@saltcorn/server 1.1.2-beta.0 → 1.1.2-beta.10

package/CHANGELOG.md

@@ -2,7 +2,18 @@
 
 ## 1.1.2 - In beta
 
-* Upgrade a large number of dependencies (express, typescript, oclif, pg, webpack, typescript). Node.js 18+ is require for this release. 
+* Builder:
+    - Container background image by file field in Show views
+    - Container opacity setting
+    - Set custom class on links and actions
+    - Fix error toast when saving on Firefox
+    - Set action to be submit action - action run on enter keypress.
+
+* Restore large backups: stream JSON files to database, use system unzip
+
+* Handle multiple fields with same name in Edit.
+
+* Upgrade a large number of dependencies (express, typescript, oclif, pg, webpack, typescript, axios, mjml, svelte). Node.js 18+ is require for this release. 
 
 ## 1.1.1 - Released 2 February 2025
 

package/app.js

@@ -32,7 +32,7 @@ const { getAllTenants } = require("@saltcorn/admin-models/models/tenant");
 const path = require("path");
 const helmet = require("helmet");
 const wrapper = require("./wrapper");
-const csrf = require("csurf");
+const csrf = require("@dr.pogodin/csurf");
 const { I18n } = require("i18n");
 const { h1 } = require("@saltcorn/markup/tags");
 const is = require("contractis/is");
@@ -131,6 +131,7 @@ const getApp = async (opts = {}) => {
     "cross_domain_iframe",
     false
   );
+  app.set("query parser", "extended");
 
   const helmetOptions = {
     contentSecurityPolicy: {
@@ -160,7 +161,7 @@ const getApp = async (opts = {}) => {
     helmetOptions.contentSecurityPolicy = false;
 
   if (cross_domain_iframe) helmetOptions.xFrameOptions = false;
-  // app.use(helmet(helmetOptions));
+  app.use(helmet(helmetOptions));
 
   // TODO ch find a better solution
   if (getState().getConfig("cors_enabled", true)) app.use(cors());

package/locales/en.json

@@ -1552,5 +1552,6 @@
 	"Show results from each table in this type of element": "Show results from each table in this type of element",
 	"Search syntax help": "Search syntax help",
 	"Search syntax": "Search syntax",
-	"Maximum role": "Maximum role"
+	"Maximum role": "Maximum role",
+	"Module dependencies": "Module dependencies"
 }

package/package.json

@@ -1,20 +1,21 @@
 {
   "name": "@saltcorn/server",
-  "version": "1.1.2-beta.0",
+  "version": "1.1.2-beta.10",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.735.0",
-    "@saltcorn/base-plugin": "1.1.2-beta.0",
-    "@saltcorn/builder": "1.1.2-beta.0",
-    "@saltcorn/data": "1.1.2-beta.0",
-    "@saltcorn/admin-models": "1.1.2-beta.0",
-    "@saltcorn/filemanager": "1.1.2-beta.0",
-    "@saltcorn/markup": "1.1.2-beta.0",
-    "@saltcorn/plugins-loader": "1.1.2-beta.0",
-    "@saltcorn/sbadmin2": "1.1.2-beta.0",
+    "@dr.pogodin/csurf": "^1.14.1",
+    "@saltcorn/base-plugin": "1.1.2-beta.10",
+    "@saltcorn/builder": "1.1.2-beta.10",
+    "@saltcorn/data": "1.1.2-beta.10",
+    "@saltcorn/admin-models": "1.1.2-beta.10",
+    "@saltcorn/filemanager": "1.1.2-beta.10",
+    "@saltcorn/markup": "1.1.2-beta.10",
+    "@saltcorn/plugins-loader": "1.1.2-beta.10",
+    "@saltcorn/sbadmin2": "1.1.2-beta.10",
     "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
     "adm-zip": "0.5.16",
@@ -25,7 +26,6 @@
     "cookie-parser": "^1.4.7",
     "cookie-session": "^2.1.0",
     "cors": "2.8.5",
-    "csurf": "^1.11.0",
     "csv-stringify": "^6.5.2",
     "dockerode": "~4.0.4",
     "express": "^5.0.1",
@@ -77,11 +77,12 @@
   },
   "scripts": {
     "dev": "nodemon index.js",
-    "test": "jest --runInBand",
+    "test": "node --experimental-vm-modules ../../node_modules/jest/bin/jest.js ./tests --runInBand",
     "tsc": "echo \"Error: no TypeScript support yet\"",
     "clean": "echo \"Error: no TypeScript support yet\""
   },
   "jest": {
+    "transform": {},
     "testEnvironment": "node",
     "testPathIgnorePatterns": [
       "/node_modules/",

