@saltcorn/server 0.9.0-beta.9 → 0.9.1-beta.0

package/locales/fr.json

@@ -286,5 +286,11 @@
 	"Users and security": "Users and security",
 	"Site structure": "Site structure",
 	"Events": "Events",
-	"Are you sure?": "Are you sure?"
+	"Are you sure?": "Are you sure?",
+	"API token": "API token",
+	"No API token issued": "No API token issued",
+	"Generate": "Generate",
+	"Two-factor authentication": "Two-factor authentication",
+	"Two-factor authentication is disabled": "Two-factor authentication is disabled",
+	"Enable 2FA": "Enable 2FA"
 }

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.0-beta.9",
+  "version": "0.9.1-beta.0",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.9.0-beta.9",
-    "@saltcorn/builder": "0.9.0-beta.9",
-    "@saltcorn/data": "0.9.0-beta.9",
-    "@saltcorn/admin-models": "0.9.0-beta.9",
-    "@saltcorn/filemanager": "0.9.0-beta.9",
-    "@saltcorn/markup": "0.9.0-beta.9",
-    "@saltcorn/sbadmin2": "0.9.0-beta.9",
+    "@saltcorn/base-plugin": "0.9.1-beta.0",
+    "@saltcorn/builder": "0.9.1-beta.0",
+    "@saltcorn/data": "0.9.1-beta.0",
+    "@saltcorn/admin-models": "0.9.1-beta.0",
+    "@saltcorn/filemanager": "0.9.1-beta.0",
+    "@saltcorn/markup": "0.9.1-beta.0",
+    "@saltcorn/sbadmin2": "0.9.1-beta.0",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/saltcorn-common.js

@@ -128,10 +128,13 @@ function apply_showif() {
     const dynwhere = JSON.parse(
       decodeURIComponent(e.attr("data-fetch-options"))
     );
-    //console.log("dynwhere", dynwhere);
-    const qss = Object.entries(dynwhere.whereParsed).map(
-      ([k, v]) => `${k}=${v[0] === "$" ? rec[v.substring(1)] : v}`
-    );
+    if (window._sc_loglevel > 4) console.log("dynwhere", dynwhere);
+    const kvToQs = ([k, v]) => {
+      return k === "or" && Array.isArray(v)
+        ? v.map((v1) => Object.entries(v1).map(kvToQs).join("&")).join("&")
+        : `${k}=${v[0] === "$" ? rec[v.substring(1)] : v}`;
+    };
+    const qss = Object.entries(dynwhere.whereParsed).map(kvToQs);
     if (dynwhere.dereference) {
       if (Array.isArray(dynwhere.dereference))
         qss.push(...dynwhere.dereference.map((d) => `dereference=${d}`));
@@ -151,7 +154,8 @@ function apply_showif() {
       e.empty();
       e.prop("data-fetch-options-current-set", qs);
       const toAppend = [];
-      if (!dynwhere.required) toAppend.push(`<option></option>`);
+      if (!dynwhere.required)
+        toAppend.push({ label: dynwhere.neutral_label || "" });
       let currentDataOption = undefined;
       const dataOptions = [];
       //console.log(success);
@@ -170,12 +174,28 @@ function apply_showif() {
         const selected = `${current}` === `${r[dynwhere.refname]}`;
         dataOptions.push({ text: label, value });
         if (selected) currentDataOption = value;
-        const html = `<option ${
-          selected ? "selected" : ""
-        } value="${value}">${label}</option>`;
-        toAppend.push(html);
+        toAppend.push({ selected, value, label });
       });
-      e.html(toAppend.join(""));
+      toAppend.sort((a, b) =>
+        a.label === dynwhere.neutral_label
+          ? -1
+          : b.label === dynwhere.neutral_label
+          ? 1
+          : (a.label?.toLowerCase?.() || a.label) >
+            (b.label?.toLowerCase?.() || b.label)
+          ? 1
+          : -1
+      );
+      e.html(
+        toAppend
+          .map(
+            ({ label, value, selected }) =>
+              `<option${selected ? ` selected` : ""}${
+                value ? ` value="${value}"` : ""
+              }>${label || ""}</option>`
+          )
+          .join("")
+      );
 
