@xuda.io/runtime-bundle 1.0.489 → 1.0.491

package/js/xuda-runtime-bundle.js

@@ -34922,7 +34922,7 @@ func.UI.component.init_xu_nav = function ($container, $nav) {
 };
  func.expression = {};
 
-func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   class xu_class {
     async get() {
       var ret;
@@ -35042,7 +35042,7 @@ func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, row
       // var split = [];
       var var_Arr = [];
       const split = func.expression.parse(ret) || [];
-      console.log(valP, split);
+      // console.log(valP, split);
       for await (const [arr_key, val] of Object.entries(split)) {
         // run each field
         const key = Number(arr_key);
@@ -35276,6 +35276,177 @@ func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, row
   return new_class.get();
 };
 
+func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+  const evalJson = (text) => eval(`(${text})`);
+  const replaceQuotes = (str) => {
+    for (const [key, val] of Object.entries(fields)) {
+      if (typeof val === 'string') str = str.replace(`"${val}"`, val.replace(/"/g, ''));
+    }
+    return str;
+  };
+
+  let ret, error, warning, var_error_found;
+  const fields = { ...fieldsP };
+
+  // Initial value processing
+  if (valP === null || typeof valP === 'undefined') ret = '';
+  else if (typeof valP === 'boolean') ret = valP ? 'Y' : 'N';
+  else ret = valP.toString();
+
+  ret = ret.replace(/\&/g, '&');
+  ret = func.utils.replace_studio_drive_url(SESSION_ID, ret);
+
+  // End results helper
+  const endResults = () => {
+    if (['update', 'javascript'].includes(sourceP) && typeof ret === 'string') {
+      ret = replaceQuotes(ret);
+    }
+    if ((error || warning) && SESSION_OBJ[SESSION_ID]?.DS_GLB[dsSessionP]) {
+      func.utils.debug.log(SESSION_ID, SESSION_OBJ[SESSION_ID].DS_GLB[dsSessionP].nodeId, {
+        module: 'expression',
+        action: sourceP,
+        source: calling_fieldIdP,
+        prop: ret,
+        details: ret,
+        result: ret,
+        error,
+        warning,
+        fields: null,
+        type: 'exp',
+        prog_id: SESSION_OBJ[SESSION_ID].DS_GLB[dsSessionP].prog_id,
+        debug_info: debug_infoP,
+      });
+    }
+    return { result: ret, fields, error, warning, req: valP, var_error_found };
+  };
+
+  // Handle non-variable cases
+  const handleNonVariable = async () => {
+    try {
+      if (sourceP !== 'arguments') {
+        if (ret.startsWith('_DATE_')) ret = ret.slice(6);
+        else if (/^\d{4}-\d{2}-\d{2}$/.test(ret) || ret === 'self') return endResults();
+        else ret = await func.expression.secure_eval(SESSION_ID, sourceP, ret, jobNo, dsSessionP, js_script_callback);
+      } else {
+        ret = ret.replace(/_NULL/gi, '');
+      }
+      return endResults();
+    } catch (err) {
+      error = err.message;
+      return endResults();
+    }
+  };
+
+  // Early return for simple cases
+  if (!func.expression.validate_variables(valP)) return await handleNonVariable();
+  if (glb.emailRegex.test(await func.expression.secure_eval(SESSION_ID, sourceP, valP, jobNo, dsSessionP, js_script_callback))) {
+    return await handleNonVariable();
+  }
+
+  // Parse and process variables
+  const split = func.expression.parse(ret) || [];
+  const var_Arr = await Promise.all(
+    split.map(async (val, key) => {
+      const result = { value: val.value, fieldId: val.fieldId };
+
+      if (!val.fieldId) return result;
+
+      // Handle _THIS substitution
+      if (val.fieldId.startsWith('_THIS') && calling_fieldIdP) {
+        result.fieldId = val.fieldId.length === 5 ? calling_fieldIdP : calling_fieldIdP + val.fieldId.slice(5);
+      }
+
+      // Fetch value from datasource
+      const { ret: fetchedValue, fieldIdP } = await func.datasource.get_value(SESSION_ID, result.fieldId, dsSessionP, rowIdP);
+      result.value = fetchedValue?.value ?? (sourceP === 'exp' ? fetchedValue?.value : '""');
+      result.type = fetchedValue?.type;
+
+      // Handle iteration
+      if (iterate_info) {
+        if (iterate_info.iterator_key === fieldIdP) result.value = iterate_info._key;
+        if (iterate_info.iterator_val === fieldIdP) result.value = iterate_info._val;
+      }
+
+      // Process nested properties
+      if (val.value.includes('[') || val.value.includes('.')) {
+        const { property1, property2 } = await func.expression.get_property(val.value);
+        const data = fetchedValue?.type === 'object' ? fetchedValue.value : fetchedValue?.prop;
+
+        if (key > 0 && val.value.includes(']') && !val.value.includes('[') && split[key - 1].value) {
+          const prevData = split[key - 1].value;
+          result.value = prevData[fieldIdP];
+          if (val.value.includes('.') && prevData[fieldIdP]) {
+            result.value = prevData[fieldIdP][property2] ?? '';
+          }
+        } else if (data) {
+          if (property1) result.value = data[property1] ?? '';
+          if (property2) result.value = (property1 ? data[property1]?.[property2] : data[property2]) ?? '';
+        }
+      }
+
+      fields[fieldIdP] = result.value;
+      return result;
+    }),
+  );
+
+  // Final evaluation
+  try {
+    const res = var_Arr.map((val, key) => {
+      if (sourceP === 'UI Property EXP' || sourceP === 'UI Attr EXP') {
+        const { changed, value } = func.utils.get_drive_url(SESSION_ID, val.value, sourceP === 'UI Attr EXP' && var_Arr.length > 1);
+        if (changed) return value;
+      }
+
+      let value = val.value;
+      if (var_Arr.length > 1) {
+        if (!['DbQuery', 'alert', 'exp', 'api_rendered_output'].includes(sourceP) && ['string', 'date'].includes(val.type)) {
+          value = `\`${value}\``;
+        } else if (sourceP === 'api_rendered_output' && api_output_type === 'json' && ['string', 'date'].includes(val.type)) {
+          value = `"${value}"`;
+        }
+      }
+
+      if (val.fieldId && typeof value === 'string') {
+        if (['query', 'condition', 'range', 'sort', 'locate'].includes(sourceP)) value = value.replace(/↵|\r\n|\n|\r/g, '');
+        if (['init', 'update', 'virtual'].includes(sourceP)) value = value.replace(/↵|\r\n|\n|\r/g, '\\n');
+        if (typeof IS_PROCESS_SERVER !== 'undefined') value = value.replace(/↵|\r\n|\n|\r/g, '<br>');
+        fields[val.fieldId] = value;
+      }
+
+      if (typeof value === 'object' && var_Arr.length > 1) {
+        value = Array.isArray(value) || var_Arr[key + 1]?.value?.includes('.') ? JSON.stringify(value) : `(${JSON.stringify(value)})`;
+      }
+
+      if (!val.type === 'exp' && sourceP !== 'exp' && typeof value === 'string' && value.startsWith('@')) {
+        warning = `Error encoding ${value}`;
+        var_error_found = true;
+        return '0';
+      }
+      return value;
+    });
+
+    ret = res.length === 1 ? res[0] : res.join('');
+    if (var_Arr.some((v) => v.type === 'exp') && sourceP !== 'exp' && !secondPassP) {
+      const exp = await func.expression.get(SESSION_ID, ret, dsSessionP, sourceP, rowIdP, sourceActionP, true, calling_fieldIdP, fields, debug_infoP);
+      ret = exp.res?.[0] ?? exp.result;
+      Object.assign(fields, exp.fields);
+    } else if (!secondPassP && !['arguments', 'api_rendered_output', 'DbQuery'].includes(sourceP)) {
+      ret = await func.expression.secure_eval(SESSION_ID, sourceP, ret, jobNo, dsSessionP, js_script_callback);
+    } else if (sourceP === 'DbQuery') {
+      ret = JSON.stringify(evalJson(ret));
+    }
+
+    if (typeof ret === 'string' && ret.startsWith('@')) {
+      error = 'Error encoding @ var';
+      var_error_found = true;
+    }
+  } catch (err) {
+    error = err.message;
+  }
+
+  return endResults();
+};
+
 func.expression.parse_org = function (strP) {
   var extract_str = function (strP, posP) {
     if (!posP) posP = 0;
@@ -35457,7 +35628,7 @@ func.expression.parse = function (input) {
   return segments;
 };
 
