Merge c43afabe28 into c261745f1d

# [0.39.0](https://github.com/sasjs/server/compare/v0.38.0...v0.39.0) (2024-10-31)

### Bug Fixes

* **api:** fixed condition in processProgram ([48a9a4d](48a9a4dd0e))

### Features

* **api:** added session state endpoint ([6b6546c](6b6546c7ad))

.vscode/settings.json

@@ -1,5 +1,3 @@
 {
-  "cSpell.words": [
-    "autoexec"
-  ]
+  "cSpell.words": ["autoexec", "initialising"]
 }

CHANGELOG.md

@@ -1,3 +1,50 @@
+# [0.39.0](https://github.com/sasjs/server/compare/v0.38.0...v0.39.0) (2024-10-31)
+
+
+### Bug Fixes
+
+* **api:** fixed condition in processProgram ([48a9a4d](https://github.com/sasjs/server/commit/48a9a4dd0e31f84209635382be4ec4bb2c3a9c0c))
+
+
+### Features
+
+* **api:** added session state endpoint ([6b6546c](https://github.com/sasjs/server/commit/6b6546c7ad0833347f8dc4cdba6ad19132f7aaef))
+
+# [0.38.0](https://github.com/sasjs/server/compare/v0.37.0...v0.38.0) (2024-10-30)
+
+
+### Features
+
+* **api:** enabled query params in stp/trigger endpoint ([5cda9cd](https://github.com/sasjs/server/commit/5cda9cd5d8623b7ea2ecd989d7808f47ec866672))
+
+# [0.37.0](https://github.com/sasjs/server/compare/v0.36.0...v0.37.0) (2024-10-29)
+
+
+### Features
+
+* **stp:** added trigger endpoint ([b0723f1](https://github.com/sasjs/server/commit/b0723f14448d60ffce4f2175cf8a73fc4d4dd0ee))
+
+# [0.36.0](https://github.com/sasjs/server/compare/v0.35.4...v0.36.0) (2024-10-29)
+
+
+### Features
+
+* **code:** added code/trigger API endpoint ([ffcf193](https://github.com/sasjs/server/commit/ffcf193b87d811b166d79af74013776a253b50b0))
+
+## [0.35.4](https://github.com/sasjs/server/compare/v0.35.3...v0.35.4) (2024-01-15)
+
+
+### Bug Fixes
+
+* **api:** fixed env issue in MacOS executable ([73d965d](https://github.com/sasjs/server/commit/73d965daf54b16c0921e4b18d11a1e6f8650884d))
+
+## [0.35.3](https://github.com/sasjs/server/compare/v0.35.2...v0.35.3) (2023-11-07)
+
+
+### Bug Fixes
+
+* enable embedded LFs in JS STP vars ([7e8cbbf](https://github.com/sasjs/server/commit/7e8cbbf377b27a7f5dd9af0bc6605c01f302f5d9))
+
 ## [0.35.2](https://github.com/sasjs/server/compare/v0.35.1...v0.35.2) (2023-08-07)
 
 

api/.env.example

@@ -25,7 +25,7 @@ LDAP_USERS_BASE_DN = <ou=users,dc=cloudron>
 LDAP_GROUPS_BASE_DN = <ou=groups,dc=cloudron>
 
 #default value is 100
-MAX_WRONG_ATTEMPTS_BY_IP_PER_DAY=100 
+MAX_WRONG_ATTEMPTS_BY_IP_PER_DAY=100
 
 #default value is 10
 MAX_CONSECUTIVE_FAILS_BY_USERNAME_AND_IP=10

api/package-lock.json

@@ -51,7 +51,7 @@
         "adm-zip": "^0.5.9",
         "axios": "0.27.2",
         "csrf": "^3.1.0",
-        "dotenv": "^10.0.0",
+        "dotenv": "^16.0.1",
         "http-headers-validation": "^0.0.1",
         "jest": "^27.0.6",
         "mongodb-memory-server": "8.11.4",
@@ -4788,12 +4788,12 @@
       }
     },
     "node_modules/dotenv": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
-      "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==",
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.0.1.tgz",
+      "integrity": "sha512-1K6hR6wtk2FviQ4kEiSjFiH5rpzEVi8WW0x96aztHVMhEspNpc4DVOUTEHtEva5VThQ8IaBX1Pe4gSzpVVUsKQ==",
       "dev": true,
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       }
     },
     "node_modules/duplexer2": {
@@ -15217,9 +15217,9 @@
       }
     },
     "dotenv": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
-      "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==",
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.0.1.tgz",
+      "integrity": "sha512-1K6hR6wtk2FviQ4kEiSjFiH5rpzEVi8WW0x96aztHVMhEspNpc4DVOUTEHtEva5VThQ8IaBX1Pe4gSzpVVUsKQ==",
       "dev": true
     },
     "duplexer2": {

api/package.json

@@ -88,7 +88,7 @@
     "adm-zip": "^0.5.9",
     "axios": "0.27.2",
     "csrf": "^3.1.0",
-    "dotenv": "^10.0.0",
+    "dotenv": "^16.0.1",
     "http-headers-validation": "^0.0.1",
     "jest": "^27.0.6",
     "mongodb-memory-server": "8.11.4",

api/public/swagger.yaml

@@ -40,8 +40,7 @@ components:
                 clientId:
                     type: string
                 userId:
-                    type: number
-                    format: double
+                    type: string
             required:
                 - clientId
                 - userId
@@ -98,17 +97,47 @@ components:
             properties:
                 code:
                     type: string
-                    description: 'Code of program'
-                    example: '* Code HERE;'
+                    description: 'The code to be executed'
+                    example: '* Your Code HERE;'
                 runTime:
                     $ref: '#/components/schemas/RunTimeType'
-                    description: 'runtime for program'
+                    description: 'The runtime for the code - eg SAS, JS, PY or R'
                     example: js
             required:
                 - code
                 - runTime
             type: object
             additionalProperties: false
+        TriggerCodeResponse:
+            properties:
+                sessionId:
+                    type: string
+                    description: "`sessionId` is the ID of the session and the name of the temporary folder\nused to store code outputs.<br><br>\nFor SAS, this would be the location of the SASWORK folder.<br><br>\n`sessionId` can be used to poll session state using the\nGET /SASjsApi/session/{sessionId}/state endpoint."
+                    example: 20241028074744-54132-1730101664824
+            required:
+                - sessionId
+            type: object
+            additionalProperties: false
+        TriggerCodePayload:
+            properties:
+                code:
+                    type: string
+                    description: 'The code to be executed'
+                    example: '* Your Code HERE;'
+                runTime:
+                    $ref: '#/components/schemas/RunTimeType'
+                    description: 'The runtime for the code - eg SAS, JS, PY or R'
+                    example: sas
+                expiresAfterMins:
+                    type: number
+                    format: double
+                    description: "Amount of minutes after the completion of the job when the session must be\ndestroyed."
+                    example: 15
+            required:
+                - code
+                - runTime
+            type: object
+            additionalProperties: false
         MemberType.folder:
             enum:
                 - folder
@@ -285,9 +314,8 @@ components:
             additionalProperties: false
         UserResponse:
             properties:
-                id:
-                    type: number
-                    format: double
+                uid:
+                    type: string
                 username:
                     type: string
                 displayName:
@@ -295,7 +323,7 @@ components:
                 isAdmin:
                     type: boolean
             required:
-                - id
+                - uid
                 - username
                 - displayName
                 - isAdmin
@@ -303,32 +331,30 @@ components:
             additionalProperties: false
         GroupResponse:
             properties:
-                groupId:
-                    type: number
-                    format: double
+                uid:
+                    type: string
                 name:
                     type: string
                 description:
                     type: string
             required:
-                - groupId
+                - uid
                 - name
                 - description
             type: object
             additionalProperties: false
         UserDetailsResponse:
             properties:
-                id:
-                    type: number
-                    format: double
-                displayName:
+                uid:
                     type: string
                 username:
                     type: string
-                isActive:
-                    type: boolean
+                displayName:
+                    type: string
                 isAdmin:
                     type: boolean
+                isActive:
+                    type: boolean
                 autoExec:
                     type: string
                 groups:
@@ -336,11 +362,11 @@ components:
                         $ref: '#/components/schemas/GroupResponse'
                     type: array
             required:
-                - id
-                - displayName
+                - uid
                 - username
-                - isActive
+                - displayName
                 - isAdmin
+                - isActive
             type: object
             additionalProperties: false
         UserPayload:
@@ -376,9 +402,8 @@ components:
             additionalProperties: false
         GroupDetailsResponse:
             properties:
-                groupId:
-                    type: number
-                    format: double
+                uid:
+                    type: string
                 name:
                     type: string
                 description:
@@ -390,7 +415,7 @@ components:
                         $ref: '#/components/schemas/UserResponse'
                     type: array
             required:
-                - groupId
+                - uid
                 - name
                 - description
                 - isActive
@@ -459,9 +484,8 @@ components:
             additionalProperties: false
         PermissionDetailsResponse:
             properties:
-                permissionId:
-                    type: number
-                    format: double
+                uid:
+                    type: string
                 path:
                     type: string
                 type:
@@ -473,7 +497,7 @@ components:
                 group:
                     $ref: '#/components/schemas/GroupDetailsResponse'
             required:
-                - permissionId
+                - uid
                 - path
                 - type
                 - setting
@@ -512,10 +536,8 @@ components:
                     description: 'Indicates the type of principal'
                     example: user
                 principalId:
-                    type: number
-                    format: double
+                    type: string
                     description: 'The id of user or group to which a rule is assigned.'
-                    example: 123
             required:
                 - path
                 - type
@@ -534,27 +556,47 @@ components:
                 - setting
             type: object
             additionalProperties: false
-        SessionResponse:
+        Pick_UserResponse.Exclude_keyofUserResponse.uid__:
             properties:
-                id:
-                    type: number
-                    format: double
                 username:
                     type: string
                 displayName:
                     type: string
                 isAdmin:
                     type: boolean
-                needsToUpdatePassword:
-                    type: boolean
             required:
-                - id
                 - username
                 - displayName
                 - isAdmin
-                - needsToUpdatePassword
+            type: object
+            description: 'From T, pick a set of properties whose keys are in the union K'
+        SessionResponse:
+            properties:
+                username:
+                    type: string
+                displayName:
+                    type: string
+                isAdmin:
+                    type: boolean
+                id:
+                    type: string
+                needsToUpdatePassword:
+                    type: boolean
+            required:
+                - username
+                - displayName
+                - isAdmin
+                - id
             type: object
             additionalProperties: false
+        SessionState:
+            enum:
+                - initialising
+                - pending
+                - running
+                - completed
+                - failed
+            type: string
         ExecutePostRequestPayload:
             properties:
                 _program:
@@ -563,6 +605,16 @@ components:
                     example: /Public/somefolder/some.file
             type: object
             additionalProperties: false
+        TriggerProgramResponse:
+            properties:
+                sessionId:
+                    type: string
+                    description: "`sessionId` is the ID of the session and the name of the temporary folder\nused to store program outputs.<br><br>\nFor SAS, this would be the location of the SASWORK folder.<br><br>\n`sessionId` can be used to poll session state using the\nGET /SASjsApi/session/{sessionId}/state endpoint."
+                    example: 20241028074744-54132-1730101664824
+            required:
+                - sessionId
+            type: object
+            additionalProperties: false
         LoginPayload:
             properties:
                 username:
@@ -805,6 +857,30 @@ paths:
                     application/json:
                         schema:
                             $ref: '#/components/schemas/ExecuteCodePayload'
+    /SASjsApi/code/trigger:
+        post:
+            operationId: TriggerCode
+            responses:
+                '200':
+                    description: Ok
+                    content:
+                        application/json:
+                            schema:
+                                $ref: '#/components/schemas/TriggerCodeResponse'
+            description: 'Trigger Code on the Specified Runtime'
+            summary: 'Triggers code and returns SessionId immediately - does not wait for job completion'
+            tags:
+                - Code
+            security:
+                -
+                    bearerAuth: []
+            parameters: []
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/TriggerCodePayload'
     /SASjsApi/drive/deploy:
         post:
             operationId: Deploy
@@ -1206,7 +1282,7 @@ paths:
                                 type: array
                             examples:
                                 'Example 1':
-                                    value: [{id: 123, username: johnusername, displayName: John, isAdmin: false}, {id: 456, username: starkusername, displayName: Stark, isAdmin: true}]
+                                    value: [{uid: userIdString, username: johnusername, displayName: John, isAdmin: false}, {uid: anotherUserIdString, username: starkusername, displayName: Stark, isAdmin: true}]
             summary: 'Get list of all users (username, displayname). All users can request this.'
             tags:
                 - User
@@ -1225,7 +1301,7 @@ paths:
                                 $ref: '#/components/schemas/UserDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {id: 1234, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
+                                    value: {uid: userIdString, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
             summary: 'Create user with the following attributes: UserId, UserName, Password, isAdmin, isActive. Admin only task.'
             tags:
                 - User
@@ -1276,7 +1352,7 @@ paths:
                                 $ref: '#/components/schemas/UserDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {id: 1234, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
+                                    value: {uid: userIdString, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
             summary: 'Update user properties - such as displayName. Can be performed either by admins, or the user in question.'
             tags:
                 - User
@@ -1327,7 +1403,7 @@ paths:
                                 password:
                                     type: string
                             type: object
-    '/SASjsApi/user/{userId}':
+    '/SASjsApi/user/{uid}':
         get:
             operationId: GetUser
             responses:
@@ -1346,14 +1422,12 @@ paths:
                     bearerAuth: []
             parameters:
                 -
-                    description: 'The user''s identifier'
                     in: path
-                    name: userId
+                    name: uid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: 1234
+                        type: string
+    '/SASjsApi/user/{userId}':
         patch:
             operationId: UpdateUser
             responses:
@@ -1365,7 +1439,7 @@ paths:
                                 $ref: '#/components/schemas/UserDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {id: 1234, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
+                                    value: {uid: userIdString, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
             summary: 'Update user properties - such as displayName. Can be performed either by admins, or the user in question.'
             tags:
                 - User
@@ -1379,8 +1453,7 @@ paths:
                     name: userId
                     required: true
                     schema:
-                        format: double
-                        type: number
+                        type: string
                     example: '1234'
             requestBody:
                 required: true
@@ -1406,8 +1479,7 @@ paths:
                     name: userId
                     required: true
                     schema:
-                        format: double
-                        type: number
+                        type: string
                     example: 1234
             requestBody:
                 required: true
@@ -1432,7 +1504,7 @@ paths:
                                 type: array
                             examples:
                                 'Example 1':
-                                    value: [{groupId: 123, name: DCGroup, description: 'This group represents Data Controller Users'}]
+                                    value: [{uid: groupIdString, name: DCGroup, description: 'This group represents Data Controller Users'}]
             summary: 'Get list of all groups (groupName and groupDescription). All users can request this.'
             tags:
                 - Group
@@ -1451,7 +1523,7 @@ paths:
                                 $ref: '#/components/schemas/GroupDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {groupId: 123, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}
+                                    value: {uid: groupIdString, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}
             summary: 'Create a new group. Admin only.'
             tags:
                 - Group
@@ -1467,7 +1539,7 @@ paths:
                             $ref: '#/components/schemas/GroupPayload'
     '/SASjsApi/group/by/groupname/{name}':
         get:
-            operationId: GetGroupByGroupName
+            operationId: GetGroupByName
             responses:
                 '200':
                     description: Ok
@@ -1489,7 +1561,7 @@ paths:
                     required: true
                     schema:
                         type: string
-    '/SASjsApi/group/{groupId}':
+    '/SASjsApi/group/{uid}':
         get:
             operationId: GetGroup
             responses:
@@ -1509,12 +1581,11 @@ paths:
                 -
                     description: 'The group''s identifier'
                     in: path
-                    name: groupId
+                    name: uid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: 1234
+                        type: string
+                    example: 12ByteString
         delete:
             operationId: DeleteGroup
             responses:
@@ -1536,13 +1607,12 @@ paths:
                 -
                     description: 'The group''s identifier'
                     in: path
-                    name: groupId
+                    name: uid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: 1234
-    '/SASjsApi/group/{groupId}/{userId}':
+                        type: string
+                    example: 12ByteString
+    '/SASjsApi/group/{groupUid}/{userUid}':
         post:
             operationId: AddUserToGroup
             responses:
@@ -1554,7 +1624,7 @@ paths:
                                 $ref: '#/components/schemas/GroupDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {groupId: 123, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}
+                                    value: {uid: groupIdString, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}
             summary: 'Add a user to a group. Admin task only.'
             tags:
                 - Group
@@ -1565,21 +1635,18 @@ paths:
                 -
                     description: 'The group''s identifier'
                     in: path
-                    name: groupId
+                    name: groupUid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: '1234'
+                        type: string
+                    example: 12ByteString
                 -
                     description: 'The user''s identifier'
                     in: path
-                    name: userId
+                    name: userUid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: '6789'
+                        type: string
         delete:
             operationId: RemoveUserFromGroup
             responses:
@@ -1591,8 +1658,8 @@ paths:
                                 $ref: '#/components/schemas/GroupDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {groupId: 123, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}
-            summary: 'Remove a user to a group. Admin task only.'
+                                    value: {uid: groupIdString, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}
+            summary: 'Remove a user from a group. Admin task only.'
             tags:
                 - Group
             security:
@@ -1602,21 +1669,19 @@ paths:
                 -
                     description: 'The group''s identifier'
                     in: path
-                    name: groupId
+                    name: groupUid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: '1234'
+                        type: string
+                    example: 12ByteString
                 -
                     description: 'The user''s identifier'
                     in: path
-                    name: userId
+                    name: userUid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: '6789'
+                        type: string
+                    example: 12ByteString
     /SASjsApi/info:
         get:
             operationId: Info
@@ -1667,7 +1732,7 @@ paths:
                                 type: array
                             examples:
                                 'Example 1':
-                                    value: [{permissionId: 123, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}, {permissionId: 124, path: /SASjsApi/code/execute, type: Route, setting: Grant, group: {groupId: 1, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}}]
+                                    value: [{uid: permissionId1String, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {uid: user1-id, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}, {uid: permissionId2String, path: /SASjsApi/code/execute, type: Route, setting: Grant, group: {uid: group1-id, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}}]
             description: "Get the list of permission rules applicable the authenticated user.\nIf the user is an admin, all rules are returned."
             summary: 'Get the list of permission rules. If the user is admin, all rules are returned.'
             tags:
@@ -1687,7 +1752,7 @@ paths:
                                 $ref: '#/components/schemas/PermissionDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {permissionId: 123, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
+                                    value: {uid: permissionIdString, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {uid: userIdString, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
             summary: 'Create a new permission. Admin only.'
             tags:
                 - Permission
@@ -1701,7 +1766,7 @@ paths:
                     application/json:
                         schema:
                             $ref: '#/components/schemas/RegisterPermissionPayload'
-    '/SASjsApi/permission/{permissionId}':
+    '/SASjsApi/permission/{uid}':
         patch:
             operationId: UpdatePermission
             responses:
@@ -1713,7 +1778,7 @@ paths:
                                 $ref: '#/components/schemas/PermissionDetailsResponse'
                             examples:
                                 'Example 1':
-                                    value: {permissionId: 123, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
+                                    value: {uid: permissionIdString, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {uid: userIdString, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
             summary: 'Update permission setting. Admin only'
             tags:
                 - Permission
@@ -1722,14 +1787,11 @@ paths:
                     bearerAuth: []
             parameters:
                 -
-                    description: 'The permission''s identifier'
                     in: path
-                    name: permissionId
+                    name: uid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: 1234
+                        type: string
             requestBody:
                 required: true
                 content:
@@ -1749,14 +1811,11 @@ paths:
                     bearerAuth: []
             parameters:
                 -
-                    description: 'The user''s identifier'
                     in: path
-                    name: permissionId
+                    name: uid
                     required: true
                     schema:
-                        format: double
-                        type: number
-                    example: 1234
+                        type: string
     /SASjsApi/session:
         get:
             operationId: Session
@@ -1769,7 +1828,7 @@ paths:
                                 $ref: '#/components/schemas/SessionResponse'
                             examples:
                                 'Example 1':
-                                    value: {id: 123, username: johnusername, displayName: John, isAdmin: false}
+                                    value: {id: userIdString, username: johnusername, displayName: John, isAdmin: false, needsToUpdatePassword: false}
             summary: 'Get session info (username).'
             tags:
                 - Session
@@ -1777,6 +1836,30 @@ paths:
                 -
                     bearerAuth: []
             parameters: []
+    '/SASjsApi/session/{sessionId}/state':
+        get:
+            operationId: SessionState
+            responses:
+                '200':
+                    description: Ok
+                    content:
+                        application/json:
+                            schema:
+                                $ref: '#/components/schemas/SessionState'
+            description: "The polling endpoint is currently implemented for single-server deployments only.<br>\nLoad balanced / grid topologies will be supported in a future release.<br>\nIf your site requires this, please reach out to SASjs Support."
+            summary: 'Get session state (initialising, pending, running, completed, failed).'
+            tags:
+                - Session
+            security:
+                -
+                    bearerAuth: []
+            parameters:
+                -
+                    in: path
+                    name: sessionId
+                    required: true
+                    schema:
+                        type: string
     /SASjsApi/stp/execute:
         get:
             operationId: ExecuteGetRequest
@@ -1789,7 +1872,7 @@ paths:
                                 anyOf:
                                     - {type: string}
                                     - {type: string, format: byte}
-            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
+            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts additional URL parameters (converted to session variables)\nand file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
             summary: 'Execute a Stored Program, returns _webout and (optionally) log.'
             tags:
                 - STP
@@ -1798,7 +1881,7 @@ paths:
                     bearerAuth: []
             parameters:
                 -
-                    description: 'Location of the Stored Program in SASjs Drive'
+                    description: 'Location of Stored Program in SASjs Drive.'
                     in: query
                     name: _program
                     required: true
@@ -1806,7 +1889,7 @@ paths:
                         type: string
                     example: /Projects/myApp/some/program
                 -
-                    description: 'Optional query param for setting debug mode (returns the session log in the response body)'
+                    description: 'Optional query param for setting debug mode (returns the session log in the response body).'
                     in: query
                     name: _debug
                     required: false
@@ -1847,6 +1930,50 @@ paths:
                     application/json:
                         schema:
                             $ref: '#/components/schemas/ExecutePostRequestPayload'
+    /SASjsApi/stp/trigger:
+        post:
+            operationId: TriggerProgram
+            responses:
+                '200':
+                    description: Ok
+                    content:
+                        application/json:
+                            schema:
+                                $ref: '#/components/schemas/TriggerProgramResponse'
+            description: 'Trigger Program on the Specified Runtime.'
+            summary: 'Triggers program and returns SessionId immediately - does not wait for program completion.'
+            tags:
+                - STP
+            security:
+                -
+                    bearerAuth: []
+            parameters:
+                -
+                    description: 'Location of code in SASjs Drive.'
+                    in: query
+                    name: _program
+                    required: true
+                    schema:
+                        type: string
+                    example: /Projects/myApp/some/program
+                -
+                    description: 'Optional query param for setting debug mode.'
+                    in: query
+                    name: _debug
+                    required: false
+                    schema:
+                        format: double
+                        type: number
+                    example: 131
+                -
+                    description: 'Optional query param for setting amount of minutes after the completion of the program when the session must be destroyed.'
+                    in: query
+                    name: expiresAfterMins
+                    required: false
+                    schema:
+                        format: double
+                        type: number
+                    example: 15
     /:
         get:
             operationId: Home
@@ -1872,7 +1999,7 @@ paths:
                         application/json:
                             schema:
                                 properties:
-                                    user: {properties: {needsToUpdatePassword: {type: boolean}, isAdmin: {type: boolean}, displayName: {type: string}, username: {type: string}, id: {type: number, format: double}}, required: [needsToUpdatePassword, isAdmin, displayName, username, id], type: object}
+                                    user: {properties: {needsToUpdatePassword: {type: boolean}, isAdmin: {type: boolean}, displayName: {type: string}, username: {type: string}, id: {}}, required: [needsToUpdatePassword, isAdmin, displayName, username, id], type: object}
                                     loggedIn: {type: boolean}
                                 required:
                                     - user

