npm - @saltcorn/server - Versions diffs - 1.1.1-rc.4 → 1.1.2-beta.0 - Mend

@saltcorn/server 1.1.1-rc.4 → 1.1.2-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/routes/files.js CHANGED Viewed

@@ -221,11 +221,11 @@ router.get(
  * @function
  */
 router.get(
-  "/download/*",
+  "/download/*serve_path",
   error_catcher(async (req, res) => {
     const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
-    const serve_path = req.params[0];
+    const serve_path = path.join(...req.params.serve_path);
     const file = await File.findOne(serve_path);
     if (
@@ -234,7 +234,7 @@ router.get(
     ) {
       res.type(file.mimetype);
       if (file.s3_store) s3storage.serveObject(file, res, true);
-      else res.download(file.location, file.filename);
+      else res.download(file.location, file.filename, { dotfiles: "allow" });
     } else {
       res
         .status(404)
@@ -250,8 +250,8 @@ router.post(
   error_catcher(async (req, res) => {
     const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
-    const files = req.body.files;
-    const location = req.body.location;
+    const files = (req.body || {}).files;
+    const location = (req.body || {}).location;
     const zip = new Zip();
     for (const fileNm of files) {
@@ -280,11 +280,11 @@ router.post(
  * @function
  */
 router.get(
-  "/serve/*",
+  "/serve/*serve_path",
   error_catcher(async (req, res) => {
     const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
-    const serve_path = req.params[0];
+    const serve_path = path.join(...req.params.serve_path);
     //let file;
     //if (typeof strictParseInt(id) !== "undefined")
     const file = await File.findOne(serve_path);
@@ -298,7 +298,7 @@ router.get(
       const maxAge = getState().getConfig("files_cache_maxage", 86400);
       res.set("Cache-Control", `${cacheability}, max-age=${maxAge}`);
       if (file.s3_store) s3storage.serveObject(file, res, false);
-      else res.sendFile(file.location);
+      else res.sendFile(file.location, { dotfiles: "allow" });
     } else {
       getState().log(
         5,
@@ -320,12 +320,12 @@ router.get(
  * @function
  */
 router.get(
-  "/resize/:width_str/:height_str/*",
+  "/resize/:width_str/:height_str/*serve_path",
   error_catcher(async (req, res) => {
     const role = req.user && req.user.id ? req.user.role_id : 100;
     const user_id = req.user && req.user.id;
     const { width_str, height_str } = req.params;
-    const serve_path = req.params[0];
+    const serve_path = path.join(...req.params.serve_path);
     const file = await File.findOne(serve_path);
@@ -343,7 +343,7 @@ router.get(
         const height =
           height_str && height_str !== "0" ? strictParseInt(height_str) : null;
         if (!width) {
-          res.sendFile(file.location);
+          res.sendFile(file.location, { dotfiles: "allow" });
           return;
         }
         const basenm = path.join(
@@ -359,7 +359,7 @@ router.get(
             toFileName: fnm,
           });
         }
-        res.sendFile(fnm);
+        res.sendFile(fnm, { dotfiles: "allow" });
       }
     } else {
       res
@@ -376,12 +376,12 @@ router.get(
  * @function
  */
 router.post(
-  "/setrole/*",
+  "/setrole/*serve_path",
   isAdmin,
   error_catcher(async (req, res) => {
-    const serve_path = req.params[0];
+    const serve_path = path.join(...req.params.serve_path);
     const file = await File.findOne(serve_path);
-    const role = req.body.role;
+    const role = (req.body || {}).role;
     const roles = await User.get_roles();
     const roleRow = roles.find((r) => r.id === +role);
@@ -396,12 +396,12 @@ router.post(
 );
 router.post(
-  "/move/*",
+  "/move/*serve_path",
   isAdmin,
   error_catcher(async (req, res) => {
-    const serve_path = req.params[0];
+    const serve_path = path.join(...req.params.serve_path);
     const file = await File.findOne(serve_path);
-    const new_path = req.body.new_path;
+    const new_path = (req.body || {}).new_path;
     if (file) {
       await file.move_to_dir(new_path);
@@ -423,11 +423,11 @@ router.post(
  * @function
  */
 router.post(
-  "/setname/*",
+  "/setname/*serve_path",
   isAdmin,
   error_catcher(async (req, res) => {
-    const serve_path = req.params[0];
-    const filename = req.body.value;
+    const serve_path = path.join(...req.params.serve_path);
+    const filename = (req.body || {}).value;
     const file = await File.findOne(serve_path);
     await file.rename(filename);
@@ -443,11 +443,11 @@ router.post(
  * @function
  */
 router.post(
-  "/unzip/*",
+  "/unzip/*serve_path",
   isAdmin,
   error_catcher(async (req, res) => {
-    const serve_path = req.params[0];
-    const filename = req.body.value;
+    const serve_path = path.join(...req.params.serve_path);
+    const filename = (req.body || {}).value;
     const file = await File.findOne(serve_path);
     const dir = path.dirname(file.location);
@@ -460,7 +460,7 @@ router.post(
   "/new-folder",
   isAdmin,
   error_catcher(async (req, res) => {
-    const { name, folder } = req.body;
+    const { name, folder } = req.body || {};
     await File.new_folder(name, folder);
     res.json({ success: "ok" });
@@ -477,7 +477,7 @@ router.post(
   "/upload",
   setTenant,
   error_catcher(async (req, res) => {
-    let { folder, sortBy, sortDesc } = req.body;
+    let { folder, sortBy, sortDesc } = req.body || {};
     let jsonResp = {};
     const min_role_upload = getState().getConfig("min_role_upload", 1);
     const role = req.user && req.user.id ? req.user.role_id : 100;
@@ -489,7 +489,8 @@ router.post(
       if (!req.xhr) req.flash("warning", req.__("No file found"));
       else jsonResp = { error: "No file found" };
     } else {
-      const min_role_read = req.body ? req.body.min_role_read || 1 : 1;
+      const min_role_read =
+        req.body || {} ? (req.body || {}).min_role_read || 1 : 1;
       const f = await File.from_req_files(
         req.files.file,
         req.user.id,
@@ -533,10 +534,10 @@ router.post(
  * @function
  */
 router.post(
-  "/delete/*",
+  "/delete/*serve_path",
   isAdmin,
   error_catcher(async (req, res) => {
-    const serve_path = req.params[0];
+    const serve_path = path.join(...req.params.serve_path);
     const { redirect } = req.query;
     const f = await File.findOne(serve_path);
     if (!f) {
@@ -625,7 +626,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await storage_form(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_files_page({
         res,
@@ -702,7 +703,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await files_settings_form(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_files_page({
         res,

