@saltcorn/server 0.7.0-beta.1 → 0.7.0-beta.4

package/auth/routes.js

@@ -41,6 +41,8 @@ const {
   code,
   pre,
   p,
+  script,
+  domReady,
 } = require("@saltcorn/markup/tags");
 const {
   available_languages,
@@ -416,6 +418,7 @@ router.get(
       const form = loginForm(req, true);
       form.action = "/auth/create_first_user";
       form.submitLabel = req.__("Create user");
+      form.class = "create-first-user";
       form.blurb = req.__(
         "Please create your first user account, which will have administrative privileges. You can add other users and give them administrative privileges later."
       );
@@ -424,7 +427,17 @@ router.get(
         [i({ class: "fas fa-upload me-2 mt-2" }), req.__("Restore a backup")],
         `/auth/create_from_restore`
       );
-      res.sendAuthWrap(req.__(`Create first user`), form, {}, restore);
+      res.sendAuthWrap(
+        req.__(`Create first user`),
+        form,
+        {},
+        restore +
+          script(
+            domReady(
+              `$('form.create-first-user button[type=submit]').click(function(){press_store_button(this)})`
+            )
+          )
+      );
     } else {
       req.flash("danger", req.__("Users already present"));
       res.redirect("/auth/login");
@@ -1194,14 +1207,12 @@ const userSettings = async ({ req, res, pwform, user }) => {
                 ),
                 div(
                   user._attributes.totp_enabled
-                    ? post_btn(
-                        "/auth/twofa/disable/totp",
-                        "Disable",
-                        req.csrfToken(),
+                    ? a(
                         {
-                          btnClass: "btn-danger mt-2",
-                          req,
-                        }
+                          href: "/auth/twofa/disable/totp",
+                          class: "btn btn-danger mt-2",
+                        },
+                        "Disable"
                       )
                     : a(
                         {
@@ -1552,6 +1563,7 @@ router.post(
     if (!user._attributes.totp_key) {
       //key not set
       req.flash("danger", req.__("2FA TOTP Key not set"));
+      console.log("2FA TOTP Key not set");
       res.redirect("/auth/twofa/setup/totp");
       return;
     }
@@ -1560,6 +1572,8 @@ router.post(
     form.validate(req.body);
     if (form.hasErrors) {
       req.flash("danger", req.__("Error processing form"));
+      console.log("Error processing form");
+
       res.redirect("/auth/twofa/setup/totp");
       return;
     }
@@ -1569,6 +1583,7 @@ router.post(
     });
     if (!rv) {
       req.flash("danger", req.__("Could not verify code"));
+      console.log("Could not verify code");
       res.redirect("/auth/twofa/setup/totp");
       return;
     }
@@ -1585,11 +1600,42 @@ router.post(
   })
 );
 
+router.get(
+  "/twofa/disable/totp",
+  loggedIn,
+  error_catcher(async (req, res) => {
+    res.sendWrap(req.__("Disable two-factor authentication"), {
+      type: "card",
+      title: req.__("Disable two-factor authentication"),
+      contents: [
+        h4(req.__("Enter your two-factor code in order to disable it")),
+        renderForm(totpForm(req, "/auth/twofa/disable/totp"), req.csrfToken()),
+      ],
+    });
+  })
+);
+
 router.post(
   "/twofa/disable/totp",
   loggedIn,
   error_catcher(async (req, res) => {
     const user = await User.findOne({ id: req.user.id });
+    const form = totpForm(req, "/auth/twofa/disable/totp");
+    form.validate(req.body);
+    if (form.hasErrors) {
+      req.flash("danger", req.__("Error processing form"));
+      res.redirect("/auth/twofa/disable/totp");
+      return;
+    }
+    const code = `${form.values.totpCode}`;
+    const rv = totp.verify(code, user._attributes.totp_key, {
+      time: 30,
+    });
+    if (!rv) {
+      req.flash("danger", req.__("Could not verify code"));
+      res.redirect("/auth/twofa/disable/totp");
+      return;
+    }
     user._attributes.totp_enabled = false;
     delete user._attributes.totp_key;
     await user.update({ _attributes: user._attributes });
@@ -1602,9 +1648,9 @@ router.post(
     res.redirect("/auth/settings");
   })
 );
-const totpForm = (req) =>
+const totpForm = (req, action) =>
   new Form({
-    action: "/auth/twofa/setup/totp",
+    action: action || "/auth/twofa/setup/totp",
     fields: [
       {
         name: "totpCode",