api/src/controllers/auth.ts

@@ -27,14 +27,14 @@ import User from '../model/User'
 @Tags('Auth')
 export class AuthController {
   static authCodes: { [key: string]: { [key: string]: string } } = {}
-  static saveCode = (userId: number, clientId: string, code: string) => {
+  static saveCode = (userId: string, clientId: string, code: string) => {
     if (AuthController.authCodes[userId])
       return (AuthController.authCodes[userId][clientId] = code)
 
     AuthController.authCodes[userId] = { [clientId]: code }
     return AuthController.authCodes[userId][clientId]
   }
-  static deleteCode = (userId: number, clientId: string) =>
+  static deleteCode = (userId: string, clientId: string) =>
     delete AuthController.authCodes[userId][clientId]
 
   /**
@@ -159,7 +159,7 @@ const updatePassword = async (
 ) => {
   const { currentPassword, newPassword } = data
   const userId = req.user?.userId
-  const dbUser = await User.findOne({ id: userId })
+  const dbUser = await User.findOne({ _id: userId })
 
   if (!dbUser)
     throw {

api/src/controllers/code.ts

@@ -1,27 +1,57 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
-import { ExecutionController } from './internal'
+import { ExecutionController, getSessionController } from './internal'
 import {
   getPreProgramVariables,
   getUserAutoExec,
   ModeType,
-  parseLogToArray,
   RunTimeType
 } from '../utils'
 
 interface ExecuteCodePayload {
   /**
-   * Code of program
-   * @example "* Code HERE;"
+   * The code to be executed
+   * @example "* Your Code HERE;"
    */
   code: string
   /**
-   * runtime for program
+   * The runtime for the code - eg SAS, JS, PY or R
    * @example "js"
    */
   runTime: RunTimeType
 }
 
+interface TriggerCodePayload {
+  /**
+   * The code to be executed
+   * @example "* Your Code HERE;"
+   */
+  code: string
+  /**
+   * The runtime for the code - eg SAS, JS, PY or R
+   * @example "sas"
+   */
+  runTime: RunTimeType
+  /**
+   * Amount of minutes after the completion of the job when the session must be
+   * destroyed.
+   * @example 15
+   */
+  expiresAfterMins?: number
+}
+
+interface TriggerCodeResponse {
+  /**
+   * `sessionId` is the ID of the session and the name of the temporary folder
+   * used to store code outputs.<br><br>
+   * For SAS, this would be the location of the SASWORK folder.<br><br>
+   * `sessionId` can be used to poll session state using the
+   * GET /SASjsApi/session/{sessionId}/state endpoint.
+   * @example "20241028074744-54132-1730101664824"
+   */
+  sessionId: string
+}
+
 @Security('bearerAuth')
 @Route('SASjsApi/code')
 @Tags('Code')
@@ -44,6 +74,18 @@ export class CodeController {
   ): Promise<string | Buffer> {
     return executeCode(request, body)
   }
+
+  /**
+   * Trigger Code on the Specified Runtime
+   * @summary Triggers code and returns SessionId immediately - does not wait for job completion
+   */
+  @Post('/trigger')
+  public async triggerCode(
+    @Request() request: express.Request,
+    @Body() body: TriggerCodePayload
+  ): Promise<TriggerCodeResponse> {
+    return triggerCode(request, body)
+  }
 }
 
 const executeCode = async (
@@ -76,3 +118,49 @@ const executeCode = async (
     }
   }
 }
+
+const triggerCode = async (
+  req: express.Request,
+  { code, runTime, expiresAfterMins }: TriggerCodePayload
+): Promise<TriggerCodeResponse> => {
+  const { user } = req
+  const userAutoExec =
+    process.env.MODE === ModeType.Server
+      ? user?.autoExec
+      : await getUserAutoExec()
+
+  // get session controller based on runTime
+  const sessionController = getSessionController(runTime)
+
+  // get session
+  const session = await sessionController.getSession()
+
+  // add expiresAfterMins to session if provided
+  if (expiresAfterMins) {
+    // expiresAfterMins.used is set initially to false
+    session.expiresAfterMins = { mins: expiresAfterMins, used: false }
+  }
+
+  try {
+    // call executeProgram method of ExecutionController without awaiting
+    new ExecutionController().executeProgram({
+      program: code,
+      preProgramVariables: getPreProgramVariables(req),
+      vars: { ...req.query, _debug: 131 },
+      otherArgs: { userAutoExec },
+      runTime: runTime,
+      includePrintOutput: true,
+      session // session is provided
+    })
+
+    // return session id
+    return { sessionId: session.id }
+  } catch (err: any) {
+    throw {
+      code: 400,
+      status: 'failure',
+      message: 'Job execution failed.',
+      error: typeof err === 'object' ? err.toString() : err
+    }
+  }
+}

api/src/controllers/group.ts

@@ -12,28 +12,29 @@ import {
 
 import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
-import { AuthProviderType } from '../utils'
-import { UserResponse } from './user'
+import { GetUserBy, UserResponse } from './user'
 
 export interface GroupResponse {
-  groupId: number
+  uid: string
   name: string
   description: string
 }
 
-export interface GroupDetailsResponse {
-  groupId: number
-  name: string
-  description: string
+export interface GroupDetailsResponse extends GroupResponse {
   isActive: boolean
   users: UserResponse[]
 }
 
 interface GetGroupBy {
-  groupId?: number
+  _id?: string
   name?: string
 }
 
+enum GroupAction {
+  AddUser = 'addUser',
+  RemoveUser = 'removeUser'
+}
+
 @Security('bearerAuth')
 @Route('SASjsApi/group')
 @Tags('Group')
@@ -44,7 +45,7 @@ export class GroupController {
    */
   @Example<GroupResponse[]>([
     {
-      groupId: 123,
+      uid: 'groupIdString',
       name: 'DCGroup',
       description: 'This group represents Data Controller Users'
     }
@@ -59,7 +60,7 @@ export class GroupController {
    *
    */
   @Example<GroupDetailsResponse>({
-    groupId: 123,
+    uid: 'groupIdString',
     name: 'DCGroup',
     description: 'This group represents Data Controller Users',
     isActive: true,
@@ -78,7 +79,7 @@ export class GroupController {
    * @example dcgroup
    */
   @Get('by/groupname/{name}')
-  public async getGroupByGroupName(
+  public async getGroupByName(
     @Path() name: string
   ): Promise<GroupDetailsResponse> {
     return getGroup({ name })
@@ -86,68 +87,66 @@ export class GroupController {
 
   /**
    * @summary Get list of members of a group (userName). All users can request this.
-   * @param groupId The group's identifier
-   * @example groupId 1234
+   * @param uid The group's identifier
+   * @example uid "12ByteString"
    */
-  @Get('{groupId}')
-  public async getGroup(
-    @Path() groupId: number
-  ): Promise<GroupDetailsResponse> {
-    return getGroup({ groupId })
+  @Get('{uid}')
+  public async getGroup(@Path() uid: string): Promise<GroupDetailsResponse> {
+    return getGroup({ _id: uid })
   }
 
   /**
    * @summary Add a user to a group. Admin task only.
-   * @param groupId The group's identifier
-   * @example groupId "1234"
-   * @param userId The user's identifier
-   * @example userId "6789"
+   * @param groupUid The group's identifier
+   * @example groupUid "12ByteString"
+   * @param userUid The user's identifier
+   * @example userId "12ByteString"
    */
   @Example<GroupDetailsResponse>({
-    groupId: 123,
+    uid: 'groupIdString',
     name: 'DCGroup',
     description: 'This group represents Data Controller Users',
     isActive: true,
     users: []
   })
-  @Post('{groupId}/{userId}')
+  @Post('{groupUid}/{userUid}')
   public async addUserToGroup(
-    @Path() groupId: number,
-    @Path() userId: number
+    @Path() groupUid: string,
+    @Path() userUid: string
   ): Promise<GroupDetailsResponse> {
-    return addUserToGroup(groupId, userId)
+    return addUserToGroup(groupUid, userUid)
   }
 
   /**
-   * @summary Remove a user to a group. Admin task only.
-   * @param groupId The group's identifier
-   * @example groupId "1234"
-   * @param userId The user's identifier
-   * @example userId "6789"
+   * @summary Remove a user from a group. Admin task only.
+   * @param groupUid The group's identifier
+   * @example groupUid "12ByteString"
+   * @param userUid The user's identifier
+   * @example userUid "12ByteString"
    */
   @Example<GroupDetailsResponse>({
-    groupId: 123,
+    uid: 'groupIdString',
     name: 'DCGroup',
     description: 'This group represents Data Controller Users',
     isActive: true,
     users: []
   })
-  @Delete('{groupId}/{userId}')
+  @Delete('{groupUid}/{userUid}')
   public async removeUserFromGroup(
-    @Path() groupId: number,
-    @Path() userId: number
+    @Path() groupUid: string,
+    @Path() userUid: string
   ): Promise<GroupDetailsResponse> {
-    return removeUserFromGroup(groupId, userId)
+    return removeUserFromGroup(groupUid, userUid)
   }
 
   /**
    * @summary Delete a group. Admin task only.
-   * @param groupId The group's identifier
-   * @example groupId 1234
+   * @param uid The group's identifier
+   * @example uid "12ByteString"
    */
-  @Delete('{groupId}')
-  public async deleteGroup(@Path() groupId: number) {
-    const group = await Group.findOne({ groupId })
+  @Delete('{uid}')
+  public async deleteGroup(@Path() uid: string) {
+    const group = await Group.findOne({ _id: uid })
     if (!group)
       throw {
         code: 404,
@@ -160,9 +159,7 @@ export class GroupController {
 }
 
 const getAllGroups = async (): Promise<GroupResponse[]> =>
-  await Group.find({})
-    .select({ _id: 0, groupId: 1, name: 1, description: 1 })
-    .exec()
+  await Group.find({}).select('uid name description').exec()
 
 const createGroup = async ({
   name,
@@ -187,7 +184,7 @@ const createGroup = async ({
   const savedGroup = await group.save()
 
   return {
-    groupId: savedGroup.groupId,
+    uid: savedGroup.uid,
     name: savedGroup.name,
     description: savedGroup.description,
     isActive: savedGroup.isActive,
@@ -198,11 +195,12 @@ const createGroup = async ({
 const getGroup = async (findBy: GetGroupBy): Promise<GroupDetailsResponse> => {
   const group = (await Group.findOne(
     findBy,
-    'groupId name description isActive users -_id'
+    'uid name description isActive users'
   ).populate(
     'users',
-    'id username displayName isAdmin -_id'
+    'uid username displayName isAdmin'
   )) as unknown as GroupDetailsResponse
+
   if (!group)
     throw {
       code: 404,
@@ -211,7 +209,7 @@ const getGroup = async (findBy: GetGroupBy): Promise<GroupDetailsResponse> => {
     }
 
   return {
-    groupId: group.groupId,
+    uid: group.uid,
     name: group.name,
     description: group.description,
     isActive: group.isActive,
@@ -220,23 +218,23 @@ const getGroup = async (findBy: GetGroupBy): Promise<GroupDetailsResponse> => {
 }
 
 const addUserToGroup = async (
-  groupId: number,
-  userId: number
+  groupUid: string,
+  userUid: string
 ): Promise<GroupDetailsResponse> =>
-  updateUsersListInGroup(groupId, userId, 'addUser')
+  updateUsersListInGroup(groupUid, userUid, GroupAction.AddUser)
 
 const removeUserFromGroup = async (
-  groupId: number,
-  userId: number
+  groupUid: string,
+  userUid: string
 ): Promise<GroupDetailsResponse> =>
-  updateUsersListInGroup(groupId, userId, 'removeUser')
+  updateUsersListInGroup(groupUid, userUid, GroupAction.RemoveUser)
 
 const updateUsersListInGroup = async (
-  groupId: number,
-  userId: number,
-  action: 'addUser' | 'removeUser'
+  groupUid: string,
+  userUid: string,
+  action: GroupAction
 ): Promise<GroupDetailsResponse> => {
-  const group = await Group.findOne({ groupId })
+  const group = await Group.findOne({ _id: groupUid })
   if (!group)
     throw {
       code: 404,
@@ -258,7 +256,7 @@ const updateUsersListInGroup = async (
       message: `Can't add/remove user to group created by external auth provider.`
     }
 
