@saltcorn/server 0.7.4 → 0.8.0-beta.1

package/routes/tenant.js

@@ -8,13 +8,14 @@
 const Router = require("express-promise-router");
 const Form = require("@saltcorn/data/models/form");
 const { getState, add_tenant } = require("@saltcorn/data/db/state");
-const { create_tenant } = require("@saltcorn/admin-models/models/tenant");
 const {
+  create_tenant,
   getAllTenants,
   domain_sanitize,
   deleteTenant,
   switchToTenant,
   insertTenant,
+  Tenant,
 } = require("@saltcorn/admin-models/models/tenant");
 const {
   renderForm,
@@ -24,7 +25,6 @@ const {
 } = require("@saltcorn/markup");
 const {
   div,
-  nbsp,
   p,
   a,
   h4,
@@ -44,7 +44,6 @@ const User = require("@saltcorn/data/models/user");
 const File = require("@saltcorn/data/models/file");
 const {
   send_infoarch_page,
-  //send_admin_page,
   config_fields_form,
   save_config_from_form,
 } = require("../markup/admin.js");
@@ -148,45 +147,58 @@ router.get(
           "You are trying to create a tenant while connecting via an IP address rather than a domain. This will probably not work."
         )
       );
-    let create_tenant_warning = "";
-    // todo add custom create tenant  warning message
-    if (getState().getConfig("create_tenant_warning"))
-      create_tenant_warning = div(
-        {
-          class: "alert alert-warning alert-dismissible fade show mt-5",
-          role: "alert",
-        },
-        h4(req.__("Warning")),
-        p(
-          req.__(
-            "Hosting on this site is provided for free and with no guarantee of availability or security of your application. "
-          ) +
-          " " +
-          req.__(
-            "This facility is intended solely for you to evaluate the suitability of Saltcorn. "
-          ) +
-          " " +
-          req.__(
-            "If you would like to store private information that needs to be secure, please use self-hosted Saltcorn. "
-          ) +
-          " " +
-          req.__(
-            'See <a href="https://github.com/saltcorn/saltcorn">GitHub repository</a> for instructions<p>'
-          )
-        )
+    let create_tenant_warning_text = "";
+    if (getState().getConfig("create_tenant_warning")) {
+      create_tenant_warning_text = getState().getConfig(
+        "create_tenant_warning_text"
       );
+      if (create_tenant_warning_text && create_tenant_warning_text.length > 0)
+        create_tenant_warning_text = div(
+          {
+            class: "alert alert-warning alert-dismissible fade show mt-5",
+            role: "alert",
+          },
+          h4(req.__("Warning")),
+          p(create_tenant_warning_text)
+        );
+      else
+        create_tenant_warning_text = div(
+          {
+            class: "alert alert-warning alert-dismissible fade show mt-5",
+            role: "alert",
+          },
+          h4(req.__("Warning")),
+          p(
+            req.__(
+              "Hosting on this site is provided for free and with no guarantee of availability or security of your application. "
+            ) +
+              " " +
+              req.__(
+                "This facility is intended solely for you to evaluate the suitability of Saltcorn. "
+              ) +
+              " " +
+              req.__(
+                "If you would like to store private information that needs to be secure, please use self-hosted Saltcorn. "
+              ) +
+              " " +
+              req.__(
+                'See <a href="https://github.com/saltcorn/saltcorn">GitHub repository</a> for instructions<p>'
+              )
+          )
+        );
+    }
 
