@saltcorn/server 0.9.0 → 0.9.1-beta.0

package/auth/admin.js

@@ -376,6 +376,8 @@ const http_settings_form = async (req) =>
       //"cookie_sessions",
       "public_cache_maxage",
       "custom_http_headers",
+      "body_limit",
+      "url_encoded_limit",
     ],
     action: "/useradmin/http",
     submitLabel: req.__("Save"),

package/auth/testhelp.js

@@ -215,6 +215,18 @@ const succeedJsonWith = (pred) => (res) => {
   }
 };
 
+const succeedJsonWithWholeBody = (pred) => (res) => {
+  if (res.statusCode !== 200) {
+    console.log(res.text);
+    throw new Error(`Expected status 200, received ${res.statusCode}`);
+  }
+
+  if (!pred(res.body)) {
+    console.log(res.body);
+    throw new Error(`Not satisfied`);
+  }
+};
+
 /**
  *
  * @param {number} code
@@ -260,6 +272,7 @@ module.exports = {
   notAuthorized,
   respondJsonWith,
   toSucceedWithImage,
+  succeedJsonWithWholeBody,
   resToLoginCookie,
   itShouldIncludeTextForAdmin,
 };

package/help/API actions.tmd

@@ -0,0 +1,12 @@
+This trigger can be run with by making an HTTP request to
+
+{{scState.getConfig("base_url","").replace(/\/$/, "")}}/api/action/{{ query.name }}
+
+If you make a POST request, the POST body is expected to be JSON and its value 
+is accessible using the `row` variable (e.g. in a `run_js_code`)
+
+If you make a GET request, the query string values 
+are accessible as a JSON object using the `row` variable (e.g. in a `run_js_code`).
+
+If you return a value from the action, it will be available in the `data`
+subfield of the JSON body in the HTTP response

package/locales/en.json

@@ -1268,5 +1268,10 @@
 	"Pack file": "Pack file",
 	"Upload a pack file": "Upload a pack file",
 	"No menu": "No menu",
-	"Omit the menu from this page": "Omit the menu from this page"
+	"Omit the menu from this page": "Omit the menu from this page",
+	"%s finished without a result": "%s finished without a result",
+	"Body size limit (Kb)": "Body size limit (Kb)",
+	"Maximum request body size in kilobytes": "Maximum request body size in kilobytes",
+	"URL encoded size limit (Kb)": "URL encoded size limit (Kb)",
+	"Maximum URL encoded request size in kilobytes": "Maximum URL encoded request size in kilobytes"
 }

package/locales/fr.json

@@ -286,5 +286,11 @@
 	"Users and security": "Users and security",
 	"Site structure": "Site structure",
 	"Events": "Events",
-	"Are you sure?": "Are you sure?"
+	"Are you sure?": "Are you sure?",
+	"API token": "API token",
+	"No API token issued": "No API token issued",
+	"Generate": "Generate",
+	"Two-factor authentication": "Two-factor authentication",
+	"Two-factor authentication is disabled": "Two-factor authentication is disabled",
+	"Enable 2FA": "Enable 2FA"
 }

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.0",
+  "version": "0.9.1-beta.0",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.9.0",
-    "@saltcorn/builder": "0.9.0",
-    "@saltcorn/data": "0.9.0",
-    "@saltcorn/admin-models": "0.9.0",
-    "@saltcorn/filemanager": "0.9.0",
-    "@saltcorn/markup": "0.9.0",
-    "@saltcorn/sbadmin2": "0.9.0",
+    "@saltcorn/base-plugin": "0.9.1-beta.0",
+    "@saltcorn/builder": "0.9.1-beta.0",
+    "@saltcorn/data": "0.9.1-beta.0",
+    "@saltcorn/admin-models": "0.9.1-beta.0",
+    "@saltcorn/filemanager": "0.9.1-beta.0",
+    "@saltcorn/markup": "0.9.1-beta.0",
+    "@saltcorn/sbadmin2": "0.9.1-beta.0",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",