-  const user = await User.findOne({ id: userId })
+  const user = await User.findOne({ _id: userUid })
   if (!user)
     throw {
       code: 404,
@@ -274,7 +272,7 @@ const updateUsersListInGroup = async (
     }
 
   const updatedGroup =
-    action === 'addUser'
+    action === GroupAction.AddUser
       ? await group.addUser(user)
       : await group.removeUser(user)
 
@@ -286,7 +284,7 @@ const updateUsersListInGroup = async (
     }
 
   return {
-    groupId: updatedGroup.groupId,
+    uid: updatedGroup.uid,
     name: updatedGroup.name,
     description: updatedGroup.description,
     isActive: updatedGroup.isActive,

api/src/controllers/internal/Execution.ts

@@ -2,7 +2,7 @@ import path from 'path'
 import fs from 'fs'
 import { getSessionController, processProgram } from './'
 import { readFile, fileExists, createFile, readFileBinary } from '@sasjs/utils'
-import { PreProgramVars, Session, TreeNode } from '../../types'
+import { PreProgramVars, Session, TreeNode, SessionState } from '../../types'
 import {
   extractHeaders,
   getFilesFolder,
@@ -75,8 +75,7 @@ export class ExecutionController {
 
     const session =
       sessionByFileUpload ?? (await sessionController.getSession())
-    session.inUse = true
-    session.consumed = true
+    session.state = SessionState.running
 
     const logPath = path.join(session.path, 'log.log')
     const headersPath = path.join(session.path, 'stpsrv_header.txt')
@@ -121,7 +120,7 @@ export class ExecutionController {
       : ''
 
     // it should be deleted by scheduleSessionDestroy
-    session.inUse = false
+    session.state = SessionState.completed
 
     const resultParts = []
 
@@ -145,7 +144,9 @@ export class ExecutionController {
     return {
       httpHeaders,
       result:
-        isDebugOn(vars) || session.crashed ? resultParts.join(`\n`) : webout
+        isDebugOn(vars) || session.failureReason
+          ? resultParts.join(`\n`)
+          : webout
     }
   }
 

api/src/controllers/internal/FileUploadController.ts

@@ -2,11 +2,8 @@ import { Request, RequestHandler } from 'express'
 import multer from 'multer'
 import { uuidv4 } from '@sasjs/utils'
 import { getSessionController } from '.'
-import {
-  executeProgramRawValidation,
-  getRunTimeAndFilePath,
-  RunTimeType
-} from '../../utils'
+import { executeProgramRawValidation, getRunTimeAndFilePath } from '../../utils'
+import { SessionState } from '../../types'
 
 export class FileUploadController {
   private storage = multer.diskStorage({
@@ -56,9 +53,8 @@ export class FileUploadController {
     }
 
     const session = await sessionController.getSession()
-    // marking consumed true, so that it's not available
-    // as readySession for any other request
-    session.consumed = true
+    // change session state to 'running', so that it's not available for any other request
+    session.state = SessionState.running
 
     req.sasjsSession = session
 

api/src/controllers/internal/Session.ts

@@ -1,5 +1,5 @@
 import path from 'path'
-import { Session } from '../../types'
+import { Session, SessionState } from '../../types'
 import { promisify } from 'util'
 import { execFile } from 'child_process'
 import {
@@ -14,8 +14,7 @@ import {
   createFile,
   fileExists,
   generateTimestamp,
-  readFile,
-  isWindows
+  readFile
 } from '@sasjs/utils'
 
 const execFilePromise = promisify(execFile)
@@ -24,7 +23,9 @@ export class SessionController {
   protected sessions: Session[] = []
 
   protected getReadySessions = (): Session[] =>
-    this.sessions.filter((sess: Session) => sess.ready && !sess.consumed)
+    this.sessions.filter(
+      (session: Session) => session.state === SessionState.pending
+    )
 
   protected async createSession(): Promise<Session> {
     const sessionId = generateUniqueFileName(generateTimestamp())
@@ -40,19 +41,18 @@ export class SessionController {
 
     const session: Session = {
       id: sessionId,
-      ready: true,
-      inUse: true,
-      consumed: false,
-      completed: false,
+      state: SessionState.pending,
       creationTimeStamp,
       deathTimeStamp,
       path: sessionFolder
     }
 
     const headersPath = path.join(session.path, 'stpsrv_header.txt')
+
     await createFile(headersPath, 'content-type: text/html; charset=utf-8')
 
     this.sessions.push(session)
+
     return session
   }
 
@@ -67,6 +67,10 @@ export class SessionController {
 
     return session
   }
+
+  public getSessionById(id: string) {
+    return this.sessions.find((session) => session.id === id)
+  }
 }
 
 export class SASSessionController extends SessionController {
@@ -84,10 +88,7 @@ export class SASSessionController extends SessionController {
 
     const session: Session = {
       id: sessionId,
-      ready: false,
-      inUse: false,
-      consumed: false,
-      completed: false,
+      state: SessionState.initialising,
       creationTimeStamp,
       deathTimeStamp,
       path: sessionFolder
@@ -145,13 +146,20 @@ ${autoExecContent}`
       process.sasLoc!.endsWith('sas.exe') ? session.path : ''
     ])
       .then(() => {
-        session.completed = true
+        session.state = SessionState.completed
+
         process.logger.info('session completed', session)
       })
       .catch((err) => {
-        session.completed = true
-        session.crashed = err.toString()
-        process.logger.error('session crashed', session.id, session.crashed)
+        session.state = SessionState.failed
+
+        session.failureReason = err.toString()
+
+        process.logger.error(
+          'session crashed',
+          session.id,
+          session.failureReason
+        )
       })
 
     // we have a triggered session - add to array
@@ -168,15 +176,19 @@ ${autoExecContent}`
     const codeFilePath = path.join(session.path, 'code.sas')
 
     // TODO: don't wait forever
-    while ((await fileExists(codeFilePath)) && !session.crashed) {}
+    while (
+      (await fileExists(codeFilePath)) &&
+      session.state !== SessionState.failed
+    ) {}
 
-    if (session.crashed)
+    if (session.state === SessionState.failed) {
       process.logger.error(
         'session crashed! while waiting to be ready',
-        session.crashed
+        session.failureReason
       )
-
-    session.ready = true
+    } else {
+      session.state = SessionState.pending
+    }
   }
 
   private async deleteSession(session: Session) {
@@ -192,14 +204,31 @@ ${autoExecContent}`
   private scheduleSessionDestroy(session: Session) {
     setTimeout(
       async () => {
-        if (session.inUse) {
+        if (session.state === SessionState.running) {
           // adding 10 more minutes
-          const newDeathTimeStamp = parseInt(session.deathTimeStamp) + 10 * 1000
+          const newDeathTimeStamp =
+            parseInt(session.deathTimeStamp) + 10 * 60 * 1000
           session.deathTimeStamp = newDeathTimeStamp.toString()
 
           this.scheduleSessionDestroy(session)
         } else {
-          await this.deleteSession(session)
+          const { expiresAfterMins } = session
+
+          // delay session destroy if expiresAfterMins present
+          if (expiresAfterMins && session.state !== SessionState.completed) {
+            // calculate session death time using expiresAfterMins
+            const newDeathTimeStamp =
+              parseInt(session.deathTimeStamp) +
+              expiresAfterMins.mins * 60 * 1000
+            session.deathTimeStamp = newDeathTimeStamp.toString()
+
+            // set expiresAfterMins to true to avoid using it again
+            session.expiresAfterMins!.used = true
+
+            this.scheduleSessionDestroy(session)
+          } else {
+            await this.deleteSession(session)
+          }
         }
       },
       parseInt(session.deathTimeStamp) - new Date().getTime() - 100

api/src/controllers/internal/createJSProgram.ts

@@ -15,7 +15,7 @@ export const createJSProgram = async (
 ) => {
   const varStatments = Object.keys(vars).reduce(
     (computed: string, key: string) =>
-      `${computed}const ${key} = '${vars[key]}';\n`,
+      `${computed}const ${key} = \`${vars[key]}\`;\n`,
     ''
   )
 

api/src/controllers/internal/processProgram.ts

@@ -3,7 +3,7 @@ import { WriteStream, createWriteStream } from 'fs'
 import { execFile } from 'child_process'
 import { once } from 'stream'
 import { createFile, moveFile } from '@sasjs/utils'
-import { PreProgramVars, Session } from '../../types'
+import { PreProgramVars, Session, SessionState } from '../../types'
 import { RunTimeType } from '../../utils'
 import {
   ExecutionVars,
@@ -49,7 +49,7 @@ export const processProgram = async (
     await moveFile(codePath + '.bkp', codePath)
 
     // we now need to poll the session status
-    while (!session.completed) {
+    while (session.state !== SessionState.completed) {
       await delay(50)
     }
   } else {
@@ -114,13 +114,20 @@ export const processProgram = async (
 
     await execFilePromise(executablePath, [codePath], writeStream)
       .then(() => {
-        session.completed = true
+        session.state = SessionState.completed
+
         process.logger.info('session completed', session)
       })
       .catch((err) => {
-        session.completed = true
-        session.crashed = err.toString()
-        process.logger.error('session crashed', session.id, session.crashed)
+        session.state = SessionState.failed
+
+        session.failureReason = err.toString()
+
+        process.logger.error(
+          'session crashed',
+          session.id,
+          session.failureReason
+        )
       })
 
     // copy the code file to log and end write stream

api/src/controllers/permission.ts

@@ -56,9 +56,9 @@ interface RegisterPermissionPayload {
   principalType: PrincipalType
   /**
    * The id of user or group to which a rule is assigned.
-   * @example 123
+   * @example 'groupIdString'
    */
-  principalId: number
+  principalId: string
 }
 
 interface UpdatePermissionPayload {
@@ -70,7 +70,7 @@ interface UpdatePermissionPayload {
 }
 
 export interface PermissionDetailsResponse {
-  permissionId: number
+  uid: string
   path: string
   type: string
   setting: string
@@ -91,24 +91,24 @@ export class PermissionController {
    */
   @Example<PermissionDetailsResponse[]>([
     {
-      permissionId: 123,
+      uid: 'permissionId1String',
       path: '/SASjsApi/code/execute',
       type: 'Route',
       setting: 'Grant',
       user: {
-        id: 1,
+        uid: 'user1-id',
         username: 'johnSnow01',
         displayName: 'John Snow',
         isAdmin: false
       }
     },
     {
-      permissionId: 124,
+      uid: 'permissionId2String',
       path: '/SASjsApi/code/execute',
       type: 'Route',
       setting: 'Grant',
       group: {
-        groupId: 1,
+        uid: 'group1-id',
         name: 'DCGroup',
         description: 'This group represents Data Controller Users',
         isActive: true,
@@ -128,12 +128,12 @@ export class PermissionController {
    *
    */
   @Example<PermissionDetailsResponse>({
-    permissionId: 123,
+    uid: 'permissionIdString',
     path: '/SASjsApi/code/execute',
     type: 'Route',
     setting: 'Grant',
     user: {
-      id: 1,
+      uid: 'userIdString',
       username: 'johnSnow01',
       displayName: 'John Snow',
       isAdmin: false
@@ -149,36 +149,36 @@ export class PermissionController {
   /**
    * @summary Update permission setting. Admin only
    * @param permissionId The permission's identifier
-   * @example permissionId 1234
+   * @example permissionId "permissionIdString"
    */
   @Example<PermissionDetailsResponse>({
-    permissionId: 123,
+    uid: 'permissionIdString',
     path: '/SASjsApi/code/execute',
     type: 'Route',
     setting: 'Grant',
     user: {
-      id: 1,
+      uid: 'userIdString',
       username: 'johnSnow01',
       displayName: 'John Snow',
       isAdmin: false
     }
   })
-  @Patch('{permissionId}')
+  @Patch('{uid}')
   public async updatePermission(
-    @Path() permissionId: number,
+    @Path() uid: string,
     @Body() body: UpdatePermissionPayload
   ): Promise<PermissionDetailsResponse> {
-    return updatePermission(permissionId, body)
+    return updatePermission(uid, body)
   }
 
   /**
    * @summary Delete a permission. Admin only.
    * @param permissionId The user's identifier
-   * @example permissionId 1234
+   * @example permissionId "permissionIdString"
    */
-  @Delete('{permissionId}')
-  public async deletePermission(@Path() permissionId: number) {
-    return deletePermission(permissionId)
+  @Delete('{uid}')
+  public async deletePermission(@Path() uid: string) {
+    return deletePermission(uid)
   }
 }
 
@@ -191,7 +191,7 @@ const getAllPermissions = async (
   else {
     const permissions: PermissionDetailsResponse[] = []
 
-    const dbUser = await User.findOne({ id: user?.userId })
+    const dbUser = await User.findOne({ _id: user?.userId })
     if (!dbUser)
       throw {
         code: 404,
@@ -227,7 +227,7 @@ const createPermission = async ({
 
   switch (principalType) {
     case PrincipalType.user: {
-      const userInDB = await User.findOne({ id: principalId })
+      const userInDB = await User.findOne({ _id: principalId })
       if (!userInDB)
         throw {
           code: 404,
@@ -259,7 +259,7 @@ const createPermission = async ({
       permission.user = userInDB._id
 
       user = {
-        id: userInDB.id,
+        uid: userInDB.uid,
         username: userInDB.username,
         displayName: userInDB.displayName,
         isAdmin: userInDB.isAdmin
@@ -267,7 +267,7 @@ const createPermission = async ({
       break
     }
     case PrincipalType.group: {
-      const groupInDB = await Group.findOne({ groupId: principalId })
+      const groupInDB = await Group.findOne({ _id: principalId })
       if (!groupInDB)
         throw {
           code: 404,
@@ -291,13 +291,13 @@ const createPermission = async ({
       permission.group = groupInDB._id
 
       group = {
-        groupId: groupInDB.groupId,
+        uid: groupInDB.uid,
         name: groupInDB.name,
         description: groupInDB.description,
         isActive: groupInDB.isActive,
         users: groupInDB.populate({
           path: 'users',
-          select: 'id username displayName isAdmin -_id',
+          select: 'uid username displayName isAdmin -_id',
           options: { limit: 15 }
         }) as unknown as UserResponse[]
       }
@@ -314,7 +314,7 @@ const createPermission = async ({
   const savedPermission = await permission.save()
 
   return {
-    permissionId: savedPermission.permissionId,
+    uid: savedPermission.uid,
     path: savedPermission.path,
     type: savedPermission.type,
     setting: savedPermission.setting,
@@ -324,27 +324,21 @@ const createPermission = async ({
 }
 
 const updatePermission = async (
-  id: number,
+  uid: string,
   data: UpdatePermissionPayload
 ): Promise<PermissionDetailsResponse> => {
   const { setting } = data
 
   const updatedPermission = (await Permission.findOneAndUpdate(
-    { permissionId: id },
+    { _id: uid },
     { setting },
     { new: true }
   )
-    .select({
-      _id: 0,
-      permissionId: 1,
-      path: 1,
-      type: 1,
-      setting: 1
-    })
-    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
+    .select('uid path type setting')
+    .populate({ path: 'user', select: 'uid username displayName isAdmin' })
     .populate({
       path: 'group',
-      select: 'groupId name description -_id'
+      select: 'groupId name description'
     })) as unknown as PermissionDetailsResponse
   if (!updatedPermission)
     throw {
@@ -356,13 +350,13 @@ const updatePermission = async (
   return updatedPermission
 }
 
-const deletePermission = async (id: number) => {
-  const permission = await Permission.findOne({ permissionId: id })
+const deletePermission = async (uid: string) => {
+  const permission = await Permission.findOne({ _id: uid })
   if (!permission)
     throw {
       code: 404,
       status: 'Not Found',
       message: 'Permission not found.'
     }
-  await Permission.deleteOne({ permissionId: id })
+  await Permission.deleteOne({ _id: uid })
 }

api/src/controllers/session.ts

@@ -1,9 +1,12 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Example, Get } from 'tsoa'
 import { UserResponse } from './user'
+import { getSessionController } from './internal'
+import { SessionState } from '../types'
 
-interface SessionResponse extends UserResponse {
-  needsToUpdatePassword: boolean
+interface SessionResponse extends Omit<UserResponse, 'uid'> {
+  id: string
+  needsToUpdatePassword?: boolean
 }
 