-func.expression.get_property = async function (valP) {
+func.expression.get_property_org = async function (valP) {
   async function secure_eval(val) {
     if (typeof IS_PROCESS_SERVER === 'undefined') {
       try {
@@ -35495,21 +35666,73 @@ func.expression.get_property = async function (valP) {
     property2: property2,
   };
 };
-func.expression.validate_constant = function (valP) {
+
+func.expression.get_property = async function (valP) {
+  if (typeof valP !== 'string') return { property1: undefined, property2: undefined };
+
+  const secureEval = async (expr) => {
+    if (typeof IS_PROCESS_SERVER === 'undefined') {
+      try {
+        return eval(expr);
+      } catch (err) {
+        console.error(err);
+        return undefined;
+      }
+    }
+    try {
+      const vm = new VM.VM({
+        sandbox: {
+          func,
+          SESSION_ID,
+          SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+        },
+        timeout: 1000,
+        allowAsync: false,
+      });
+      return await vm.run(expr);
+    } catch {
+      return undefined; // Simplified error handling
+    }
+  };
+
+  let property1, property2;
+  const bracketStart = valP.indexOf('[');
+  const bracketEnd = valP.indexOf(']');
+
+  if (bracketStart > -1 && bracketEnd > bracketStart) {
+    const expr = valP.slice(bracketStart + 1, bracketEnd);
+    property1 = await secureEval(expr);
+  }
+
+  const dotIndex = valP.indexOf('.');
+  if (dotIndex > -1) {
+    property2 = valP.slice(dotIndex + 1);
+  }
+
+  return { property1, property2 };
+};
+
+func.expression.validate_constant_org = function (valP) {
   var patt = /["']/;
   if (typeof valP === 'string' && patt.test(valP.substr(0, 1)) && patt.test(valP.substr(0, valP.length - 1))) return true;
   else return false;
 };
-func.expression.validate_variables = function (valP) {
+func.expression.validate_variables_org = function (valP) {
   if (typeof valP === 'string' && valP.indexOf('@') > -1) return true;
   else return false;
 };
-func.expression.remove_quotes = function (valP) {
+func.expression.remove_quotes_org = function (valP) {
   if (func.expression.validate_constant(valP)) return valP.substr(1, valP.length - 2);
   else return valP;
 };
 
