@saltcorn/server 0.7.3 → 0.7.4-beta.0

package/auth/admin.js

@@ -693,7 +693,8 @@ router.post(
     } = form.values;
     if (id) {
       try {
-        await db.update("users", { email, role_id, ...rest }, id);
+        const u = await User.findOne({ id });
+        await u.update({ email, role_id, ...rest });
         req.flash("success", req.__(`User %s saved`, email));
       } catch (e) {
         req.flash("error", req.__(`Error editing user: %s`, e.message));

package/auth/routes.js

@@ -199,8 +199,7 @@ const getAuthLinks = (current, noMethods) => {
   return links;
 };
 
-const loginWithJwt = async (req, res) => {
-  const { email, password } = req.query;
+const loginWithJwt = async (email, password, res) => {
   const user = await User.findOne({ email });
   if (user && user.checkPassword(password)) {
     const now = new Date();
@@ -208,7 +207,13 @@ const loginWithJwt = async (req, res) => {
     const token = jwt.sign(
       {
         sub: email,
-        role_id: user.role_id,
+        user: {
+          id: user.id,
+          email: user.email,
+          role_id: user.role_id,
+          language: user.language ? user.language : "en",
+          disabled: user.disabled,
+        },
         iss: "saltcorn@saltcorn",
         aud: "saltcorn-mobile-app",
         iat: now.valueOf(),
@@ -217,6 +222,10 @@ const loginWithJwt = async (req, res) => {
     );
     if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
     res.json(token);
+  } else {
+    res.json({
+      alerts: [{ type: "danger", msg: "Incorrect user or password" }],
+    });
   }
 };
 
@@ -900,8 +909,8 @@ router.post(
       } else {
         const u = await User.create({ email, password });
         await send_verification_email(u, req);
-
-        signup_login_with_user(u, req, res);
+        if (req.smr) await loginWithJwt(email, password, res);
+        else signup_login_with_user(u, req, res);
       }
     }
   })
@@ -1008,7 +1017,8 @@ router.get(
   error_catcher(async (req, res, next) => {
     const { method } = req.params;
     if (method === "jwt") {
-      await loginWithJwt(req, res);
+      const { email, password } = req.query;
+      await loginWithJwt(email, password, res);
     } else {
       const auth = getState().auth_methods[method];
       if (auth) {

package/errors.js

@@ -7,55 +7,58 @@ const { pre, p, text, h3 } = require("@saltcorn/markup/tags");
 const Crash = require("@saltcorn/data/models/crash");
 const { getState } = require("@saltcorn/data/db/state");
 
-module.exports = 
-/**
- * 
- * @param {object} err 
- * @param {object} req 
- * @param {object} res 
- * @param {*} next 
- * @returns {Promise<void>}
- */
-async function (err, req, res, next) {
-  if (!req.__) req.__ = (s) => s;
+module.exports =
+  /**
+   *
+   * @param {object} err
+   * @param {object} req
+   * @param {object} res
+   * @param {*} next
+   * @returns {Promise<void>}
+   */
+  async function (err, req, res, next) {
+    if (!req.__) req.__ = (s) => s;
 
-  const devmode = getState().getConfig("development_mode", false);
-  const log_sql = getState().getConfig("log_sql", false);
-  const role = (req.user || {}).role_id || 10;
-  if (err.message && err.message.includes("invalid csrf token")) {
-    console.error(err.message);
+    const devmode = getState().getConfig("development_mode", false);
+    const log_sql = getState().getConfig("log_sql", false);
+    const role = (req.user || {}).role_id || 10;
+    if (err.message && err.message.includes("invalid csrf token")) {
+      console.error(err.message);
 
-    req.flash("error", req.__("Invalid form data, try again"));
-    if (req.url && req.url.includes("/auth/login")) res.redirect("/auth/login");
-    else res.redirect("/");
-    return;
-  }
-  const code = err.httpCode || 500;
-  const headline = err.headline || "An error occurred";
-  const severity = err.severity || 2;
-  const createCrash = severity <= 3;
-  console.error(err.stack);
-  if (!(devmode && log_sql) && createCrash) await Crash.create(err, req);
+      req.flash("error", req.__("Invalid form data, try again"));
+      if (req.url && req.url.includes("/auth/login"))
+        res.redirect("/auth/login");
+      else res.redirect("/");
+      return;
+    }
+    const code = err.httpCode || 500;
+    const headline = err.headline || "An error occurred";
+    const severity = err.severity || 2;
+    const createCrash = severity <= 3;
+    //console.error(err.stack);
+    if (!(devmode && log_sql) && createCrash) await Crash.create(err, req);
 