package/routes/infoarch.js CHANGED Viewed

@@ -252,8 +252,9 @@ router.post(
       return;
     }
     const cfgStrings = getState().getConfigCopy("localizer_strings");
-    if (cfgStrings[lang]) cfgStrings[lang][defstring] = text(req.body.value);
-    else cfgStrings[lang] = { [defstring]: text(req.body.value) };
+    if (cfgStrings[lang])
+      cfgStrings[lang][defstring] = text((req.body || {}).value);
+    else cfgStrings[lang] = { [defstring]: text((req.body || {}).value) };
     await getState().setConfig("localizer_strings", cfgStrings);
     res.redirect(`/site-structure/localizer/edit/${lang}`);
   })
@@ -270,7 +271,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = languageForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors)
       send_infoarch_page({
         res,

package/routes/library.js CHANGED Viewed

@@ -31,7 +31,7 @@ router.post(
   "/savefrombuilder",
   isAdmin,
   error_catcher(async (req, res) => {
-    await Library.create(req.body);
+    await Library.create(req.body || {});
     res.json({ success: "ok" });
   })
 );

package/routes/menu.js CHANGED Viewed

@@ -579,7 +579,7 @@ router.post(
   "/",
   isAdminOrHasConfigMinRole("min_role_edit_menu"),
   error_catcher(async (req, res) => {
-    const new_menu = req.body;
+    const new_menu = req.body || {};
     const menu_items = jQMEtoMenu(new_menu);
     await save_menu_items(menu_items);
     Trigger.emitEvent("AppChange", `Menu`, req.user, {});

package/routes/models.js CHANGED Viewed

@@ -88,7 +88,7 @@ router.post(
     const { table_id } = req.params;
     const table = await Table.findOne({ id: table_id });
     const form = newModelForm(table, req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       res.sendWrap(req.__(`New model`), renderForm(form, req.csrfToken()));
     } else {
@@ -204,7 +204,7 @@ router.post(
       return;
     }
     const workflow = get_model_workflow(model, req);
-    const wfres = await workflow.run(req.body, req);
+    const wfres = await workflow.run(req.body || {}, req);
     respondWorkflow(model, table, workflow, wfres, req, res);
   })
 );
@@ -394,7 +394,7 @@ router.post(
     const model = await Model.findOne({ id });
     const table = Table.findOne({ id: model.table_id });
     const form = model_train_form(model, table, req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       res.sendWrap(req.__(`Train model`), renderForm(form, req.csrfToken()));
     } else {
@@ -435,7 +435,7 @@ router.post(
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const model_instance = await ModelInstance.findOne({ id });
-    await model_instance.make_default(!req.body.enabled);
+    await model_instance.make_default(!(req.body || {}).enabled);
     res.redirect(`/models/show/${model_instance.model_id}`);
   })
 );

