@saltcorn/server 0.7.4 → 0.8.0-beta.0

package/app.js

@@ -122,12 +122,10 @@ const getApp = async (opts = {}) => {
   app.use(passport.initialize());
   app.use(passport.authenticate(["jwt", "session"]));
   app.use((req, res, next) => {
-    if (jwt_extractor(req) && req.cookies && req.cookies["connect.sid"])
-      throw new Error(
-        "Don't set a session cookie and JSON Web Token at the same time."
-      );
-    next();
-  });
+    // no jwt and session id at the same time
+    if (!(jwt_extractor(req) && req.cookies && req.cookies["connect.sid"]))
+      next();
+    });
   app.use(flash());
 
   //static serving
@@ -170,6 +168,15 @@ const getApp = async (opts = {}) => {
       }
     )
   );
+  app.use(
+    `/static_assets/${version_tag}`,
+    express.static(
+      path.dirname(require.resolve("@saltcorn/filemanager/package.json")) + "/public/build",
+      {
+        maxAge: development_mode ? 0 : "100d",
+      }
+    )
+  );
 
   passport.use(
     "local",
@@ -248,7 +255,7 @@ const getApp = async (opts = {}) => {
       };
       if (
         db.is_it_multi_tenant() &&
-        jwt_payload.tenant?.length > 0 && 
+        jwt_payload.tenant?.length > 0 &&
         jwt_payload.tenant !== db.connectObj.default_schema
       ) {
         return await db.runWithTenant(jwt_payload.tenant, userCheck);
@@ -341,13 +348,13 @@ Sitemap: ${base}sitemap.xml
     <urlset
           xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     ${urls
-      .map(
-        (url) => `<url>
+          .map(
+            (url) => `<url>
       <loc>${url}</loc>
       <lastmod>${now}</lastmod>      
     </url>`
-      )
-      .join("")}
+          )
+          .join("")}
     
     </urlset>`);
     })

