@saltcorn/server 0.7.1-beta.3 → 0.7.2-beta.10

package/routes/admin.js

@@ -23,9 +23,6 @@ const {
   div,
   a,
   hr,
-  form,
-  input,
-  label,
   i,
   h4,
   table,
@@ -33,7 +30,6 @@ const {
   td,
   th,
   tr,
-  button,
   span,
   p,
   code,
@@ -45,13 +41,14 @@ const {
   getState,
   restart_tenant,
   getTenant,
-  get_other_domain_tenant,
+  //get_other_domain_tenant,
   get_process_init_time,
 } = require("@saltcorn/data/db/state");
 const { loadAllPlugins } = require("../load_plugins");
 const {
   create_backup,
   restore,
+  auto_backup_now,
 } = require("@saltcorn/admin-models/models/backup");
 const {
   runConfigurationCheck,
@@ -61,7 +58,7 @@ const load_plugins = require("../load_plugins");
 const {
   restore_backup,
   send_admin_page,
-  send_files_page,
+  //send_files_page,
   config_fields_form,
   save_config_from_form,
   flash_restart_if_required,
@@ -90,8 +87,9 @@ const router = new Router();
 module.exports = router;
 
 /**
- * @param {object} req
- * @returns {Promise<Form>}
+ * Site identity form
+ * @param {object} req -http request
+ * @returns {Promise<Form>} form
  */
 const site_id_form = (req) =>
   config_fields_form({
@@ -106,13 +104,15 @@ const site_id_form = (req) =>
       "page_custom_html",
       "development_mode",
       "log_sql",
+      "plugins_store_endpoint",
+      "packs_store_endpoint",
       ...(getConfigFile() ? ["multitenancy_enabled"] : []),
     ],
     action: "/admin",
     submitLabel: req.__("Save"),
   });
 /**
- * Email settings form definition
+ * Email settings form
  * @param {object} req request
  * @returns {Promise<Form>} form
  */
@@ -137,6 +137,7 @@ const email_form = async (req) => {
 };
 
 /**
+ * Router get /
  * @name get
  * @function
  * @memberof module:routes/admin~routes/adminRouter
@@ -145,7 +146,6 @@ router.get(
   "/",
   isAdmin,
   error_catcher(async (req, res) => {
-    const isRoot = db.getTenantSchema() === db.connectObj.default_schema;
     const form = await site_id_form(req);
     send_admin_page({
       res,
@@ -294,41 +294,148 @@ router.get(
   "/backup",
   isAdmin,
   error_catcher(async (req, res) => {
+    const backupForm = autoBackupForm(req);
+    backupForm.values.auto_backup_frequency = getState().getConfig(
+      "auto_backup_frequency"
+    );
+    backupForm.values.auto_backup_destination = getState().getConfig(
+      "auto_backup_destination"
+    );
+    backupForm.values.auto_backup_directory = getState().getConfig(
+      "auto_backup_directory"
+    );
+    const isRoot = db.getTenantSchema() === db.connectObj.default_schema;
+
     send_admin_page({
       res,
       req,
       active_sub: "Backup",
       contents: {
-        type: "card",
-        title: req.__("Backup"),
-        contents: table(
-          tbody(
-            tr(
-              td(
+        above: [
+          {
+            type: "card",
+            title: req.__("Manual backup"),
+            contents: {
+              besides: [
                 div(
-                  post_btn("/admin/backup", req.__("Backup"), req.csrfToken())
-                )
-              ),
-              td(p({ class: "ms-4 pt-2" }, req.__("Download a backup")))
-            ),
-            tr(td(div({ class: "my-4" }))),
-            tr(
-              td(
-                restore_backup(req.csrfToken(), [
-                  i({ class: "fas fa-2x fa-upload" }),
-                  "<br/>",
-                  req.__("Restore"),
-                ])
-              ),
-              td(p({ class: "ms-4" }, req.__("Restore a backup")))
-            )
-          )
-        ),
+                  post_btn(
+                    "/admin/backup",
+                    i({ class: "fas fa-download me-2" }) +
+                      req.__("Download a backup"),
+                    req.csrfToken(),
+                    {
+                      btnClass: "btn-outline-primary",
+                    }
+                  )
+                ),
+                div(
+                  restore_backup(req.csrfToken(), [
+                    i({ class: "fas fa-2x fa-upload me-2" }),
+                    "",
+                    req.__("Restore a backup"),
+                  ])
+                ),
+              ],
+            },
+          },
+          isRoot
+            ? {
+                type: "card",
+                title: req.__("Automated backup"),
+                contents: div(renderForm(backupForm, req.csrfToken())),
+              }
+            : { type: "blank", contents: "" },
+        ],
       },
     });
   })
 );
 
