backend-plus 2.6.10 → 2.7.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -43,7 +43,7 @@ export interface ProcedureDef<T = any> {
43
43
  encoding?:'JSON4all'|'JSON'|'download'
44
44
  multipart?:true
45
45
  progress?:true
46
- files?:{count?:number}
46
+ files?:{count?:number, minCount?:number, maxCount?:number}
47
47
  roles?:string[]
48
48
  cacheable?:true
49
49
  resultOk?:string
@@ -211,6 +211,7 @@ export interface FieldDefinition extends EditableDbDefinition {
211
211
  exportMetadata?:ExportMetadataDefinition
212
212
  description?:string
213
213
  dataLength?:number
214
+ dataDecimals?:number
214
215
  options?:(string|{option:string|number, label:string})[]
215
216
  inView?:boolean
216
217
  sortMethod?:string
@@ -47,8 +47,6 @@ pg.log=function log(m){
47
47
  }
48
48
  // */
49
49
 
50
- var readYaml = require('read-yaml-promise');
51
-
52
50
  var fs = require('fs-extra');
53
51
  var fsP = require('fs/promises');
54
52
 
@@ -1079,7 +1077,16 @@ AppBackend.prototype.start = function start(opts){
1079
1077
  const whitelist = ['localhost'].concat(be.config.server.allowedHosts);
1080
1078
  const corsOptions = {
1081
1079
  origin: function (origin, callback) {
1082
- if (whitelist.some((element)=>origin?.includes(element)) || !origin){
1080
+ if (!origin) {
1081
+ return callback(null, true);
1082
+ }
1083
+ var hostname;
1084
+ try{
1085
+ hostname = new URL(origin).hostname;
1086
+ }catch(err){
1087
+ return callback(new Error('Not allowed by CORS'));
1088
+ }
1089
+ if (whitelist.includes(hostname)){
1083
1090
  callback(null, true);
1084
1091
  }else{
1085
1092
  callback(new Error('Not allowed by CORS'));
@@ -1165,6 +1172,7 @@ AppBackend.prototype.start = function start(opts){
1165
1172
  name: 'bp'+(packagejson.name+be.config.server["base-url"]||Math.random()).replace(/\//g,'#')+'-connect.sid',
1166
1173
  cookie:{
1167
1174
  path: be.config.server["base-url"]||'/',
1175
+ sameSite: be.config.login.plus.session?.cookie?.sameSite ?? 'lax',
1168
1176
  }
1169
1177
  }});
1170
1178
  var loginPlusOpts={
@@ -1582,7 +1590,7 @@ AppBackend.prototype.checkDatabaseStructure = async function checkDatabaseStruct
1582
1590
  throw new Error('ERROR en la DB: set_app_user no es un PROCEDURE es ' + set_app_user_RoutineType);
1583
1591
  }
1584
1592
  var message = ''
1585
- likeAr(AppBackend.prototype.sql_routines).forEach((routine_name, def) => {
1593
+ likeAr(AppBackend.prototype.sql_routines).forEach((def, routine_name) => {
1586
1594
  if (sqlRoutines[routine_name] && def.dump.includes(sqlRoutines[routine_name].routine_definition)) {
1587
1595
  message += `
1588
1596
  ----- hay que crear o actualizar la rutina ${routine_name}:
@@ -1700,8 +1708,8 @@ AppBackend.prototype.addProcedureServices = function addProcedureServices(forUnl
1700
1708
  return;
1701
1709
  }
1702
1710
  procedureDef.parameters.forEach(function(paramDef){
1703
- if(paramDef.enconding==='plain' && procedureDef.multipart){
1704
- throw new Error("plain enconding in parameters not allowed in multipart procedure"+procedureDef.action);
1711
+ if(paramDef.encoding==='plain' && (procedureDef.files || procedureDef.multipart)){
1712
+ throw new Error("plain encoding in parameters not allowed in multipart procedure "+procedureDef.action);