package/locales/en.json

@@ -867,5 +867,14 @@
 	"Save before going back": "Save before going back",
 	"Reload after going back": "Reload after going back",
 	"2FA policy": "2FA policy",
-	"Steps to go back": "Steps to go back"
+	"Steps to go back": "Steps to go back",
+	"Place in dropdown": "Place in dropdown",
+	"Hide null columns": "Hide null columns",
+	"Do not display a column if it contains entirely missing values": "Do not display a column if it contains entirely missing values",
+	"Show a warning to users creating a tenant disclaiming warrenty of availability or security": "Show a warning to users creating a tenant disclaiming warrenty of availability or security",
+	"Set to 0 for expration at the end of browser session": "Set to 0 for expration at the end of browser session",
+	"Could not verify code": "Could not verify code",
+	"Disable two-factor authentication": "Disable two-factor authentication",
+	"Enter your two-factor code in order to disable it": "Enter your two-factor code in order to disable it",
+	"Allow the user to enter a new key that is not in the schema": "Allow the user to enter a new key that is not in the schema"
 }

package/locales/it.json

@@ -475,5 +475,7 @@
 	"Events": "Events",
 	"Verified": "Verified",
 	"SSL": "SSL",
-	"Generate": "Generate"
+	"Generate": "Generate",
+	"Two-factor authentication": "Two-factor authentication",
+	"Two-factor authentication is disabled": "Two-factor authentication is disabled"
 }

package/markup/admin.js

@@ -46,14 +46,21 @@ const restore_backup = (csrf, inner, action = `/admin/restore`) =>
       encType: "multipart/form-data",
     },
     input({ type: "hidden", name: "_csrf", value: csrf }),
-    label({ class: "btn-link", for: "upload_to_restore" }, inner),
+    label(
+      {
+        class: "btn-link",
+        for: "upload_to_restore",
+        style: { cursor: "pointer" },
+      },
+      inner
+    ),
     input({
       id: "upload_to_restore",
       class: "d-none",
       name: "file",
       type: "file",
       accept: "application/zip,.zip",
-      onchange: "this.form.submit();",
+      onchange: "notifyAlert('Restoring backup...', true);this.form.submit();",
     })
   );
 

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.7.0-beta.1",
+  "version": "0.7.0-beta.4",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.7.0-beta.1",
-    "@saltcorn/builder": "0.7.0-beta.1",
-    "@saltcorn/data": "0.7.0-beta.1",
-    "@saltcorn/admin-models": "0.7.0-beta.1",
-    "@saltcorn/markup": "0.7.0-beta.1",
-    "@saltcorn/sbadmin2": "0.7.0-beta.1",
+    "@saltcorn/base-plugin": "0.7.0-beta.4",
+    "@saltcorn/builder": "0.7.0-beta.4",
+    "@saltcorn/data": "0.7.0-beta.4",
+    "@saltcorn/admin-models": "0.7.0-beta.4",
+    "@saltcorn/markup": "0.7.0-beta.4",
+    "@saltcorn/sbadmin2": "0.7.0-beta.4",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "aws-sdk": "^2.1037.0",
@@ -31,7 +31,7 @@
     "greenlock": "^4.0.4",
     "greenlock-express": "^4.0.3",
     "helmet": "^3.23.3",
-    "i18n": "^0.13.2",
+    "i18n": "^0.14.0",
     "live-plugin-manager": "^0.16.0",
     "moment": "^2.27.0",
     "multer": "^1.4.3",

package/public/gridedit.js

@@ -8,6 +8,10 @@ function lookupIntToString(cell, formatterParams, onRendered) {
   const res = formatterParams.values[val];
   return res;
 }
+function deleteIcon() {
+  //plain text value
+  return '<i class="far fa-trash-alt"></i>';
+}
 
 function flatpickerEditor(cell, onRendered, success, cancel, editorParams) {
   var input = $("<input type='text'/>");

package/public/saltcorn-builder.css

@@ -361,3 +361,6 @@ Copyright (c) 2017 Taha Paksu
 .btn-builder-move {
   color: white;
 }
+.dropdown-menu.searchbar-dropdown.show {
+  transform: translate(0px, 40px);
+}

package/public/saltcorn.css

@@ -223,4 +223,8 @@ footer.bs-mobile-nav-footer {
 
 .form-group {
   margin-bottom: 1rem;
-}
+}
+
+.table-responsive {
+  overflow: visible;
+}

package/public/saltcorn.js

@@ -423,7 +423,7 @@ function tristateClick(nm) {
   }
 }
 
-function notifyAlert(note) {
+function notifyAlert(note, spin) {
   if (Array.isArray(note)) {
     note.forEach(notifyAlert);
     return;
@@ -438,10 +438,16 @@ function notifyAlert(note) {
   }
 
   $("#alerts-area")
-    .append(`<div class="alert alert-${type} alert-dismissible fade show" role="alert">
+    .append(`<div class="alert alert-${type} alert-dismissible fade show ${
+    spin ? "d-flex align-items-center" : ""
+  }" role="alert">
   ${txt}
-  <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
-  </button>
+  ${
+    spin
+      ? `<div class="spinner-border ms-auto" role="status" aria-hidden="true"></div>`
+      : `<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
+  </button>`
+  }
 </div>`);
 }
 