package/routes/notifications.js CHANGED Viewed

@@ -170,7 +170,7 @@ router.post(
   error_catcher(async (req, res) => {
     const user = await User.findOne({ id: req.user.id });
     const form = notificationSettingsForm();
-    form.validate(req.body);
+    form.validate(req.body || {});
     const _attributes = { ...user._attributes, ...form.values };
     await user.update({ _attributes });
     res.json({ success: "ok" });
@@ -216,14 +216,17 @@ router.post(
         } else res.json({ error: msg });
       } else {
         Trigger.emitEvent("ReceiveMobileShareData", null, req.user, {
-          row: req.body,
+          row: req.body || {},
         });
         if (!req.smr) {
           req.flash(
             "success",
             req.__(
               "Shared: %s",
-              req.body.title || req.body.text || req.body.url || ""
+              (req.body || {}).title ||
+                (req.body || {}).text ||
+                (req.body || {}).url ||
+                ""
             )
           );
           res.status(303).redirect("/");
@@ -234,7 +237,7 @@ router.post(
 );
 router.get(
-  "/manifest.json:opt_cache_bust?",
+  "/manifest.json{:opt_cache_bust}",
   error_catcher(async (req, res) => {
     const { pretty } = req.query;
     const state = getState();

package/routes/packs.js CHANGED Viewed

@@ -223,7 +223,7 @@ router.post(
       model_instances: [],
       event_logs: [],
     };
-    for (const k of Object.keys(req.body)) {
+    for (const k of Object.keys(req.body || {})) {
       const [type, name, ...rest] = k.split(".");
       switch (type) {
         case "table":
@@ -392,11 +392,11 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     var pack, error;
-    const source = req.body.source || "from_text";
+    const source = (req.body || {}).source || "from_text";
     try {
       switch (source) {
         case "from_text":
-          pack = JSON.parse(req.body.pack);
+          pack = JSON.parse((req.body || {}).pack);
           break;
         case "from_file":
           if (req.files?.pack_file?.tempFilePath)
@@ -424,7 +424,7 @@ router.post(
     }
     if (error) {
       const form = install_pack_form(req);
-      form.values = { pack: req.body.pack };
+      form.values = { pack: (req.body || {}).pack };
       req.flash("error", error);
       res.sendWrap(req.__(`Install Pack`), {
         above: [

package/routes/page_group.js CHANGED Viewed

@@ -234,7 +234,7 @@ router.post(
       if (cfg[v]) return req.__("Device already exists");
     };
     const form = deviceForm(req, validator);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_infoarch_page({
         res,
@@ -316,7 +316,7 @@ router.post(
     const form = deviceForm(req, validator, device);
     const deviceCfg = cfg[device];
     form.values = { device, ...deviceCfg };
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_infoarch_page({
         res,
@@ -351,7 +351,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = pageGroupSettingsForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_infoarch_page({
         res,

package/routes/page_groupedit.js CHANGED Viewed

@@ -392,9 +392,9 @@ router.post(
   "/edit-properties",
   isAdmin,
   error_catcher(async (req, res) => {
-    const form = await groupPropsForm(req, !req.body.id);
+    const form = await groupPropsForm(req, !(req.body || {}).id);
     form.hidden("id");
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       if (!req.xhr) {
         // from new
@@ -457,7 +457,7 @@ router.post(
       res.redirect(`/page_groupedit/${page_groupname}`);
     }
     const form = await addMemberForm(group, req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       res.sendWrap(
         req.__(`%s add-member`, group.name),
@@ -554,7 +554,7 @@ router.post(
     const group = PageGroup.findOne({ id: member.page_group_id });
     const form = await editMemberForm(member, req);
     form.hidden("id");
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       res.sendWrap(
         req.__(`%s edit-member`, member.name || member.id),
@@ -678,7 +678,7 @@ router.post(
       req.flash(
         "success",
         req.__(
-          "Page %s added to menu. Adjust access permissions in <a href=\"/menu\">Settings &raquo; Menu</a>",
+          'Page %s added to menu. Adjust access permissions in <a href="/menu">Settings &raquo; Menu</a>',
           group.name
         )
       );