1705
1713
  }
1706
1714
  });
1707
1715
  if(!isLowerIdent(procedureDef.action)){
@@ -1828,16 +1836,16 @@ AppBackend.prototype.addProcedureServices = function addProcedureServices(forUnl
1828
1836
  files = files.concat(req.files[name]);
1829
1837
  }
1830
1838
  if(
1831
- 'minCount' in procedureDef.files && files.length<procedureDef.files.minCount &&
1839
+ 'minCount' in procedureDef.files && files.length<procedureDef.files.minCount ||
1832
1840
  'count' in procedureDef.files && files.length<procedureDef.files.count
1833
1841
  ){
1834
- throw new Error("internal procedure "+procedureDef.action+" error: receiving less than "+procedureDef.files.minCount+" files");
1842
+ throw new Error("internal procedure "+procedureDef.action+" error: receiving less than "+(procedureDef.files.minCount ?? procedureDef.files.count)+" files");
1835
1843
  }
1836
1844
  if(
1837
- 'maxCount' in procedureDef.files && files.length<procedureDef.files.maxCount &&
1838
- 'count' in procedureDef.files && files.length<procedureDef.files.count
1845
+ 'maxCount' in procedureDef.files && files.length>procedureDef.files.maxCount ||
1846
+ 'count' in procedureDef.files && files.length>procedureDef.files.count
1839
1847
  ){
1840
- throw new Error("internal procedure "+procedureDef.action+" error: receiving less than "+procedureDef.files.minCount+" files");
1848
+ throw new Error("internal procedure "+procedureDef.action+" error: receiving more than "+(procedureDef.files.maxCount ?? procedureDef.files.count)+" files");
1841
1849
  }
1842
1850
  }
1843
1851
  var context=be.getContext(req);
@@ -1905,12 +1913,21 @@ AppBackend.prototype.addProcedureServices = function addProcedureServices(forUnl
1905
1913
  }
1906
1914
  res.append('Content-Type', 'application/octet-stream');
1907
1915
  return Promise.resolve().then(function(){
1916
+ return be.isThisProcedureAllowed(context,procedureDef,params)
1917
+ }).then(function(allowed){
1918
+ if(!allowed){
1919
+ console.log('FORBIDDEN',procedureDef.action,params.table,context.username);
1920
+ var err = new Error("FORBIDDEN");
1921
+ err.status="403";
1922
+ throw err;
1923
+ }
1924
+ }).then(function(){
1908
1925
  var thisCache;
1909
1926
  if(procedureDef.cacheable){
1910
- var jsonParams = JSON.stringify(params);
1911
- thisCache = be.caches.procedures[jsonParams];
1927
+ var cacheKey = procedureDef.action+' '+JSON.stringify(params);
1928
+ thisCache = be.caches.procedures[cacheKey];
1912
1929
  if(!thisCache){
1913
- thisCache = be.caches.procedures[jsonParams] = {timestamp:new Date().getTime()};
1930
+ thisCache = be.caches.procedures[cacheKey] = {timestamp:new Date().getTime()};
1914
1931
  }
1915
1932
  if(thisCache.result !== undefined){
1916
1933
  return thisCache.result;
@@ -1918,15 +1935,6 @@ AppBackend.prototype.addProcedureServices = function addProcedureServices(forUnl
1918
1935
  }
1919
1936
  var keepAliveManager=null;
1920
1937
  return Promise.resolve().then(function(){
1921
- return be.isThisProcedureAllowed(context,procedureDef,params)
1922
- }).then(function(allowed){
1923
- if(!allowed){
1924
- console.log('FORBIDDEN',procedureDef.action,params.table,context.username);
1925
- var err = new Error("FORBIDDEN");
1926
- err.code="403";
1927
- throw err;
1928
- }
1929
- }).then(function(){
