@saltcorn/server 0.7.4-beta.2 → 0.7.4

package/app.js

@@ -85,6 +85,8 @@ const getApp = async (opts = {}) => {
   const development_mode = getState().getConfig("development_mode", false);
   // switch on sql logging - but it was initiated before???
   if (getState().getConfig("log_sql", false)) db.set_sql_logging();
+  // for multi-tenant with localhost, we need 1 instead of the default of 2
+  if (opts.subdomainOffset) app.set("subdomain offset", opts.subdomainOffset);
 
   // https://www.npmjs.com/package/helmet
   // helmet is secure app by adding HTTP headers
@@ -225,8 +227,9 @@ const getApp = async (opts = {}) => {
     })
   );
   passport.use(
-    new JwtStrategy(jwtOpts, (jwt_payload, done) => {
-      User.findOne({ email: jwt_payload.sub }).then((u) => {
+    new JwtStrategy(jwtOpts, async (jwt_payload, done) => {
+      const userCheck = async () => {
+        const u = await User.findOne({ email: jwt_payload.sub });
         if (
           u &&
           u.last_mobile_login &&
@@ -242,7 +245,16 @@ const getApp = async (opts = {}) => {
         } else {
           return done(null, { role_id: 10 });
         }
-      });
+      };
+      if (
+        db.is_it_multi_tenant() &&
+        jwt_payload.tenant?.length > 0 && 
+        jwt_payload.tenant !== db.connectObj.default_schema
+      ) {
+        return await db.runWithTenant(jwt_payload.tenant, userCheck);
+      } else {
+        return await userCheck();
+      }
     })
   );
   passport.use(
@@ -259,6 +271,12 @@ const getApp = async (opts = {}) => {
   passport.deserializeUser(function (user, done) {
     done(null, user);
   });
+  app.use(function (req, res, next) {
+    if (req.headers["x-saltcorn-client"] === "mobile-app") {
+      req.smr = true; // saltcorn-mobile-request
+    }
+    return next();
+  });
   app.use(setTenant);
 
   // Change into s3storage compatible selector
@@ -267,12 +285,15 @@ const getApp = async (opts = {}) => {
   app.use(s3storage.middlewareTransform);
 
   app.use(wrapper(version_tag));
+
   const csurf = csrf();
   if (!opts.disableCsrf)
     app.use(function (req, res, next) {
       if (
-        req.url.startsWith("/api/") ||
-        req.url === "/auth/login-with/jwt" ||
+        (req.smr &&
+          (req.url.startsWith("/api/") ||
+            req.url === "/auth/login-with/jwt" ||
+            req.url === "/auth/signup")) ||
         jwt_extractor(req)
       )
         return disabledCsurf(req, res, next);
@@ -280,13 +301,6 @@ const getApp = async (opts = {}) => {
     });
   else app.use(disabledCsurf);
 
-  app.use(function (req, res, next) {
-    if (req.headers["x-saltcorn-client"] === "mobile-app") {
-      req.smr = true; // saltcorn-mobile-request
-    }
-    return next();
-  });
-
   mountRoutes(app);
   // set tenant homepage as / root
   app.get("/", error_catcher(homepage));

package/auth/routes.js

@@ -199,33 +199,41 @@ const getAuthLinks = (current, noMethods) => {
   return links;
 };
 
-const loginWithJwt = async (email, password, res) => {
-  const user = await User.findOne({ email });
-  if (user && user.checkPassword(password)) {
-    const now = new Date();
-    const jwt_secret = db.connectObj.jwt_secret;
-    const token = jwt.sign(
-      {
-        sub: email,
-        user: {
-          id: user.id,
-          email: user.email,
-          role_id: user.role_id,
-          language: user.language ? user.language : "en",
-          disabled: user.disabled,
+const loginWithJwt = async (email, password, saltcornApp, res) => {
+  const loginFn = async () => {
+    const user = await User.findOne({ email });
+    if (user && user.checkPassword(password)) {
+      const now = new Date();
+      const jwt_secret = db.connectObj.jwt_secret;
+      const token = jwt.sign(
+        {
+          sub: email,
+          user: {
+            id: user.id,
+            email: user.email,
+            role_id: user.role_id,
+            language: user.language ? user.language : "en",
+            disabled: user.disabled,
+          },
+          iss: "saltcorn@saltcorn",
+          aud: "saltcorn-mobile-app",
+          iat: now.valueOf(),
+          tenant: db.getTenantSchema(),
         },
-        iss: "saltcorn@saltcorn",
-        aud: "saltcorn-mobile-app",
-        iat: now.valueOf(),
-      },
-      jwt_secret
-    );
-    if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
-    res.json(token);
+        jwt_secret
+      );
+      if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
+      res.json(token);
+    } else {
+      res.json({
+        alerts: [{ type: "danger", msg: "Incorrect user or password" }],
+      });
+    }
+  };
+  if (saltcornApp && saltcornApp !== db.connectObj.default_schema) {
+    await db.runWithTenant(saltcornApp, loginFn);
   } else {
-    res.json({
-      alerts: [{ type: "danger", msg: "Incorrect user or password" }],
-    });
+    await loginFn();
   }
 };
 
