@saltcorn/server 0.9.4-beta.12 → 0.9.4-beta.13

package/app.js

@@ -125,7 +125,19 @@ const getApp = async (opts = {}) => {
 
   // https://www.npmjs.com/package/helmet
   // helmet is secure app by adding HTTP headers
-  app.use(helmet());
+
+  const cross_domain_iframe = getState().getConfig(
+    "cross_domain_iframe",
+    false
+  );
+
+  const helmetOptions = {
+    contentSecurityPolicy: false,
+  };
+
+  if (cross_domain_iframe) helmetOptions.xFrameOptions = false;
+  app.use(helmet(helmetOptions));
+
   // TODO ch find a better solution
   app.use(cors());
   const bodyLimit = getState().getConfig("body_limit");

package/auth/admin.js

@@ -42,6 +42,7 @@ const {
   getBaseDomain,
   hostname_matches_baseurl,
   is_hsts_tld,
+  check_if_restart_required,
 } = require("../markup/admin");
 const { send_verification_email } = require("@saltcorn/data/models/email");
 const { expressionValidator } = require("@saltcorn/data/models/expression");
@@ -354,6 +355,7 @@ const auth_settings_form = async (req) =>
       "signup_form",
       "user_settings_form",
       "verification_view",
+      "logout_url",
       "elevate_verified",
       "email_mask",
     ],
@@ -376,6 +378,7 @@ const http_settings_form = async (req) =>
       //"cookie_sessions",
       "public_cache_maxage",
       "custom_http_headers",
+      "cross_domain_iframe",
       "body_limit",
       "url_encoded_limit",
     ],
@@ -508,12 +511,21 @@ router.post(
         },
       });
     } else {
+      const restart_required = check_if_restart_required(form, req);
+
       await save_config_from_form(form);
 
       if (!req.xhr) {
         req.flash("success", req.__("HTTP settings updated"));
         res.redirect("/useradmin/http");
-      } else res.json({ success: "ok" });
+      } else {
+        if (restart_required)
+          res.json({
+            success: "ok",
+            notify: req.__("Restart required for changes to take effect."),
+          });
+        else res.json({ success: "ok" });
+      }
     }
   })
 );
@@ -1017,7 +1029,10 @@ router.post(
             ? req.__(` with password %s`, code(password))
             : "";
 
-        req.flash("success", req.__(`User %s created`, email) + pwflash);
+        req.flash(
+          pwflash ? "warning" : "success",
+          req.__(`User %s created`, email) + pwflash
+        );
 
         if (rnd_password && send_pwreset_email)
           await send_reset_email(u, req, { creating: true });

package/auth/routes.js

@@ -332,17 +332,18 @@ router.get("/logout", async (req, res, next) => {
     res.json({ success: true });
   } else if (req.logout) {
     req.logout(function (err) {
+      const destination = getState().getConfig("logout_url", "/auth/login");
       if (req.session.destroy)
         req.session.destroy((err) => {
           if (err) return next(err);
           req.logout(() => {
-            res.redirect("/auth/login");
+            res.redirect(destination);
           });
         });
       else {
         req.logout(function (err) {
           req.session = null;
-          res.redirect("/auth/login");
+          res.redirect(destination);
         });
       }
     });

package/locales/en.json

@@ -1366,5 +1366,14 @@
 	"Serve a random page, ignoring the eligible formula. Within a session, reloads will always deliver the same page. This is a basic requirement for A/B testing.": "Serve a random page, ignoring the eligible formula. Within a session, reloads will always deliver the same page. This is a basic requirement for A/B testing.",
 	"Pagegroup %s not found": "Pagegroup %s not found",
 	"Create trigger": "Create trigger",
-	"Omit the menu from this view": "Omit the menu from this view"
-}
+	"Omit the menu from this view": "Omit the menu from this view",
+	"Cross-domain iframe": "Cross-domain iframe",
+	"Allow embedding in iframe on different domains. Unsets the X-Frame-Options header": "Allow embedding in iframe on different domains. Unsets the X-Frame-Options header",
+	"Logout URL": "Logout URL",
+	"The URL to direct to after logout": "The URL to direct to after logout",
+	"Runtime informations": "Runtime informations",
+	"open logs viewer": "open logs viewer",
+	"Server logs": "Server logs",
+	"Timestamp": "Timestamp",
+	"Message": "Message"
+}