+/**
+ * Auto backup Form
+ * @param {object} req
+ * @returns {Form} form
+ */
+const autoBackupForm = (req) =>
+  new Form({
+    action: "/admin/set-auto-backup",
+    submitButtonClass: "btn-outline-primary",
+    onChange: "remove_outline(this)",
+    submitLabel: "Save settings",
+    additionalButtons: [
+      {
+        label: "Backup now",
+        id: "btnBackupNow",
+        class: "btn btn-outline-secondary",
+        onclick: "ajax_post('/admin/auto-backup-now')",
+      },
+    ],
+    fields: [
+      {
+        type: "String",
+        label: req.__("Frequency"),
+        name: "auto_backup_frequency",
+        required: true,
+        attributes: { options: ["Never", "Daily", "Weekly"] },
+      },
+      {
+        type: "String",
+        label: req.__("Destination"),
+        name: "auto_backup_destination",
+        required: true,
+        showIf: { auto_backup_frequency: ["Daily", "Weekly"] },
+        attributes: { options: ["Saltcorn files", "Local directory"] },
+      },
+      {
+        type: "String",
+        label: req.__("Directory"),
+        name: "auto_backup_directory",
+        showIf: {
+          auto_backup_frequency: ["Daily", "Weekly"],
+          auto_backup_destination: "Local directory",
+        },
+      },
+    ],
+  });
+
+router.post(
+  "/set-auto-backup",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const form = await autoBackupForm(req);
+    form.validate(req.body);
+    if (form.hasErrors) {
+      send_admin_page({
+        res,
+        req,
+        active_sub: "Backup",
+        contents: {
+          type: "card",
+          title: req.__("Backup settings"),
+          contents: [renderForm(form, req.csrfToken())],
+        },
+      });
+    } else {
+      await save_config_from_form(form);
+      req.flash("success", req.__("Backup settings updated"));
+      res.redirect("/admin/backup");
+    }
+  })
+);
+router.post(
+  "/auto-backup-now",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    try {
+      await auto_backup_now();
+      req.flash("success", req.__("Backup successful"));
+    } catch (e) {
+      req.flash("error", e.message);
+    }
+    res.json({ reload_page: true });
+  })
+);
+
 /**
  * @name get/system
  * @function
@@ -527,6 +634,9 @@ router.post(
     }
   })
 );
+/**
+ * /check-for-updates
+ */
 router.post(
   "/check-for-upgrade",
   isAdmin,
@@ -548,7 +658,7 @@ router.post(
     const fileName = await create_backup();
     res.type("application/zip");
     res.attachment(fileName);
-    var file = fs.createReadStream(fileName);
+    const file = fs.createReadStream(fileName);
     file.on("end", function () {
       fs.unlink(fileName, function () {});
     });
@@ -579,8 +689,9 @@ router.post(
 );
 