package/auth/admin.js

@@ -38,7 +38,9 @@ const {
   is_hsts_tld,
 } = require("../markup/admin");
 const { send_verification_email } = require("@saltcorn/data/models/email");
-
+const {
+  expressionValidator,
+} = require("@saltcorn/data/models/expression");
 /**
  * @type {object}
  * @const
@@ -177,33 +179,33 @@ const user_dropdown = (user, req, can_reset) =>
       req
     ),
     can_reset &&
-      post_dropdown_item(
-        `/useradmin/reset-password/${user.id}`,
-        '<i class="fas fa-envelope"></i>&nbsp;' +
-          req.__("Send password reset email"),
-        req
-      ),
+    post_dropdown_item(
+      `/useradmin/reset-password/${user.id}`,
+      '<i class="fas fa-envelope"></i>&nbsp;' +
+      req.__("Send password reset email"),
+      req
+    ),
     can_reset &&
-      !user.verified_on &&
-      getState().getConfig("verification_view", "") &&
-      post_dropdown_item(
-        `/useradmin/send-verification/${user.id}`,
-        '<i class="fas fa-envelope"></i>&nbsp;' +
-          req.__("Send verification email"),
-        req
-      ),
+    !user.verified_on &&
+    getState().getConfig("verification_view", "") &&
+    post_dropdown_item(
+      `/useradmin/send-verification/${user.id}`,
+      '<i class="fas fa-envelope"></i>&nbsp;' +
+      req.__("Send verification email"),
+      req
+    ),
     user.disabled &&
-      post_dropdown_item(
-        `/useradmin/enable/${user.id}`,
-        '<i class="fas fa-play"></i>&nbsp;' + req.__("Enable"),
-        req
-      ),
+    post_dropdown_item(
+      `/useradmin/enable/${user.id}`,
+      '<i class="fas fa-play"></i>&nbsp;' + req.__("Enable"),
+      req
+    ),
     !user.disabled &&
-      post_dropdown_item(
-        `/useradmin/disable/${user.id}`,
-        '<i class="fas fa-pause"></i>&nbsp;' + req.__("Disable"),
-        req
-      ),
+    post_dropdown_item(
+      `/useradmin/disable/${user.id}`,
+      '<i class="fas fa-pause"></i>&nbsp;' + req.__("Disable"),
+      req
+    ),
     div({ class: "dropdown-divider" }),
     post_dropdown_item(
       `/useradmin/delete/${user.id}`,
@@ -257,8 +259,8 @@ router.get(
                 key: (r) =>
                   !!r.verified_on
                     ? i({
-                        class: "fas fa-check-circle text-success",
-                      })
+                      class: "fas fa-check-circle text-success",
+                    })
                     : "",
               },
               { label: req.__("Role"), key: (r) => roleMap[r.role_id] },
@@ -421,15 +423,15 @@ router.get(
         above: [
           ...(letsencrypt && has_custom
             ? [
-                {
-                  type: "card",
-                  contents: p(
-                    req.__(
-                      "You have enabled both Let's Encrypt certificates and custom SSL certificates. Let's Encrypt takes priority and the custom certificates will be ignored."
-                    )
-                  ),
-                },
-              ]
+              {
+                type: "card",
+                contents: p(
+                  req.__(
+                    "You have enabled both Let's Encrypt certificates and custom SSL certificates. Let's Encrypt takes priority and the custom certificates will be ignored."
+                  )
+                ),
+              },
+            ]
             : []),
           {
             type: "card",
@@ -450,33 +452,33 @@ router.get(
               ),
               letsencrypt
                 ? post_btn(
-                    "/config/delete/letsencrypt",
-                    req.__("Disable LetsEncrypt HTTPS"),
-                    req.csrfToken(),
-                    { btnClass: "btn-danger", req }
-                  )
+                  "/config/delete/letsencrypt",
+                  req.__("Disable LetsEncrypt HTTPS"),
+                  req.csrfToken(),
+                  { btnClass: "btn-danger", req }
+                )
                 : post_btn(
-                    "/admin/enable-letsencrypt",
-                    req.__("Enable LetsEncrypt HTTPS"),
-                    req.csrfToken(),
-                    { confirm: true, req }
-                  ),
+                  "/admin/enable-letsencrypt",
+                  req.__("Enable LetsEncrypt HTTPS"),
+                  req.csrfToken(),
+                  { confirm: true, req }
+                ),
               !letsencrypt &&
-                show_warning &&
-                !has_custom &&
-                div(
-                  { class: "mt-3 alert alert-danger" },
-                  p(
-                    req.__(
-                      "The address you are using to reach Saltcorn does not match the Base URL."
-                    )
-                  ),
-                  p(
-                    req.__(
-                      "The DNS A records (for * and @, or a subdomain) should point to this server's IP address before enabling LetsEncrypt"
-                    )
+              show_warning &&
+              !has_custom &&
+              div(
+                { class: "mt-3 alert alert-danger" },
+                p(
+                  req.__(
+                    "The address you are using to reach Saltcorn does not match the Base URL."
                   )
                 ),
+                p(
+                  req.__(
+                    "The DNS A records (for * and @, or a subdomain) should point to this server's IP address before enabling LetsEncrypt"
+                  )
+                )
+              ),
             ],
           },
           {
@@ -570,8 +572,8 @@ router.post(
       req.flash(
         "success",
         req.__("Custom SSL enabled. Restart for changes to take effect.") +
-          " " +
-          a({ href: "/admin/system" }, req.__("Restart here"))
+        " " +
+        a({ href: "/admin/system" }, req.__("Restart here"))
       );
       if (!req.xhr) {
         res.redirect("/useradmin/ssl");
@@ -580,6 +582,103 @@ router.post(
   })
 );
 