package/package.json

@@ -1,19 +1,19 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.9.4-beta.12",
+  "version": "0.9.4-beta.13",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.451.0",
-    "@saltcorn/base-plugin": "0.9.4-beta.12",
-    "@saltcorn/builder": "0.9.4-beta.12",
-    "@saltcorn/data": "0.9.4-beta.12",
-    "@saltcorn/admin-models": "0.9.4-beta.12",
-    "@saltcorn/filemanager": "0.9.4-beta.12",
-    "@saltcorn/markup": "0.9.4-beta.12",
-    "@saltcorn/sbadmin2": "0.9.4-beta.12",
+    "@saltcorn/base-plugin": "0.9.4-beta.13",
+    "@saltcorn/builder": "0.9.4-beta.13",
+    "@saltcorn/data": "0.9.4-beta.13",
+    "@saltcorn/admin-models": "0.9.4-beta.13",
+    "@saltcorn/filemanager": "0.9.4-beta.13",
+    "@saltcorn/markup": "0.9.4-beta.13",
+    "@saltcorn/sbadmin2": "0.9.4-beta.13",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.10",
@@ -33,7 +33,7 @@
     "express-session": "^1.17.1",
     "greenlock": "^4.0.4",
     "greenlock-express": "^4.0.3",
-    "helmet": "^3.23.3",
+    "helmet": "^7.1.0",
     "i18n": "^0.15.1",
     "imapflow": "1.0.123",
     "jsonwebtoken": "^9.0.0",