 /**
+ * Clear All Form
  * @param {object} req
- * @returns {Form}
+ * @returns {Form} form
  */
 const clearAllForm = (req) =>
   new Form({
@@ -694,6 +805,7 @@ router.post(
       try {
         const file_store = db.connectObj.file_store;
         const admin_users = await User.find({ role_id: 1 }, { orderBy: "id" });
+        // greenlock logic
         const Greenlock = require("greenlock");
         const greenlock = Greenlock.create({
           packageRoot: path.resolve(__dirname, ".."),
@@ -709,6 +821,7 @@ router.post(
           subject: domain,
           altnames,
         });
+        // letsencrypt
         await getState().setConfig("letsencrypt", true);
         req.flash(
           "success",
@@ -758,7 +871,9 @@ router.get(
     });
   })
 );
-
+/**
+ * /confiuration-check
+ */
 router.get(
   "/configuration-check",
   isAdmin,
@@ -787,7 +902,10 @@ router.get(
               ? div(
                   { class: "alert alert-success", role: "alert" },
                   i({ class: "fas fa-check-circle fa-lg me-2" }),
-                  h5({ class: "d-inline" }, "No errors detected")
+                  h5(
+                    { class: "d-inline" },
+                    req.__("No errors detected during configuration check")
+                  )
                 )
               : errors.map(mkError)
           ),
@@ -863,6 +981,7 @@ router.post(
     if (form.values.plugins) {
       const ps = await Plugin.find();
       for (const p of ps) {
+        // todo configurable list of mandatory plugins
         if (!["base", "sbadmin2"].includes(p.name)) await p.delete();
       }
       await getState().refresh_plugins();
@@ -902,6 +1021,8 @@ router.post(
         req.logout();
         req.session = null;
       }
+      // todo make configurable - redirect to create first user
+      // redirect to create first user
       res.redirect(`/auth/create_first_user`);
     } else {
       req.flash(

package/routes/api.js

@@ -20,6 +20,7 @@ const { error_catcher } = require("./utils.js");
 //const { mkTable, renderForm, link, post_btn } = require("@saltcorn/markup");
 const { getState } = require("@saltcorn/data/db/state");
 const Table = require("@saltcorn/data/models/table");
+const View = require("@saltcorn/data/models/view");
 //const Field = require("@saltcorn/data/models/field");
 const Trigger = require("@saltcorn/data/models/trigger");
 //const load_plugins = require("../load_plugins");
@@ -111,6 +112,40 @@ function accessAllowed(req, user, trigger) {
   return role <= trigger.min_role;
 }
 
+router.post(
+  "/viewQuery/:viewName/:queryName",
+  error_catcher(async (req, res, next) => {
+    let { viewName, queryName } = req.params;
+    const view = await View.findOne({ name: viewName });
+    if (!view) {
+      res.status(404).json({ error: req.__("Not found") });
+      return;
+    }
+    await passport.authenticate(
+      "jwt",
+      { session: false },
+      async function (err, user, info) {
+        const role = user && user.id ? user.role_id : 10;
+        if (
+          role <= view.min_role ||
+          (await view.authorise_get({ req, ...view })) // TODO set query to state
+        ) {
+          const queries = view.queries(false, req);
+          if (queries[queryName]) {
+            const { args } = req.body;
+            const resp = await queries[queryName](...args, true);
+            res.json({ success: resp });
+          } else {
+            res.status(404).json({ error: req.__("Not found") });
+          }
+        } else {
+          res.status(401).json({ error: req.__("Not authorized") });
+        }
+      }
+    )(req, res, next);
+  })
+);
+
 router.get(
   "/:tableName/distinct/:fieldName",
   //passport.authenticate("api-bearer", { session: false }),
@@ -180,7 +215,7 @@ router.get(
     }
 
     await passport.authenticate(
-      "api-bearer",
+      ["api-bearer", "jwt"],
       { session: false },
       async function (err, user, info) {
         if (accessAllowedRead(req, user, table)) {

package/routes/edit.js

@@ -44,7 +44,8 @@ router.post(
         "error",
         req.__("Not allowed to write to table %s", table.name)
       );
-    if (req.get("referer")) res.redirect(req.get("referer"));
+    if (req.xhr) res.send("OK");
+    else if (req.get("referer")) res.redirect(req.get("referer"));
     else res.redirect(redirect || `/list/${table.name}`);
   })
 );

package/routes/eventlog.js

@@ -5,7 +5,7 @@
  * @subcategory routes
  */
 const Router = require("express-promise-router");
-const { isAdmin, error_catcher, get_base_url } = require("./utils.js");
+const { isAdmin, error_catcher } = require("./utils.js");
 const { getState } = require("@saltcorn/data/db/state");
 const Trigger = require("@saltcorn/data/models/trigger");
 