-func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+func.expression.validate_constant = (valP) => typeof valP === 'string' && /^["'].*["']$/.test(valP);
+
+func.expression.validate_variables = (valP) => typeof valP === 'string' && valP.includes('@');
+
+func.expression.remove_quotes = (valP) => (func.expression.validate_constant(valP) && typeof valP === 'string' ? valP.slice(1, -1) : valP);
+
+func.expression.secure_eval_org = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
   const api_utils = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
     func,
     glb,
@@ -35610,6 +35833,90 @@ func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id,
     }
   }
 };
+
+func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+  if (typeof val !== 'string') return val;
+
+  const xu = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
+    func,
+    glb,
+    SESSION_OBJ,
+    SESSION_ID,
+    APP_OBJ,
+    dsSession: dsSessionP,
+    job_id,
+  });
+
+  const isServer = typeof IS_PROCESS_SERVER !== 'undefined' || typeof IS_DOCKER !== 'undefined';
+
+  // Client-side execution
+  if (!isServer) {
+    try {
+      return eval(val);
+    } catch {
+      try {
+        return JSON5.parse(val);
+      } catch {
+        return val;
+      }
+    }
+  }
+
+  // Server-side execution
+  const sandbox = {
+    func,
+    xu,
+    SESSION_ID,
+    SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+    callback: js_script_callback,
+    job_id,
+    ...(sourceP === 'javascript' ? { axios, got, FormData } : {}),
+  };
+
+  const handleError = (err) => {
+    console.error('Execution error:', err);
+    func.events.delete_job(SESSION_ID, job_id);
+    if (isServer && !SESSION_OBJ[SESSION_ID].crawler) {
+      if (sourceP === 'javascript') {
+        __.rpi.write_log(SESSION_OBJ[SESSION_ID].app_id, 'error', 'worker', 'vm error', err, null, val, 'func.expression.get.secure_eval');
+      } else {
+        __.db.add_error_log(SESSION_OBJ[SESSION_ID].app_id, 'api', err);
+      }
+    }
+    return val; // Fallback to original value
+  };
+
+  if (sourceP === 'javascript') {
+    process.on('uncaughtException', handleError);
+    try {
+      const dir = path.join(_conf.studio_drive_path, SESSION_OBJ[SESSION_ID].app_id, 'node_modules');
+      const script = new VM.VMScript(`try { ${val} } catch (e) { func.api.error(SESSION_ID, "nodejs error", e); console.error(e); func.events.delete_job(SESSION_ID, "${job_id}"); }`, { filename: dir, dirname: dir });
+      const vm = new VM.NodeVM({
+        require: { external: true },
+        sandbox,
+        timeout: 60000,
+      });
+      return await vm.run(script, { filename: dir, dirname: dir });
+    } catch (err) {
+      return handleError(err);
+    }
+  }
+
+  try {
+    const vm = new VM.VM({
+      sandbox,
+      timeout: 1000,
+      allowAsync: false,
+    });
+    return await vm.run(val);
+  } catch {
+    try {
+      return JSON5.parse(val);
+    } catch {
+      return val;
+    }
+  }
+};
  func.events = {};
 func.events.validate = async function (SESSION_ID, triggerP, dsSessionP, eventIdP, sourceP, argumentsP, return_validation_onlyP) {
   var _session = SESSION_OBJ[SESSION_ID];