chore(release): 0.5.0 [skip ci]

# [0.5.0](https://github.com/sasjs/server/compare/v0.4.2...v0.5.0) (2022-06-16) ### Bug Fixes * npm audit fix to avoid warnings on npm i ([28a6a36](28a6a36bb7)) ### Features * **api:** deployment through zipped/compressed file ([b81d742](b81d742c6c))
Merge pull request #196 from sasjs/issue173
2025-12-10 19:34:34 +00:00 · 2022-06-16 13:31:09 +00:00 · 2022-06-16 06:26:32 -07:00 · 2022-06-16 13:07:59 +00:00 · 2022-06-16 17:58:56 +05:00 · 2022-06-16 00:56:51 +05:00
107 changed files with 14432 additions and 2506 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -2,25 +2,22 @@
 Contributions are very welcome!  Feel free to raise an issue or start a discussion, for help in getting started.
 The app can be deployed using Docker or NodeJS.
 ## Configuration
-Configuration is made in the `configuration` section of `package.json`:
+Configuration is made using `.env` files (per [README.md](https://github.com/sasjs/server#env-var-configuration) settings), _except_ for one case, when running in NodeJS in production - in which case the path to the SAS executable is made in the `configuration` section of `package.json`.
- Provide path to SAS9 executable.
+The `.env` file should be created in the location(s) below.  Each folder contains a `.env.example` file that may be adjusted and renamed.
 * `.env` - the root .env file is used only for Docker deploys.
 * `api/.env` - this is the primary file used in NodeJS deploys
 * `web/.env` - this file is only necessary in NodeJS when running `web` and `api` seperately (on different ports).
-### Using dockers:
+## Using Docker
-There is `.env.example` file present at root of the project. [for Production]
+### Docker Development Mode
 There is `.env.example` file present at `./api` of the project. [for Development]
 There is `.env.example` file present at `./web` of the project. [for Development]
 Remember to provide enviornment variables.
 #### Development
 Command to run docker for development:
@@ -38,7 +35,7 @@ It will build following images if running first time:
 - `mongo-seed-clients` - will be populating client data specified in _./mongo-seed/clients/client.json_
-#### Production
+### Docker Production Mode
 Command to run docker for production:
@@ -54,47 +51,45 @@ It will build following images if running first time:
 - `mongo-seed-users` - will be populating user data specified in _./mongo-seed/users/user.json_
 - `mongo-seed-clients` - will be populating client data specified in _./mongo-seed/clients/client.json_
-### Using node:
+## Using NodeJS:
-#### Development (running api and web seperately):
+Be sure to use v16 or above, and to set your environment variables in the relevant `.env` file(s) - else defaults will be used.
-##### API
+### NodeJS Development Mode
-Navigate to `./api`
+SASjs Server is split between an API server (serving REST requests) and a WEB Server (everything else).  These can be run together, or on seperate ports.
-There is `.env.example` file present at `./api` directory. Remember to provide enviornment variables else default values will be used mentioned in `.env.example` files
+
-Command to install and run api server.
+### NodeJS Dev - Single Port
 Here the environment variables should be configured under `api.env`.  Then:
 ```
 cd ./web && npm i && npm build
 cd ../api && npm i && npm start
 ```
 ### NodeJS Dev - Seperate Ports
 Set the backend variables in `api/.env` and the frontend variables in `web/.env`. Then:
 #### API server
 ```
 cd api
 npm install
 npm start
 ```
-##### Web
+#### Web Server 
 Navigate to `./web`
 There is `.env.example` file present at `./web` directory. Remember to provide enviornment variables else default values will be used mentioned in `.env.example` files
 Command to install and run api server.
 ```
 cd web
 npm install
 npm start
 ```
-#### Development (running only api server and have web build served):
+#### NodeJS Production Mode
-##### API server also serving Web build files
+Update the `.env` file in the *api* folder.  Then:
 There is `.env.example` file present at `./api` directory. Remember to provide enviornment variables else default values will be used mentioned in `.env.example` files
 Command to install and run api server.
 ```
 cd ./web && npm i && npm build && cd ../
 cd ./api && npm i && npm start
 ```
 #### Production
 ##### API & WEB
 ```
 npm run server
@@ -105,7 +100,7 @@ This will install/build `web` and install `api`, then start prod server.
 ## Executables
-Command to generate executables
+In order to generate the final executables:
 ```
 cd ./web && npm i && npm build && cd ../
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -54,6 +54,7 @@ jobs:
          ACCESS_TOKEN_SECRET: ${{secrets.ACCESS_TOKEN_SECRET}}
          REFRESH_TOKEN_SECRET: ${{secrets.REFRESH_TOKEN_SECRET}}
          AUTH_CODE_SECRET: ${{secrets.AUTH_CODE_SECRET}}
          SESSION_SECRET: ${{secrets.SESSION_SECRET}}
      - name: Build Package
        working-directory: ./api
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,16 +2,26 @@ name: SASjs Server Executable Release
 on:
  push:
-    tags:
+    branches:
-      - 'v*.*.*'
+      - main
 jobs:
  release:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [lts/*]
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v2
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install Dependencies WEB
        working-directory: ./web
        run: npm ci
@@ -39,10 +49,11 @@ jobs:
          zip macos.zip api-macos
          zip windows.zip api-win.exe
      - name: Install Semantic Release and plugins
        run: |
          npm i
          npm i -g semantic-release
      - name: Release
-        uses: softprops/action-gh-release@v1
+        run: |
-        with:
+          GITHUB_TOKEN=${{ secrets.GH_TOKEN }} semantic-release
          files: |
            ./executables/linux.zip
            ./executables/macos.zip
            ./executables/windows.zip
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ node_modules/
 .DS_Store
 .env*
 sas/
 sasjs_root/
 tmp/
 build/
 sasjsbuild/
@@ -11,3 +12,4 @@ sasjscore/
 certificates/
 executables/
 .env
 api/csp.config.json
--- a/.releaserc
+++ b/.releaserc
@@ -0,0 +1,43 @@
 {
  "branches": [
    "main"
  ],
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    "@semantic-release/changelog",
    [
      "@semantic-release/git",
      {
        "assets": [
          "CHANGELOG.md"
        ]
      }
    ],
    [
      "@semantic-release/github",
      {
        "assets": [
          {
            "path": "./executables/linux.zip",
            "label": "Linux Executable Binary"
          },
          {
            "path": "./executables/macos.zip",
            "label": "Macos Executable Binary"
          },
          {
            "path": "./executables/windows.zip",
            "label": "Windows Executable Binary"
          }
        ]
      }
    ],
    [
      "@semantic-release/exec",
      {
        "publishCmd": "echo 'publish command'"
      }
    ]
  ]
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,337 @@
-# Changelog
+# [0.5.0](https://github.com/sasjs/server/compare/v0.4.2...v0.5.0) (2022-06-16)
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
 ### Bug Fixes
 * npm audit fix to avoid warnings on npm i ([28a6a36](https://github.com/sasjs/server/commit/28a6a36bb708b93fb5c2b74d587e9b2e055582be))
 ### Features
 * **api:** deployment through zipped/compressed file ([b81d742](https://github.com/sasjs/server/commit/b81d742c6c70d4cf1cab365b0e3efc087441db00))
 ## [0.4.2](https://github.com/sasjs/server/compare/v0.4.1...v0.4.2) (2022-06-15)
 ### Bug Fixes
 * appStream redesign ([73792fb](https://github.com/sasjs/server/commit/73792fb574c90bd280c4324e0b41c6fee7d572b6))
 ## [0.4.1](https://github.com/sasjs/server/compare/v0.4.0...v0.4.1) (2022-06-15)
 ### Bug Fixes
 * add/remove group to User when adding/removing user from group and return group membership on getting user ([e08bbcc](https://github.com/sasjs/server/commit/e08bbcc5435cbabaee40a41a7fb667d4a1f078e6))
 # [0.4.0](https://github.com/sasjs/server/compare/v0.3.10...v0.4.0) (2022-06-14)
 ### Features
 * new APIs added for GET|PATCH|DELETE of user by username ([aef411a](https://github.com/sasjs/server/commit/aef411a0eac625c33274dfe3e88b6f75115c44d8))
 ## [0.3.10](https://github.com/sasjs/server/compare/v0.3.9...v0.3.10) (2022-06-14)
 ### Bug Fixes
 * correct syntax for encoding option ([32d372b](https://github.com/sasjs/server/commit/32d372b42fbf56b6c0779e8f704164eaae1c7548))
 ## [0.3.9](https://github.com/sasjs/server/compare/v0.3.8...v0.3.9) (2022-06-14)
 ### Bug Fixes
 * forcing utf 8 encoding. Closes [#76](https://github.com/sasjs/server/issues/76) ([8734489](https://github.com/sasjs/server/commit/8734489cf014aedaca3f325e689493e4fe0b71ca))
 ## [0.3.8](https://github.com/sasjs/server/compare/v0.3.7...v0.3.8) (2022-06-13)
 ### Bug Fixes
 * execution controller better error handling ([8a617a7](https://github.com/sasjs/server/commit/8a617a73ae63233332f5788c90f173d6cd5e1283))
 * execution controller error details ([3fa2a7e](https://github.com/sasjs/server/commit/3fa2a7e2e32f90050f6b09e30ce3ef725eb0b15f))
 ## [0.3.7](https://github.com/sasjs/server/compare/v0.3.6...v0.3.7) (2022-06-08)
 ### Bug Fixes
 * **appstream:** redirect to relative + nested resource should be accessed ([5ab35b0](https://github.com/sasjs/server/commit/5ab35b02c4417132dddb5a800982f31d0d50ef66))
 ## [0.3.6](https://github.com/sasjs/server/compare/v0.3.5...v0.3.6) (2022-06-02)
 ### Bug Fixes
 * **appstream:** should serve only new files for same app stream name with new deployment ([e6d1989](https://github.com/sasjs/server/commit/e6d1989847761fbe562d7861ffa0ee542839b125))
 ## [0.3.5](https://github.com/sasjs/server/compare/v0.3.4...v0.3.5) (2022-05-30)
 ### Bug Fixes
 * bumping sasjs/core library ([61815f8](https://github.com/sasjs/server/commit/61815f8ae18be132e17c199cd8e3afbcc2fa0b60))
 ## [0.3.4](https://github.com/sasjs/server/compare/v0.3.3...v0.3.4) (2022-05-30)
 ### Bug Fixes
 * **web:** system username for DESKTOP mode ([a8ba378](https://github.com/sasjs/server/commit/a8ba378fd1ff374ba025a96fdfae5c6c36954465))
 ## [0.3.3](https://github.com/sasjs/server/compare/v0.3.2...v0.3.3) (2022-05-30)
 ### Bug Fixes
 * usage of autoexec API in DESKTOP mode ([12d424a](https://github.com/sasjs/server/commit/12d424acce8108a6f53aefbac01fddcdc5efb48f))
 ## [0.3.2](https://github.com/sasjs/server/compare/v0.3.1...v0.3.2) (2022-05-27)
 ### Bug Fixes
 * **web:** ability to use get/patch User API in desktop mode. ([2c259fe](https://github.com/sasjs/server/commit/2c259fe1de95d84e6929e311aaa6b895e66b42a3))
 ## [0.3.1](https://github.com/sasjs/server/compare/v0.3.0...v0.3.1) (2022-05-26)
 ### Bug Fixes
 * **api:** username should be lowercase ([5ad6ee5](https://github.com/sasjs/server/commit/5ad6ee5e0f5d7d6faa45b72215f1d9d55cfc37db))
 * **web:** reduced width for autoexec input ([7d11cc7](https://github.com/sasjs/server/commit/7d11cc79161e5a07f6c5392d742ef6b9d8658071))
 # [0.3.0](https://github.com/sasjs/server/compare/v0.2.0...v0.3.0) (2022-05-25)
 ### Features
 * **web:** added profile + edit + autoexec changes ([c275db1](https://github.com/sasjs/server/commit/c275db184e874f0ee3a4f08f2592cfacf1e90742))
 # [0.2.0](https://github.com/sasjs/server/compare/v0.1.0...v0.2.0) (2022-05-25)
 ### Bug Fixes
 * **autoexec:** usage in case of desktop from file ([79dc2db](https://github.com/sasjs/server/commit/79dc2dba23dc48ec218a973119392a45cb3856b5))
 ### Features
 * **api:** added autoexec + major type setting changes ([2a7223a](https://github.com/sasjs/server/commit/2a7223ad7d6b8f3d4682447fd25d9426a7c79ac3))
 # [0.1.0](https://github.com/sasjs/server/compare/v0.0.77...v0.1.0) (2022-05-23)
 ### Bug Fixes
 * issue174 + issue175 + issue146 ([80b33c7](https://github.com/sasjs/server/commit/80b33c7a18c1b7727316ffeca71658346733e935))
 * **web:** click to copy + notification ([f37f8e9](https://github.com/sasjs/server/commit/f37f8e95d1a85e00ceca2413dbb5e1f3f3f72255))
 ### Features
 * **env:** added new env variable LOG_FORMAT_MORGAN ([53bf68a](https://github.com/sasjs/server/commit/53bf68a6aff44bb7b2f40d40d6554809253a01a8))
 ## [0.0.77](https://github.com/sasjs/server/compare/v0.0.76...v0.0.77) (2022-05-16)
 ### Bug Fixes
 * **release:** Github workflow without npm token ([c017d13](https://github.com/sasjs/server/commit/c017d13061d21aeacd0690367992d12ca57a115b))
 ### [0.0.76](https://github.com/sasjs/server/compare/v0.0.75...v0.0.76) (2022-05-16)
 ### Bug Fixes
 * get csrf token from cookie if not present in header ([f89389b](https://github.com/sasjs/server/commit/f89389bbc6f1f8f7060db2bdeb89746cbd60f533))
 ### [0.0.75](https://github.com/sasjs/server/compare/v0.0.69...v0.0.75) (2022-05-12)
 ### Features
 * CSP_DISABLE env option ([dd3acce](https://github.com/sasjs/server/commit/dd3acce3935e7cfc0b2c44a401314306915a3a10))
 ### Bug Fixes
 * added more cookies to req ([4a8e32d](https://github.com/sasjs/server/commit/4a8e32dd20b540b6dc92d749fad90d6c7fc69376))
 * bumping core ([c0b57b9](https://github.com/sasjs/server/commit/c0b57b9e76d6db33fc64a68556a8be979dd69e40))
 * csp updates ([7cfa239](https://github.com/sasjs/server/commit/7cfa2398e12c5e515d27c896f36ff91604c2124d))
 * helmet config on http mode ([b0fdaaa](https://github.com/sasjs/server/commit/b0fdaaaa79e3135699c51effac0388d8ec5ab23b))
 * moved getAuthCode from api to web routes ([b40de8f](https://github.com/sasjs/server/commit/b40de8fa6a5aa763ed25a6fe6a381e483e0ab824))
 * reqHeadrs.txt will contain headers to access APIs ([636301e](https://github.com/sasjs/server/commit/636301e664416fb085f704d83deb7f39ee0a91a7))
 * **web:** seperate container for auth code ([5888f04](https://github.com/sasjs/server/commit/5888f04e08a32c6d2c7bcfcbc3a1d32425bff3b3))
 ### [0.0.74](https://github.com/sasjs/server/compare/v0.0.73...v0.0.74) (2022-05-12)
 ### Bug Fixes
 * csp updates ([7cfa239](https://github.com/sasjs/server/commit/7cfa2398e12c5e515d27c896f36ff91604c2124d))
 ### [0.0.73](https://github.com/sasjs/server/compare/v0.0.72...v0.0.73) (2022-05-10)
 ### Bug Fixes
 * helmet config on http mode ([b0fdaaa](https://github.com/sasjs/server/commit/b0fdaaaa79e3135699c51effac0388d8ec5ab23b))
 ### [0.0.72](https://github.com/sasjs/server/compare/v0.0.71...v0.0.72) (2022-05-09)
 ### [0.0.71](https://github.com/sasjs/server/compare/v0.0.70...v0.0.71) (2022-05-07)
 ### Bug Fixes
 * added more cookies to req ([4a8e32d](https://github.com/sasjs/server/commit/4a8e32dd20b540b6dc92d749fad90d6c7fc69376))
 * bumping core ([c0b57b9](https://github.com/sasjs/server/commit/c0b57b9e76d6db33fc64a68556a8be979dd69e40))
 * reqHeadrs.txt will contain headers to access APIs ([636301e](https://github.com/sasjs/server/commit/636301e664416fb085f704d83deb7f39ee0a91a7))
 ### [0.0.70](https://github.com/sasjs/server/compare/v0.0.69...v0.0.70) (2022-05-06)
 ### Features
 * CSP_DISABLE env option ([dd3acce](https://github.com/sasjs/server/commit/dd3acce3935e7cfc0b2c44a401314306915a3a10))
 ### [0.0.69](https://github.com/sasjs/server/compare/v0.0.68...v0.0.69) (2022-05-02)
 ### Bug Fixes
 * **upload:** appStream uses CSRF + Session authentication ([1f89279](https://github.com/sasjs/server/commit/1f8927926405887f3d134c0a1dd6452ffa33876e))
 ### [0.0.68](https://github.com/sasjs/server/compare/v0.0.67...v0.0.68) (2022-05-02)
 ### Bug Fixes
 * using monaco editor locally ([2548c82](https://github.com/sasjs/server/commit/2548c82dfe1149e62a570a00546dddd9e30049b1))
 ### [0.0.67](https://github.com/sasjs/server/compare/v0.0.66...v0.0.67) (2022-05-01)
 ### [0.0.66](https://github.com/sasjs/server/compare/v0.0.64...v0.0.66) (2022-05-01)
 ### Bug Fixes
 * added swagger ui init file manually ([e2a97fc](https://github.com/sasjs/server/commit/e2a97fcb7c54a57a7ca118677cfce93fe9430d8f))
 * consume swagger api with CSRF ([5aaac24](https://github.com/sasjs/server/commit/5aaac24080362d6ce0c5d1157798a9343f40ae2a))
 ### [0.0.65](https://github.com/sasjs/server/compare/v0.0.64...v0.0.65) (2022-05-01)
 ### Bug Fixes
 * consume swagger api with CSRF ([5aaac24](https://github.com/sasjs/server/commit/5aaac24080362d6ce0c5d1157798a9343f40ae2a))
 ### [0.0.64](https://github.com/sasjs/server/compare/v0.0.63...v0.0.64) (2022-04-30)
 ### Bug Fixes
 * removed fileExists for serving web ([7b39cc0](https://github.com/sasjs/server/commit/7b39cc06d358f5ffecb87955040c4eb0fcc7469e))
 ### [0.0.63](https://github.com/sasjs/server/compare/v0.0.62...v0.0.63) (2022-04-30)
 ### [0.0.62](https://github.com/sasjs/server/compare/v0.0.61...v0.0.62) (2022-04-30)
 ### [0.0.61](https://github.com/sasjs/server/compare/v0.0.59...v0.0.61) (2022-04-30)
 ### Bug Fixes
 * added CSRF check for granting access via session authentication ([b060ad1](https://github.com/sasjs/server/commit/b060ad1b8e0bbc61c20dc25be553bba4cc4d2716))
 * setting CSRF Token for only rendering SPA ([b4b60c6](https://github.com/sasjs/server/commit/b4b60c69cf67a42f4797f7f1afe68b7a5eec2998))
 ### [0.0.60](https://github.com/sasjs/server/compare/v0.0.59...v0.0.60) (2022-04-30)
 ### Bug Fixes
 * added CSRF check for granting access via session authentication ([b060ad1](https://github.com/sasjs/server/commit/b060ad1b8e0bbc61c20dc25be553bba4cc4d2716))
 * setting CSRF Token for only rendering SPA ([b4b60c6](https://github.com/sasjs/server/commit/b4b60c69cf67a42f4797f7f1afe68b7a5eec2998))
 ### [0.0.59](https://github.com/sasjs/server/compare/v0.0.58...v0.0.59) (2022-04-29)
 ### Features
 * enabled csrf tokens for web component ([e462aeb](https://github.com/sasjs/server/commit/e462aebdc01f3c0068ed0074473a2063412dcf45))
 * enabled session based authentication for web ([5da93f3](https://github.com/sasjs/server/commit/5da93f318aad10b1c67032a467191e4dbb99f411))
 ### Bug Fixes
 * fetch client from DB for each request ([4ad8c81](https://github.com/sasjs/server/commit/4ad8c81e4927c1a82220ec015a781b095c8e859e))
 * **web:** show display name instead of username ([e57443f](https://github.com/sasjs/server/commit/e57443f1ed662a022494bb93d79c3d2f10a2d082))
 ### [0.0.58](https://github.com/sasjs/server/compare/v0.0.57...v0.0.58) (2022-04-24)
 ### Bug Fixes
 * bumping core library to get latest user management macros ([4862071](https://github.com/sasjs/server/commit/486207128da58fc4866bd0919c1bed2bd98097ea))
 * missing dependency ([d09876c](https://github.com/sasjs/server/commit/d09876c05f89166eec20064f7aa7ed5b867be081))
 ### [0.0.57](https://github.com/sasjs/server/compare/v0.0.56...v0.0.57) (2022-04-21)
 ### Features
 * create AppContext ([84ee743](https://github.com/sasjs/server/commit/84ee743eae16e87eaa91969393bebf01e2d15a44))
 ### [0.0.56](https://github.com/sasjs/server/compare/v0.0.55...v0.0.56) (2022-04-20)
 ### Bug Fixes
 * shortening min length of username.  Closes [#61](https://github.com/sasjs/server/issues/61) ([f02996f](https://github.com/sasjs/server/commit/f02996facf1019ec4022ccfbc99c1d0137074e1b))
 ### [0.0.55](https://github.com/sasjs/server/compare/v0.0.53...v0.0.55) (2022-04-20)
 ### Bug Fixes
 * added db seed at server startup ([2e63831](https://github.com/sasjs/server/commit/2e63831b90c7457e0e322719ebb1193fd6181cc3))
 * drive path in server mode ([c4cea4a](https://github.com/sasjs/server/commit/c4cea4a12b7eda4daeed995f41c0b10bcea79871))
 ### [0.0.54](https://github.com/sasjs/server/compare/v0.0.53...v0.0.54) (2022-04-19)
 ### Bug Fixes
 * added db seed at server startup ([2e63831](https://github.com/sasjs/server/commit/2e63831b90c7457e0e322719ebb1193fd6181cc3))
 ### [0.0.53](https://github.com/sasjs/server/compare/v0.0.49...v0.0.53) (2022-04-19)
 ### Features
 * add api for getting server info ([9fb5f1f](https://github.com/sasjs/server/commit/9fb5f1f8e7d4e2d767cc1ff7285c99514834cf32))
 * **appstream:** Upload an app from appStream page ([74ba65f](https://github.com/sasjs/server/commit/74ba65f9f330bf8c98c12a9c66bb60773d5a7b77))
 * run button running man, sub menu added ([68e84b0](https://github.com/sasjs/server/commit/68e84b0994a3fa6ff56b07635c637c6e3a57bfda))
 * running code with CTRL+ENTER ([b93a0da](https://github.com/sasjs/server/commit/b93a0da3a380926c87548b69309b2d0c1b7e617f))
 ### Bug Fixes
 * provide clientId to web component ([db70b1c](https://github.com/sasjs/server/commit/db70b1ce555df6b29fb09c0c960d38b911c97b1b))
 * session death time has to be a valid string number ([23db7e7](https://github.com/sasjs/server/commit/23db7e7b7df2f22bbf7ce16865f83091624d8047))
 * web component added tooltip for webout in studio ([61080d4](https://github.com/sasjs/server/commit/61080d4694859306049346d2e3174f27bb6dac16))
 * web component UI fix for studio scrolling ([f257602](https://github.com/sasjs/server/commit/f25760283492140cc1f14e51ed27673ec28baaf3))
 ### [0.0.52](https://github.com/sasjs/server/compare/v0.0.51...v0.0.52) (2022-04-17)
 ### Features
 * add api for getting server info ([9fb5f1f](https://github.com/sasjs/server/commit/9fb5f1f8e7d4e2d767cc1ff7285c99514834cf32))
 ### [0.0.51](https://github.com/sasjs/server/compare/v0.0.50...v0.0.51) (2022-04-15)
--- a/README.md
+++ b/README.md
@@ -48,15 +48,22 @@ When launching the app, it will make use of specific environment variables. Thes
 Example contents of a `.env` file:
 ```
-# options: [desktop|server] default: `desktop`
+#
 ## Core Settings
 #
 # MODE options: [desktop|server] default: `desktop`
 # Desktop mode is single user and designed for workstation use
 # Server mode is multi-user and suitable for intranet / internet use
 MODE=
-# options: [disable|enable] default: `disable` for `server` & `enable` for `desktop`
+# Path to SAS executable (sas.exe / sas.sh)
-# If enabled, be sure to also configure the WHITELIST of third party servers.
