npm - @saltcorn/server - Versions diffs - 0.8.7-beta.6 → 0.8.7 - Mend

@saltcorn/server 0.8.7-beta.6 → 0.8.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/load_plugins.js +14 -1
package/package.json +8 -8
package/public/relationship_diagram_utils.js +32 -10
package/routes/tables.js +38 -6
package/tests/plugins.test.js +103 -2
package/public/vis-network.min.js +0 -49

package/load_plugins.js CHANGED Viewed

@@ -7,7 +7,7 @@
  */
 const db = require("@saltcorn/data/db");
 const { PluginManager } = require("live-plugin-manager");
-const { getState } = require("@saltcorn/data/db/state");
+const { getState, getRootState } = require("@saltcorn/data/db/state");
 const Plugin = require("@saltcorn/data/models/plugin");
 const fs = require("fs");
 const proc = require("child_process");
@@ -179,10 +179,23 @@ const loadAllPlugins = async () => {
  * @returns {Promise<void>}
  */
 const loadAndSaveNewPlugin = async (plugin, force, noSignalOrDB) => {
+  const tenants_unsafe_plugins = getRootState().getConfig(
+    "tenants_unsafe_plugins",
+    false
+  );
+  const isRoot = db.getTenantSchema() === db.connectObj.default_schema;
+  if (!isRoot && !tenants_unsafe_plugins) {
+    if (plugin.source !== "npm") return;
+    //get allowed plugins
+    const instore = await Plugin.store_plugins_available();
+    const safes = instore.filter((p) => !p.unsafe).map((p) => p.location);
+    if (!safes.includes(plugin.location)) return;
+  }
   const { version, plugin_module, location } = await requirePlugin(
     plugin,
     force
   );
   // install dependecies
   for (const loc of plugin_module.dependencies || []) {
     const existing = await Plugin.findOne({ location: loc });

package/package.json CHANGED Viewed

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.7-beta.6",
+  "version": "0.8.7",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.7-beta.6",
-    "@saltcorn/builder": "0.8.7-beta.6",
-    "@saltcorn/data": "0.8.7-beta.6",
-    "@saltcorn/admin-models": "0.8.7-beta.6",
-    "@saltcorn/filemanager": "0.8.7-beta.6",
-    "@saltcorn/markup": "0.8.7-beta.6",
-    "@saltcorn/sbadmin2": "0.8.7-beta.6",
+    "@saltcorn/base-plugin": "0.8.7",
+    "@saltcorn/builder": "0.8.7",
+    "@saltcorn/data": "0.8.7",
+    "@saltcorn/admin-models": "0.8.7",
+    "@saltcorn/filemanager": "0.8.7",
+    "@saltcorn/markup": "0.8.7",
+    "@saltcorn/sbadmin2": "0.8.7",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/relationship_diagram_utils.js CHANGED Viewed

@@ -39,7 +39,8 @@ var erHelper = (() => {
       }px) scale(${scale || 1.0})`
     );
   };
+  let mouseDown = false;
+  let isMoving = false;
   return {
     translateY: (val) => {
       const parsed = parseTransform();
@@ -54,22 +55,43 @@ var erHelper = (() => {
     zoom: (val) => {
       const parsed = parseTransform();
       parsed.scale += val;
+      if (parsed.scale < 0.1) parsed.scale = 0.1;
+      else if (parsed.scale > 20) parsed.scale = 20;
       buildTransform(parsed);
     },
     reset: () => {
       buildTransform();
     },
     takePicture: () => {
-      // TODO as png, so that you can download it via right click
-      // right now, you can only print it to pdf
       const svg = $("svg[aria-roledescription='er']")[0];
-      const DOMURL = self.URL || self.webkitURL || self;
-      const blob = new Blob([new XMLSerializer().serializeToString(svg)], {
-        type: "image/svg+xml;charset=utf-8",
-      });
-      const url = DOMURL.createObjectURL(blob);
-      window.open(url);
-      DOMURL.revokeObjectURL(url);
+      const link = document.createElement("a");
+      link.href = `data:image/svg+xml;base64,${btoa(
+        new XMLSerializer().serializeToString(svg)
+      )}`;
+      link.download = "er-diagram.svg";
+      link.click();
+    },
+    onWheel: (event) => {
+      event.preventDefault();
+      erHelper.zoom(-0.001 * event.deltaY);
+    },
+    onMouseDown: () => {
+      mouseDown = true;
+      isMoving = false;
+    },
+    onMouseUp: () => {
+      mouseDown = false;
+    },
+    onMouseMove: (event) => {
+      if (mouseDown) {
+        isMoving = true;
+        document.getSelection().removeAllRanges();
+        erHelper.translateX(event.movementX);
+        erHelper.translateY(event.movementY);
+      }
+    },
+    isTranslating: () => {
+      return isMoving;
     },
   };
 })();

