@saltcorn/server 0.7.4-beta.3 → 0.8.0-beta.0

package/app.js

@@ -85,6 +85,8 @@ const getApp = async (opts = {}) => {
   const development_mode = getState().getConfig("development_mode", false);
   // switch on sql logging - but it was initiated before???
   if (getState().getConfig("log_sql", false)) db.set_sql_logging();
+  // for multi-tenant with localhost, we need 1 instead of the default of 2
+  if (opts.subdomainOffset) app.set("subdomain offset", opts.subdomainOffset);
 
   // https://www.npmjs.com/package/helmet
   // helmet is secure app by adding HTTP headers
@@ -120,12 +122,10 @@ const getApp = async (opts = {}) => {
   app.use(passport.initialize());
   app.use(passport.authenticate(["jwt", "session"]));
   app.use((req, res, next) => {
-    if (jwt_extractor(req) && req.cookies && req.cookies["connect.sid"])
-      throw new Error(
-        "Don't set a session cookie and JSON Web Token at the same time."
-      );
-    next();
-  });
+    // no jwt and session id at the same time
+    if (!(jwt_extractor(req) && req.cookies && req.cookies["connect.sid"]))
+      next();
+    });
   app.use(flash());
 
   //static serving
@@ -168,6 +168,15 @@ const getApp = async (opts = {}) => {
       }
     )
   );
+  app.use(
+    `/static_assets/${version_tag}`,
+    express.static(
+      path.dirname(require.resolve("@saltcorn/filemanager/package.json")) + "/public/build",
+      {
+        maxAge: development_mode ? 0 : "100d",
+      }
+    )
+  );
 
   passport.use(
     "local",
@@ -225,8 +234,9 @@ const getApp = async (opts = {}) => {
     })
   );
   passport.use(
-    new JwtStrategy(jwtOpts, (jwt_payload, done) => {
-      User.findOne({ email: jwt_payload.sub }).then((u) => {
+    new JwtStrategy(jwtOpts, async (jwt_payload, done) => {
+      const userCheck = async () => {
+        const u = await User.findOne({ email: jwt_payload.sub });
         if (
           u &&
           u.last_mobile_login &&
@@ -242,7 +252,16 @@ const getApp = async (opts = {}) => {
         } else {
           return done(null, { role_id: 10 });
         }
-      });
+      };
+      if (
+        db.is_it_multi_tenant() &&
+        jwt_payload.tenant?.length > 0 &&
+        jwt_payload.tenant !== db.connectObj.default_schema
+      ) {
+        return await db.runWithTenant(jwt_payload.tenant, userCheck);
+      } else {
+        return await userCheck();
+      }
     })
   );
   passport.use(
@@ -259,6 +278,12 @@ const getApp = async (opts = {}) => {
   passport.deserializeUser(function (user, done) {
     done(null, user);
   });
+  app.use(function (req, res, next) {
+    if (req.headers["x-saltcorn-client"] === "mobile-app") {
+      req.smr = true; // saltcorn-mobile-request
+    }
+    return next();
+  });
   app.use(setTenant);
 
   // Change into s3storage compatible selector
@@ -267,12 +292,15 @@ const getApp = async (opts = {}) => {
   app.use(s3storage.middlewareTransform);
 
   app.use(wrapper(version_tag));
+
   const csurf = csrf();
   if (!opts.disableCsrf)
     app.use(function (req, res, next) {
       if (
-        req.url.startsWith("/api/") ||
-        req.url === "/auth/login-with/jwt" ||
+        (req.smr &&
+          (req.url.startsWith("/api/") ||
+            req.url === "/auth/login-with/jwt" ||
+            req.url === "/auth/signup")) ||
         jwt_extractor(req)
       )
         return disabledCsurf(req, res, next);
@@ -280,13 +308,6 @@ const getApp = async (opts = {}) => {
     });
   else app.use(disabledCsurf);
 
-  app.use(function (req, res, next) {
-    if (req.headers["x-saltcorn-client"] === "mobile-app") {
-      req.smr = true; // saltcorn-mobile-request
-    }
-    return next();
-  });
-
   mountRoutes(app);
   // set tenant homepage as / root
   app.get("/", error_catcher(homepage));
@@ -327,13 +348,13 @@ Sitemap: ${base}sitemap.xml
     <urlset
           xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     ${urls
-      .map(
-        (url) => `<url>
+          .map(
+            (url) => `<url>
       <loc>${url}</loc>
       <lastmod>${now}</lastmod>      
     </url>`
-      )
-      .join("")}
+          )
+          .join("")}
     