     res.sendWrap(
       req.__("Create application"),
-      create_tenant_warning +
-      renderForm(tenant_form(req), req.csrfToken()) +
-      p(
-        { class: "mt-2" },
-        req.__("To login to a previously created application, go to: "),
-        code(`${req.protocol}://`) +
-        i(req.__("Application name")) +
-        code("." + req.hostname)
-      )
+      create_tenant_warning_text +
+        renderForm(tenant_form(req), req.csrfToken()) +
+        p(
+          { class: "mt-2" },
+          req.__("To login to a previously created application, go to: "),
+          code(`${req.protocol}://`) +
+            i(req.__("Application name")) +
+            code("." + req.hostname)
+        )
     );
   })
 );
@@ -246,6 +258,8 @@ router.post(
     else {
       // normalize domain name
       const subdomain = domain_sanitize(valres.success.subdomain);
+      // get description
+      const description = valres.success.description;
       // get list of tenants
       const allTens = await getAllTenants();
       if (allTens.includes(subdomain) || !subdomain) {
@@ -258,9 +272,23 @@ router.post(
           renderForm(form, req.csrfToken())
         );
       } else {
+        // tenant url
         const newurl = getNewURL(req, subdomain);
+        // tenant template
         const tenant_template = getState().getConfig("tenant_template");
-        await switchToTenant(await insertTenant(subdomain), newurl);
+        // tenant creator
+        const user_email = req.user && req.user.email;
+        // switch to tenant
+        await switchToTenant(
+          await insertTenant(
+            subdomain,
+            user_email,
+            description,
+            tenant_template
+          ),
+          newurl
+        );
+        // add tenant to global state
         add_tenant(subdomain);
         await create_tenant({
           t: subdomain,
@@ -294,13 +322,13 @@ router.post(
                 " " +
                 hasTemplate
                 ? req.__(
-                  'Use this link: <a href="%s">%s</a> to revisit your application at any time.',
-                  newurl,
-                  newurl
-                )
+                    'Use this link: <a href="%s">%s</a> to revisit your application at any time.',
+                    newurl,
+                    newurl
+                  )
                 : req.__(
-                  "Use this link to revisit your application at any time."
-                )
+                    "Use this link to revisit your application at any time."
+                  )
             )
           )
         );
@@ -348,6 +376,15 @@ router.get(
               {
                 label: req.__("Description"),
                 key: (r) => text(r.description),
+                //blurb: req.__("Specify some description for tenant if need"),
+              },
+              {
+                label: req.__("Creator email"),
+                key: (r) => text(r.email),
+              },
+              {
+                label: req.__("Created"),
+                key: (r) => text(r.created),
               },
               {
                 label: req.__("Information"),
@@ -387,6 +424,7 @@ const tenant_settings_form = (req) =>
     field_names: [
       "role_to_create_tenant",
       "create_tenant_warning",
+      "create_tenant_warning_text",
       "tenant_template",
     ],
     action: "/tenant/settings",
@@ -468,8 +506,17 @@ router.post(
 const get_tenant_info = async (subdomain) => {
   const saneDomain = domain_sanitize(subdomain);
 
+  let info = {};
+
+  // get tenant row
+  const ten = await Tenant.findOne({ subdomain: saneDomain });
+  if (ten) {
+    info.description = ten.description;
+    info.created = ten.created;
+  }
+
+  // get data from tenant schema
   return await db.runWithTenant(saneDomain, async () => {
-    let info = {};
     // TBD fix the first user issue because not always firt user by id is creator of tenant
     const firstUser = await User.find({}, { orderBy: "id", limit: 1 });
     if (firstUser && firstUser.length > 0) {
@@ -497,7 +544,11 @@ const get_tenant_info = async (subdomain) => {
     info.nconfigs = await db.count("_sc_config");
     // plugins count
     info.nplugins = await db.count("_sc_plugins");
-    // TBD decide Do we need count tenants, table constraints, migrations
+    // migration count
+    info.nmigrations = await db.count("_sc_migrations");
+    // library count
+    info.nlibrary = await db.count("_sc_library");
+    // TBD decide Do we need count tenants, table constraints
     // base url
     info.base_url = await getConfig("base_url");
     return info;
@@ -525,6 +576,7 @@ router.get(
       return;
     }
     const { subdomain } = req.params;
+    // get tenant info
     const info = await get_tenant_info(subdomain);
     // get list of files
     let files;
@@ -545,7 +597,7 @@ router.get(
             contents: [
               table(
                 tr(
-                  th(req.__("E-mail")),
+                  th(req.__("First user E-mail")),
                   td(
                     a(
                       { href: "mailto:" + info.first_user_email },
@@ -616,8 +668,16 @@ router.get(
                       label: req.__("Base URL"),
                       type: "String",
                     },
+                    {
+                      name: "description",
+                      label: req.__("Description"),
+                      type: "String",
+                    },
                   ],
-                  values: { base_url: info.base_url },
+                  values: {
+                    base_url: info.base_url,
+                    description: info.description,
+                  },
                 }),
                 req.csrfToken()
               ),
@@ -673,6 +733,10 @@ router.post(
     const { base_url } = req.body;
     const saneDomain = domain_sanitize(subdomain);
 