1930
1938
  if(procedureDef.progress && be.config.server["keep-alive"]){
1931
1939
  keepAliveManager=setInterval(function(){
1932
1940
  res.write(JSON.stringify({progress:{keepAlive:true, ts:new Date().getTime()}})+"\n")
@@ -2920,6 +2928,10 @@ AppBackend.prototype.validateBitacora = function validateBitacora(procedureDef){
2920
2928
 
2921
2929
  AppBackend.prototype.procedureDefCompleter = function procedureDefCompleter(procedureDef){
2922
2930
  procedureDef.isCompleted=true;
2931
+ if(procedureDef.unlogged && procedureDef.roles){
2932
+ console.warn('WARNING procedure '+procedureDef.action+' declares roles, unlogged ignored');
2933
+ procedureDef.unlogged=false;
2934
+ }
2923
2935
  procedureDef.withFastWindow=procedureDef.withFastWindow||true;
2924
2936
  procedureDef.method=procedureDef.method||this.defaultMethod;
2925
2937
  procedureDef.encoding=procedureDef.encoding||'JSON4all';
@@ -3024,7 +3036,9 @@ AppBackend.prototype.dumpDbTableFields = function dumpDbTableFields(tableDef, op
3024
3036
  }
3025
3037
  fields.push(
3026
3038
  ' '+db.quoteIdent(fieldDef.name)+
3027
- ' '+(fieldDef.dataLength?(fieldType=='text'?'varchar':fieldType)+'('+fieldDef.dataLength+')':fieldType)+
3039
+ ' '+(fieldDef.dataLength?(fieldType=='text'?'varchar':fieldType)+'('+fieldDef.dataLength+
3040
+ (fieldDef.dataDecimals?','+fieldDef.dataDecimals:'')
3041
+ +')':fieldType)+
3028
3042
  ( be.specialSqlDefaultExpressions[fieldDef.defaultDbValue] != null ? ' default ' + be.specialSqlDefaultExpressions[fieldDef.defaultDbValue]
3029
3043
  : fieldDef.defaultDbValue != null ? ' default ' + fieldDef.defaultDbValue
3030
3044
  : be.specialSqlDefaultExpressions[fieldDef.specialDefaultValue] != null ? ' default ' + be.specialSqlDefaultExpressions[fieldDef.specialDefaultValue]
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "backend-plus",
3
3
  "description": "Backend for the anti Pareto rule",
4
- "version": "2.6.10",
4
+ "version": "2.7.0-beta.1",
5
5
  "author": "Codenautas <codenautas@googlegroups.com>",
6
6
  "license": "MIT",
7
7
  "repository": "codenautas/backend-plus",
@@ -36,48 +36,39 @@
36
36
  "dependencies": {
37
37
  "@upgraded/locate-path": "^6.0.0-alfa.1",
38
38
  "ajax-best-promise": "^0.4.3",
39
- "backend-skins": "^0.1.34",
40
39
  "best-globals": "^2.2.2",
41
40
  "big.js": "^7.0.1",
42
41
  "body-parser": "^2.3.0",
43
42
  "cast-error": "^0.1.4",
44
- "castellano": "^0.1.5",
45
- "connect-pg-simple": "^10.0.0",
46
- "cookie-parser": "^1.4.7",
43
+ "castellano": "^0.1.7",
47
44
  "cors": "^2.8.6",
48
45
  "dialog-promise": "^0.10.7",
49
- "discrepances": "^0.2.14",
46
+ "ensure-login": "^0.1.6-beta.0",
50
47
  "express": "^5.2.1",
51
- "express-session": "^1.19.0",
52
- "express-useragent": "^2.2.0",
53
- "fs-extra": "^11.3.5",
48
+ "express-useragent": "^2.2.1",
49
+ "fs-extra": "^11.3.6",
54
50
  "js-to-html": "^1.3.6",
55
- "js-yaml": "^5.1.0",
51
+ "js-yaml": "^5.2.1",
56
52
  "json4all": "^1.4.4",
57
53
  "lazy-some": "^0.1.0",
58
54
  "like-ar": "^0.5.3",
59
- "login-plus": "^1.8.1",
55
+ "login-plus": "^1.9.0-beta.1",
60
56
  "memorystore": "^1.6.8",
61
- "mini-tools": "^1.13.6",
57
+ "mini-tools": "^1.13.7",
62
58
  "moment": "^2.30.1",
63
59
  "multiparty": "^4.3.0",
64
- "nodemailer": "^9.0.1",