@@ -899,7 +907,13 @@ router.post(
       } else {
         const u = await User.create({ email, password });
         await send_verification_email(u, req);
-        if (req.smr) await loginWithJwt(email, password, res);
+        if (req.smr)
+          await loginWithJwt(
+            email,
+            password,
+            req.headers["x-saltcorn-app"],
+            res
+          );
         else signup_login_with_user(u, req, res);
       }
     }
@@ -1008,7 +1022,7 @@ router.get(
     const { method } = req.params;
     if (method === "jwt") {
       const { email, password } = req.query;
-      await loginWithJwt(email, password, res);
+      await loginWithJwt(email, password, req.headers["x-saltcorn-app"], res);
     } else {
       const auth = getState().auth_methods[method];
       if (auth) {

package/locales/en.json

@@ -951,7 +951,6 @@
 	"Modules up-to-date": "Modules up-to-date",
 	"User must have this role or higher to read rows from the table, unless they are the owner": "User must have this role or higher to read rows from the table, unless they are the owner",
 	"User must have this role or higher to edit or create new rows in the table, unless they are the owner": "User must have this role or higher to edit or create new rows in the table, unless they are the owner",
-	"Tag": "Tag",
 	"Tagname": "Tagname",
 	"Create tag": "Create tag",
 	"Tags": "Tags",
@@ -965,6 +964,33 @@
 	"Trigger": "Trigger",
 	"Add %s to tag": "Add %s to tag",
 	"Tag %s deleted": "Tag %s deleted",
-	"Tag %s created": "Tag %s created"
-
-}
+	"Tag %s created": "Tag %s created",
+	"Application diagram": "Application diagram",
+	"Diagram": "Diagram",
+	"Entry point": "Entry point",
+	"Platform": "Platform",
+	"docker": "docker",
+	"android": "android",
+	"iOS": "iOS",
+	"App file": "App file",
+	"Server URL": "Server URL",
+	"Module %s installed, please complete configuration.": "Module %s installed, please complete configuration.",
+	"Module %s removed.": "Module %s removed.",
+	"Module %s installed": "Module %s installed",
+	"Upgrading modules...": "Upgrading modules...",
+	"Backup now": "Backup now",
+	"Snapshot now": "Snapshot now",
+	"Restore/download automated backups »": "Restore/download automated backups »",
+	"Snapshots store your application structure and definition, without the table data. Individual views and pages can be restored from snapshots from the <a href='/viewedit'>view</a> or <a href='/pageedit'>pages</a> overviews (\"Restore\" from individual page or view dropdowns).": "Snapshots store your application structure and definition, without the table data. Individual views and pages can be restored from snapshots from the <a href='/viewedit'>view</a> or <a href='/pageedit'>pages</a> overviews (\"Restore\" from individual page or view dropdowns).",
+	"List/download snapshots &raquo;": "List/download snapshots &raquo;",
+	"Discover tables that are already in the Database, but not known to Saltcorn": "Discover tables that are already in the Database, but not known to Saltcorn",
+	"Split paste": "Split paste",
+	"Separate paste content into separate inputs": "Separate paste content into separate inputs",
+	"Add entries to tag": "Add entries to tag",
+	"Add pages": "Add pages",
+	"Add triggers": "Add triggers",
+	"Formula value": "Formula value",
+	"The build was successfully": "The build was successfully",
+	"Unable to build the app:": "Unable to build the app:",
+	"Add tag": "Add tag"
+}