package/public/saltcorn-common.js

@@ -154,7 +154,8 @@ function apply_showif() {
       e.empty();
       e.prop("data-fetch-options-current-set", qs);
       const toAppend = [];
-      if (!dynwhere.required) toAppend.push(`<option></option>`);
+      if (!dynwhere.required)
+        toAppend.push({ label: dynwhere.neutral_label || "" });
       let currentDataOption = undefined;
       const dataOptions = [];
       //console.log(success);
@@ -173,12 +174,28 @@ function apply_showif() {
         const selected = `${current}` === `${r[dynwhere.refname]}`;
         dataOptions.push({ text: label, value });
         if (selected) currentDataOption = value;
-        const html = `<option ${
-          selected ? "selected" : ""
-        } value="${value}">${label}</option>`;
-        toAppend.push(html);
+        toAppend.push({ selected, value, label });
       });
-      e.html(toAppend.join(""));
+      toAppend.sort((a, b) =>
+        a.label === dynwhere.neutral_label
+          ? -1
+          : b.label === dynwhere.neutral_label
+          ? 1
+          : (a.label?.toLowerCase?.() || a.label) >
+            (b.label?.toLowerCase?.() || b.label)
+          ? 1
+          : -1
+      );
+      e.html(
+        toAppend
+          .map(
+            ({ label, value, selected }) =>
+              `<option${selected ? ` selected` : ""}${
+                value ? ` value="${value}"` : ""
+              }>${label || ""}</option>`
+          )
+          .join("")
+      );
 
       //TODO: also sort inserted HTML options
       dataOptions.sort((a, b) =>
@@ -1022,7 +1039,14 @@ function common_done(res, viewname, isWeb = true) {
   if (res.notify) handle(res.notify, notifyAlert);
   if (res.error)
     handle(res.error, (text) => notifyAlert({ type: "danger", text: text }));
-  if (res.eval_js) handle(res.eval_js, eval);
+
+  if (res.eval_js && res.row && res.field_names) {
+    const f = new Function(`row, {${res.field_names}}`, res.eval_js);
+    const evalres = f(res.row, res.row);
+    if (evalres) common_done(evalres, viewname, isWeb);
+  } else if (res.eval_js) {
+    handle(res.eval_js, eval);
+  }
 
   if (res.reload_page) {
     (isWeb ? location : parent).reload(); //TODO notify to cookie if reload or goto

package/public/saltcorn.js

@@ -572,6 +572,20 @@ function ajax_post_btn(e, reload_on_done, reload_delay) {
 
   return false;
 }
+
+function api_action_call(name, body) {
+  $.ajax(`/api/action/${name}`, {
+    type: "POST",
+    headers: {
+      "CSRF-Token": _sc_globalCsrf,
+    },
+    data: body,
+    success: function (res) {
+      common_done(res.data);
+    },
+  });
+}
+
 function make_unique_field(
   id,
   table_id,

package/routes/api.js

@@ -332,7 +332,7 @@ router.get(
  * @function
  * @memberof module:routes/api~apiRouter
  */
-router.post(
+router.all(
   "/action/:actionname/",
   error_catcher(async (req, res, next) => {
     const { actionname } = req.params;
@@ -361,7 +361,7 @@ router.post(
             const resp = await action.run({
               configuration: trigger.configuration,
               body: req.body,
-              row: req.body,
+              row: req.method === "GET" ? req.query : req.body,
               req,
               user: user || req.user,
             });

package/routes/common_lists.js

@@ -9,7 +9,7 @@ const {
   post_dropdown_item,
 } = require("@saltcorn/markup");
 const { get_base_url } = require("./utils.js");
-const { h4, p, div, a, input, text } = require("@saltcorn/markup/tags");
+const { h4, p, div, a, i, input, text } = require("@saltcorn/markup/tags");
 