+SAS_PATH=/path/to/sas/executable.exe
 CORS=
-# options: <http://localhost:3000 https://abc.com ...> space separated urls
+# Path to working directory
-WHITELIST=
+# This location is for SAS WORK, staged files, DRIVE, configuration etc
 SASJS_ROOT=./sasjs_root
 # options: [http|https] default: http
 PROTOCOL=
@@ -65,16 +72,22 @@ PROTOCOL=
 PORT=
-# optional
+#
-# for MODE: `desktop`, prompts user
+## Additional SAS Options
-# for MODE: `server` gets value from api/package.json `configuration.sasPath`
+#
 SAS_PATH=/path/to/sas/executable.exe
-# optional
+# On windows use SAS_OPTIONS and on unix use SASV9_OPTIONS
-# for MODE: `desktop`, prompts user
+# Any options set here are automatically applied in the SAS session
-# for MODE: `server` defaults to /tmp
+# See: https://documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/hostunx/p0wrdmqp8k0oyyn1xbx3bp3qy2wl.htm
-DRIVE_PATH=/tmp
+# And: https://documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/hostwin/p0drw76qo0gig2n1kcoliekh605k.htm#p09y7hx0grw1gin1giuvrjyx61m6
 SAS_OPTIONS= -NOXCMD
 SASV9_OPTIONS= -NOXCMD
 #
 ## Additional Web Server Options
 #
 # ENV variables required for PROTOCOL: `https`
 PRIVATE_KEY=privkey.pem
@@ -84,26 +97,61 @@ FULL_CHAIN=fullchain.pem
 ACCESS_TOKEN_SECRET=<secret>
 REFRESH_TOKEN_SECRET=<secret>
 AUTH_CODE_SECRET=<secret>
 SESSION_SECRET=<secret>
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
-# SAS Options
+# options: [disable|enable] default: `disable` for `server` & `enable` for `desktop`
-# On windows use SAS_OPTIONS and on unix use SASV9_OPTIONS
+# If enabled, be sure to also configure the WHITELIST of third party servers.
-# Any options set here are automatically applied in the SAS session
+CORS=
-# See: https://documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/hostunx/p0wrdmqp8k0oyyn1xbx3bp3qy2wl.htm
+
-# And: https://documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/hostwin/p0drw76qo0gig2n1kcoliekh605k.htm#p09y7hx0grw1gin1giuvrjyx61m6
+# options: <http://localhost:3000 https://abc.com ...> space separated urls
-SAS_OPTIONS= -NOXCMD
+WHITELIST=
-SASV9_OPTIONS= -NOXCMD
+
 # HELMET Cross Origin Embedder Policy
 # Sets the Cross-Origin-Embedder-Policy header to require-corp when `true`
 # options: [true|false] default: true
 # Docs: https://helmetjs.github.io/#reference (`crossOriginEmbedderPolicy`)
 HELMET_COEP=
 # HELMET Content Security Policy
 # Path to a json file containing HELMET `contentSecurityPolicy` directives
 # Docs: https://helmetjs.github.io/#reference
 #
 # Example config:
 # {
 #   "img-src": ["'self'", "data:"],
 #   "script-src": ["'self'", "'unsafe-inline'"],
 #   "script-src-attr": ["'self'", "'unsafe-inline'"]
 # }
 HELMET_CSP_CONFIG_PATH=./csp.config.json
 # LOG_FORMAT_MORGAN options: [combined|common|dev|short|tiny] default: `common`
 # Docs: https://www.npmjs.com/package/morgan#predefined-formats
 LOG_FORMAT_MORGAN=
 ```
 ## Persisting the Session
-Normally the server process will stop when your terminal dies. To keep it going you can use the npm package [pm2](https://www.npmjs.com/package/pm2) (`npm install pm2@latest -g`) as follows:
+Normally the server process will stop when your terminal dies. To keep it going you can use the following suggested approaches:
 1. Linux Background Job
 2. NPM package `pm2`
 ### Background Job
 Trigger the command using NOHUP, redirecting the output commands, eg `nohup ./api-linux > server.log 2>&1 &`.
 You can now see the job running using the `jobs` command. To ensure that it will still run when your terminal is closed, execute the `disown` command. To kill it later, use the `kill -9 <pid>` command. You can see your sessions using `top -u <userid>`. Type `c` to see the commands being run against each pid.
 ### PM2
 Install the npm package [pm2](https://www.npmjs.com/package/pm2) (`npm install pm2@latest -g`) and execute, eg as follows:
 ```bash
 export SAS_PATH=/opt/sas9/SASHome/SASFoundation/9.4/sasexe/sas
 export PORT=5001
-export DRIVE_PATH=./tmp
+export SASJS_ROOT=./sasjs_root
 pm2 start api-linux
 ```
@@ -132,7 +180,7 @@ Instead of `app_name` you can pass:
 ## Server Version
-The following credentials can be used for the initial connection to SASjs/server. It is recommended to change these on first use.
+The following credentials can be used for the initial connection to SASjs/server. It is highly recommended to change these on first use.
 - CLIENTID: `clientID1`
 - USERNAME: `secretuser`
--- a/api/.env.example
+++ b/api/.env.example
@@ -1,14 +1,23 @@
 MODE=[desktop|server] default considered as desktop
 CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE
 WHITELIST=<space separated urls, each starting with protocol `http` or `https`>
 PROTOCOL=[http|https] default considered as http
 PRIVATE_KEY=privkey.pem
 FULL_CHAIN=fullchain.pem
 PORT=[5000] default value is 5000
 HELMET_CSP_CONFIG_PATH=./csp.config.json if omitted HELMET default will be used
 HELMET_COEP=[true|false] if omitted HELMET default will be used
 ACCESS_TOKEN_SECRET=<secret>
 REFRESH_TOKEN_SECRET=<secret>
 AUTH_CODE_SECRET=<secret>
 SESSION_SECRET=<secret>
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 SAS_PATH=/opt/sas/sas9/SASHome/SASFoundation/9.4/sas
-DRIVE_PATH=./tmp
+SASJS_ROOT=./sasjs_root
 LOG_FORMAT_MORGAN=common
--- a/api/csp.config.example.json
+++ b/api/csp.config.example.json
@@ -0,0 +1,5 @@
 {
  "img-src": ["'self'", "data:"],
  "script-src": ["'self'", "'unsafe-inline'"],
  "script-src-attr": ["'self'", "'unsafe-inline'"]
 }
--- a/api/package-lock.json
+++ b/api/package-lock.json
--- a/api/package.json
+++ b/api/package.json
@@ -8,6 +8,7 @@
    "prestart": "npm run initial",
    "prebuild": "npm run initial",
    "start": "nodemon ./src/server.ts",
    "start:prod": "node ./build/src/server.js",
    "build": "rimraf build && tsc",
    "postbuild": "npm run copy:files",
    "swagger": "tsoa spec",
@@ -46,25 +47,34 @@
  },
  "author": "4GL Ltd",
  "dependencies": {
-    "@sasjs/core": "4.9.0",
+    "@sasjs/core": "^4.27.3",
    "@sasjs/utils": "2.42.1",
    "bcryptjs": "^2.4.3",
    "connect-mongo": "^4.6.0",
    "cookie-parser": "^1.4.6",
    "cors": "^2.8.5",
    "csurf": "^1.11.0",
    "express": "^4.17.1",
    "express-session": "^1.17.2",
    "helmet": "^5.0.2",
    "joi": "^17.4.2",
    "jsonwebtoken": "^8.5.1",
    "mongoose": "^6.0.12",
    "mongoose-sequence": "^5.3.1",
    "morgan": "^1.10.0",
    "multer": "^1.4.3",
-    "swagger-ui-express": "^4.1.6"
+    "swagger-ui-express": "4.3.0",
    "unzipper": "^0.10.11",
    "url": "^0.10.3"
  },
  "devDependencies": {
    "@types/adm-zip": "^0.5.0",
    "@types/bcryptjs": "^2.4.2",
    "@types/cookie-parser": "^1.4.2",
    "@types/cors": "^2.8.12",
    "@types/csurf": "^1.11.2",
    "@types/express": "^4.17.12",
    "@types/express-session": "^1.17.4",
    "@types/jest": "^26.0.24",
    "@types/jsonwebtoken": "^8.5.5",
    "@types/mongoose-sequence": "^3.0.6",
@@ -73,12 +83,14 @@
    "@types/node": "^15.12.2",
    "@types/supertest": "^2.0.11",
    "@types/swagger-ui-express": "^4.1.3",
    "@types/unzipper": "^0.10.5",
    "adm-zip": "^0.5.9",
    "dotenv": "^10.0.0",
    "http-headers-validation": "^0.0.1",
    "jest": "^27.0.6",
    "mongodb-memory-server": "^8.0.0",
    "nodemon": "^2.0.7",
-    "pkg": "5.5.2",
+    "pkg": "5.6.0",
    "prettier": "^2.3.1",
    "rimraf": "^3.0.2",
    "supertest": "^6.1.3",
@@ -87,12 +99,9 @@
    "tsoa": "3.14.1",
    "typescript": "^4.3.2"
  },
  "configuration": {
    "sasPath": "/opt/sas/sas9/SASHome/SASFoundation/9.4/sas"
  },
  "nodemonConfig": {
    "ignore": [
-      "tmp/**/*"
+      "sasjs_root/**/*"
    ]
  }
 }
--- a/api/public/SASjsApi/swagger-ui-init.js
+++ b/api/public/SASjsApi/swagger-ui-init.js
@@ -0,0 +1,50 @@
 window.onload = function () {
  // Build a system
  var url = window.location.search.match(/url=([^&]+)/)
  if (url && url.length > 1) {
    url = decodeURIComponent(url[1])
  } else {
    url = window.location.origin
  }
  var options = {
    customOptions: {
      url: '/swagger.yaml',
      requestInterceptor: function (request) {
        request.credentials = 'include'
        var cookie = document.cookie
        var startIndex = cookie.indexOf('XSRF-TOKEN')
        var csrf = cookie.slice(startIndex + 11).split('; ')[0]
        request.headers['X-XSRF-TOKEN'] = csrf
        return request
      }
    }
  }
  url = options.swaggerUrl || url
  var urls = options.swaggerUrls
  var customOptions = options.customOptions
  var spec1 = options.swaggerDoc
  var swaggerOptions = {
    spec: spec1,
    url: url,
    urls: urls,
    dom_id: '#swagger-ui',
    deepLinking: true,
    presets: [SwaggerUIBundle.presets.apis, SwaggerUIStandalonePreset],
    plugins: [SwaggerUIBundle.plugins.DownloadUrl],
    layout: 'StandaloneLayout'
  }
  for (var attrname in customOptions) {
    swaggerOptions[attrname] = customOptions[attrname]
  }
  var ui = SwaggerUIBundle(swaggerOptions)
  if (customOptions.oauth) {
    ui.initOAuth(customOptions.oauth)
  }
  if (customOptions.authAction) {
    ui.authActions.authorize(customOptions.authAction)
  }
  window.ui = ui
 }
--- a/api/public/app-streams-script.js
+++ b/api/public/app-streams-script.js
@@ -0,0 +1,49 @@
 const inputElement = document.getElementById('fileId')
 document.getElementById('uploadButton').addEventListener('click', function () {
  inputElement.click()
 })
 inputElement.addEventListener(
  'change',
  function () {
    const fileList = this.files /* now you can work with the file list */
    updateFileUploadMessage('Requesting ...')
    const file = fileList[0]
    const formData = new FormData()
    formData.append('file', file)
    axios
      .post('/SASjsApi/drive/deploy/upload', formData)
      .then((res) => res.data)
      .then((data) => {
        return (
          data.message +
          '\nstreamServiceName: ' +
          data.streamServiceName +
          '\nrefreshing page once alert box closes.'
        )
      })
      .then((message) => {
        alert(message)
        location.reload()
      })
      .catch((error) => {
        alert(error.response.data)
        resetFileUpload()
        updateFileUploadMessage('Upload New App')
      })
  },
  false
 )
 function updateFileUploadMessage(message) {
  document.getElementById('uploadMessage').innerHTML = message
 }
 function resetFileUpload() {
  inputElement.value = null
 }
--- a/api/public/axios.min.js
+++ b/api/public/axios.min.js
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -5,36 +5,6 @@ components:
    requestBodies: {}
    responses: {}
    schemas:
        AuthorizeResponse:
            properties:
                code:
                    type: string
                    description: 'Authorization code'
                    example: someRandomCryptoString
            required:
                - code
            type: object
            additionalProperties: false
        AuthorizePayload:
            properties:
                username:
                    type: string
                    description: 'Username for user'
                    example: secretuser
                password:
                    type: string
                    description: 'Password for user'
                    example: secretpassword
                clientId:
                    type: string
                    description: 'Client ID'
                    example: clientID1
            required:
                - username
                - password
                - clientId
            type: object
            additionalProperties: false
        TokenResponse:
            properties:
                accessToken:
@@ -77,6 +47,41 @@ components:
                - userId
            type: object
            additionalProperties: false
        LoginPayload:
            properties:
                username:
                    type: string
                    description: 'Username for user'
                    example: secretuser
                password:
                    type: string
                    description: 'Password for user'
                    example: secretpassword
            required:
                - username
                - password
            type: object
            additionalProperties: false
        AuthorizeResponse:
            properties:
                code:
                    type: string
                    description: 'Authorization code'
                    example: someRandomCryptoString
            required:
                - code
            type: object
            additionalProperties: false
        AuthorizePayload:
            properties:
                clientId:
                    type: string
                    description: 'Client ID'
                    example: clientID1
            required:
                - clientId
            type: object
            additionalProperties: false
        ClientPayload:
            properties:
                clientId:
@@ -305,6 +310,21 @@ components:
                - displayName
            type: object
            additionalProperties: false
        GroupResponse:
            properties:
                groupId:
                    type: number
                    format: double
                name:
                    type: string
                description:
                    type: string
            required:
                - groupId
                - name
                - description
            type: object
            additionalProperties: false
        UserDetailsResponse:
            properties:
                id:
@@ -318,6 +338,12 @@ components:
                    type: boolean
                isAdmin:
                    type: boolean
                autoExec:
                    type: string
                groups:
                    items:
                        $ref: '#/components/schemas/GroupResponse'
                    type: array
            required:
                - id
                - displayName
@@ -347,27 +373,16 @@ components:
                    type: boolean
                    description: 'Account should be active or not, defaults to true'
                    example: 'true'
                autoExec:
                    type: string
                    description: 'User-specific auto-exec code'
                    example: ""
            required:
                - displayName
                - username
                - password
            type: object
            additionalProperties: false
        GroupResponse:
            properties:
                groupId:
                    type: number
                    format: double
                name:
                    type: string
                description:
                    type: string
            required:
                - groupId
                - name
                - description
            type: object
            additionalProperties: false
        GroupDetailsResponse:
            properties:
                groupId:
@@ -410,6 +425,25 @@ components:
                - description
            type: object
            additionalProperties: false
        InfoResponse:
            properties:
                mode:
                    type: string
                cors:
                    type: string
                whiteList:
                    items:
                        type: string
                    type: array
                protocol:
                    type: string
            required:
                - mode
                - cors
                - whiteList
                - protocol
            type: object
            additionalProperties: false
        ExecuteReturnJsonPayload:
            properties:
                _program:
@@ -431,30 +465,6 @@ info:
        name: '4GL Ltd'
 openapi: 3.0.0
 paths:
    /SASjsApi/auth/authorize:
        post:
            operationId: Authorize
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/AuthorizeResponse'
                            examples:
                                'Example 1':
                                    value: {code: someRandomCryptoString}
            summary: 'Accept a valid username/password, plus a CLIENT_ID, and return an AUTH_CODE'
            tags:
                - Auth
            security: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/AuthorizePayload'
    /SASjsApi/auth/token:
        post:
            operationId: Token
@@ -512,6 +522,86 @@ paths:
                -
                    bearerAuth: []
            parameters: []
    /:
        get:
            operationId: Home
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                type: string
            summary: 'Render index.html'
            tags:
                - Web
            security: []
            parameters: []
    /SASLogon/login:
        post:
            operationId: Login
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                properties:
                                    user: {properties: {displayName: {type: string}, username: {type: string}, id: {type: number, format: double}}, required: [displayName, username, id], type: object}
                                    loggedIn: {type: boolean}
                                required:
                                    - user
                                    - loggedIn
                                type: object
            summary: 'Accept a valid username/password'
            tags:
                - Web
            security: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/LoginPayload'
    /SASLogon/authorize:
        post:
            operationId: Authorize
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/AuthorizeResponse'
                            examples:
                                'Example 1':
                                    value: {code: someRandomCryptoString}
            summary: 'Accept a valid username/password, plus a CLIENT_ID, and return an AUTH_CODE'
            tags:
                - Web
            security: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/AuthorizePayload'
    /logout:
        get:
            operationId: Logout
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema: {}
            summary: 'Accept a valid username/password'
            tags:
                - Web
            security: []
            parameters: []
    /SASjsApi/client:
        post:
            operationId: CreateClient
@@ -637,7 +727,8 @@ paths:
                            examples:
                                'Example 1':
                                    value: {status: failure, message: 'Deployment failed!'}
-            summary: 'Creates/updates files within SASjs Drive using uploaded JSON file.'
+            description: "Accepts JSON file and zipped compressed JSON file as well.\nCompressed file should only contain one JSON file and should have same name\nas of compressed file e.g. deploy.JSON should be compressed to deploy.JSON.zip\nAny other file or JSON file in zipped will be ignored!"
            summary: 'Creates/updates files within SASjs Drive using uploaded JSON/compressed JSON file.'
            tags:
                - Drive
            security:
@@ -899,6 +990,94 @@ paths:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/UserPayload'
    '/SASjsApi/user/by/username/{username}':
        get:
            operationId: GetUserByUsername
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/UserDetailsResponse'
            description: 'Only Admin or user itself will get user autoExec code.'
            summary: 'Get user properties - such as group memberships, userName, displayName.'
            tags:
                - User
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The User''s username'
                    in: path
                    name: username
                    required: true
                    schema:
                        type: string
                    example: johnSnow01
        patch:
            operationId: UpdateUserByUsername
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/UserDetailsResponse'
                            examples:
                                'Example 1':
                                    value: {id: 1234, displayName: 'John Snow', username: johnSnow01, isAdmin: false, isActive: true}
            summary: 'Update user properties - such as displayName. Can be performed either by admins, or the user in question.'
            tags:
                - User
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The User''s username'
                    in: path
                    name: username
                    required: true
                    schema:
                        type: string
                    example: johnSnow01
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/UserPayload'
        delete:
            operationId: DeleteUserByUsername
            responses:
                '204':
                    description: 'No content'
            summary: 'Delete a user. Can be performed either by admins, or the user in question.'
            tags:
                - User
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The User''s username'
                    in: path
                    name: username
                    required: true
                    schema:
                        type: string
                    example: johnSnow01
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            properties:
                                password:
                                    type: string
                            type: object
    '/SASjsApi/user/{userId}':
        get:
            operationId: GetUser
@@ -909,6 +1088,7 @@ paths:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/UserDetailsResponse'
            description: 'Only Admin or user itself will get user autoExec code.'
            summary: 'Get user properties - such as group memberships, userName, displayName.'
            tags:
                - User
@@ -1158,6 +1338,24 @@ paths:
                        format: double
                        type: number
                    example: '6789'
    /SASjsApi/info:
        get:
            operationId: Info
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/InfoResponse'
                            examples:
                                'Example 1':
                                    value: {mode: desktop, cors: enable, whiteList: ['http://example.com', 'http://example2.com'], protocol: http}
            summary: 'Get server info (mode, cors, whiteList, protocol).'
            tags:
                - Info
            security: []
            parameters: []
    /SASjsApi/session:
        get:
            operationId: Session
@@ -1244,6 +1442,9 @@ servers:
    -
        url: /
 tags:
    -
        name: Info
        description: 'Get Server Info'
    -
        name: Session
        description: 'Get Session information'
@@ -1268,3 +1469,6 @@ tags:
    -
        name: CODE
        description: 'Operations on SAS code'
    -
        name: Web
        description: 'Operations on Web'
--- a/api/scripts/systemInit.sas
+++ b/api/scripts/systemInit.sas
@@ -5,23 +5,12 @@
  _before_ any user-provided content.