-  if (req.xhr) {
-    res
-      .status(code)
-      .send(
-        devmode || role === 1 ? text(err.message) : req.__("An error occurred")
-      );
-  } else
-    res
-      .status(code)
-      .sendWrap(
-        req.__(headline),
-        devmode ? pre(text(err.stack)) : h3(req.__(headline)),
-        role === 1 && !devmode ? pre(text(err.message)) : "",
-        createCrash
-          ? p(
-              req.__(
-                `A report has been logged and a team of bug-squashing squirrels has been dispatched to deal with the situation.`
+    if (req.xhr) {
+      res
+        .status(code)
+        .send(
+          devmode || role === 1
+            ? text(err.message)
+            : req.__("An error occurred")
+        );
+    } else
+      res
+        .status(code)
+        .sendWrap(
+          req.__(headline),
+          devmode ? pre(text(err.stack)) : h3(req.__(headline)),
+          role === 1 && !devmode ? pre(text(err.message)) : "",
+          createCrash
+            ? p(
+                req.__(
+                  `A report has been logged and a team of bug-squashing squirrels has been dispatched to deal with the situation.`
+                )
               )
-            )
-          : ""
-      );
-};
+            : ""
+        );
+  };

package/locales/en.json

@@ -921,5 +921,14 @@
 	"Restoring automated backup": "Restoring automated backup",
 	"No errors detected during configuration check": "No errors detected during configuration check",
 	"%s view - %s on %s": "%s view - %s on %s",
-	"Back": "Back"
+	"Please select at least one platform (android or iOS).": "Please select at least one platform (android or iOS).",
+	"Back": "Back",
+	"Periodic snapshots enabled": "Periodic snapshots enabled",
+	"Snapshot will be made every hour if there are changes": "Snapshot will be made every hour if there are changes",
+	"Snapshots": "Snapshots",
+	"Snapshot settings updated": "Snapshot settings updated",
+	"Download snapshots": "Download snapshots",
+	"Snapshot successful": "Snapshot successful",
+	"System logging verbosity": "System logging verbosity",
+	"Destination URL Formula": "Destination URL Formula"
 }

package/locales/zh.json

@@ -179,7 +179,7 @@
 	"Pack %s installed": "已安装包 %s",
 	"Pack %s uninstalled": "包 %s 已卸载",
 	"Uninstall": "卸载",
-	"Result preview for ": "结果预览", // todo
+	"Result preview for ": "结果预览",
 	"Choose views for <a href=\"/search\">search results</a> for each table.<br/>Set to blank to omit table from global search.": "为每个表选择<a href=\"/search\">搜索结果</a>的视图。<br/>为空则可从全局搜索中忽略表。",
 	"These tables lack suitable views: ": "这些表缺少合适的视图:",
 	"Search configuration": "搜索配置",

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.7.3",
+  "version": "0.7.4-beta.0",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.7.3",
-    "@saltcorn/builder": "0.7.3",
-    "@saltcorn/data": "0.7.3",
-    "@saltcorn/admin-models": "0.7.3",
-    "@saltcorn/markup": "0.7.3",
-    "@saltcorn/sbadmin2": "0.7.3",
+    "@saltcorn/base-plugin": "0.7.4-beta.0",
+    "@saltcorn/builder": "0.7.4-beta.0",
+    "@saltcorn/data": "0.7.4-beta.0",
+    "@saltcorn/admin-models": "0.7.4-beta.0",
+    "@saltcorn/markup": "0.7.4-beta.0",
+    "@saltcorn/sbadmin2": "0.7.4-beta.0",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "aws-sdk": "^2.1037.0",

package/public/jquery-menu-editor.min.js

@@ -153,7 +153,7 @@ function MenuEditor(e, t) {
             }
           });
         })((n = $(this).closest("li")));
-      l.onUpdate();
+      //l.onUpdate();
     }),
     s.on("click", ".btnUp", function (e) {
       e.preventDefault();