package/public/saltcorn-common.js

@@ -103,15 +103,26 @@ function rep_del(e) {
   var myrep = $(e).closest(".form-repeat");
   var ix = myrep.index();
   var parent = myrep.parent();
-  myrep.remove();
   parent.children().each(function (childix, element) {
     if (childix > ix) {
       reindex(element, childix, childix - 1);
     }
   });
+  myrep.remove();
 }
 
 function reindex(element, oldix, newix) {
+  $(element)
+    .find("input,textarea")
+    .each(function () {
+      $(this).attr("value", $(this).val());
+    });
+  $(element)
+    .find("select")
+    .each(function () {
+      $(this).find(":selected").attr("selected", "selected");
+    });
+
   $(element).html(
     $(element)
       .html()
@@ -909,6 +920,27 @@ function initialize_page() {
     if (e.keyCode === 13) e.target.blur();
   });
 
+  const validate_identifier_elem = (target) => {
+    const next = target.next();
+    if (next.hasClass("expr-error")) next.remove();
+    const val = target.val();
+    if (!val) return;
+    try {
+      Function(val, "return 1");
+    } catch (error) {
+      target.after(`<small class="text-danger font-monospace d-block expr-error">
+      Invalid identifier
+    </small>`);
+    }
+  };
+  $(".validate-identifier").attr("spellcheck", false);
+  $(".validate-expression").attr("spellcheck", false);
+
+  $(".validate-identifier").bind("input", function (e) {
+    const target = $(e.target);
+    validate_identifier_elem(target);
+  });
+
   const validate_expression_elem = (target) => {
     const next = target.next();
     if (next.hasClass("expr-error")) next.remove();
@@ -921,7 +953,10 @@ function initialize_page() {
     }
     if (!val) return;
     try {
-      Function("return " + val);
+      const AsyncFunction = Object.getPrototypeOf(
+        async function () {}
+      ).constructor;
+      AsyncFunction("return " + val);
     } catch (error) {
       target.after(`<small class="text-danger font-monospace d-block expr-error">
       ${error.message}
@@ -932,6 +967,7 @@ function initialize_page() {
     const target = $(e.target);
     validate_expression_elem(target);
   });
+
   $(".validate-expression-conditional").each(function () {
     const theInput = $(this);
     theInput
@@ -1543,7 +1579,7 @@ function emptyAlerts() {
   $("#toasts-area").html("");
 }
 
-function press_store_button(clicked, keepOld) {
+function press_store_button(clicked, keepOld, disable) {
   let btn = clicked;
   if ($(clicked).is("form")) btn = $(clicked).find("button[type=submit]");
   if (keepOld) {
@@ -1552,17 +1588,24 @@ function press_store_button(clicked, keepOld) {
   }
   const width = $(btn).width();
   $(btn).html('<i class="fas fa-spinner fa-spin"></i>').width(width);
+  setTimeout(() => {
+    $(btn).prop("disabled", true);
+  }, 50);
 }
 
 function restore_old_button(btnId) {
-  const btn = $(`#${btnId}`);
+  const btn = btnId instanceof jQuery ? btnId : $(`#${btnId}`);
   const oldText = $(btn).data("old-text");
   btn.html(oldText);
-  btn.css({ width: "" });
+  btn.css({ width: "" }).prop("disabled", false);
   btn.removeData("old-text");
 }
 