package/locales/ru.json

@@ -180,7 +180,7 @@
 	"Pack %s uninstalled": "Пакет %s удален",
 	"Uninstall": "Удалить",
 	"Result preview for ": "Предварительный просмотр результатов для ",
-	"Choose views for <a href=\"/search\">search results</a> for each table.<br/>Set to blank to omit table from global search.": "Выберите для каждой таблицы  представление для вывода <a href=\"/search\">результатов поиска</a>.<br/>Оставьте незаполненным, если не хотите, чтобы таблица отображалась в глобальном поиске.",
+	"Choose views for <a href=\"/search\">search results</a> for each table.<br/>Set to blank to omit table from global search.": "Выберите для каждой таблицы представление для вывода <a href=\"/search\">результатов поиска</a>.<br/>Оставьте незаполненным, если не хотите, чтобы таблица отображалась в глобальном поиске.",
 	"These tables lack suitable views: ": "Указанные таблицы не имеют представлений с поддержкой поиска: ",
 	"Search configuration": "Настройки поиска",
 	"Table saved with version history enabled": "Таблица сохранена с включенной историей версий",
@@ -303,7 +303,7 @@
 	"Clone": "Клонировать",
 	"View %s cloned as %s": "Представление %s клонировано в %s",
 	"Duplicate": "Дублировать",
-	"View %s duplicated as %s": "Представление %s задублировано в %s",
+	"View %s duplicated as %s": "Представление %s дублировано в %s",
 	"The view name will appear as the title of pop-ups showing this view, and in the URL when it is shown alone.": "Имя представления отображается как заголовок всплывающего окна или в URL, в зависимости от режима отображения.",
 	"Saltcorn version": "версия платформы",
 	"Node.js version": "версия Node.js",
@@ -337,7 +337,7 @@
 	"Subtables": "Подчиненные таблицы",
 	"List View": "Представление Список (List)",
 	"Show View": "Представление Show",
-	"Which related tables would you like to show in sub-lists below the selected item?": "Which related tables would you like to show in sub-lists below the selected item?",
+	"Which related tables would you like to show in sub-lists below the selected item?": "Какие связанные таблицы вы хотите отобразить в подчиненных списках (sub-lists) под выбранной записью?",
 	"Order and layout": "Сортировка и Макет",
 	"Order by": "Сортировка по",
 	"Descending": "В обратном порядке",
@@ -801,11 +801,11 @@
 	"Expiration in days": "Срок хранения (в днях)",
 	"Delete old backup files in this directory after the set number of days": "Старые резервные копии в этой папке будут удалять после истечения срока хранения ",
 	"Backup settings updated": "Настройки резервного копирования обновлены",
-	"Periodic snapshots enabled": "Регулярные снимки (снэпшоты) активированы",
-	"Snapshot will be made every hour if there are changes": "Снимки (снэпшоты) будут выполняться каждый час",
+	"Periodic snapshots enabled": "Регулярные снимки (снепшоты)",
+	"Snapshot will be made every hour if there are changes": "Снимки (снепшоты) будут выполняться каждый час",
 	"Manual backup": "Ручное резервное копирование",
 	"Automated backup": "Автоматическое резервное копирование",
-	"Snapshots": "Снимки (снэпшоты)",
+	"Snapshots": "Снимки (снепшоты)",
 	"Mobile app": "Мобильное приложение",
 	"Module store": "Магазин модулей",
 	"Upgrade installed modules": "Обновить установленные модули",
@@ -829,5 +829,58 @@
 	"App file": "Файл приложения",
 	"Server URL": "URL сервера",
 	"android": "android",
-	"iOS": "iOS"
+	"iOS": "iOS",
+	"Tag %s created": "Тег %s создан",
+	"%s Tag": "%s Тег",
+	"Add tables": "Добавить таблицы",
+	"Add views": "Добавить представления",
+	"Remove From Tag": "Удалить из тега",
+	"Add tages": "Добавить теги",
+	"Trigger": "Триггер",
+	"Tag": "Тег",
+	"Download snapshots": "Скачать снепшоты",
+	"Snapshots store your application structure and definition, without the table data. Individual views and pages can be restored from snapshots from the <a href='/viewedit'>view</a> or <a href='/pageedit'>pages</a> overviews (\"Restore\" from individual page or view dropdowns).": "Снепшоты сохраняют структуру приложения, но не сохраняют данные в таблицах. Конкретные представления и страницы могут быть восстановлены по ссылке <a href='/viewedit'>view</a> или <a href='/pageedit'>pages</a> (Кнопка \"Восстановить\" в выпадающем меню представления или страницы).",
+	"List/download snapshots &raquo;": "Список снепшотов &raquo;",
+	"Add %s to tag": "Добавить %s к тегу",
+	"Tagname": "Имя тега",
+	"Create tag": "Создать тег",
+	"Tags": "Теги",
+	"New tag": "Новый тег",
+	"Tag name": "Имя тега",
+	"Tag %s deleted": "Тег %s удален",
+	"Add entries to tag": "Добавить объекты в тег",
+	"Please select at least one item": "Пожалуйста добавьте хотя бы один объект",
+	"Backup now": "Сделать бекап сейчас",
+	"Snapshot now": "Сделать снепшот сейчас",
+	"Restore/download automated backups &raquo;": "Восстановить/скачать резервные копии &raquo;",
+	"No changes detected, snapshot skipped": "Нет изменений, снепшот пропущен",
+	"Pattern": "Паттерн",
+	"Add pages": "Добавить страницы",
+	"Add triggers": "Добавить триггеры",
+	"Edit Module": "Настроить Модуль",
+	"Page %s duplicated as %s": "Страница %s дублирована в %s",
+	"Auto save": "Автосохранение",
+	"Save any changes immediately": "Сохранять все изменения данных в форме немедленно",
+	"This is the view to which the user will be sent when the form is submitted. The view you specify here can be ignored depending on the context of the form, for instance if it appears in a pop-up the redirect will not take place.": "Указывается представление, куда будет перенаправлен пользователь после отправки формы. В некоторых случаях перенаправление не будет выполнено, например, если форма использована в режиме всплывающего окна.",
+	"Destination view": "Destination view",
+	"Destination URL Formula": "Destination URL Formula",
+	"Back": "Назад",
+	"Backup successful": "Резервная копия успешно создана",
+	"Save before going back": "Save before going back",
+	"Reload after going back": "Reload after going back",
+	"Steps to go back": "Steps to go back",
+	"View pattern": "Паттерн представления",
+	"The view pattern sets the foundation of how the view relates to the table and the behaviour of the view": "The view pattern sets the foundation of how the view relates to the table and the behaviour of the view",
+	"This will delete <strong>EVERYTHING</strong> in the selected categories": "Внимание! Будут удалены <strong>ВСЕ</strong> данные в выбранных категориях",
+	"Tag not found": "Тэг не найден",
+	"Build Result": "Результат сборки",
+	"Download automated backup": "Автоматически созданные резервные копии",
+	"Restoring automated backup": "Восстановление из автоматически созданной резервной копии",
+	"Download one of the backups above": "Скачать один из бекапов (файлов с резервной копией) выше",
+	"Clear this application": "Удалить ВСЕ данные в текущем приложении",
+	"(tick all boxes)": "(указав все галочки)",
+	"When prompted to create the first user, click the link to restore a backup": "Вместо создания первого пользователя, выберите Восстановление из резервной копии (restore a backup)",
+	"Select the downloaded backup file": "Выбрать скаченный бекап (файл с резервной копией)",
+	"Snapshot successful": "Снимок (Снепшот) выполнен успешно",
+	"Unable to build the app:": "Ошибка создания приложения:"
 }