@@ -751,14 +757,33 @@ function room_older(viewname, room_id, btn) {
   );
 }
 
-function fill_formula_btn_click(btn) {
+async function fill_formula_btn_click(btn, k) {
   const formula = decodeURIComponent($(btn).attr("data-formula"));
+  const free_vars = JSON.parse(
+    decodeURIComponent($(btn).attr("data-formula-free-vars"))
+  );
+  const table = JSON.parse(
+    decodeURIComponent($(btn).attr("data-formula-table"))
+  );
   const rec = get_form_record($(btn), true);
+  const rec_ids = get_form_record($(btn));
+  for (const fv of free_vars) {
+    if (fv.includes(".")) {
+      const kpath = fv.split(".");
+      const [refNm, targetNm] = kpath;
+      const reffield = table.fields.find((f) => f.name === refNm);
+      const resp = await $.ajax(
+        `/api/${reffield.reftable_name}?id=${rec_ids[refNm]}`
+      );
+      rec[refNm] = resp.success[0];
+    }
+  }
   const val = new Function(
     `{${Object.keys(rec).join(",")}}`,
     "return " + formula
   )(rec);
   $(btn).closest(".input-group").find("input").val(val);
+  if (k) k();
 }
 
 /*

package/routes/admin.js

@@ -71,6 +71,7 @@ const {
 } = require("../markup/admin");
 const moment = require("moment");
 const View = require("@saltcorn/data/models/view");
+const { getConfigFile } = require("@saltcorn/data/db/connect");
 
 /**
  * @type {object}
@@ -99,7 +100,7 @@ const site_id_form = (req) =>
       "page_custom_html",
       "development_mode",
       "log_sql",
-      "multitenancy_enabled",
+      ...(getConfigFile() ? ["multitenancy_enabled"] : []),
     ],
     action: "/admin",
     submitLabel: req.__("Save"),

package/routes/api.js

@@ -111,6 +111,51 @@ function accessAllowed(req, user, trigger) {
   return role <= trigger.min_role;
 }
 
+router.get(
+  "/:tableName/distinct/:fieldName",
+  //passport.authenticate("api-bearer", { session: false }),
+  error_catcher(async (req, res, next) => {
+    let { tableName, fieldName } = req.params;
+    const table = await Table.findOne(
+      strictParseInt(tableName)
+        ? { id: strictParseInt(tableName) }
+        : { name: tableName }
+    );
+    if (!table) {
+      res.status(404).json({ error: req.__("Not found") });
+      return;
+    }
+
+    await passport.authenticate(
+      "api-bearer",
+      { session: false },
+      async function (err, user, info) {
+        if (accessAllowedRead(req, user, table)) {
+          const field = (await table.getFields()).find(
+            (f) => f.name === fieldName
+          );
+          if (!field) {
+            res.status(404).json({ error: req.__("Not found") });
+            return;
+          }
+          let dvs;
+          if (
+            field.is_fkey ||
+            (field.type.name === "String" && field.attributes?.options)
+          ) {
+            dvs = await field.distinct_values();
+          } else {
+            dvs = await table.distinctValues(fieldName);
+          }
+          res.json({ success: dvs });
+        } else {
+          res.status(401).json({ error: req.__("Not authorized") });
+        }
+      }
+    )(req, res, next);
+  })
+);
+
 /**
  * Select Table rows using GET
  * @name get/:tableName/

package/routes/homepage.js

@@ -265,7 +265,7 @@ const packTab = (req, packlist) =>
     { class: "pb-3 pt-2 pe-4" },
     p(req.__("Instead of building, get up and running in no time with packs")),
     p(
-      { class: "font-italic" },
+      { class: "fst-italic" },
       req.__(
         "Packs are collections of tables, views and plugins that give you a full application which you can then edit to suit your needs."
       )

package/routes/list.js

@@ -259,8 +259,8 @@ router.get(
       });
     }
     jsfields.push({
-      formatter: "buttonCross",
-      title: i({ class: "far fa-trash-alt" }),
+      formatter: "__deleteIcon",
+      title: "",
       width: 40,
       hozAlign: "center",
       headerSort: false,

package/routes/plugins.js

@@ -450,6 +450,7 @@ const store_actions_dropdown = (req) =>
           {
             class: "dropdown-item",
             href: `/plugins/upgrade`,
+            onClick: `notifyAlert('Upgrading plugins...', true)`,
           },
           '<i class="far fa-arrow-alt-circle-up"></i>&nbsp;' +
             req.__("Upgrade installed plugins")
@@ -646,7 +647,9 @@ router.get(
   error_catcher(async (req, res) => {
     const { plugin } = req.params;
     const filepath = req.params[0];
-    const location = getState().plugin_locations[plugin];
+    const location = getState().plugin_locations[
+      plugin.includes("@") ? plugin.split("@")[0] : plugin
+    ];
     if (location) {
       const safeFile = path
         .normalize(filepath)