package/public/saltcorn-common.js

@@ -39,16 +39,26 @@ function apply_showif() {
   $("[data-show-if]").each(function (ix, element) {
     var e = $(element);
     try {
-      var to_show = new Function(
-        "e",
-        "return " + decodeURIComponent(e.attr("data-show-if"))
-      );
+      let to_show = e.data("data-show-if-fun");
+      if (!to_show) {
+        to_show = new Function(
+          "e",
+          "return " + decodeURIComponent(e.attr("data-show-if"))
+        );
+        e.data("data-show-if-fun", to_show);
+      }
+      if (!e.data("data-closest-form-ns"))
+        e.data("data-closest-form-ns", e.closest(".form-namespace"));
       if (to_show(e))
         e.show()
           .find("input, textarea, button, select")
           .prop("disabled", e.attr("data-disabled") || false);
       else
-        e.hide().find("input, textarea, button, select").prop("disabled", true);
+        e.hide()
+          .find(
+            "input:enabled, textarea:enabled, button:enabled, select:enabled"
+          )
+          .prop("disabled", true);
     } catch (e) {
       console.error(e);
     }
@@ -111,7 +121,12 @@ function apply_showif() {
               `<option ${
                 `${current}` === `${r[dynwhere.refname]}` ? "selected" : ""
               } value="${r[dynwhere.refname]}">${
-                r[dynwhere.summary_field]
+                dynwhere.label_formula
+                  ? new Function(
+                      `{${Object.keys(r).join(",")}}`,
+                      "return " + dynwhere.label_formula
+                    )(r)
+                  : r[dynwhere.summary_field]
               }</option>`
             )
           );
@@ -510,7 +525,7 @@ const repeaterCopyValuesToForm = (form, editor, noTriggerChange) => {
     if ($e.length) $e.val(v);
     else
       form.append(
-        `<input type="hidden" name="${k}_${ix}" value="${v}"></input>`
+        `<input type="hidden" data-repeater-ix="${ix}" name="${k}_${ix}" value="${v}"></input>`
       );
   };
   vs.forEach((v, ix) => {
@@ -521,8 +536,8 @@ const repeaterCopyValuesToForm = (form, editor, noTriggerChange) => {
     });
   });
   //delete
-  //for (let ix = vs.length; ix < vs.length + 20; ix++) {
-  // $(`input[name="${k}_${ix}"]`).remove();
+  //for (let ix = vs.length; ix < vs.length + 5; ix++) {
+  //  $(`input[data-repeater-ix="${ix}"]`).remove();
   //}
   $(`input[type=hidden]`).each(function () {
     const name = $(this).attr("name");

package/routes/admin.js

@@ -18,7 +18,13 @@ const { spawn } = require("child_process");
 const User = require("@saltcorn/data/models/user");
 const path = require("path");
 const { getAllTenants } = require("@saltcorn/admin-models/models/tenant");
-const { post_btn, renderForm, mkTable, link } = require("@saltcorn/markup");
+const {
+  post_btn,
+  renderForm,
+  mkTable,
+  link,
+  localeDateTime,
+} = require("@saltcorn/markup");
 const {
   div,
   a,
@@ -42,7 +48,6 @@ const {
   select,
   option,
   fieldset,
-  legend,
   ul,
   li,
   ol,
@@ -63,6 +68,7 @@ const {
   restore,
   auto_backup_now,
 } = require("@saltcorn/admin-models/models/backup");
+const Snapshot = require("@saltcorn/admin-models/models/snapshot");
 const {
   runConfigurationCheck,
 } = require("@saltcorn/admin-models/models/config-check");
@@ -89,6 +95,7 @@ const moment = require("moment");
 const View = require("@saltcorn/data/models/view");
 const { getConfigFile } = require("@saltcorn/data/db/connect");
 const os = require("os");
+const Page = require("@saltcorn/data/models/page");
 
 /**
  * @type {object}
@@ -118,6 +125,7 @@ const site_id_form = (req) =>
       "page_custom_html",
       "development_mode",
       "log_sql",
+      "log_level",
       "plugins_store_endpoint",
       "packs_store_endpoint",
       ...(getConfigFile() ? ["multitenancy_enabled"] : []),
@@ -337,6 +345,9 @@ router.get(
     backupForm.values.auto_backup_expire_days = getState().getConfig(
       "auto_backup_expire_days"
     );
+    const aSnapshotForm = snapshotForm(req);
+    aSnapshotForm.values.snapshots_enabled =
+      getState().getConfig("snapshots_enabled");
     const isRoot = db.getTenantSchema() === db.connectObj.default_schema;
 
     send_admin_page({
@@ -389,6 +400,22 @@ router.get(
                 ),
               }
             : { type: "blank", contents: "" },
+          {
+            type: "card",
+            title: req.__("Snapshots"),
+            contents: div(
+              p(
+                i(
+                  "Snapshots store your application structure and definition, without the table data. Individual views and pages can be restored from snapshots from the <a href='/viewedit'>view</a> or <a href='/pageedit'>pages</a> overviews (\"Restore\" from individual page or view dropdowns)."
+                )
+              ),
+              renderForm(aSnapshotForm, req.csrfToken()),
+              a(
+                { href: "/admin/snapshot-list" },
+                "List/download snapshots &raquo;"
+              )
+            ),
+          },
         ],
       },
     });
@@ -464,6 +491,103 @@ router.get(
   })
 );
 
