npm - @saltcorn/server - Versions diffs - 1.1.1 → 1.1.2-beta.1 - Mend

@saltcorn/server 1.1.1 → 1.1.2-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,10 @@
 # Notable changes
-## 1.1.1 - In beta
+## 1.1.2 - In beta
+* Upgrade a large number of dependencies (express, typescript, oclif, pg, webpack, typescript). Node.js 18+ is require for this release.
+## 1.1.1 - Released 2 February 2025
 * Full-text search improvements:
     - An index for full-text search can now be created. When creating an index in

package/app.js CHANGED Viewed

@@ -32,7 +32,7 @@ const { getAllTenants } = require("@saltcorn/admin-models/models/tenant");
 const path = require("path");
 const helmet = require("helmet");
 const wrapper = require("./wrapper");
-const csrf = require("csurf");
+const csrf = require("@dr.pogodin/csurf");
 const { I18n } = require("i18n");
 const { h1 } = require("@saltcorn/markup/tags");
 const is = require("contractis/is");
@@ -139,9 +139,14 @@ const getApp = async (opts = {}) => {
         connectSrc: ["'self'", "data:"],
         scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
         "script-src-attr": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
-        styleSrc: ["'self'", "https://fonts.googleapis.com", "https://fonts.gstatic.com", "'unsafe-inline'"],
+        styleSrc: [
+          "'self'",
+          "https://fonts.googleapis.com",
+          "https://fonts.gstatic.com",
+          "'unsafe-inline'",
+        ],
         imgSrc: ["'self'", "data:"],
-        fontSrc: ["'self'", "data:", "https://fonts.gstatic.com",],
+        fontSrc: ["'self'", "data:", "https://fonts.gstatic.com"],
         "form-action": ["'self'", "javascript:"],
       },
     },
@@ -260,7 +265,7 @@ const getApp = async (opts = {}) => {
     new CustomStrategy((req, done) => {
       loginAttempt();
       async function loginAttempt() {
-        const { remember, _csrf, dest, ...userobj } = req.body;
+        const { remember, _csrf, dest, ...userobj } = req.body || {};
         if (!is.objVals(is.str).check(userobj))
           return done(
             null,
@@ -455,7 +460,7 @@ Sitemap: ${base}sitemap.xml
   // file store ensure
   await File.ensure_file_store();
   // 404 handling
-  app.get("*", function (req, res) {
+  app.get("*any", function (req, res) {
     res.status(404).sendWrap(req.__("Not found"), h1(req.__("Page not found")));
   });

package/auth/admin.js CHANGED Viewed

@@ -465,7 +465,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await auth_settings_form(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_users_page({
         res,
@@ -523,7 +523,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await http_settings_form(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_users_page({
         res,
@@ -594,7 +594,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await permissions_settings_form(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_users_page({
         res,
@@ -794,7 +794,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await ssl_form(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_users_page({
         res,
@@ -998,15 +998,15 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     let form, sub2;
-    if (req.body.id) {
-      const user = await User.findOne({ id: req.body.id });
+    if ((req.body || {}).id) {
+      const user = await User.findOne({ id: (req.body || {}).id });
       form = await userForm(req, user);
       sub2 = user.email;
     } else {
       form = await userForm(req);
       sub2 = "New";
     }
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_users_page({
         res,

package/auth/roleadmin.js CHANGED Viewed

@@ -227,7 +227,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await roleForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_users_page({
         res,
@@ -265,7 +265,7 @@ router.post(
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const layout_by_role = getState().getConfigCopy("layout_by_role");
-    layout_by_role[+id] = req.body.layout;
+    layout_by_role[+id] = (req.body || {}).layout;
     await getState().setConfig("layout_by_role", layout_by_role);
     req.flash("success", req.__(`Saved layout for role`));
@@ -286,7 +286,7 @@ router.post(
     const twofa_policy_by_role = getState().getConfigCopy(
       "twofa_policy_by_role"
     );
-    twofa_policy_by_role[+id] = req.body.policy;
+    twofa_policy_by_role[+id] = (req.body || {}).policy;
     await getState().setConfig("twofa_policy_by_role", twofa_policy_by_role);
     req.flash("success", req.__(`Saved 2FA policy for role`));