package/public/log_viewer_utils.js

@@ -0,0 +1,156 @@
+var logViewerHelpers = (() => {
+  const messages = [];
+  let currentPage = 1;
+  const rowsPerPage = 20;
+  const dateOptions = {
+    month: "short",
+    day: "numeric",
+    hour: "2-digit",
+    minute: "2-digit",
+    second: "2-digit",
+  };
+  let lostConnection = false;
+
+  const logLevelColor = (level) => {
+    switch (parseInt(level)) {
+      case 4:
+        return "text-primary";
+      case 3:
+        return "text-warning";
+      case 2:
+        return "text-info";
+      case 1:
+        return "text-danger";
+    }
+    return "";
+  };
+
+  const buildLogRow = (date, level, text) => {
+    return `
+    <tr>
+      <td>
+        ${new Date(date).toLocaleDateString(
+          window.detected_locale || "en",
+          dateOptions
+        )}
+      </td>
+      <td class="${logLevelColor(level)} fw-bold">
+        ${text}
+      </td>
+    </tr>
+    `;
+  };
+
+  const buildPaginationItem = (n) => `
+  <li class="page-item">
+    <span 
+      class="page-link link-style" 
+      onclick="logViewerHelpers.goToLogsPage(${n})" 
+      role="link">
+        ${n}
+    </span>
+  </li>
+`;
+
+  const handleLogMsg = (msg) => {
+    messages.push(msg);
+    const tbl = $("#_sc_logs_tbl_id_");
+    if (currentPage === 1) {
+      const tbody = tbl.find("tbody");
+      const allTblRows = tbody.find("tr");
+      if (allTblRows.length >= rowsPerPage)
+        allTblRows[allTblRows.length - 1].remove();
+      tbody.prepend(buildLogRow(msg.time, msg.level, msg.text));
+    }
+    if (messages.length % rowsPerPage === 1) {
+      const pagination = tbl.find(".pagination");
+      pagination.append(
+        buildPaginationItem(Math.trunc(messages.length / rowsPerPage + 1))
+      );
+    }
+    logViewerHelpers.goToLogsPage(currentPage);
+  };
+  const startTrackingMsg = () => {
+    const startedMsg = {
+      time: new Date().toLocaleDateString("de-DE", dateOptions),
+      level: 5,
+      text: "tracking started",
+    };
+    messages.push(startedMsg);
+    const tbl = $("#_sc_logs_tbl_id_");
+    tbl
+      .find("tbody")
+      .append(buildLogRow(startedMsg.time, startedMsg.level, startedMsg.text));
+  };
+
+  const handleDisconnect = () => {
+    lostConnection = true;
+    $("#server-logs-card-id")
+      .find(".sc-error-indicator")
+      .css("display", "inline");
+    notifyAlert({
+      type: "danger",
+      text: "lost the server connection",
+    });
+  };
+
+  const handleConnect = (socket) => {
+    socket.emit("join_log_room", (ack) => {
+      if (ack) {
+        if (ack.status === "ok") {
+          $("#server-logs-card-id")
+            .find(".sc-error-indicator")
+            .css("display", "none");
+          if (lostConnection) {
+            lostConnection = false;
+            emptyAlerts();
+            notifyAlert({
+              type: "success",
+              text: "You are connected again",
+            });
+          }
+        } else if (ack.status === "error" && ack.msg) {
+          notifyAlert({
+            type: "danger",
+            text: `Unable to join the log room: ${ack.msg}`,
+          });
+        } else {
+          notifyAlert({
+            type: "danger",
+            text: "Unable to join the log room: Unknow error",
+          });
+        }
+      } else {
+        notifyAlert({
+          type: "danger",
+          text: "Unable to join the log room",
+        });
+      }
+    });
+  };
+
+  return {
+    init_log_socket: () => {
+      const socket = io({ transports: ["websocket"] });
+      startTrackingMsg();
+      socket.on("connect", () => handleConnect(socket));
+      socket.on("disconnect", handleDisconnect);
+      socket.on("log_msg", handleLogMsg);
+    },
+    goToLogsPage: (n) => {
+      currentPage = n;
+      $(".page-item").removeClass("active");
+      $(`.page-item:nth-child(${n})`).addClass("active");
+      let end = messages.length - rowsPerPage * n;
+      let start = end + rowsPerPage;
+      const tbl = $("#_sc_logs_tbl_id_");
+      const tbody = tbl.find("tbody");
+      tbody.empty();
+      for (let i = start; i > end; i--) {
+        if (i < 1) break;
+        const msg = messages[i - 1];
+        tbody.append(buildLogRow(msg.time, msg.level, msg.text));
+      }
+    },
+  };
+})();

package/routes/actions.js

@@ -11,6 +11,7 @@ const {
   addOnDoneRedirect,
   is_relative_url,
 } = require("./utils.js");
+const { ppVal } = require("@saltcorn/data/utils");
 const { getState } = require("@saltcorn/data/db/state");
 const Trigger = require("@saltcorn/data/models/trigger");
 const { getTriggerList } = require("./common_lists");
@@ -631,12 +632,6 @@ router.get(
     const { id } = req.params;
     const trigger = await Trigger.findOne({ id });
     const output = [];
-    const ppVal = (x) =>
-      typeof x === "string"
-        ? x
-        : typeof x === "function"
-        ? x.toString()
-        : JSON.stringify(x, null, 2);
     const fakeConsole = {
       log(...s) {
         console.log(...s);