+router.get(
+  "/snapshot-list",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const snaps = await Snapshot.find();
+    send_admin_page({
+      res,
+      req,
+      active_sub: "Backup",
+      contents: {
+        above: [
+          {
+            type: "card",
+            title: req.__("Download snapshots"),
+            contents: div(
+              ul(
+                snaps.map((snap) =>
+                  li(
+                    a(
+                      {
+                        href: `/admin/snapshot-download/${encodeURIComponent(
+                          snap.id
+                        )}`,
+                        target: "_blank",
+                      },
+                      `${localeDateTime(snap.created)} (${moment(
+                        snap.created
+                      ).fromNow()})`
+                    )
+                  )
+                )
+              )
+            ),
+          },
+        ],
+      },
+    });
+  })
+);
+
+router.get(
+  "/snapshot-download/:id",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { id } = req.params;
+    const snap = await Snapshot.findOne({ id });
+    res.send(snap.pack);
+  })
+);
+
+router.get(
+  "/snapshot-restore/:type/:name",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { type, name } = req.params;
+    const snaps = await Snapshot.entity_history(type, name);
+    res.send(
+      mkTable(
+        [
+          {
+            label: "When",
+            key: (r) =>
+              `${localeDateTime(r.created)} (${moment(r.created).fromNow()})`,
+          },
+
+          {
+            label: req.__("Restore"),
+            key: (r) =>
+              post_btn(
+                `/admin/snapshot-restore/${type}/${name}/${r.id}`,
+                req.__("Restore"),
+                req.csrfToken()
+              ),
+          },
+        ],
+        snaps
+      )
+    );
+  })
+);
+
+router.post(
+  "/snapshot-restore/:type/:name/:id",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { type, name, id } = req.params;
+    const snap = await Snapshot.findOne({ id });
+    await snap.restore_entity(type, name);
+    req.flash(
+      "success",
+      `${type} ${name} restored to snapshot saved ${moment(
+        snap.created
+      ).fromNow()}`
+    );
+    res.redirect(`/${type}edit`);
+  })
+);
 router.get(
   "/auto-backup-download/:filename",
   isAdmin,
@@ -540,6 +664,43 @@ const autoBackupForm = (req) =>
     ],
   });
 
+const snapshotForm = (req) =>
+  new Form({
+    action: "/admin/set-snapshot",
+    onChange: `saveAndContinue(this);`,
+    noSubmitButton: true,
+    additionalButtons: [
+      {
+        label: "Snapshot now",
+        id: "btnSnapNow",
+        class: "btn btn-outline-secondary",
+        onclick: "ajax_post('/admin/snapshot-now')",
+      },
+    ],
+    fields: [
+      {
+        type: "Bool",
+        label: req.__("Periodic snapshots enabled"),
+        name: "snapshots_enabled",
+        sublabel: req.__(
+          "Snapshot will be made every hour if there are changes"
+        ),
+      },
+    ],
+  });
+router.post(
+  "/set-snapshot",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const form = await snapshotForm(req);
+    form.validate(req.body);
+
+    await save_config_from_form(form);
+    req.flash("success", req.__("Snapshot settings updated"));
+    if (!req.xhr) res.redirect("/admin/backup");
+    else res.json({ success: "ok" });
+  })
+);
 router.post(
   "/set-auto-backup",
   isAdmin,
@@ -579,6 +740,22 @@ router.post(
   })
 );
 
+router.post(
+  "/snapshot-now",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    try {
+      const taken = await Snapshot.take_if_changed();
+      if (taken) req.flash("success", req.__("Snapshot successful"));
+      else
+        req.flash("success", req.__("No changes detected, snapshot skipped"));
+    } catch (e) {
+      req.flash("error", e.message);
+    }
+    res.json({ reload_page: true });
+  })
+);
+
 /**
  * @name get/system
  * @function
@@ -1064,12 +1241,39 @@ router.get(
   })
 );
 
