@saltcorn/server 0.9.1-beta.0 → 0.9.1-beta.10

package/auth/admin.js

@@ -1129,7 +1129,7 @@ router.post(
     await u.changePasswordTo(newpw);
     await u.destroy_sessions();
     req.flash(
-      "success",
+      "warning",
       req.__(`Changed password for user %s to %s`, u.email, newpw)
     );
 

package/auth/routes.js

@@ -877,17 +877,17 @@ router.post(
 
     const unsuitableEmailPassword = async (urecord) => {
       const { email, password, passwordRepeat } = urecord;
-      if (!email || !password) {
+      if (email == "" || !password) {
         req.flash("danger", req.__("E-mail and password required"));
         res.redirect("/auth/signup");
         return true;
       }
-      if (email.length > 127) {
+      if (email && email.length > 127) {
         req.flash("danger", req.__("E-mail too long"));
         res.redirect("/auth/signup");
         return true;
       }
-      if (!User.valid_email(email)) {
+      if (email && !User.valid_email(email)) {
         req.flash("danger", req.__("Not a valid e-mail address"));
         res.redirect("/auth/signup");
         return true;
@@ -905,9 +905,7 @@ router.post(
         res.redirect("/auth/signup");
         return true;
       }
-
-      const us = await User.find({ email });
-      if (us.length > 0) {
+      if (await User.matches_existing_user(urecord)) {
         req.flash("danger", req.__("Account already exists"));
         res.redirect("/auth/signup");
         return true;

package/help/API actions.tmd

@@ -9,4 +9,23 @@ If you make a GET request, the query string values
 are accessible as a JSON object using the `row` variable (e.g. in a `run_js_code`).
 
 If you return a value from the action, it will be available in the `data`
-subfield of the JSON body in the HTTP response
+subfield of the JSON body in the HTTP response
+
+### Redirection as response
+
+Normally API call will return a JSON object with a true/false success field 
+and the response from the action, if any, in the data field. You may instead
+require the API call to redirect to a different URL. You can do this in two 
+different ways.
+
+**Static redirect**: if you set the `scgotourl` HTTP header, the response will 
+redirect to this URL.
+
+**Dynamic redirect**: The redirect URL can also come from the action. If this
+returns an object with the `goto` field (e.g. 
+`return {goto: "https://myapp.com/view/ShowTheThing?id"+newid}`)
+that is normally returned in the JSON post body so it can be processed by client code.
+You can instead request that this is processed server-side, by (a) setting a 
+`_process_result` field to true in the row data, i.e. JSON body in POST and query
+string in GET or (b) setting the `scprocessresults` HTTP header. This will cause the 
+API call to return an HTTP redirect with the `goto` value.

package/help/Event types.tmd

@@ -0,0 +1,78 @@
+The event type for triggers determines when the chosen action should be run. 
+The different event types options come from a variety of the types and sources.
+
+These events also form the basis of the event log. Use the log settings to enable or disable 
+recording of the occurrence of events.
+
+## Database events
+
+These conditions are triggered by changes to rows in tables. Together with the event type 
+a specific table is chosen. The individual conditions are:
+
+**Insert**: run the action when a new row is inserted in the table. This is a good choice
+when a table itself represents actions to be carried out; for instance a table of 
+outbound emails would have a trigger with When = Insert and Action = send_email
+
+**Update**: run this action when changes are made to an existing row. The old row can 
+be accessed with the `old_row` variable.
+
+**Validate**: run before inserts or updates. If the action returns `error` (for example, 
+`run_js_code` code: `return {error: "Invalid row"}`), the insert/update is aborted. If the 
+trigger returns `set_fields` (for example, `run_js_code` code: `return {set_fields: {full_name: "Unknown"}}`) 
+these values are inserted in row.
+
+Guaranteed to run before any Insert or Update triggers
+
+**Delete**: run this action when a row is deleted
+
+## Periodic events
+
+These triggers are run periodically at different times.
+
+**Weekly**: run this once a week.
+
+**Daily**: run this once a day.
+
+**Hourly**: run this once an hour.
+
+**Often**: run this every 5 minutes.
+
+## User-based events
+
+**PageLoad**: run this whenever a page or view is loaded. If you set up the event log to 
+record these events you can use this as a basis for an analytics system.
+
+**Login**: run this whenever a user log in successfully
+
+**LoginFailed**: run this whenever a user login failed
+
+**UserVerified**: run this when a user is verified, if an appropriate module for 
+user verification is enabled.
+
+## System-based events
+
+**Error**: run this whenever an error occurs
+
+**Startup**: run this whenever this saltcorn process initializes. 
+
+## Other events
+
+**Never**: this trigger is never run on its own. However triggers that are marked as never
+can be chosen as the target action for a button in the UI. Use this if you have a complex 
+configuration for an action that needs to be run in response to a button click, or if you
+have a configuration that needs to be reused between two different buttons in two different 
+views. You can also use this to switch off a trigger that is running on a different event 
+type without deleting it.
+
+**API call**: this trigger can be run in response to an inbound API call. To see the URL 
+and further help, click the help icon next to the "API call" label in the trigger list.
+
+## Custom events
+
+You can create your own event type which can then be triggered with an emit_event action 
+or the `emitEvent` call in a run js code action
+
+## Events supplied by modules
+
+Modules can provide new event types. For instance the mqtt module provides an event 
+type based on receiving new messages.

