@saltcorn/server 1.0.0-beta.9 → 1.0.0-rc.10

package/routes/infoarch.js

@@ -14,7 +14,7 @@ const {
 } = require("../markup/admin.js");
 const { getState } = require("@saltcorn/data/db/state");
 const { div, a, i, text } = require("@saltcorn/markup/tags");
-const { mkTable, renderForm } = require("@saltcorn/markup");
+const { mkTable, renderForm, post_delete_btn } = require("@saltcorn/markup");
 const Form = require("@saltcorn/data/models/form");
 
 /**
@@ -119,6 +119,15 @@ router.get(
                       })
                     : "",
               },
+              {
+                label: req.__("Delete"),
+                key: (r) =>
+                  post_delete_btn(
+                    `/site-structure/localizer/delete-lang/${r.locale}`,
+                    req,
+                    r.name
+                  ),
+              },
             ],
             Object.values(cfgLangs)
           ),
@@ -234,7 +243,14 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const { lang, defstring } = req.params;
-
+    if (
+      lang === "__proto__" ||
+      defstring === "__proto__" ||
+      lang === "constructor"
+    ) {
+      res.redirect(`/`);
+      return;
+    }
     const cfgStrings = getState().getConfigCopy("localizer_strings");
     if (cfgStrings[lang]) cfgStrings[lang][defstring] = text(req.body.value);
     else cfgStrings[lang] = { [defstring]: text(req.body.value) };
@@ -280,3 +296,25 @@ router.post(
     }
   })
 );
+
+/**
+ * @name post/localizer/save-lang
+ * @function
+ * @memberof module:routes/infoarch~infoarchRouter
+ * @function
+ */
+router.post(
+  "/localizer/delete-lang/:lang",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { lang } = req.params;
+
+    const cfgLangs = getState().getConfig("localizer_languages");
+    if (cfgLangs[lang]) {
+      delete cfgLangs[lang];
+      await getState().setConfig("localizer_languages", cfgLangs);
+    }
+    if (!req.xhr) res.redirect(`/site-structure/localizer`);
+    else res.json({ success: "ok" });
+  })
+);

package/routes/list.js

@@ -411,7 +411,7 @@ router.get(
                   ajax_indicator(false);
                   //if (item._versions) item._versions = +item._versions + 1;
                   //data.resolve(fixKeys(item));
-                  if(resp.success &&typeof resp.success ==="number" && !row.id) {
+                  if(resp.success &&(typeof resp.success ==="number" || typeof resp.success ==="string") && !row.id) {
                     window.tabulator_table.updateRow(cell.getRow(), {id: resp.success});
                   }
 

package/routes/menu.js

@@ -269,6 +269,9 @@ const menuForm = async (req) => {
         name: "icon",
         class: "item-menu",
         input_type: "hidden",
+        showIf: {
+          type: ["View", "Page", "Page Group", "Link", "Header", "Action"],
+        },
       },
       {
         name: "tooltip",

package/routes/pageedit.js

@@ -183,6 +183,12 @@ const pageBuilderData = async (req, context) => {
       });
     }
   }
+  const actionsNotRequiringRow = Trigger.action_options({
+    notRequireRow: true,
+    apiNeverTriggers: true,
+    builtInLabel: "Page Actions",
+    builtIns: ["GoBack"],
+  });
   const library = (await Library.find({})).filter((l) => l.suitableFor("page"));
   const fixed_state_fields = {};
   for (const view of views) {
@@ -228,7 +234,7 @@ const pageBuilderData = async (req, context) => {
     images,
     pages,
     page_groups,
-    actions,
+    actions: actionsNotRequiringRow,
     builtInActions: ["GoBack"],
     library,
     min_role: context.min_role,
@@ -642,7 +648,8 @@ router.post(
     const { pagename } = req.params;
 
     let redirectTarget =
-      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+      req.query.on_done_redirect &&
+      is_relative_url("/" + req.query.on_done_redirect)
         ? `/${req.query.on_done_redirect}`
         : "/pageedit";
     const page = await Page.findOne({ name: pagename });

package/routes/plugins.js

@@ -49,6 +49,8 @@ const {
   input,
   label,
   text,
+  script,
+  domReady,
 } = require("@saltcorn/markup/tags");
 const { search_bar } = require("@saltcorn/markup/helpers");
 const fs = require("fs");
@@ -59,6 +61,10 @@ const { sleep, removeNonWordChars } = require("@saltcorn/data/utils");
 const { loadAllPlugins } = require("../load_plugins");
 const npmFetch = require("npm-registry-fetch");
 const PluginInstaller = require("@saltcorn/plugins-loader/plugin_installer");
+const {
+  supportedVersion,
+  isVersionSupported,
+} = require("@saltcorn/plugins-loader/stable_versioning");
 