+const dialogScript = `<script>
+function swapEntryInputs(activeTab, activeInput, disabledTab, disabledInput) {
+  activeTab.addClass("active");
+  activeInput.removeClass("d-none");
+  activeInput.addClass("d-block");
+  activeInput.attr("name", "entryPoint");
+  disabledTab.removeClass("active");
+  disabledInput.removeClass("d-block");
+  disabledInput.addClass("d-none");
+  disabledInput.removeAttr("name");
+}
+
+function showEntrySelect(type) {
+  const viewNavLin = $("#viewNavLinkID");
+  const pageNavLink = $("#pageNavLinkID");
+  const viewInp = $("#viewInputID");
+  const pageInp = $("#pageInputID");
+  if (type === "page") {
+    swapEntryInputs(pageNavLink, pageInp, viewNavLin, viewInp);
+  }
+  else if (type === "view") {
+    swapEntryInputs(viewNavLin, viewInp, pageNavLink, pageInp);
+  }
+  $("#entryPointTypeID").attr("value", type);
+}  
+</script>`;
+
 router.get(
   "/build-mobile-app",
   isAdmin,
   error_catcher(async (req, res) => {
-    const isRoot = db.getTenantSchema() === db.connectObj.default_schema;
     const views = await View.find();
+    const pages = await Page.find();
     const execBuildMsg =
       "This is still under development and might run longer.";
 
@@ -1077,6 +1281,11 @@ router.get(
       res,
       req,
       active_sub: "Mobile app",
+      headers: [
+        {
+          headerTag: dialogScript,
+        },
+      ],
       contents: {
         above: [
           {
@@ -1094,11 +1303,17 @@ router.get(
                   name: "_csrf",
                   value: req.csrfToken(),
                 }),
+                input({
+                  type: "hidden",
+                  name: "entryPointType",
+                  value: "view",
+                  id: "entryPointTypeID",
+                }),
                 div(
                   { class: "container ps-2" },
                   div(
                     { class: "row pb-2" },
-                    div({ class: "col-sm-4 fw-bold" }, "Entry view"),
+                    div({ class: "col-sm-4 fw-bold" }, "Entry point"),
                     div({ class: "col-sm-4 fw-bold" }, "Platform"),
                     div(
                       {
@@ -1111,17 +1326,54 @@ router.get(
                     { class: "row" },
                     div(
                       { class: "col-sm-4" },
+                      // 'view/page' tabs
+                      ul(
+                        { class: "nav nav-pills" },
+                        li(
+                          {
+                            class: "nav-item",
+                            onClick: "showEntrySelect('view')",
+                          },
+                          div(
+                            { class: "nav-link active", id: "viewNavLinkID" },
+                            "View"
+                          )
+                        ),
+                        li(
+                          {
+                            class: "nav-item",
+                            onClick: "showEntrySelect('page')",
+                          },
+                          div(
+                            { class: "nav-link", id: "pageNavLinkID" },
+                            "Page"
+                          )
+                        )
+                      ),
+                      // select entry-view
                       select(
                         {
                           class: "form-control",
-                          name: "entryView",
-                          id: "entryViewInput",
+                          name: "entryPoint",
+                          id: "viewInputID",
                         },
                         views
                           .map((view) =>
                             option({ value: view.name }, view.name)
                           )
                           .join(",")
+                      ),
+                      // select entry-page
+                      select(
+                        {
+                          class: "form-control d-none",
+                          id: "pageInputID",
+                        },
+                        pages
+                          .map((page) =>
+                            option({ value: page.name }, page.name)
+                          )
+                          .join(",")
                       )
                     ),
                     div(
@@ -1203,7 +1455,7 @@ router.get(
                         class: "form-control",
                         name: "serverURL",
                         id: "serverURLInputId",
-                        placeholder: "http://10.0.2.2:3000",
+                        placeholder: getState().getConfig("base_url") || "",
                       })
                     )
                   )
@@ -1232,7 +1484,8 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     let {
-      entryView,
+      entryPoint,
+      entryPointType,
       androidPlatform,
       iOSPlatform,
       useDocker,
@@ -1251,11 +1504,20 @@ router.post(
       return res.redirect("/admin/build-mobile-app");
     }
     if (appFile && !appFile.endsWith(".apk")) appFile = `${appFile}.apk`;
+    if (!serverURL || serverURL.length == 0) {
+      serverURL = getState().getConfig("base_url") || "";
+    }
+    if (!serverURL.startsWith("http")) {
+      req.flash("error", req.__("Please enter a valid server URL."));
+      return res.redirect("/admin/build-mobile-app");
+    }
     const appOut = path.join(__dirname, "..", "mobile-app-out");
     const spawnParams = [
       "build-app",
-      "-v",
-      entryView,
+      "-e",
+      entryPoint,
+      "-t",
+      entryPointType,
       "-c",
       appOut,
       "-b",

package/routes/api.js

@@ -112,6 +112,13 @@ function accessAllowed(req, user, trigger) {
   return role <= trigger.min_role;
 }
 