60
+ "nodemailer": "^9.0.3",
65
61
  "numeral": "^2.0.6",
66
- "pg-promise-strict": "^1.4.5",
62
+ "pg-promise-strict": "^1.4.6",
67
63
  "pg-triggers": "0.4.6",
68
64
  "pikaday": "^1.8.2",
69
- "pug": "^3.0.4",
70
- "read-yaml-promise": "^1.0.2",
71
- "regexplicit": "^0.1.3",
72
65
  "require-bro": "^0.3.6",
73
- "self-explain": "^0.11.0",
74
- "serve-content": "^1.0.4",
66
+ "serve-content": "^1.0.5",
75
67
  "session-file-store": "^1.5.0",
76
68
  "simple-git": "^3.36.0",
77
69
  "sql-tools": "^0.1.7",
78
70
  "stack-trace": "^1.0.0",
79
- "stylus": "0.64.0",
80
- "type-store": "^0.5.1",
71
+ "type-store": "^0.5.2",
81
72
  "typed-controls": "^0.12.6",
82
73
  "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz"
83
74
  },
@@ -90,12 +81,14 @@
90
81
  "@types/js-yaml": "^4.0.9",
91
82
  "@types/mocha": "^10.0.10",
92
83
  "@types/multiparty": "~4.2.1",
93
- "@types/node": "^26.0.1",
84
+ "@types/node": "^26.1.0",
94
85
  "@types/nodemailer": "^8.0.1",
95
86
  "@types/numeral": "~2.0.5",
96
87
  "@types/session-file-store": "^1.2.6",
97
88
  "@types/stack-trace": "~0.0.33",
98
89
  "@types/websql": "~0.0.30",
90
+ "backend-skins": "^0.1.34",
91
+ "discrepances": "^0.2.14",
99
92
  "esprima": "^4.0.1",
100
93
  "expect.js": "~0.3.1",
101
94
  "karma": "6.4.4",
@@ -107,8 +100,10 @@
107
100
  "kill-9": "~0.4.3",
108
101
  "mocha": "^11.7.6",
109
102
  "nyc": "^18.0.0",
110
- "puppeteer": "^25.2.1",
111
- "qa-control": "0.7.0",
103
+ "puppeteer": "^25.3.0",
104
+ "qa-control": "0.7.5",
105
+ "regexplicit": "^0.1.3",
106
+ "self-explain": "^0.11.0",
112
107
  "sinon": "^22.0.0",
113
108
  "supertest": "^7.2.2",
114
109
  "types.d.ts": "~0.6.22",
@@ -123,7 +118,8 @@
123
118
  "test-ui": "(npm run prepublish || echo \"continue w/error\") && mocha --reporter spec --single-run --bail test/test-*.js",
124
119
  "test-karma": "(npm run prepublish || echo \"continue w/error\") && mocha --reporter spec --bail test/test-k*.js",
125
120
  "test-why": "node --expose-internals ./node_modules/mocha/bin/_mocha --reporter spec --bail test/test*.js",
126
- "test-ci": "(npm run prepublish || echo \"continue w/error\") && mocha --reporter spec --bail test/test*.js",
121
+ "test-ci": "npm test",
122
+ "test-cov": "(npm run prepublish || echo \"continue w/error\") && mocha --reporter spec --bail test/test*.js",
127
123
  "test-good": "mocha --reporter spec --bail --check-leaks test/test*.js",
128
124
  "example-pu": "node test/puppeteer/first-step.js",
129
125
  "test-pu": "node ./test/download_puppeteer && mocha --reporter spec --bail --check-leaks --globals cptable --globals QUOTE --globals __core-js_shared__ test/test-pu.js",
@@ -116,7 +116,7 @@ myAjax.readProcedureDefinitions=function readProcedureDefinitions(){
116
116
  backgroundUrl = 'url("img/background-test.png")';
117
117
  }else if(/(^|[-_0-9/])(capa|capacitacion)($|[-_0-9/])/.test(location.pathname)){
118
118
  backgroundUrl = 'url("img/background-capa.png")';
119
- }else if(/(^|[-_0-9/])(desa|devel)($|[-_0-9/])/.test(location.pathname)){
119
+ }else if(/(^|[-_0-9/])(desa|devel)($|[-_0-9/])/.test(location.pathname) || my.config.config && my.config.config['devel']){
120
120
  backgroundUrl = 'url("img/background-devel.png")';
121
121
  }else{
122
122
  backgroundUrl = '';