package/routes/pageedit.js CHANGED Viewed

@@ -477,9 +477,9 @@ router.post(
   "/edit-properties",
   isAdminOrHasConfigMinRole("min_role_edit_pages"),
   error_catcher(async (req, res) => {
-    const form = await pagePropertiesForm(req, !req.body.id);
+    const form = await pagePropertiesForm(req, !(req.body || {}).id);
     form.hidden("id");
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       res.sendWrap(
         req.__(`Page attributes`),
@@ -688,9 +688,9 @@ router.post(
     if (!page) {
       req.flash("error", req.__(`Page %s not found`, pagename));
       res.redirect(redirectTarget);
-    } else if (req.body.layout) {
+    } else if ((req.body || {}).layout) {
       await Page.update(page.id, {
-        layout: decodeURIComponent(req.body.layout),
+        layout: decodeURIComponent((req.body || {}).layout),
       });
       Trigger.emitEvent("AppChange", `Page ${page.name}`, req.user, {
         entity_type: "Page",
@@ -698,12 +698,12 @@ router.post(
       });
       req.flash("success", req.__(`Page %s saved`, pagename));
       res.redirect(redirectTarget);
-    } else if (req.body.code) {
+    } else if ((req.body || {}).code) {
       try {
         if (!page.html_file) throw new Error(req.__("File not found"));
         const file = await File.findOne(page.html_file);
         if (!file) throw new Error(req.__("File not found"));
-        await fsp.writeFile(file.location, req.body.code);
+        await fsp.writeFile(file.location, (req.body || {}).code);
         Trigger.emitEvent("AppChange", `Page ${page.name}`, req.user, {
           entity_type: "Page",
           entity_name: page.name,
@@ -722,7 +722,7 @@ router.post(
         else res.json({ error: error.message });
       }
     } else {
-      getState().log(2, `POST /edit/${pagename}: '${req.body}'`);
+      getState().log(2, `POST /edit/${pagename}: '${req.body || {}}'`);
       req.flash("error", req.__(`Error processing page`));
       res.redirect(redirectTarget);
     }
@@ -742,8 +742,8 @@ router.post(
   error_catcher(async (req, res) => {
     const { id } = req.params;
-    if (id && req.body.layout) {
-      await Page.update(+id, { layout: req.body.layout });
+    if (id && (req.body || {}).layout) {
+      await Page.update(+id, { layout: (req.body || {}).layout });
       const page = await Page.findOne({ id });
       Trigger.emitEvent("AppChange", `Page ${page.name}`, req.user, {
         entity_type: "Page",
@@ -794,7 +794,7 @@ router.post(
     const pageGroups = await PageGroup.find({}, { orderBy: "name" });
     const roles = await User.get_roles();
     const form = getRootPageForm(pages, pageGroups, roles, req);
-    const valres = form.validate(req.body);
+    const valres = form.validate(req.body || {});
     if (valres.success) {
       const home_page_by_role =
         getState().getConfigCopy("home_page_by_role", {}) || {};