+const getFlashes = (req) =>
+  ["error", "success", "danger", "warning", "information"]
+    .map((type) => {
+      return { type, msg: req.flash(type) };
+    })
+    .filter((a) => a.msg && a.msg.length && a.msg.length > 0);
+
 router.post(
   "/viewQuery/:viewName/:queryName",
   error_catcher(async (req, res, next) => {
@@ -134,7 +141,7 @@ router.post(
           if (queries[queryName]) {
             const { args } = req.body;
             const resp = await queries[queryName](...args, true);
-            res.json({ success: resp });
+            res.json({ success: resp, alerts: getFlashes(req) });
           } else {
             res.status(404).json({ error: req.__("Not found") });
           }
@@ -235,6 +242,7 @@ router.get(
             rows = await table.getJoinedRows(joinOpts);
           } else if (req_query && req_query !== {}) {
             const tbl_fields = await table.getFields();
+            readState(req_query, tbl_fields, req);
             const qstate = await stateFieldsToWhere({
               fields: tbl_fields,
               approximate: !!approximate,

package/routes/page.js

@@ -36,6 +36,8 @@ router.get(
   "/:pagename",
   error_catcher(async (req, res) => {
     const { pagename } = req.params;
+    const state = getState();
+    state.log(3, `Route /page/${pagename} user=${req.user?.id}`);
 
     const role = req.user && req.user.id ? req.user.role_id : 10;
     const db_page = await Page.findOne({ name: pagename });
@@ -56,10 +58,12 @@ router.get(
           contents,
         })
       );
-    } else
+    } else {
+      state.log(2, `Page $pagename} not found or not authorized`);
       res
         .status(404)
         .sendWrap(`${pagename} page`, req.__("Page %s not found", pagename));
+    }
   })
 );
 

package/routes/pageedit.js

@@ -90,6 +90,13 @@ const page_dropdown = (page, req) =>
       '<i class="far fa-copy"></i>&nbsp;' + req.__("Duplicate"),
       req
     ),
+    a(
+      {
+        class: "dropdown-item",
+        href: `javascript:ajax_modal('/admin/snapshot-restore/page/${page.name}')`,
+      },
+      '<i class="fas fa-undo-alt"></i>&nbsp;' + req.__("Restore")
+    ),
     div({ class: "dropdown-divider" }),
     post_dropdown_item(
       `/pageedit/delete/${page.id}`,
@@ -180,7 +187,8 @@ const pageBuilderData = async (req, context) => {
   const fixed_state_fields = {};
   for (const view of views) {
     fixed_state_fields[view.name] = [];
-    const table = Table.findOne({ id: view.table_id });
+    const table = Table.findOne(view.table_id || view.exttable_name);
+    
     const fs = await view.get_state_fields();
     for (const frec of fs) {
       const f = new Field(frec);

package/routes/utils.js

@@ -128,6 +128,7 @@ const setTenant = (req, res, next) => {
       } else {
         db.runWithTenant(other_domain, () => {
           setLanguage(req, res, state);
+          state.log(5, `${req.method} ${req.originalUrl}`);
           next();
         });
       }
@@ -140,12 +141,14 @@ const setTenant = (req, res, next) => {
       } else {
         db.runWithTenant(ten, () => {
           setLanguage(req, res, state);
+          state.log(5, `${req.method} ${req.originalUrl}`);
           next();
         });
       }
     }
   } else {
     setLanguage(req, res);
+    getState().log(5, `${req.method} ${req.originalUrl}`);
     next();
   }
 };
@@ -240,4 +243,5 @@ module.exports = {
   getGitRevision,
   getSessionStore,
   setTenant,
+  get_tenant_from_req
 };

package/routes/view.js

@@ -20,6 +20,7 @@ const {
 } = require("../routes/utils.js");
 const { add_edit_bar } = require("../markup/admin.js");
 const { InvalidConfiguration } = require("@saltcorn/data/utils");
+const { getState } = require("@saltcorn/data/db/state");
 
 /**
  * @type {object}
@@ -44,8 +45,11 @@ router.get(
     const query = { ...req.query };
     const view = await View.findOne({ name: viewname });
     const role = req.user && req.user.id ? req.user.role_id : 10;
+    const state = getState();
+    state.log(3, `Route /view/${viewname} user=${req.user?.id}`);
     if (!view) {
       req.flash("danger", req.__(`No such view: %s`, text(viewname)));
+      state.log(2, `View ${viewname} not found`);
       res.redirect("/");
       return;
     }
@@ -56,6 +60,7 @@ router.get(
       !(await view.authorise_get({ query, req, ...view }))
     ) {
       req.flash("danger", req.__("Not authorized"));
+      state.log(2, `View ${viewname} not authorized`);
       res.redirect("/");
       return;
     }
@@ -123,13 +128,21 @@ router.post(
   error_catcher(async (req, res) => {
     const { viewname, route } = req.params;
     const role = req.user && req.user.id ? req.user.role_id : 10;
+    const state = getState();
+    state.log(
+      3,
+      `Route /view/${viewname} viewroute ${route} user=${req.user?.id}`
+    );
 