package/markup/admin.js

@@ -203,6 +203,8 @@ const send_infoarch_page = (args) => {
             { text: "Multitenancy", href: "/tenant/settings" },
           ]
         : []),
+      { text: "Tags", href: "/tag" },
+      { text: "Diagram", href: "/diagram" },
     ],
     ...args,
   });
@@ -288,10 +290,7 @@ const send_admin_page = (args) => {
       { text: "Backup", href: "/admin/backup" },
       { text: "Email", href: "/admin/email" },
       { text: "System", href: "/admin/system" },
-      ...(isRoot ? [{ text: "Tag", href: "/tag" }] : []),
-      ...(isRoot
-        ? [{ text: "Mobile app", href: "/admin/build-mobile-app" }]
-        : []),
+      { text: "Mobile app", href: "/admin/build-mobile-app" },
     ],
     ...args,
   });

package/markup/expression_blurb.js

@@ -146,7 +146,7 @@ const boolExamples = (type, fields) => {
  * @returns {p[]}
  */
 const expressionBlurb = (type, stored, allFields, req) => {
-  const fields = allFields.filter((f) => !f.is_fkey && !f.calculated);
+  const fields = allFields.filter((f) => !f.calculated);
   const funs = getState().functions;
   const funNames = Object.entries(funs)
     .filter(([k, v]) => !(!stored && v.isAsync))