@@ -21,19 +21,19 @@ module.exports = router;
 const {
   mkTable,
   renderForm,
-  link,
-  post_btn,
-  settingsDropdown,
-  post_dropdown_item,
+  //link,
+  //post_btn,
+  //settingsDropdown,
+  //post_dropdown_item,
   post_delete_btn,
   localeDateTime,
 } = require("@saltcorn/markup");
 const Form = require("@saltcorn/data/models/form");
 const {
   div,
-  code,
+  //code,
   a,
-  span,
+  //span,
   tr,
   table,
   tbody,
@@ -74,7 +74,7 @@ const logSettingsForm = async (req) => {
         name: w + "_channel",
         label: w + " channel",
         sublabel:
-          "Channels to create events for. Separate by comma; leave blank for all",
+          req.__("Channels to create events for. Separate by comma; leave blank for all"),
         type: "String",
         showIf: { [w]: true },
       });
@@ -168,25 +168,25 @@ router.get(
 /**
  * @returns {Form}
  */
-const customEventForm = () =>
-  new Form({
-    action: "/eventlog/custom/new",
-    submitButtonClass: "btn-outline-primary",
-    onChange: "remove_outline(this)",
-    fields: [
-      {
-        name: "name",
-        label: "Name",
-        type: "String",
-      },
-      {
-        name: "hasChannel",
-        label: "Has channels?",
-        type: "Bool",
-      },
-    ],
-  });
-
+const customEventForm = async (req) => {
+    return new Form({
+        action: "/eventlog/custom/new",
+        submitButtonClass: "btn-outline-primary",
+        onChange: "remove_outline(this)",
+        fields: [
+            {
+                name: "name",
+                label: req.__("Event Name"),
+                type: "String",
+            },
+            {
+                name: "hasChannel",
+                label: req.__("Has channels?"),
+                type: "Bool",
+            },
+        ],
+    });
+};
 /**
  * @name get/custom/new
  * @function
@@ -197,7 +197,7 @@ router.get(
   "/custom/new",
   isAdmin,
   error_catcher(async (req, res) => {
-    const form = customEventForm();
+    const form = await customEventForm(req);
     send_events_page({
       res,
       req,
@@ -222,7 +222,7 @@ router.post(
   "/custom/new",
   isAdmin,
   error_catcher(async (req, res) => {
-    const form = customEventForm();
+    const form = await customEventForm(req);
     form.validate(req.body);
     if (form.hasErrors) {
       send_events_page({
@@ -323,7 +323,7 @@ router.get(
       { orderBy: "occur_at", orderDesc: true, limit: rows_per_page, offset }
     );
     if (evlog.length === rows_per_page || current_page > 1) {
-      const nrows = await EventLog.count();
+      const nrows = await EventLog.count({});
       if (nrows > rows_per_page || current_page > 1) {
         page_opts.pagination = {
           current_page,

package/routes/fields.js

@@ -181,6 +181,7 @@ const fieldFlow = (req) =>
       var attributes = context.attributes || {};
       attributes.default = context.default;
       attributes.summary_field = context.summary_field;
+      attributes.include_fts = context.include_fts;
       attributes.on_delete_cascade = context.on_delete_cascade;
       const {
         table_id,
@@ -295,6 +296,12 @@ const fieldFlow = (req) =>
                   input_type: "select",
                   options: roles.map((r) => ({ value: r.id, label: r.role })),
                 },
+                {
+                  name: "also_delete_file",
+                  type: "Bool",
+                  label: req.__("Cascade delete to file"),
+                  sublabel: req.__("Deleting a row will also delete the file referenced by this field")
+                },
               ],
             });
           } else {
@@ -370,6 +377,11 @@ const fieldFlow = (req) =>
               value: f.name,
               label: f.label,
             }));
+          const textfields = orderedFields
+            .filter(
+              (f) => (!f.calculated || f.stored) && f.type?.sql_name === "text"
+            )
+            .map((f) => f.name);
           return new Form({
             fields: [
               new Field({
@@ -378,6 +390,12 @@ const fieldFlow = (req) =>
                 input_type: "select",
                 options: keyfields,
               }),
+              new Field({
+                name: "include_fts",
+                label: req.__("Include in full-text search"),
+                type: "Bool",
+                showIf: { summary_field: textfields },
+              }),
               new Field({
                 name: "on_delete_cascade",
                 label: req.__("On delete cascade"),