package/auth/routes.js CHANGED Viewed

@@ -432,9 +432,9 @@ router.post(
   "/reset",
   error_catcher(async (req, res) => {
     const result = await User.resetPasswordWithToken({
-      email: req.body.email,
-      reset_password_token: req.body.token,
-      password: req.body.password,
+      email: (req.body || {}).email,
+      reset_password_token: (req.body || {}).token,
+      password: (req.body || {}).password,
     });
     if (result.success) {
       req.flash(
@@ -457,7 +457,7 @@ router.post(
   "/forgot",
   error_catcher(async (req, res) => {
     if (getState().getConfig("allow_forgot")) {
-      const { email } = req.body;
+      const { email } = req.body || {};
       const u = await User.findOne({ email });
       const respond = () => {
         req.flash("success", req.__("Email with password reset link sent"));
@@ -614,7 +614,7 @@ router.post(
     const hasUsers = await User.nonEmpty();
     if (!hasUsers) {
       const form = loginForm(req, true);
-      form.validate(req.body);
+      form.validate(req.body || {});
       if (form.hasErrors) {
         form.action = "/auth/create_first_user";
@@ -784,7 +784,7 @@ router.post(
     const form = await getNewUserForm(new_user_form, req, !req.user.email);
     form.action = "/auth/signup_final_ext";
-    await form.asyncValidate(req.body);
+    await form.asyncValidate(req.body || {});
     if (form.hasErrors) {
       res.sendAuthWrap(new_user_form, form, getAuthLinks("signup", true));
       return;
@@ -846,7 +846,7 @@ router.post(
           });
         }
       }
-      await form.asyncValidate(req.body);
+      await form.asyncValidate(req.body || {});
       if (form.hasErrors) {
         res.sendAuthWrap(new_user_form, form, getAuthLinks("signup", true));
       } else if (form.values.email && !check_email_mask(form.values.email)) {
@@ -961,7 +961,7 @@ router.post(
           req,
           false
         );
-        await signup_form.asyncValidate(req.body);
+        await signup_form.asyncValidate(req.body || {});
         if (signup_form.hasErrors) {
           signup_form.action = "/auth/signup";
           res.sendAuthWrap(
@@ -1010,7 +1010,7 @@ router.post(
     }
     const form = await default_signup_form(req);
-    await form.asyncValidate(req.body);
+    await form.asyncValidate(req.body || {});
     if (form.hasErrors) {
       form.action = "/auth/signup";
@@ -1049,9 +1049,9 @@ router.post(
  */
 function handler(req, res) {
   console.log(
-    `Failed login attempt for: ${req.body.email} from ${req.ip} UA ${req.get(
-      "User-Agent"
-    )}`
+    `Failed login attempt for: ${(req.body || {}).email} from ${
+      req.ip
+    } UA ${req.get("User-Agent")}`
   );
   req.flash(
     "error",
@@ -1084,7 +1084,7 @@ const userLimiter = rateLimit({
   // TBD create config parameter
   windowMs: 5 * 60 * 1000, // 5 minutes
   max: 3, // limit each IP to 100 requests per windowMs
-  keyGenerator: (req) => userIdKey(req.body),
+  keyGenerator: (req) => userIdKey(req.body || {}),
   handler,
 });
@@ -1111,14 +1111,14 @@ router.post(
   }),
   error_catcher(async (req, res) => {
     ipLimiter.resetKey(req.ip);
-    userLimiter.resetKey(userIdKey(req.body));
+    userLimiter.resetKey(userIdKey(req.body || {}));
     if (req.user.pending_user) {
       res.redirect("/auth/twofa/login/totp");
       return;
     }
