@saltcorn/server 0.8.1-rc.2 → 0.8.1

package/auth/admin.js

@@ -336,6 +336,7 @@ const http_settings_form = async (req) =>
       "cookie_duration",
       "cookie_duration_remember",
       "cookie_sessions",
+      "public_cache_maxage",
       "custom_http_headers",
     ],
     action: "/useradmin/http",
@@ -753,9 +754,7 @@ router.get(
     for (const table of tables) {
       if (table.external) continue;
       const fields = await table.getFields();
-      const userFields = fields
-        .filter((f) => f.reftable_name === "users")
-        .map((f) => ({ value: f.id, label: f.name }));
+      const ownership_opts = await table.ownership_options();
       const form = new Form({
         action: "/table",
         noSubmitButton: true,
@@ -770,7 +769,7 @@ router.get(
             input_type: "select",
             options: [
               { value: "", label: req.__("None") },
-              ...userFields,
+              ...ownership_opts,
               { value: "_formula", label: req.__("Formula") },
             ],
           },

package/auth/routes.js

@@ -1061,6 +1061,7 @@ router.post(
         else req.session.cookie.expires = false;
       }
     Trigger.emitEvent("Login", null, req.user);
+    res?.cookie?.("loggedin", "true");
     req.flash("success", req.__("Welcome, %s!", req.user.email));
     if (req.smr) {
       const dbUser = await User.findOne({ id: req.user.id });

package/auth/testhelp.js

@@ -88,6 +88,9 @@ const toNotInclude =
     }
   };
 
+const resToLoginCookie = (res) =>
+  res.headers["set-cookie"].find((c) => c.includes("connect.sid"));
+
 /**
  *
  * @returns {Promise<void>}
@@ -99,7 +102,7 @@ const getStaffLoginCookie = async () => {
     .send("email=staff@foo.com")
     .send("password=ghrarhr54hg");
   if (res.statusCode !== 302) console.log(res.text);
-  return res.headers["set-cookie"][0];
+  return resToLoginCookie(res);
 };
 
 /**
@@ -113,8 +116,7 @@ const getAdminLoginCookie = async () => {
     .send("email=admin@foo.com")
     .send("password=AhGGr6rhu45");
   if (res.statusCode !== 302) console.log(res.text);
-
-  return res.headers["set-cookie"][0];
+  return resToLoginCookie(res);
 };
 
 /**

package/locales/da.json

@@ -555,5 +555,8 @@
 	"Create database view": "Create database view",
 	"Create an SQL view in the database with the fields in this list": "Create an SQL view in the database with the fields in this list",
 	"Rows per page": "Rows per page",
-	"List options": "List options"
+	"List options": "List options",
+	"Modules": "Modules",
+	"File not found": "File not found",
+	"Welcome, %s!": "Welcome, %s!"
 }

package/locales/en.json

@@ -1077,5 +1077,10 @@
 	"Saved 2FA policy for role": "Saved 2FA policy for role",
 	"HTTP settings updated": "HTTP settings updated",
 	"%s configuration": "%s configuration",
-	"Save indicator": "Save indicator"
+	"Save indicator": "Save indicator",
+	"Public cache TTL (minutes)": "Public cache TTL (minutes)",
+	"Cache-control max-age for public views and pages. 0 to disable": "Cache-control max-age for public views and pages. 0 to disable",
+	"Files accept filter": "Files accept filter",
+	"User group": "User group",
+	"Add relations to this table in dropdown options for ownership field": "Add relations to this table in dropdown options for ownership field"
 }

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.1-rc.2",
+  "version": "0.8.1",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.1-rc.2",
-    "@saltcorn/builder": "0.8.1-rc.2",
-    "@saltcorn/data": "0.8.1-rc.2",
-    "@saltcorn/admin-models": "0.8.1-rc.2",
-    "@saltcorn/filemanager": "0.8.1-rc.2",
-    "@saltcorn/markup": "0.8.1-rc.2",
-    "@saltcorn/sbadmin2": "0.8.1-rc.2",
+    "@saltcorn/base-plugin": "0.8.1",
+    "@saltcorn/builder": "0.8.1",
+    "@saltcorn/data": "0.8.1",
+    "@saltcorn/admin-models": "0.8.1",
+    "@saltcorn/filemanager": "0.8.1",
+    "@saltcorn/markup": "0.8.1",
+    "@saltcorn/sbadmin2": "0.8.1",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "aws-sdk": "^2.1037.0",

