@saltcorn/server 0.6.3-beta.2 → 0.6.3-beta.3

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.6.3-beta.2",
+  "version": "0.6.3-beta.3",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.6.3-beta.2",
-    "@saltcorn/builder": "0.6.3-beta.2",
-    "@saltcorn/data": "0.6.3-beta.2",
+    "@saltcorn/base-plugin": "0.6.3-beta.3",
+    "@saltcorn/builder": "0.6.3-beta.3",
+    "@saltcorn/data": "0.6.3-beta.3",
     "greenlock-express": "^4.0.3",
-    "@saltcorn/markup": "0.6.3-beta.2",
-    "@saltcorn/sbadmin2": "0.6.3-beta.2",
+    "@saltcorn/markup": "0.6.3-beta.3",
+    "@saltcorn/sbadmin2": "0.6.3-beta.3",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "connect-flash": "^0.1.1",
@@ -34,13 +34,17 @@
     "moment": "^2.27.0",
     "node-fetch": "2.6.2",
     "node-watch": "^0.7.2",
+    "notp": "2.0.3",
     "passport": "^0.4.1",
     "passport-custom": "^1.1.1",
     "passport-http-bearer": "^1.0.1",
+    "passport-totp": "0.0.2",
     "pg": "^8.2.1",
     "pluralize": "^8.0.0",
+    "qrcode": "1.5.0",
     "socket.io": "4.2.0",
     "tmp-promise": "^3.0.2",
+    "thirty-two": "1.0.2",
     "multer-s3": "^2.10.0",
     "multer": "^1.4.3",
     "aws-sdk": "^2.1037.0",

package/public/gridedit.js

@@ -179,7 +179,9 @@ DateField.prototype = new jsGrid.Field({
     setTimeout(function () {
       flatpickr(insertPicker, {
         enableTime: true,
-        dateFormat: "Y-m-d H:i",
+        dateFormat: "Z",
+        altInput: true,
+        altFormat: "Y-m-d h:i K",
       });
     });
     return insertPicker;
@@ -192,7 +194,9 @@ DateField.prototype = new jsGrid.Field({
     setTimeout(function () {
       flatpickr(editPicker, {
         enableTime: true,
-        dateFormat: "Y-m-d H:i",
+        dateFormat: "Z",
+        altInput: true,
+        altFormat: "Y-m-d h:i K",
       });
     });
     return editPicker;

package/restart_watcher.js

@@ -120,6 +120,9 @@ const listenForChanges = (projectDirs, pluginDirs) => {
         (event, file) => {
           console.log("'%s' changed \n re-starting now", file);
           closeWatchers();
+          spawnSync("npm", ["run", "tsc"], {
+            stdio: "inherit",
+          });
           process.exit();
         }
       )

package/routes/admin.js

@@ -769,6 +769,7 @@ router.post(
       for (const file of files) {
         await file.delete();
       }
+      if (db.reset_sequence) await db.reset_sequence("_sc_files");
     }
     if (form.values.plugins) {
       const ps = await Plugin.find();

package/routes/api.js

@@ -65,11 +65,12 @@ const limitFields = (fields) => (r) => {
  * @returns {boolean}
  */
 function accessAllowedRead(req, user, table) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   return role <= table.min_role_read;
 }
@@ -82,11 +83,12 @@ function accessAllowedRead(req, user, table) {
  * @returns {boolean}
  */
 function accessAllowedWrite(req, user, table) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   return role <= table.min_role_write;
 }
@@ -98,11 +100,12 @@ function accessAllowedWrite(req, user, table) {
  * @returns {boolean}
  */
 function accessAllowed(req, user, trigger) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   return role <= trigger.min_role;
 }

package/routes/delete.js

@@ -33,7 +33,7 @@ router.post(
     const { name, id } = req.params;
     const { redirect } = req.query;
     const table = await Table.findOne({ name });
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     try {
       if (role <= table.min_role_write) await table.deleteRows({ id });
       else if (table.ownership_field_id && req.user) {

package/routes/edit.js

@@ -37,7 +37,7 @@ router.post(
     const { name, id, field_name } = req.params;
     const { redirect } = req.query;
     const table = await Table.findOne({ name });
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     if (role <= table.min_role_write) await table.toggleBool(+id, field_name);
     else
       req.flash(

package/routes/fields.js

@@ -26,6 +26,7 @@ const { isAdmin, error_catcher } = require("./utils.js");
 const expressionBlurb = require("../markup/expression_blurb");
 const { readState } = require("@saltcorn/data/plugin-helper");
 const { wizardCardTitle } = require("../markup/forms.js");
+const FieldRepeat = require("@saltcorn/data/models/fieldrepeat");
 
 /**
  * @type {object}
@@ -161,8 +162,9 @@ const translateAttributes = (attrs, req) =>
  * @returns {object}
  */
 const translateAttribute = (attr, req) => {
-  const res = { ...attr };
+  let res = { ...attr };
   if (res.sublabel) res.sublabel = req.__(res.sublabel);
+  if (res.isRepeat) res = new FieldRepeat(res);
   return res;
 };
 