-async function common_done(res, viewnameOrElem, isWeb = true) {
+async function common_done(res, viewnameOrElem0, isWeb = true) {
+  const viewnameOrElem =
+    viewnameOrElem0 === "undefined"
+      ? last_route_viewname
+      : viewnameOrElem0 || last_route_viewname;
   const viewname =
     typeof viewnameOrElem === "string"
       ? viewnameOrElem

package/public/saltcorn.css

@@ -812,3 +812,11 @@ tr span.add-tag {
 tr:hover span.add-tag {
   opacity: 1;
 }
+
+#saltcorn-file-manager .filelist tr {
+  cursor: pointer;
+}
+
+#saltcorn-file-manager .filelist tr.selected td {
+  background-color: var(--bs-secondary-bg-subtle, var(--tblr-secondary-bg-subtle, gray));;
+}

package/public/saltcorn.js

@@ -34,10 +34,7 @@ function updateQueryStringParameter(uri1, key, value) {
     uri = uris[0];
   }
 
-  var re = new RegExp(
-    "([?&])" + escapeRegExp(key) + "=.*?(&|$)",
-    "i"
-  );
+  var re = new RegExp("([?&])" + escapeRegExp(key) + "=.*?(&|$)", "i");
   var separator = uri.indexOf("?") !== -1 ? "&" : "?";
   if (uri.match(re)) {
     if (Array.isArray(value)) {
@@ -267,6 +264,8 @@ function reset_spinners() {
   });
 }
 
+let last_route_viewname;
+
 function view_post(viewnameOrElem, route, data, onDone, sendState) {
   const viewname =
     typeof viewnameOrElem === "string"
@@ -274,6 +273,7 @@ function view_post(viewnameOrElem, route, data, onDone, sendState) {
       : $(viewnameOrElem)
           .closest("[data-sc-embed-viewname]")
           .attr("data-sc-embed-viewname");
+  last_route_viewname = viewname;
   const query = sendState
     ? `?${new URL(get_current_state_url()).searchParams.toString()}`
     : "";
@@ -1322,6 +1322,34 @@ function check_delete_unsaved(tablename, script_tag) {
   }
 }
 
+function handle_identical_fields(event) {
+  let form = null;
+  if (event.currentTarget.tagName === "FORM") form = event.currentTarget;
+  else form = $(event.currentTarget).closest("form")[0];
+  if (!form) {
+    console.warn("No form found");
+  } else {
+    const name = event.target.name;
+    const newValue = event.target.value;
+    const tagName = event.target.tagName;
+    const isRadio = event.target.type === "radio";
+    if (tagName === "SELECT" || isRadio) {
+      form.querySelectorAll(`select[name="${name}"]`).forEach((select) => {
+        $(select).val(newValue); //.trigger("change");
+      });
+      form
+        .querySelectorAll(`input[type="radio"][name="${name}"]`)
+        .forEach((input) => {
+          input.checked = input.value === newValue;
+        });
+    } else if (tagName === "INPUT") {
+      form.querySelectorAll(`input[name="${name}"]`).forEach((input) => {
+        input.value = newValue;
+      });
+    }
+  }
+}
+
 (() => {
   const e = document.querySelector("[data-sidebar-toggler]");
   let closed = localStorage.getItem("sidebarClosed") === "true";

package/routes/actions.js

@@ -730,6 +730,7 @@ const getWorkflowStepForm = async (
         label: req.__("Step name"),
         type: "String",
         required: true,
+        class: "validate-identifier",
         sublabel: "An identifier by which this step can be referred to.",
         validator: jsIdentifierValidator,
       },
@@ -742,6 +743,7 @@ const getWorkflowStepForm = async (
       {
         name: "wf_only_if",
         label: req.__("Only if..."),
+        class: "validate-expression",
         sublabel:
           "Optional JavaScript expression based on the run context. If given, the chosen action will only be executed if evaluates to true",
         type: "String",
@@ -1716,6 +1718,7 @@ const getWorkflowStepUserForm = async (run, trigger, step, req) => {
   const form = new Form({
     action: `/actions/fill-workflow-form/${run.id}`,
     submitLabel: run.wait_info.output ? req.__("OK") : req.__("Submit"),
+    onSubmit: "press_store_button(this)",
     blurb,
     formStyle: run.wait_info.output || req.xhr ? "vert" : undefined,
     fields: await run.userFormFields(step),
@@ -1788,8 +1791,8 @@ router.post(
       if (req.xhr) {
         const retDirs = await run.popReturnDirectives();
 