+    // save description
+    const { description } = req.body;
+    await Tenant.update(saneDomain, { description: description });
+
     await db.runWithTenant(saneDomain, async () => {
       await getState().setConfig("base_url", base_url);
     });
@@ -701,7 +765,7 @@ router.post(
       return;
     }
     const { sub } = req.params;
-
+    // todo warning before deletion
     await deleteTenant(sub);
     res.redirect(`/tenant/list`);
   })

package/routes/utils.js

@@ -20,6 +20,8 @@ const { validateHeaderName, validateHeaderValue } = require("http");
 const Crash = require("@saltcorn/data/models/crash");
 
 /**
+ * Checks that user logged or not.
+ * If not shows than shows flash and redirects to login
  * @param {object} req
  * @param {object} res
  * @param {function} next
@@ -35,6 +37,8 @@ function loggedIn(req, res, next) {
 }
 
 /**
+ * Checks that user has admin role or not.
+ * If user hasn't admin role shows flash and redirects user to login or totp
  * @param {object} req
  * @param {object} res
  * @param {function} next
@@ -60,6 +64,7 @@ function isAdmin(req, res, next) {
 }
 
 /**
+ * Sets language for HTTP Request / HTTP Responce
  * @param {object} req
  * @param {object} res
  * @param {string} state
@@ -73,6 +78,7 @@ const setLanguage = (req, res, state) => {
 };
 
 /**
+ * Sets Custom HTTP headers using data from "custom_http_headers" config variable
  * @param {object} res
  * @param {string} state
  * @returns {void}
@@ -96,6 +102,7 @@ const set_custom_http_headers = (res, state) => {
 };
 
 /**
+ * Tries to recognize tenant from HTTP Request
  * @param {object} req
  * @returns {string}
  */
@@ -179,6 +186,7 @@ const setTenant = (req, res, next) => {
 };
 
 /**
+ * Injects hidden input "_csrf" for CSRF token
  * @param {object} req
  * @returns {input}
  */
@@ -190,6 +198,7 @@ const csrfField = (req) =>
   });
 
 /**
+ * Errors catcher
  * @param {function} fn
  * @returns {function}
  */
@@ -198,6 +207,7 @@ const error_catcher = (fn) => (request, response, next) => {
 };
 
 /**
+ * Scans for page title from contents
  * @param {string|object} contents
  * @param {string} viewname
  * @returns {string}
@@ -218,11 +228,13 @@ const scan_for_page_title = (contents, viewname) => {
 };
 
 /**
+ * Gets gir revision
  * @returns {string}
  */
 const getGitRevision = () => db.connectObj.git_commit;
 
 /**
+ * Gets session store
  * @returns {session|cookieSession}
  */
 const getSessionStore = () => {

package/routes/view.js

@@ -8,10 +8,8 @@ const Router = require("express-promise-router");
 
 const View = require("@saltcorn/data/models/view");
 const Table = require("@saltcorn/data/models/table");
-const Page = require("@saltcorn/data/models/page");
 
-const { div, text, i, a } = require("@saltcorn/markup/tags");
-const { renderForm, link } = require("@saltcorn/markup");
+const { text } = require("@saltcorn/markup/tags");
 const {
   isAdmin,
   error_catcher,
@@ -105,7 +103,8 @@ router.post(
       if (sf.required && !query[sf.name]) {
         if (!row) {
           if (!table)
-            table = await Table.findOne(view.table_id || view.exttable_name);
+            // todo check after where change
+            table = await Table.findOne(view.table_id ? { id : view.table_id } : {name: view.exttable_name});
           row = await table.getRow({});
         }
         if (row) query[sf.name] = row[sf.name];

package/routes/viewedit.js

@@ -7,28 +7,8 @@
 
 const Router = require("express-promise-router");
 
-const {
-  renderForm,
-  mkTable,
-  link,
-  //post_btn,
-  //post_delete_btn,
-  post_dropdown_item,
-  renderBuilder,
-  settingsDropdown,
-  alert
-} = require("@saltcorn/markup");
-const {
-  //span,
-  //h5,
-  h4,
-  //nbsp,
-  p,
-  a,
-  div,
-  //button,
-  text,
-} = require("@saltcorn/markup/tags");
+const { renderForm, renderBuilder, alert } = require("@saltcorn/markup");
+const { p, a, div, script, text, domReady } = require("@saltcorn/markup/tags");
 
 const { getState } = require("@saltcorn/data/db/state");
 const { isAdmin, error_catcher, addOnDoneRedirect } = require("./utils.js");
@@ -40,7 +20,6 @@ const View = require("@saltcorn/data/models/view");
 const Workflow = require("@saltcorn/data/models/workflow");
 const User = require("@saltcorn/data/models/user");
 const Page = require("@saltcorn/data/models/page");
-const Tag = require("@saltcorn/data/models/tag");
 const db = require("@saltcorn/data/db");
 
