
+    const { container } = await renderPoweredBy(
+      [
+        [
+          MockCustomBrandPlugin,
+          {
+            packageName: '@nocobase/plugin-custom-brand',
+            options: {
+              brand: '<span>Custom Brand</span>{{appVersion}}',
+            },
+          },
+        ],
+      ],
+      {
+        version: '<script>alert(1)</script>&"',
+      },
+    );
+
+    await waitFor(() => {
+      expect(container.querySelector('.nb-app-version')).toHaveTextContent('v<script>alert(1)</script>&"');
+    });
+    expect(container.querySelector('.nb-brand script')).not.toBeInTheDocument();
+  });
+});

package/src/__tests__/app.test.tsx

@@ -12,6 +12,7 @@ import { useFlowEngineContext } from '@nocobase/flow-engine';
 import { act, fireEvent, render, screen, waitFor } from '@testing-library/react';
 import React from 'react';
 import { Outlet } from 'react-router-dom';
+import { escapeHTML, getAppVersionHTML } from '../utils';
 
 const waitForAppReady = async () => {
   await waitFor(() => {
@@ -48,6 +49,14 @@ describe('app', () => {
       expect(app.getHref('/test')).toBe('/test');
     });
 
+    it('should initialize shared jsonLogic operators', () => {
+      const app = new Application({ router });
+
+      expect(app.jsonLogic.apply({ $eq: [1, '1'] })).toBe(true);
+      app.jsonLogic.addOperation('$testAlwaysTrue', () => true);
+      expect(app.jsonLogic.apply({ $testAlwaysTrue: [] })).toBe(true);
+    });
+
     it('should apply the provided favicon immediately', () => {
       const app = new Application({ router });
 
@@ -58,6 +67,36 @@ describe('app', () => {
       expect(favicon.getAttribute('href')).toBe('/custom-favicon.ico');
     });
 
+    it('should reset favicon to default when favicon is cleared', () => {
+      const app = new Application({ router });
+
+      app.updateFavicon('/custom-favicon.ico');
+      app.updateFavicon(null);
+
+      const favicon = document.querySelector('link[rel="shortcut icon"]') as HTMLLinkElement;
+      expect(favicon).toBeInTheDocument();
+      expect(favicon.getAttribute('href')).toBe('/favicon/favicon.ico');
+    });
+
+    it('should reset favicon to default when favicon is explicitly undefined', () => {
+      const app = new Application({ router });
+
+      app.updateFavicon('/custom-favicon.ico');
+      app.updateFavicon(undefined);
+
+      const favicon = document.querySelector('link[rel="shortcut icon"]') as HTMLLinkElement;
+      expect(favicon).toBeInTheDocument();
+      expect(favicon.getAttribute('href')).toBe('/favicon/favicon.ico');
+    });
+
+    it('should escape app version html placeholder content', () => {
+      expect(getAppVersionHTML('<script>alert(1)</script>&"')).toBe(
+        '<span class="nb-app-version">v&lt;script&gt;alert(1)&lt;/script&gt;&amp;&quot;</span>',
+      );
+      expect(getAppVersionHTML(undefined)).toBe('');
+      expect(escapeHTML("NocoBase <v2> & 'beta'")).toBe('NocoBase &lt;v2&gt; &amp; &#39;beta&#39;');
+    });
+
     it('should reject invalid component objects but keep valid exotic components', () => {
       const app = new Application({ router });
       const errorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});

package/src/__tests__/nocobase-buildin-plugin-auth.test.tsx

@@ -39,30 +39,18 @@ describe('nocobase buildin plugin auth redirect', () => {
     vi.restoreAllMocks();
   });
 
-  it('should redirect unauthenticated admin access to v2 signin with replace', async () => {
-    const replace = vi.fn();
-    Object.defineProperty(globalThis.window, 'location', {
-      configurable: true,
-      value: {
-        ...originalLocation,
-        pathname: '/v2/admin/7vu4c2sdk6h',
-        search: '',
-        hash: '',
-        replace,
-      },
-    });
-
+  it('should navigate to v2 signin when /auth:check returns no user', async () => {
+    // Aligns with v1: use react-router navigate (virtual) rather than
+    // `window.location.replace`, so a `window.location.href` queued elsewhere
+    // (e.g. 2FA's `code:302` response interceptor) can commit instead of being
+    // overridden.
     const app = createMockClient({
       publicPath: '/v2/',
       plugins: [NocoBaseBuildInPlugin as any],
       router: { type: 'memory', initialEntries: ['/v2/admin/7vu4c2sdk6h'] },
     });
     app.apiMock.onGet('app:getLang').reply(200, {
-      data: {
-        lang: 'en-US',
-        resources: { client: {} },
-        cron: {},
-      },
+      data: { lang: 'en-US', resources: { client: {} }, cron: {} },
     });
     app.apiMock.onGet('/auth:check').reply(200, { data: {} });
 
@@ -70,68 +58,63 @@ describe('nocobase buildin plugin auth redirect', () => {
     render(<Root />);
 
     await waitFor(() => {
-      expect(replace).toHaveBeenCalledWith('/v2/signin?redirect=%2Fv2%2Fadmin%2F7vu4c2sdk6h');
+      expect(app.router.router.state.location.pathname).toBe('/v2/signin');
+      expect(app.router.router.state.location.search).toBe('?redirect=%2Fv2%2Fadmin%2F7vu4c2sdk6h');
     });
   });
 