 @Security('bearerAuth')
@@ -14,11 +17,12 @@ export class SessionController {
    * @summary Get session info (username).
    *
    */
-  @Example<UserResponse>({
-    id: 123,
+  @Example<SessionResponse>({
+    id: 'userIdString',
     username: 'johnusername',
     displayName: 'John',
-    isAdmin: false
+    isAdmin: false,
+    needsToUpdatePassword: false
   })
   @Get('/')
   public async session(
@@ -26,6 +30,18 @@ export class SessionController {
   ): Promise<SessionResponse> {
     return session(request)
   }
+
+  /**
+   * The polling endpoint is currently implemented for single-server deployments only.<br>
+   * Load balanced / grid topologies will be supported in a future release.<br>
+   * If your site requires this, please reach out to SASjs Support.
+   * @summary Get session state (initialising, pending, running, completed, failed).
+   * @example completed
+   */
+  @Get('/:sessionId/state')
+  public async sessionState(sessionId: string): Promise<SessionState> {
+    return sessionState(sessionId)
+  }
 }
 
 const session = (req: express.Request) => ({
@@ -35,3 +51,23 @@ const session = (req: express.Request) => ({
   isAdmin: req.user!.isAdmin,
   needsToUpdatePassword: req.user!.needsToUpdatePassword
 })
+
+const sessionState = (sessionId: string): SessionState => {
+  for (let runTime of process.runTimes) {
+    // get session controller for each available runTime
+    const sessionController = getSessionController(runTime)
+
+    // get session by sessionId
+    const session = sessionController.getSessionById(sessionId)
+
+    // return session state if session was found
+    if (session) {
+      return session.state
+    }
+  }
+
+  throw {
+    code: 404,
+    message: `Session with ID '${sessionId}' was not found.`
+  }
+}

api/src/controllers/stp.ts

@@ -1,13 +1,16 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Post, Body, Get, Query } from 'tsoa'
-import { ExecutionController, ExecutionVars } from './internal'
+import {
+  ExecutionController,
+  ExecutionVars,
+  getSessionController
+} from './internal'
 import {
   getPreProgramVariables,
   makeFilesNamesMap,
   getRunTimeAndFilePath
 } from '../utils'
 import { MulterFile } from '../types/Upload'
-import { debug } from 'console'
 
 interface ExecutePostRequestPayload {
   /**
@@ -17,6 +20,36 @@ interface ExecutePostRequestPayload {
   _program?: string
 }
 
+interface TriggerProgramPayload {
+  /**
+   * Location of SAS program.
+   * @example "/Public/somefolder/some.file"
+   */
+  _program: string
+  /**
+   * Amount of minutes after the completion of the program when the session must be
+   * destroyed.
+   * @example 15
+   */
+  expiresAfterMins?: number
+  /**
+   * Query param for setting debug mode.
+   */
+  _debug?: number
+}
+
+interface TriggerProgramResponse {
+  /**
+   * `sessionId` is the ID of the session and the name of the temporary folder
+   * used to store program outputs.<br><br>
+   * For SAS, this would be the location of the SASWORK folder.<br><br>
+   * `sessionId` can be used to poll session state using the
+   * GET /SASjsApi/session/{sessionId}/state endpoint.
+   * @example "20241028074744-54132-1730101664824"
+   */
+  sessionId: string
+}
+
 @Security('bearerAuth')
 @Route('SASjsApi/stp')
 @Tags('STP')
@@ -30,8 +63,8 @@ export class STPController {
    * https://server.sasjs.io/storedprograms
    *
    * @summary Execute a Stored Program, returns _webout and (optionally) log.
-   * @param _program Location of code in SASjs Drive
-   * @param _debug Optional query param for setting debug mode, which will return the session log.
+   * @param _program Location of Stored Program in SASjs Drive.
+   * @param _debug Optional query param for setting debug mode (returns the session log in the response body).
    * @example _program "/Projects/myApp/some/program"
    * @example _debug 131
    */
@@ -79,6 +112,26 @@ export class STPController {
 
     return execute(request, program!, vars, otherArgs)
   }
+
+  /**
+   * Trigger Program on the Specified Runtime.
+   * @summary Triggers program and returns SessionId immediately - does not wait for program completion.
+   * @param _program Location of code in SASjs Drive.
+   * @param expiresAfterMins Optional query param for setting amount of minutes after the completion of the program when the session must be destroyed.
+   * @param _debug Optional query param for setting debug mode.
+   * @example _program "/Projects/myApp/some/program"
+   * @example _debug 131
+   * @example expiresAfterMins 15
+   */
+  @Post('/trigger')
+  public async triggerProgram(
+    @Request() request: express.Request,
+    @Query() _program: string,
+    @Query() _debug?: number,
+    @Query() expiresAfterMins?: number
+  ): Promise<TriggerProgramResponse> {
+    return triggerProgram(request, { _program, _debug, expiresAfterMins })
+  }
 }
 
 const execute = async (
@@ -117,3 +170,52 @@ const execute = async (
     }
   }
 }
+
+const triggerProgram = async (
+  req: express.Request,
+  { _program, _debug, expiresAfterMins }: TriggerProgramPayload
+): Promise<TriggerProgramResponse> => {
+  try {
+    // put _program query param into vars object
+    const vars: { [key: string]: string | number } = { _program }
+
+    // if present add _debug query param to vars object
+    if (_debug) {
+      vars._debug = _debug
+    }
+
+    // get code path and runTime
+    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
+
+    // get session controller based on runTime
+    const sessionController = getSessionController(runTime)
+
+    // get session
+    const session = await sessionController.getSession()
+
+    // add expiresAfterMins to session if provided
+    if (expiresAfterMins) {
+      // expiresAfterMins.used is set initially to false
+      session.expiresAfterMins = { mins: expiresAfterMins, used: false }
+    }
+
+    // call executeFile method of ExecutionController without awaiting
+    new ExecutionController().executeFile({
+      programPath: codePath,
+      runTime,
+      preProgramVariables: getPreProgramVariables(req),
+      vars,
+      session
+    })
+
+    // return session id
+    return { sessionId: session.id }
+  } catch (err: any) {
+    throw {
+      code: 400,
+      status: 'failure',
+      message: 'Job execution failed.',
+      error: typeof err === 'object' ? err.toString() : err
+    }
+  }
+}

api/src/controllers/user.ts

@@ -26,18 +26,14 @@ import {
 import { GroupController, GroupResponse } from './group'
 
 export interface UserResponse {
-  id: number
+  uid: string
   username: string
   displayName: string
   isAdmin: boolean
 }
 
-export interface UserDetailsResponse {
-  id: number
-  displayName: string
-  username: string
+export interface UserDetailsResponse extends UserResponse {
   isActive: boolean
-  isAdmin: boolean
   autoExec?: string
   groups?: GroupResponse[]
 }
@@ -52,13 +48,13 @@ export class UserController {
    */
   @Example<UserResponse[]>([
     {
-      id: 123,
+      uid: 'userIdString',
       username: 'johnusername',
       displayName: 'John',
       isAdmin: false
     },
     {
-      id: 456,
+      uid: 'anotherUserIdString',
       username: 'starkusername',
       displayName: 'Stark',
       isAdmin: true
@@ -74,7 +70,7 @@ export class UserController {
    *
    */
   @Example<UserDetailsResponse>({
-    id: 1234,
+    uid: 'userIdString',
     displayName: 'John Snow',
     username: 'johnSnow01',
     isAdmin: false,
@@ -111,20 +107,20 @@ export class UserController {
    * Only Admin or user itself will get user autoExec code.
    * @summary Get user properties - such as group memberships, userName, displayName.
    * @param userId The user's identifier
-   * @example userId 1234
+   * @example userId "userIdString"
    */
-  @Get('{userId}')
+  @Get('{uid}')
   public async getUser(
     @Request() req: express.Request,
-    @Path() userId: number
+    @Path() uid: string
   ): Promise<UserDetailsResponse> {
     const { MODE } = process.env
 
     if (MODE === ModeType.Desktop) return getDesktopAutoExec()
 
     const { user } = req
-    const getAutoExec = user!.isAdmin || user!.userId == userId
-    return getUser({ id: userId }, getAutoExec)
+    const getAutoExec = user!.isAdmin || user!.userId === uid
+    return getUser({ _id: uid }, getAutoExec)
   }
 
   /**
@@ -133,7 +129,7 @@ export class UserController {
    * @example username "johnSnow01"
    */
   @Example<UserDetailsResponse>({
-    id: 1234,
+    uid: 'userIdString',
     displayName: 'John Snow',
     username: 'johnSnow01',
     isAdmin: false,
@@ -158,7 +154,7 @@ export class UserController {
    * @example userId "1234"
    */
   @Example<UserDetailsResponse>({
-    id: 1234,
+    uid: 'userIdString',
     displayName: 'John Snow',
     username: 'johnSnow01',
     isAdmin: false,
@@ -166,7 +162,7 @@ export class UserController {
   })
   @Patch('{userId}')
   public async updateUser(
-    @Path() userId: number,
+    @Path() userId: string,
     @Body() body: UserPayload
   ): Promise<UserDetailsResponse> {
     const { MODE } = process.env
@@ -174,7 +170,7 @@ export class UserController {
     if (MODE === ModeType.Desktop)
       return updateDesktopAutoExec(body.autoExec ?? '')
 
-    return updateUser({ id: userId }, body)
+    return updateUser({ _id: userId }, body)
   }
 
   /**
@@ -198,18 +194,16 @@ export class UserController {
    */
   @Delete('{userId}')
   public async deleteUser(
-    @Path() userId: number,
+    @Path() userId: string,
     @Body() body: { password?: string },
     @Query() @Hidden() isAdmin: boolean = false
   ) {
-    return deleteUser({ id: userId }, isAdmin, body)
+    return deleteUser({ _id: userId }, isAdmin, body)
   }
 }
 
 const getAllUsers = async (): Promise<UserResponse[]> =>
-  await User.find({})
-    .select({ _id: 0, id: 1, username: 1, displayName: 1, isAdmin: 1 })
-    .exec()
+  await User.find({}).select('uid username displayName isAdmin').exec()
 
 const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
   const { displayName, username, password, isAdmin, isActive, autoExec } = data
@@ -239,15 +233,15 @@ const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
 
   const groupController = new GroupController()
   const allUsersGroup = await groupController
-    .getGroupByGroupName(ALL_USERS_GROUP.name)
+    .getGroupByName(ALL_USERS_GROUP.name)
     .catch(() => {})
 
   if (allUsersGroup) {
-    await groupController.addUserToGroup(allUsersGroup.groupId, savedUser.id)
+    await groupController.addUserToGroup(allUsersGroup.uid, savedUser.uid)
   }
 
   return {
-    id: savedUser.id,
+    uid: savedUser.uid,
     displayName: savedUser.displayName,
     username: savedUser.username,
     isActive: savedUser.isActive,
@@ -256,8 +250,8 @@ const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
   }
 }
 
-interface GetUserBy {
-  id?: number
+export interface GetUserBy {
+  _id?: string
   username?: string
 }
 
@@ -267,10 +261,10 @@ const getUser = async (
 ): Promise<UserDetailsResponse> => {
   const user = (await User.findOne(
     findBy,
-    `id displayName username isActive isAdmin autoExec -_id`
+    `uid displayName username isActive isAdmin autoExec`
   ).populate(
     'groups',
-    'groupId name description -_id'
+    'uid name description'
   )) as unknown as UserDetailsResponse
 
   if (!user)
@@ -280,12 +274,12 @@ const getUser = async (
     }
 
   return {
-    id: user.id,
+    uid: user.uid,
     displayName: user.displayName,
     username: user.username,
     isActive: user.isActive,
     isAdmin: user.isAdmin,
-    autoExec: getAutoExec ? user.autoExec ?? '' : undefined,
+    autoExec: getAutoExec ? (user.autoExec ?? '') : undefined,
     groups: user.groups
   }
 }
@@ -293,7 +287,7 @@ const getUser = async (
 const getDesktopAutoExec = async () => {
   return {
     ...desktopUser,
-    id: desktopUser.userId,
+    uid: desktopUser.userId,
     autoExec: await getUserAutoExec()
   }
 }
@@ -329,8 +323,8 @@ const updateUser = async (
     const usernameExist = await User.findOne({ username })
     if (usernameExist) {
       if (
-        (findBy.id && usernameExist.id != findBy.id) ||
-        (findBy.username && usernameExist.username != findBy.username)
+        (findBy._id && usernameExist.uid !== findBy._id) ||
+        (findBy.username && usernameExist.username !== findBy.username)
       )
         throw {
           code: 409,
@@ -350,11 +344,11 @@ const updateUser = async (
   if (!updatedUser)
     throw {
       code: 404,
-      message: `Unable to find user with ${findBy.id || findBy.username}`
+      message: `Unable to find user with ${findBy._id || findBy.username}`
     }
 
   return {
-    id: updatedUser.id,
+    uid: updatedUser.uid,
     username: updatedUser.username,
     displayName: updatedUser.displayName,
     isAdmin: updatedUser.isAdmin,
@@ -367,7 +361,7 @@ const updateDesktopAutoExec = async (autoExec: string) => {
   await updateUserAutoExec(autoExec)
   return {
     ...desktopUser,
-    id: desktopUser.userId,
+    uid: desktopUser.userId,
     autoExec
   }
 }

api/src/middlewares/authenticateToken.ts

@@ -76,7 +76,7 @@ const authenticateToken = async (
   const { MODE } = process.env
   if (MODE === ModeType.Desktop) {
     req.user = {
-      userId: 1234,
+      userId: '1234',
       clientId: 'desktopModeClientId',
       username: 'desktopModeUsername',
       displayName: 'desktopModeDisplayName',

api/src/middlewares/authorize.ts

@@ -18,7 +18,7 @@ export const authorize: RequestHandler = async (req, res, next) => {
   // no need to check for permissions when route is Public
   if (await isPublicRoute(req)) return next()
 
-  const dbUser = await User.findOne({ id: user.userId })
+  const dbUser = await User.findOne({ _id: user.userId })
   if (!dbUser) return res.sendStatus(401)
 
   const path = getPath(req)

api/src/middlewares/desktop.ts

@@ -28,7 +28,7 @@ export const desktopRestrict: RequestHandler = (req, res, next) => {
 }
 
 export const desktopUser: RequestUser = {
-  userId: 12345,
+  userId: '12345',
   clientId: 'desktop_app',
   username: userInfo().username,
   displayName: userInfo().username,

api/src/middlewares/verifyAdminIfNeeded.ts

@@ -8,8 +8,8 @@ export const verifyAdminIfNeeded: RequestHandler = (req, res, next) => {
   if (!user?.isAdmin) {
     let adminAccountRequired: boolean = true
 
-    if (req.params.userId) {
-      adminAccountRequired = user?.userId !== parseInt(req.params.userId)
+    if (req.params.uid) {
+      adminAccountRequired = user?.userId !== req.params.uid
     } else if (req.params.username) {
       adminAccountRequired = user?.username !== req.params.username
     }

api/src/model/Counter.ts

@@ -1,15 +0,0 @@
-import mongoose, { Schema } from 'mongoose'
-
-const CounterSchema = new Schema({
-  id: {
-    type: String,
-    required: true,
-    unique: true
-  },
-  seq: {
-    type: Number,
-    required: true
-  }
-})
-
-export default mongoose.model('Counter', CounterSchema)

api/src/model/Group.ts

@@ -1,9 +1,9 @@
 import { Schema, model, Document, Model } from 'mongoose'
 import { GroupDetailsResponse } from '../controllers'
 import User, { IUser } from './User'
-import { AuthProviderType, getSequenceNextValue } from '../utils'
+import { AuthProviderType } from '../utils'
 
-export const PUBLIC_GROUP_NAME = 'Public'
+export const PUBLIC_GROUP_NAME = 'public'
 
 export interface GroupPayload {
   /**
@@ -24,10 +24,12 @@ export interface GroupPayload {
 }
 
 interface IGroupDocument extends GroupPayload, Document {
-  groupId: number
   isActive: boolean
   users: Schema.Types.ObjectId[]
   authProvider?: AuthProviderType
+
+  // Declare virtual properties as read-only properties
+  readonly uid: string
 }
 
 interface IGroup extends IGroupDocument {
@@ -37,40 +39,46 @@ interface IGroup extends IGroupDocument {
 }
 interface IGroupModel extends Model<IGroup> {}
 
-const groupSchema = new Schema<IGroupDocument>({
-  name: {
-    type: String,
-    required: true,
-    unique: true
-  },
-  groupId: {
-    type: Number,
-    unique: true
-  },
-  description: {
-    type: String,
-    default: 'Group description.'
-  },
-  authProvider: {
-    type: String,
-    enum: AuthProviderType
-  },
-  isActive: {
-    type: Boolean,
-    default: true
-  },
-  users: [{ type: Schema.Types.ObjectId, ref: 'User' }]
-})
-
-// Hooks
-groupSchema.pre('save', async function () {
-  if (this.isNew) {
-    this.groupId = await getSequenceNextValue('groupId')
+const opts = {
+  toJSON: {
+    virtuals: true,
+    transform: function (doc: any, ret: any, options: any) {
+      delete ret._id
+      delete ret.id
+      return ret
+    }
   }
+}
+const groupSchema = new Schema<IGroupDocument>(
+  {
+    name: {
+      type: String,
+      required: true,
+      unique: true
+    },
+    description: {
+      type: String,
+      default: 'Group description.'
+    },
+    authProvider: {
+      type: String,
+      enum: AuthProviderType
+    },
+    isActive: {
+      type: Boolean,
+      default: true
+    },
+    users: [{ type: Schema.Types.ObjectId, ref: 'User' }]
+  },
+  opts
+)
+
+groupSchema.virtual('uid').get(function () {
+  return this._id.toString()
 })
 
 groupSchema.post('save', function (group: IGroup, next: Function) {
-  group.populate('users', 'id username displayName -_id').then(function () {
+  group.populate('users', 'uid username displayName').then(function () {
     next()
   })
 })

api/src/model/Permission.ts

@@ -1,6 +1,5 @@
 import { Schema, model, Document, Model } from 'mongoose'
 import { PermissionDetailsResponse } from '../controllers'
-import { getSequenceNextValue } from '../utils'
 
 interface GetPermissionBy {
   user?: Schema.Types.ObjectId
@@ -11,9 +10,11 @@ interface IPermissionDocument extends Document {
   path: string
   type: string
   setting: string
-  permissionId: number
   user: Schema.Types.ObjectId
   group: Schema.Types.ObjectId
+
+  // Declare virtual properties as read-only properties
+  readonly uid: string
 }
 
 interface IPermission extends IPermissionDocument {}
@@ -22,32 +23,39 @@ interface IPermissionModel extends Model<IPermission> {
   get(getBy: GetPermissionBy): Promise<PermissionDetailsResponse[]>
 }
 