 const { add_to_menu } = require("@saltcorn/admin-models/models/pack");
@@ -77,20 +56,27 @@ router.get(
 
     const viewMarkup = await viewsList(views, req);
     const tables = await Table.find();
-    const viewAccessWarning = view => {
-      const table = tables.find(t => t.name === view.table)
-      if (!table) return false
-      if (table.ownership_field_id || table.ownership_formula) return false
+    const viewAccessWarning = (view) => {
+      const table = tables.find((t) => t.name === view.table);
+      if (!table) return false;
+      if (table.ownership_field_id || table.ownership_formula) return false;
 
-      return table.min_role_read < view.min_role
-    }
-    const hasAccessWarning = views.filter(viewAccessWarning)
-    const accessWarning = hasAccessWarning.length > 0
-      ? alert("danger", `<p>You have views with a role to access lower than the table role to read, 
+      return table.min_role_read < view.min_role;
+    };
+    const hasAccessWarning = views.filter(viewAccessWarning);
+    const accessWarning =
+      hasAccessWarning.length > 0
+        ? alert(
+            "danger",
+            req.__(
+              `<p>You have views with a role to access lower than the table role to read, 
       with no table ownership. In the next version of Saltcorn, this may cause a
       denial of access. Users will need to have table read access to any data displayed.</p> 
-      Views potentially affected: ${hasAccessWarning.map(v => v.name).join(", ")}`)
-      : ''
+      Views potentially affected: %s`,
+              hasAccessWarning.map((v) => v.name).join(", ")
+            )
+          )
+        : "";
     res.sendWrap(req.__(`Views`), {
       above: [
         {
@@ -106,14 +92,14 @@ router.get(
             viewMarkup,
             tables.length > 0
               ? a(
-                { href: `/viewedit/new`, class: "btn btn-primary" },
-                req.__("Create view")
-              )
-              : p(
-                req.__(
-                  "You must create at least one table before you can create views."
+                  { href: `/viewedit/new`, class: "btn btn-primary" },
+                  req.__("Create view")
                 )
-              ),
+              : p(
+                  req.__(
+                    "You must create at least one table before you can create views."
+                  )
+                ),
           ],
         },
       ],
@@ -252,7 +238,7 @@ router.get(
   error_catcher(async (req, res) => {
     const { viewname } = req.params;
 
-    var viewrow = await View.findOne({ name: viewname });
+    const viewrow = await View.findOne({ name: viewname });
     if (!viewrow) {
       req.flash("error", `View not found: ${text(viewname)}`);
       res.redirect("/viewedit");
@@ -380,8 +366,8 @@ router.post(
         sendForm(form);
       } else {
         const existing_view = await View.findOne({ name: result.success.name });
-        if (typeof existing_view !== "undefined")
-          if (req.body.id != existing_view.id) {
+        if (existing_view)
+          if (+req.body.id !== existing_view.id) {
             // may be need !== but doesnt work
             form.errors.name = req.__("A view with this name already exists");
             form.hasErrors = true;
@@ -402,7 +388,7 @@ router.post(
           const slug = slugOptions.find((so) => so.label === v.slug);
           v.slug = slug || null;
         }
-        const table = await Table.findOne({ name: v.table_name });
+        //const table = await Table.findOne({ name: v.table_name });
         delete v.table_name;
         if (req.body.id) {
           await View.update(v, +req.body.id);
@@ -434,7 +420,7 @@ router.post(
  * @returns {void}
  */
 const respondWorkflow = (view, wf, wfres, req, res) => {
-  const wrap = (contents, noCard) => ({
+  const wrap = (contents, noCard, previewURL) => ({
     above: [
       {
         type: "breadcrumbs",
@@ -450,6 +436,18 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
         title: wfres.title,
         contents,
       },
+      ...(previewURL
+        ? [
+            {
+              type: "card",
+              title: req.__("Preview"),
+              contents: div(
+                { id: "viewcfg-preview", "data-preview-url": previewURL },
+                script(domReady(`updateViewPreview()`))
+              ),
+            },
+          ]
+        : []),
     ],
   });
   if (wfres.flash) req.flash(wfres.flash[0], wfres.flash[1]);
@@ -472,7 +470,11 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
           },
         ],
       },
-      wrap(renderForm(wfres.renderForm, req.csrfToken()))
+      wrap(
+        renderForm(wfres.renderForm, req.csrfToken()),
+        false,
+        wfres.previewURL
+      )
     );
   else if (wfres.renderBuilder) {
     wfres.renderBuilder.options.view_id = view.id;
@@ -686,14 +688,14 @@ router.post(
     const view = await View.findOne({ id });
     const roles = await User.get_roles();
     const roleRow = roles.find((r) => r.id === +role);
-    if (roleRow && view)
-      req.flash(
-        "success",
-        req.__(`Minimum role for %s updated to %s`, view.name, roleRow.role)
-      );
-    else req.flash("success", req.__(`Minimum role updated`));
-
-    res.redirect("/viewedit");
+    const message =
+      roleRow && view
+        ? req.__(`Minimum role for %s updated to %s`, view.name, roleRow.role)
+        : req.__(`Minimum role updated`);
+    if (!req.xhr) {
+      req.flash("success", message);
+      res.redirect("/viewedit");
+    } else res.json({ okay: true, responseText: message });
   })
 );
 