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.7.4-beta.2",
+  "version": "0.7.4",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.7.4-beta.2",
-    "@saltcorn/builder": "0.7.4-beta.2",
-    "@saltcorn/data": "0.7.4-beta.2",
-    "@saltcorn/admin-models": "0.7.4-beta.2",
-    "@saltcorn/markup": "0.7.4-beta.2",
-    "@saltcorn/sbadmin2": "0.7.4-beta.2",
+    "@saltcorn/base-plugin": "0.7.4",
+    "@saltcorn/builder": "0.7.4",
+    "@saltcorn/data": "0.7.4",
+    "@saltcorn/admin-models": "0.7.4",
+    "@saltcorn/markup": "0.7.4",
+    "@saltcorn/sbadmin2": "0.7.4",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "aws-sdk": "^2.1037.0",

package/public/blockly.js

@@ -403,11 +403,10 @@ function activate_blockly({ events, actions, tables }) {
       Blockly.JavaScript.ORDER_ATOMIC
     );
     // TODO: Assemble JavaScript into code variable.
-    var code = `await fetchJSON(${value_url}, { method: '${dropdown_method}'${
-      value_body
-        ? `, body: ${value_body}, headers: { "Content-Type": "application/json" }`
-        : ""
-    } })`;
+    var code = `await fetchJSON(${value_url}, { method: '${dropdown_method}'${value_body
+      ? `, body: ${value_body}, headers: { "Content-Type": "application/json" }`
+      : ""
+      } })`;
     // TODO: Change ORDER_NONE to the correct strength.
     return [code, Blockly.JavaScript.ORDER_NONE];
   };
@@ -416,6 +415,7 @@ function activate_blockly({ events, actions, tables }) {
     init: function () {
       this.appendDummyInput().appendField("Return");
       this.appendValueInput("GOTO").setCheck("String").appendField("Go to URL");
+      this.appendValueInput("POPUP").setCheck("String").appendField("Popup URL");
       this.appendDummyInput()
         .appendField("Reload page")
         .appendField(new Blockly.FieldCheckbox("FALSE"), "RELOAD");
@@ -434,6 +434,11 @@ function activate_blockly({ events, actions, tables }) {
       "GOTO",
       Blockly.JavaScript.ORDER_ATOMIC
     );
+    var value_popup = Blockly.JavaScript.valueToCode(
+      block,
+      "POPUP",
+      Blockly.JavaScript.ORDER_ATOMIC
+    );
     var checkbox_reload = block.getFieldValue("RELOAD") == "TRUE";
     var value_notify = Blockly.JavaScript.valueToCode(
       block,
@@ -443,6 +448,7 @@ function activate_blockly({ events, actions, tables }) {
     // TODO: Assemble JavaScript into code variable.
     let s = "";
     if (value_goto) s += `goto: ${value_goto},`;
+    if (value_popup) s += `popup: ${value_popup},`;
     if (value_notify) s += `notify: ${value_notify},`;
     if (checkbox_reload) s += `reload_page: true,`;
     var code = `return {${s}};\n`;

package/public/gridedit.js

@@ -4,7 +4,10 @@ function showHideCol(nm, e) {
 }
 
 function lookupIntToString(cell, formatterParams, onRendered) {
-  const val = `${cell.getValue()}`;
+  const cellVal = cell.getValue()
+  const val = typeof cellVal === "object" && cellVal !== null
+    ? `${cellVal.id}`
+    : `${cellVal}`;
   const res = formatterParams.values[val];
   return res;
 }
@@ -150,6 +153,8 @@ function delete_tabulator_row(e, cell) {
   if (def && def.formatterParams && def.formatterParams.confirm) {
     if (!confirm("Are you sure you want to delete this row?")) return;
   }
+  const tableName = def?.formatterParams?.tableName || window.tabulator_table_name
+
   const row = cell.getRow().getData();
   if (!row.id) {
     cell.getRow().delete();
@@ -157,7 +162,7 @@ function delete_tabulator_row(e, cell) {
   }
   $.ajax({
     type: "DELETE",
-    url: `/api/${window.tabulator_table_name}/${row.id}`,
+    url: `/api/${tableName}/${row.id}`,
     data: row, // to process primary keys different from id
     headers: {
       "CSRF-Token": _sc_globalCsrf,