package/routes/files.js

@@ -1,4 +1,5 @@
 /**
+ * Files Route
  * @category server
  * @module routes/files
  * @subcategory routes
@@ -9,33 +10,18 @@ const File = require("@saltcorn/data/models/file");
 const User = require("@saltcorn/data/models/user");
 const { getState } = require("@saltcorn/data/db/state");
 const s3storage = require("../s3storage");
+const sharp = require("sharp");
 
 const {
   mkTable,
   renderForm,
   link,
-  post_btn,
+  //post_btn,
   post_delete_btn,
 } = require("@saltcorn/markup");
 const { isAdmin, error_catcher, setTenant } = require("./utils.js");
-const {
-  span,
-  h5,
-  h1,
-  h4,
-  nbsp,
-  p,
-  a,
-  div,
-  form,
-  input,
-  select,
-  button,
-  option,
-  text,
-  label,
-} = require("@saltcorn/markup/tags");
-const { csrfField } = require("./utils");
+const { h1, div, text } = require("@saltcorn/markup/tags");
+// const { csrfField } = require("./utils");
 const { editRoleForm, fileUploadForm } = require("../markup/forms.js");
 const { strictParseInt } = require("@saltcorn/data/plugin-helper");
 const {
@@ -43,6 +29,8 @@ const {
   config_fields_form,
   save_config_from_form,
 } = require("../markup/admin");
+// const fsp = require("fs").promises;
+const fs = require("fs");
 
 /**
  * @type {object}
@@ -55,6 +43,7 @@ const router = new Router();
 module.exports = router;
 
 /**
+ * Edit file Role form
  * @param {*} file
  * @param {*} roles
  * @param {*} req
@@ -78,6 +67,7 @@ router.get(
   "/",
   isAdmin,
   error_catcher(async (req, res) => {
+    // todo limit select from file by 10 or 20
     const rows = await File.find({}, { orderBy: "filename" });
     const roles = await User.get_roles();
     send_files_page({
@@ -187,6 +177,54 @@ router.get(
   })
 );
 
+/**
+ * @name get/resize/:id
+ * @function
+ * @memberof module:routes/files~filesRouter
+ * @function
+ */
+router.get(
+  "/resize/:id/:width_str",
+  error_catcher(async (req, res) => {
+    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const user_id = req.user && req.user.id;
+    const { id, width_str } = req.params;
+    let file;
+    if (typeof strictParseInt(id) !== "undefined")
+      file = await File.findOne({ id });
+    else file = await File.findOne({ filename: id });
+
+    if (!file) {
+      res
+        .status(404)
+        .sendWrap(req.__("Not found"), h1(req.__("File not found")));
+      return;
+    }
+    if (role <= file.min_role_read || (user_id && user_id === file.user_id)) {
+      res.type(file.mimetype);
+      const cacheability = file.min_role_read === 10 ? "public" : "private";
+      res.set("Cache-Control", `${cacheability}, max-age=86400`);
+      //TODO s3
+      if (file.s3_store) s3storage.serveObject(file, res, false);
+      else {
+        const width = strictParseInt(width_str);
+        if (!width) {
+          res.sendFile(file.location);
+          return;
+        }
+        const fnm = `${file.location}_w${width}`;
+        if (!fs.existsSync(fnm)) {
+          await sharp(file.location).resize({ width }).toFile(fnm);
+        }
+        res.sendFile(fnm);
+      }
+    } else {
+      req.flash("warning", req.__("Not authorized"));
+      res.redirect("/");
+    }
+  })
+);
+
 /**
  * @name post/setrole/:id
  * @function