package/help/Extra state formula.tmd

@@ -33,6 +33,9 @@ must be enclosed in quotes (single, double or
 [backtick](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals))). 
 You can also as the value use a more complex JavaScript expression.
 
+For examples of how you can use these values for greater than/less than, 
+or-conditions or case insensitivity, see [here](https://saltcorn.github.io/saltcorn/classes/_saltcorn_data.models.Table-1.html#md:querying-table-rows).
+
 You can refer to the logged in user using the variable name user. 
 This is an object and you must use the dot to access user fields,
 e.g. user.id for the logged in users id. A very common scenario 
@@ -60,3 +63,12 @@ in this case the table {{srcTable.name}}:
 
 {{# } }}
 
+The state values from the query string can also be accessed, by preceeding the 
+variable name by a dollar sign (in pages and Show views). For instance if your URL ends in `?id=45&foo=1`, 
+you can access the value of `foo` (here 1) as `$foo`. In Filter views, there is no 
+underlying row and the purpose of the view is fundamentally to manipulate the state
+so the state in extra state formulae is accessed without dollar sign; in the 
+previous example `foo` instead of `$foo`.
+
+Use `session_id` to refer to the current session ID string (unique for the user's session
+whether the are logged in or not).

package/help/JavaScript action code.tmd

@@ -87,20 +87,7 @@ Example: `return { error: "Invalid command!" }`
 
 If this is triggered by an Edit view with the SubmitWithAjax, 
 halt navigation and stay on page. This can be used for complex validation logic, 
-When added as an Insert or Update trigger. If you delete the inserted row, You 
-may also need to clear the returned id in order to allow the user to continue editing.
-
-Example:
-
-```
-if(amount>cash_on_hand) {
-  await table.deleteRows({ id })
-  return { 
-    error: "Invalid order!",
-    id: null 
-  }
-}
-```
+when added as a Validate trigger. 
 
 #### `goto`
 

package/locales/en.json

@@ -1273,5 +1273,15 @@
 	"Body size limit (Kb)": "Body size limit (Kb)",
 	"Maximum request body size in kilobytes": "Maximum request body size in kilobytes",
 	"URL encoded size limit (Kb)": "URL encoded size limit (Kb)",
-	"Maximum URL encoded request size in kilobytes": "Maximum URL encoded request size in kilobytes"
+	"Maximum URL encoded request size in kilobytes": "Maximum URL encoded request size in kilobytes",
+	"HTML file": "HTML file",
+	"HTML file to use as page content": "HTML file to use as page content",
+	"Offline mode: cannot load file": "Offline mode: cannot load file",
+	"None - use drag and drop builder": "None - use drag and drop builder",
+	"Do not pick or compare time": "Do not pick or compare time",
+	"Installed theme": "Installed theme",
+	"Theme for role": "Theme for role",
+	"Set theme for each user role »": "Set theme for each user role »",
+	"Available themes": "Available themes",
+	"Install more themes »": "Install more themes »"
 }