package/routes/admin.js

@@ -2541,6 +2541,52 @@ router.post(
     }
   })
 );
+
+router.get(
+  "/dev/logs_viewer",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    return send_admin_page({
+      res,
+      req,
+      active_sub: "Development",
+      contents: {
+        above: [
+          {
+            type: "card",
+            id: "server-logs-card-id",
+            title: req.__("Server logs"),
+            titleErrorInidicator: true,
+            contents: mkTable(
+              [
+                {
+                  label: req.__("Timestamp"),
+                  width: "15%",
+                },
+                { label: req.__("Message") },
+              ],
+              [],
+              {
+                pagination: {
+                  current_page: 1,
+                  pages: 1,
+                  get_page_link: () => "logViewerHelpers.goToLogsPage(1)",
+                },
+                tableId: "_sc_logs_tbl_id_",
+              }
+            ),
+          },
+          script({
+            src: `/static_assets/${db.connectObj.version_tag}/socket.io.min.js`,
+          }),
+          script({ src: "/log_viewer_utils.js" }),
+          script(domReady(`logViewerHelpers.init_log_socket();`)),
+        ],
+      },
+    });
+  })
+);
+
 /**
  * Dev / Admin
  */
@@ -2574,10 +2620,28 @@ admin_config_route({
       req,
       active_sub: "Development",
       contents: {
-        type: "card",
-        title: req.__("Development settings"),
-        titleAjaxIndicator: true,
-        contents: [renderForm(form, req.csrfToken())],
+        above: [
+          {
+            type: "card",
+            title: req.__("Development settings"),
+            titleAjaxIndicator: true,
+            contents: [renderForm(form, req.csrfToken())],
+          },
+          {
+            type: "card",
+            title: req.__("Runtime informations"),
+            contents: [
+              div(
+                { class: "row form-group" },
+                a(
+                  { class: "d-block", href: "dev/logs_viewer" },
+                  req.__("open logs viewer")
+                ),
+                i("Open a log viewer for the current server messages")
+              ),
+            ],
+          },
+        ],
       },
     });
   },

package/routes/common_lists.js

@@ -524,7 +524,8 @@ const getPageList = async (
       },
       {
         label: req.__("Edit"),
-        key: (r) => link(`/pageedit/edit/${r.name}`, req.__("Edit")),
+        key: (r) =>
+          link(`/pageedit/edit/${encodeURIComponent(r.name)}`, req.__("Edit")),
       },
       !tagId
         ? {

package/routes/utils.js

@@ -147,9 +147,10 @@ const set_custom_http_headers = (res, req, state) => {
 /**
  * Tries to recognize tenant from HTTP Request
  * @param {object} req
+ * @param {number|undefined} hostPartsOffset (optional) for socketIO, to get the tenant with localhost
  * @returns {string}
  */
-const get_tenant_from_req = (req) => {
+const get_tenant_from_req = (req, hostPartsOffset) => {
   if (req.subdomains && req.subdomains.length > 0)
     return req.subdomains[req.subdomains.length - 1];
 
@@ -157,7 +158,8 @@ const get_tenant_from_req = (req) => {
     return db.connectObj.default_schema;
   if (!req.subdomains && req.headers.host) {
     const parts = req.headers.host.split(".");
-    if (parts.length < 3) return db.connectObj.default_schema;
+    if (parts.length < (!hostPartsOffset ? 3 : 3 - hostPartsOffset))
+      return db.connectObj.default_schema;
     else return parts[0];
   }
 };

package/serve.js

@@ -112,6 +112,10 @@ const initMaster = async ({ disableMigrate }, useClusterAdaptor = true) => {
     const tenants = await getAllTenants();
     await init_multi_tenant(loadAllPlugins, disableMigrate, tenants);
   }
+  eachTenant(async () => {
+    const state = getState();
+    if (state) await state.setConfig("joined_log_socket_ids", []);
+  });
   if (useClusterAdaptor) setupPrimary();
 };
 