 /**
  * @type {object}
@@ -177,6 +183,8 @@ const get_store_items = async () => {
       has_auth: plugin.has_auth,
       unsafe: plugin.unsafe,
       source: plugin.source,
+      ready_for_mobile:
+        plugin.ready_for_mobile && plugin.ready_for_mobile(plugin.name),
     }))
     .filter((p) => !p.unsafe || isRoot || tenants_unsafe_plugins);
   const local_logins = installed_plugins
@@ -190,6 +198,8 @@ const get_store_items = async () => {
       github: plugin.source === "github",
       git: plugin.source === "git",
       local: plugin.source === "local",
+      ready_for_mobile:
+        plugin.ready_for_mobile && plugin.ready_for_mobile(plugin.name),
     }));
 
   const pack_items = packs_available.map((pack) => ({
@@ -274,7 +284,8 @@ const store_item_html = (req) => (item) => ({
       item.github && badge("GitHub"),
       item.git && badge("Git"),
       item.local && badge(req.__("Local")),
-      item.installed && badge(req.__("Installed"))
+      item.installed && badge(req.__("Installed")),
+      item.ready_for_mobile && badge(req.__("Mobile"))
     ),
     div(item.description || ""),
     item.documentation_link
@@ -584,7 +595,9 @@ router.get(
   error_catcher(async (req, res) => {
     const { name } = req.params;
     const withoutOrg = name.replace(/^@saltcorn\//, "");
-    const plugin = await Plugin.store_by_name(decodeURIComponent(withoutOrg));
+    let plugin = await Plugin.store_by_name(decodeURIComponent(withoutOrg));
+    if (!plugin)
+      plugin = await Plugin.findOne({ name: decodeURIComponent(name) });
     if (!plugin) {
       getState().log(
         2,
@@ -603,12 +616,14 @@ router.get(
         res.set("Page-Title", req.__("%s versions", text(withoutOrg)));
         const versions = Object.keys(pkgInfo.versions);
         if (versions.length === 0) throw new Error(req.__("No versions found"));
+        const tags = pkgInfo["dist-tags"] || {};
         let selected = null;
         if (getState().plugins[plugin.name]) {
           const mod = await load_plugins.requirePlugin(plugin);
           if (mod) selected = mod.version;
         }
         if (!selected) selected = versions[versions.length - 1];
+        const scVersion = getState().scVersion;
         return res.send(
           form(
             {
@@ -618,6 +633,7 @@ router.get(
             input({ type: "hidden", name: "_csrf", value: req.csrfToken() }),
             div(
               { class: "form-group" },
+              // version
               label(
                 {
                   for: "version_select",
@@ -631,14 +647,49 @@ router.get(
                   class: "form-control form-select",
                   name: "version",
                 },
-                versions.map((version) =>
-                  option({
-                    id: `${version}_opt`,
-                    value: version,
-                    label: version,
-                    selected: version === selected,
-                  })
-                )
+                versions
+                  .filter((v) =>
+                    isVersionSupported(v, pkgInfo.versions, scVersion)
+                  )
+                  .map((version) =>
+                    option({
+                      id: `${version}_opt`,
+                      value: version,
+                      label: version,
+                      selected: version === selected,
+                    })
+                  )
+              ),
+              // tag
+              label(
+                {
+                  for: "tag_select",
+                  class: "form-label fw-bold mt-2",
+                },
+                req.__("Tags")
+              ),
+              select(
+                {
+                  id: "tag_select",
+                  class: "form-control form-select",
+                },
+                option({
+                  id: "empty_opt",
+                  value: "",
+                  label: req.__("Select tag"),
+                  selected: true,
+                }),
+                Object.keys(tags)
+                  .filter((tag) =>
+                    isVersionSupported(tags[tag], pkgInfo.versions, scVersion)
+                  )
+                  .map((tag) =>
+                    option({
+                      id: `${tag}_opt`,
+                      value: tags[tag],
+                      label: `${tag} (${tags[tag]})`,
+                    })
+                  )
               )
             ),
             div(
@@ -660,7 +711,19 @@ router.get(
                 req.__("Install")
               )
             )
-          )
+          ) +
+            script(
+              domReady(`
+document.getElementById('tag_select').onchange = () => {
+  const version = document.getElementById('tag_select').value;
+  if (version) document.getElementById('version_select').value = version;
+};
+document.getElementById('version_select').onchange = () => {
+  const tagSelect = document.getElementById('tag_select');
+  tagSelect.value = '';
+}; 
+`)
+            )
         );
       } catch (error) {
         getState().log(
@@ -836,12 +899,13 @@ router.post(
         };
         await plugin.upsert();
         await load_plugins.loadPlugin(plugin);
+
+        getState().processSend({
+          refresh_plugin_cfg: plugin.name,
+          tenant: db.getTenantSchema(),
+        });
+        res.json({ success: "ok" });
       }
-      getState().processSend({
-        refresh_plugin_cfg: plugin.name,
-        tenant: db.getTenantSchema(),
-      });
-      res.json({ success: "ok" });
     }
   })
 );
@@ -1168,9 +1232,22 @@ router.get(
     const update_permitted =
       db.getTenantSchema() === db.connectObj.default_schema &&
       plugin_db.source === "npm";
-    const latest =
+
+    let latest =
       update_permitted &&
       (await get_latest_npm_version(plugin_db.location, 1000));
+    let engineInfos = await load_plugins.getEngineInfos(plugin_db); // with cache
+    let forceFetch = true;
+    if (latest && !engineInfos[latest]) {
+      engineInfos = await load_plugins.getEngineInfos(plugin_db, forceFetch);
+      forceFetch = false;
+    }
+    if (latest && !isVersionSupported(latest, engineInfos)) {
+      latest = supportedVersion(
+        latest,
+        await load_plugins.getEngineInfos(plugin_db, forceFetch)
+      );
+    }
     const can_update = update_permitted && latest && mod.version !== latest;
     const can_select_version = update_permitted && plugin_db.source === "npm";
     let pkgjson;
@@ -1316,8 +1393,8 @@ router.get(
   error_catcher(async (req, res) => {
     const schema = db.getTenantSchema();
     if (schema === db.connectObj.default_schema) {
-      await upgrade_all_tenants_plugins((p, f) =>
-        load_plugins.loadPlugin(p, f)
+      await upgrade_all_tenants_plugins((p, f, forceFetch) =>
+        load_plugins.loadPlugin(p, f, forceFetch)
       );
       req.flash(
         "success",
@@ -1328,7 +1405,9 @@ router.get(
     } else {
       const installed_plugins = await Plugin.find({});
       for (const plugin of installed_plugins) {
-        await plugin.upgrade_version((p, f) => load_plugins.loadPlugin(p, f));
+        await plugin.upgrade_version((p, f, forceFetch) =>
+          load_plugins.loadPlugin(p, f, forceFetch)
+        );
       }
       req.flash("success", req.__(`Modules up-to-date`));
       await restart_tenant(loadAllPlugins);
@@ -1354,7 +1433,12 @@ router.get(
     const { name } = req.params;
 