     let maxAge = null;
     if (req.session.cookie)
-      if (req.body.remember) {
+      if ((req.body || {}).remember) {
         const setDur = +getState().getConfig("cookie_duration_remember", 720);
         if (setDur) {
           maxAge = setDur * 60 * 60 * 1000;
@@ -1147,10 +1147,10 @@ router.post(
     if (getState().get2FApolicy(req.user) === "Mandatory") {
       res.redirect("/auth/twofa/setup/totp");
     } else if (
-      req.body.dest &&
-      is_relative_url(decodeURIComponent(req.body.dest))
+      (req.body || {}).dest &&
+      is_relative_url(decodeURIComponent((req.body || {}).dest))
     ) {
-      res.redirect(decodeURIComponent(req.body.dest));
+      res.redirect(decodeURIComponent((req.body || {}).dest));
     } else res.redirect("/");
   })
 );
@@ -1566,9 +1566,9 @@ router.post(
   loggedIn,
   error_catcher(async (req, res) => {
     const u = await User.findForSession({ id: req.user.id });
-    const newlang = available_languages[req.body.locale];
+    const newlang = available_languages[(req.body || {}).locale];
     if (newlang && u) {
-      await u.set_language(req.body.locale);
+      await u.set_language((req.body || {}).locale);
       req.login(u.session_object, function (err) {
         if (!err) {
           req.flash("success", req.__("Language changed to %s", newlang));
@@ -1656,7 +1656,7 @@ router.post(
   "/set-email",
   error_catcher(async (req, res) => {
     const form = setEmailForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors || !req.user || !req.user.id) {
       res.sendWrap(req.__("Set Email"), renderForm(form, req.csrfToken()));
       return;
@@ -1706,7 +1706,7 @@ router.post(
       );
       return;
     }
-    if (req.body.new_password && user.password) {
+    if ((req.body || {}).new_password && user.password) {
       const pwform = changPwForm(req);
       pwform.fields[0].validator = (oldpw) => {
@@ -1715,7 +1715,7 @@ router.post(
         else return req.__("Password does not match");
       };
-      pwform.validate(req.body);
+      pwform.validate(req.body || {});
       if (pwform.hasErrors) {
         res.sendWrap(
@@ -1738,7 +1738,7 @@ router.post(
             json() {},
             redirect() {},
           };
-          await view.runPost({ id: user.id }, req.body, {
+          await view.runPost({ id: user.id }, req.body || {}, {
             req,
             res: fakeRes,
             redirect: "/auth/settings",
@@ -1773,7 +1773,7 @@ router.all(
       return;
     }
     verifier.action = "/auth/verification-flow";
-    const wfres = await verifier.run(req.body || {}, req);
+    const wfres = await verifier.run(req.body || {} || {}, req);
     if (wfres.flash) req.flash(wfres.flash[0], wfres.flash[1]);
     if (wfres.renderForm) {
       res.sendWrap(
@@ -1860,7 +1860,7 @@ router.post(
     }
     const form = totpForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       req.flash("danger", req.__("Error processing form"));
       console.log("Error processing form");
@@ -1918,7 +1918,7 @@ router.post(
   error_catcher(async (req, res) => {
     const user = await User.findOne({ id: req.user.id });
     const form = totpForm(req, "/auth/twofa/disable/totp");
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       req.flash("danger", req.__("Error processing form"));
       res.redirect("/auth/twofa/disable/totp");