package/routes/plugins.js CHANGED Viewed

@@ -839,7 +839,7 @@ router.post(
     flow.action = `/plugins/configure/${encodeURIComponent(plugin.name)}`;
     flow.autoSave = true;
     flow.saveURL = `/plugins/saveconfig/${encodeURIComponent(plugin.name)}`;
-    const wfres = await flow.run(req.body);
+    const wfres = await flow.run(req.body || {});
     if (wfres.renderForm) {
       if (module.layout) {
         wfres.renderForm.additionalButtons = [
@@ -893,7 +893,7 @@ router.post(
       module = getState().plugins[getState().plugin_module_names[plugin.name]];
     }
     const flow = module.configuration_workflow();
-    const step = await flow.singleStepForm(req.body, req);
+    const step = await flow.singleStepForm(req.body || {}, req);
     if (step?.renderForm) {
       if (step.renderForm.hasErrors || step.savingErrors)
         res.status(400).send(step.savingErrors || "Error");
@@ -1003,7 +1003,7 @@ router.post(
       ...(plugin.configuration || {}),
       ...(user._attributes?.layout?.config || {}),
     });
-    const valResult = form.validate(req.body);
+    const valResult = form.validate(req.body || {});
     if (form.hasErrors) {
       req.flash("warning", req.__("An error occurred"));
       return res.sendWrap(
@@ -1056,7 +1056,7 @@ router.post(
       ...(plugin.configuration || {}),
       ...(user._attributes?.layout?.config || {}),
     });
-    const valResult = form.validate(req.body);
+    const valResult = form.validate(req.body || {});
     if (form.hasErrors) {
       return res.status(400).json({ error: req.__("An error occured") });
     }
@@ -1154,10 +1154,10 @@ router.get(
  * @function
  */
 router.get(
-  "/public/:plugin/*",
+  "/public/:plugin/*filepath",
   error_catcher(async (req, res) => {
     const { plugin } = req.params;
-    const filepath = req.params[0];
+    const filepath = path.join(...req.params.filepath);
     const hasVersion = plugin.includes("@");
     const location =
       getState().plugin_locations[hasVersion ? plugin.split("@")[0] : plugin];
@@ -1167,7 +1167,10 @@ router.get(
         .replace(/^(\.\.(\/|\\|$))+/, "");
       const fullpath = path.join(location, "public", safeFile);
       if (fs.existsSync(fullpath))
-        res.sendFile(fullpath, { maxAge: hasVersion ? "100d" : "1d" });
+        res.sendFile(fullpath, {
+          maxAge: hasVersion ? "100d" : "1d",
+          dotfiles: "allow",
+        });
       else {
         getState().log(6, `Plugin serve public: file not found ${fullpath}`);
         res.status(404).send(req.__("Not found"));
@@ -1428,7 +1431,7 @@ router.post(
   "/",
   isAdmin,
   error_catcher(async (req, res) => {
-    const plugin = new Plugin(req.body);
+    const plugin = new Plugin(req.body || {});
     const schema = db.getTenantSchema();
     const tenants_install_git = getRootState().getConfig(
       "tenants_install_git",
@@ -1505,7 +1508,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const { name } = req.params;
-    const { version } = req.body;
+    const { version } = req.body || {};
     const tenants_unsafe_plugins = getRootState().getConfig(
       "tenants_unsafe_plugins",
       false

package/routes/registry.js CHANGED Viewed

@@ -340,7 +340,7 @@ router.post(
     const { etype, ename, q } = req.query;
     const qlink = q ? `&q=${encodeURIComponent(q)}` : "";
-    const entVal = JSON.parse(req.body.regval);
+    const entVal = JSON.parse((req.body || {}).regval);
     let pack = {
       plugins: [],
       tables: [],

package/routes/search.js CHANGED Viewed

@@ -136,7 +136,7 @@ router.post(
     const views = await View.find({}, { orderBy: "name" });
     const tables = await Table.find();
     const form = searchConfigForm(tables, views, req);
-    const result = form.validate(req.body);
+    const result = form.validate(req.body || {});
     if (result.success) {
       const dbversion = await db.getVersion(true);

package/routes/sync.js CHANGED Viewed

@@ -118,7 +118,7 @@ router.post(
   "/load_changes",
   error_catcher(async (req, res) => {
     const result = {};
-    const { syncInfos, loadUntil } = req.body;
+    const { syncInfos, loadUntil } = req.body || {};
     if (!loadUntil) {
       getState().log(2, `POST /load_changes: loadUntil is missing`);
       return res.status(400).json({ error: "loadUntil is missing" });
@@ -202,7 +202,7 @@ const getDelRows = async (tblName, syncFrom, syncUntil, client) => {
 router.post(
   "/deletes",
   error_catcher(async (req, res) => {
-    const { syncInfos, syncTimestamp } = req.body;
+    const { syncInfos, syncTimestamp } = req.body || {};
     const client = await db.getClient();
     try {
       await client.query(`BEGIN`);
@@ -238,7 +238,7 @@ router.post(
 router.post(
   "/offline_changes",
   error_catcher(async (req, res) => {
-    const { changes, syncTimestamp } = req.body;
+    const { changes, syncTimestamp } = req.body || {};
     const rootFolder = await File.rootFolder();
     try {
       const syncDirName = `${syncTimestamp}_${req.user?.email || "public"}`;
@@ -334,7 +334,7 @@ router.get(
 router.post(
   "/clean_sync_dir",
   error_catcher(async (req, res) => {
-    const { dir_name } = req.body;
+    const { dir_name } = req.body || {};
     try {
       const rootFolder = await File.rootFolder();
       const syncDir = File.normalise_in_base(