     </urlset>`);
     })

package/auth/admin.js

@@ -38,7 +38,9 @@ const {
   is_hsts_tld,
 } = require("../markup/admin");
 const { send_verification_email } = require("@saltcorn/data/models/email");
-
+const {
+  expressionValidator,
+} = require("@saltcorn/data/models/expression");
 /**
  * @type {object}
  * @const
@@ -177,33 +179,33 @@ const user_dropdown = (user, req, can_reset) =>
       req
     ),
     can_reset &&
-      post_dropdown_item(
-        `/useradmin/reset-password/${user.id}`,
-        '<i class="fas fa-envelope"></i>&nbsp;' +
-          req.__("Send password reset email"),
-        req
-      ),
+    post_dropdown_item(
+      `/useradmin/reset-password/${user.id}`,
+      '<i class="fas fa-envelope"></i>&nbsp;' +
+      req.__("Send password reset email"),
+      req
+    ),
     can_reset &&
-      !user.verified_on &&
-      getState().getConfig("verification_view", "") &&
-      post_dropdown_item(
-        `/useradmin/send-verification/${user.id}`,
-        '<i class="fas fa-envelope"></i>&nbsp;' +
-          req.__("Send verification email"),
-        req
-      ),
+    !user.verified_on &&
+    getState().getConfig("verification_view", "") &&
+    post_dropdown_item(
+      `/useradmin/send-verification/${user.id}`,
+      '<i class="fas fa-envelope"></i>&nbsp;' +
+      req.__("Send verification email"),
+      req
+    ),
     user.disabled &&
-      post_dropdown_item(
-        `/useradmin/enable/${user.id}`,
-        '<i class="fas fa-play"></i>&nbsp;' + req.__("Enable"),
-        req
-      ),
+    post_dropdown_item(
+      `/useradmin/enable/${user.id}`,
+      '<i class="fas fa-play"></i>&nbsp;' + req.__("Enable"),
+      req
+    ),
     !user.disabled &&
-      post_dropdown_item(
-        `/useradmin/disable/${user.id}`,
-        '<i class="fas fa-pause"></i>&nbsp;' + req.__("Disable"),
-        req
-      ),
+    post_dropdown_item(
+      `/useradmin/disable/${user.id}`,
+      '<i class="fas fa-pause"></i>&nbsp;' + req.__("Disable"),
+      req
+    ),
     div({ class: "dropdown-divider" }),
     post_dropdown_item(
       `/useradmin/delete/${user.id}`,
@@ -257,8 +259,8 @@ router.get(
                 key: (r) =>
                   !!r.verified_on
                     ? i({
-                        class: "fas fa-check-circle text-success",
-                      })
+                      class: "fas fa-check-circle text-success",
+                    })
                     : "",
               },
               { label: req.__("Role"), key: (r) => roleMap[r.role_id] },
@@ -421,15 +423,15 @@ router.get(
         above: [
           ...(letsencrypt && has_custom
             ? [
-                {
-                  type: "card",
-                  contents: p(
-                    req.__(
-                      "You have enabled both Let's Encrypt certificates and custom SSL certificates. Let's Encrypt takes priority and the custom certificates will be ignored."
-                    )
-                  ),
-                },
-              ]
+              {
+                type: "card",
+                contents: p(
+                  req.__(
+                    "You have enabled both Let's Encrypt certificates and custom SSL certificates. Let's Encrypt takes priority and the custom certificates will be ignored."
+                  )
+                ),
+              },
+            ]
             : []),
           {
             type: "card",
@@ -450,33 +452,33 @@ router.get(
               ),
               letsencrypt
                 ? post_btn(
-                    "/config/delete/letsencrypt",
-                    req.__("Disable LetsEncrypt HTTPS"),
-                    req.csrfToken(),
-                    { btnClass: "btn-danger", req }
-                  )
+                  "/config/delete/letsencrypt",
+                  req.__("Disable LetsEncrypt HTTPS"),
+                  req.csrfToken(),
+                  { btnClass: "btn-danger", req }
+                )
                 : post_btn(
-                    "/admin/enable-letsencrypt",
-                    req.__("Enable LetsEncrypt HTTPS"),
-                    req.csrfToken(),
-                    { confirm: true, req }
-                  ),
+                  "/admin/enable-letsencrypt",
+                  req.__("Enable LetsEncrypt HTTPS"),
+                  req.csrfToken(),
+                  { confirm: true, req }
+                ),
               !letsencrypt &&
-                show_warning &&
-                !has_custom &&
-                div(
-                  { class: "mt-3 alert alert-danger" },
-                  p(
-                    req.__(
-                      "The address you are using to reach Saltcorn does not match the Base URL."
-                    )
-                  ),
-                  p(
-                    req.__(
-                      "The DNS A records (for * and @, or a subdomain) should point to this server's IP address before enabling LetsEncrypt"
-                    )
+              show_warning &&
+              !has_custom &&
+              div(
+                { class: "mt-3 alert alert-danger" },
+                p(
+                  req.__(
+                    "The address you are using to reach Saltcorn does not match the Base URL."
                   )
                 ),
+                p(
+                  req.__(
+                    "The DNS A records (for * and @, or a subdomain) should point to this server's IP address before enabling LetsEncrypt"
+                  )
+                )
+              ),
             ],
           },
           {
@@ -570,8 +572,8 @@ router.post(
       req.flash(
         "success",
         req.__("Custom SSL enabled. Restart for changes to take effect.") +
-          " " +
-          a({ href: "/admin/system" }, req.__("Restart here"))
+        " " +
+        a({ href: "/admin/system" }, req.__("Restart here"))
       );
       if (!req.xhr) {
         res.redirect("/useradmin/ssl");
@@ -580,6 +582,103 @@ router.post(
   })
 );
 