       //TODO: also sort inserted HTML options
       dataOptions.sort((a, b) =>
@@ -205,6 +225,9 @@ function apply_showif() {
       });
       $.ajax(`/api/${dynwhere.table}?${qs}`).then((resp) => {
         if (resp.success) {
+          if (window._sc_loglevel > 4)
+            console.log("dynwhere fetch", qs, resp.success);
+
           activate(resp.success, qs);
           const cacheNow = e.prop("data-fetch-options-cache") || {};
           e.prop("data-fetch-options-cache", {
@@ -1016,7 +1039,14 @@ function common_done(res, viewname, isWeb = true) {
   if (res.notify) handle(res.notify, notifyAlert);
   if (res.error)
     handle(res.error, (text) => notifyAlert({ type: "danger", text: text }));
-  if (res.eval_js) handle(res.eval_js, eval);
+
+  if (res.eval_js && res.row && res.field_names) {
+    const f = new Function(`row, {${res.field_names}}`, res.eval_js);
+    const evalres = f(res.row, res.row);
+    if (evalres) common_done(evalres, viewname, isWeb);
+  } else if (res.eval_js) {
+    handle(res.eval_js, eval);
+  }
 
   if (res.reload_page) {
     (isWeb ? location : parent).reload(); //TODO notify to cookie if reload or goto

package/public/saltcorn.js

@@ -572,6 +572,20 @@ function ajax_post_btn(e, reload_on_done, reload_delay) {
 
   return false;
 }
+
+function api_action_call(name, body) {
+  $.ajax(`/api/action/${name}`, {
+    type: "POST",
+    headers: {
+      "CSRF-Token": _sc_globalCsrf,
+    },
+    data: body,
+    success: function (res) {
+      common_done(res.data);
+    },
+  });
+}
+
 function make_unique_field(
   id,
   table_id,

package/routes/actions.js

@@ -390,6 +390,16 @@ router.get(
       return;
     }
     const action = getState().actions[trigger.action];
+    // get table related to trigger
+    const table = trigger.table_id
+      ? Table.findOne({ id: trigger.table_id })
+      : null;
+
+    const subtitle = span(
+      { class: "ms-3" },
+      trigger.action,
+      table ? ` on ` + a({ href: `/table/${table.name}` }, table.name) : ""
+    );
     if (!action) {
       req.flash("warning", req.__("Action not found"));
       res.redirect(`/actions/`);
@@ -420,6 +430,7 @@ router.get(
           type: "card",
           titleAjaxIndicator: true,
           title: req.__("Configure trigger %s", trigger.name),
+          subtitle,
           contents: {
             widths: [8, 4],
             besides: [
@@ -465,10 +476,6 @@ router.get(
       req.flash("warning", req.__("Action not configurable"));
       res.redirect(`/actions/`);
     } else {
-      // get table related to trigger
-      const table = trigger.table_id
-        ? Table.findOne({ id: trigger.table_id })
-        : null;
       // get configuration fields
       const cfgFields = await getActionConfigFields(action, table);
       // create form
@@ -491,6 +498,7 @@ router.get(
           type: "card",
           titleAjaxIndicator: true,
           title: req.__("Configure trigger %s", trigger.name),
+          subtitle,
           contents: renderForm(form, req.csrfToken()),
         },
       });
@@ -607,8 +615,10 @@ router.get(
       table = Table.findOne({ id: trigger.table_id });
       row = await table.getRow({});
     }
+    let runres;
+
     try {
-      await trigger.runWithoutRow({
+      runres = await trigger.runWithoutRow({
         console: fakeConsole,
         table,
         row,
@@ -627,7 +637,9 @@ router.get(
         req.__(
           "Action %s run successfully with no console output",
           trigger.action
-        )
+        ) + runres
+          ? script(domReady(`common_done(${JSON.stringify(runres)})`))
+          : ""
       );
       res.redirect(`/actions/`);
     } else {
@@ -641,7 +653,9 @@ router.get(
           title: req.__("Test run output"),
           contents: div(
             div({ class: "testrunoutput" }, output),
-
+            runres
+              ? script(domReady(`common_done(${JSON.stringify(runres)})`))
+              : "",
             a(
               { href: `/actions`, class: "mt-4 btn btn-primary me-1" },
               "« " + req.__("back to actions")