package/package.json

@@ -1,28 +1,29 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.1-beta.0",
+  "version": "0.9.1-beta.10",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.9.1-beta.0",
-    "@saltcorn/builder": "0.9.1-beta.0",
-    "@saltcorn/data": "0.9.1-beta.0",
-    "@saltcorn/admin-models": "0.9.1-beta.0",
-    "@saltcorn/filemanager": "0.9.1-beta.0",
-    "@saltcorn/markup": "0.9.1-beta.0",
-    "@saltcorn/sbadmin2": "0.9.1-beta.0",
+    "@aws-sdk/client-s3": "^3.451.0",
+    "@saltcorn/base-plugin": "0.9.1-beta.10",
+    "@saltcorn/builder": "0.9.1-beta.10",
+    "@saltcorn/data": "0.9.1-beta.10",
+    "@saltcorn/admin-models": "0.9.1-beta.10",
+    "@saltcorn/filemanager": "0.9.1-beta.10",
+    "@saltcorn/markup": "0.9.1-beta.10",
+    "@saltcorn/sbadmin2": "0.9.1-beta.10",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",
-    "aws-sdk": "^2.1386.0",
     "connect-flash": "^0.1.1",
     "connect-pg-simple": "^6.1.0",
     "content-disposition": "^0.5.3",
     "contractis": "^0.1.0",
     "cookie-parser": "^1.4.4",
     "cookie-session": "^1.4.0",
+    "cors": "2.8.5",
     "csurf": "^1.11.0",
     "csv-stringify": "^5.5.0",
     "express": "^4.17.1",
@@ -32,7 +33,6 @@
     "express-session": "^1.17.1",
     "greenlock": "^4.0.4",
     "greenlock-express": "^4.0.3",
-    "underscore": "1.13.6",
     "helmet": "^3.23.3",
     "i18n": "^0.15.1",
     "imapflow": "1.0.123",
@@ -41,7 +41,7 @@
     "markdown-it": "^13.0.2",
     "moment": "^2.29.4",
     "multer": "1.4.5-lts.1",
-    "multer-s3": "^2.10.0",
+    "multer-s3": "^3.0.1",
     "node-fetch": "2.6.9",
     "node-watch": "^0.7.2",
     "notp": "2.0.3",
@@ -59,8 +59,8 @@
     "systeminformation": "^5.21.7",
     "thirty-two": "1.0.2",
     "tmp-promise": "^3.0.2",
-    "uuid": "^8.2.0",
-    "cors": "2.8.5"
+    "underscore": "1.13.6",
+    "uuid": "^8.2.0"
   },
   "optionalDependencies": {
     "connect-sqlite3": "^0.9.11",

package/public/saltcorn-common.js

@@ -50,6 +50,11 @@ const nubBy = (prop, xs) => {
     return true;
   });
 };
+
+function valid_js_var_name(s) {
+  if (!s) return false;
+  return !!s.match(/^[a-zA-Z_$][a-zA-Z_$0-9]*$/);
+}
 function apply_showif() {
   const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   $("[data-show-if]").each(function (ix, element) {
@@ -83,7 +88,7 @@ function apply_showif() {
     const e = $(element);
     const rec = get_form_record(e);
     const href = new Function(
-      `{${Object.keys(rec).join(",")}}`,
+      `{${Object.keys(rec).filter(valid_js_var_name).join(",")}}`,
       "return " + e.attr("data-dyn-href")
     )(rec);
     e.attr("href", href);
@@ -155,7 +160,7 @@ function apply_showif() {
       e.prop("data-fetch-options-current-set", qs);
       const toAppend = [];
       if (!dynwhere.required)
-        toAppend.push({ label: dynwhere.neutral_label || "" });
+        toAppend.push({ label: dynwhere.neutral_label || "", value: "" });
       let currentDataOption = undefined;
       const dataOptions = [];
       //console.log(success);
@@ -191,7 +196,7 @@ function apply_showif() {
           .map(
             ({ label, value, selected }) =>
               `<option${selected ? ` selected` : ""}${
-                value ? ` value="${value}"` : ""
+                typeof value !== "undefined" ? ` value="${value}"` : ""
               }>${label || ""}</option>`
           )
           .join("")
@@ -285,9 +290,13 @@ function apply_showif() {
             .closest(".form-namespace")
             .find("input[name=_columndef]");
           try {
-            const def = JSON.parse($def.val());
-            def[k] = v;
-            $def.val(JSON.stringify(def));
+            const defval = $def.val();
+            const def =
+              typeof defval === "undefined" ? undefined : JSON.parse(defval);
+            if (def) {
+              def[k] = v;
+              $def.val(JSON.stringify(def));
+            }
           } catch (e) {
             console.error("Invalid json", e);
           }
@@ -381,24 +390,46 @@ function get_form_record(e_in, select_labels) {
     ? $(`form[data-viewname=${e_in.viewname}]`)
     : e_in.closest(".form-namespace");
 