+/**
+ * @name get/ssl/custom
+ * @function
+ * @memberof module:auth/admin~auth/adminRouter
+ */
+router.get(
+  "/table-access",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const tables = await Table.find()
+    const roleOptions = (await User.get_roles()).map((r) => ({
+      value: r.id,
+      label: r.role,
+    }));
+
+    const contents = []
+    for (const table of tables) {
+      if (table.external) continue
+      const fields = await table.getFields();
+      const userFields = fields
+        .filter((f) => f.reftable_name === "users")
+        .map((f) => ({ value: f.id, label: f.name }));
+      const form = new Form({
+        action: "/table",
+        noSubmitButton: true,
+        onChange: "saveAndContinue(this)",
+        fields: [
+          {
+            label: req.__("Ownership field"),
+            name: "ownership_field_id",
+            sublabel: req.__(
+              "The user referred to in this field will be the owner of the row"
+            ),
+            input_type: "select",
+            options: [
+              { value: "", label: req.__("None") },
+              ...userFields,
+              { value: "_formula", label: req.__("Formula") },
+            ],
+          },
+          {
+            name: "ownership_formula",
+            label: req.__("Ownership formula"),
+            validator: expressionValidator,
+            type: "String",
+            class: "validate-expression",
+            sublabel:
+              req.__("User is treated as owner if true. In scope: ") +
+              ["user", ...fields.map((f) => f.name)]
+                .map((fn) => code(fn))
+                .join(", "),
+            showIf: { ownership_field_id: "_formula" },
+          },
+          {
+            label: req.__("Minimum role to read"),
+            sublabel: req.__(
+              "User must have this role or higher to read rows from the table, unless they are the owner"
+            ),
+            name: "min_role_read",
+            input_type: "select",
+            options: roleOptions,
+            attributes: { asideNext: true }
+          },
+          {
+            label: req.__("Minimum role to write"),
+            name: "min_role_write",
+            input_type: "select",
+            sublabel: req.__(
+              "User must have this role or higher to edit or create new rows in the table, unless they are the owner"
+            ),
+            options: roleOptions,
+          },
+        ]
+      })
+      form.hidden("id", "name");
+      form.values = table
+      if (table.ownership_formula && !table.ownership_field_id)
+        form.values.ownership_field_id = "_formula";
+      contents.push(div(
+        h5(a({ href: `/table/${table.id}` }, table.name)),
+        renderForm(form, req.csrfToken())
+      ))
+    }
+    send_users_page({
+      res,
+      req,
+      active_sub: "Table access",
+      contents: {
+        type: "card",
+        title: req.__("Table access"),
+        contents
+      },
+    });
+  })
+);
+
+
 /**
  * @name get/:id
  * @function
@@ -613,9 +712,9 @@ router.get(
               div(
                 user.api_token
                   ? span(
-                      { class: "me-1" },
-                      req.__("API token for this user: ")
-                    ) + code(user.api_token)
+                    { class: "me-1" },
+                    req.__("API token for this user: ")
+                  ) + code(user.api_token)
                   : req.__("No API token issued")
               ),
               // button for reset or generate api token
@@ -629,16 +728,16 @@ router.get(
               ),
               // button for remove api token
               user.api_token &&
-                div(
-                  { class: "mt-4 ms-2 d-inline-block" },
-                  post_btn(
-                    `/useradmin/remove-api-token/${user.id}`,
-                    // TBD localization
-                    user.api_token ? req.__("Remove") : req.__("Generate"),
-                    req.csrfToken(),
-                    { req: req, confirm: true }
-                  )
-                ),
+              div(
+                { class: "mt-4 ms-2 d-inline-block" },
+                post_btn(
+                  `/useradmin/remove-api-token/${user.id}`,
+                  // TBD localization
+                  user.api_token ? req.__("Remove") : req.__("Generate"),
+                  req.csrfToken(),
+                  { req: req, confirm: true }
+                )
+              ),
             ],
           },
         ],