-const permissionSchema = new Schema<IPermissionDocument>({
-  permissionId: {
-    type: Number,
-    unique: true
-  },
-  path: {
-    type: String,
-    required: true
-  },
-  type: {
-    type: String,
-    required: true
-  },
-  setting: {
-    type: String,
-    required: true
-  },
-  user: { type: Schema.Types.ObjectId, ref: 'User' },
-  group: { type: Schema.Types.ObjectId, ref: 'Group' }
-})
-
-// Hooks
-permissionSchema.pre('save', async function () {
-  if (this.isNew) {
-    this.permissionId = await getSequenceNextValue('permissionId')
+const opts = {
+  toJSON: {
+    virtuals: true,
+    transform: function (doc: any, ret: any, options: any) {
+      delete ret._id
+      delete ret.id
+      return ret
+    }
   }
+}
+
+const permissionSchema = new Schema<IPermissionDocument>(
+  {
+    path: {
+      type: String,
+      required: true
+    },
+    type: {
+      type: String,
+      required: true
+    },
+    setting: {
+      type: String,
+      required: true
+    },
+    user: { type: Schema.Types.ObjectId, ref: 'User' },
+    group: { type: Schema.Types.ObjectId, ref: 'Group' }
+  },
+  opts
+)
+
+permissionSchema.virtual('uid').get(function () {
+  return this._id.toString()
 })
 
 // Static Methods
@@ -55,20 +63,14 @@ permissionSchema.static('get', async function (getBy: GetPermissionBy): Promise<
   PermissionDetailsResponse[]
 > {
   return (await this.find(getBy)
-    .select({
-      _id: 0,
-      permissionId: 1,
-      path: 1,
-      type: 1,
-      setting: 1
-    })
-    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
+    .select('uid path type setting')
+    .populate({ path: 'user', select: 'uid username displayName isAdmin' })
     .populate({
       path: 'group',
-      select: 'groupId name description -_id',
+      select: 'uid name description',
       populate: {
         path: 'users',
-        select: 'id username displayName isAdmin -_id',
+        select: 'uid username displayName isAdmin',
         options: { limit: 15 }
       }
     })) as unknown as PermissionDetailsResponse[]

api/src/model/User.ts

@@ -1,6 +1,6 @@
-import { Schema, model, Document, Model } from 'mongoose'
+import { Schema, model, Document, Model, ObjectId } from 'mongoose'
 import bcrypt from 'bcryptjs'
-import { AuthProviderType, getSequenceNextValue } from '../utils'
+import { AuthProviderType } from '../utils'
 
 export interface UserPayload {
   /**
@@ -36,7 +36,6 @@ export interface UserPayload {
 
 interface IUserDocument extends UserPayload, Document {
   _id: Schema.Types.ObjectId
-  id: number
   isAdmin: boolean
   isActive: boolean
   needsToUpdatePassword: boolean
@@ -44,6 +43,9 @@ interface IUserDocument extends UserPayload, Document {
   groups: Schema.Types.ObjectId[]
   tokens: [{ [key: string]: string }]
   authProvider?: AuthProviderType
+
+  // Declare virtual properties as read-only properties
+  readonly uid: string
 }
 
 export interface IUser extends IUserDocument {
@@ -54,70 +56,74 @@ export interface IUser extends IUserDocument {
 interface IUserModel extends Model<IUser> {
   hashPassword(password: string): string
 }
-
-const userSchema = new Schema<IUserDocument>({
-  displayName: {
-    type: String,
-    required: true
-  },
-  username: {
-    type: String,
-    required: true,
-    unique: true
-  },
-  id: {
-    type: Number,
-    unique: true
-  },
-  password: {
-    type: String,
-    required: true
-  },
-  authProvider: {
-    type: String,
-    enum: AuthProviderType
-  },
-  isAdmin: {
-    type: Boolean,
-    default: false
-  },
-  isActive: {
-    type: Boolean,
-    default: true
-  },
-  needsToUpdatePassword: {
-    type: Boolean,
-    default: true
-  },
-  autoExec: {
-    type: String
-  },
-  groups: [{ type: Schema.Types.ObjectId, ref: 'Group' }],
-  tokens: [
-    {
-      clientId: {
-        type: String,
-        required: true
-      },
-      accessToken: {
-        type: String,
-        required: true
-      },
-      refreshToken: {
-        type: String,
-        required: true
-      }
+const opts = {
+  toJSON: {
+    virtuals: true,
+    transform: function (doc: any, ret: any, options: any) {
+      delete ret._id
+      delete ret.id
+      return ret
     }
-  ]
-})
-
-// Hooks
-userSchema.pre('save', async function (next) {
-  if (this.isNew) {
-    this.id = await getSequenceNextValue('id')
   }
+}
 
-  next()
+const userSchema = new Schema<IUserDocument>(
+  {
+    displayName: {
+      type: String,
+      required: true
+    },
+    username: {
+      type: String,
+      required: true,
+      unique: true
+    },
+    password: {
+      type: String,
+      required: true
+    },
+    authProvider: {
+      type: String,
+      enum: AuthProviderType
+    },
+    isAdmin: {
+      type: Boolean,
+      default: false
+    },
+    isActive: {
+      type: Boolean,
+      default: true
+    },
+    needsToUpdatePassword: {
+      type: Boolean,
+      default: true
+    },
+    autoExec: {
+      type: String
+    },
+    groups: [{ type: Schema.Types.ObjectId, ref: 'Group' }],
+    tokens: [
+      {
+        clientId: {
+          type: String,
+          required: true
+        },
+        accessToken: {
+          type: String,
+          required: true
+        },
+        refreshToken: {
+          type: String,
+          required: true
+        }
+      }
+    ]
+  },
+  opts
+)
+
+userSchema.virtual('uid').get(function () {
+  return this._id.toString()
 })
 
 // Static Methods

api/src/routes/api/code.ts

@@ -1,5 +1,5 @@
 import express from 'express'
-import { runCodeValidation } from '../../utils'
+import { runCodeValidation, triggerCodeValidation } from '../../utils'
 import { CodeController } from '../../controllers/'
 
 const runRouter = express.Router()
@@ -28,4 +28,22 @@ runRouter.post('/execute', async (req, res) => {
   }
 })
 
+runRouter.post('/trigger', async (req, res) => {
+  const { error, value: body } = triggerCodeValidation(req.body)
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.triggerCode(req, body)
+
+    res.status(200)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err)
+  }
+})
+
 export default runRouter

api/src/routes/api/group.ts

@@ -1,7 +1,11 @@
 import express from 'express'
 import { GroupController } from '../../controllers/'
 import { authenticateAccessToken, verifyAdmin } from '../../middlewares'
-import { getGroupValidation, registerGroupValidation } from '../../utils'
+import {
+  getGroupValidation,
+  registerGroupValidation,
+  uidValidation
+} from '../../utils'
 
 const groupRouter = express.Router()
 
@@ -33,12 +37,15 @@ groupRouter.get('/', authenticateAccessToken, async (req, res) => {
   }
 })
 
-groupRouter.get('/:groupId', authenticateAccessToken, async (req, res) => {
-  const { groupId } = req.params
+groupRouter.get('/:uid', authenticateAccessToken, async (req, res) => {
+  const { error: uidError, value: params } = uidValidation(req.params)
+  if (uidError) return res.status(400).send(uidError.details[0].message)
+
+  const { uid } = params
 
   const controller = new GroupController()
   try {
-    const response = await controller.getGroup(parseInt(groupId))
+    const response = await controller.getGroup(uid)
     res.send(response)
   } catch (err: any) {
     res.status(err.code).send(err.message)
@@ -56,7 +63,7 @@ groupRouter.get(
 
     const controller = new GroupController()
     try {
-      const response = await controller.getGroupByGroupName(name)
+      const response = await controller.getGroupByName(name)
       res.send(response)
     } catch (err: any) {
       res.status(err.code).send(err.message)
@@ -65,18 +72,15 @@ groupRouter.get(
 )
 
 groupRouter.post(
-  '/:groupId/:userId',
+  '/:groupUid/:userUid',
   authenticateAccessToken,
   verifyAdmin,
   async (req, res) => {
-    const { groupId, userId } = req.params
+    const { groupUid, userUid } = req.params
 
     const controller = new GroupController()
     try {
-      const response = await controller.addUserToGroup(
-        parseInt(groupId),
-        parseInt(userId)
-      )
+      const response = await controller.addUserToGroup(groupUid, userUid)
       res.send(response)
     } catch (err: any) {
       res.status(err.code).send(err.message)
@@ -85,18 +89,15 @@ groupRouter.post(
 )
 
 groupRouter.delete(
-  '/:groupId/:userId',
+  '/:groupUid/:userUid',
   authenticateAccessToken,
   verifyAdmin,
   async (req, res) => {
-    const { groupId, userId } = req.params
+    const { groupUid, userUid } = req.params
 
     const controller = new GroupController()
     try {
-      const response = await controller.removeUserFromGroup(
-        parseInt(groupId),
-        parseInt(userId)
-      )
+      const response = await controller.removeUserFromGroup(groupUid, userUid)
       res.send(response)
     } catch (err: any) {
       res.status(err.code).send(err.message)
@@ -105,15 +106,18 @@ groupRouter.delete(
 )
 
 groupRouter.delete(
-  '/:groupId',
+  '/:uid',
   authenticateAccessToken,
   verifyAdmin,
   async (req, res) => {
-    const { groupId } = req.params
+    const { error: uidError, value: params } = uidValidation(req.params)
+    if (uidError) return res.status(400).send(uidError.details[0].message)
+
+    const { uid } = params
 
     const controller = new GroupController()
     try {
-      await controller.deleteGroup(parseInt(groupId))
+      await controller.deleteGroup(uid)
       res.status(200).send('Group Deleted!')
     } catch (err: any) {
       res.status(err.code).send(err.message)

api/src/routes/api/permission.ts

@@ -3,6 +3,7 @@ import { PermissionController } from '../../controllers/'
 import { verifyAdmin } from '../../middlewares'
 import {
   registerPermissionValidation,
+  uidValidation,
   updatePermissionValidation
 } from '../../utils'
 
@@ -34,14 +35,17 @@ permissionRouter.post('/', verifyAdmin, async (req, res) => {
   }
 })
 
-permissionRouter.patch('/:permissionId', verifyAdmin, async (req: any, res) => {
-  const { permissionId } = req.params
+permissionRouter.patch('/:uid', verifyAdmin, async (req: any, res) => {
+  const { error: uidError, value: params } = uidValidation(req.params)
+  if (uidError) return res.status(400).send(uidError.details[0].message)
+
+  const { uid } = params
 
   const { error, value: body } = updatePermissionValidation(req.body)
   if (error) return res.status(400).send(error.details[0].message)
 
   try {
-    const response = await controller.updatePermission(permissionId, body)
+    const response = await controller.updatePermission(uid, body)
     res.send(response)
   } catch (err: any) {
     const statusCode = err.code
@@ -50,20 +54,18 @@ permissionRouter.patch('/:permissionId', verifyAdmin, async (req: any, res) => {
   }
 })
 
-permissionRouter.delete(
-  '/:permissionId',
-  verifyAdmin,
-  async (req: any, res) => {
-    const { permissionId } = req.params
+permissionRouter.delete('/:uid', verifyAdmin, async (req: any, res) => {
+  const { error: uidError, value: params } = uidValidation(req.params)
+  if (uidError) return res.status(400).send(uidError.details[0].message)
 
-    try {
-      await controller.deletePermission(permissionId)
-      res.status(200).send('Permission Deleted!')
-    } catch (err: any) {
-      const statusCode = err.code
-      delete err.code
-      res.status(statusCode).send(err.message)
-    }
+  const { uid } = params
+  try {
+    await controller.deletePermission(uid)
+    res.status(200).send('Permission Deleted!')
+  } catch (err: any) {
+    const statusCode = err.code
+    delete err.code
+    res.status(statusCode).send(err.message)
   }
-)
+})
 export default permissionRouter

api/src/routes/api/session.ts

@@ -1,16 +1,37 @@
 import express from 'express'
 import { SessionController } from '../../controllers'
+import { sessionIdValidation } from '../../utils'
 
 const sessionRouter = express.Router()
 
+const controller = new SessionController()
+
 sessionRouter.get('/', async (req, res) => {
-  const controller = new SessionController()
   try {
     const response = await controller.session(req)
+
     res.send(response)
   } catch (err: any) {
     res.status(403).send(err.toString())
   }
 })
 
+sessionRouter.get('/:sessionId/state', async (req, res) => {
+  const { error, value: params } = sessionIdValidation(req.params)
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.sessionState(params.sessionId)
+
+    res.status(200)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err)
+  }
+})
+
 export default sessionRouter

api/src/routes/api/spec/auth.spec.ts

@@ -13,6 +13,7 @@ import {
   generateAccessToken,
   generateAuthCode,
   generateRefreshToken,
+  randomBytesHexString,
   saveTokensInDB,
   verifyTokenInDB
 } from '../../../utils'
@@ -20,7 +21,6 @@ import {
 const clientId = 'someclientID'
 const clientSecret = 'someclientSecret'
 const user = {
-  id: 1234,
   displayName: 'Test User',
   username: 'testUsername',
   password: '87654321',
@@ -52,7 +52,7 @@ describe('auth', () => {
   describe('token', () => {
     const userInfo: InfoJWT = {
       clientId,
-      userId: user.id
+      userId: randomBytesHexString(12)
     }
     beforeAll(async () => {
       await userController.createUser(user)
@@ -151,10 +151,10 @@ describe('auth', () => {
       currentUser = await userController.createUser(user)
       refreshToken = generateRefreshToken({
         clientId,
-        userId: currentUser.id
+        userId: currentUser.uid
       })
       await saveTokensInDB(
-        currentUser.id,
+        currentUser.uid,
         clientId,
         'accessToken',
         refreshToken
@@ -202,11 +202,11 @@ describe('auth', () => {
       currentUser = await userController.createUser(user)
       accessToken = generateAccessToken({
         clientId,
-        userId: currentUser.id
+        userId: currentUser.uid
       })
 
       await saveTokensInDB(
-        currentUser.id,
+        currentUser.uid,
         clientId,
         accessToken,
         'refreshToken'

api/src/routes/api/spec/client.spec.ts

@@ -40,10 +40,10 @@ describe('client', () => {
     const dbUser = await userController.createUser(adminUser)
     adminAccessToken = generateAccessToken({
       clientId: client.clientId,
-      userId: dbUser.id
+      userId: dbUser.uid
     })
     await saveTokensInDB(
-      dbUser.id,
+      dbUser.uid,
       client.clientId,
       adminAccessToken,
       'refreshToken'
@@ -95,10 +95,10 @@ describe('client', () => {
       const dbUser = await userController.createUser(user)
       const accessToken = generateAccessToken({
         clientId: client.clientId,
-        userId: dbUser.id
+        userId: dbUser.uid
       })
       await saveTokensInDB(
-        dbUser.id,
+        dbUser.uid,
         client.clientId,
         accessToken,
         'refreshToken'
@@ -212,10 +212,10 @@ describe('client', () => {
       const dbUser = await userController.createUser(user)
       const accessToken = generateAccessToken({
         clientId: client.clientId,
-        userId: dbUser.id
+        userId: dbUser.uid
       })
       await saveTokensInDB(
-        dbUser.id,
+        dbUser.uid,
         client.clientId,
         accessToken,
         'refreshToken'

api/src/routes/api/spec/drive.spec.ts

@@ -71,31 +71,31 @@ describe('drive', () => {
     con = await mongoose.connect(mongoServer.getUri())
 
     const dbUser = await controller.createUser(user)
-    accessToken = await generateAndSaveToken(dbUser.id)
+    accessToken = await generateAndSaveToken(dbUser.uid)
     await permissionController.createPermission({
       ...permission,
       path: '/SASjsApi/drive/deploy',
-      principalId: dbUser.id
+      principalId: dbUser.uid
     })
     await permissionController.createPermission({
       ...permission,
       path: '/SASjsApi/drive/deploy/upload',
-      principalId: dbUser.id
+      principalId: dbUser.uid
     })
     await permissionController.createPermission({
       ...permission,
       path: '/SASjsApi/drive/file',
-      principalId: dbUser.id
+      principalId: dbUser.uid
     })
     await permissionController.createPermission({
       ...permission,
       path: '/SASjsApi/drive/folder',
-      principalId: dbUser.id
+      principalId: dbUser.uid
     })
     await permissionController.createPermission({
       ...permission,
       path: '/SASjsApi/drive/rename',
-      principalId: dbUser.id
+      principalId: dbUser.uid
     })
   })
 