  A number of useful CORE macros are also compiled below, so that they can be
-  available "out of the box".
+  available by default for Stored Programs.
  Note that the full CORE library is available to sessions in SASjs Studio.
  <h4> SAS Macros </h4>
  @li mcf_stpsrv_header.sas
  @li mf_getuser.sas
  @li mf_getvarlist.sas
  @li mf_mkdir.sas
  @li mf_nobs.sas
  @li mf_uid.sas
  @li mfs_httpheader.sas
-  @li mp_dirlist.sas
+  @li ms_webout.sas
  @li mp_ds2ddl.sas
  @li mp_ds2md.sas
  @li mp_getdbml.sas
  @li mp_init.sas
  @li mp_makedata.sas
  @li mp_zip.sas
 **/
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -1,43 +1,136 @@
 import path from 'path'
 import express, { ErrorRequestHandler } from 'express'
 import csrf from 'csurf'
 import session from 'express-session'
 import MongoStore from 'connect-mongo'
 import morgan from 'morgan'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
 import cors from 'cors'
 import helmet from 'helmet'
 import {
  connectDB,
  copySASjsCore,
-  getWebBuildFolderPath,
+  CorsType,
  getWebBuildFolder,
  HelmetCoepType,
  instantiateLogger,
  loadAppStreamConfig,
  ModeType,
  ProtocolType,
  ReturnCode,
  setProcessVariables,
-  setupFolders
+  setupFolders,
  verifyEnvVariables
 } from './utils'
 import { getEnvCSPDirectives } from './utils/parseHelmetConfig'
 dotenv.config()
 instantiateLogger()
 if (verifyEnvVariables()) process.exit(ReturnCode.InvalidEnv)
 const app = express()
-const { MODE, CORS, WHITELIST } = process.env
+app.use(cookieParser())
-if (MODE?.trim() !== 'server' || CORS?.trim() === 'enable') {
+const {
-  const whiteList: string[] = []
+  MODE,
-  WHITELIST?.split(' ')?.forEach((url) => {
+  CORS,
-    if (url.startsWith('http'))
+  WHITELIST,
-      // removing trailing slash of URLs listing for CORS
+  PROTOCOL,
-      whiteList.push(url.replace(/\/$/, ''))
+  HELMET_CSP_CONFIG_PATH,
  HELMET_COEP,
  LOG_FORMAT_MORGAN
 } = process.env
 app.use(morgan(LOG_FORMAT_MORGAN as string))
 export const cookieOptions = {
  secure: PROTOCOL === ProtocolType.HTTPS,
  httpOnly: true,
  maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
  HELMET_CSP_CONFIG_PATH
 )
 if (PROTOCOL === ProtocolType.HTTP)
  cspConfigJson['upgrade-insecure-requests'] = null
 /***********************************
 *         CSRF Protection         *
 ***********************************/
 export const csrfProtection = csrf({ cookie: cookieOptions })
 /***********************************
 *   Handle security and origin    *
 ***********************************/
 app.use(
  helmet({
    contentSecurityPolicy: {
      directives: {
        ...helmet.contentSecurityPolicy.getDefaultDirectives(),
        ...cspConfigJson
      }
    },
    crossOriginEmbedderPolicy: HELMET_COEP === HelmetCoepType.TRUE
  })
 )
 /***********************************
 *         Enabling CORS           *
 ***********************************/
 if (CORS === CorsType.ENABLED) {
  const whiteList: string[] = []
  WHITELIST?.split(' ')
    ?.filter((url) => !!url)
    .forEach((url) => {
      if (url.startsWith('http'))
        // removing trailing slash of URLs listing for CORS
        whiteList.push(url.replace(/\/$/, ''))
    })
  console.log('All CORS Requests are enabled for:', whiteList)
  app.use(cors({ credentials: true, origin: whiteList }))
 }
-app.use(cookieParser())
+/***********************************
-app.use(morgan('tiny'))
+ *         DB Connection &          *
 *        Express Sessions          *
 *        With Mongo Store          *
 ***********************************/
 if (MODE === ModeType.Server) {
  let store: MongoStore | undefined
  // NOTE: when exporting app.js as agent for supertest
  // we should exclude connecting to the real database
  if (process.env.NODE_ENV !== 'test') {
    const clientPromise = connectDB().then((conn) => conn!.getClient() as any)
    store = MongoStore.create({ clientPromise, collectionName: 'sessions' })
  }
  app.use(
    session({
      secret: process.env.SESSION_SECRET as string,
      saveUninitialized: false, // don't create session until something stored
      resave: false, //don't save session if unmodified
      store,
      cookie: cookieOptions
    })
  )
 }
 app.use(express.json({ limit: '100mb' }))
 app.use(express.static(path.join(__dirname, '../public')))
 const onError: ErrorRequestHandler = (err, req, res, next) => {
  if (err.code === 'EBADCSRFTOKEN')
    return res.status(400).send('Invalid CSRF token!')
  console.error(err.stack)
  res.status(500).send('Something broke!')
 }
@@ -55,10 +148,9 @@ export default setProcessVariables().then(async () => {
  // should be served after setting up web route
  // index.html needs to be injected with some js script.
-  app.use(express.static(getWebBuildFolderPath()))
+  app.use(express.static(getWebBuildFolder()))
  app.use(onError)
  await connectDB()
  return app
 })
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -1,10 +1,8 @@
 import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa'
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
 import { InfoJWT } from '../types'
 import {
  generateAccessToken,
  generateAuthCode,
  generateRefreshToken,
  removeTokensInDB,
  saveTokensInDB
@@ -24,20 +22,6 @@ export class AuthController {
  static deleteCode = (userId: number, clientId: string) =>
    delete AuthController.authCodes[userId][clientId]
  /**
   * @summary Accept a valid username/password, plus a CLIENT_ID, and return an AUTH_CODE
   *
   */
  @Example<AuthorizeResponse>({
    code: 'someRandomCryptoString'
  })
  @Post('/authorize')
  public async authorize(
    @Body() body: AuthorizePayload
  ): Promise<AuthorizeResponse> {
    return authorize(body)
  }
  /**
   * @summary Accepts client/auth code and returns access/refresh tokens
   *
@@ -78,30 +62,6 @@ export class AuthController {
  }
 }
 const authorize = async (data: any): Promise<AuthorizeResponse> => {
  const { username, password, clientId } = data
  // Authenticate User
  const user = await User.findOne({ username })
  if (!user) throw new Error('Username is not found.')
  const validPass = user.comparePassword(password)
  if (!validPass) throw new Error('Invalid password.')
  // generate authorization code against clientId
  const userInfo: InfoJWT = {
    clientId,
    userId: user.id
  }
  const code = AuthController.saveCode(
    user.id,
    clientId,
    generateAuthCode(userInfo)
  )
  return { code }
 }
 const token = async (data: any): Promise<TokenResponse> => {
  const { clientId, code } = data
@@ -139,32 +99,6 @@ const logout = async (userInfo: InfoJWT) => {
  await removeTokensInDB(userInfo.userId, userInfo.clientId)
 }
 interface AuthorizePayload {
  /**
   * Username for user
   * @example "secretuser"
   */
  username: string
  /**
   * Password for user
   * @example "secretpassword"
   */
  password: string
  /**
   * Client ID
   * @example "clientID1"
   */
  clientId: string
 }
 interface AuthorizeResponse {
  /**
   * Authorization code
   * @example "someRandomCryptoString"
   */
  code: string
 }
 interface TokenPayload {
  /**
   * Client ID
--- a/api/src/controllers/code.ts
+++ b/api/src/controllers/code.ts
@@ -1,9 +1,13 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
 import { ExecuteReturnJson, ExecutionController } from './internal'
 import { PreProgramVars } from '../types'
 import { ExecuteReturnJsonResponse } from '.'
-import { parseLogToArray } from '../utils'
+import {
  getPreProgramVariables,
  getUserAutoExec,
  ModeType,
  parseLogToArray
 } from '../utils'
 interface ExecuteSASCodePayload {
  /**
@@ -30,14 +34,23 @@ export class CodeController {
  }
 }
-const executeSASCode = async (req: any, { code }: ExecuteSASCodePayload) => {
+const executeSASCode = async (
  req: express.Request,
  { code }: ExecuteSASCodePayload
 ) => {
  const { user } = req
  const userAutoExec =
    process.env.MODE === ModeType.Server
      ? user?.autoExec
      : await getUserAutoExec()
  try {
    const { webout, log, httpHeaders } =
      (await new ExecutionController().executeProgram(
        code,
        getPreProgramVariables(req),
        { ...req.query, _debug: 131 },
-        undefined,
+        { userAutoExec },
        true
      )) as ExecuteReturnJson
@@ -56,16 +69,3 @@ const executeSASCode = async (req: any, { code }: ExecuteSASCodePayload) => {
    }
  }
 }
 const getPreProgramVariables = (req: any): PreProgramVars => {
  const host = req.get('host')
  const protocol = req.protocol + '://'
  const { user, accessToken } = req
  return {
    username: user.username,
    userId: user.userId,
    displayName: user.displayName,
    serverUrl: protocol + host,
    accessToken
  }
 }
--- a/api/src/controllers/drive.ts
+++ b/api/src/controllers/drive.ts
@@ -32,7 +32,7 @@ import {
 import { createFileTree, ExecutionController, getTreeExample } from './internal'
 import { TreeNode } from '../types'
-import { getTmpFilesFolderPath } from '../utils'
+import { getFilesFolder } from '../utils'
 interface DeployPayload {
  appLoc: string
@@ -96,7 +96,12 @@ export class DriveController {
  }
  /**
-   * @summary Creates/updates files within SASjs Drive using uploaded JSON file.
+   * Accepts JSON file and zipped compressed JSON file as well.
   * Compressed file should only contain one JSON file and should have same name
   * as of compressed file e.g. deploy.JSON should be compressed to deploy.JSON.zip
   * Any other file or JSON file in zipped will be ignored!
   *
   * @summary Creates/updates files within SASjs Drive using uploaded JSON/compressed JSON file.
   *
   */
  @Example<DeployResponse>(successDeployResponse)
@@ -214,12 +219,12 @@ const getFileTree = () => {
 }
 const deploy = async (data: DeployPayload) => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  const appLocParts = data.appLoc.replace(/^\//, '').split('/')
  const appLocPath = path
-    .join(getTmpFilesFolderPath(), ...appLocParts)
+    .join(getFilesFolder(), ...appLocParts)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!appLocPath.includes(driveFilesPath)) {
@@ -238,10 +243,10 @@ const deploy = async (data: DeployPayload) => {
 }
 const getFile = async (req: express.Request, filePath: string) => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  const filePathFull = path
-    .join(getTmpFilesFolderPath(), filePath)
+    .join(getFilesFolder(), filePath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!filePathFull.includes(driveFilesPath)) {
@@ -261,11 +266,11 @@ const getFile = async (req: express.Request, filePath: string) => {
 }
 const getFolder = async (folderPath?: string) => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  if (folderPath) {
    const folderPathFull = path
-      .join(getTmpFilesFolderPath(), folderPath)
+      .join(getFilesFolder(), folderPath)
      .replace(new RegExp('/', 'g'), path.sep)
    if (!folderPathFull.includes(driveFilesPath)) {
@@ -291,10 +296,10 @@ const getFolder = async (folderPath?: string) => {
 }
 const deleteFile = async (filePath: string) => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  const filePathFull = path
-    .join(getTmpFilesFolderPath(), filePath)
+    .join(getFilesFolder(), filePath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!filePathFull.includes(driveFilesPath)) {
@@ -314,7 +319,7 @@ const saveFile = async (
  filePath: string,
  multerFile: Express.Multer.File
 ): Promise<GetFileResponse> => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  const filePathFull = path
    .join(driveFilesPath, filePath)
@@ -339,7 +344,7 @@ const updateFile = async (
  filePath: string,
  multerFile: Express.Multer.File
 ): Promise<GetFileResponse> => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  const filePathFull = path
    .join(driveFilesPath, filePath)
--- a/api/src/controllers/group.ts
+++ b/api/src/controllers/group.ts
@@ -14,7 +14,7 @@ import Group, { GroupPayload } from '../model/Group'
 import User from '../model/User'
 import { UserResponse } from './user'
-interface GroupResponse {
+export interface GroupResponse {
  groupId: number
  name: string
  description: string
@@ -210,6 +210,9 @@ const updateUsersListInGroup = async (
  if (!updatedGroup) throw new Error('Unable to update group')
  if (action === 'addUser') user.addGroup(group._id)
  else user.removeGroup(group._id)
  return {
    groupId: updatedGroup.groupId,
    name: updatedGroup.name,
--- a/api/src/controllers/index.ts
+++ b/api/src/controllers/index.ts
@@ -3,6 +3,8 @@ export * from './client'
 export * from './code'
 export * from './drive'
 export * from './group'
 export * from './info'
 export * from './session'
 export * from './stp'
 export * from './user'
 export * from './web'
--- a/api/src/controllers/info.ts
+++ b/api/src/controllers/info.ts
@@ -0,0 +1,36 @@
 import { Route, Tags, Example, Get } from 'tsoa'
 export interface InfoResponse {
  mode: string
  cors: string
  whiteList: string[]
  protocol: string
 }
@Route('SASjsApi/info')
@Tags('Info')
 export class InfoController {
  /**
   * @summary Get server info (mode, cors, whiteList, protocol).
   *
   */
  @Example<InfoResponse>({
    mode: 'desktop',
    cors: 'enable',
    whiteList: ['http://example.com', 'http://example2.com'],
    protocol: 'http'
  })
  @Get('/')
  public info(): InfoResponse {
    const response = {
      mode: process.env.MODE ?? 'desktop',
      cors:
        process.env.CORS ||
        (process.env.MODE === 'server' ? 'disable' : 'enable'),
      whiteList:
        process.env.WHITELIST?.split(' ')?.filter((url) => !!url) ?? [],
      protocol: process.env.PROTOCOL ?? 'http'
    }
    return response
  }
 }
--- a/api/src/controllers/internal/Execution.ts
+++ b/api/src/controllers/internal/Execution.ts
@@ -12,8 +12,8 @@ import { PreProgramVars, Session, TreeNode } from '../../types'
 import {
  extractHeaders,
  generateFileUploadSasCode,
-  getTmpFilesFolderPath,
+  getFilesFolder,
-  getTmpMacrosPath,
+  getMacrosFolder,
  HTTPHeaders,
  isDebugOn
 } from '../../utils'
@@ -43,7 +43,7 @@ export class ExecutionController {
    session?: Session
  ) {
    if (!(await fileExists(programPath)))
-      throw 'ExecutionController: SAS file does not exist.'
+      throw `The Stored Program at (${vars._program}) does not exist, or you do not have permission to view it.`
    const program = await readFile(programPath)
@@ -75,12 +75,12 @@ export class ExecutionController {
    const logPath = path.join(session.path, 'log.log')
    const headersPath = path.join(session.path, 'stpsrv_header.txt')
    const weboutPath = path.join(session.path, 'webout.txt')
-    const tokenFile = path.join(session.path, 'accessToken.txt')
+    const tokenFile = path.join(session.path, 'reqHeaders.txt')
    await createFile(weboutPath, '')
    await createFile(
      tokenFile,
-      preProgramVariables?.accessToken ?? 'accessToken'
+      preProgramVariables?.httpHeaders.join('\n') ?? ''
    )
    const varStatments = Object.keys(vars).reduce(
@@ -110,7 +110,7 @@ export class ExecutionController {
 `
    program = `
-options insert=(SASAUTOS="${getTmpMacrosPath()}");
+options insert=(SASAUTOS="${getMacrosFolder()}");
 /* runtime vars */
 ${varStatments}
@@ -119,6 +119,10 @@ filename _webout "${weboutPath}" mod;
 /* dynamic user-provided vars */
 ${preProgramVarStatments}
 /* user autoexec starts */
 ${otherArgs?.userAutoExec ?? ''}
 /* user autoexec ends */
 /* actual job code */
 ${program}`
@@ -191,7 +195,7 @@ ${program}`
    const root: TreeNode = {
      name: 'files',
      relativePath: '',
-      absolutePath: getTmpFilesFolderPath(),
+      absolutePath: getFilesFolder(),
      children: []
    }
--- a/api/src/controllers/internal/FileUploadController.ts
+++ b/api/src/controllers/internal/FileUploadController.ts
@@ -1,14 +1,15 @@
 import { Request, RequestHandler } from 'express'
 import multer from 'multer'
 import { uuidv4 } from '@sasjs/utils'
 import { getSessionController } from '.'
 export class FileUploadController {
  private storage = multer.diskStorage({
-    destination: function (req: any, file: any, cb: any) {
+    destination: function (req: Request, file: any, cb: any) {
      //Sending the intercepted files to the sessions subfolder
-      cb(null, req.sasSession.path)
+      cb(null, req.sasSession?.path)
    },
-    filename: function (req: any, file: any, cb: any) {
+    filename: function (req: Request, file: any, cb: any) {
      //req_file prefix + unique hash added to sas request files
      cb(null, `req_file_${uuidv4().replace(/-/gm, '')}`)
    }
@@ -18,7 +19,7 @@ export class FileUploadController {
  //It will intercept request and generate unique uuid to be used as a subfolder name
  //that will store the files uploaded
-  public preUploadMiddleware = async (req: any, res: any, next: any) => {
+  public preUploadMiddleware: RequestHandler = async (req, res, next) => {
    let session
    const sessionController = getSessionController()
--- a/api/src/controllers/internal/Session.ts
+++ b/api/src/controllers/internal/Session.ts
@@ -3,7 +3,7 @@ import { Session } from '../../types'
 import { promisify } from 'util'
 import { execFile } from 'child_process'
 import {
-  getTmpSessionsFolderPath,
+  getSessionsFolder,
  generateUniqueFileName,
  sysInitCompiledPath
 } from '../../utils'
@@ -37,7 +37,7 @@ export class SessionController {
  private async createSession(): Promise<Session> {
    const sessionId = generateUniqueFileName(generateTimestamp())
-    const sessionFolder = path.join(getTmpSessionsFolderPath(), sessionId)
+    const sessionFolder = path.join(getSessionsFolder(), sessionId)
    const creationTimeStamp = sessionId.split('-').pop() as string
    // death time of session is 15 mins from creation
@@ -93,6 +93,8 @@ ${autoExecContent}`
      session.path,
      '-AUTOEXEC',
      autoExecPath,
      '-ENCODING',
      'UTF-8',
      process.platform === 'win32' ? '-nosplash' : ''
    ])
      .then(() => {
--- a/api/src/controllers/internal/deploy.ts
+++ b/api/src/controllers/internal/deploy.ts
@@ -1,5 +1,5 @@
 import path from 'path'
-import { getTmpFilesFolderPath } from '../../utils/file'
+import { getFilesFolder } from '../../utils/file'
 import {
  createFolder,
  createFile,
@@ -17,7 +17,7 @@ export const createFileTree = async (
  parentFolders: string[] = []
 ) => {
  const destinationPath = path.join(
-    getTmpFilesFolderPath(),
+    getFilesFolder(),
    path.join(...parentFolders)
  )
--- a/api/src/controllers/session.ts
+++ b/api/src/controllers/session.ts
@@ -23,8 +23,8 @@ export class SessionController {
  }
 }
-const session = (req: any) => ({
+const session = (req: express.Request) => ({
-  id: req.user.id,
+  id: req.user!.userId,
-  username: req.user.username,
+  username: req.user!.username,
-  displayName: req.user.displayName
+  displayName: req.user!.displayName
 })
--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -17,15 +17,16 @@ import {
  ExecutionController,
  ExecutionVars
 } from './internal'
 import { PreProgramVars } from '../types'
 import {
-  getTmpFilesFolderPath,
+  getPreProgramVariables,
  getFilesFolder,
  HTTPHeaders,
  isDebugOn,
  LogLine,
  makeFilesNamesMap,
  parseLogToArray
 } from '../utils'
 import { MulterFile } from '../types/Upload'
 interface ExecuteReturnJsonPayload {
  /**
@@ -132,7 +133,7 @@ const executeReturnRaw = async (
  const query = req.query as ExecutionVars
  const sasCodePath =
    path
-      .join(getTmpFilesFolderPath(), _program)
+      .join(getFilesFolder(), _program)
      .replace(new RegExp('/', 'g'), path.sep) + '.sas'
  try {
@@ -167,15 +168,17 @@ const executeReturnRaw = async (
 }
 const executeReturnJson = async (
-  req: any,
+  req: express.Request,
  _program: string
 ): Promise<ExecuteReturnJsonResponse> => {
  const sasCodePath =
    path
-      .join(getTmpFilesFolderPath(), _program)
+      .join(getFilesFolder(), _program)
      .replace(new RegExp('/', 'g'), path.sep) + '.sas'
-  const filesNamesMap = req.files?.length ? makeFilesNamesMap(req.files) : null
+  const filesNamesMap = req.files?.length
    ? makeFilesNamesMap(req.files as MulterFile[])
    : null
  try {
    const { webout, log, httpHeaders } =
@@ -210,16 +213,3 @@ const executeReturnJson = async (
    }
  }
 }
 const getPreProgramVariables = (req: any): PreProgramVars => {
  const host = req.get('host')
  const protocol = req.protocol + '://'
  const { user, accessToken } = req
  return {
    username: user.username,
    userId: user.userId,
    displayName: user.displayName,
    serverUrl: protocol + host,
    accessToken
  }
 }
--- a/api/src/controllers/user.ts
+++ b/api/src/controllers/user.ts
@@ -1,3 +1,4 @@
 import express from 'express'
 import {
  Security,
  Route,
@@ -10,10 +11,14 @@ import {
  Patch,
  Delete,
  Body,
-  Hidden
+  Hidden,
  Request
 } from 'tsoa'
 import { desktopUser } from '../middlewares'
 import User, { UserPayload } from '../model/User'
 import { getUserAutoExec, updateUserAutoExec, ModeType } from '../utils'
 import { GroupResponse } from './group'
 export interface UserResponse {
  id: number
@@ -27,6 +32,8 @@ interface UserDetailsResponse {
  username: string
  isActive: boolean
  isAdmin: boolean
  autoExec?: string
  groups?: GroupResponse[]
 }
@Security('bearerAuth')
@@ -73,13 +80,68 @@ export class UserController {
  }
  /**
   * Only Admin or user itself will get user autoExec code.