package/auth/routes.js

@@ -199,33 +199,66 @@ const getAuthLinks = (current, noMethods) => {
   return links;
 };
 
-const loginWithJwt = async (email, password, res) => {
-  const user = await User.findOne({ email });
-  if (user && user.checkPassword(password)) {
-    const now = new Date();
+const loginWithJwt = async (email, password, saltcornApp, res) => {
+  const loginFn = async () => {
+    const publicUserLink = getState().getConfig("public_user_link");
     const jwt_secret = db.connectObj.jwt_secret;
-    const token = jwt.sign(
-      {
-        sub: email,
-        user: {
-          id: user.id,
-          email: user.email,
-          role_id: user.role_id,
-          language: user.language ? user.language : "en",
-          disabled: user.disabled,
+    if (email && password) {
+      // with credentials
+      const user = await User.findOne({ email });
+      if (user && user.checkPassword(password)) {
+        const now = new Date();
+        const token = jwt.sign(
+          {
+            sub: email,
+            user: {
+              id: user.id,
+              email: user.email,
+              role_id: user.role_id,
+              language: user.language ? user.language : "en",
+              disabled: user.disabled,
+            },
+            iss: "saltcorn@saltcorn",
+            aud: "saltcorn-mobile-app",
+            iat: now.valueOf(),
+            tenant: db.getTenantSchema(),
+          },
+          jwt_secret
+        );
+        if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
+        res.json(token);
+      } else {
+        res.json({
+          alerts: [{ type: "danger", msg: "Incorrect user or password" }],
+        });
+      }
+    } else if (publicUserLink) {
+      // public login
+      const token = jwt.sign(
+        {
+          sub: "public",
+          user: {
+            role_id: 10,
+            language: "en",
+          },
+          iss: "saltcorn@saltcorn",
+          aud: "saltcorn-mobile-app",
+          iat: new Date().valueOf(),
+          tenant: db.getTenantSchema(),
         },
-        iss: "saltcorn@saltcorn",
-        aud: "saltcorn-mobile-app",
-        iat: now.valueOf(),
-      },
-      jwt_secret
-    );
-    if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
-    res.json(token);
+        jwt_secret
+      );
+      res.json(token);
+    } else {
+      res.json({
+        alerts: [{ type: "danger", msg: "The public login is deactivated" }],
+      });
+    }
+  };
+  if (saltcornApp && saltcornApp !== db.connectObj.default_schema) {
+    await db.runWithTenant(saltcornApp, loginFn);
   } else {
-    res.json({
-      alerts: [{ type: "danger", msg: "Incorrect user or password" }],
-    });
+    await loginFn();
   }
 };
 