@@ -660,7 +662,15 @@ router.post(
     if (fieldName.includes(".")) {
       const [refNm, targetNm] = fieldName.split(".");
       const ref = fields.find((f) => f.name === refNm);
+      if (!ref) {
+        res.send("");
+        return;
+      }
       const reftable = await Table.findOne({ name: ref.reftable_name });
+      if (!reftable) {
+        res.send("");
+        return;
+      }
       const reffields = await reftable.getFields();
       field = reffields.find((f) => f.name === targetNm);
       row = await reftable.getRow({});

package/routes/files.js

@@ -136,7 +136,7 @@ router.get(
 router.get(
   "/download/:id",
   error_catcher(async (req, res) => {
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const user_id = req.user && req.user.id;
     const { id } = req.params;
     const file = await File.findOne({ id });
@@ -160,7 +160,7 @@ router.get(
 router.get(
   "/serve/:id",
   error_catcher(async (req, res) => {
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const user_id = req.user && req.user.id;
     const { id } = req.params;
     let file;
@@ -243,7 +243,7 @@ router.post(
   error_catcher(async (req, res) => {
     let jsonResp = {};
     const min_role_upload = getState().getConfig("min_role_upload", 1);
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     if (role > +min_role_upload) {
       if (!req.xhr) req.flash("warning", req.__("Not authorized"));
       else jsonResp = { error: "Not authorized" };

package/routes/homepage.js

@@ -398,7 +398,7 @@ const welcome_page = async (req) => {
  * @returns {Promise<void>}
  */
 const no_views_logged_in = async (req, res) => {
-  const role = req.isAuthenticated() ? req.user.role_id : 10;
+  const role = req.user && req.user.id ? req.user.role_id : 10;
   if (role > 1 || req.user.tenant !== db.getTenantSchema())
     res.sendWrap(req.__("Hello"), req.__("Welcome to Saltcorn!"));
   else {
@@ -463,7 +463,7 @@ module.exports =
    * @returns {Promise<void>}
    */
   async (req, res) => {
-    const isAuth = req.isAuthenticated();
+    const isAuth = req.user && req.user.id;
     const role_id = req.user ? req.user.role_id : 10;
     const cfgResp = await get_config_response(role_id, res, req);
     if (cfgResp) return;

package/routes/page.js

@@ -37,7 +37,7 @@ router.get(
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
 
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       const contents = await db_page.run(req.query, { res, req });
@@ -73,7 +73,7 @@ router.post(
   "/:pagename/action/:rndid",
   error_catcher(async (req, res) => {
     const { pagename, rndid } = req.params;
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const db_page = await Page.findOne({ name: pagename });
     if (db_page && role <= db_page.min_role) {
       let col;

package/routes/scapi.js

@@ -44,11 +44,12 @@ module.exports = router;
  * @returns {boolean}
  */
 function accessAllowedRead(req, user) {
-  const role = req.isAuthenticated()
-    ? req.user.role_id
-    : user && user.role_id
-    ? user.role_id
-    : 10;
+  const role =
+    req.user && req.user.id
+      ? req.user.role_id
+      : user && user.role_id
+      ? user.role_id
+      : 10;
 
   if (role === 1) return true;
   return false;

package/routes/utils.js

@@ -49,7 +49,13 @@ function isAdmin(req, res, next) {
     next();
   } else {
     req.flash("danger", req.__("Must be admin"));
-    res.redirect(req.user ? "/" : "/auth/login");
+    res.redirect(
+      req.user && req.user.pending_user
+        ? "/auth/twofa/login/totp"
+        : req.user
+        ? "/"
+        : "/auth/login"
+    );
   }
 }
 

package/routes/view.js

@@ -42,8 +42,7 @@ router.get(
     const { viewname } = req.params;
     const query = { ...req.query };
     const view = await View.findOne({ name: viewname });
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
-
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     if (!view) {
       req.flash("danger", req.__(`No such view: %s`, text(viewname)));
       res.redirect("/");
@@ -122,7 +121,7 @@ router.post(
   "/:viewname/:route",
   error_catcher(async (req, res) => {
     const { viewname, route } = req.params;
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
 
     const view = await View.findOne({ name: viewname });
     if (!view) {
@@ -147,7 +146,7 @@ router.post(
   ["/:viewname", "/:viewname/*"],
   error_catcher(async (req, res) => {
     const { viewname } = req.params;
-    const role = req.isAuthenticated() ? req.user.role_id : 10;
+    const role = req.user && req.user.id ? req.user.role_id : 10;
     const query = { ...req.query };
 
     const view = await View.findOne({ name: viewname });

package/serve.js

@@ -163,9 +163,6 @@ module.exports =
     ...appargs
   } = {}) => {
     if (dev && cluster.isMaster) {
-      spawnSync("npm", ["run", "tsc"], {
-        stdio: "inherit",
-      });
       listenForChanges(getRelevantPackages(), await getPluginDirectories());
     }
     const useNCpus = process.env.SALTCORN_NWORKERS

package/wrapper.js

@@ -45,7 +45,7 @@ const get_extra_menu = (role, state, req) => {
 };
 
 const get_menu = (req) => {
-  const isAuth = req.isAuthenticated();
+  const isAuth = req.user && req.user.id;
   const state = getState();
   const role = (req.user || {}).role_id || 10;