package/serve.js

@@ -99,11 +99,16 @@ const workerDispatchMsg = ({ tenant, ...msg }) => {
     db.runWithTenant(tenant, () => workerDispatchMsg(msg));
     return;
   }
+
   if (msg.refresh_plugin_cfg) {
     Plugin.findOne({ name: msg.refresh_plugin_cfg }).then((plugin) => {
       if (plugin) loadPlugin(plugin);
     });
   }
+  if (!getState()) {
+    console.error("no State for tenant", tenant)
+    return
+  }
   if (msg.refresh) getState()[`refresh_${msg.refresh}`](true);
   if (msg.createTenant) {
     const tenant_template = getState().getConfig("tenant_template");

package/tests/admin.test.js

@@ -1,13 +1,13 @@
 const request = require("supertest");
 const getApp = require("../app");
 const {
-  getStaffLoginCookie,
+  //getStaffLoginCookie,
   getAdminLoginCookie,
   toRedirect,
   itShouldRedirectUnauthToLogin,
   toInclude,
   toSucceed,
-  toNotInclude,
+  //toNotInclude,
   resetToFixtures,
   respondJsonWith,
 } = require("../auth/testhelp");
@@ -68,15 +68,19 @@ describe("admin page", () => {
       .expect(toInclude("Site identity settings"));
   });
   adminPageContains([
+    ["/admin", "Site identity"],
     ["/admin/backup", "Download a backup"],
     ["/admin/email", "Email settings"],
     ["/admin/system", "Restart server"],
+    ["/admin/dev", "Development"],
   ]);
   adminPageContains([
     ["/useradmin", "Create user"],
     ["/roleadmin", "Theme"],
     ["/useradmin/settings", "Authentication settings"],
     ["/useradmin/ssl", "HTTPS encryption"],
+    ["/useradmin/http", "HTTP settings"],
+    ["/useradmin/permissions", "Permissions settings"],
   ]);
   adminPageContains([
     ["/menu", "jquery-menu-editor"],

package/tests/auth.test.js

@@ -18,6 +18,7 @@ const { getState } = require("@saltcorn/data/db/state");
 const { get_reset_link, generate_email } = require("../auth/resetpw");
 const i18n = require("i18n");
 const path = require("path");
+const fs = require("fs")
 
 afterAll(db.close);
 beforeAll(async () => {
@@ -602,3 +603,22 @@ describe("signup with custom login form", () => {
     expect(userrow.height).toBe(15);
   });
 });
+
+describe("Locale files", () => {
+  it("should be valid JSON", async () => {
+
+    const localeFiles =
+      await fs.promises.readdir(path.join(__dirname, "..", "/locales"));
+    expect(localeFiles.length).toBeGreaterThan(3)
+    expect(localeFiles).toContain("en.json")
+    for (const fnm of localeFiles) {
+      const conts = await fs.promises.readFile(
+        path.join(__dirname, "..", "/locales", fnm)
+      )
+      expect(conts.length).toBeGreaterThan(1)
+
+      const j = JSON.parse(conts)
+      expect(Object.keys(j).length).toBeGreaterThan(1)
+    }
+  })
+})

package/tests/fields.test.js

@@ -141,6 +141,7 @@ describe("Field Endpoints", () => {
       .send("stepName=Summary")
       .send("contextEnc=" + ctx)
       .send("summary_field=pages")
+      .send("on_delete=Fail")
       .set("Cookie", loginCookie)
       .expect(toRedirect("/table/2"));
   });