   * @summary Get user properties - such as group memberships, userName, displayName.
   * @param username The User's username
   * @example username "johnSnow01"
   */
  @Get('by/username/{username}')
  public async getUserByUsername(
    @Request() req: express.Request,
    @Path() username: string
  ): Promise<UserDetailsResponse> {
    const { MODE } = process.env
    if (MODE === ModeType.Desktop) return getDesktopAutoExec()
    const { user } = req
    const getAutoExec = user!.isAdmin || user!.username == username
    return getUser({ username }, getAutoExec)
  }
  /**
   * Only Admin or user itself will get user autoExec code.
   * @summary Get user properties - such as group memberships, userName, displayName.
   * @param userId The user's identifier
   * @example userId 1234
   */
  @Get('{userId}')
-  public async getUser(@Path() userId: number): Promise<UserDetailsResponse> {
+  public async getUser(
-    return getUser(userId)
+    @Request() req: express.Request,
    @Path() userId: number
  ): Promise<UserDetailsResponse> {
    const { MODE } = process.env
    if (MODE === ModeType.Desktop) return getDesktopAutoExec()
    const { user } = req
    const getAutoExec = user!.isAdmin || user!.userId == userId
    return getUser({ id: userId }, getAutoExec)
  }
  /**
   * @summary Update user properties - such as displayName. Can be performed either by admins, or the user in question.
   * @param username The User's username
   * @example username "johnSnow01"
   */
  @Example<UserDetailsResponse>({
    id: 1234,
    displayName: 'John Snow',
    username: 'johnSnow01',
    isAdmin: false,
    isActive: true
  })
  @Patch('by/username/{username}')
  public async updateUserByUsername(
    @Path() username: string,
    @Body() body: UserPayload
  ): Promise<UserDetailsResponse> {
    const { MODE } = process.env
    if (MODE === ModeType.Desktop)
      return updateDesktopAutoExec(body.autoExec ?? '')
    return updateUser({ username }, body)
  }
  /**
@@ -99,7 +161,26 @@ export class UserController {
    @Path() userId: number,
    @Body() body: UserPayload
  ): Promise<UserDetailsResponse> {
-    return updateUser(userId, body)
+    const { MODE } = process.env
    if (MODE === ModeType.Desktop)
      return updateDesktopAutoExec(body.autoExec ?? '')
    return updateUser({ id: userId }, body)
  }
  /**
   * @summary Delete a user. Can be performed either by admins, or the user in question.
   * @param username The User's username
   * @example username "johnSnow01"
   */
  @Delete('by/username/{username}')
  public async deleteUserByUsername(
    @Path() username: string,
    @Body() body: { password?: string },
    @Query() @Hidden() isAdmin: boolean = false
  ) {
    return deleteUser({ username }, isAdmin, body)
  }
  /**
@@ -113,7 +194,7 @@ export class UserController {
    @Body() body: { password?: string },
    @Query() @Hidden() isAdmin: boolean = false
  ) {
-    return deleteUser(userId, isAdmin, body)
+    return deleteUser({ id: userId }, isAdmin, body)
  }
 }
@@ -123,7 +204,7 @@ const getAllUsers = async (): Promise<UserResponse[]> =>
    .exec()
 const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
-  const { displayName, username, password, isAdmin, isActive } = data
+  const { displayName, username, password, isAdmin, isActive, autoExec } = data
  // Checking if user is already in the database
  const usernameExist = await User.findOne({ username })
@@ -138,7 +219,8 @@ const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
    username,
    password: hashPassword,
    isAdmin,
-    isActive
+    isActive,
    autoExec
  })
  const savedUser = await user.save()
@@ -148,38 +230,67 @@ const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
    displayName: savedUser.displayName,
    username: savedUser.username,
    isActive: savedUser.isActive,
-    isAdmin: savedUser.isAdmin
+    isAdmin: savedUser.isAdmin,
    autoExec: savedUser.autoExec
  }
 }
-const getUser = async (id: number): Promise<UserDetailsResponse> => {
+interface GetUserBy {
-  const user = await User.findOne({ id })
+  id?: number
-    .select({
+  username?: string
-      _id: 0,
+}
-      id: 1,
+
-      username: 1,
+const getUser = async (
-      displayName: 1,
+  findBy: GetUserBy,
-      isAdmin: 1,
+  getAutoExec: boolean
-      isActive: 1
+): Promise<UserDetailsResponse> => {
-    })
+  const user = (await User.findOne(
-    .exec()
+    findBy,
    `id displayName username isActive isAdmin autoExec -_id`
  ).populate(
    'groups',
    'groupId name description -_id'
  )) as unknown as UserDetailsResponse
  if (!user) throw new Error('User is not found.')
-  return user
+  return {
    id: user.id,
    displayName: user.displayName,
    username: user.username,
    isActive: user.isActive,
    isAdmin: user.isAdmin,
    autoExec: getAutoExec ? user.autoExec ?? '' : undefined,
    groups: user.groups
  }
 }
 const getDesktopAutoExec = async () => {
  return {
    ...desktopUser,
    id: desktopUser.userId,
    autoExec: await getUserAutoExec()
  }
 }
 const updateUser = async (
-  id: number,
+  findBy: GetUserBy,
-  data: UserPayload
+  data: Partial<UserPayload>
 ): Promise<UserDetailsResponse> => {
-  const { displayName, username, password, isAdmin, isActive } = data
+  const { displayName, username, password, isAdmin, isActive, autoExec } = data
-  const params: any = { displayName, isAdmin, isActive }
+  const params: any = { displayName, isAdmin, isActive, autoExec }
  if (username) {
    // Checking if user is already in the database
    const usernameExist = await User.findOne({ username })
-    if (usernameExist?.id != id) throw new Error('Username already exists.')
+    if (usernameExist) {
      if (
        (findBy.id && usernameExist.id != findBy.id) ||
        (findBy.username && usernameExist.username != findBy.username)
      )
        throw new Error('Username already exists.')
    }
    params.username = username
  }
@@ -188,27 +299,36 @@ const updateUser = async (
    params.password = User.hashPassword(password)
  }
-  const updatedUser = await User.findOneAndUpdate({ id }, params, { new: true })
+  const updatedUser = await User.findOneAndUpdate(findBy, params, { new: true })
    .select({
      _id: 0,
      id: 1,
      username: 1,
      displayName: 1,
      isAdmin: 1,
      isActive: 1
    })
    .exec()
  if (!updatedUser) throw new Error('Unable to update user')
-  return updatedUser
+  if (!updatedUser)
    throw new Error(`Unable to find user with ${findBy.id || findBy.username}`)
  return {
    id: updatedUser.id,
    username: updatedUser.username,
    displayName: updatedUser.displayName,
    isAdmin: updatedUser.isAdmin,
    isActive: updatedUser.isActive,
    autoExec: updatedUser.autoExec
  }
 }
 const updateDesktopAutoExec = async (autoExec: string) => {
  await updateUserAutoExec(autoExec)
  return {
    ...desktopUser,
    id: desktopUser.userId,
    autoExec
  }
 }
 const deleteUser = async (
-  id: number,
+  findBy: GetUserBy,
  isAdmin: boolean,
  { password }: { password?: string }
 ) => {
-  const user = await User.findOne({ id })
+  const user = await User.findOne(findBy)
  if (!user) throw new Error('User is not found.')
  if (!isAdmin) {
@@ -216,5 +336,5 @@ const deleteUser = async (
    if (!validPass) throw new Error('Invalid password.')
  }
-  await User.deleteOne({ id })
+  await User.deleteOne(findBy)
 }
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -0,0 +1,158 @@
 import path from 'path'
 import express from 'express'
 import { Request, Route, Tags, Post, Body, Get, Example } from 'tsoa'
 import { readFile } from '@sasjs/utils'
 import User from '../model/User'
 import Client from '../model/Client'
 import { getWebBuildFolder, generateAuthCode } from '../utils'
 import { InfoJWT } from '../types'
 import { AuthController } from './auth'
@Route('/')
@Tags('Web')
 export class WebController {
  /**
   * @summary Render index.html
   *
   */
  @Get('/')
  public async home() {
    return home()
  }
  /**
   * @summary Accept a valid username/password
   *
   */
  @Post('/SASLogon/login')
  public async login(
    @Request() req: express.Request,
    @Body() body: LoginPayload
  ) {
    return login(req, body)
  }
  /**
   * @summary Accept a valid username/password, plus a CLIENT_ID, and return an AUTH_CODE
   *
   */
  @Example<AuthorizeResponse>({
    code: 'someRandomCryptoString'
  })
  @Post('/SASLogon/authorize')
  public async authorize(
    @Request() req: express.Request,
    @Body() body: AuthorizePayload
  ): Promise<AuthorizeResponse> {
    return authorize(req, body.clientId)
  }
  /**
   * @summary Accept a valid username/password
   *
   */
  @Get('/logout')
  public async logout(@Request() req: express.Request) {
    return new Promise((resolve) => {
      req.session.destroy(() => {
        resolve(true)
      })
    })
  }
 }
 const home = async () => {
  const indexHtmlPath = path.join(getWebBuildFolder(), 'index.html')
  // Attention! Cannot use fileExists here,
  // due to limitation after building executable
  const content = await readFile(indexHtmlPath)
  return content
 }
 const login = async (
  req: express.Request,
  { username, password }: LoginPayload
 ) => {
  // Authenticate User
  const user = await User.findOne({ username })
  if (!user) throw new Error('Username is not found.')
  const validPass = user.comparePassword(password)
  if (!validPass) throw new Error('Invalid password.')
  req.session.loggedIn = true
  req.session.user = {
    userId: user.id,
    clientId: 'web_app',
    username: user.username,
    displayName: user.displayName,
    isAdmin: user.isAdmin,
    isActive: user.isActive,
    autoExec: user.autoExec
  }
  return {
    loggedIn: true,
    user: {
      id: user.id,
      username: user.username,
      displayName: user.displayName
    }
  }
 }
 const authorize = async (
  req: express.Request,
  clientId: string
 ): Promise<AuthorizeResponse> => {
  const userId = req.session.user?.userId
  if (!userId) throw new Error('Invalid userId.')
  const client = await Client.findOne({ clientId })
  if (!client) throw new Error('Invalid clientId.')
  // generate authorization code against clientId
  const userInfo: InfoJWT = {
    clientId,
    userId
  }
  const code = AuthController.saveCode(
    userId,
    clientId,
    generateAuthCode(userInfo)
  )
  return { code }
 }
 interface LoginPayload {
  /**
   * Username for user
   * @example "secretuser"
   */
  username: string
  /**
   * Password for user
   * @example "secretpassword"
   */
  password: string
 }
 interface AuthorizePayload {
  /**
   * Client ID
   * @example "clientID1"
   */
  clientId: string
 }
 interface AuthorizeResponse {
  /**
   * Authorization code
   * @example "someRandomCryptoString"
   */
  code: string
 }
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -1,7 +1,36 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
-import { verifyTokenInDB } from '../utils'
+import { csrfProtection } from '../app'
 import { fetchLatestAutoExec, ModeType, verifyTokenInDB } from '../utils'
 import { desktopUser } from './desktop'
 export const authenticateAccessToken: RequestHandler = async (
  req,
  res,
  next
 ) => {
  const { MODE } = process.env
  if (MODE === ModeType.Desktop) {
    req.user = desktopUser
    return next()
  }
  // if request is coming from web and has valid session
  // it can be validated.
  if (req.session?.loggedIn) {
    if (req.session.user) {
      const user = await fetchLatestAutoExec(req.session.user)
      if (user) {
        if (user.isActive) {
          req.user = user
          return csrfProtection(req, res, next)
        } else return res.sendStatus(401)
      }
    }
    return res.sendStatus(401)
  }
 export const authenticateAccessToken = (req: any, res: any, next: any) => {
  authenticateToken(
    req,
    res,
@@ -11,7 +40,7 @@ export const authenticateAccessToken = (req: any, res: any, next: any) => {
  )
 }
-export const authenticateRefreshToken = (req: any, res: any, next: any) => {
+export const authenticateRefreshToken: RequestHandler = (req, res, next) => {
  authenticateToken(
    req,
    res,
@@ -22,16 +51,16 @@ export const authenticateRefreshToken = (req: any, res: any, next: any) => {
 }
 const authenticateToken = (
-  req: any,
+  req: Request,
-  res: any,
+  res: Response,
-  next: any,
+  next: NextFunction,
  key: string,
  tokenType: 'accessToken' | 'refreshToken'
 ) => {
  const { MODE } = process.env
  if (MODE?.trim() !== 'server') {
    req.user = {
-      userId: '1234',
+      userId: 1234,
      clientId: 'desktopModeClientId',
      username: 'desktopModeUsername',
      displayName: 'desktopModeDisplayName',
@@ -43,9 +72,7 @@ const authenticateToken = (
  }
  const authHeader = req.headers['authorization']
-  const token =
+  const token = authHeader?.split(' ')[1]
    authHeader?.split(' ')[1] ??
    (tokenType === 'accessToken' ? req.cookies.accessToken : '')
  if (!token) return res.sendStatus(401)
  jwt.verify(token, key, async (err: any, data: any) => {
--- a/api/src/middlewares/desktop.ts
+++ b/api/src/middlewares/desktop.ts
@@ -1,18 +1,37 @@
-export const desktopRestrict = (req: any, res: any, next: any) => {
+import { RequestHandler, Request } from 'express'
 import { userInfo } from 'os'
 import { RequestUser } from '../types'
 import { ModeType } from '../utils'
 const regexUser = /^\/SASjsApi\/user\/[0-9]*$/ // /SASjsApi/user/1
 const allowedInDesktopMode: { [key: string]: RegExp[] } = {
  GET: [regexUser],
  PATCH: [regexUser]
 }
 const reqAllowedInDesktopMode = (request: Request): boolean => {
  const { method, originalUrl: url } = request
  return !!allowedInDesktopMode[method]?.find((urlRegex) => urlRegex.test(url))
 }
 export const desktopRestrict: RequestHandler = (req, res, next) => {
  const { MODE } = process.env
-  if (MODE?.trim() !== 'server')
+
-    return res.status(403).send('Not Allowed while in Desktop Mode.')
+  if (MODE === ModeType.Desktop) {
    if (!reqAllowedInDesktopMode(req))
      return res.status(403).send('Not Allowed while in Desktop Mode.')
  }
  next()
 }
 export const desktopUsername = (req: any, res: any, next: any) => {
  const { MODE } = process.env
  if (MODE?.trim() !== 'server')
    return res.status(200).send({
      userId: 12345,
      username: 'DESKTOPusername',
      displayName: 'DESKTOP User'
    })
-  next()
+export const desktopUser: RequestUser = {
  userId: 12345,
  clientId: 'desktop_app',
  username: userInfo().username,
  displayName: userInfo().username,
  isAdmin: true,
  isActive: true
 }
--- a/api/src/middlewares/multer.ts
+++ b/api/src/middlewares/multer.ts
@@ -1,13 +1,13 @@
 import path from 'path'
 import { Request } from 'express'
 import multer, { FileFilterCallback, Options } from 'multer'
-import { blockFileRegex, getTmpUploadsPath } from '../utils'
+import { blockFileRegex, getUploadsFolder } from '../utils'
 const fieldNameSize = 300
 const fileSize = 104857600 // 100 MB
 const storage = multer.diskStorage({
-  destination: getTmpUploadsPath(),
+  destination: getUploadsFolder(),
  filename: function (
    _req: Request,
    file: Express.Multer.File,
--- a/api/src/middlewares/verifyAdmin.ts
+++ b/api/src/middlewares/verifyAdmin.ts
@@ -1,4 +1,6 @@
-export const verifyAdmin = (req: any, res: any, next: any) => {
+import { RequestHandler } from 'express'
 export const verifyAdmin: RequestHandler = (req, res, next) => {
  const { MODE } = process.env
  if (MODE?.trim() !== 'server') return next()
--- a/api/src/middlewares/verifyAdminIfNeeded.ts
+++ b/api/src/middlewares/verifyAdminIfNeeded.ts
@@ -1,9 +1,22 @@
-export const verifyAdminIfNeeded = (req: any, res: any, next: any) => {
+import { RequestHandler } from 'express'
  const { user } = req
  const userId = parseInt(req.params.userId)
-  if (!user.isAdmin && user.userId !== userId) {
+// This middleware checks if a non-admin user trying to
-    return res.status(401).send('Admin account required')
+// access information of other user
 export const verifyAdminIfNeeded: RequestHandler = (req, res, next) => {
  const { user } = req
  if (!user?.isAdmin) {
    let adminAccountRequired: boolean = true
    if (req.params.userId) {
      adminAccountRequired = user?.userId !== parseInt(req.params.userId)
    } else if (req.params.username) {
      adminAccountRequired = user?.username !== req.params.username
    }
    if (adminAccountRequired)
      return res.status(401).send('Admin account required')
  }
  next()
 }
--- a/api/src/model/User.ts
+++ b/api/src/model/User.ts
@@ -27,18 +27,26 @@ export interface UserPayload {
   * @example "true"
   */
  isActive?: boolean
  /**
   * User-specific auto-exec code
   * @example ""
   */
  autoExec?: string
 }
 interface IUserDocument extends UserPayload, Document {
  id: number
  isAdmin: boolean
  isActive: boolean
  autoExec: string
  groups: Schema.Types.ObjectId[]
  tokens: [{ [key: string]: string }]
 }
 interface IUser extends IUserDocument {
  comparePassword(password: string): boolean
  addGroup(groupObjectId: Schema.Types.ObjectId): Promise<IUser>
  removeGroup(groupObjectId: Schema.Types.ObjectId): Promise<IUser>
 }
 interface IUserModel extends Model<IUser> {
  hashPassword(password: string): string
@@ -66,6 +74,9 @@ const userSchema = new Schema<IUserDocument>({
    type: Boolean,
    default: true
  },
  autoExec: {
    type: String
  },
  groups: [{ type: Schema.Types.ObjectId, ref: 'Group' }],
  tokens: [
    {
@@ -97,6 +108,28 @@ userSchema.method('comparePassword', function (password: string): boolean {
  if (bcrypt.compareSync(password, this.password)) return true
  return false
 })
 userSchema.method(
  'addGroup',
  async function (groupObjectId: Schema.Types.ObjectId) {
    const groupIdIndex = this.groups.indexOf(groupObjectId)
    if (groupIdIndex === -1) {
      this.groups.push(groupObjectId)
    }
    this.markModified('groups')
    return this.save()
  }
 )
 userSchema.method(
  'removeGroup',
  async function (groupObjectId: Schema.Types.ObjectId) {
    const groupIdIndex = this.groups.indexOf(groupObjectId)
    if (groupIdIndex > -1) {
      this.groups.splice(groupIdIndex, 1)
    }
    this.markModified('groups')
    return this.save()
  }
 )
 export const User: IUserModel = model<IUser, IUserModel>('User', userSchema)
--- a/api/src/routes/api/auth.ts
+++ b/api/src/routes/api/auth.ts
@@ -1,46 +1,24 @@
 import express from 'express'
 import { AuthController } from '../../controllers/'
 import Client from '../../model/Client'
 import {
  authenticateAccessToken,
  authenticateRefreshToken
 } from '../../middlewares'
-import {
+import { authorizeValidation, tokenValidation } from '../../utils'
  authorizeValidation,
  getDesktopFields,
  tokenValidation
 } from '../../utils'
 import { InfoJWT } from '../../types'
 const authRouter = express.Router()
 const controller = new AuthController()
-const clientIDs = new Set()
+authRouter.post('/token', async (req, res) => {
-
+  const { error, value: body } = tokenValidation(req.body)
 export const populateClients = async () => {
  const result = await Client.find()
  clientIDs.clear()
  result.forEach((r) => {
    clientIDs.add(r.clientId)
  })
 }
 authRouter.post('/authorize', async (req, res) => {
  const { error, value: body } = authorizeValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  const { clientId } = body
  // Verify client ID
  if (!clientIDs.has(clientId)) {
    return res.status(403).send('Invalid clientId.')
  }
  const controller = new AuthController()
  try {
-    const response = await controller.authorize(body)
+    const response = await controller.token(body)
    res.send(response)
  } catch (err: any) {
@@ -48,25 +26,12 @@ authRouter.post('/authorize', async (req, res) => {
  }
 })
-authRouter.post('/token', async (req, res) => {
+authRouter.post('/refresh', authenticateRefreshToken, async (req, res) => {
-  const { error, value: body } = tokenValidation(req.body)
+  const userInfo: InfoJWT = {
-  if (error) return res.status(400).send(error.details[0].message)
+    userId: req.user!.userId!,
-
+    clientId: req.user!.clientId!
  const controller = new AuthController()
  try {
    const response = await controller.token(body)
    const { accessToken } = response
    res.cookie('accessToken', accessToken).send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
  const userInfo: InfoJWT = req.user
  const controller = new AuthController()
  try {
    const response = await controller.refresh(userInfo)
@@ -76,10 +41,12 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
  }
 })
-authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => {
+authRouter.delete('/logout', authenticateAccessToken, async (req, res) => {
-  const userInfo: InfoJWT = req.user
+  const userInfo: InfoJWT = {
    userId: req.user!.userId!,
    clientId: req.user!.clientId!