@@ -899,7 +932,13 @@ router.post(
       } else {
         const u = await User.create({ email, password });
         await send_verification_email(u, req);
-        if (req.smr) await loginWithJwt(email, password, res);
+        if (req.smr)
+          await loginWithJwt(
+            email,
+            password,
+            req.headers["x-saltcorn-app"],
+            res
+          );
         else signup_login_with_user(u, req, res);
       }
     }
@@ -1008,7 +1047,7 @@ router.get(
     const { method } = req.params;
     if (method === "jwt") {
       const { email, password } = req.query;
-      await loginWithJwt(email, password, res);
+      await loginWithJwt(email, password, req.headers["x-saltcorn-app"], res);
     } else {
       const auth = getState().auth_methods[method];
       if (auth) {
@@ -1144,7 +1183,7 @@ const setLanguageForm = (req, user) =>
         option(
           {
             value: locale,
-            ...(user && user.language === locale && { selected: true }),
+            ...(((user && user.language === locale) || (user && !user.language && req.getLocale() === locale)) && { selected: true }),
           },
           language
         )
@@ -1368,7 +1407,7 @@ router.get(
       return;
     }
     res.sendWrap(
-      req.__("User settings"),
+      req.__("User settings") || "User settings",
       await userSettings({ req, res, pwform: changPwForm(req), user })
     );
   })

package/locales/en.json

@@ -983,5 +983,57 @@
 	"Restore/download automated backups »": "Restore/download automated backups »",
 	"Snapshots store your application structure and definition, without the table data. Individual views and pages can be restored from snapshots from the <a href='/viewedit'>view</a> or <a href='/pageedit'>pages</a> overviews (\"Restore\" from individual page or view dropdowns).": "Snapshots store your application structure and definition, without the table data. Individual views and pages can be restored from snapshots from the <a href='/viewedit'>view</a> or <a href='/pageedit'>pages</a> overviews (\"Restore\" from individual page or view dropdowns).",
 	"List/download snapshots &raquo;": "List/download snapshots &raquo;",
-	"Discover tables that are already in the Database, but not known to Saltcorn": "Discover tables that are already in the Database, but not known to Saltcorn"
-}
+	"Discover tables that are already in the Database, but not known to Saltcorn": "Discover tables that are already in the Database, but not known to Saltcorn",
+	"Split paste": "Split paste",
+	"Separate paste content into separate inputs": "Separate paste content into separate inputs",
+	"Add entries to tag": "Add entries to tag",
+	"Add pages": "Add pages",
+	"Add triggers": "Add triggers",
+	"Formula value": "Formula value",
+	"The build was successfully": "The build was successfully",
+	"Unable to build the app": "Unable to build the app",
+	"Add tag": "Add tag",
+	"Create new row": "Create new row",
+	"Specify how to create a new row": "Specify how to create a new row",
+	"Preview": "Preview",
+	"Minimum role updated": "Minimum role updated",
+	"Module not found": "Module not found",
+	"View %s not found": "View %s not found",
+	"Query %s not found": "Query %s not found",
+	"Open": "Open",
+	"Only the android build supports docker.": "Only the android build supports docker.",
+	"Please enter a valid server URL.": "Please enter a valid server URL.",
+	"Table access": "Table access",
+	"Download one of the backups above": "Download one of the backups above",
+	"Clear this application": "Clear this application",
+	"(tick all boxes)": "(tick all boxes)",
+	"When prompted to create the first user, click the link to restore a backup": "When prompted to create the first user, click the link to restore a backup",
+	"Select the downloaded backup file": "Select the downloaded backup file",
+	"Units": "Units",
+	"Descending?": "Descending?",
+	"Small": "Small",
+	"Medium": "Medium",
+	"Large": "Large",
+	"Extra-large": "Extra-large",
+	"Please select at least one item": "Please select at least one item",
+	"Only include rows where this formula is true. ": "Only include rows where this formula is true. ",
+	"Use %s to access current user ID": "Use %s to access current user ID",
+	"Action not found": "Action not found",
+	"Development settings": "Development settings",
+	"All entities": "All entities",
+	"no tags": "no tags",
+	"Development mode settings updated": "Development mode settings updated",
+	"Locale identifier short code, e.g. en, zh, fr, ar etc. ": "Locale identifier short code, e.g. en, zh, fr, ar etc. ",
+	"Is this the default language in which the application is built?": "Is this the default language in which the application is built?",
+	"Database type": "Database type",
+	"Database schema name": "Database schema name",
+	"Database user": "Database user",
+	"Database host": "Database host",
+	"Database port": "Database port",
+	"Creator email": "Creator email",
+	"Create tenant warning text": "Create tenant warning text",
+	"Provide your own create warning text if need": "Provide your own create warning text if need",
+	"Specify some description for tenant if need": "Specify some description for tenant if need",
+	"Created": "Created",
+	"First user E-mail": "First user E-mail"
+}