package/package.json CHANGED Viewed

@@ -1,72 +1,72 @@
 {
   "name": "@saltcorn/server",
-  "version": "1.1.1",
+  "version": "1.1.2-beta.1",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@aws-sdk/client-s3": "^3.451.0",
-    "@saltcorn/base-plugin": "1.1.1",
-    "@saltcorn/builder": "1.1.1",
-    "@saltcorn/data": "1.1.1",
-    "@saltcorn/admin-models": "1.1.1",
-    "@saltcorn/filemanager": "1.1.1",
-    "@saltcorn/markup": "1.1.1",
-    "@saltcorn/plugins-loader": "1.1.1",
-    "@saltcorn/sbadmin2": "1.1.1",
+    "@aws-sdk/client-s3": "^3.735.0",
+    "@dr.pogodin/csurf": "^1.14.1",
+    "@saltcorn/base-plugin": "1.1.2-beta.1",
+    "@saltcorn/builder": "1.1.2-beta.1",
+    "@saltcorn/data": "1.1.2-beta.1",
+    "@saltcorn/admin-models": "1.1.2-beta.1",
+    "@saltcorn/filemanager": "1.1.2-beta.1",
+    "@saltcorn/markup": "1.1.2-beta.1",
+    "@saltcorn/plugins-loader": "1.1.2-beta.1",
+    "@saltcorn/sbadmin2": "1.1.2-beta.1",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
-    "adm-zip": "0.5.10",
+    "adm-zip": "0.5.16",
     "connect-flash": "^0.1.1",
-    "connect-pg-simple": "^6.1.0",
-    "content-disposition": "^0.5.3",
+    "connect-pg-simple": "^9.0.1",
+    "content-disposition": "^0.5.4",
     "contractis": "^0.1.0",
-    "cookie-parser": "^1.4.4",
-    "cookie-session": "^1.4.0",
+    "cookie-parser": "^1.4.7",
+    "cookie-session": "^2.1.0",
     "cors": "2.8.5",
-    "csurf": "^1.11.0",
-    "csv-stringify": "^5.5.0",
-    "dockerode": "~4.0.2",
-    "express": "^4.17.1",
-    "express-fileupload": "^1.1.8",
+    "csv-stringify": "^6.5.2",
+    "dockerode": "~4.0.4",
+    "express": "^5.0.1",
+    "express-fileupload": "^1.5.1",
     "express-promise-router": "^3.0.3",
-    "express-rate-limit": "^5.1.3",
-    "express-session": "^1.17.1",
+    "express-rate-limit": "^7.5.0",
+    "express-session": "^1.18.1",
     "greenlock": "^4.0.4",
     "greenlock-express": "^4.0.3",
-    "helmet": "^7.1.0",
+    "helmet": "^8.0.0",
     "i18n": "^0.15.1",
-    "imapflow": "1.0.123",
-    "jsonwebtoken": "^9.0.0",
-    "markdown-it": "^13.0.2",
-    "moment": "^2.29.4",
+    "imapflow": "1.0.178",
+    "jsonwebtoken": "^9.0.2",
+    "markdown-it": "^14.1.0",
+    "moment": "^2.30.1",
     "multer": "1.4.5-lts.1",
     "multer-s3": "^3.0.1",
     "node-fetch": "2.6.9",
-    "node-watch": "^0.7.2",
+    "node-watch": "^0.7.4",
     "notp": "2.0.3",
     "npm-registry-fetch": "17.1.0",
-    "passport": "^0.6.0",
+    "passport": "^0.7.0",
     "passport-custom": "^1.1.1",
     "passport-http-bearer": "^1.0.1",
     "passport-jwt": "4.0.1",
     "passport-totp": "0.0.2",
-    "pg": "^8.2.1",
+    "pg": "^8.13.1",
     "pluralize": "^8.0.0",
     "qrcode": "1.5.1",
     "resize-with-sharp-or-jimp": "0.1.8",
-    "semver": "^7.6.0",
-    "socket.io": "4.6.0",
-    "systeminformation": "^5.21.7",
+    "semver": "^7.6.3",
+    "socket.io": "4.8.1",
+    "systeminformation": "^5.25.11",
     "thirty-two": "1.0.2",
-    "tmp-promise": "^3.0.2",
-    "ua-parser-js": "^1.0.37",
-    "underscore": "1.13.6",
-    "uuid": "^10.0.0"
+    "tmp-promise": "^3.0.3",
+    "ua-parser-js": "^2.0.0",
+    "underscore": "1.13.7",
+    "uuid": "^11.0.5"
   },
   "optionalDependencies": {
-    "connect-sqlite3": "^0.9.11",
+    "connect-sqlite3": "^0.9.15",
     "sd-notify": "^2.8.0"
   },
   "repository": "github:saltcorn/saltcorn",

package/public/saltcorn-common.js CHANGED Viewed

@@ -1120,7 +1120,11 @@ function initialize_page() {
       decodeURIComponent($(that).attr("data-explainers"))
     );
     var currentVal = explainers[$(that).val()];
-    $("#" + id).html(`<strong>${$(that).val()}</strong>: ${currentVal}`);
+    $("#" + id).html(
+      `<strong>${
+        $(that).find("option:selected").text() || $(that).val()
+      }</strong>: ${currentVal}`
+    );
     if (currentVal) $("#" + id).show();
     else $("#" + id).hide();
   }