  }
  const controller = new AuthController()
  try {
    await controller.logout(userInfo)
  } catch (e) {}
--- a/api/src/routes/api/drive.ts
+++ b/api/src/routes/api/drive.ts
@@ -7,9 +7,12 @@ import { multerSingle } from '../../middlewares/multer'
 import { DriveController } from '../../controllers/'
 import {
  deployValidation,
  extractJSONFromZip,
  extractName,
  fileBodyValidation,
  fileParamValidation,
-  folderParamValidation
+  folderParamValidation,
  isZipFile
 } from '../../utils'
 const controller = new DriveController()
@@ -49,7 +52,24 @@ driveRouter.post(
  async (req, res) => {
    if (!req.file) return res.status(400).send('"file" is not present.')
-    const fileContent = await readFile(req.file.path)
+    let fileContent: string = ''
    const { value: zipFile } = isZipFile(req.file)
    if (zipFile) {
      fileContent = await extractJSONFromZip(zipFile)
      const fileInZip = extractName(zipFile.originalname)
      if (!fileContent) {
        deleteFile(req.file.path)
        return res
          .status(400)
          .send(
            `No content present in ${fileInZip} of compressed file ${zipFile.originalname}`
          )
      }
    } else {
      fileContent = await readFile(req.file.path)
    }
    let jsonContent
    try {
--- a/api/src/routes/api/group.ts
+++ b/api/src/routes/api/group.ts
@@ -33,12 +33,12 @@ groupRouter.get('/', authenticateAccessToken, async (req, res) => {
  }
 })
-groupRouter.get('/:groupId', authenticateAccessToken, async (req: any, res) => {
+groupRouter.get('/:groupId', authenticateAccessToken, async (req, res) => {
  const { groupId } = req.params
  const controller = new GroupController()
  try {
-    const response = await controller.getGroup(groupId)
+    const response = await controller.getGroup(parseInt(groupId))
    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
@@ -49,12 +49,15 @@ groupRouter.post(
  '/:groupId/:userId',
  authenticateAccessToken,
  verifyAdmin,
-  async (req: any, res) => {
+  async (req, res) => {
    const { groupId, userId } = req.params
    const controller = new GroupController()
    try {
-      const response = await controller.addUserToGroup(groupId, userId)
+      const response = await controller.addUserToGroup(
        parseInt(groupId),
        parseInt(userId)
      )
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
@@ -66,12 +69,15 @@ groupRouter.delete(
  '/:groupId/:userId',
  authenticateAccessToken,
  verifyAdmin,
-  async (req: any, res) => {
+  async (req, res) => {
    const { groupId, userId } = req.params
    const controller = new GroupController()
    try {
-      const response = await controller.removeUserFromGroup(groupId, userId)
+      const response = await controller.removeUserFromGroup(
        parseInt(groupId),
        parseInt(userId)
      )
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
@@ -83,12 +89,12 @@ groupRouter.delete(
  '/:groupId',
  authenticateAccessToken,
  verifyAdmin,
-  async (req: any, res) => {
+  async (req, res) => {
    const { groupId } = req.params
    const controller = new GroupController()
    try {
-      await controller.deleteGroup(groupId)
+      await controller.deleteGroup(parseInt(groupId))
      res.status(200).send('Group Deleted!')
    } catch (err: any) {
      res.status(403).send(err.toString())
--- a/api/src/routes/api/index.ts
+++ b/api/src/routes/api/index.ts
@@ -5,10 +5,10 @@ import swaggerUi from 'swagger-ui-express'
 import {
  authenticateAccessToken,
  desktopRestrict,
  desktopUsername,
  verifyAdmin
 } from '../../middlewares'
 import infoRouter from './info'
 import driveRouter from './drive'
 import stpRouter from './stp'
 import codeRouter from './code'
@@ -20,7 +20,8 @@ import sessionRouter from './session'
 const router = express.Router()
-router.use('/session', desktopUsername, authenticateAccessToken, sessionRouter)
+router.use('/info', infoRouter)
 router.use('/session', authenticateAccessToken, sessionRouter)
 router.use('/auth', desktopRestrict, authRouter)
 router.use(
  '/client',
@@ -34,12 +35,22 @@ router.use('/group', desktopRestrict, groupRouter)
 router.use('/stp', authenticateAccessToken, stpRouter)
 router.use('/code', authenticateAccessToken, codeRouter)
 router.use('/user', desktopRestrict, userRouter)
 router.use(
  '/',
  swaggerUi.serve,
  swaggerUi.setup(undefined, {
    swaggerOptions: {
-      url: '/swagger.yaml'
+      url: '/swagger.yaml',
      requestInterceptor: (request: any) => {
        request.credentials = 'include'
        const cookie = document.cookie
        const startIndex = cookie.indexOf('XSRF-TOKEN')
        const csrf = cookie.slice(startIndex + 11).split('; ')[0]
        request.headers['X-XSRF-TOKEN'] = csrf
        return request
      }
    }
  })
 )
--- a/api/src/routes/api/info.ts
+++ b/api/src/routes/api/info.ts
@@ -0,0 +1,16 @@
 import express from 'express'
 import { InfoController } from '../../controllers'
 const infoRouter = express.Router()
 infoRouter.get('/', async (req, res) => {
  const controller = new InfoController()
  try {
    const response = controller.info()
    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 export default infoRouter
--- a/api/src/routes/api/spec/auth.spec.ts
+++ b/api/src/routes/api/spec/auth.spec.ts
@@ -8,7 +8,6 @@ import {
  ClientController,
  AuthController
 } from '../../../controllers/'
 import { populateClients } from '../auth'
 import { InfoJWT } from '../../../types'
 import {
  generateAccessToken,
@@ -18,11 +17,6 @@ import {
  verifyTokenInDB
 } from '../../../utils'
 let app: Express
 appPromise.then((_app) => {
  app = _app
 })
 const clientId = 'someclientID'
 const clientSecret = 'someclientSecret'
 const user = {
@@ -35,16 +29,18 @@ const user = {
 }
 describe('auth', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  const userController = new UserController()
  const clientController = new ClientController()
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
    await clientController.createClient({ clientId, clientSecret })
    await populateClients()
  })
  afterAll(async () => {
@@ -53,114 +49,6 @@ describe('auth', () => {
    await mongoServer.stop()
  })
  describe('authorize', () => {
    afterEach(async () => {
      const collections = mongoose.connection.collections
      const collection = collections['users']
      await collection.deleteMany({})
    })
    it('should respond with authorization code', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          username: user.username,
          password: user.password,
          clientId
        })
        .expect(200)
      expect(res.body).toHaveProperty('code')
    })
    it('should respond with Bad Request if username is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          password: user.password,
          clientId
        })
        .expect(400)
      expect(res.text).toEqual(`"username" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if password is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          username: user.username,
          clientId
        })
        .expect(400)
      expect(res.text).toEqual(`"password" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if clientId is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          username: user.username,
          password: user.password
        })
        .expect(400)
      expect(res.text).toEqual(`"clientId" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Forbidden if username is incorrect', async () => {
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          username: user.username,
          password: user.password,
          clientId
        })
        .expect(403)
      expect(res.text).toEqual('Error: Username is not found.')
      expect(res.body).toEqual({})
    })
    it('should respond with Forbidden if password is incorrect', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          username: user.username,
          password: 'WrongPassword',
          clientId
        })
        .expect(403)
      expect(res.text).toEqual('Error: Invalid password.')
      expect(res.body).toEqual({})
    })
    it('should respond with Forbidden if clientId is incorrect', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASjsApi/auth/authorize')
        .send({
          username: user.username,
          password: user.password,
          clientId: 'WrongClientID'
        })
        .expect(403)
      expect(res.text).toEqual('Invalid clientId.')
      expect(res.body).toEqual({})
    })
  })
  describe('token', () => {
    const userInfo: InfoJWT = {
      clientId,
--- a/api/src/routes/api/spec/client.spec.ts
+++ b/api/src/routes/api/spec/client.spec.ts
@@ -6,11 +6,6 @@ import appPromise from '../../../app'
 import { UserController, ClientController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 let app: Express
 appPromise.then((_app) => {
  app = _app
 })
 const client = {
  clientId: 'someclientID',
  clientSecret: 'someclientSecret'
@@ -28,12 +23,15 @@ const newClient = {
 }
 describe('client', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  const userController = new UserController()
  const clientController = new ClientController()
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
  })
--- a/api/src/routes/api/spec/drive.spec.ts
+++ b/api/src/routes/api/spec/drive.spec.ts
@@ -3,6 +3,7 @@ import { Express } from 'express'
 import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import AdmZip from 'adm-zip'
 import {
  folderExists,
@@ -21,22 +22,17 @@ import * as fileUtilModules from '../../../utils/file'
 const timestamp = generateTimestamp()
 const tmpFolder = path.join(process.cwd(), `tmp-${timestamp}`)
 jest
-  .spyOn(fileUtilModules, 'getTmpFolderPath')
+  .spyOn(fileUtilModules, 'getSasjsRootFolder')
  .mockImplementation(() => tmpFolder)
 jest
-  .spyOn(fileUtilModules, 'getTmpUploadsPath')
+  .spyOn(fileUtilModules, 'getUploadsFolder')
  .mockImplementation(() => path.join(tmpFolder, 'uploads'))
 import appPromise from '../../../app'
 import { UserController } from '../../../controllers/'
 import { getTreeExample } from '../../../controllers/internal'
 import { generateAccessToken, saveTokensInDB } from '../../../utils/'
-const { getTmpFilesFolderPath } = fileUtilModules
+const { getFilesFolder } = fileUtilModules
 let app: Express
 appPromise.then((_app) => {
  app = _app
 })
 const clientId = 'someclientID'
 const user = {
@@ -48,6 +44,7 @@ const user = {
 }
 describe('drive', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  const controller = new UserController()
@@ -55,6 +52,8 @@ describe('drive', () => {
  let accessToken: string
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
@@ -74,11 +73,52 @@ describe('drive', () => {
  })
  describe('deploy', () => {
-    const shouldFailAssertion = async (payload: any) => {
+    const makeRequest = async (payload: any, type: string = 'payload') => {
-      const res = await request(app)
+      const requestUrl =
-        .post('/SASjsApi/drive/deploy')
+        type === 'payload'
-        .auth(accessToken, { type: 'bearer' })
+          ? '/SASjsApi/drive/deploy'
-        .send({ appLoc: '/Public', fileTree: payload })
+          : '/SASjsApi/drive/deploy/upload'
      if (type === 'payload') {
        return await request(app)
          .post(requestUrl)
          .auth(accessToken, { type: 'bearer' })
          .send({ appLoc: '/Public', fileTree: payload })
      }
      if (type === 'file') {
        const deployContents = JSON.stringify({
          appLoc: '/Public',
          fileTree: payload
        })
        return await request(app)
          .post(requestUrl)
          .auth(accessToken, { type: 'bearer' })
          .attach('file', Buffer.from(deployContents), 'deploy.json')
      } else {
        const deployContents = JSON.stringify({
          appLoc: '/Public',
          fileTree: payload
        })
        const zip = new AdmZip()
        // add file directly
        zip.addFile(
          'deploy.json',
          Buffer.from(deployContents, 'utf8'),
          'entry comment goes here'
        )
        return await request(app)
          .post(requestUrl)
          .auth(accessToken, { type: 'bearer' })
          .attach('file', zip.toBuffer(), 'deploy.json.zip')
      }
    }
    const shouldFailAssertion = async (
      payload: any,
      type: string = 'payload'
    ) => {
      const res = await makeRequest(payload, type)
      expect(res.statusCode).toEqual(400)
@@ -159,10 +199,10 @@ describe('drive', () => {
      expect(res.text).toEqual(
        '{"status":"success","message":"Files deployed successfully to @sasjs/server."}'
      )
-      await expect(folderExists(getTmpFilesFolderPath())).resolves.toEqual(true)
+      await expect(folderExists(getFilesFolder())).resolves.toEqual(true)
      const testJobFolder = path.join(
-        getTmpFilesFolderPath(),
+        getFilesFolder(),
        'public',
        'jobs',
        'extract'
@@ -176,7 +216,241 @@ describe('drive', () => {
      await expect(readFile(testJobFile)).resolves.toEqual(exampleService.code)
-      await deleteFolder(path.join(getTmpFilesFolderPath(), 'public'))
+      await deleteFolder(path.join(getFilesFolder(), 'public'))
    })
    describe('upload', () => {
      it('should respond with payload example if valid JSON file was not provided', async () => {
        await shouldFailAssertion(null, 'file')
        await shouldFailAssertion(undefined, 'file')
        await shouldFailAssertion('data', 'file')
        await shouldFailAssertion({}, 'file')
        await shouldFailAssertion(
          {
            userId: 1,
            title: 'test is cool'
          },
          'file'
        )
        await shouldFailAssertion(
          {
            membersWRONG: []
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: {}
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                nameWRONG: 'jobs',
                type: 'folder',
                members: []
              }
            ]
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'WRONG',
                members: []
              }
            ]
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'folder',
                members: [
                  {
                    name: 'extract',
                    type: 'folder',
                    members: [
                      {
                        name: 'makedata1',
                        type: 'service',
                        codeWRONG: '%put Hello World!;'
                      }
                    ]
                  }
                ]
              }
            ]
          },
          'file'
        )
      })
      it('should successfully deploy if valid JSON file was provided', async () => {
        const deployContents = JSON.stringify({
          appLoc: '/public',
          fileTree: getTreeExample()
        })
        const res = await request(app)
          .post('/SASjsApi/drive/deploy/upload')
          .auth(accessToken, { type: 'bearer' })
          .attach('file', Buffer.from(deployContents), 'deploy.json')
        expect(res.statusCode).toEqual(200)
        expect(res.text).toEqual(
          '{"status":"success","message":"Files deployed successfully to @sasjs/server."}'
        )
        await expect(folderExists(getFilesFolder())).resolves.toEqual(true)
        const testJobFolder = path.join(
          getFilesFolder(),
          'public',
          'jobs',
          'extract'
        )
        await expect(folderExists(testJobFolder)).resolves.toEqual(true)
        const exampleService = getExampleService()
        const testJobFile =
          path.join(testJobFolder, exampleService.name) + '.sas'
        await expect(fileExists(testJobFile)).resolves.toEqual(true)
        await expect(readFile(testJobFile)).resolves.toEqual(
          exampleService.code
        )
        await deleteFolder(path.join(getFilesFolder(), 'public'))
      })
    })
    describe('upload - zipped', () => {
      it('should respond with payload example if valid Zipped file was not provided', async () => {
        await shouldFailAssertion(null, 'zip')
        await shouldFailAssertion(undefined, 'zip')
        await shouldFailAssertion('data', 'zip')
        await shouldFailAssertion({}, 'zip')
        await shouldFailAssertion(
          {
            userId: 1,
            title: 'test is cool'
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            membersWRONG: []
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: {}
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                nameWRONG: 'jobs',
                type: 'folder',
                members: []
              }
            ]
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'WRONG',
                members: []
              }
            ]
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'folder',
                members: [
                  {
                    name: 'extract',
                    type: 'folder',
                    members: [
                      {
                        name: 'makedata1',
                        type: 'service',
                        codeWRONG: '%put Hello World!;'
                      }
                    ]
                  }
                ]
              }
            ]
          },
          'zip'
        )
      })
      it('should successfully deploy if valid Zipped file was provided', async () => {
        const deployContents = JSON.stringify({
          appLoc: '/public',
          fileTree: getTreeExample()
        })
        const zip = new AdmZip()
        // add file directly
        zip.addFile(
          'deploy.json',
          Buffer.from(deployContents, 'utf8'),
          'entry comment goes here'
        )
        const res = await request(app)
          .post('/SASjsApi/drive/deploy/upload')
          .auth(accessToken, { type: 'bearer' })
          .attach('file', zip.toBuffer(), 'deploy.json.zip')
        expect(res.statusCode).toEqual(200)
        expect(res.text).toEqual(
          '{"status":"success","message":"Files deployed successfully to @sasjs/server."}'
        )
        await expect(folderExists(getFilesFolder())).resolves.toEqual(true)
        const testJobFolder = path.join(
          getFilesFolder(),
          'public',
          'jobs',
          'extract'
        )
        await expect(folderExists(testJobFolder)).resolves.toEqual(true)
        const exampleService = getExampleService()
        const testJobFile =
          path.join(testJobFolder, exampleService.name) + '.sas'
        await expect(fileExists(testJobFile)).resolves.toEqual(true)
        await expect(readFile(testJobFile)).resolves.toEqual(
          exampleService.code
        )
        await deleteFolder(path.join(getFilesFolder(), 'public'))
      })
    })
  })
@@ -194,7 +468,7 @@ describe('drive', () => {
      })
      it('should get a SAS folder on drive having _folderPath as query param', async () => {
-        const pathToDrive = fileUtilModules.getTmpFilesFolderPath()
+        const pathToDrive = fileUtilModules.getFilesFolder()
        const dirLevel1 = 'level1'
        const dirLevel2 = 'level2'
@@ -269,10 +543,7 @@ describe('drive', () => {
        const fileToCopyPath = path.join(__dirname, 'files', 'sample.sas')
        const filePath = '/my/path/code.sas'
-        const pathToCopy = path.join(
+        const pathToCopy = path.join(fileUtilModules.getFilesFolder(), filePath)
          fileUtilModules.getTmpFilesFolderPath(),
          filePath
        )
        await copy(fileToCopyPath, pathToCopy)
        const res = await request(app)
@@ -335,7 +606,7 @@ describe('drive', () => {
        const pathToUpload = `/my/path/code-${generateTimestamp()}.sas`
        const pathToCopy = path.join(
-          fileUtilModules.getTmpFilesFolderPath(),
+          fileUtilModules.getFilesFolder(),
          pathToUpload
        )
        await copy(fileToAttachPath, pathToCopy)
@@ -447,7 +718,7 @@ describe('drive', () => {
        const pathToUpload = '/my/path/code.sas'
        const pathToCopy = path.join(
-          fileUtilModules.getTmpFilesFolderPath(),
+          fileUtilModules.getFilesFolder(),
          pathToUpload
        )
        await copy(fileToAttachPath, pathToCopy)
@@ -469,7 +740,7 @@ describe('drive', () => {
        const pathToUpload = '/my/path/code.sas'
        const pathToCopy = path.join(
-          fileUtilModules.getTmpFilesFolderPath(),
+          fileUtilModules.getFilesFolder(),
          pathToUpload
        )
        await copy(fileToAttachPath, pathToCopy)
@@ -605,10 +876,7 @@ describe('drive', () => {
        const fileToCopyContent = await readFile(fileToCopyPath)
        const filePath = '/my/path/code.sas'
-        const pathToCopy = path.join(
+        const pathToCopy = path.join(fileUtilModules.getFilesFolder(), filePath)
          fileUtilModules.getTmpFilesFolderPath(),
          filePath
        )
        await copy(fileToCopyPath, pathToCopy)
        const res = await request(app)
--- a/api/src/routes/api/spec/group.spec.ts
+++ b/api/src/routes/api/spec/group.spec.ts
@@ -6,11 +6,6 @@ import appPromise from '../../../app'
 import { UserController, GroupController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 let app: Express
 appPromise.then((_app) => {
  app = _app
 })
 const clientId = 'someclientID'
 const adminUser = {
  displayName: 'Test Admin',
@@ -36,11 +31,14 @@ const userController = new UserController()
 const groupController = new GroupController()
 describe('group', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  let adminAccessToken: string
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
--- a/api/src/routes/api/spec/info.spec.ts
+++ b/api/src/routes/api/spec/info.spec.ts
@@ -0,0 +1,20 @@
 import { Express } from 'express'
 import request from 'supertest'
 import appPromise from '../../../app'
 describe('Info', () => {
  let app: Express
  beforeAll(async () => {
    app = await appPromise
  })
  it('should should return configured information of the server instance', async () => {
    const res = await request(app).get('/SASjsApi/info').expect(200)
    expect(res.body.mode).toEqual('server')
    expect(res.body.cors).toEqual('disable')
    expect(res.body.whiteList).toEqual([])
    expect(res.body.protocol).toEqual('http')
  })
 })
--- a/api/src/routes/api/spec/user.spec.ts
+++ b/api/src/routes/api/spec/user.spec.ts
@@ -3,37 +3,36 @@ import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
-import { UserController } from '../../../controllers/'
+import { UserController, GroupController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 let app: Express
 appPromise.then((_app) => {
  app = _app
 })
 const clientId = 'someclientID'
 const adminUser = {
  displayName: 'Test Admin',
-  username: 'testAdminUsername',
+  username: 'testadminusername',
  password: '12345678',
  isAdmin: true,
  isActive: true
 }
 const user = {
  displayName: 'Test User',
-  username: 'testUsername',
+  username: 'testusername',
  password: '87654321',
  isAdmin: false,
-  isActive: true
+  isActive: true,
  autoExec: 'some sas code for auto exec;'
 }
 const controller = new UserController()
 describe('user', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
  })
@@ -66,6 +65,21 @@ describe('user', () => {
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
    })
    it('should respond with new user having username as lowercase', async () => {
      const res = await request(app)
        .post('/SASjsApi/user')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({ ...user, username: user.username.toUpperCase() })
        .expect(200)
      expect(res.body.username).toEqual(user.username)
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
    })
    it('should respond with Unauthorized if access token is not present', async () => {
@@ -244,7 +258,7 @@ describe('user', () => {
      const dbUser1 = await controller.createUser(user)
      const dbUser2 = await controller.createUser({
        ...user,
-        username: 'randomUser'
+        username: 'randomuser'
      })
      const res = await request(app)
@@ -256,6 +270,102 @@ describe('user', () => {
      expect(res.text).toEqual('Error: Username already exists.')