     const view = await View.findOne({ name: viewname });
     if (!view) {
       req.flash("danger", req.__(`No such view: %s`, text(viewname)));
+      state.log(2, `View ${viewname} not found`);
       res.redirect("/");
     } else if (role > view.min_role) {
       req.flash("danger", req.__("Not authorized"));
+      state.log(2, `View ${viewname} viewroute ${route} not authorized`);
+
       res.redirect("/");
     } else {
       await view.runRoute(route, req.body, res, { res, req });
@@ -150,10 +163,12 @@ router.post(
     const { viewname } = req.params;
     const role = req.user && req.user.id ? req.user.role_id : 10;
     const query = { ...req.query };
-
+    const state = getState();
+    state.log(3, `Route /view/${viewname} POST user=${req.user?.id}`);
     const view = await View.findOne({ name: viewname });
     if (!view) {
       req.flash("danger", req.__(`No such view: %s`, text(viewname)));
+      state.log(2, `View ${viewname} not found`);
       res.redirect("/");
       return;
     }
@@ -164,6 +179,8 @@ router.post(
       !(await view.authorise_post({ body: req.body, req, ...view }))
     ) {
       req.flash("danger", req.__("Not authorized"));
+      state.log(2, `View ${viewname} POST not authorized`);
+
       res.redirect("/");
     } else if (!view.runPost) {
       throw new InvalidConfiguration(

package/routes/viewedit.js

@@ -98,6 +98,13 @@ const view_dropdown = (view, req) =>
       '<i class="far fa-copy"></i>&nbsp;' + req.__("Duplicate"),
       req
     ),
+    a(
+      {
+        class: "dropdown-item",
+        href: `javascript:ajax_modal('/admin/snapshot-restore/view/${view.name}')`,
+      },
+      '<i class="fas fa-undo-alt"></i>&nbsp;' + req.__("Restore")
+    ),
     div({ class: "dropdown-divider" }),
     post_dropdown_item(
       `/viewedit/delete/${view.id}`,
@@ -355,7 +362,7 @@ router.get(
     }
     const tables = await Table.find_with_external();
     const currentTable = tables.find(
-      (t) => t.id === viewrow.table_id || t.name === viewrow.exttable_name
+      (t) => (t.id && t.id === viewrow.table_id) || t.name === viewrow.exttable_name
     );
     viewrow.table_name = currentTable && currentTable.name;
     if (viewrow.slug && currentTable) {

package/serve.js

@@ -30,7 +30,7 @@ const { getConfig } = require("@saltcorn/data/models/config");
 const { migrate } = require("@saltcorn/data/migrate");
 const socketio = require("socket.io");
 const { createAdapter, setupPrimary } = require("@socket.io/cluster-adapter");
-const { setTenant, getSessionStore } = require("./routes/utils");
+const { setTenant, getSessionStore, get_tenant_from_req } = require("./routes/utils");
 const passport = require("passport");
 const { authenticate } = require("passport");
 const View = require("@saltcorn/data/models/view");
@@ -44,6 +44,11 @@ const {
   getAllTenants,
 } = require("@saltcorn/admin-models/models/tenant");
 const { auto_backup_now } = require("@saltcorn/admin-models/models/backup");
+const Snapshot = require("@saltcorn/admin-models/models/snapshot");
+
+const take_snapshot = async () => {
+  return await Snapshot.take_if_changed();
+};
 
 // helpful https://gist.github.com/jpoehls/2232358
 /**
@@ -132,32 +137,33 @@ const workerDispatchMsg = ({ tenant, ...msg }) => {
  */
 const onMessageFromWorker =
   (masterState, { port, watchReaper, disableScheduler, pid }) =>
-  (msg) => {
-    //console.log("worker msg", typeof msg, msg);
-    if (msg === "Start" && !masterState.started) {
-      masterState.started = true;
-      runScheduler({
-        port,
-        watchReaper,
-        disableScheduler,
-        eachTenant,
-        auto_backup_now,
-      });
-      require("./systemd")({ port });
-      return true;
-    } else if (msg === "RestartServer") {
-      process.exit(0);
-      return true;
-    } else if (msg.tenant || msg.createTenant) {
-      ///ie from saltcorn
-      //broadcast
-      Object.entries(cluster.workers).forEach(([wpid, w]) => {
-        if (wpid !== pid) w.send(msg);
-      });
-      workerDispatchMsg(msg); //also master
-      return true;
-    }
-  };
+    (msg) => {
+      //console.log("worker msg", typeof msg, msg);
+      if (msg === "Start" && !masterState.started) {
+        masterState.started = true;
+        runScheduler({
+          port,
+          watchReaper,
+          disableScheduler,
+          eachTenant,
+          auto_backup_now,
+          take_snapshot,
+        });
+        require("./systemd")({ port });
+        return true;
+      } else if (msg === "RestartServer") {
+        process.exit(0);
+        return true;
+      } else if (msg.tenant || msg.createTenant) {
+        ///ie from saltcorn
+        //broadcast
+        Object.entries(cluster.workers).forEach(([wpid, w]) => {
+          if (wpid !== pid) w.send(msg);
+        });
+        workerDispatchMsg(msg); //also master
+        return true;
+      }
+    };
 