package/routes/actions.js CHANGED Viewed

@@ -424,7 +424,7 @@ router.post(
   error_catcher(async (req, res) => {
     const form = await triggerForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_events_page({
         res,
@@ -471,7 +471,7 @@ router.post(
     const form = await triggerForm(req, trigger);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_events_page({
         res,
@@ -1097,7 +1097,7 @@ router.post(
         fields: cfgFields,
       });
     }
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       if (req.xhr) {
         res.status(400).json({ error: form.errorSummary });
@@ -1304,7 +1304,7 @@ router.post(
  * @function
  */
 router.get(
-  "/stepedit/:trigger_id/:step_id?",
+  "/stepedit/:trigger_id{/:step_id}",
   isAdminOrHasConfigMinRole("min_role_edit_triggers"),
   error_catcher(async (req, res) => {
     const { trigger_id, step_id } = req.params;
@@ -1352,7 +1352,7 @@ router.post(
     const { trigger_id } = req.params;
     const trigger = await Trigger.findOne({ id: trigger_id });
     const form = await getWorkflowStepForm(trigger, req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       if (req.xhr) {
         res.json({ error: form.errorSummary });
@@ -1451,7 +1451,7 @@ router.post(
     const { trigger_id } = req.params;
     const trigger = await Trigger.findOne({ id: trigger_id });
     await WorkflowStep.deleteForTrigger(trigger.id);
-    const description = req.body.description;
+    const description = (req.body || {}).description;
     await Trigger.update(trigger.id, { description });
     const steps = await getState().functions.copilot_generate_workflow.run(
       description,
@@ -1774,7 +1774,7 @@ router.post(
     });
     const form = await getWorkflowStepUserForm(run, trigger, step, req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       const title = "Fill form";
       res.sendWrap(title, renderForm(form, req.csrfToken()));

package/routes/admin.js CHANGED Viewed

@@ -757,7 +757,9 @@ router.get(
       return;
     }
     const auto_backup_directory = getState().getConfig("auto_backup_directory");
-    res.download(path.join(auto_backup_directory, filename), filename);
+    res.download(path.join(auto_backup_directory, filename), filename, {
+      dotfiles: "allow",
+    });
   })
 );
@@ -982,7 +984,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await snapshotForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     await save_config_from_form(form);
@@ -1000,7 +1002,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await backupFilePrefixForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_admin_page({
         res,
@@ -1029,7 +1031,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = await autoBackupForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     if (form.hasErrors) {
       send_admin_page({
         res,
@@ -1072,7 +1074,7 @@ router.post(
  * Do Snapshot now
  */
 router.post(
-  "/snapshot-now/:snapshotname?",
+  "/snapshot-now{/:snapshotname}",
   isAdmin,
   error_catcher(async (req, res) => {
     const { snapshotname } = req.params;
@@ -1629,7 +1631,7 @@ const doInstall = async (req, res, version, deepClean, runPull) => {
 };
 router.post("/install", isAdmin, async (req, res) => {
-  const { version, deep_clean } = req.body;
+  const { version, deep_clean } = req.body || {};
   await doInstall(req, res, version, deep_clean === "on", false);
 });
@@ -3349,7 +3351,7 @@ router.post(
   "/build-mobile-app/finish",
   isAdmin,
   error_catcher(async (req, res) => {
-    const { out_dir_name, build_dir } = req.body;
+    const { out_dir_name, build_dir } = req.body || {};
     const content = await fs.promises.readFile(
       path.join(build_dir, "spawnParams.json")
     );
@@ -3435,7 +3437,10 @@ router.post(
   "/build-mobile-app",
   isAdmin,
   error_catcher(async (req, res) => {
-    getState().log(2, `starting mobile build: ${JSON.stringify(req.body)}`);
+    getState().log(
+      2,
+      `starting mobile build: ${JSON.stringify(req.body || {})}`
+    );
     const msgs = [];
     let mode = "full";
     let {
@@ -3460,7 +3465,7 @@ router.post(
       keystoreFile,
       keystoreAlias,
       keystorePassword,
-    } = req.body;
+    } = req.body || {};
     const receiveShareTriggers = Trigger.find({
       when_trigger: "ReceiveMobileShareData",
     });
@@ -3725,7 +3730,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     try {
-      const newCfg = { ...req.body };
+      const newCfg = { ...(req.body || {}) };
       const excludedPlugins = (await Plugin.find())
         .filter(
           (plugin) =>
@@ -3753,7 +3758,7 @@ router.post(
   isAdmin,
   error_catcher(async (req, res) => {
     const form = clearAllForm(req);
-    form.validate(req.body);
+    form.validate(req.body || {});
     //order: page_groups, pages, views, user fields, tableconstraints, fields, table triggers, table history, tables, plugins, config+crashes+nontable triggers, users
     if (form.values.page_groups) {
       await PageGroup.delete({});
@@ -4147,7 +4152,7 @@ router.post(
     const { name } = req.params;
     const code_pages = getState().getConfigCopy("function_code_pages", {});
-    const code = req.body.code;
+    const code = (req.body || {}).code;
     await getState().setConfig("function_code_pages", {
       ...code_pages,
       [name]: code,