saltcorn-samba 0.3.8 → 0.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +61 -0
  2. package/index.js +8 -8
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,67 @@ All notable changes to `saltcorn-samba` are documented here.
4
4
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
5
5
  and this project adheres to [Semantic Versioning](https://semver.org/).
6
6
 
7
+ ## [0.3.9] – 2026-07-05
8
+
9
+ ### Fixed – **Root-Cause-Fix: Falsche Callback-Signatur in allen Routen**
10
+
11
+ Die Diagnose-Ausgabe aus 0.3.8 hat gezeigt, dass in den Route-Handlern
12
+ **alle** Felder von `req` leer waren (`has_req_user: false`,
13
+ `has_session: false`, `referer: null` usw.). Ursache war eine falsche
14
+ Callback-Signatur, die seit 0.1 in **allen 8 Routen** verwendet wurde.
15
+
16
+ Saltcorn registriert Plugin-Routen so
17
+ (`packages/server/plugin_routes_handler.js`, Zeilen 40–52):
18
+
19
+ ```js
20
+ tenantRouter.post(url, error_catcher(route.callback));
21
+ ```
22
+
23
+ und `error_catcher` ist definiert als
24
+ (`packages/server/routes/utils.ts`, Zeile 427):
25
+
26
+ ```js
27
+ const error_catcher = (fn) => (request, response, next) => {
28
+ ...; fn(request, response, next);
29
+ };
30
+ ```
31
+
32
+ Die Callbacks werden also mit der klassischen Express-Signatur
33
+ `(req, res, next)` aufgerufen — **nicht** mit einem Objekt `{ req, res }`.
34
+
35
+ Bisher stand in `index.js` überall:
36
+
37
+ ```js
38
+ callback: async ({ req, res }) => { ... }
39
+ ```
40
+
41
+ Dadurch wurde aus dem echten Express-`request`-Objekt versucht, `req.req`
42
+ und `req.res` per Destructuring zu holen — beides `undefined`. Effekt:
43
+
44
+ - `req.user`, `req.session`, `req.headers`, `req.body`, `req.query`,
45
+ `req.csrfToken()` waren alle unerreichbar.
46
+ - Der Admin-Check konnte niemals erfolgreich sein.
47
+ - Der Samba-Verbindungstest hat *nie* funktioniert.
48
+ - Datei-Listing, Upload, Rename, Delete, Mkdir waren ebenfalls betroffen.
49
+
50
+ **Fix:** Alle 8 Routen (`/sambadir`, `/sambafile`, `/sambalink`,
51
+ `/sambatest`, `/sambaupload`, `/sambadelete`, `/sambarename`,
52
+ `/sambamkdir`) auf die korrekte Signatur umgestellt:
53
+
54
+ ```js
55
+ callback: async (req, res) => { ... }
56
+ ```
57
+
58
+ Damit erhält jeder Handler das echte Express-`req`-Objekt mit
59
+ `req.user`, `req.session`, `req.headers`, `req.body`, `req.csrfToken()`,
60
+ usw. — und die gesamte Admin- und Berechtigungslogik aus 0.3.7/0.3.8
61
+ greift jetzt so, wie sie gedacht war.
62
+
63
+ ### Notes
64
+ - Kein Funktionsverlust, keine Konfig-Migration nötig.