      expect(res.body).toEqual({})
    })
    describe('by username', () => {
      it('should respond with updated user when admin user requests', async () => {
        const dbUser = await controller.createUser(user)
        const newDisplayName = 'My new display Name'
        const res = await request(app)
          .patch(`/SASjsApi/user/by/username/${user.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send({ ...user, displayName: newDisplayName })
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(newDisplayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
      })
      it('should respond with updated user when user himself requests', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const newDisplayName = 'My new display Name'
        const res = await request(app)
          .patch(`/SASjsApi/user/by/username/${user.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({
            displayName: newDisplayName,
            username: user.username,
            password: user.password
          })
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(newDisplayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
      })
      it('should respond with Bad Request, only admin can update isAdmin/isActive', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const newDisplayName = 'My new display Name'
        await request(app)
          .patch(`/SASjsApi/user/by/username/${user.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ ...user, displayName: newDisplayName })
          .expect(400)
      })
      it('should respond with Unauthorized if access token is not present', async () => {
        const res = await request(app)
          .patch('/SASjsApi/user/by/username/1234')
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Unauthorized when access token is not of an admin account or himself', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
          username: 'randomUser'
        })
        const accessToken = await generateAndSaveToken(dbUser2.id)
        const res = await request(app)
          .patch(`/SASjsApi/user/${dbUser1.id}`)
          .auth(accessToken, { type: 'bearer' })
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Admin account required')
        expect(res.body).toEqual({})
      })
      it('should respond with Forbidden if username is already present', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
          username: 'randomuser'
        })
        const res = await request(app)
          .patch(`/SASjsApi/user/by/username/${dbUser1.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send({ username: dbUser2.username })
          .expect(403)
        expect(res.text).toEqual('Error: Username already exists.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('delete', () => {
@@ -349,6 +459,89 @@ describe('user', () => {
      expect(res.text).toEqual('Error: Invalid password.')
      expect(res.body).toEqual({})
    })
    describe('by username', () => {
      it('should respond with OK when admin user requests', async () => {
        const dbUser = await controller.createUser(user)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body).toEqual({})
      })
      it('should respond with OK when user himself requests', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ password: user.password })
          .expect(200)
        expect(res.body).toEqual({})
      })
      it('should respond with Bad Request when user himself requests and password is missing', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(400)
        expect(res.text).toEqual(`"password" is required`)
        expect(res.body).toEqual({})
      })
      it('should respond with Unauthorized when access token is not present', async () => {
        const res = await request(app)
          .delete('/SASjsApi/user/by/username/RandomUsername')
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Unauthorized when access token is not of an admin account or himself', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
          username: 'randomUser'
        })
        const accessToken = await generateAndSaveToken(dbUser2.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser1.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Admin account required')
        expect(res.body).toEqual({})
      })
      it('should respond with Forbidden when user himself requests and password is incorrect', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ password: 'incorrectpassword' })
          .expect(403)
        expect(res.text).toEqual('Error: Invalid password.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('get', () => {
@@ -362,7 +555,26 @@ describe('user', () => {
      await deleteAllUsers()
    })
-    it('should respond with user', async () => {
+    it('should respond with user autoExec when same user requests', async () => {
      const dbUser = await controller.createUser(user)
      const userId = dbUser.id
      const accessToken = await generateAndSaveToken(userId)
      const res = await request(app)
        .get(`/SASjsApi/user/${userId}`)
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body.username).toEqual(user.username)
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
      expect(res.body.groups).toEqual([])
    })
    it('should respond with user autoExec when admin user requests', async () => {
      const dbUser = await controller.createUser(user)
      const userId = dbUser.id
@@ -376,6 +588,8 @@ describe('user', () => {
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
      expect(res.body.groups).toEqual([])
    })
    it('should respond with user when access token is not of an admin account', async () => {
@@ -397,6 +611,35 @@ describe('user', () => {
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toBeUndefined()
      expect(res.body.groups).toEqual([])
    })
    it('should respond with user along with associated groups', async () => {
      const dbUser = await controller.createUser(user)
      const userId = dbUser.id
      const accessToken = await generateAndSaveToken(userId)
      const group = {
        name: 'DCGroup1',
        description: 'DC group for testing purposes.'
      }
      const groupController = new GroupController()
      const dbGroup = await groupController.createGroup(group)
      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
      const res = await request(app)
        .get(`/SASjsApi/user/${userId}`)
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body.username).toEqual(user.username)
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
      expect(res.body.groups.length).toBeGreaterThan(0)
    })
    it('should respond with Unauthorized if access token is not present', async () => {
@@ -421,6 +664,86 @@ describe('user', () => {
      expect(res.text).toEqual('Error: User is not found.')
      expect(res.body).toEqual({})
    })
    describe('by username', () => {
      it('should respond with user autoExec when same user requests', async () => {
        const dbUser = await controller.createUser(user)
        const userId = dbUser.id
        const accessToken = await generateAndSaveToken(userId)
        const res = await request(app)
          .get(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(user.displayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
        expect(res.body.autoExec).toEqual(user.autoExec)
      })
      it('should respond with user autoExec when admin user requests', async () => {
        const dbUser = await controller.createUser(user)
        const res = await request(app)
          .get(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(user.displayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
        expect(res.body.autoExec).toEqual(user.autoExec)
      })
      it('should respond with user when access token is not of an admin account', async () => {
        const accessToken = await generateSaveTokenAndCreateUser({
          ...user,
          username: 'randomUser'
        })
        const dbUser = await controller.createUser(user)
        const res = await request(app)
          .get(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(user.displayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
        expect(res.body.autoExec).toBeUndefined()
      })
      it('should respond with Unauthorized if access token is not present', async () => {
        const res = await request(app)
          .get('/SASjsApi/user/by/username/randomUsername')
          .send()
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Forbidden if username is incorrect', async () => {
        await controller.createUser(user)
        const res = await request(app)
          .get('/SASjsApi/user/by/username/randomUsername')
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(403)
        expect(res.text).toEqual('Error: User is not found.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('getAll', () => {
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -0,0 +1,182 @@
 import { Express } from 'express'
 import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
 import { UserController, ClientController } from '../../../controllers/'
 const clientId = 'someclientID'
 const clientSecret = 'someclientSecret'
 const user = {
  id: 1234,
  displayName: 'Test User',
  username: 'testusername',
  password: '87654321',
  isAdmin: false,
  isActive: true
 }
 describe('web', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  const userController = new UserController()
  const clientController = new ClientController()
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
    await clientController.createClient({ clientId, clientSecret })
  })
  afterAll(async () => {
    await con.connection.dropDatabase()
    await con.connection.close()
    await mongoServer.stop()
  })
  describe('home', () => {
    it('should respond with CSRF Token', async () => {
      await request(app)
        .get('/')
        .expect(
          'set-cookie',
          /_csrf=.*; Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=.*; Path=\//
        )
    })
  })
  describe('SASLogon/login', () => {
    let csrfToken: string
    let cookies: string
    beforeAll(async () => {
      ;({ csrfToken, cookies } = await getCSRF(app))
    })
    afterEach(async () => {
      const collections = mongoose.connection.collections
      const collection = collections['users']
      await collection.deleteMany({})
    })
    it('should respond with successful login', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASLogon/login')
        .set('Cookie', cookies)
        .set('x-xsrf-token', csrfToken)
        .send({
          username: user.username,
          password: user.password
        })
        .expect(200)
      expect(res.body.loggedIn).toBeTruthy()
      expect(res.body.user).toEqual({
        id: expect.any(Number),
        username: user.username,
        displayName: user.displayName
      })
    })
  })
  describe('SASLogon/authorize', () => {
    let csrfToken: string
    let cookies: string
    let authCookies: string
    beforeAll(async () => {
      ;({ csrfToken, cookies } = await getCSRF(app))
      await userController.createUser(user)
      const credentials = {
        username: user.username,
        password: user.password
      }
      ;({ cookies: authCookies } = await performLogin(
        app,
        credentials,
        cookies,
        csrfToken
      ))
    })
    afterAll(async () => {
      const collections = mongoose.connection.collections
      const collection = collections['users']
      await collection.deleteMany({})
    })
    it('should respond with authorization code', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
        .set('Cookie', [authCookies, cookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({ clientId })
      expect(res.body).toHaveProperty('code')
    })
    it('should respond with Bad Request if clientId is missing', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
        .set('Cookie', [authCookies, cookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({})
        .expect(400)
      expect(res.text).toEqual(`"clientId" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Forbidden if clientId is incorrect', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
        .set('Cookie', [authCookies, cookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({
          clientId: 'WrongClientID'
        })
        .expect(403)
      expect(res.text).toEqual('Error: Invalid clientId.')
      expect(res.body).toEqual({})
    })
  })
 })
 const getCSRF = async (app: Express) => {
  // make request to get CSRF
  const { header } = await request(app).get('/')
  const cookies = header['set-cookie'].join()
  const csrfToken = extractCSRF(cookies)
  return { csrfToken, cookies }
 }
 const performLogin = async (
  app: Express,
  credentials: { username: string; password: string },
  cookies: string,
  csrfToken: string
 ) => {
  const { header } = await request(app)
    .post('/SASLogon/login')
    .set('Cookie', cookies)
    .set('x-xsrf-token', csrfToken)
    .send(credentials)
  const newCookies: string = header['set-cookie'].join()
  return { cookies: newCookies }
 }
 const extractCSRF = (cookies: string) =>
  /_csrf=(.*); Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=(.*); Path=\//.exec(
    cookies
  )![2]
--- a/api/src/routes/api/stp.ts
+++ b/api/src/routes/api/stp.ts
@@ -34,7 +34,7 @@ stpRouter.post(
  '/execute',
  fileUploadController.preUploadMiddleware,
  fileUploadController.getMulterUploadObject().any(),
-  async (req: any, res: any) => {
+  async (req, res: any) => {
    const { error: errQ, value: query } = executeProgramRawValidation(req.query)
    const { error: errB, value: body } = executeProgramRawValidation(req.body)
@@ -47,10 +47,11 @@ stpRouter.post(
        query?._program
      )
-      if (response instanceof Buffer) {
+      // TODO: investigate if this code is required
-        res.writeHead(200, (req as any).sasHeaders)
+      // if (response instanceof Buffer) {
-        return res.end(response)
+      //   res.writeHead(200, (req as any).sasHeaders)
-      }
+      //   return res.end(response)
      // }
      res.send(response)
    } catch (err: any) {
--- a/api/src/routes/api/user.ts
+++ b/api/src/routes/api/user.ts
@@ -7,6 +7,7 @@ import {
 } from '../../middlewares'
 import {
  deleteUserValidation,
  getUserValidation,
  registerUserValidation,
  updateUserValidation
 } from '../../utils'
@@ -36,12 +37,31 @@ userRouter.get('/', authenticateAccessToken, async (req, res) => {
  }
 })
-userRouter.get('/:userId', authenticateAccessToken, async (req: any, res) => {
+userRouter.get(
  '/by/username/:username',
  authenticateAccessToken,
  async (req, res) => {
    const { error, value: params } = getUserValidation(req.params)
    if (error) return res.status(400).send(error.details[0].message)
    const { username } = params
    const controller = new UserController()
    try {
      const response = await controller.getUserByUsername(req, username)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 userRouter.get('/:userId', authenticateAccessToken, async (req, res) => {
  const { userId } = req.params
  const controller = new UserController()
  try {
-    const response = await controller.getUser(userId)
+    const response = await controller.getUser(req, parseInt(userId))
    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
@@ -49,20 +69,26 @@ userRouter.get('/:userId', authenticateAccessToken, async (req: any, res) => {
 })
 userRouter.patch(
-  '/:userId',
+  '/by/username/:username',
  authenticateAccessToken,
  verifyAdminIfNeeded,
-  async (req: any, res) => {
+  async (req, res) => {
    const { user } = req
-    const { userId } = req.params
+    const { error: errorUsername, value: params } = getUserValidation(
      req.params
    )
    if (errorUsername)
      return res.status(400).send(errorUsername.details[0].message)
    const { username } = params
    // only an admin can update `isActive` and `isAdmin` fields
-    const { error, value: body } = updateUserValidation(req.body, user.isAdmin)
+    const { error, value: body } = updateUserValidation(req.body, user!.isAdmin)
    if (error) return res.status(400).send(error.details[0].message)
    const controller = new UserController()
    try {
-      const response = await controller.updateUser(userId, body)
+      const response = await controller.updateUserByUsername(username, body)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
@@ -70,21 +96,71 @@ userRouter.patch(
  }
 )
 userRouter.patch(
  '/:userId',
  authenticateAccessToken,
  verifyAdminIfNeeded,
  async (req, res) => {
    const { user } = req
    const { userId } = req.params
    // only an admin can update `isActive` and `isAdmin` fields
    const { error, value: body } = updateUserValidation(req.body, user!.isAdmin)
    if (error) return res.status(400).send(error.details[0].message)
    const controller = new UserController()
    try {
      const response = await controller.updateUser(parseInt(userId), body)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 userRouter.delete(
  '/by/username/:username',
  authenticateAccessToken,
  verifyAdminIfNeeded,
  async (req, res) => {
    const { user } = req
    const { error: errorUsername, value: params } = getUserValidation(
      req.params
    )
    if (errorUsername)
      return res.status(400).send(errorUsername.details[0].message)
    const { username } = params
    // only an admin can delete user without providing password
    const { error, value: data } = deleteUserValidation(req.body, user!.isAdmin)
    if (error) return res.status(400).send(error.details[0].message)
    const controller = new UserController()
    try {
      await controller.deleteUserByUsername(username, data, user!.isAdmin)
      res.status(200).send('Account Deleted!')
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 userRouter.delete(
  '/:userId',
  authenticateAccessToken,
  verifyAdminIfNeeded,
-  async (req: any, res) => {
+  async (req, res) => {
    const { user } = req
    const { userId } = req.params
    // only an admin can delete user without providing password
-    const { error, value: data } = deleteUserValidation(req.body, user.isAdmin)
+    const { error, value: data } = deleteUserValidation(req.body, user!.isAdmin)
    if (error) return res.status(400).send(error.details[0].message)
    const controller = new UserController()
    try {
-      await controller.deleteUser(userId, data, user.isAdmin)
+      await controller.deleteUser(parseInt(userId), data, user!.isAdmin)
      res.status(200).send('Account Deleted!')
    } catch (err: any) {
      res.status(403).send(err.toString())
--- a/api/src/routes/appStream/appStreamHtml.ts
+++ b/api/src/routes/appStream/appStreamHtml.ts
@@ -1,5 +1,4 @@
 import { AppStreamConfig } from '../../types'
 import { script } from './script'
 import { style } from './style'
 const defaultAppLogo = '/sasjs-logo.svg'
@@ -24,13 +23,21 @@ export const appStreamHtml = (appStreamConfig: AppStreamConfig) => `
    ${style}
  </head>
  <body>
-    <h1>App Stream</h1>
+    <header>
      <a href="/"><img src="/logo.png" alt="logo" class="logo"></a>
      <h1>App Stream</h1>
    </header>
    <div class="app-container">
-      ${Object.entries(appStreamConfig)
+        ${Object.entries(appStreamConfig)
-        .map(([streamServiceName, entry]) =>
+          .map(([streamServiceName, entry]) =>
-          singleAppStreamHtml(streamServiceName, entry.appLoc, entry.streamLogo)
+            singleAppStreamHtml(
-        )
+              streamServiceName,
-        .join('')}
+              entry.appLoc,
              entry.streamLogo
            )
          )
          .join('')}
        <a class="app" title="Upload build.json">
          <input id="fileId" type="file" hidden />
          <button id="uploadButton" style="margin-bottom: 5px; cursor: pointer">
@@ -39,6 +46,7 @@ export const appStreamHtml = (appStreamConfig: AppStreamConfig) => `
          <span id="uploadMessage">Upload New App</span>
        </a>
    </div>
-    ${script}
+    <script src="/axios.min.js"></script>
    <script src="/app-streams-script.js"></script>
  </body>
 </html>`
--- a/api/src/routes/appStream/index.ts
+++ b/api/src/routes/appStream/index.ts
@@ -1,15 +1,19 @@
 import path from 'path'
-import express from 'express'
+import express, { Request } from 'express'
 import { folderExists } from '@sasjs/utils'
-import { addEntryToAppStreamConfig, getTmpFilesFolderPath } from '../../utils'
+import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
 import { appStreamHtml } from './appStreamHtml'
 const appStreams: { [key: string]: string } = {}
 const router = express.Router()
-router.get('/', async (_, res) => {
+router.get('/', async (req, res) => {
  const content = appStreamHtml(process.appStreamConfig)
  res.cookie('XSRF-TOKEN', req.csrfToken())
  return res.send(content)
 })
@@ -20,7 +24,7 @@ export const publishAppStream = async (
  streamLogo?: string,
  addEntryToFile: boolean = true
 ) => {
-  const driveFilesPath = getTmpFilesFolderPath()
+  const driveFilesPath = getFilesFolder()
  const appLocParts = appLoc.replace(/^\//, '')?.split('/')
  const appLocPath = path.join(driveFilesPath, ...appLocParts)
@@ -42,7 +46,7 @@ export const publishAppStream = async (
      streamServiceName = `AppStreamName${appCount + 1}`
    }
-    router.use(`/${streamServiceName}`, express.static(pathToDeployment))
+    appStreams[streamServiceName] = pathToDeployment
    addEntryToAppStreamConfig(
      streamServiceName,
@@ -62,4 +66,26 @@ export const publishAppStream = async (
  return {}
 }
 router.get(`/*`, function (req: Request, res, next) {
  const reqPath = req.path.replace(/^\//, '')
  // Redirecting to url with trailing slash for appStream base URL only
  if (reqPath.split('/').length === 1 && !reqPath.endsWith('/'))
    // navigating to same url with slash at start
    return res.redirect(301, `${reqPath}/`)
  const appStream = reqPath.split('/')[0]
  const appStreamFilesPath = appStreams[appStream]
  if (appStreamFilesPath) {
    // resourcePath is without appStream base path
    const resourcePath = reqPath.split('/').slice(1).join('/') || 'index.html'
    req.url = resourcePath
    return express.static(appStreamFilesPath)(req, res, next)
  }
  return res.send("There's no App Stream available here.")
 })
 export default router
--- a/api/src/routes/appStream/script.ts
+++ b/api/src/routes/appStream/script.ts
@@ -1,58 +0,0 @@
 export const script = `<script>
  const inputElement = document.getElementById('fileId')
  document
    .getElementById('uploadButton')
    .addEventListener('click', function () {
      inputElement.click()
    })
  inputElement.addEventListener(
    'change',
    function () {
      const fileList = this.files /* now you can work with the file list */
      updateFileUploadMessage('Requesting ...')
      const file = fileList[0]
      const formData = new FormData()
      formData.append('file', file)
      fetch('/SASjsApi/drive/deploy/upload', {
        method: 'POST',
        body: formData
      })
        .then(async (res) => {
          const { status, ok } = res
          if (status === 200 && ok) {
            const data = await res.json()
            return (
              data.message +
              '\\nstreamServiceName: ' +
              data.streamServiceName +
              '\\nrefreshing page once alert box closes.'
            )
          }
          throw await res.text()
        })
        .then((message) => {
          alert(message)
          location.reload()
        })
        .catch((error) => {
          alert(error)
          resetFileUpload()
          updateFileUploadMessage('Upload New App')
        })
    },
    false
  )
  function updateFileUploadMessage(message) {
    document.getElementById('uploadMessage').innerHTML = message
  }
  function resetFileUpload() {
    inputElement.value = null
  }
 </script>`
--- a/api/src/routes/appStream/style.ts
+++ b/api/src/routes/appStream/style.ts
@@ -5,18 +5,71 @@ export const style = `<style>
 .app-container {
  display: flex;
  flex-wrap: wrap;
-  align-items: baseline;
+  align-items: center;
  justify-content: center;
  padding-top: 50px;
 }
 .app-container .app {
  width: 150px;
  height: 180px;
  margin: 10px;
  overflow: hidden;
  text-align: center;
  text-decoration: none;
  color: black;
  background: #efefef;
  padding: 10px;
  border-radius: 7px;
  border: 1px solid #d7d7d7;
 }
 .app-container .app img{
  width: 100%;
  margin-bottom: 10px;
  border-radius: 10px;
 }
 #uploadButton {
  border: 0
 }
 #uploadButton:focus {
  outline: 0
 }
 #uploadMessage {
  position: relative;
  bottom: -5px;
 }
 header {
  transition: box-shadow 300ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;
  box-shadow: rgb(0 0 0 / 20%) 0px 2px 4px -1px, rgb(0 0 0 / 14%) 0px 4px 5px 0px, rgb(0 0 0 / 12%) 0px 1px 10px 0px;
  display: flex;
  width: 100%;
  box-sizing: border-box;
  flex-shrink: 0;
  position: fixed;
  top: 0px;
  left: auto;
  right: 0px;
  background-color: rgb(0, 0, 0);
  color: rgb(255, 255, 255);
  z-index: 1201;
 }
 header h1 {
  margin: 13px;
  font-size: 20px;
 }
 header a {
  align-self: center;
 }
 header .logo {
  width: 35px;
  margin-left: 10px;
  align-self: center;
 }
 </style>`
--- a/api/src/routes/setupRoutes.ts
+++ b/api/src/routes/setupRoutes.ts
@@ -4,13 +4,16 @@ import webRouter from './web'
 import apiRouter from './api'
 import appStreamRouter from './appStream'
 import { csrfProtection } from '../app'
 export const setupRoutes = (app: Express) => {
  app.use('/', webRouter)
  app.use('/SASjsApi', apiRouter)
-  app.use('/AppStream', function (req, res, next) {
+  app.use('/AppStream', csrfProtection, function (req, res, next) {
    // this needs to be a function to hook on
    // whatever the current router is
    appStreamRouter(req, res, next)
  })
  app.use('/', csrfProtection, webRouter)
 }
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -1,34 +1,60 @@
 import { readFile } from '@sasjs/utils'
 import express from 'express'
-import path from 'path'
+import { WebController } from '../../controllers/web'
-import { getWebBuildFolderPath } from '../../utils'
+import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
 const webRouter = express.Router()
 const controller = new WebController()
-const codeToInject = `
+webRouter.get('/', async (req, res) => {
-<script>
+  let response
  localStorage.setItem('accessToken', JSON.stringify('accessToken'))
  localStorage.setItem('refreshToken', JSON.stringify('refreshToken'))
 </script>`
 webRouter.get('/', async (_, res) => {
  let content: string
  try {
-    const indexHtmlPath = path.join(getWebBuildFolderPath(), 'index.html')
+    response = await controller.home()
    content = await readFile(indexHtmlPath)
  } catch (_) {
-    return res.send('Web Build is not present')
+    response = 'Web Build is not present'
  } finally {
    res.cookie('XSRF-TOKEN', req.csrfToken())
    return res.send(response)
  }
 })
-  const { MODE } = process.env
+webRouter.post('/SASLogon/login', desktopRestrict, async (req, res) => {
-  if (MODE?.trim() !== 'server') {
+  const { error, value: body } = loginWebValidation(req.body)
-    const injectedContent = content.replace('</head>', `${codeToInject}</head>`)
+  if (error) return res.status(400).send(error.details[0].message)
-    res.setHeader('Content-Type', 'text/html')
+  try {
-    return res.send(injectedContent)
+    const response = await controller.login(req, body)
    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
-  return res.send(content)
+webRouter.post(
  '/SASLogon/authorize',
  desktopRestrict,
  authenticateAccessToken,
  async (req, res) => {
    const { error, value: body } = authorizeValidation(req.body)
    if (error) return res.status(400).send(error.details[0].message)
    try {
      const response = await controller.authorize(req, body)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 webRouter.get('/logout', desktopRestrict, async (req, res) => {
  try {
    await controller.logout(req)
    res.status(200).send('OK!')