+/**
+ * @name get/ssl/custom
+ * @function
+ * @memberof module:auth/admin~auth/adminRouter
+ */
+router.get(
+  "/table-access",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const tables = await Table.find()
+    const roleOptions = (await User.get_roles()).map((r) => ({
+      value: r.id,
+      label: r.role,
+    }));
+
+    const contents = []
+    for (const table of tables) {
+      if (table.external) continue
+      const fields = await table.getFields();
+      const userFields = fields
+        .filter((f) => f.reftable_name === "users")
+        .map((f) => ({ value: f.id, label: f.name }));
+      const form = new Form({
+        action: "/table",
+        noSubmitButton: true,
+        onChange: "saveAndContinue(this)",
+        fields: [
+          {
+            label: req.__("Ownership field"),
+            name: "ownership_field_id",
+            sublabel: req.__(
+              "The user referred to in this field will be the owner of the row"
+            ),
+            input_type: "select",
+            options: [
+              { value: "", label: req.__("None") },
+              ...userFields,
+              { value: "_formula", label: req.__("Formula") },
+            ],
+          },
+          {
+            name: "ownership_formula",
+            label: req.__("Ownership formula"),
+            validator: expressionValidator,
+            type: "String",
+            class: "validate-expression",
+            sublabel:
+              req.__("User is treated as owner if true. In scope: ") +
+              ["user", ...fields.map((f) => f.name)]
+                .map((fn) => code(fn))
+                .join(", "),
+            showIf: { ownership_field_id: "_formula" },
+          },
+          {
+            label: req.__("Minimum role to read"),
+            sublabel: req.__(
+              "User must have this role or higher to read rows from the table, unless they are the owner"
+            ),
+            name: "min_role_read",
+            input_type: "select",
+            options: roleOptions,
+            attributes: { asideNext: true }
+          },
+          {
+            label: req.__("Minimum role to write"),
+            name: "min_role_write",
+            input_type: "select",
+            sublabel: req.__(
+              "User must have this role or higher to edit or create new rows in the table, unless they are the owner"
+            ),
+            options: roleOptions,
+          },
+        ]
+      })
+      form.hidden("id", "name");
+      form.values = table
+      if (table.ownership_formula && !table.ownership_field_id)
+        form.values.ownership_field_id = "_formula";
+      contents.push(div(
+        h5(a({ href: `/table/${table.id}` }, table.name)),
+        renderForm(form, req.csrfToken())
+      ))
+    }
+    send_users_page({
+      res,
+      req,
+      active_sub: "Table access",
+      contents: {
+        type: "card",
+        title: req.__("Table access"),
+        contents
+      },
+    });
+  })
+);
+
+
 /**
  * @name get/:id
  * @function
@@ -613,9 +712,9 @@ router.get(
               div(
                 user.api_token
                   ? span(
-                      { class: "me-1" },
-                      req.__("API token for this user: ")
-                    ) + code(user.api_token)
+                    { class: "me-1" },
+                    req.__("API token for this user: ")
+                  ) + code(user.api_token)
                   : req.__("No API token issued")
               ),
               // button for reset or generate api token
@@ -629,16 +728,16 @@ router.get(
               ),
               // button for remove api token
               user.api_token &&
-                div(
-                  { class: "mt-4 ms-2 d-inline-block" },
-                  post_btn(
-                    `/useradmin/remove-api-token/${user.id}`,
-                    // TBD localization
-                    user.api_token ? req.__("Remove") : req.__("Generate"),
-                    req.csrfToken(),
-                    { req: req, confirm: true }
-                  )
-                ),
+              div(
+                { class: "mt-4 ms-2 d-inline-block" },
+                post_btn(
+                  `/useradmin/remove-api-token/${user.id}`,
+                  // TBD localization
+                  user.api_token ? req.__("Remove") : req.__("Generate"),
+                  req.csrfToken(),
+                  { req: req, confirm: true }
+                )
+              ),
             ],
           },
         ],