65
+ - Wer 0.3.8 installiert hat und den Test-Button nicht zum Laufen bekommen
66
+ hat: **Update auf 0.3.9 einspielen, Server neu starten, erneut testen.**
67
+
7
68
  ## [0.3.8] – 2026-07-05
8
69
 
9
70
  ### Changed
package/index.js CHANGED
@@ -480,7 +480,7 @@ const routes = [
480
480
  {
481
481
  url: "/sambadir",
482
482
  method: "get",
483
- callback: async ({ req, res }) => {
483
+ callback: async (req, res) => {
484
484
  const cfg = getConfig();
485
485
  if (!cfg.server) return jsonError(res, 500, "Samba plugin not configured");
486
486
  if (!canRead(req, cfg)) return jsonError(res, 403, "Forbidden");
@@ -528,7 +528,7 @@ const routes = [
528
528
  {
529
529
  url: "/sambafile",
530
530
  method: "get",
531
- callback: async ({ req, res }) => {
531
+ callback: async (req, res) => {
532
532
  const cfg = getConfig();
533
533
  if (!cfg.server) return res.status(500).send("Samba plugin not configured");
534
534
  if (!canRead(req, cfg)) return res.status(403).send("Forbidden");
@@ -561,7 +561,7 @@ const routes = [
561
561
  {
562
562
  url: "/sambalink",
563
563
  method: "get",
564
- callback: async ({ req, res }) => {
564
+ callback: async (req, res) => {
565
565
  const cfg = getConfig();
566
566
  if (!cfg.server) return res.status(500).send("Samba plugin not configured");
567
567
  if (!canRead(req, cfg)) return res.status(403).send("Forbidden");
@@ -617,7 +617,7 @@ code{background:#f4f4f4;padding:2px 6px;border-radius:3px;word-break:break-all}<
617
617
  // when the config-page CSRF token has already been consumed by the
618
618
  // save-workflow or when a stricter CSRF policy is applied.
619
619
  noCsrf: true,
620
- callback: async ({ req, res }) => {
620
+ callback: async (req, res) => {
621
621
  // -----------------------------------------------------------------
622
622
  // Admin gate — komplett neu in 0.3.8:
623
623
  //
@@ -822,7 +822,7 @@ code{background:#f4f4f4;padding:2px 6px;border-radius:3px;word-break:break-all}<
822
822
  {
823
823
  url: "/sambaupload",
824
824
  method: "post",
825
- callback: async ({ req, res }) => {
825
+ callback: async (req, res) => {
826
826
  const cfg = getConfig();
827
827
  if (!cfg.server) return jsonError(res, 500, "Samba plugin not configured");
828
828
  if (!canWrite(req, cfg)) return jsonError(res, 403, "Forbidden");
@@ -893,7 +893,7 @@ code{background:#f4f4f4;padding:2px 6px;border-radius:3px;word-break:break-all}<
893
893
  {
894
894
  url: "/sambadelete",
895
895
  method: "post",
896
- callback: async ({ req, res }) => {
896
+ callback: async (req, res) => {
897
897
  const cfg = getConfig();
898
898
  if (!cfg.server) return jsonError(res, 500, "Samba plugin not configured");
899
899
  if (!canWrite(req, cfg)) return jsonError(res, 403, "Forbidden");
@@ -924,7 +924,7 @@ code{background:#f4f4f4;padding:2px 6px;border-radius:3px;word-break:break-all}<
924
924
  {
925
925
  url: "/sambarename",
926
926
  method: "post",
927
- callback: async ({ req, res }) => {
927
+ callback: async (req, res) => {
928
928
  const cfg = getConfig();
929
929
  if (!cfg.server) return jsonError(res, 500, "Samba plugin not configured");
930
930
  if (!canWrite(req, cfg)) return jsonError(res, 403, "Forbidden");
@@ -987,7 +987,7 @@ code{background:#f4f4f4;padding:2px 6px;border-radius:3px;word-break:break-all}<
987
987
  {
988
988
  url: "/sambamkdir",
989
989
  method: "post",
990
- callback: async ({ req, res }) => {
990
+ callback: async (req, res) => {
991
991
  const cfg = getConfig();
992
992
  if (!cfg.server) return jsonError(res, 500, "Samba plugin not configured");
993
993
  if (!canWrite(req, cfg)) return jsonError(res, 403, "Forbidden");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "saltcorn-samba",
3
- "version": "0.3.8",
3
+ "version": "0.3.9",
4
4
  "description": "Saltcorn plugin: browse, upload, rename and delete files on a Samba/CIFS share. File-manager view, directory tree, inline PDF viewer, external-app open (smb://).",
5
5
  "main": "index.js",
6
6
  "scripts": {