package/routes/tables.js CHANGED Viewed

@@ -463,7 +463,7 @@ const navigationPanel = () =>
     button(
       {
         class: "btn btn-primary er-up",
-        onclick: "erHelper.translateY(-100)",
+        onclick: "erHelper.translateY(100)",
       },
       i({ class: "fas fa-chevron-up" })
     ),
@@ -477,7 +477,7 @@ const navigationPanel = () =>
     button(
       {
         class: "btn btn-primary er-left",
-        onclick: "erHelper.translateX(-100)",
+        onclick: "erHelper.translateX(100)",
       },
       i({ class: "fas fa-chevron-left" })
     ),
@@ -488,14 +488,14 @@ const navigationPanel = () =>
     button(
       {
         class: "btn btn-primary er-right",
-        onclick: "erHelper.translateX(100)",
+        onclick: "erHelper.translateX(-100)",
       },
       i({ class: "fas fa-chevron-right" })
     ),
     button(
       {
         class: "btn btn-primary er-down",
-        onclick: "erHelper.translateY(100)",
+        onclick: "erHelper.translateY(-100)",
       },
       i({ class: "fas fa-chevron-down" })
     ),
@@ -542,11 +542,30 @@ router.get(
           {
             headerTag: `
             <script type="module">
-              mermaid.initialize({ startOnLoad: false });
+              mermaid.initialize({
+                startOnLoad: false,
+                securityLevel: 'loose',
+              });
               await mermaid.run({
                 querySelector: ".mermaid",
                 postRenderCallback: (id) => {
                   $("#" + id).css("height", "calc(100vh - 250px)");
+                  $("#" + id + " > g").each(function(index) {
+                    const jThis = $(this);
+                    const id = jThis.attr("id");
+                    if (id) {
+                      const arr = /^entity-(.+)-(\\w+-\\w+-\\w+-\\w+-\\w+$)/.exec(id);
+                      if (arr?.length === 3) {
+                        const textEnt = $("#text-entity-" + arr[1] + "-" + arr[2]);
+                        textEnt.css("cursor", "pointer");
+                        textEnt.on("click", function () {
+                          if (!erHelper.isTranslating()) {
+                            window.open("/table/" + encodeURIComponent(this.innerHTML));
+                          }
+                        });
+                      }
+                    }
+                  });
                 }
               });
             </script>`,
@@ -573,17 +592,30 @@ router.get(
             contents: [
               div(
                 {
+                  id: "erd-wrapper",
                   style: "height: calc(100vh - 250px);",
                   class: "overflow-scroll position-relative",
                 },
                 screenshotPanel(),
                 pre(
-                  { class: "mermaid", style: "height: calc(100vh - 250px);" },
+                  {
+                    class: "mermaid",
+                    style: "height: calc(100vh - 250px); color: transparent;",
+                  },
                   buildMermaidMarkup(tables)
                 ),
                 navigationPanel()
               ),
               script({ src: "/relationship_diagram_utils.js" }),
+              script(
+                domReady(`
+                  const erdWrapper = $("#erd-wrapper")[0];
+                  erdWrapper.onwheel = erHelper.onWheel;
+                  erdWrapper.onmousedown = erHelper.onMouseDown;
+                  erdWrapper.onmouseup = erHelper.onMouseUp;
+                  window.addEventListener("mousemove", erHelper.onMouseMove);
+                `)
+              ),
             ],
           },
         ],