package/auth/routes.js

@@ -201,32 +201,57 @@ const getAuthLinks = (current, noMethods) => {
 
 const loginWithJwt = async (email, password, saltcornApp, res) => {
   const loginFn = async () => {
-    const user = await User.findOne({ email });
-    if (user && user.checkPassword(password)) {
-      const now = new Date();
-      const jwt_secret = db.connectObj.jwt_secret;
+    const publicUserLink = getState().getConfig("public_user_link");
+    const jwt_secret = db.connectObj.jwt_secret;
+    if (email && password) {
+      // with credentials
+      const user = await User.findOne({ email });
+      if (user && user.checkPassword(password)) {
+        const now = new Date();
+        const token = jwt.sign(
+          {
+            sub: email,
+            user: {
+              id: user.id,
+              email: user.email,
+              role_id: user.role_id,
+              language: user.language ? user.language : "en",
+              disabled: user.disabled,
+            },
+            iss: "saltcorn@saltcorn",
+            aud: "saltcorn-mobile-app",
+            iat: now.valueOf(),
+            tenant: db.getTenantSchema(),
+          },
+          jwt_secret
+        );
+        if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
+        res.json(token);
+      } else {
+        res.json({
+          alerts: [{ type: "danger", msg: "Incorrect user or password" }],
+        });
+      }
+    } else if (publicUserLink) {
+      // public login
       const token = jwt.sign(
         {
-          sub: email,
+          sub: "public",
           user: {
-            id: user.id,
-            email: user.email,
-            role_id: user.role_id,
-            language: user.language ? user.language : "en",
-            disabled: user.disabled,
+            role_id: 10,
+            language: "en",
           },
           iss: "saltcorn@saltcorn",
           aud: "saltcorn-mobile-app",
-          iat: now.valueOf(),
+          iat: new Date().valueOf(),
           tenant: db.getTenantSchema(),
         },
         jwt_secret
       );
-      if (!user.last_mobile_login) await user.updateLastMobileLogin(now);
       res.json(token);
     } else {
       res.json({
-        alerts: [{ type: "danger", msg: "Incorrect user or password" }],
+        alerts: [{ type: "danger", msg: "The public login is deactivated" }],
       });
     }
   };
@@ -1158,7 +1183,7 @@ const setLanguageForm = (req, user) =>
         option(
           {
             value: locale,
-            ...(user && user.language === locale && { selected: true }),
+            ...(((user && user.language === locale) || (user && !user.language && req.getLocale() === locale)) && { selected: true }),
           },
           language
         )
@@ -1382,7 +1407,7 @@ router.get(
       return;
     }
     res.sendWrap(
-      req.__("User settings"),
+      req.__("User settings") || "User settings",
       await userSettings({ req, res, pwform: changPwForm(req), user })
     );
   })

package/locales/en.json

@@ -991,6 +991,49 @@
 	"Add triggers": "Add triggers",
 	"Formula value": "Formula value",
 	"The build was successfully": "The build was successfully",
-	"Unable to build the app:": "Unable to build the app:",
-	"Add tag": "Add tag"
-}
+	"Unable to build the app": "Unable to build the app",
+	"Add tag": "Add tag",
+	"Create new row": "Create new row",
+	"Specify how to create a new row": "Specify how to create a new row",
+	"Preview": "Preview",
+	"Minimum role updated": "Minimum role updated",
+	"Module not found": "Module not found",
+	"View %s not found": "View %s not found",
+	"Query %s not found": "Query %s not found",
+	"Open": "Open",
+	"Only the android build supports docker.": "Only the android build supports docker.",
+	"Please enter a valid server URL.": "Please enter a valid server URL.",
+	"Table access": "Table access",
+	"Download one of the backups above": "Download one of the backups above",
+	"Clear this application": "Clear this application",
+	"(tick all boxes)": "(tick all boxes)",
+	"When prompted to create the first user, click the link to restore a backup": "When prompted to create the first user, click the link to restore a backup",
+	"Select the downloaded backup file": "Select the downloaded backup file",
+	"Units": "Units",
+	"Descending?": "Descending?",
+	"Small": "Small",
+	"Medium": "Medium",
+	"Large": "Large",
+	"Extra-large": "Extra-large",
+	"Please select at least one item": "Please select at least one item",
+	"Only include rows where this formula is true. ": "Only include rows where this formula is true. ",
+	"Use %s to access current user ID": "Use %s to access current user ID",
+	"Action not found": "Action not found",
+	"Development settings": "Development settings",
+	"All entities": "All entities",
+	"no tags": "no tags",
+	"Development mode settings updated": "Development mode settings updated",
+	"Locale identifier short code, e.g. en, zh, fr, ar etc. ": "Locale identifier short code, e.g. en, zh, fr, ar etc. ",
+	"Is this the default language in which the application is built?": "Is this the default language in which the application is built?",
+	"Database type": "Database type",
+	"Database schema name": "Database schema name",
+	"Database user": "Database user",
+	"Database host": "Database host",
+	"Database port": "Database port",
+	"Creator email": "Creator email",
+	"Create tenant warning text": "Create tenant warning text",
+	"Provide your own create warning text if need": "Provide your own create warning text if need",
+	"Specify some description for tenant if need": "Specify some description for tenant if need",
+	"Created": "Created",
+	"First user E-mail": "First user E-mail"
+}