     const plugin = await Plugin.findOne({ name });
-    await plugin.upgrade_version((p, f) => load_plugins.loadPlugin(p, f));
+    const versions = await load_plugins.getEngineInfos(plugin, true);
+
+    await plugin.upgrade_version(
+      (p, f) => load_plugins.loadPlugin(p, f),
+      supportedVersion("latest", versions, require("../package.json").version)
+    );
     req.flash("success", req.__(`Module up-to-date`));
 
     res.redirect(`/plugins/info/${encodeURIComponent(plugin.name)}`);
@@ -1385,11 +1469,12 @@ router.post(
       res.redirect(`/plugins`);
     } else {
       try {
-        await load_plugins.loadAndSaveNewPlugin(
+        const msgs = await load_plugins.loadAndSaveNewPlugin(
           plugin,
           schema === db.connectObj.default_schema || plugin.source === "github"
         );
         req.flash("success", req.__(`Module %s installed`, plugin.name));
+        for (const msg of msgs) req.flash("warning", msg);
         res.redirect(`/plugins`);
       } catch (e) {
         req.flash("error", `${e.message}`);
@@ -1488,12 +1573,23 @@ router.post(
       res.redirect(`/plugins`);
       return;
     }
-    const msgs = await load_plugins.loadAndSaveNewPlugin(
-      plugin,
-      forceReInstall,
-      undefined,
-      req.__
-    );
+
+    let msgs = null;
+    try {
+      msgs = await load_plugins.loadAndSaveNewPlugin(
+        plugin,
+        forceReInstall,
+        undefined,
+        req.__
+      );
+    } catch (e) {
+      req.flash(
+        "error",
+        e.message || req.__("Error installing module %s", plugin.name)
+      );
+      res.redirect(`/plugins`);
+      return;
+    }
     const plugin_module = getState().plugins[name];
     await sleep(1000); // Allow other workers to load this plugin
     await getState().refresh_views();

package/routes/scapi.js

@@ -25,6 +25,7 @@ const {
   stateFieldsToWhere,
   readState,
 } = require("@saltcorn/data/plugin-helper");
+const { getState } = require("@saltcorn/data/db/state");
 