package/routes/api.js

@@ -332,7 +332,7 @@ router.get(
  * @function
  * @memberof module:routes/api~apiRouter
  */
-router.post(
+router.all(
   "/action/:actionname/",
   error_catcher(async (req, res, next) => {
     const { actionname } = req.params;
@@ -361,7 +361,7 @@ router.post(
             const resp = await action.run({
               configuration: trigger.configuration,
               body: req.body,
-              row: req.body,
+              row: req.method === "GET" ? req.query : req.body,
               req,
               user: user || req.user,
             });

package/routes/common_lists.js

@@ -9,7 +9,7 @@ const {
   post_dropdown_item,
 } = require("@saltcorn/markup");
 const { get_base_url } = require("./utils.js");
-const { h4, p, div, a, input, text } = require("@saltcorn/markup/tags");
+const { h4, p, div, a, i, input, text } = require("@saltcorn/markup/tags");
 
 /**
  * @param {string} col
@@ -385,10 +385,16 @@ const getTriggerList = (triggers, req, { tagId, domId, showList } = {}) => {
       },
       {
         label: req.__("When"),
-        key: (a) =>
-          a.when_trigger === "API call"
-            ? `API: ${base_url}api/action/${a.name}`
-            : a.when_trigger,
+        key: (act) =>
+          act.when_trigger +
+          (act.when_trigger === "API call"
+            ? a(
+                {
+                  href: `javascript:ajax_modal('/admin/help/API%20actions?name=${act.name}')`,
+                },
+                i({ class: "fas fa-question-circle ms-1" })
+              )
+            : ""),
       },
       {
         label: req.__("Test run"),

package/routes/homepage.js

@@ -262,10 +262,16 @@ const actionsTab = async (req, triggers) => {
             },
             {
               label: req.__("When"),
-              key: (a) =>
-                a.when_trigger === "API call"
-                  ? `API: ${base_url}api/action/${a.name}`
-                  : a.when_trigger,
+              key: (act) =>
+                act.when_trigger +
+                (act.when_trigger === "API call"
+                  ? a(
+                      {
+                        href: `javascript:ajax_modal('/admin/help/API%20actions?name=${act.name}')`,
+                      },
+                      i({ class: "fas fa-question-circle ms-1" })
+                    )
+                  : ""),
             },
           ],
           triggers

package/routes/page.js

@@ -61,6 +61,7 @@ router.get(
           title,
           description: db_page.description,
           bodyClass: "page_" + db.sqlsanitize(pagename),
+          no_menu: db_page.attributes?.no_menu,
         } || `${pagename} page`,
         add_edit_bar({
           role,