package/routes/admin.js

@@ -97,6 +97,7 @@ const View = require("@saltcorn/data/models/view");
 const { getConfigFile } = require("@saltcorn/data/db/connect");
 const os = require("os");
 const Page = require("@saltcorn/data/models/page");
+const { getSafeSaltcornCmd } = require("@saltcorn/data/utils");
 
 const router = new Router();
 module.exports = router;
@@ -1545,7 +1546,22 @@ router.get(
 const checkFiles = async (outDir, fileNames) => {
   const rootFolder = await File.rootFolder();
   const mobile_app_dir = path.join(rootFolder.location, "mobile_app", outDir);
-  const entries = fs.readdirSync(mobile_app_dir);
+  const unsafeFiles = await Promise.all(
+    fs
+      .readdirSync(mobile_app_dir)
+      .map(
+        async (outFile) => await File.from_file_on_disk(outFile, mobile_app_dir)
+      )
+  );
+  const entries = unsafeFiles
+    .filter(
+      (file) =>
+        file.user_id &&
+        !isNaN(file.user_id) &&
+        file.min_role_read &&
+        !isNaN(file.min_role_read)
+    )
+    .map((file) => file.filename);
   return fileNames.some((fileName) => entries.indexOf(fileName) >= 0);
 };
 
@@ -1638,6 +1654,8 @@ router.post(
       buildDir,
       "-b",
       `${os.userInfo().homedir}/mobile_app_build`,
+      "-u",
+      req.user.email, // ensured by isAdmin
     ];
     if (useDocker) spawnParams.push("-d");
     if (androidPlatform) spawnParams.push("-p", "android");
@@ -1659,7 +1677,7 @@ router.post(
     // end http call, return the out directory name
     // the gui polls for results
     res.json({ build_dir_name: outDirName });
-    const child = spawn("saltcorn", spawnParams, {
+    const child = spawn(getSafeSaltcornCmd(), spawnParams, {
       stdio: ["ignore", "pipe", "pipe"],
       cwd: ".",
     });
@@ -1672,29 +1690,36 @@ router.post(
       // console.log(data.toString());
       childOutputs.push(data ? data.toString() : req.__("An error occurred"));
     });
-    child.on("exit", async function (exitCode, signal) {
+    child.on("exit", (exitCode, signal) => {
       const logFile = exitCode === 0 ? "logs.txt" : "error_logs.txt";
       fs.writeFile(
         path.join(buildDir, logFile),
         childOutputs.join("\n"),
-        (error) => {
+        async (error) => {
           if (error) {
             console.log(`unable to write '${logFile}' to '${buildDir}'`);
             console.log(error);
+          } else {
+            // no transaction, '/build-mobile-app/finished' filters for valid attributes
+            await File.set_xattr_of_existing_file(logFile, buildDir, req.user);
           }
         }
       );
     });
-    child.on("error", function (msg) {
+    child.on("error", (msg) => {
       const message = msg.message ? msg.message : msg.code;
       const stack = msg.stack ? msg.stack : "";
+      const logFile = "error_logs.txt";
       fs.writeFile(
         path.join(buildDir, "error_logs.txt"),
         [message, stack].join("\n"),
-        (error) => {
+        async (error) => {
           if (error) {
             console.log(`unable to write logFile to '${buildDir}'`);
             console.log(error);
+          } else {
+            // no transaction, '/build-mobile-app/finished' filters for valid attributes
+            await File.set_xattr_of_existing_file(logFile, buildDir, req.user);
           }
         }
       );

package/routes/fields.js

@@ -996,7 +996,8 @@ router.post(
       formStyle: "vert",
       fields: formFields,
     });
-    if (_columndef) form.values = JSON.parse(_columndef);
+    if (_columndef && _columndef !== "undefined")
+      form.values = JSON.parse(_columndef);
     res.send(mkFormContentNoLayout(form));
   })
 );