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 export default webRouter
--- a/api/src/types/PreProgramVars.ts
+++ b/api/src/types/PreProgramVars.ts
@@ -3,5 +3,5 @@ export interface PreProgramVars {
  userId: number
  displayName: string
  serverUrl: string
-  accessToken: string
+  httpHeaders: string[]
 }
--- a/api/src/types/Process.d.ts
+++ b/api/src/types/Process.d.ts
@@ -1,8 +0,0 @@
 declare namespace NodeJS {
  export interface Process {
    sasLoc: string
    driveLoc: string
    sessionController?: import('../controllers/internal').SessionController
    appStreamConfig: import('./').AppStreamConfig
  }
 }
--- a/api/src/types/Request.ts
+++ b/api/src/types/Request.ts
@@ -1,17 +0,0 @@
 import { MacroVars } from '@sasjs/utils'
 export interface ExecutionQuery {
  _program: string
  macroVars?: MacroVars
  _debug?: number
 }
 export interface FileQuery {
  filePath: string
 }
 export const isExecutionQuery = (arg: any): arg is ExecutionQuery =>
  arg && !Array.isArray(arg) && typeof arg._program === 'string'
 export const isFileQuery = (arg: any): arg is FileQuery =>
  arg && !Array.isArray(arg) && typeof arg.filePath === 'string'
--- a/api/src/types/RequestUser.ts
+++ b/api/src/types/RequestUser.ts
@@ -0,0 +1,9 @@
 export interface RequestUser {
  userId: number
  clientId: string
  username: string
  displayName: string
  isAdmin: boolean
  isActive: boolean
  autoExec?: string
 }
--- a/api/src/types/index.ts
+++ b/api/src/types/index.ts
@@ -3,6 +3,6 @@ export * from './AppStreamConfig'
 export * from './Execution'
 export * from './InfoJWT'
 export * from './PreProgramVars'
 export * from './Request'
 export * from './Session'
 export * from './TreeNode'
 export * from './RequestUser'
--- a/api/src/types/system/express-session.d.ts
+++ b/api/src/types/system/express-session.d.ts
@@ -0,0 +1,7 @@
 import express from 'express'
 declare module 'express-session' {
  interface SessionData {
    loggedIn: boolean
    user: import('../').RequestUser
  }
 }
--- a/api/src/types/system/express.d.ts
+++ b/api/src/types/system/express.d.ts
@@ -0,0 +1,7 @@
 declare namespace Express {
  export interface Request {
    accessToken?: string
    user?: import('../').RequestUser
    sasSession?: import('../').Session
  }
 }
--- a/api/src/types/system/global.d.ts
+++ b/api/src/types/system/global.d.ts
@@ -0,0 +1 @@
 import 'jest-extended'
--- a/api/src/types/system/process.d.ts
+++ b/api/src/types/system/process.d.ts
@@ -0,0 +1,9 @@
 declare namespace NodeJS {
  export interface Process {
    sasLoc: string
    driveLoc: string
    sessionController?: import('../../controllers/internal').SessionController
    appStreamConfig: import('../').AppStreamConfig
    logger: import('@sasjs/utils/logger').Logger
  }
 }
--- a/api/src/utils/appStreamConfig.ts
+++ b/api/src/utils/appStreamConfig.ts
@@ -2,12 +2,12 @@ import { createFile, fileExists, readFile } from '@sasjs/utils'
 import { publishAppStream } from '../routes/appStream'
 import { AppStreamConfig } from '../types'
-import { getTmpAppStreamConfigPath } from './file'
+import { getAppStreamConfigPath } from './file'
 export const loadAppStreamConfig = async () => {
  if (process.env.NODE_ENV === 'test') return
-  const appStreamConfigPath = getTmpAppStreamConfigPath()
+  const appStreamConfigPath = getAppStreamConfigPath()
  const content = (await fileExists(appStreamConfigPath))
    ? await readFile(appStreamConfigPath)
@@ -63,7 +63,7 @@ export const removeEntryFromAppStreamConfig = (streamServiceName: string) => {
 }
 const saveAppStreamConfig = async () => {
-  const appStreamConfigPath = getTmpAppStreamConfigPath()
+  const appStreamConfigPath = getAppStreamConfigPath()
  try {
    await createFile(
--- a/api/src/utils/connectDB.ts
+++ b/api/src/utils/connectDB.ts
@@ -1,25 +1,15 @@
 import mongoose from 'mongoose'
-import { populateClients } from '../routes/api/auth'
+import { seedDB } from './seedDB'
 export const connectDB = async () => {
-  // NOTE: when exporting app.js as agent for supertest
+  try {
-  // we should exclude connecting to the real database
+    await mongoose.connect(process.env.DB_CONNECT as string)
-  if (process.env.NODE_ENV === 'test') {
+  } catch (err) {
-    return
+    throw new Error('Unable to connect to DB!')
  } else {
    const { MODE } = process.env
    if (MODE?.trim() !== 'server') {
      console.log('Running in Destop Mode, no DB to connect.')
      return
    }
    mongoose.connect(process.env.DB_CONNECT as string, async (err) => {
      if (err) throw err
      console.log('Connected to db!')
      await populateClients()
    })
  }
  console.log('Connected to DB!')
  await seedDB()
  return mongoose.connection
 }
--- a/api/src/utils/copySASjsCore.ts
+++ b/api/src/utils/copySASjsCore.ts
@@ -7,14 +7,14 @@ import {
  readFile
 } from '@sasjs/utils'
-import { getTmpMacrosPath, sasJSCoreMacros, sasJSCoreMacrosInfo } from '.'
+import { getMacrosFolder, sasJSCoreMacros, sasJSCoreMacrosInfo } from '.'
 export const copySASjsCore = async () => {
  if (process.env.NODE_ENV === 'test') return
  console.log('Copying Macros from container to drive(tmp).')
-  const macrosDrivePath = getTmpMacrosPath()
+  const macrosDrivePath = getMacrosFolder()
  await deleteFolder(macrosDrivePath)
  await createFolder(macrosDrivePath)
--- a/api/src/utils/desktopAutoExec.ts
+++ b/api/src/utils/desktopAutoExec.ts
@@ -0,0 +1,8 @@
 import { createFile, readFile } from '@sasjs/utils'
 import { getDesktopUserAutoExecPath } from './file'
 export const getUserAutoExec = async (): Promise<string> =>
  readFile(getDesktopUserAutoExecPath())
 export const updateUserAutoExec = async (autoExecContent: string) =>
  createFile(getDesktopUserAutoExecPath(), autoExecContent)
--- a/api/src/utils/extractName.ts
+++ b/api/src/utils/extractName.ts
@@ -0,0 +1,6 @@
 import path from 'path'
 export const extractName = (filePath: string) => {
  const extension = path.extname(filePath)
  return path.basename(filePath, extension)
 }
--- a/api/src/utils/file.ts
+++ b/api/src/utils/file.ts
@@ -1,4 +1,6 @@
 import path from 'path'
 import { homedir } from 'os'
 import fs from 'fs-extra'
 export const apiRoot = path.join(__dirname, '..', '..')
 export const codebaseRoot = path.join(apiRoot, '..')
@@ -9,30 +11,33 @@ export const sysInitCompiledPath = path.join(
 )
 export const sasJSCoreMacros = path.join(apiRoot, 'sasjscore')
-export const sasJSCoreMacrosInfo = path.join(apiRoot, 'sasjscore', '.macrolist')
+export const sasJSCoreMacrosInfo = path.join(sasJSCoreMacros, '.macrolist')
-export const getWebBuildFolderPath = () =>
+export const getWebBuildFolder = () => path.join(codebaseRoot, 'web', 'build')
  path.join(codebaseRoot, 'web', 'build')
-export const getTmpFolderPath = () => process.driveLoc
+export const getSasjsHomeFolder = () => path.join(homedir(), '.sasjs-server')
-export const getTmpAppStreamConfigPath = () =>
+export const getDesktopUserAutoExecPath = () =>
-  path.join(getTmpFolderPath(), 'appStreamConfig.json')
+  path.join(getSasjsHomeFolder(), 'user-autoexec.sas')
-export const getTmpMacrosPath = () => path.join(getTmpFolderPath(), 'sasjscore')
+export const getSasjsRootFolder = () => process.driveLoc
-export const getTmpUploadsPath = () => path.join(getTmpFolderPath(), 'uploads')
+export const getAppStreamConfigPath = () =>
  path.join(getSasjsRootFolder(), 'appStreamConfig.json')
-export const getTmpFilesFolderPath = () =>
+export const getMacrosFolder = () =>
-  path.join(getTmpFolderPath(), 'files')
+  path.join(getSasjsRootFolder(), 'sasjscore')
-export const getTmpLogFolderPath = () => path.join(getTmpFolderPath(), 'logs')
+export const getUploadsFolder = () => path.join(getSasjsRootFolder(), 'uploads')
-export const getTmpWeboutFolderPath = () =>
+export const getFilesFolder = () => path.join(getSasjsRootFolder(), 'files')
  path.join(getTmpFolderPath(), 'webouts')
-export const getTmpSessionsFolderPath = () =>
+export const getLogFolder = () => path.join(getSasjsRootFolder(), 'logs')
-  path.join(getTmpFolderPath(), 'sessions')
+
 export const getWeboutFolder = () => path.join(getSasjsRootFolder(), 'webouts')
 export const getSessionsFolder = () =>
  path.join(getSasjsRootFolder(), 'sessions')
 export const generateUniqueFileName = (fileName: string, extension = '') =>
  [
@@ -43,3 +48,6 @@ export const generateUniqueFileName = (fileName: string, extension = '') =>
    new Date().getTime(),
    extension
  ].join('')
 export const createReadStream = async (filePath: string) =>
  fs.createReadStream(filePath)
--- a/api/src/utils/getDesktopFields.ts
+++ b/api/src/utils/getDesktopFields.ts
@@ -5,12 +5,12 @@ import { createFolder, fileExists, folderExists } from '@sasjs/utils'
 const isWindows = () => process.platform === 'win32'
 export const getDesktopFields = async () => {
-  const { SAS_PATH, DRIVE_PATH } = process.env
+  const { SAS_PATH } = process.env
  const sasLoc = SAS_PATH ?? (await getSASLocation())
-  const driveLoc = DRIVE_PATH ?? (await getDriveLocation())
+  // const driveLoc = DRIVE_PATH ?? (await getDriveLocation())
-  return { sasLoc, driveLoc }
+  return { sasLoc }
 }
 const getDriveLocation = async (): Promise<string> => {
--- a/api/src/utils/getPreProgramVariables.ts
+++ b/api/src/utils/getPreProgramVariables.ts
@@ -0,0 +1,30 @@
 import { Request } from 'express'
 import { PreProgramVars } from '../types'
 export const getPreProgramVariables = (req: Request): PreProgramVars => {
  const host = req.get('host')
  const protocol = req.protocol + '://'
  const { user, accessToken } = req
  const csrfToken = req.headers['x-xsrf-token'] || req.cookies['XSRF-TOKEN']
  const sessionId = req.cookies['connect.sid']
  const { _csrf } = req.cookies
  const httpHeaders: string[] = []
  if (accessToken) httpHeaders.push(`Authorization: Bearer ${accessToken}`)
  if (csrfToken) httpHeaders.push(`x-xsrf-token: ${csrfToken}`)
  const cookies: string[] = []
  if (sessionId) cookies.push(`connect.sid=${sessionId}`)
  if (_csrf) cookies.push(`_csrf=${_csrf}`)
  if (cookies.length) httpHeaders.push(`cookie: ${cookies.join('; ')}`)
  return {
    username: user!.username,
    userId: user!.userId,
    displayName: user!.displayName,
    serverUrl: protocol + host,
    httpHeaders
  }
 }
--- a/api/src/utils/getServerUrl.ts
+++ b/api/src/utils/getServerUrl.ts
@@ -0,0 +1,15 @@
 import express from 'express'
 import url from 'url'
 export const getFullUrl = (req: express.Request) =>
  url.format({
    protocol: req.protocol,
    host: req.get('host'),
    pathname: req.originalUrl
  })
 export const getServerUrl = (req: express.Request) =>
  url.format({
    protocol: req.protocol,
    host: req.get('x-forwarded-host') || req.get('host')
  })
--- a/api/src/utils/index.ts
+++ b/api/src/utils/index.ts
@@ -1,19 +1,27 @@
 export * from './appStreamConfig'
 export * from './connectDB'
 export * from './copySASjsCore'
 export * from './desktopAutoExec'
 export * from './extractHeaders'
 export * from './extractName'
 export * from './file'
 export * from './generateAccessToken'
 export * from './generateAuthCode'
 export * from './generateRefreshToken'
 export * from './getCertificates'
 export * from './getDesktopFields'
 export * from './getPreProgramVariables'
 export * from './getServerUrl'
 export * from './instantiateLogger'
 export * from './isDebugOn'
 export * from './zipped'
 export * from './parseLogToArray'
 export * from './removeTokensInDB'
 export * from './saveTokensInDB'
 export * from './seedDB'
 export * from './setProcessVariables'
 export * from './setupFolders'
 export * from './upload'
 export * from './validation'
 export * from './verifyEnvVariables'
 export * from './verifyTokenInDB'
--- a/api/src/utils/instantiateLogger.ts
+++ b/api/src/utils/instantiateLogger.ts
@@ -0,0 +1,7 @@
 import { LogLevel, Logger } from '@sasjs/utils/logger'
 export const instantiateLogger = () => {
  const logLevel = (process.env.LOG_LEVEL || LogLevel.Info) as LogLevel
  const logger = new Logger(logLevel)
  process.logger = logger
 }
--- a/api/src/utils/parseHelmetConfig.ts
+++ b/api/src/utils/parseHelmetConfig.ts
@@ -0,0 +1,35 @@
 import path from 'path'
 import fs from 'fs'
 export const getEnvCSPDirectives = (
  HELMET_CSP_CONFIG_PATH: string | undefined
 ) => {
  let cspConfigJson = {
    'img-src': ["'self'", 'data:'],
    'script-src': ["'self'", "'unsafe-inline'"],
    'script-src-attr': ["'self'", "'unsafe-inline'"]
  }
  if (
    typeof HELMET_CSP_CONFIG_PATH === 'string' &&
    HELMET_CSP_CONFIG_PATH.length > 0
  ) {
    const cspConfigPath = path.join(process.cwd(), HELMET_CSP_CONFIG_PATH)
    try {
      let file = fs.readFileSync(cspConfigPath).toString()
      try {
        cspConfigJson = JSON.parse(file)
      } catch (e) {
        console.error(
          'Parsing Content Security Policy JSON config failed. Make sure it is valid json'
        )
      }
    } catch (e) {
      console.error('Error reading HELMET CSP config file', e)
    }
  }
  return cspConfigJson
 }
--- a/api/src/utils/seedDB.ts
+++ b/api/src/utils/seedDB.ts
@@ -0,0 +1,35 @@
 import Client from '../model/Client'
 import User from '../model/User'
 const CLIENT = {
  clientId: 'clientID1',
  clientSecret: 'clientSecret'
 }
 const ADMIN_USER = {
  id: 1,
  displayName: 'Super Admin',
  username: 'secretuser',
  password: '$2a$10$hKvcVEZdhEQZCcxt6npazO6mY4jJkrzWvfQ5stdBZi8VTTwVMCVXO',
  isAdmin: true,
  isActive: true
 }
 export const seedDB = async () => {
  // Checking if client is already in the database
  const clientExist = await Client.findOne({ clientId: CLIENT.clientId })
  if (!clientExist) {
    const client = new Client(CLIENT)
    await client.save()
    console.log(`DB Seed - client created: ${CLIENT.clientId}`)
  }
  // Checking if user is already in the database
  const usernameExist = await User.findOne({ username: ADMIN_USER.username })
  if (!usernameExist) {
    const user = new User(ADMIN_USER)
    await user.save()
    console.log(`DB Seed - admin account created: ${ADMIN_USER.username}`)
  }
 }
--- a/api/src/utils/setProcessVariables.ts
+++ b/api/src/utils/setProcessVariables.ts
@@ -1,31 +1,29 @@
 import path from 'path'
-import { getRealPath } from '@sasjs/utils'
+import { createFolder, getAbsolutePath, getRealPath } from '@sasjs/utils'
-import { configuration } from '../../package.json'
+import { getDesktopFields, ModeType } from '.'
 import { getDesktopFields } from '.'