package/routes/pageedit.js

@@ -92,6 +92,12 @@ const pagePropertiesForm = async (req, isNew) => {
         input_type: "select",
         options: roles.map((r) => ({ value: r.id, label: r.role })),
       },
+      {
+        name: "no_menu",
+        label: req.__("No menu"),
+        sublabel: req.__("Omit the menu from this page"),
+        type: "Bool",
+      },
     ],
   });
   return form;
@@ -283,7 +289,7 @@ const wrap = (contents, noCard, req, page) => ({
       crumbs: [
         { text: req.__("Pages"), href: "/pageedit" },
         page
-          ? { href: `/pageedit/edit/${page.name}`, text: page.name }
+          ? { href: `/page/${page.name}`, text: page.name }
           : { text: req.__("New") },
       ],
     },
@@ -315,6 +321,7 @@ router.get(
       const form = await pagePropertiesForm(req);
       form.hidden("id");
       form.values = page;
+      form.values.no_menu = page.attributes?.no_menu;
       res.sendWrap(
         req.__(`Page attributes`),
         wrap(renderForm(form, req.csrfToken()), false, req, page)
@@ -360,9 +367,9 @@ router.post(
         wrap(renderForm(form, req.csrfToken()), false, req)
       );
     } else {
-      const { id, columns, ...pageRow } = form.values;
+      const { id, columns, no_menu, ...pageRow } = form.values;
       pageRow.min_role = +pageRow.min_role;
-
+      pageRow.attributes = { no_menu };
       if (+id) {
         await Page.update(+id, pageRow);
         res.redirect(`/pageedit/`);

package/routes/viewedit.js

@@ -638,8 +638,8 @@ router.post(
         newcfg = {
           ...view.configuration,
           [step.contextField]: {
-            ...view.configuration?.[step.contextField],
-            ...context,
+            ...(view.configuration?.[step.contextField] || {}),
+            ...(context?.[step.contextField] || {}),
           },
         };
       else newcfg = { ...view.configuration, ...context };

package/tests/api.test.js

@@ -1,6 +1,9 @@
 const request = require("supertest");
 const getApp = require("../app");
 const Table = require("@saltcorn/data/models/table");
+const Trigger = require("@saltcorn/data/models/trigger");
+
+const Field = require("@saltcorn/data/models/field");
 const {
   getStaffLoginCookie,
   getAdminLoginCookie,
@@ -9,6 +12,7 @@ const {
   succeedJsonWith,
   notAuthorized,
   toRedirect,
+  succeedJsonWithWholeBody,
 } = require("../auth/testhelp");
 const db = require("@saltcorn/data/db");
 const User = require("@saltcorn/data/models/user");
@@ -322,3 +326,66 @@ describe("API authentication", () => {
       .expect(succeedJsonWith((rows) => rows.length == 2));
   });
 });
+
+describe("API action", () => {
+  it("should set up trigger", async () => {
+    const table = await Table.create("triggercounter");
+    await Field.create({
+      table,
+      name: "thing",
+      label: "TheThing",
+      type: "String",
+    });
+    await Trigger.create({
+      action: "run_js_code",
+      when_trigger: "API call",
+      name: "mywebhook",
+      min_role: 100,
+      configuration: {
+        code: `
+        const table = Table.findOne({ name: "triggercounter" });
+        await table.insertRow({ thing: row?.thing || "no body" });
+        return {studio: 54}
+      `,
+      },
+    });
+  });
+  it("should POST to trigger", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .post("/api/action/mywebhook")
+      .send({
+        thing: "inthebody",
+      })
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(succeedJsonWithWholeBody((resp) => resp?.data?.studio === 54));
+    const table = Table.findOne({ name: "triggercounter" });
+    const counts = await table.getRows({});
+    expect(counts.map((c) => c.thing)).toContain("inthebody");
+    expect(counts.map((c) => c.thing)).not.toContain("no body");
+  });
+  it("should GET with query to trigger", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/action/mywebhook?thing=inthequery")
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(succeedJsonWithWholeBody((resp) => resp?.data?.studio === 54));
+    const table = Table.findOne({ name: "triggercounter" });
+    const counts = await table.getRows({});
+    expect(counts.map((c) => c.thing)).toContain("inthequery");
+    expect(counts.map((c) => c.thing)).not.toContain("no body");
+  });
+  it("should GET to trigger", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/action/mywebhook")
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(succeedJsonWithWholeBody((resp) => resp?.data?.studio === 54));
+    const table = Table.findOne({ name: "triggercounter" });
+    const counts = await table.getRows({});
+    expect(counts.map((c) => c.thing)).toContain("no body");
+  });
+});