 /**
  * @param {string} col
@@ -385,10 +385,16 @@ const getTriggerList = (triggers, req, { tagId, domId, showList } = {}) => {
       },
       {
         label: req.__("When"),
-        key: (a) =>
-          a.when_trigger === "API call"
-            ? `API: ${base_url}api/action/${a.name}`
-            : a.when_trigger,
+        key: (act) =>
+          act.when_trigger +
+          (act.when_trigger === "API call"
+            ? a(
+                {
+                  href: `javascript:ajax_modal('/admin/help/API%20actions?name=${act.name}')`,
+                },
+                i({ class: "fas fa-question-circle ms-1" })
+              )
+            : ""),
       },
       {
         label: req.__("Test run"),

package/routes/homepage.js

@@ -262,10 +262,16 @@ const actionsTab = async (req, triggers) => {
             },
             {
               label: req.__("When"),
-              key: (a) =>
-                a.when_trigger === "API call"
-                  ? `API: ${base_url}api/action/${a.name}`
-                  : a.when_trigger,
+              key: (act) =>
+                act.when_trigger +
+                (act.when_trigger === "API call"
+                  ? a(
+                      {
+                        href: `javascript:ajax_modal('/admin/help/API%20actions?name=${act.name}')`,
+                      },
+                      i({ class: "fas fa-question-circle ms-1" })
+                    )
+                  : ""),
             },
           ],
           triggers

package/routes/pageedit.js

@@ -289,7 +289,7 @@ const wrap = (contents, noCard, req, page) => ({
       crumbs: [
         { text: req.__("Pages"), href: "/pageedit" },
         page
-          ? { href: `/pageedit/edit/${page.name}`, text: page.name }
+          ? { href: `/page/${page.name}`, text: page.name }
           : { text: req.__("New") },
       ],
     },

package/tests/api.test.js

@@ -1,6 +1,9 @@
 const request = require("supertest");
 const getApp = require("../app");
 const Table = require("@saltcorn/data/models/table");
+const Trigger = require("@saltcorn/data/models/trigger");
+
+const Field = require("@saltcorn/data/models/field");
 const {
   getStaffLoginCookie,
   getAdminLoginCookie,
@@ -9,6 +12,7 @@ const {
   succeedJsonWith,
   notAuthorized,
   toRedirect,
+  succeedJsonWithWholeBody,
 } = require("../auth/testhelp");
 const db = require("@saltcorn/data/db");
 const User = require("@saltcorn/data/models/user");
@@ -322,3 +326,66 @@ describe("API authentication", () => {
       .expect(succeedJsonWith((rows) => rows.length == 2));
   });
 });
+
+describe("API action", () => {
+  it("should set up trigger", async () => {
+    const table = await Table.create("triggercounter");
+    await Field.create({
+      table,
+      name: "thing",
+      label: "TheThing",
+      type: "String",
+    });
+    await Trigger.create({
+      action: "run_js_code",
+      when_trigger: "API call",
+      name: "mywebhook",
+      min_role: 100,
+      configuration: {
+        code: `
+        const table = Table.findOne({ name: "triggercounter" });
+        await table.insertRow({ thing: row?.thing || "no body" });
+        return {studio: 54}
+      `,
+      },
+    });
+  });
+  it("should POST to trigger", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .post("/api/action/mywebhook")
+      .send({
+        thing: "inthebody",
+      })
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(succeedJsonWithWholeBody((resp) => resp?.data?.studio === 54));
+    const table = Table.findOne({ name: "triggercounter" });
+    const counts = await table.getRows({});
+    expect(counts.map((c) => c.thing)).toContain("inthebody");
+    expect(counts.map((c) => c.thing)).not.toContain("no body");
+  });
+  it("should GET with query to trigger", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/action/mywebhook?thing=inthequery")
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(succeedJsonWithWholeBody((resp) => resp?.data?.studio === 54));
+    const table = Table.findOne({ name: "triggercounter" });
+    const counts = await table.getRows({});
+    expect(counts.map((c) => c.thing)).toContain("inthequery");
+    expect(counts.map((c) => c.thing)).not.toContain("no body");
+  });
+  it("should GET to trigger", async () => {
+    const app = await getApp({ disableCsrf: true });
+    await request(app)
+      .get("/api/action/mywebhook")
+      .set("Content-Type", "application/json")
+      .set("Accept", "application/json")
+      .expect(succeedJsonWithWholeBody((resp) => resp?.data?.studio === 54));
+    const table = Table.findOne({ name: "triggercounter" });
+    const counts = await table.getRows({});
+    expect(counts.map((c) => c.thing)).toContain("no body");
+  });
+});