+  const form = $(e).closest("form");
+
+  const rowVals = form.attr("data-row-values");
+  if (rowVals)
+    try {
+      const initRow = JSON.parse(decodeURIComponent(rowVals));
+      Object.assign(rec, initRow);
+    } catch (error) {
+      console.error(error);
+    }
+
   e.find("input[name],select[name],textarea[name]").each(function () {
-    const name = $(this).attr("data-fieldname") || $(this).attr("name");
-    if (select_labels && $(this).prop("tagName").toLowerCase() === "select")
-      rec[name] = $(this).find("option:selected").text();
-    else if ($(this).prop("type") === "checkbox")
-      rec[name] = $(this).prop("checked");
-    else rec[name] = $(this).val();
+    const $this = $(this);
+    const name = $this.attr("data-fieldname") || $this.attr("name");
+    if (select_labels && $this.prop("tagName").toLowerCase() === "select")
+      rec[name] = $this.find("option:selected").text();
+    else if ($this.prop("type") === "checkbox")
+      rec[name] = $this.prop("checked");
+    else if ($this.prop("type") === "radio" && !$this.prop("checked")) {
+      //do nothing
+    } else rec[name] = $this.val();
   });
   return rec;
 }
 function showIfFormulaInputs(e, fml) {
   const rec = get_form_record(e);
+  if (window._sc_loglevel > 4)
+    console.log(`show if fml ${fml} form_record`, rec);
   try {
-    return new Function(`{${Object.keys(rec).join(",")}}`, "return " + fml)(
-      rec
-    );
+    return new Function(
+      "row",
+      `{${Object.keys(rec).join(",")}}`,
+      "return " + fml
+    )(rec, rec);
   } catch (e) {
-    throw new Error(`Error in evaluating showIf formula ${fml}: ${e.message}`);
+    throw new Error(
+      `Error in evaluating showIf formula ${fml} with values ${JSON.stringify(
+        rec
+      )}: ${e.message}`
+    );
   }
 }
 