 /**
  * @type {object}
@@ -307,3 +308,21 @@ router.get(
     )(req, res, next);
   })
 );
+
+router.get(
+  "/reload",
+  error_catcher(async (req, res, next) => {
+    await passport.authenticate(
+      "api-bearer",
+      { session: false },
+      async function (err, user, info) {
+        if (accessAllowedRead(req, user)) {
+          await getState().refresh_plugins();
+          res.json({ success: true });
+        } else {
+          res.status(401).json({ error: req.__("Not authorized") });
+        }
+      }
+    )(req, res, next);
+  })
+);

package/routes/search.js

@@ -202,7 +202,12 @@ const runSearch = async ({ q, _page, table }, req, res) => {
   let tablesWithResults = [];
   let tablesConfigured = 0;
   for (const [tableName, viewName] of Object.entries(cfg)) {
-    if (!viewName || viewName === "" || viewName === "search_table_description")
+    if (
+      !viewName ||
+      viewName === "" ||
+      viewName === "search_table_description" ||
+      tableName === "search_table_description"
+    )
       continue;
     tablesConfigured += 1;
     if (table && tableName !== table) continue;

package/routes/sync.js

@@ -337,13 +337,11 @@ router.post(
     const { dir_name } = req.body;
     try {
       const rootFolder = await File.rootFolder();
-      const syncDir = path.join(
-        rootFolder.location,
-        "mobile_app",
-        "sync",
+      const syncDir = File.normalise_in_base(
+        path.join(rootFolder.location, "mobile_app", "sync"),
         dir_name
       );
-      await fs.rm(syncDir, { recursive: true, force: true });
+      if (syncDir) await fs.rm(syncDir, { recursive: true, force: true });
       res.status(200).send("");
     } catch (error) {
       getState().log(2, `POST /sync/clean_sync_dir: '${error.message}'`);

package/routes/tables.js

@@ -192,6 +192,9 @@ const tableForm = async (table, req) => {
                   "if(!this.checked && !confirm('Are you sure? This will delete all history')) {this.checked = true; return false}",
               },
               type: "Bool",
+              help: {
+                topic: "Table history",
+              },
             },
             ...(table.name === "users"
               ? []
@@ -670,7 +673,10 @@ router.get(
  * @param {string} lbl
  * @returns {string}
  */
-const badge = (col, lbl) => `<span class="badge bg-${col}">${lbl}</span>&nbsp;`;
+const badge = (col, lbl, title) =>
+  `<span ${
+    title ? `title="${title}" ` : ""
+  }class="badge bg-${col}">${lbl}</span>&nbsp;`;
 
 /**
  * @param {object} f
@@ -708,7 +714,11 @@ const attribBadges = (f) => {
         ].includes(k)
       )
         return;
-      if (v || v === 0) s += badge("secondary", k);
+      if (Array.isArray(v) && !v.length) return;
+      const title = ["string", "number", "boolean"].includes(typeof v)
+        ? `${v}`
+        : null;
+      if (v || v === 0) s += badge("secondary", k, title);
     });
   }
   return s;
@@ -791,7 +801,7 @@ router.get(
             key: (r) => attribBadges(r),
           },
           { label: req.__("Variable name"), key: (t) => code(t.name) },
-          ...(table.external || db.isSQLite
+          ...(table.external
             ? []
             : [
                 {
@@ -1911,7 +1921,7 @@ router.post(
     const table = Table.findOne({ name });
 
     try {
-      await table.deleteRows({});
+      await table.deleteRows({}, req.user);
       req.flash("success", req.__("Deleted all rows"));
     } catch (e) {
       req.flash("error", e.message);