 module.exports =
   /**
@@ -274,6 +280,7 @@ module.exports =
           disableScheduler,
           eachTenant,
           auto_backup_now,
+          take_snapshot,
         });
       }
       Trigger.emitEvent("Startup");
@@ -345,24 +352,33 @@ const setupSocket = (...servers) => {
     io.attach(server);
   }
 
-  io.use(wrap(setTenant));
+  //io.use(wrap(setTenant));
   io.use(wrap(getSessionStore()));
   io.use(wrap(passport.initialize()));
   io.use(wrap(passport.authenticate(["jwt", "session"])));
   if (process.send && !cluster.isMaster) io.adapter(createAdapter());
-  getState().setRoomEmitter((viewname, room_id, msg) => {
-    io.to(`${viewname}_${room_id}`).emit("message", msg);
+  getState().setRoomEmitter((tenant, viewname, room_id, msg) => {
+    io.to(`${tenant}_${viewname}_${room_id}`).emit("message", msg);
   });
   io.on("connection", (socket) => {
     socket.on("join_room", ([viewname, room_id]) => {
-      const view = View.findOne({ name: viewname });
-      if (view.viewtemplateObj.authorize_join) {
-        view.viewtemplateObj
-          .authorize_join(view.configuration, room_id, socket.request.user)
-          .then((authorized) => {
-            if (authorized) socket.join(`${viewname}_${room_id}`);
-          });
-      } else socket.join(`${viewname}_${room_id}`);
+      const ten = get_tenant_from_req(socket.request) || "public";
+      const f = () => {
+        try {
+          const view = View.findOne({ name: viewname });
+          if (view.viewtemplateObj.authorize_join) {
+            view.viewtemplateObj
+              .authorize_join(view.configuration, room_id, socket.request.user)
+              .then((authorized) => {
+                if (authorized) socket.join(`${ten}_${viewname}_${room_id}`);
+              });
+          } else socket.join(`${ten}_${viewname}_${room_id}`);
+        } catch (err) {
+          getState().log(1, `Socket join_room error: ${err.stack}`);
+        }
+      }
+      if (ten && ten !== "public") db.runWithTenant(ten, f);
+      else f();
     });
   });
 };

package/tests/api.test.js

@@ -84,6 +84,23 @@ describe("API read", () => {
         )
       );
   });
+  it("should handle fkey args ", async () => {
+    const loginCookie = await getAdminLoginCookie();
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/patients/?favbook=1")
+      .set("Cookie", loginCookie)
+      .expect(succeedJsonWith((rows) => rows.length == 1));
+  });
+  it("should handle fkey args with no value", async () => {
+    const loginCookie = await getAdminLoginCookie();
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/patients/?favbook=")
+      .set("Cookie", loginCookie)
+      .expect(succeedJsonWith((rows) => rows.length == 0));
+  });
+
   it("should get books for public with search and one field", async () => {
     const app = await getApp({ disableCsrf: true });
     await request(app)

package/tests/clientjs.test.js

@@ -34,8 +34,18 @@ test("updateQueryStringParameter", () => {
   expect(removeQueryStringParameter("/foo?name=Bar&age=45", "age")).toBe(
     "/foo?name=Bar"
   );
+  expect(
+    updateQueryStringParameter("/foo", "publisher.publisher->name", "AK")
+  ).toBe("/foo?publisher.publisher->name=AK");
+  expect(
+    updateQueryStringParameter(
+      "/foo?publisher.publisher->name=AB",
+      "publisher.publisher->name",
+      "AK"
+    )
+  ).toBe("/foo?publisher.publisher->name=AK");
 });
-
+//publisher.publisher->name
 test("updateQueryStringParameter hash", () => {
   expect(updateQueryStringParameter("/foo#baz", "age", 43)).toBe(
     "/foo?age=43#baz"