package/tests/plugins.test.js CHANGED Viewed

@@ -2,8 +2,13 @@ const request = require("supertest");
 const getApp = require("../app");
 const Table = require("@saltcorn/data/models/table");
 const Plugin = require("@saltcorn/data/models/plugin");
-const { getState } = require("@saltcorn/data/db/state");
+const { getState, add_tenant } = require("@saltcorn/data/db/state");
+const { install_pack } = require("@saltcorn/admin-models/models/pack");
+const {
+  switchToTenant,
+  insertTenant,
+  create_tenant,
+} = require("@saltcorn/admin-models/models/tenant");
 const {
   getAdminLoginCookie,
   itShouldRedirectUnauthToLogin,
@@ -16,6 +21,7 @@ const db = require("@saltcorn/data/db");
 const load_plugins = require("../load_plugins");
 beforeAll(async () => {
+  if (!db.isSQLite) await db.query(`drop schema if exists test101 CASCADE `);
   await resetToFixtures();
 });
 afterAll(db.close);
@@ -325,3 +331,98 @@ describe("config endpoints", () => {
       .expect(toInclude(">FooSiteName<"));
   });
 });
+const plugin_pack = (plugin) => ({
+  tables: [],
+  views: [],
+  plugins: [
+    {
+      ...plugin,
+      configuration: null,
+    },
+  ],
+  pages: [],
+  roles: [],
+  library: [],
+  triggers: [],
+});
+describe("Tenant cannot install unsafe plugins", () => {
+  if (!db.isSQLite) {
+    it("creates a new tenant", async () => {
+      db.enable_multi_tenant();
+      const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+      await getState().setConfig("base_url", "http://example.com/");
+      add_tenant("test101");
+      await switchToTenant(
+        await insertTenant("test101", "foo@foo.com", ""),
+        "http://test101.example.com/"
+      );
+      await create_tenant({
+        t: "test101",
+        loadAndSaveNewPlugin,
+        plugin_loader() {},
+      });
+    });
+    it("can install safe plugins on tenant", async () => {
+      await db.runWithTenant("test101", async () => {
+        const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+        await install_pack(
+          plugin_pack({
+            name: "html",
+            source: "npm",
+            location: "@saltcorn/html",
+          }),
+          "Todo list",
+          loadAndSaveNewPlugin
+        );
+        const dbPlugin = await Plugin.findOne({ name: "html" });
+        expect(dbPlugin).not.toBe(null);
+      });
+    });
+    it("cannot install unsafe plugins on tenant", async () => {
+      await db.runWithTenant("test101", async () => {
+        const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+        await install_pack(
+          plugin_pack({
+            name: "sql-list",
+            source: "npm",
+            location: "@saltcorn/sql-list",
+          }),
+          "Todo list",
+          loadAndSaveNewPlugin
+        );
+        const dbPlugin = await Plugin.findOne({ name: "sql-list" });
+        expect(dbPlugin).toBe(null);
+      });
+    });
+    it("can install unsafe plugins on tenant when permitted", async () => {
+      await getState().setConfig("tenants_unsafe_plugins", true);
+      await db.runWithTenant("test101", async () => {
+        const loadAndSaveNewPlugin = load_plugins.loadAndSaveNewPlugin;
+        await install_pack(
+          plugin_pack({
+            name: "sql-list",
+            source: "npm",
+            location: "@saltcorn/sql-list",
+          }),
+          "Todo list",
+          loadAndSaveNewPlugin
+        );
+        const dbPlugin = await Plugin.findOne({ name: "sql-list" });
+        expect(dbPlugin).not.toBe(null);
+      });
+    });
+  } else {
+    it("does not support tenants on SQLite", async () => {
+      expect(db.isSQLite).toBe(true);
+    });
+  }
+});