@@ -579,14 +610,17 @@ function initialize_page() {
       schema = JSON.parse(decodeURIComponent(schema));
     }
     if (type === "Date") {
-      console.log("timeelsems", $(this).find("span.current time"));
+      //console.log("timeelsems", $(this).find("span.current time"));
       current =
         $(this).attr("data-inline-edit-current") ||
         $(this).find("span.current time").attr("datetime"); // ||
       //$(this).children("span.current").html();
     }
-    console.log({ type, current });
+    if (type === "Bool") {
+      current = current === "true";
+    }
     var is_key = type?.startsWith("Key:");
+    const resetHtml = this.outerHTML;
     const opts = encodeURIComponent(
       JSON.stringify({
         url,
@@ -597,6 +631,7 @@ function initialize_page() {
         type,
         is_key,
         schema,
+        resetHtml,
         ...(decimalPlaces ? { decimalPlaces } : {}),
       })
     );
@@ -649,7 +684,11 @@ function initialize_page() {
             : ""
         }
         <input type="${
-          type === "Integer" || type === "Float" ? "number" : "text"
+          type === "Integer" || type === "Float"
+            ? "number"
+            : type === "Bool"
+            ? "checkbox"
+            : "text"
         }" ${
           type === "Float"
             ? `step="${
@@ -660,7 +699,13 @@ function initialize_page() {
                   : "any"
               }"`
             : ""
-        } name="${key}" value="${escapeHtml(current)}">
+        } name="${key}" ${
+          type === "Bool"
+            ? current
+              ? "checked"
+              : ""
+            : `value="${escapeHtml(current)}"`
+        }>
       <button type="submit" class="btn btn-sm btn-primary">OK</button>
       <button onclick="cancel_inline_edit(event, '${opts}')" type="button" class="btn btn-sm btn-danger"><i class="fas fa-times"></i></button>
       </form>`
@@ -722,12 +767,37 @@ function initialize_page() {
           $(el).addClass("codemirror-enabled");
           cm.on(
             "change",
-            $.debounce(() => {
-              $(el).closest("form").trigger("change");
-            }),
-            500,
-            null,
-            true
+            $.debounce(
+              (cm1) => {
+                cm1.save();
+                if ($(el).hasClass("validate-statements")) {
+                  try {
+                    let AsyncFunction = Object.getPrototypeOf(
+                      async function () {}
+                    ).constructor;
+                    AsyncFunction(cm.getValue());
+                    $(el).closest("form").trigger("change");
+                  } catch (e) {
+                    const form = $(el).closest("form");
+                    const errorArea = form.parent().find(".full-form-error");
+                    if (errorArea.length) errorArea.text(e.message);
+                    else
+                      form
+                        .parent()
+                        .append(
+                          `<p class="text-danger full-form-error">${e.message}</p>`
+                        );
+                    return;
+                  }
+                } else {
+                  cm1.save();
+                  $(el).closest("form").trigger("change");
+                }
+              },
+              500,
+              null,
+              true
+            )
           );
         });
       }, 100);
@@ -777,33 +847,7 @@ function cancel_inline_edit(e, opts1) {
   const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
   var form = $(e.target).closest("form");
-  var json_fk_opt;
-  if (opts.schema) {
-    json_fk_opt = form.find(`option[value="${opts.current}"]`).text();
-  }
-  form.replaceWith(`<div 
-  data-inline-edit-field="${opts.key}" 
-  ${opts.ajax ? `data-inline-edit-ajax="true"` : ""}
-  ${opts.type ? `data-inline-edit-type="${opts.type}"` : ""}
-  ${opts.current ? `data-inline-edit-current="${opts.current}"` : ""}
-  ${
-    opts.current_label
-      ? `data-inline-edit-current-label="${opts.current_label}"`
-      : ""
-  }
-  ${
-    opts.schema
-      ? `data-inline-edit-schema="${encodeURIComponent(
-          JSON.stringify(opts.schema)
-        )}"`
-      : ""
-  }
-  data-inline-edit-dest-url="${opts.url}">
-    <span class="current">${
-      json_fk_opt || opts.current_label || opts.current
-    }</span>
-    <i class="editicon ${!isNode ? "visible" : ""} fas fa-edit ms-1"></i>
-  </div>`);
+  form.replaceWith(opts.resetHtml);
   initialize_page();
 }
 
@@ -811,7 +855,8 @@ function inline_submit_success(e, form, opts) {
   const isNode = typeof parent?.saltcorn?.data?.state === "undefined";
   const formDataArray = form.serializeArray();
   if (opts) {
-    let rawVal = formDataArray.find((f) => f.name == opts.key).value;
+    let fdEntry = formDataArray.find((f) => f.name == opts.key);
+    let rawVal = opts.type === "Bool" ? !!fdEntry : fdEntry.value;
     let val =
       opts.is_key || (opts.schema && opts.schema.type.startsWith("Key to "))
         ? form.find("select").find("option:selected").text()
@@ -846,9 +891,13 @@ function inline_submit_success(e, form, opts) {
 function inline_ajax_submit(e, opts1) {
   var opts = JSON.parse(decodeURIComponent(opts1 || "") || "{}");
   e.preventDefault();
+
   var form = $(e.target).closest("form");
   var form_data = form.serialize();
   var url = form.attr("action");
+  if (opts.type === "Bool" && !form_data.includes(`${opts.key}=on`)) {
+    form_data += `&${opts.key}=off`;
+  }
   $.ajax(url, {
     type: "POST",
     headers: {
@@ -1357,3 +1406,35 @@ function check_saltcorn_notifications() {
     }
   });
 }
+
+function disable_inactive_tab_inputs(id) {
+  setTimeout(() => {
+    const isAccordion = $(`#${id}`).hasClass("accordion");
+    const iterElem = isAccordion
+      ? `#${id} div.accordion-item .accordion-button`
+      : `#${id} li a`;
+    $(iterElem).each(function () {
+      const isActive = isAccordion
+        ? !$(this).hasClass("collapsed")
+        : $(this).hasClass("active");
+      const target = isAccordion
+        ? $(this).attr("data-bs-target")
+        : $(this).attr("href");
+      if (isActive) {
+        //activate previously disabled
+        $(target)
+          .find("[disabled-by-tab]")
+          .prop("disabled", false)
+          .removeAttr("disabled-by-tab");
+      } else {
+        //disable all input
+        $(target)
+          .find(
+            "input:not(:disabled), textarea:not(:disabled), button:not(:disabled), select:not(:disabled)"
+          )
+          .prop("disabled", true)
+          .attr("disabled-by-tab", "1");
+      }
+    });
+  }, 100);
+}