-        if (runres?.popup) retDirs.popup = runres.popup;
-        res.json({ success: "ok", ...retDirs });
+        //if (runres?.popup) retDirs.popup = runres.popup;
+        res.json({ success: "ok", ...runres, ...retDirs });
       } else {
         if (run.context.goto) res.redirect(run.context.goto);
         else res.redirect("/");

package/routes/admin.js

@@ -657,9 +657,11 @@ router.get(
           {
             label: req.__("When"),
             key: (r) =>
-              `${moment(
-                r.created
-              ).fromNow()}<br><small>${localeDateTime(r.created, {}, locale)}</small>`,
+              `${moment(r.created).fromNow()}<br><small>${localeDateTime(
+                r.created,
+                {},
+                locale
+              )}</small>`,
           },
           {
             label: req.__("Name"),
@@ -1193,10 +1195,10 @@ router.get(
                     th({ valign: "top" }, req.__("Saltcorn version")),
                     td(
                       packagejson.version,
-                      isRoot && can_update
+                      isRoot 
                         ? post_btn(
                             "/admin/upgrade",
-                            req.__("Upgrade"),
+                            req.__("Upgrade") + " (latest)",
                             req.csrfToken(),
                             {
                               btnClass: "btn-primary btn-sm",

package/routes/common_lists.js

@@ -290,7 +290,7 @@ const tagsDropdown = (tags, altHeader) =>
     )
   );
 
-const mkAddBtn = (tags, entityType, id, req, myTagIds) =>
+const mkAddBtn = (tags, entityType, id, req, myTagIds, on_done_redirect_str) =>
   div(
     { class: "dropdown d-inline ms-1" },
     span(
@@ -314,7 +314,7 @@ const mkAddBtn = (tags, entityType, id, req, myTagIds) =>
           post_dropdown_item(
             `/tag-entries/add-tag-entity/${encodeURIComponent(
               t.name
-            )}/${entityType}/${id}`,
+            )}/${entityType}/${id}${on_done_redirect_str||""}`,
             t.name,
             req
           )
@@ -345,7 +345,7 @@ const viewsList = async (
   const tagBadges = (view) => {
     const myTags = tag_entries.filter((te) => te.view_id === view.id);
     const myTagIds = new Set(myTags.map((t) => t.tag_id));
-    const addBtn = mkAddBtn(tags, "views", view.id, req, myTagIds);
+    const addBtn = mkAddBtn(tags, "views", view.id, req, myTagIds, on_done_redirect_str);
     return (
       myTags.map((te) => tagBadge(tagsById[te.tag_id], "views")).join(nbsp) +
       addBtn
@@ -709,7 +709,7 @@ const getTriggerList = async (
     const myTagIds = new Set(myTags.map((t) => t.tag_id));
     return (
       myTags.map((te) => tagBadge(tagsById[te.tag_id], "triggers")).join(nbsp) +
-      mkAddBtn(tags, "triggers", trigger.id, req, myTagIds)
+      mkAddBtn(tags, "triggers", trigger.id, req, myTagIds, on_done_redirect_str)
     );
   };
   return mkTable(

package/routes/fields.js

@@ -1378,6 +1378,7 @@ router.post(
       agg_outcome_type,
       agg_fieldview,
       agg_field,
+      mode,
       _columndef,
     } = req.body || {};
     const table = Table.findOne({ name: tableName });
@@ -1389,7 +1390,9 @@ router.post(
         return;
       }
       const field = table.getField(agg_field);
-      const cfgfields = await applyAsync(fv.configFields, field || { table });
+      const cfgfields = await applyAsync(fv.configFields, field || { table }, {
+        mode,
+      });
       res.json(cfgfields);
       return;
     }
@@ -1412,7 +1415,12 @@ router.post(
       res.send(req.query?.accept == "json" ? "[]" : "");
       return;
     }
-    const fieldViewConfigForms = await calcfldViewConfig([field], false, 0);
+    const fieldViewConfigForms = await calcfldViewConfig(
+      [field],
+      false,
+      0,
+      mode
+    );
     const formFields = fieldViewConfigForms[field.name][fv_name];
     if (!formFields) {
       res.send(req.query?.accept == "json" ? "[]" : "");