package/routes/viewedit.js

@@ -766,7 +766,8 @@ router.post(
       )
     );
     let redirectTarget =
-      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+      req.query.on_done_redirect &&
+      is_relative_url("/" + req.query.on_done_redirect)
         ? `/${req.query.on_done_redirect}`
         : "/viewedit";
     res.redirect(redirectTarget);
@@ -791,7 +792,8 @@ router.post(
       req.__("View %s duplicated as %s", view.name, newview.name)
     );
     let redirectTarget =
-      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+      req.query.on_done_redirect &&
+      is_relative_url("/" + req.query.on_done_redirect)
         ? `/${req.query.on_done_redirect}`
         : "/viewedit";
     res.redirect(redirectTarget);
@@ -812,7 +814,8 @@ router.post(
     await View.delete({ id });
     req.flash("success", req.__("View deleted"));
     let redirectTarget =
-      req.query.on_done_redirect && is_relative_url(req.query.on_done_redirect)
+      req.query.on_done_redirect &&
+      is_relative_url("/" + req.query.on_done_redirect)
         ? `/${req.query.on_done_redirect}`
         : "/viewedit";
     res.redirect(redirectTarget);
@@ -910,7 +913,7 @@ router.post(
       req.flash("success", message);
       let redirectTarget =
         req.query.on_done_redirect &&
-        is_relative_url(req.query.on_done_redirect)
+        is_relative_url("/" + req.query.on_done_redirect)
           ? `/${req.query.on_done_redirect}`
           : "/viewedit";
       res.redirect(redirectTarget);

package/serve.js

@@ -4,7 +4,7 @@
  * @category server
  * @module serve
  */
-const runScheduler = require("@saltcorn/data/models/scheduler");
+const { runScheduler } = require("@saltcorn/data/models/scheduler");
 const User = require("@saltcorn/data/models/user");
 const Plugin = require("@saltcorn/data/models/plugin");
 const db = require("@saltcorn/data/db");
@@ -27,7 +27,7 @@ const {
   loadAndSaveNewPlugin,
   loadPlugin,
 } = require("./load_plugins");
-const { getConfig } = require("@saltcorn/data/models/config");
+const { getConfig, setConfig } = require("@saltcorn/data/models/config");
 const { migrate } = require("@saltcorn/data/migrate");
 const socketio = require("socket.io");
 const { createAdapter, setupPrimary } = require("@socket.io/cluster-adapter");
@@ -77,6 +77,17 @@ const ensureJwtSecret = () => {
   }
 };
 
+/**
+ * Ensure the engines cache is up to date with the current sc version
+ */
+const ensureEnginesCache = async () => {
+  const cacheScVersion = await getConfig("engines_cache_sc_version", "");
+  if (!cacheScVersion || cacheScVersion !== getState().scVersion) {
+    await setConfig("engines_cache", {});
+    await setConfig("engines_cache_sc_version", getState().scVersion);
+  }
+};
+
 // helpful https://gist.github.com/jpoehls/2232358
 /**
  * @param {object} opts
@@ -222,7 +233,10 @@ module.exports =
     dev,
     ...appargs
   } = {}) => {
-    ensureJwtSecret();
+    if (cluster.isMaster) {
+      ensureJwtSecret();
+      await ensureEnginesCache();
+    }
     process.on("unhandledRejection", (reason, p) => {
       console.error(reason, "Unhandled Rejection at Promise");
     });

package/tests/api.test.js

@@ -2,6 +2,8 @@ const request = require("supertest");
 const getApp = require("../app");
 const Table = require("@saltcorn/data/models/table");
 const Trigger = require("@saltcorn/data/models/trigger");
+const File = require("@saltcorn/data/models/file");
+const fs = require("fs").promises;
 
 const Field = require("@saltcorn/data/models/field");
 const {
@@ -19,6 +21,19 @@ const User = require("@saltcorn/data/models/user");
 
 beforeAll(async () => {
   await resetToFixtures();
+  await File.ensure_file_store();
+  await File.from_req_files(
+    {
+      mimetype: "image/png",
+      name: "rick1.png",
+      mv: async (fnm) => {
+        await fs.writeFile(fnm, "nevergonnagiveyouup");
+      },
+      size: 245752,
+    },
+    1,
+    80
+  );
 });
 afterAll(db.close);
 
@@ -352,6 +367,20 @@ describe("API authentication", () => {
 
       .expect(succeedJsonWith((rows) => rows.length == 2));
   });
+  it("should not show file to public", async () => {
+    const app = await getApp();
+    await request(app)
+      .get("/api/serve-files/rick1.png")
+      .expect(respondJsonWith(404, (b) => b.error === "Not found"));
+  });
+  it("should show file to user", async () => {
+    const app = await getApp();
+    const u = await User.findOne({ id: 1 });
+    await request(app)
+      .get("/api/serve-files/rick1.png")
+      .set("Authorization", "Bearer " + u.api_token)
+      .expect(200);
+  });
 });
 
 describe("API action", () => {