@@ -1197,7 +1197,7 @@ const getExampleService = (): ServiceMember =>
   ((getTreeExample().members[0] as FolderMember).members[0] as FolderMember)
     .members[0] as ServiceMember
 
-const generateAndSaveToken = async (userId: number) => {
+const generateAndSaveToken = async (userId: string) => {
   const adminAccessToken = generateAccessToken({
     clientId,
     userId

api/src/routes/api/spec/group.spec.ts

@@ -11,6 +11,7 @@ import {
 } from '../../../utils'
 import Group, { PUBLIC_GROUP_NAME } from '../../../model/Group'
 import User from '../../../model/User'
+import { randomBytes } from 'crypto'
 
 const clientId = 'someclientID'
 const adminUser = {
@@ -75,7 +76,7 @@ describe('group', () => {
         .send(group)
         .expect(200)
 
-      expect(res.body.groupId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.name).toEqual(group.name)
       expect(res.body.description).toEqual(group.description)
       expect(res.body.isActive).toEqual(true)
@@ -155,7 +156,7 @@ describe('group', () => {
       const dbGroup = await groupController.createGroup(group)
 
       const res = await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
@@ -174,17 +175,17 @@ describe('group', () => {
         username: 'deletegroup2'
       })
 
-      await groupController.addUserToGroup(dbGroup.groupId, dbUser1.id)
-      await groupController.addUserToGroup(dbGroup.groupId, dbUser2.id)
+      await groupController.addUserToGroup(dbGroup.uid, dbUser1.uid)
+      await groupController.addUserToGroup(dbGroup.uid, dbUser2.uid)
 
       await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
       const res1 = await request(app)
-        .get(`/SASjsApi/user/${dbUser1.id}`)
+        .get(`/SASjsApi/user/${dbUser1.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
@@ -192,7 +193,7 @@ describe('group', () => {
       expect(res1.body.groups).toEqual([])
 
       const res2 = await request(app)
-        .get(`/SASjsApi/user/${dbUser2.id}`)
+        .get(`/SASjsApi/user/${dbUser2.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
@@ -201,8 +202,10 @@ describe('group', () => {
     })
 
     it('should respond with Not Found if groupId is incorrect', async () => {
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .delete(`/SASjsApi/group/1234`)
+        .delete(`/SASjsApi/group/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -229,7 +232,7 @@ describe('group', () => {
       })
 
       const res = await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send()
         .expect(401)
@@ -245,15 +248,15 @@ describe('group', () => {
     })
 
     it('should respond with group', async () => {
-      const { groupId } = await groupController.createGroup(group)
+      const { uid } = await groupController.createGroup(group)
 
       const res = await request(app)
-        .get(`/SASjsApi/group/${groupId}`)
+        .get(`/SASjsApi/group/${uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
-      expect(res.body.groupId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.name).toEqual(group.name)
       expect(res.body.description).toEqual(group.description)
       expect(res.body.isActive).toEqual(true)
@@ -266,15 +269,15 @@ describe('group', () => {
         username: 'get' + user.username
       })
 
-      const { groupId } = await groupController.createGroup(group)
+      const { uid } = await groupController.createGroup(group)
 
       const res = await request(app)
-        .get(`/SASjsApi/group/${groupId}`)
+        .get(`/SASjsApi/group/${uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
-      expect(res.body.groupId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.name).toEqual(group.name)
       expect(res.body.description).toEqual(group.description)
       expect(res.body.isActive).toEqual(true)
@@ -292,8 +295,10 @@ describe('group', () => {
     })
 
     it('should respond with Not Found if groupId is incorrect', async () => {
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .get('/SASjsApi/group/1234')
+        .get(`/SASjsApi/group/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -312,7 +317,7 @@ describe('group', () => {
           .send()
           .expect(200)
 
-        expect(res.body.groupId).toBeTruthy()
+        expect(res.body.uid).toBeTruthy()
         expect(res.body.name).toEqual(group.name)
         expect(res.body.description).toEqual(group.description)
         expect(res.body.isActive).toEqual(true)
@@ -333,7 +338,7 @@ describe('group', () => {
           .send()
           .expect(200)
 
-        expect(res.body.groupId).toBeTruthy()
+        expect(res.body.uid).toBeTruthy()
         expect(res.body.name).toEqual(group.name)
         expect(res.body.description).toEqual(group.description)
         expect(res.body.isActive).toEqual(true)
@@ -379,7 +384,7 @@ describe('group', () => {
 
       expect(res.body).toEqual([
         {
-          groupId: expect.anything(),
+          uid: expect.anything(),
           name: group.name,
           description: group.description
         }
@@ -401,7 +406,7 @@ describe('group', () => {
 
       expect(res.body).toEqual([
         {
-          groupId: expect.anything(),
+          uid: expect.anything(),
           name: group.name,
           description: group.description
         }
@@ -426,18 +431,18 @@ describe('group', () => {
       const dbUser = await userController.createUser(user)
 
       const res = await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
-      expect(res.body.groupId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.name).toEqual(group.name)
       expect(res.body.description).toEqual(group.description)
       expect(res.body.isActive).toEqual(true)
       expect(res.body.users).toEqual([
         {
-          id: expect.anything(),
+          uid: expect.anything(),
           username: user.username,
           displayName: user.displayName
         }
@@ -452,20 +457,20 @@ describe('group', () => {
       })
 
       await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
       const res = await request(app)
-        .get(`/SASjsApi/user/${dbUser.id}`)
+        .get(`/SASjsApi/user/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
       expect(res.body.groups).toEqual([
         {
-          groupId: expect.anything(),
+          uid: expect.anything(),
           name: group.name,
           description: group.description
         }
@@ -478,21 +483,21 @@ describe('group', () => {
         ...user,
         username: 'addUserRandomUser'
       })
-      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
+      await groupController.addUserToGroup(dbGroup.uid, dbUser.uid)
 
       const res = await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
-      expect(res.body.groupId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.name).toEqual(group.name)
       expect(res.body.description).toEqual(group.description)
       expect(res.body.isActive).toEqual(true)
       expect(res.body.users).toEqual([
         {
-          id: expect.anything(),
+          uid: expect.anything(),
           username: 'addUserRandomUser',
           displayName: user.displayName
         }
@@ -526,8 +531,10 @@ describe('group', () => {
     })
 
     it('should respond with Not Found if groupId is incorrect', async () => {
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .post('/SASjsApi/group/123/123')
+        .post(`/SASjsApi/group/${hexValue}/123`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -538,8 +545,10 @@ describe('group', () => {
 
     it('should respond with Not Found if userId is incorrect', async () => {
       const dbGroup = await groupController.createGroup(group)
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/123`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -556,7 +565,7 @@ describe('group', () => {
       })
 
       const res = await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(400)
@@ -577,7 +586,7 @@ describe('group', () => {
       })
 
       const res = await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(405)
@@ -596,7 +605,7 @@ describe('group', () => {
       })
 
       const res = await request(app)
-        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .post(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(405)
@@ -618,15 +627,15 @@ describe('group', () => {
         ...user,
         username: 'removeUserRandomUser'
       })
-      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
+      await groupController.addUserToGroup(dbGroup.uid, dbUser.uid)
 
       const res = await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
-      expect(res.body.groupId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.name).toEqual(group.name)
       expect(res.body.description).toEqual(group.description)
       expect(res.body.isActive).toEqual(true)
@@ -639,16 +648,16 @@ describe('group', () => {
         ...user,
         username: 'removeGroupFromUser'
       })
-      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
+      await groupController.addUserToGroup(dbGroup.uid, dbUser.uid)
 
       await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
 
       const res = await request(app)
-        .get(`/SASjsApi/user/${dbUser.id}`)
+        .get(`/SASjsApi/user/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
@@ -667,7 +676,7 @@ describe('group', () => {
       })
 
       const res = await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(405)
@@ -686,7 +695,7 @@ describe('group', () => {
       })
 
       const res = await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(405)
@@ -723,8 +732,10 @@ describe('group', () => {
     })
 
     it('should respond with Not Found if groupId is incorrect', async () => {
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .delete('/SASjsApi/group/123/123')
+        .delete(`/SASjsApi/group/${hexValue}/123`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -735,8 +746,10 @@ describe('group', () => {
 
     it('should respond with Not Found if userId is incorrect', async () => {
       const dbGroup = await groupController.createGroup(group)
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .delete(`/SASjsApi/group/${dbGroup.groupId}/123`)
+        .delete(`/SASjsApi/group/${dbGroup.uid}/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -752,10 +765,10 @@ const generateSaveTokenAndCreateUser = async (
 ): Promise<string> => {
   const dbUser = await userController.createUser(someUser ?? adminUser)
 
-  return generateAndSaveToken(dbUser.id)
+  return generateAndSaveToken(dbUser.uid)
 }
 
-const generateAndSaveToken = async (userId: number) => {
+const generateAndSaveToken = async (userId: string) => {
   const adminAccessToken = generateAccessToken({
     clientId,
     userId

api/src/routes/api/spec/permission.spec.ts

@@ -17,6 +17,7 @@ import {
   PermissionDetailsResponse
 } from '../../../controllers'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
+import { randomBytes } from 'crypto'
 
 const deployPayload = {
   appLoc: 'string',
@@ -103,10 +104,10 @@ describe('permission', () => {
       const res = await request(app)
         .post('/SASjsApi/permission')
         .auth(adminAccessToken, { type: 'bearer' })
-        .send({ ...permission, principalId: dbUser.id })
+        .send({ ...permission, principalId: dbUser.uid })
         .expect(200)
 
-      expect(res.body.permissionId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.path).toEqual(permission.path)
       expect(res.body.type).toEqual(permission.type)
       expect(res.body.setting).toEqual(permission.setting)
@@ -122,11 +123,11 @@ describe('permission', () => {
         .send({
           ...permission,
           principalType: 'group',
-          principalId: dbGroup.groupId
+          principalId: dbGroup.uid
         })
         .expect(200)
 
-      expect(res.body.permissionId).toBeTruthy()
+      expect(res.body.uid).toBeTruthy()
       expect(res.body.path).toEqual(permission.path)
       expect(res.body.type).toEqual(permission.type)
       expect(res.body.setting).toEqual(permission.setting)
@@ -144,7 +145,7 @@ describe('permission', () => {
     })
 
     it('should respond with Unauthorized if access token is not of an admin account', async () => {
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
 
       const res = await request(app)
         .post('/SASjsApi/permission')
@@ -281,17 +282,19 @@ describe('permission', () => {
       expect(res.body).toEqual({})
     })
 
-    it('should respond with Bad Request if principalId is not a number', async () => {
+    it('should respond with Bad Request if principalId is not a string of 24 hex characters', async () => {
       const res = await request(app)
         .post('/SASjsApi/permission')
         .auth(adminAccessToken, { type: 'bearer' })
         .send({
           ...permission,
-          principalId: 'someCharacters'
+          principalId: randomBytes(10).toString('hex')
         })
         .expect(400)
 
-      expect(res.text).toEqual('"principalId" must be a number')
+      expect(res.text).toEqual(
+        '"principalId" length must be 24 characters long'
+      )
       expect(res.body).toEqual({})
     })
 
@@ -307,7 +310,7 @@ describe('permission', () => {
         .auth(adminAccessToken, { type: 'bearer' })
         .send({
           ...permission,
-          principalId: adminUser.id
+          principalId: adminUser.uid
         })
         .expect(400)
 
@@ -321,7 +324,7 @@ describe('permission', () => {
         .auth(adminAccessToken, { type: 'bearer' })
         .send({
           ...permission,
-          principalId: 123
+          principalId: randomBytes(12).toString('hex')
         })
         .expect(404)
 
@@ -336,7 +339,7 @@ describe('permission', () => {
         .send({
           ...permission,
           principalType: 'group',
-          principalId: 123
+          principalId: randomBytes(12).toString('hex')
         })
         .expect(404)
 
@@ -347,13 +350,13 @@ describe('permission', () => {
     it('should respond with Conflict (409) if permission already exists', async () => {
       await permissionController.createPermission({
         ...permission,
-        principalId: dbUser.id
+        principalId: dbUser.uid
       })
 
       const res = await request(app)
         .post('/SASjsApi/permission')
         .auth(adminAccessToken, { type: 'bearer' })
-        .send({ ...permission, principalId: dbUser.id })
+        .send({ ...permission, principalId: dbUser.uid })
         .expect(409)
 
       expect(res.text).toEqual(
@@ -368,7 +371,7 @@ describe('permission', () => {
     beforeAll(async () => {
       dbPermission = await permissionController.createPermission({
         ...permission,
-        principalId: dbUser.id
+        principalId: dbUser.uid
       })
     })
 
@@ -378,7 +381,7 @@ describe('permission', () => {
 
     it('should respond with updated permission', async () => {
       const res = await request(app)
-        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .patch(`/SASjsApi/permission/${dbPermission?.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send({ setting: PermissionSettingForRoute.deny })
         .expect(200)
@@ -388,7 +391,7 @@ describe('permission', () => {
 
     it('should respond with Unauthorized if access token is not present', async () => {
       const res = await request(app)
-        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .patch(`/SASjsApi/permission/${dbPermission?.uid}`)
         .send()
         .expect(401)
 
@@ -403,7 +406,7 @@ describe('permission', () => {
       })
 
       const res = await request(app)
-        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .patch(`/SASjsApi/permission/${dbPermission?.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send()
         .expect(401)
@@ -414,7 +417,7 @@ describe('permission', () => {
 
     it('should respond with Bad Request if setting is missing', async () => {
       const res = await request(app)
-        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .patch(`/SASjsApi/permission/${dbPermission?.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(400)
@@ -425,7 +428,7 @@ describe('permission', () => {
 
     it('should respond with Bad Request if setting is  invalid', async () => {
       const res = await request(app)
-        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .patch(`/SASjsApi/permission/${dbPermission?.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send({
           setting: 'invalid'
@@ -437,8 +440,9 @@ describe('permission', () => {
     })
 
     it('should respond with not found (404) if permission with provided id does not exist', async () => {
+      const hexValue = randomBytes(12).toString('hex')
       const res = await request(app)
-        .patch('/SASjsApi/permission/123')
+        .patch(`/SASjsApi/permission/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send({
           setting: PermissionSettingForRoute.deny
@@ -454,10 +458,10 @@ describe('permission', () => {
     it('should delete permission', async () => {
       const dbPermission = await permissionController.createPermission({
         ...permission,
-        principalId: dbUser.id
+        principalId: dbUser.uid
       })
       const res = await request(app)
-        .delete(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .delete(`/SASjsApi/permission/${dbPermission?.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
@@ -466,8 +470,10 @@ describe('permission', () => {
     })
 
     it('should respond with not found (404) if permission with provided id does not exists', async () => {
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .delete('/SASjsApi/permission/123')
+        .delete(`/SASjsApi/permission/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -481,12 +487,12 @@ describe('permission', () => {
       await permissionController.createPermission({
         ...permission,
         path: '/test-1',
-        principalId: dbUser.id
+        principalId: dbUser.uid
       })
       await permissionController.createPermission({
         ...permission,
         path: '/test-2',
-        principalId: dbUser.id
+        principalId: dbUser.uid
       })
     })
 
@@ -505,12 +511,12 @@ describe('permission', () => {
         ...user,
         username: 'get' + user.username
       })
-      const accessToken = await generateAndSaveToken(nonAdminUser.id)
+      const accessToken = await generateAndSaveToken(nonAdminUser.uid)
       await permissionController.createPermission({
         path: '/test-1',
         type: PermissionType.route,
         principalType: PrincipalType.user,
-        principalId: nonAdminUser.id,
+        principalId: nonAdminUser.uid,
         setting: PermissionSettingForRoute.grant
       })
 
@@ -531,7 +537,7 @@ describe('permission', () => {
       await permissionController.createPermission({
         ...permission,
         path: '/SASjsApi/drive/deploy',
-        principalId: dbUser.id
+        principalId: dbUser.uid
       })
     })
 
@@ -551,7 +557,7 @@ describe('permission', () => {
     })
 
     it('should create files in SASJS drive', async () => {
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
 
       await request(app)
         .get('/SASjsApi/drive/deploy')
@@ -561,7 +567,7 @@ describe('permission', () => {
     })
 
     it('should respond unauthorized', async () => {
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
 
       await request(app)
         .get('/SASjsApi/drive/deploy/upload')
@@ -577,10 +583,10 @@ const generateSaveTokenAndCreateUser = async (
 ): Promise<string> => {
   const dbUser = await userController.createUser(someUser ?? adminUser)
 
-  return generateAndSaveToken(dbUser.id)
+  return generateAndSaveToken(dbUser.uid)
 }
 
-const generateAndSaveToken = async (userId: number) => {
+const generateAndSaveToken = async (userId: string) => {
   const adminAccessToken = generateAccessToken({
     clientId,
     userId

api/src/routes/api/spec/stp.spec.ts

@@ -25,7 +25,7 @@ import {
   SASSessionController
 } from '../../../controllers/internal'
 import * as ProcessProgramModule from '../../../controllers/internal/processProgram'
-import { Session } from '../../../types'
+import { Session, SessionState } from '../../../types'
 
 const clientId = 'someclientID'
 