-  it('should redirect unauthenticated v2 root access to v2 signin with default admin redirect', async () => {
-    const replace = vi.fn();
-    Object.defineProperty(globalThis.window, 'location', {
-      configurable: true,
-      value: {
-        ...originalLocation,
-        pathname: '/nocobase/v2/',
-        search: '',
-        hash: '',
-        replace,
-      },
+  it('should short-circuit /auth:check when server returns code:302 instead of redirecting to signin', async () => {
+    // When the server signals an intermediate redirect (typically 2FA verify),
+    // CurrentUserProvider must NOT treat the missing `user.id` as "logged out"
+    // and race the 2FA response interceptor with its own signin redirect.
+    const app = createMockClient({
+      publicPath: '/v2/',
+      plugins: [NocoBaseBuildInPlugin as any],
+      router: { type: 'memory', initialEntries: ['/v2/admin'] },
+    });
+    app.apiMock.onGet('app:getLang').reply(200, {
+      data: { lang: 'en-US', resources: { client: {} }, cron: {} },
+    });
+    app.apiMock.onGet('/auth:check').reply(200, {
+      data: { code: 302, redirect: '/2fa?redirect=/admin' },
     });
 
+    const Root = app.getRootComponent();
+    render(<Root />);
+
+    // Give CurrentUserProvider time to process the response.
+    await new Promise((resolve) => setTimeout(resolve, 50));
+    expect(app.router.router.state.location.pathname).toBe('/v2/admin');
+    expect(app.router.router.state.location.search).toBe('');
+  });
+
+  it('should redirect unauthenticated v2 root access to v2 signin via <Navigate />', async () => {
     const app = createMockClient({
       publicPath: '/nocobase/v2/',
       plugins: [NocoBaseBuildInPlugin as any],
       router: { type: 'memory', initialEntries: ['/nocobase/v2/'] },
     });
     app.apiMock.onGet('app:getLang').reply(200, {
-      data: {
-        lang: 'en-US',
-        resources: { client: {} },
-        cron: {},
-      },
+      data: { lang: 'en-US', resources: { client: {} }, cron: {} },
     });
 
     const Root = app.getRootComponent();
     render(<Root />);
 
     await waitFor(() => {
-      expect(replace).toHaveBeenCalledWith('/nocobase/v2/signin?redirect=%2Fnocobase%2Fv2%2Fadmin');
+      expect(app.router.router.state.location.pathname).toBe('/nocobase/v2/signin');
+      expect(app.router.router.state.location.search).toBe('?redirect=%2Fnocobase%2Fv2%2Fadmin');
     });
   });
 
   it('should render v2 admin root without redirecting away', async () => {
-    const replace = vi.fn();
-    Object.defineProperty(globalThis.window, 'location', {
-      configurable: true,
-      value: {
-        ...originalLocation,
-        pathname: '/v2/admin',
-        search: '',
-        hash: '',
-        replace,
-      },
-    });
-
     const app = createMockClient({
       publicPath: '/v2/',
       plugins: [NocoBaseBuildInPlugin as any],
       router: { type: 'memory', initialEntries: ['/v2/admin'] },
     });
     app.apiMock.onGet('app:getLang').reply(200, {
-      data: {
-        lang: 'en-US',
-        resources: { client: {} },
-        cron: {},
-      },
+      data: { lang: 'en-US', resources: { client: {} }, cron: {} },
     });
     app.apiMock.onGet('/auth:check').reply(200, { data: { id: 1 } });
     app.apiMock.onGet('systemSettings:get').reply(200, { data: {} });
@@ -152,36 +135,20 @@ describe('nocobase buildin plugin auth redirect', () => {
     await waitFor(() => {
       expect(container.innerHTML).toContain('No pages yet, please configure first');
     });
-    expect(replace).not.toHaveBeenCalled();
+    expect(app.router.router.state.location.pathname).toBe('/v2/admin');
     expect(container.innerHTML).not.toContain('Legacy page');
   });
 
   it.each(['/v2/admin/legacy-page/tab/tab-1', '/v2/admin/legacy-page/view/detail'])(
     'should show 404 for authenticated direct v1-style v2 page access: %s',
     async (pathname) => {
-      const replace = vi.fn();
-      Object.defineProperty(globalThis.window, 'location', {
-        configurable: true,
-        value: {
-          ...originalLocation,
-          pathname,
-          search: '?from=direct',
-          hash: '#dialog',
-          replace,
-        },
-      });
-
       const app = createMockClient({
         publicPath: '/v2/',
         plugins: [NocoBaseBuildInPlugin as any],
         router: { type: 'memory', initialEntries: [pathname] },
       });
       app.apiMock.onGet('app:getLang').reply(200, {
-        data: {
-          lang: 'en-US',
-          resources: { client: {} },
-          cron: {},
-        },
+        data: { lang: 'en-US', resources: { client: {} }, cron: {} },
       });
       app.apiMock.onGet('/auth:check').reply(200, { data: { id: 1 } });
       app.apiMock.onGet('systemSettings:get').reply(200, { data: {} });
@@ -200,7 +167,7 @@ describe('nocobase buildin plugin auth redirect', () => {
       render(<Root />);
 
       expect(await screen.findByText('404')).toBeInTheDocument();
-      expect(replace).not.toHaveBeenCalled();
+      expect(app.router.router.state.location.pathname).toBe(pathname);
     },
   );
 });