package/routes/files.js

@@ -393,6 +393,13 @@ router.post(
       f.s3_store ? s3storage.unlinkObject : undefined
     );
     if (result && result.error) {
+      if (req.xhr) {
+        const root = path.join(db.connectObj.file_store, db.getTenantSchema());
+        res.json({
+          error: result.error.replaceAll(root, ""),
+        });
+        return;
+      }
       req.flash("error", result.error);
     }
     res.redirect(`/files?dir=${encodeURIComponent(f.current_folder)}`);

package/routes/tables.js

@@ -73,9 +73,7 @@ const tableForm = async (table, req) => {
     value: r.id,
     label: r.role,
   }));
-  const userFields = fields
-    .filter((f) => f.reftable_name === "users")
-    .map((f) => ({ value: f.id, label: f.name }));
+  const ownership_opts = await table.ownership_options();
   const form = new Form({
     action: "/table",
     noSubmitButton: true,
@@ -92,7 +90,7 @@ const tableForm = async (table, req) => {
               input_type: "select",
               options: [
                 { value: "", label: req.__("None") },
-                ...userFields,
+                ...ownership_opts,
                 { value: "_formula", label: req.__("Formula") },
               ],
             },
@@ -109,6 +107,14 @@ const tableForm = async (table, req) => {
                   .join(", "),
               showIf: { ownership_field_id: "_formula" },
             },
+            {
+              label: req.__("User group"),
+              sublabel: req.__(
+                "Add relations to this table in dropdown options for ownership field"
+              ),
+              name: "is_user_group",
+              type: "Bool",
+            },
           ]
         : []),
       // description of table
@@ -898,6 +904,12 @@ router.post(
           notify = req.__(`Invalid ownership formula: %s`, fmlValidRes);
           hasError = true;
         }
+      } else if (
+        typeof rest.ownership_field_id === "string" &&
+        rest.ownership_field_id.startsWith("Fml:")
+      ) {
+        rest.ownership_formula = rest.ownership_field_id.replace("Fml:", "");
+        rest.ownership_field_id = null;
       } else rest.ownership_formula = null;
       await table.update(rest);
 

package/routes/utils.js

@@ -76,7 +76,7 @@ const setLanguage = (req, res, state) => {
   } else if (req.cookies?.lang) {
     req.setLocale(req.cookies?.lang);
   }
-  set_custom_http_headers(res, state);
+  set_custom_http_headers(res, req, state);
 };
 
 /**
@@ -85,8 +85,17 @@ const setLanguage = (req, res, state) => {
  * @param {string} state
  * @returns {void}
  */
-const set_custom_http_headers = (res, state) => {
-  const hdrs = (state || getState()).getConfig("custom_http_headers");
+const set_custom_http_headers = (res, req, state) => {
+  const state1 = state || getState();
+  const hdrs = state1.getConfig("custom_http_headers");
+  if (!req.user) {
+    const public_cache_maxage = +state1.getConfig("public_cache_maxage", 0);
+    if (public_cache_maxage)
+      res.header(
+        "Cache-Control",
+        `public, max-age=${public_cache_maxage * 60}`
+      );
+  }
   if (!hdrs) return;
   for (const ln of hdrs.split("\n")) {
     const [k, v] = ln.split(":");

package/routes/viewedit.js

@@ -464,7 +464,7 @@ const respondWorkflow = (view, wf, wfres, req, res) => {
         type: "breadcrumbs",
         crumbs: [
           { text: req.__("Views"), href: "/viewedit" },
-          { href: `/viewedit/edit/${view.name}`, text: view.name },
+          { href: `/view/${view.name}`, text: view.name },
           { workflow: wf, step: wfres },
         ],
       },

package/serve.js

@@ -377,7 +377,7 @@ const setupSocket = (...servers) => {
           const view = View.findOne({ name: viewname });
           if (view.viewtemplateObj.authorize_join) {
             view.viewtemplateObj
-              .authorize_join(view.configuration, room_id, socket.request.user)
+              .authorize_join(view, room_id, socket.request.user)
               .then((authorized) => {
                 if (authorized) socket.join(`${ten}_${viewname}_${room_id}`);
               });