@@ -58,12 +58,12 @@ describe('stp', () => {
     mongoServer = await MongoMemoryServer.create()
     con = await mongoose.connect(mongoServer.getUri())
     const dbUser = await userController.createUser(user)
-    accessToken = await generateAndSaveToken(dbUser.id)
+    accessToken = await generateAndSaveToken(dbUser.uid)
     await permissionController.createPermission({
       path: '/SASjsApi/stp/execute',
       type: PermissionType.route,
       principalType: PrincipalType.user,
-      principalId: dbUser.id,
+      principalId: dbUser.uid,
       setting: PermissionSettingForRoute.grant
     })
   })
@@ -456,7 +456,7 @@ const makeRequestAndAssert = async (
     )
 }
 
-const generateAndSaveToken = async (userId: number) => {
+const generateAndSaveToken = async (userId: string) => {
   const accessToken = generateAccessToken({
     clientId,
     userId
@@ -493,10 +493,7 @@ const mockedGetSession = async () => {
 
   const session: Session = {
     id: sessionId,
-    ready: true,
-    inUse: true,
-    consumed: false,
-    completed: false,
+    state: SessionState.pending,
     creationTimeStamp,
     deathTimeStamp,
     path: sessionFolder

api/src/routes/api/spec/user.spec.ts

@@ -1,3 +1,4 @@
+import { randomBytes } from 'crypto'
 import { Express } from 'express'
 import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
@@ -101,9 +102,9 @@ describe('user', () => {
       const dbUser = await controller.createUser(user)
       const accessToken = generateAccessToken({
         clientId,
-        userId: dbUser.id
+        userId: dbUser.uid
       })
-      await saveTokensInDB(dbUser.id, clientId, accessToken, 'refreshToken')
+      await saveTokensInDB(dbUser.uid, clientId, accessToken, 'refreshToken')
 
       const res = await request(app)
         .post('/SASjsApi/user')
@@ -187,7 +188,7 @@ describe('user', () => {
       const newDisplayName = 'My new display Name'
 
       const res = await request(app)
-        .patch(`/SASjsApi/user/${dbUser.id}`)
+        .patch(`/SASjsApi/user/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send({ ...user, displayName: newDisplayName })
         .expect(200)
@@ -200,11 +201,11 @@ describe('user', () => {
 
     it('should respond with updated user when user himself requests', async () => {
       const dbUser = await controller.createUser(user)
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
       const newDisplayName = 'My new display Name'
 
       const res = await request(app)
-        .patch(`/SASjsApi/user/${dbUser.id}`)
+        .patch(`/SASjsApi/user/${dbUser.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send({
           displayName: newDisplayName,
@@ -221,11 +222,11 @@ describe('user', () => {
 
     it('should respond with Bad Request, only admin can update isAdmin/isActive', async () => {
       const dbUser = await controller.createUser(user)
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
       const newDisplayName = 'My new display Name'
 
       await request(app)
-        .patch(`/SASjsApi/user/${dbUser.id}`)
+        .patch(`/SASjsApi/user/${dbUser.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send({ ...user, displayName: newDisplayName })
         .expect(400)
@@ -277,10 +278,10 @@ describe('user', () => {
         ...user,
         username: 'randomUser'
       })
-      const accessToken = await generateAndSaveToken(dbUser2.id)
+      const accessToken = await generateAndSaveToken(dbUser2.uid)
 
       const res = await request(app)
-        .patch(`/SASjsApi/user/${dbUser1.id}`)
+        .patch(`/SASjsApi/user/${dbUser1.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send(user)
         .expect(401)
@@ -297,7 +298,7 @@ describe('user', () => {
       })
 
       const res = await request(app)
-        .patch(`/SASjsApi/user/${dbUser1.id}`)
+        .patch(`/SASjsApi/user/${dbUser1.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send({ username: dbUser2.username })
         .expect(409)
@@ -325,7 +326,7 @@ describe('user', () => {
 
       it('should respond with updated user when user himself requests', async () => {
         const dbUser = await controller.createUser(user)
-        const accessToken = await generateAndSaveToken(dbUser.id)
+        const accessToken = await generateAndSaveToken(dbUser.uid)
         const newDisplayName = 'My new display Name'
 
         const res = await request(app)
@@ -346,7 +347,7 @@ describe('user', () => {
 
       it('should respond with Bad Request, only admin can update isAdmin/isActive', async () => {
         const dbUser = await controller.createUser(user)
-        const accessToken = await generateAndSaveToken(dbUser.id)
+        const accessToken = await generateAndSaveToken(dbUser.uid)
         const newDisplayName = 'My new display Name'
 
         await request(app)
@@ -372,10 +373,10 @@ describe('user', () => {
           ...user,
           username: 'randomUser'
         })
-        const accessToken = await generateAndSaveToken(dbUser2.id)
+        const accessToken = await generateAndSaveToken(dbUser2.uid)
 
         const res = await request(app)
-          .patch(`/SASjsApi/user/${dbUser1.id}`)
+          .patch(`/SASjsApi/user/${dbUser1.uid}`)
           .auth(accessToken, { type: 'bearer' })
           .send(user)
           .expect(401)
@@ -418,7 +419,7 @@ describe('user', () => {
       const dbUser = await controller.createUser(user)
 
       const res = await request(app)
-        .delete(`/SASjsApi/user/${dbUser.id}`)
+        .delete(`/SASjsApi/user/${dbUser.uid}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(200)
@@ -428,10 +429,10 @@ describe('user', () => {
 
     it('should respond with OK when user himself requests', async () => {
       const dbUser = await controller.createUser(user)
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
 
       const res = await request(app)
-        .delete(`/SASjsApi/user/${dbUser.id}`)
+        .delete(`/SASjsApi/user/${dbUser.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send({ password: user.password })
         .expect(200)
@@ -441,10 +442,10 @@ describe('user', () => {
 
     it('should respond with Bad Request when user himself requests and password is missing', async () => {
       const dbUser = await controller.createUser(user)
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
 
       const res = await request(app)
-        .delete(`/SASjsApi/user/${dbUser.id}`)
+        .delete(`/SASjsApi/user/${dbUser.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send()
         .expect(400)
@@ -469,10 +470,10 @@ describe('user', () => {
         ...user,
         username: 'randomUser'
       })
-      const accessToken = await generateAndSaveToken(dbUser2.id)
+      const accessToken = await generateAndSaveToken(dbUser2.uid)
 
       const res = await request(app)
-        .delete(`/SASjsApi/user/${dbUser1.id}`)
+        .delete(`/SASjsApi/user/${dbUser1.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send(user)
         .expect(401)
@@ -483,10 +484,10 @@ describe('user', () => {
 
     it('should respond with Unauthorized when user himself requests and password is incorrect', async () => {
       const dbUser = await controller.createUser(user)
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(dbUser.uid)
 
       const res = await request(app)
-        .delete(`/SASjsApi/user/${dbUser.id}`)
+        .delete(`/SASjsApi/user/${dbUser.uid}`)
         .auth(accessToken, { type: 'bearer' })
         .send({ password: 'incorrectpassword' })
         .expect(401)
@@ -510,7 +511,7 @@ describe('user', () => {
 
       it('should respond with OK when user himself requests', async () => {
         const dbUser = await controller.createUser(user)
-        const accessToken = await generateAndSaveToken(dbUser.id)
+        const accessToken = await generateAndSaveToken(dbUser.uid)
 
         const res = await request(app)
           .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
@@ -523,7 +524,7 @@ describe('user', () => {
 
       it('should respond with Bad Request when user himself requests and password is missing', async () => {
         const dbUser = await controller.createUser(user)
-        const accessToken = await generateAndSaveToken(dbUser.id)
+        const accessToken = await generateAndSaveToken(dbUser.uid)
 
         const res = await request(app)
           .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
@@ -551,7 +552,7 @@ describe('user', () => {
           ...user,
           username: 'randomUser'
         })
-        const accessToken = await generateAndSaveToken(dbUser2.id)
+        const accessToken = await generateAndSaveToken(dbUser2.uid)
 
         const res = await request(app)
           .delete(`/SASjsApi/user/by/username/${dbUser1.username}`)
@@ -565,7 +566,7 @@ describe('user', () => {
 
       it('should respond with Unauthorized when user himself requests and password is incorrect', async () => {
         const dbUser = await controller.createUser(user)
-        const accessToken = await generateAndSaveToken(dbUser.id)
+        const accessToken = await generateAndSaveToken(dbUser.uid)
 
         const res = await request(app)
           .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
@@ -592,7 +593,7 @@ describe('user', () => {
 
     it('should respond with user autoExec when same user requests', async () => {
       const dbUser = await controller.createUser(user)
-      const userId = dbUser.id
+      const userId = dbUser.uid
       const accessToken = await generateAndSaveToken(userId)
 
       const res = await request(app)
@@ -611,7 +612,7 @@ describe('user', () => {
 
     it('should respond with user autoExec when admin user requests', async () => {
       const dbUser = await controller.createUser(user)
-      const userId = dbUser.id
+      const userId = dbUser.uid
 
       const res = await request(app)
         .get(`/SASjsApi/user/${userId}`)
@@ -634,7 +635,7 @@ describe('user', () => {
       })
 
       const dbUser = await controller.createUser(user)
-      const userId = dbUser.id
+      const userId = dbUser.uid
 
       const res = await request(app)
         .get(`/SASjsApi/user/${userId}`)
@@ -652,7 +653,7 @@ describe('user', () => {
 
     it('should respond with user along with associated groups', async () => {
       const dbUser = await controller.createUser(user)
-      const userId = dbUser.id
+      const userId = dbUser.uid
       const accessToken = await generateAndSaveToken(userId)
 
       const group = {
@@ -661,7 +662,7 @@ describe('user', () => {
       }
       const groupController = new GroupController()
       const dbGroup = await groupController.createGroup(group)
-      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
+      await groupController.addUserToGroup(dbGroup.uid, dbUser.uid)
 
       const res = await request(app)
         .get(`/SASjsApi/user/${userId}`)
@@ -690,8 +691,10 @@ describe('user', () => {
     it('should respond with Not Found if userId is incorrect', async () => {
       await controller.createUser(user)
 
+      const hexValue = randomBytes(12).toString('hex')
+
       const res = await request(app)
-        .get('/SASjsApi/user/1234')
+        .get(`/SASjsApi/user/${hexValue}`)
         .auth(adminAccessToken, { type: 'bearer' })
         .send()
         .expect(404)
@@ -703,7 +706,7 @@ describe('user', () => {
     describe('by username', () => {
       it('should respond with user autoExec when same user requests', async () => {
         const dbUser = await controller.createUser(user)
-        const userId = dbUser.id
+        const userId = dbUser.uid
         const accessToken = await generateAndSaveToken(userId)
 
         const res = await request(app)
@@ -803,13 +806,13 @@ describe('user', () => {
 
       expect(res.body).toEqual([
         {
-          id: expect.anything(),
+          uid: expect.anything(),
           username: adminUser.username,
           displayName: adminUser.displayName,
           isAdmin: adminUser.isAdmin
         },
         {
-          id: expect.anything(),
+          uid: expect.anything(),
           username: user.username,
           displayName: user.displayName,
           isAdmin: user.isAdmin
@@ -831,13 +834,13 @@ describe('user', () => {
 
       expect(res.body).toEqual([
         {
-          id: expect.anything(),
+          uid: expect.anything(),
           username: adminUser.username,
           displayName: adminUser.displayName,
           isAdmin: adminUser.isAdmin
         },
         {
-          id: expect.anything(),
+          uid: expect.anything(),
           username: 'randomUser',
           displayName: user.displayName,
           isAdmin: user.isAdmin
@@ -859,10 +862,10 @@ const generateSaveTokenAndCreateUser = async (
 ): Promise<string> => {
   const dbUser = await controller.createUser(someUser ?? adminUser)
 
-  return generateAndSaveToken(dbUser.id)
+  return generateAndSaveToken(dbUser.uid)
 }
 
-const generateAndSaveToken = async (userId: number) => {
+const generateAndSaveToken = async (userId: string) => {
   const adminAccessToken = generateAccessToken({
     clientId,
     userId

api/src/routes/api/spec/web.spec.ts

@@ -145,7 +145,7 @@ describe('web', () => {
 
       expect(res.body.loggedIn).toBeTruthy()
       expect(res.body.user).toEqual({
-        id: expect.any(Number),
+        id: expect.any(String),
         username: user.username,
         displayName: user.displayName,
         isAdmin: user.isAdmin,

api/src/routes/api/stp.ts

@@ -1,5 +1,8 @@
 import express from 'express'
-import { executeProgramRawValidation } from '../../utils'
+import {
+  executeProgramRawValidation,
+  triggerProgramValidation
+} from '../../utils'
 import { STPController } from '../../controllers/'
 import { FileUploadController } from '../../controllers/internal'
 
@@ -69,4 +72,28 @@ stpRouter.post(
   }
 )
 
+stpRouter.post('/trigger', async (req, res) => {
+  const { error, value: query } = triggerProgramValidation(req.query)
+
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.triggerProgram(
+      req,
+      query._program,
+      query._debug,
+      query.expiresAfterMins
+    )
+
+    res.status(200)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err)
+  }
+})
+
 export default stpRouter

api/src/routes/api/user.ts

@@ -9,6 +9,7 @@ import {
   deleteUserValidation,
   getUserValidation,
   registerUserValidation,
+  uidValidation,
   updateUserValidation
 } from '../../utils'
 
@@ -56,12 +57,15 @@ userRouter.get(
   }
 )
 
-userRouter.get('/:userId', authenticateAccessToken, async (req, res) => {
-  const { userId } = req.params
+userRouter.get('/:uid', authenticateAccessToken, async (req, res) => {
+  const { error, value: params } = uidValidation(req.params)
+  if (error) return res.status(400).send(error.details[0].message)
+
+  const { uid } = params
 
   const controller = new UserController()
   try {
-    const response = await controller.getUser(req, parseInt(userId))
+    const response = await controller.getUser(req, uid)
     res.send(response)
   } catch (err: any) {
     res.status(err.code).send(err.message)
@@ -97,12 +101,16 @@ userRouter.patch(
 )
 
 userRouter.patch(
-  '/:userId',
+  '/:uid',
   authenticateAccessToken,
   verifyAdminIfNeeded,
   async (req, res) => {
     const { user } = req
-    const { userId } = req.params
+
+    const { error: uidError, value: params } = uidValidation(req.params)
+    if (uidError) return res.status(400).send(uidError.details[0].message)
+
+    const { uid } = params
 
     // only an admin can update `isActive` and `isAdmin` fields
     const { error, value: body } = updateUserValidation(req.body, user!.isAdmin)
@@ -110,7 +118,7 @@ userRouter.patch(
 
     const controller = new UserController()
     try {
-      const response = await controller.updateUser(parseInt(userId), body)
+      const response = await controller.updateUser(uid, body)
       res.send(response)
     } catch (err: any) {
       res.status(err.code).send(err.message)
@@ -147,12 +155,16 @@ userRouter.delete(
 )
 
 userRouter.delete(
-  '/:userId',
+  '/:uid',
   authenticateAccessToken,
   verifyAdminIfNeeded,
   async (req, res) => {
     const { user } = req
-    const { userId } = req.params
+
+    const { error: uidError, value: params } = uidValidation(req.params)
+    if (uidError) return res.status(400).send(uidError.details[0].message)
+
+    const { uid } = params
 
     // only an admin can delete user without providing password
     const { error, value: data } = deleteUserValidation(req.body, user!.isAdmin)
@@ -160,7 +172,7 @@ userRouter.delete(
 
     const controller = new UserController()
     try {
-      await controller.deleteUser(parseInt(userId), data, user!.isAdmin)
+      await controller.deleteUser(uid, data, user!.isAdmin)
       res.status(200).send('Account Deleted!')
     } catch (err: any) {
       res.status(err.code).send(err.message)

api/src/types/InfoJWT.ts

@@ -1,4 +1,4 @@
 export interface InfoJWT {
   clientId: string
-  userId: number
+  userId: string
 }

api/src/types/PreProgramVars.ts

@@ -1,6 +1,6 @@
 export interface PreProgramVars {
   username: string
-  userId: number
+  userId: string
   displayName: string
   serverUrl: string
   httpHeaders: string[]

api/src/types/RequestUser.ts

@@ -1,5 +1,5 @@
 export interface RequestUser {
-  userId: number
+  userId: string
   clientId: string
   username: string
   displayName: string

api/src/types/Session.ts

@@ -1,11 +1,16 @@
+export enum SessionState {
+  initialising = 'initialising', // session is initialising and not ready to be used yet
+  pending = 'pending', // session is ready to be used
+  running = 'running', // session is in use
+  completed = 'completed', // session is completed and can be destroyed
+  failed = 'failed' // session failed
+}
 export interface Session {
   id: string
-  ready: boolean
+  state: SessionState
   creationTimeStamp: string
   deathTimeStamp: string
   path: string
-  inUse: boolean
-  consumed: boolean
-  completed: boolean
-  crashed?: string
+  expiresAfterMins?: { mins: number; used: boolean }
+  failureReason?: string
 }

api/src/utils/crypto.ts

@@ -0,0 +1,4 @@
+import { randomBytes } from 'crypto'
+
+export const randomBytesHexString = (bytesCount: number) =>
+  randomBytes(bytesCount).toString('hex')

api/src/utils/getPreProgramVariables.ts

@@ -22,7 +22,7 @@ export const getPreProgramVariables = (req: Request): PreProgramVars => {
   //So this is workaround.
   return {
     username: user ? user.username : 'demo',
-    userId: user ? user.userId : 0,
+    userId: user ? user.userId : 'demoId',
     displayName: user ? user.displayName : 'demo',
     serverUrl: protocol + host,
     httpHeaders

api/src/utils/getSequenceNextValue.ts

@@ -1,15 +0,0 @@
-import Counter from '../model/Counter'
-
-export const getSequenceNextValue = async (seqName: string) => {
-  const seqDoc = await Counter.findOne({ id: seqName })
-  if (!seqDoc) {
-    await Counter.create({ id: seqName, seq: 1 })
-    return 1
-  }
-
-  seqDoc.seq += 1
-
-  await seqDoc.save()
-
-  return seqDoc.seq
-}

api/src/utils/getTokensFromDB.ts

@@ -4,7 +4,7 @@ import User from '../model/User'
 const isValidToken = async (
   token: string,
   key: string,
-  userId: number,
+  userId: string,
   clientId: string
 ) => {
   const promise = new Promise<boolean>((resolve, reject) =>
@@ -22,8 +22,8 @@ const isValidToken = async (
   return await promise.then(() => true).catch(() => false)
 }
 