package/public/saltcorn.css

@@ -241,6 +241,7 @@ input.hideupdownbtns::-webkit-inner-spin-button {
 
 input.hideupdownbtns[type="number"] {
   -moz-appearance: textfield;
+  text-align: center;
 }
 
 section.range-slider {

package/public/saltcorn.js

@@ -360,7 +360,7 @@ function submitWithAjax(e) {
   saveAndContinue(e, (res) => {
     if (res && res.responseJSON && res.responseJSON.url_when_done)
       window.location.href = res.responseJSON.url_when_done;
-    if (res && res.responseJSON && res.responseJSON.error)
+    if (res && res.responseJSON && res.responseJSON.error && res.status < 300)
       notifyAlert({ type: "danger", text: res.responseJSON.error });
   });
 }
@@ -397,16 +397,7 @@ function saveAndContinue(e, k) {
     error: function (request) {
       var ct = request.getResponseHeader("content-type") || "";
       if (ct.startsWith && ct.startsWith("application/json")) {
-        var errorArea = form.parent().find(".full-form-error");
-        if (errorArea.length) {
-          errorArea.text(request.responseJSON.error);
-        } else {
-          form
-            .parent()
-            .append(
-              `<p class="text-danger full-form-error">${request.responseJSON.error}</p>`
-            );
-        }
+        notifyAlert({ type: "danger", text: request.responseJSON.error });
       } else {
         $("#page-inner-content").html(request.responseText);
         initialize_page();

package/routes/actions.js

@@ -145,7 +145,7 @@ const triggerForm = async (req, trigger) => {
     .filter(([k, v]) => v.hasChannel)
     .map(([k, v]) => k);
   const allActions = actions.map((t) => t.name);
-  const table_triggers = ["Insert", "Update", "Delete"];
+  const table_triggers = ["Insert", "Update", "Delete", "Validate"];
   const action_options = {};
   const actionsNotRequiringRow = actions
     .filter((a) => !a.requireRow)
@@ -171,6 +171,7 @@ const triggerForm = async (req, trigger) => {
         required: true,
         options: Trigger.when_options.map((t) => ({ value: t, label: t })),
         sublabel: req.__("Event type which runs the trigger"),
+        help: { topic: "Event types" },
         attributes: {
           explainers: {
             Often: req.__("Every 5 minutes"),

package/routes/api.js

@@ -358,14 +358,22 @@ router.all(
         if (accessAllowed(req, user, trigger)) {
           try {
             const action = getState().actions[trigger.action];
+            const row = req.method === "GET" ? req.query : req.body;
             const resp = await action.run({
               configuration: trigger.configuration,
               body: req.body,
-              row: req.method === "GET" ? req.query : req.body,
+              row,
               req,
               user: user || req.user,
             });
-            res.json({ success: true, data: resp });
+            if (
+              (row._process_result || req.headers?.scprocessresults) &&
+              resp?.goto
+            )
+              res.redirect(resp.goto);
+            else if (req.headers?.scgotourl)
+              res.redirect(req.headers?.scgotourl);
+            else res.json({ success: true, data: resp });
           } catch (e) {
             Crash.create(e, req);
             res.status(400).json({ success: false, error: e.message });