@@ -283,7 +287,7 @@ module.exports =
           })
           .ready((glx) => {
             const httpsServer = glx.httpsServer();
-            setupSocket(httpsServer);
+            setupSocket(appargs?.subdomainOffset, httpsServer);
             httpsServer.setTimeout(timeout * 1000);
             process.on("message", workerDispatchMsg);
             glx.serveApp(app);
@@ -350,7 +354,7 @@ const nonGreenlockWorkerSetup = async (appargs, port) => {
     // todo timeout to config
     httpServer.setTimeout(timeout * 1000);
     httpsServer.setTimeout(timeout * 1000);
-    setupSocket(httpServer, httpsServer);
+    setupSocket(appargs?.subdomainOffset, httpServer, httpsServer);
     httpServer.listen(port, () => {
       console.log("HTTP Server running on port 80");
     });
@@ -363,7 +367,7 @@ const nonGreenlockWorkerSetup = async (appargs, port) => {
     // server with http only
     const http = require("http");
     const httpServer = http.createServer(app);
-    setupSocket(httpServer);
+    setupSocket(appargs?.subdomainOffset, httpServer);
 
     // todo timeout to config
     // todo refer in doc to httpserver doc
@@ -380,7 +384,7 @@ const nonGreenlockWorkerSetup = async (appargs, port) => {
  *
  * @param  {...*} servers
  */
-const setupSocket = (...servers) => {
+const setupSocket = (subdomainOffset, ...servers) => {
   // https://socket.io/docs/v4/middlewares/
   const wrap = (middleware) => (socket, next) =>
     middleware(socket.request, {}, next);
@@ -398,6 +402,12 @@ const setupSocket = (...servers) => {
   getState().setRoomEmitter((tenant, viewname, room_id, msg) => {
     io.to(`${tenant}_${viewname}_${room_id}`).emit("message", msg);
   });
+
+  getState().setLogEmitter((tenant, level, msg) => {
+    const time = new Date().valueOf();
+    io.to(`_logs_${tenant}_`).emit("log_msg", { text: msg, time, level });
+  });
+
   io.on("connection", (socket) => {
     socket.on("join_room", ([viewname, room_id]) => {
       const ten = get_tenant_from_req(socket.request) || "public";
@@ -418,5 +428,42 @@ const setupSocket = (...servers) => {
       if (ten && ten !== "public") db.runWithTenant(ten, f);
       else f();
     });
+
+    socket.on("join_log_room", async (callback) => {
+      const tenant =
+        get_tenant_from_req(socket.request, subdomainOffset) || "public";
+      const f = async () => {
+        try {
+          const user = socket.request.user;
+          if (!user || user.role_id !== 1) throw new Error("Not authorized");
+          else {
+            socket.join(`_logs_${tenant}_`);
+            const socketIds = await getState().getConfig(
+              "joined_log_socket_ids"
+            );
+            socketIds.push(socket.id);
+            await getState().setConfig("joined_log_socket_ids", [...socketIds]);
+            callback({ status: "ok" });
+          }
+        } catch (err) {
+          getState().log(1, `Socket join_logs stream: ${err.stack}`);
+          callback({ status: "error", msg: err.message || "unknown error" });
+        }
+      };
+      if (tenant && tenant !== "public") db.runWithTenant(tenant, f);
+      else await f();
+    });
+
+    socket.on("disconnect", async () => {
+      const tenant =
+        get_tenant_from_req(socket.request, subdomainOffset) || "public";
+      const f = async () => {
+        const socketIds = await getState().getConfig("joined_log_socket_ids");
+        const newSocketIds = socketIds.filter((id) => id !== socket.id);
+        await getState().setConfig("joined_log_socket_ids", newSocketIds);
+      };
+      if (tenant && tenant !== "public") db.runWithTenant(tenant, f);
+      else f();
+    });
   });
 };

package/tests/admin.test.js

@@ -555,7 +555,7 @@ describe("diagram", () => {
 });
 
 /**
- * Diagram tests
+ * Tags tests
  */
 describe("tags", () => {
   itShouldRedirectUnauthToLogin("/tag");
@@ -604,6 +604,12 @@ describe("tags", () => {
       .expect(toRedirect("/tag"));
   });
 });
+
+describe("server logs viewer", () => {
+  itShouldRedirectUnauthToLogin("/admin/dev/logs_viewer");
+  itShouldIncludeTextForAdmin("/admin/dev/logs_viewer", "Server logs");
+});
+
 /**
  * Clear all tests
  */