-export const getTokensFromDB = async (userId: number, clientId: string) => {
-  const user = await User.findOne({ id: userId })
+export const getTokensFromDB = async (userId: string, clientId: string) => {
+  const user = await User.findOne({ _id: userId })
   if (!user) return
 
   const currentTokenObj = user.tokens.find(

api/src/utils/index.ts

@@ -2,6 +2,7 @@ export * from './appStreamConfig'
 export * from './connectDB'
 export * from './copySASjsCore'
 export * from './createWeboutSasFile'
+export * from './crypto'
 export * from './desktopAutoExec'
 export * from './extractHeaders'
 export * from './extractName'
@@ -14,7 +15,6 @@ export * from './getCertificates'
 export * from './getDesktopFields'
 export * from './getPreProgramVariables'
 export * from './getRunTimeAndFilePath'
-export * from './getSequenceNextValue'
 export * from './getServerUrl'
 export * from './getTokensFromDB'
 export * from './instantiateLogger'

api/src/utils/isPublicRoute.ts

@@ -22,7 +22,7 @@ export const isPublicRoute = async (req: Request): Promise<boolean> => {
 }
 
 export const publicUser: RequestUser = {
-  userId: 0,
+  userId: 'public_user_id',
   clientId: 'public_app',
   username: 'publicUser',
   displayName: 'Public User',

api/src/utils/removeTokensInDB.ts

@@ -1,7 +1,7 @@
 import User from '../model/User'
 
-export const removeTokensInDB = async (userId: number, clientId: string) => {
-  const user = await User.findOne({ id: userId })
+export const removeTokensInDB = async (userId: string, clientId: string) => {
+  const user = await User.findOne({ _id: userId })
   if (!user) return
 
   const tokenObjIndex = user.tokens.findIndex(

api/src/utils/saveTokensInDB.ts

@@ -1,12 +1,12 @@
 import User from '../model/User'
 
 export const saveTokensInDB = async (
-  userId: number,
+  userId: string,
   clientId: string,
   accessToken: string,
   refreshToken: string
 ) => {
-  const user = await User.findOne({ id: userId })
+  const user = await User.findOne({ _id: userId })
   if (!user) return
 
   const currentTokenObj = user.tokens.find(

api/src/utils/seedDB.ts

@@ -82,7 +82,7 @@ export const seedDB = async (): Promise<ConfigurationType> => {
 }
 
 export const ALL_USERS_GROUP = {
-  name: 'AllUsers',
+  name: 'all-users',
   description: 'Group contains all users'
 }
 

api/src/utils/setProcessVariables.ts

@@ -1,9 +1,31 @@
 import path from 'path'
-import { createFolder, getAbsolutePath, getRealPath } from '@sasjs/utils'
-
+import {
+  createFolder,
+  getAbsolutePath,
+  getRealPath,
+  fileExists
+} from '@sasjs/utils'
+import dotenv from 'dotenv'
 import { connectDB, getDesktopFields, ModeType, RunTimeType, SECRETS } from '.'
 
 export const setProcessVariables = async () => {
+  const { execPath } = process
+
+  // Check if execPath ends with 'api-macos' to determine executable for MacOS.
+  // This is needed to fix picking .env file issue in MacOS executable.
+  if (execPath) {
+    const envPathSplitted = execPath.split(path.sep)
+
+    if (envPathSplitted.pop() === 'api-macos') {
+      const envPath = path.join(envPathSplitted.join(path.sep), '.env')
+
+      // Override environment variables from envPath if file exists
+      if (await fileExists(envPath)) {
+        dotenv.config({ path: envPath, override: true })
+      }
+    }
+  }
+
   const { MODE, RUN_TIMES } = process.env
 
   if (MODE === ModeType.Server) {
@@ -21,6 +43,7 @@ export const setProcessVariables = async () => {
   if (process.env.NODE_ENV === 'test') {
     process.sasjsRoot = path.join(process.cwd(), 'sasjs_root')
     process.driveLoc = path.join(process.cwd(), 'sasjs_root', 'drive')
+
     return
   }
 
@@ -41,7 +64,9 @@ export const setProcessVariables = async () => {
 
   const { SASJS_ROOT } = process.env
   const absPath = getAbsolutePath(SASJS_ROOT ?? 'sasjs_root', process.cwd())
+
   await createFolder(absPath)
+
   process.sasjsRoot = getRealPath(absPath)
 
   const { DRIVE_LOCATION } = process.env
@@ -49,6 +74,7 @@ export const setProcessVariables = async () => {
     DRIVE_LOCATION ?? path.join(process.sasjsRoot, 'drive'),
     process.cwd()
   )
+
   await createFolder(absDrivePath)
   process.driveLoc = getRealPath(absDrivePath)
 
@@ -57,7 +83,9 @@ export const setProcessVariables = async () => {
     LOG_LOCATION ?? path.join(process.sasjsRoot, 'logs'),
     process.cwd()
   )
+
   await createFolder(absLogsPath)
+
   process.logsLoc = getRealPath(absLogsPath)
 
   process.logsUUID = 'SASJS_LOGS_SEPARATOR_163ee17b6ff24f028928972d80a26784'

api/src/utils/upload.ts

@@ -51,9 +51,8 @@ export const generateFileUploadSasCode = async (
   let fileCount = 0
   const uploadedFiles: UploadedFiles[] = []
 
-  const sasSessionFolderList: string[] = await listFilesInFolder(
-    sasSessionFolder
-  )
+  const sasSessionFolderList: string[] =
+    await listFilesInFolder(sasSessionFolder)
   sasSessionFolderList.forEach((fileName) => {
     let fileCountString = fileCount < 100 ? '0' + fileCount : fileCount
     fileCountString = fileCount < 10 ? '00' + fileCount : fileCount

api/src/utils/validation.ts

@@ -12,6 +12,11 @@ const groupnameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
 
 export const blockFileRegex = /\.(exe|sh|htaccess)$/i
 
+export const uidValidation = (data: any) =>
+  Joi.object({
+    uid: Joi.string().length(24).hex().required()
+  }).validate(data)
+
 export const getUserValidation = (data: any): Joi.ValidationResult =>
   Joi.object({
     username: usernameSchema.required()
@@ -113,7 +118,7 @@ export const registerPermissionValidation = (data: any): Joi.ValidationResult =>
     principalType: Joi.string()
       .required()
       .valid(...Object.values(PrincipalType)),
-    principalId: Joi.number().required()
+    principalId: Joi.string().length(24).hex().required()
   }).validate(data)
 
 export const updatePermissionValidation = (data: any): Joi.ValidationResult =>
@@ -178,6 +183,13 @@ export const runCodeValidation = (data: any): Joi.ValidationResult =>
     runTime: Joi.string().valid(...process.runTimes)
   }).validate(data)
 
+export const triggerCodeValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    code: Joi.string().required(),
+    runTime: Joi.string().valid(...process.runTimes),
+    expiresAfterMins: Joi.number().greater(0)
+  }).validate(data)
+
 export const executeProgramRawValidation = (data: any): Joi.ValidationResult =>
   Joi.object({
     _program: Joi.string().required(),
@@ -185,3 +197,17 @@ export const executeProgramRawValidation = (data: any): Joi.ValidationResult =>
   })
     .pattern(/^/, Joi.alternatives(Joi.string(), Joi.number()))
     .validate(data)
+
+export const triggerProgramValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    _program: Joi.string().required(),
+    _debug: Joi.number(),
+    expiresAfterMins: Joi.number().greater(0)
+  })
+    .pattern(/^/, Joi.alternatives(Joi.string(), Joi.number()))
+    .validate(data)
+
+export const sessionIdValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    sessionId: Joi.string().required()
+  }).validate(data)

api/src/utils/verifyTokenInDB.ts

@@ -4,7 +4,7 @@ import { RequestUser } from '../types'
 export const fetchLatestAutoExec = async (
   reqUser: RequestUser
 ): Promise<RequestUser | undefined> => {
-  const dbUser = await User.findOne({ id: reqUser.userId })
+  const dbUser = await User.findOne({ _id: reqUser.userId })
 
   if (!dbUser) return undefined
 
@@ -21,12 +21,12 @@ export const fetchLatestAutoExec = async (
 }
 
 export const verifyTokenInDB = async (
-  userId: number,
+  userId: string,
   clientId: string,
   token: string,
   tokenType: 'accessToken' | 'refreshToken'
 ): Promise<RequestUser | undefined> => {
-  const dbUser = await User.findOne({ id: userId })
+  const dbUser = await User.findOne({ _id: userId })
 
   if (!dbUser) return undefined
 

web/src/containers/Settings/internal/components/addPermissionModal.tsx

@@ -99,8 +99,8 @@ const AddPermissionModal = ({
         principalType: principalType.toLowerCase(),
         principalId:
           principalType.toLowerCase() === 'user'
-            ? userPrincipal?.id
-            : groupPrincipal?.groupId
+            ? userPrincipal?.uid
+            : groupPrincipal?.uid
       }
 
       permissions.push(addPermissionPayload)

web/src/containers/Settings/internal/components/permissionTable.tsx

@@ -61,7 +61,7 @@ const PermissionTable = ({
         </TableHead>
         <TableBody>
           {permissions.map((permission) => (
-            <TableRow key={permission.permissionId}>
+            <TableRow key={permission.uid}>
               <BootstrapTableCell>{permission.path}</BootstrapTableCell>
               <BootstrapTableCell>{permission.type}</BootstrapTableCell>
               <BootstrapTableCell>

web/src/containers/Settings/internal/hooks/useAddPermission.tsx

@@ -69,7 +69,7 @@ const useAddPermission = () => {
 
     for (const permission of updatingPermissions) {
       await axios
-        .patch(`/SASjsApi/permission/${permission.permissionId}`, {
+        .patch(`/SASjsApi/permission/${permission.uid}`, {
           setting: permission.setting === 'Grant' ? 'Deny' : 'Grant'
         })
         .then((res) => {

web/src/containers/Settings/internal/hooks/useDeletePermissionModal.tsx

@@ -24,7 +24,7 @@ const useDeletePermissionModal = () => {
     setDeleteConfirmationModalOpen(false)
     setIsLoading(true)
     axios
-      .delete(`/SASjsApi/permission/${selectedPermission?.permissionId}`)
+      .delete(`/SASjsApi/permission/${selectedPermission?.uid}`)
       .then((res: any) => {
         fetchPermissions()
         setSnackbarMessage('Permission deleted!')

web/src/containers/Settings/internal/hooks/useFilterPermissions.tsx

@@ -62,21 +62,17 @@ const useFilterPermissions = () => {
         : permissions
 
     let filteredArray = uriFilteredPermissions.filter((permission) =>
-      principalFilteredPermissions.some(
-        (item) => item.permissionId === permission.permissionId
-      )
+      principalFilteredPermissions.some((item) => item.uid === permission.uid)
     )
 
     filteredArray = filteredArray.filter((permission) =>
       principalTypeFilteredPermissions.some(
-        (item) => item.permissionId === permission.permissionId
+        (item) => item.uid === permission.uid
       )
     )
 
     filteredArray = filteredArray.filter((permission) =>
-      settingFilteredPermissions.some(
-        (item) => item.permissionId === permission.permissionId
-      )
+      settingFilteredPermissions.some((item) => item.uid === permission.uid)
     )
 
     setFilteredPermissions(filteredArray)

web/src/containers/Settings/internal/hooks/useUpdatePermissionModal.tsx

@@ -24,7 +24,7 @@ const useUpdatePermissionModal = () => {
     setUpdatePermissionModalOpen(false)
     setIsLoading(true)
     axios
-      .patch(`/SASjsApi/permission/${selectedPermission?.permissionId}`, {
+      .patch(`/SASjsApi/permission/${selectedPermission?.uid}`, {
         setting
       })
       .then((res: any) => {

web/src/containers/Settings/profile.tsx

@@ -26,18 +26,20 @@ const Profile = () => {
   const [isPasswordModalOpen, setIsPasswordModalOpen] = useState(false)
 
   useEffect(() => {
-    setIsLoading(true)
-    axios
-      .get(`/SASjsApi/user/${appContext.userId}`)
-      .then((res: any) => {
-        setUser(res.data)
-      })
-      .catch((err) => {
-        console.log(err)
-      })
-      .finally(() => {
-        setIsLoading(false)
-      })
+    if (appContext.userId) {
+      setIsLoading(true)
+      axios
+        .get(`/SASjsApi/user/${appContext.userId}`)
+        .then((res: any) => {
+          setUser(res.data)
+        })
+        .catch((err) => {
+          console.log(err)
+        })
+        .finally(() => {
+          setIsLoading(false)
+        })
+    }
   }, [appContext.userId])
 
   const handleChange = (event: any) => {

web/src/context/appContext.tsx

@@ -24,39 +24,32 @@ export enum RunTimeType {
 interface AppContextProps {
   checkingSession: boolean
   loggedIn: boolean
-  setLoggedIn: Dispatch<SetStateAction<boolean>> | null
+  setLoggedIn?: Dispatch<SetStateAction<boolean>>
   needsToUpdatePassword: boolean
-  setNeedsToUpdatePassword: Dispatch<SetStateAction<boolean>> | null
-  userId: number
-  setUserId: Dispatch<SetStateAction<number>> | null
+  setNeedsToUpdatePassword?: Dispatch<SetStateAction<boolean>>
+  userId?: string
+  setUserId?: Dispatch<SetStateAction<string | undefined>>
   username: string
-  setUsername: Dispatch<SetStateAction<string>> | null
+  setUsername?: Dispatch<SetStateAction<string>>
   displayName: string
-  setDisplayName: Dispatch<SetStateAction<string>> | null
+  setDisplayName?: Dispatch<SetStateAction<string>>
   isAdmin: boolean
-  setIsAdmin: Dispatch<SetStateAction<boolean>> | null
+  setIsAdmin?: Dispatch<SetStateAction<boolean>>
   mode: ModeType
   runTimes: RunTimeType[]
-  logout: (() => void) | null
+  logout?: () => void
 }
 
 export const AppContext = createContext<AppContextProps>({
   checkingSession: false,
   loggedIn: false,
-  setLoggedIn: null,
   needsToUpdatePassword: false,
-  setNeedsToUpdatePassword: null,
-  userId: 0,
-  setUserId: null,
+  userId: '',
   username: '',
-  setUsername: null,
   displayName: '',
-  setDisplayName: null,
   isAdmin: false,
-  setIsAdmin: null,
   mode: ModeType.Server,
-  runTimes: [],
-  logout: null
+  runTimes: []
 })
 
 const AppContextProvider = (props: { children: ReactNode }) => {
@@ -64,7 +57,7 @@ const AppContextProvider = (props: { children: ReactNode }) => {
   const [checkingSession, setCheckingSession] = useState(false)
   const [loggedIn, setLoggedIn] = useState(false)
   const [needsToUpdatePassword, setNeedsToUpdatePassword] = useState(false)
-  const [userId, setUserId] = useState(0)
+  const [userId, setUserId] = useState<string>()
   const [username, setUsername] = useState('')
   const [displayName, setDisplayName] = useState('')
   const [isAdmin, setIsAdmin] = useState(false)

web/src/utils/helper.ts

@@ -6,13 +6,13 @@ export const findExistingPermission = (
 ) => {
   for (const permission of existingPermissions) {
     if (
-      permission.user?.id === newPermission.principalId &&
+      permission.user?.uid === newPermission.principalId &&
       hasSameCombination(permission, newPermission)
     )
       return permission
 
     if (
-      permission.group?.groupId === newPermission.principalId &&
+      permission.group?.uid === newPermission.principalId &&
       hasSameCombination(permission, newPermission)
     )
       return permission
@@ -27,13 +27,13 @@ export const findUpdatingPermission = (
 ) => {
   for (const permission of existingPermissions) {
     if (
-      permission.user?.id === newPermission.principalId &&
+      permission.user?.uid === newPermission.principalId &&
       hasDifferentSetting(permission, newPermission)
     )
       return permission
 
     if (
-      permission.group?.groupId === newPermission.principalId &&
+      permission.group?.uid === newPermission.principalId &&
       hasDifferentSetting(permission, newPermission)
     )
       return permission

web/src/utils/types.ts

@@ -1,12 +1,12 @@
 export interface UserResponse {
-  id: number
+  uid: string
   username: string
   displayName: string
   isAdmin: boolean
 }
 
 export interface GroupResponse {
-  groupId: number
+  uid: string
   name: string
   description: string
 }
@@ -17,7 +17,7 @@ export interface GroupDetailsResponse extends GroupResponse {
 }
 
 export interface PermissionResponse {
-  permissionId: number
+  uid: string
   path: string
   type: string
   setting: string
@@ -30,7 +30,7 @@ export interface RegisterPermissionPayload {
   type: string
   setting: string
   principalType: string
-  principalId: number
+  principalId: string
 }
 
 export interface TreeNode {