package/routes/homepage.js

@@ -262,7 +262,10 @@ const actionsTab = async (req, triggers) => {
       ? p(req.__("No triggers"))
       : mkTable(
           [
-            { label: req.__("Name"), key: "name" },
+            {
+              label: req.__("Name"),
+              key: (tr) => a({ href: `actions/configure/${tr.id}` }, tr.name),
+            },
             { label: req.__("Action"), key: "action" },
             {
               label: req.__("Table or Channel"),

package/routes/plugins.js

@@ -558,6 +558,7 @@ const plugin_store_html = (items, req) => {
       },
       {
         besides: items.map(store_item_html(req)),
+        gy:3,
         widths: items.map(() => 4),
       },
     ],

package/routes/tables.js

@@ -1582,7 +1582,7 @@ const constraintForm = (req, table, fields, type) => {
     case "Formula":
       return new Form({
         action: `/table/add-constraint/${table.id}/${type}`,
-
+        onSubmit: "press_store_button(this)",
         fields: [
           {
             name: "formula",
@@ -1617,6 +1617,7 @@ const constraintForm = (req, table, fields, type) => {
         blurb: req.__(
           "Tick the boxes for the fields that should be jointly unique"
         ),
+        onSubmit: "press_store_button(this)",
         fields: [
           ...fields.map((f) => ({
             name: f.name,
@@ -1641,7 +1642,7 @@ const constraintForm = (req, table, fields, type) => {
         blurb: req.__(
           "Choose the field to be indexed. This make searching the table faster."
         ),
-
+        onSubmit: "press_store_button(this)",
         fields: [
           {
             type: "String",

package/routes/tag_entries.js

@@ -18,6 +18,7 @@ const {
   csrfField,
   isAdminOrHasConfigMinRole,
   checkEditPermission,
+  is_relative_url,
 } = require("./utils");
 
 const Table = require("@saltcorn/data/models/table");
@@ -192,18 +193,23 @@ router.post(
     const auth = checkEditPermission(entitytype, req.user);
     if (!auth) req.flash("error", "Not authorized");
     else await tag.addEntry({ [fieldName]: +entityid });
+    let redirectTarget =
+      req.query.on_done_redirect &&
+      is_relative_url("/" + req.query.on_done_redirect)
+        ? `/${req.query.on_done_redirect}`
+        : null;
     switch (entitytype) {
       case "views":
-        res.redirect(`/viewedit`);
+        res.redirect(redirectTarget || `/viewedit`);
         break;
       case "pages":
-        res.redirect(`/pageedit`);
+        res.redirect(redirectTarget || `/pageedit`);
         break;
       case "tables":
-        res.redirect(`/table`);
+        res.redirect(redirectTarget || `/table`);
         break;
       case "triggers":
-        res.redirect(`/actions`);
+        res.redirect(redirectTarget || `/actions`);
         break;
 
       default:

package/tests/view.test.js

@@ -1134,3 +1134,41 @@ describe("legacy relations with relation path", () => {
       .expect(toInclude("Delete"));
   });
 });
+
+describe("identical fields", () => {
+  it("runs a post with an author array ", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post("/view/authoredit_identicals")
+      .set("Cookie", loginCookie)
+      .send("author=Charles&author=Charles")
+      .expect(toRedirect("/view/authorlist"));
+    const table = Table.findOne({ name: "books" });
+    const rows = await table.getRows();
+    expect(rows).toContainEqual({
+      id: 3,
+      author: "Charles",
+      pages: 678,
+      publisher: null,
+    });
+  });
+
+  it("runs a post with only one author", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post("/view/authoredit_identicals")
+      .set("Cookie", loginCookie)
+      .send("author=Fjodor")
+      .expect(toRedirect("/view/authorlist"));
+    const table = Table.findOne({ name: "books" });
+    const rows = await table.getRows();
+    expect(rows).toContainEqual({
+      id: 4,
+      author: "Fjodor",
+      pages: 678,
+      publisher: null,
+    });
+  });
+});