 export const setProcessVariables = async () => {
  if (process.env.NODE_ENV === 'test') {
-    process.driveLoc = path.join(process.cwd(), 'tmp')
+    process.driveLoc = path.join(process.cwd(), 'sasjs_root')
    return
  }
  const { MODE } = process.env
-  if (MODE?.trim() !== 'server') {
+  if (MODE === ModeType.Server) {
-    const { sasLoc, driveLoc } = await getDesktopFields()
+    process.sasLoc = process.env.SAS_PATH as string
  } else {
    const { sasLoc } = await getDesktopFields()
    process.sasLoc = sasLoc
    process.driveLoc = driveLoc
  } else {
    const { SAS_PATH, DRIVE_PATH } = process.env
    process.sasLoc = SAS_PATH ?? configuration.sasPath
    process.driveLoc = getRealPath(
      path.join(process.cwd(), DRIVE_PATH ?? 'tmp')
    )
  }
  const { SASJS_ROOT } = process.env
  const absPath = getAbsolutePath(SASJS_ROOT ?? 'sasjs_root', process.cwd())
  await createFolder(absPath)
  process.driveLoc = getRealPath(absPath)
  console.log('sasLoc: ', process.sasLoc)
  console.log('sasDrive: ', process.driveLoc)
 }
--- a/api/src/utils/setupFolders.ts
+++ b/api/src/utils/setupFolders.ts
@@ -1,7 +1,14 @@
-import { createFolder } from '@sasjs/utils'
+import { createFile, createFolder, fileExists } from '@sasjs/utils'
-import { getTmpFilesFolderPath } from './file'
+import { getDesktopUserAutoExecPath, getFilesFolder } from './file'
 import { ModeType } from './verifyEnvVariables'
 export const setupFolders = async () => {
-  const drivePath = getTmpFilesFolderPath()
+  const drivePath = getFilesFolder()
  await createFolder(drivePath)
  if (process.env.MODE === ModeType.Desktop) {
    if (!(await fileExists(getDesktopUserAutoExecPath()))) {
      await createFile(getDesktopUserAutoExecPath(), '')
    }
  }
 }
--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -1,14 +1,23 @@
 import Joi from 'joi'
-const usernameSchema = Joi.string().alphanum().min(6).max(20)
+const usernameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
 const passwordSchema = Joi.string().min(6).max(1024)
 export const blockFileRegex = /\.(exe|sh|htaccess)$/i
-export const authorizeValidation = (data: any): Joi.ValidationResult =>
+export const getUserValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    username: usernameSchema.required()
  }).validate(data)
 export const loginWebValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    username: usernameSchema.required(),
-    password: passwordSchema.required(),
+    password: passwordSchema.required()
  }).validate(data)
 export const authorizeValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    clientId: Joi.string().required()
  }).validate(data)
@@ -31,7 +40,8 @@ export const registerUserValidation = (data: any): Joi.ValidationResult =>
    username: usernameSchema.required(),
    password: passwordSchema.required(),
    isAdmin: Joi.boolean(),
-    isActive: Joi.boolean()
+    isActive: Joi.boolean(),
    autoExec: Joi.string().allow('')
  }).validate(data)
 export const deleteUserValidation = (
@@ -53,7 +63,8 @@ export const updateUserValidation = (
  const validationChecks: any = {
    displayName: Joi.string().min(6),
    username: usernameSchema,
-    password: passwordSchema
+    password: passwordSchema,
    autoExec: Joi.string().allow('')
  }
  if (isAdmin) {
    validationChecks.isAdmin = Joi.boolean()
--- a/api/src/utils/verifyEnvVariables.ts
+++ b/api/src/utils/verifyEnvVariables.ts
@@ -0,0 +1,211 @@
 export enum ModeType {
  Server = 'server',
  Desktop = 'desktop'
 }
 export enum ProtocolType {
  HTTP = 'http',
  HTTPS = 'https'
 }
 export enum CorsType {
  ENABLED = 'enable',
  DISABLED = 'disable'
 }
 export enum HelmetCoepType {
  TRUE = 'true',
  FALSE = 'false'
 }
 export enum LOG_FORMAT_MORGANType {
  Combined = 'combined',
  Common = 'common',
  Dev = 'dev',
  Short = 'short',
  tiny = 'tiny'
 }
 export enum ReturnCode {
  Success,
  InvalidEnv
 }
 export const verifyEnvVariables = (): ReturnCode => {
  const errors: string[] = []
  errors.push(...verifyMODE())
  errors.push(...verifyPROTOCOL())
  errors.push(...verifyPORT())
  errors.push(...verifyCORS())
  errors.push(...verifyHELMET_COEP())
  errors.push(...verifyLOG_FORMAT_MORGAN())
  if (errors.length) {
    process.logger?.error(
      `Invalid environment variable(s) provided: \n${errors.join('\n')}`
    )
    return ReturnCode.InvalidEnv
  }
  return ReturnCode.Success
 }
 const verifyMODE = (): string[] => {
  const errors: string[] = []
  const { MODE } = process.env
  if (MODE) {
    const modeTypes = Object.values(ModeType)
    if (!modeTypes.includes(MODE as ModeType))
      errors.push(`- MODE '${MODE}'\n - valid options ${modeTypes}`)
  } else {
    process.env.MODE = DEFAULTS.MODE
  }
  if (process.env.MODE === ModeType.Server) {
    const {
      ACCESS_TOKEN_SECRET,
      REFRESH_TOKEN_SECRET,
      AUTH_CODE_SECRET,
      SESSION_SECRET,
      DB_CONNECT
    } = process.env
    if (!ACCESS_TOKEN_SECRET)
      errors.push(
        `- ACCESS_TOKEN_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (!REFRESH_TOKEN_SECRET)
      errors.push(
        `- REFRESH_TOKEN_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (!AUTH_CODE_SECRET)
      errors.push(
        `- AUTH_CODE_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (!SESSION_SECRET)
      errors.push(
        `- SESSION_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (process.env.NODE_ENV !== 'test')
      if (!DB_CONNECT)
        errors.push(
          `- DB_CONNECT is required for PROTOCOL '${ModeType.Server}'`
        )
  }
  return errors
 }
 const verifyPROTOCOL = (): string[] => {
  const errors: string[] = []
  const { PROTOCOL } = process.env
  if (PROTOCOL) {
    const protocolTypes = Object.values(ProtocolType)
    if (!protocolTypes.includes(PROTOCOL as ProtocolType))
      errors.push(`- PROTOCOL '${PROTOCOL}'\n - valid options ${protocolTypes}`)
  } else {
    process.env.PROTOCOL = DEFAULTS.PROTOCOL
  }
  if (process.env.PROTOCOL === ProtocolType.HTTPS) {
    const { PRIVATE_KEY, FULL_CHAIN } = process.env
    if (!PRIVATE_KEY)
      errors.push(
        `- PRIVATE_KEY is required for PROTOCOL '${ProtocolType.HTTPS}'`
      )
    if (!FULL_CHAIN)
      errors.push(
        `- FULL_CHAIN is required for PROTOCOL '${ProtocolType.HTTPS}'`
      )
  }
  return errors
 }
 const verifyCORS = (): string[] => {
  const errors: string[] = []
  const { CORS } = process.env
  if (CORS) {
    const corsTypes = Object.values(CorsType)
    if (!corsTypes.includes(CORS as CorsType))
      errors.push(`- CORS '${CORS}'\n - valid options ${corsTypes}`)
  } else {
    const { MODE } = process.env
    process.env.CORS =
      MODE === ModeType.Server ? CorsType.DISABLED : CorsType.ENABLED
  }
  return errors
 }
 const verifyPORT = (): string[] => {
  const errors: string[] = []
  const { PORT } = process.env
  if (PORT) {
    if (Number.isNaN(parseInt(PORT)))
      errors.push(`- PORT '${PORT}'\n - should be a valid number`)
  } else {
    process.env.PORT = DEFAULTS.PORT
  }
  return errors
 }
 const verifyHELMET_COEP = (): string[] => {
  const errors: string[] = []
  const { HELMET_COEP } = process.env
  if (HELMET_COEP) {
    const helmetCoepTypes = Object.values(HelmetCoepType)
    if (!helmetCoepTypes.includes(HELMET_COEP as HelmetCoepType))
      errors.push(
        `- HELMET_COEP '${HELMET_COEP}'\n - valid options ${helmetCoepTypes}`
      )
    HELMET_COEP
  } else {
    process.env.HELMET_COEP = DEFAULTS.HELMET_COEP
  }
  return errors
 }
 const verifyLOG_FORMAT_MORGAN = (): string[] => {
  const errors: string[] = []
  const { LOG_FORMAT_MORGAN } = process.env
  if (LOG_FORMAT_MORGAN) {
    const logFormatMorganTypes = Object.values(LOG_FORMAT_MORGANType)
    if (
      !logFormatMorganTypes.includes(LOG_FORMAT_MORGAN as LOG_FORMAT_MORGANType)
    )
      errors.push(
        `- LOG_FORMAT_MORGAN '${LOG_FORMAT_MORGAN}'\n - valid options ${logFormatMorganTypes}`
      )
    LOG_FORMAT_MORGAN
  } else {
    process.env.LOG_FORMAT_MORGAN = DEFAULTS.LOG_FORMAT_MORGAN
  }
  return errors
 }
 const DEFAULTS = {
  MODE: ModeType.Desktop,
  PROTOCOL: ProtocolType.HTTP,
  PORT: '5000',
  HELMET_COEP: HelmetCoepType.TRUE,
  LOG_FORMAT_MORGAN: LOG_FORMAT_MORGANType.Common
 }
--- a/api/src/utils/verifyTokenInDB.ts
+++ b/api/src/utils/verifyTokenInDB.ts
@@ -1,11 +1,30 @@
 import User from '../model/User'
 import { RequestUser } from '../types'
 export const fetchLatestAutoExec = async (
  reqUser: RequestUser
 ): Promise<RequestUser | undefined> => {
  const dbUser = await User.findOne({ id: reqUser.userId })
  if (!dbUser) return undefined
  return {
    userId: reqUser.userId,
    clientId: reqUser.clientId,
    username: dbUser.username,
    displayName: dbUser.displayName,
    isAdmin: dbUser.isAdmin,
    isActive: dbUser.isActive,
    autoExec: dbUser.autoExec
  }
 }
 export const verifyTokenInDB = async (
  userId: number,
  clientId: string,
  token: string,
  tokenType: 'accessToken' | 'refreshToken'
-) => {
+): Promise<RequestUser | undefined> => {
  const dbUser = await User.findOne({ id: userId })
  if (!dbUser) return undefined
@@ -21,7 +40,8 @@ export const verifyTokenInDB = async (
        username: dbUser.username,
        displayName: dbUser.displayName,
        isAdmin: dbUser.isAdmin,
-        isActive: dbUser.isActive
+        isActive: dbUser.isActive,
        autoExec: dbUser.autoExec
      }
    : undefined
 }
--- a/api/src/utils/zipped.ts
+++ b/api/src/utils/zipped.ts
@@ -0,0 +1,40 @@
 import path from 'path'
 import unZipper from 'unzipper'
 import { extractName } from './extractName'
 import { createReadStream } from './file'
 export const isZipFile = (
  file: Express.Multer.File
 ): { error?: string; value?: Express.Multer.File } => {
  const fileExtension = path.extname(file.originalname)
  if (fileExtension.toUpperCase() !== '.ZIP')
    return { error: `"file" has invalid extension ${fileExtension}` }
  const allowedMimetypes = ['application/zip', 'application/x-zip-compressed']
  if (!allowedMimetypes.includes(file.mimetype))
    return { error: `"file" has invalid type ${file.mimetype}` }
  return { value: file }
 }
 export const extractJSONFromZip = async (zipFile: Express.Multer.File) => {
  let fileContent: string = ''
  const fileInZip = extractName(zipFile.originalname)
  const zip = (await createReadStream(zipFile.path)).pipe(
    unZipper.Parse({ forceStream: true })
  )
  for await (const entry of zip) {
    const fileName = entry.path as string
    if (fileName.toUpperCase().endsWith('.JSON') && fileName === fileInZip) {
      fileContent = await entry.buffer()
      break
    } else {
      entry.autodrain()
    }
  }
  return fileContent
 }
--- a/api/tsoa.json
+++ b/api/tsoa.json
@@ -11,6 +11,10 @@
      }
    },
    "tags": [
      {
        "name": "Info",
        "description": "Get Server Info"
      },
      {
        "name": "Session",
        "description": "Get Session information"
@@ -42,6 +46,10 @@
      {
        "name": "CODE",
        "description": "Operations on SAS code"
      },
      {
        "name": "Web",
        "description": "Operations on Web"
      }
    ],
    "yaml": true,
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,13 +1,12 @@
 {
  "name": "server",
-  "version": "0.0.51",
+  "version": "0.0.76",
  "description": "NodeJS wrapper for calling the SAS binary executable",
  "repository": "https://github.com/sasjs/server",
  "scripts": {
    "server": "npm run server:prepare && npm run server:start",
-    "server:prepare": "cd web && npm ci && npm run build && cd ../api && npm ci && cd ..",
+    "server:prepare": "cd web && npm ci && npm run build && cd ../api && npm ci && npm run build && cd ..",
-    "server:start": "cd api && npm run start",
+    "server:start": "cd api && npm run start:prod",
    "release": "standard-version",
    "lint-api:fix": "npx prettier --write \"api/src/**/*.{ts,tsx,js,jsx,html,css,sass,less,yml,md,graphql}\"",
    "lint-api": "npx prettier --check \"api/src/**/*.{ts,tsx,js,jsx,html,css,sass,less,yml,md,graphql}\"",
    "lint-web:fix": "npx prettier --write \"web/src/**/*.{ts,tsx,js,jsx,html,css,sass,less,yml,md,graphql}\"",
@@ -16,7 +15,9 @@
    "lint:fix": "npm run lint-api:fix && npm run lint-web:fix"
  },
  "devDependencies": {
-    "prettier": "^2.3.1",
+    "@semantic-release/changelog": "^6.0.1",
-    "standard-version": "^9.3.2"
+    "@semantic-release/exec": "^6.0.3",
    "@semantic-release/git": "^10.0.1",
    "@semantic-release/github": "^8.0.4"
  }
 }
--- a/restClient/session.rest
+++ b/restClient/session.rest
@@ -1,2 +1,3 @@
-### Get current user's info via access token
+### Get current user's info via session ID
 GET http://localhost:5000/SASjsApi/session
 cookie: connect.sid=s:G2DeFdKuWhnmTOsTHmTWrxAXPx2P6TLD.JyNLxfACC1w3NlFQFfL5chyxtrqbPYmS6iButRc1goE
--- a/web/.env.example
+++ b/web/.env.example
@@ -1,2 +1 @@
-PORT_API=[place sasjs server port] default value is 5000
+PORT_API=[place sasjs server port] default value is 5000
 CLIENT_ID=<place clientId here>
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -9,7 +9,6 @@
  "dependencies": {
    "@emotion/react": "^11.4.1",
    "@emotion/styled": "^11.3.0",
    "@monaco-editor/react": "^4.3.1",
    "@mui/icons-material": "^5.0.3",
    "@mui/lab": "^5.0.0-alpha.50",
    "@mui/material": "^5.0.3",
@@ -21,9 +20,14 @@
    "@types/node": "^12.20.28",
    "@types/react": "^17.0.27",
    "axios": "^0.24.0",
    "monaco-editor": "^0.33.0",
    "monaco-editor-webpack-plugin": "^7.0.1",
    "react": "^17.0.2",
    "react-copy-to-clipboard": "^5.1.0",
    "react-dom": "^17.0.2",
-    "react-router-dom": "^5.3.0"
+    "react-monaco-editor": "^0.48.0",
    "react-router-dom": "^5.3.0",
    "react-toastify": "^9.0.1"
  },
  "devDependencies": {
    "@babel/core": "^7.16.0",
@@ -35,6 +39,7 @@
    "@types/dotenv-webpack": "^7.0.3",
    "@types/prismjs": "^1.16.6",
    "@types/react": "^17.0.37",
    "@types/react-copy-to-clipboard": "^5.0.2",
    "@types/react-dom": "^17.0.11",
    "@types/react-router-dom": "^5.3.1",
    "babel-loader": "^8.2.3",
--- a/web/src/App.tsx
+++ b/web/src/App.tsx
@@ -1,4 +1,4 @@
-import React from 'react'
+import React, { useContext } from 'react'
 import { Route, HashRouter, Switch } from 'react-router-dom'
 import { ThemeProvider } from '@mui/material/styles'
 import { theme } from './theme'
@@ -8,23 +8,23 @@ import Header from './components/header'
 import Home from './components/home'
 import Drive from './containers/Drive'
 import Studio from './containers/Studio'
 import Settings from './containers/Settings'
-import useTokens from './components/useTokens'
+import { AppContext } from './context/appContext'
 import AuthCode from './containers/AuthCode'
 import { ToastContainer } from 'react-toastify'
 function App() {
-  const { tokens, setTokens } = useTokens()
+  const appContext = useContext(AppContext)
-  if (!tokens) {
+  if (!appContext.loggedIn) {
    return (
      <ThemeProvider theme={theme}>
        <HashRouter>
          <Header />
          <Switch>
            <Route exact path="/SASjsLogon">
              <Login getCodeOnly />
            </Route>
            <Route path="/">
-              <Login setTokens={setTokens} />
+              <Login />
            </Route>
          </Switch>
        </HashRouter>
@@ -46,10 +46,14 @@ function App() {
          <Route exact path="/SASjsStudio">
            <Studio />
          </Route>
          <Route exact path="/SASjsSettings">
            <Settings />
          </Route>
          <Route exact path="/SASjsLogon">
-            <Login getCodeOnly />
+            <AuthCode />
          </Route>
        </Switch>
        <ToastContainer />
      </HashRouter>
    </ThemeProvider>
  )
--- a/web/src/components/header.tsx
+++ b/web/src/components/header.tsx
@@ -1,26 +1,63 @@
-import React, { useState } from 'react'
+import React, { useState, useEffect, useContext } from 'react'
 import { Link, useHistory, useLocation } from 'react-router-dom'
-import AppBar from '@mui/material/AppBar'
+import {
-import Toolbar from '@mui/material/Toolbar'
+  AppBar,
-import Tabs from '@mui/material/Tabs'
+  Toolbar,
-import Tab from '@mui/material/Tab'
+  Tabs,
-import Button from '@mui/material/Button'
+  Tab,
  Button,
  Menu,
  MenuItem
 } from '@mui/material'
 import OpenInNewIcon from '@mui/icons-material/OpenInNew'
 import SettingsIcon from '@mui/icons-material/Settings'
 import Username from './username'
 import { AppContext } from '../context/appContext'
 const NODE_ENV = process.env.NODE_ENV
 const PORT_API = process.env.PORT_API
 const baseUrl =
  NODE_ENV === 'development' ? `http://localhost:${PORT_API ?? 5000}` : ''
 const validTabs = ['/', '/SASjsDrive', '/SASjsStudio']
 const Header = (props: any) => {
  const history = useHistory()
  const { pathname } = useLocation()
-  const [tabValue, setTabValue] = useState(pathname)
+  const appContext = useContext(AppContext)
  const [tabValue, setTabValue] = useState(
    validTabs.includes(pathname) ? pathname : '/'
  )
  const [anchorEl, setAnchorEl] = useState<
    (EventTarget & HTMLButtonElement) | null
  >(null)
  useEffect(() => {
    setTabValue(validTabs.includes(pathname) ? pathname : '/')
  }, [pathname])
  const handleMenu = (
    event: React.MouseEvent<HTMLButtonElement, MouseEvent>
  ) => {
    setAnchorEl(event.currentTarget)
  }
  const handleClose = () => {
    setAnchorEl(null)
  }
  const handleTabChange = (event: React.SyntheticEvent, value: string) => {
    setTabValue(value)
  }
  const handleLogout = () => {
    if (appContext.logout) {
      handleClose()
      appContext.logout()
    }
  }
  return (
    <AppBar
      position="fixed"
@@ -81,6 +118,51 @@ const Header = (props: any) => {
        >
          App Stream
        </Button>
        <div
          style={{
            display: 'flex',
            flexGrow: 1,
            justifyContent: 'flex-end'
          }}
        >
          <Username
            username={appContext.displayName || appContext.username}
            onClickHandler={handleMenu}
          />
          <Menu
            id="menu-appbar"
            anchorEl={anchorEl}
            anchorOrigin={{
              vertical: 'bottom',
              horizontal: 'center'
            }}
            keepMounted
            transformOrigin={{
              vertical: 'top',
              horizontal: 'center'
            }}
            open={!!anchorEl}
            onClose={handleClose}
          >
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
                component={Link}
                to="/SASjsSettings"
                onClick={handleClose}
                variant="contained"
                color="primary"
                startIcon={<SettingsIcon />}
              >
                Settings
              </Button>
            </MenuItem>
            <MenuItem onClick={handleLogout} sx={{ justifyContent: 'center' }}>
              <Button variant="contained" color="primary">
                Logout
              </Button>
            </MenuItem>
          </Menu>
        </div>
      </Toolbar>
    </AppBar>
  )
--- a/web/src/components/login.tsx
+++ b/web/src/components/login.tsx
@@ -1,96 +1,39 @@
-import React, { useState } from 'react'
+import axios from 'axios'
-import { useLocation } from 'react-router-dom'
+import React, { useState, useContext } from 'react'
 import PropTypes from 'prop-types'
-import { CssBaseline, Box, TextField, Button, Typography } from '@mui/material'
+import { CssBaseline, Box, TextField, Button } from '@mui/material'
 import { AppContext } from '../context/appContext'
-const headers = {
+const login = async (payload: { username: string; password: string }) =>
-  Accept: 'application/json',
+  axios.post('/SASLogon/login', payload).then((res) => res.data)
  'Content-Type': 'application/json'
 }
 const NODE_ENV = process.env.NODE_ENV
 const PORT_API = process.env.PORT_API
 const baseUrl =
  NODE_ENV === 'development' ? `http://localhost:${PORT_API ?? 5000}` : ''
-const getAuthCode = async (credentials: any) => {
+const Login = () => {
-  return fetch(`${baseUrl}/SASjsApi/auth/authorize`, {
+  const appContext = useContext(AppContext)
-    method: 'POST',
+  const [username, setUsername] = useState('')
    headers,
    body: JSON.stringify(credentials)
  }).then(async (response) => {
    const resText = await response.text()
    if (response.status !== 200) throw resText
    return JSON.parse(resText)
  })
 }
 const getTokens = async (payload: any) => {
  return fetch(`${baseUrl}/SASjsApi/auth/token`, {
    method: 'POST',
    headers,
    body: JSON.stringify(payload)
  }).then((data) => data.json())
 }
 const Login = ({ setTokens, getCodeOnly }: any) => {
  const location = useLocation()
  const [username, setUserName] = useState('')
  const [password, setPassword] = useState('')
  const [errorMessage, setErrorMessage] = useState('')
  let error: boolean
  const [displayCode, setDisplayCode] = useState(null)
  const handleSubmit = async (e: any) => {
    error = false
    setErrorMessage('')
    e.preventDefault()
    let clientId = process.env.CLIENT_ID
-    if (getCodeOnly) {
+    const { loggedIn, user } = await login({
      const params = new URLSearchParams(location.search)
      const responseType = params.get('response_type')
      if (responseType === 'code')
        clientId = params.get('client_id') ?? undefined
    }
    const { code } = await getAuthCode({
      clientId,
      username,
      password
-    }).catch((err: string) => {
+    }).catch((err: any) => {
-      error = true
+      setErrorMessage(err.response.data)
      setErrorMessage(err)
      return {}
    })
-    if (!error) {
+    if (loggedIn) {
-      if (getCodeOnly) return setDisplayCode(code)
+      appContext.setUserId?.(user.id)
-
+      appContext.setUsername?.(user.username)
-      const { accessToken, refreshToken } = await getTokens({
+      appContext.setDisplayName?.(user.displayName)
-        clientId,
+      appContext.setLoggedIn?.(loggedIn)
        code
      })
      setTokens(accessToken, refreshToken)
    }
  }
  if (displayCode) {
    return (
      <Box className="main">
        <CssBaseline />
        <br />
        <h2>Authorization Code</h2>
        <Typography m={2} p={3} style={{ overflowWrap: 'anywhere' }}>
          {displayCode}
        </Typography>
        <br />
      </Box>
    )
  }
  return (
    <Box
      className="main"
@@ -103,19 +46,12 @@ const Login = ({ setTokens, getCodeOnly }: any) => {
      <CssBaseline />
      <br />
      <h2 style={{ width: 'auto' }}>Welcome to SASjs Server!</h2>
      {getCodeOnly && (
        <p style={{ width: 'auto' }}>
          Provide credentials to get authorization code.
        </p>
      )}
      <br />
      <TextField
        id="username"
        label="Username"
        type="text"
        variant="outlined"
-        onChange={(e: any) => setUserName(e.target.value)}
+        onChange={(e: any) => setUsername(e.target.value)}
        required
      />
      <TextField
@@ -127,7 +63,11 @@ const Login = ({ setTokens, getCodeOnly }: any) => {
        required
      />
      {errorMessage && <span>{errorMessage}</span>}
-      <Button type="submit" variant="outlined">
+      <Button
        type="submit"
        variant="outlined"
        disabled={!appContext.setLoggedIn}
      >
        Submit
      </Button>
    </Box>
@@ -135,7 +75,6 @@ const Login = ({ setTokens, getCodeOnly }: any) => {
 }
 Login.propTypes = {
  setTokens: PropTypes.func,
  getCodeOnly: PropTypes.bool
 }
--- a/web/src/components/useTokens.ts
+++ b/web/src/components/useTokens.ts
@@ -1,94 +0,0 @@
 import axios from 'axios'
 import { useEffect, useState } from 'react'
 export default function useTokens() {
  const getTokens = () => {
    const accessToken = localStorage.getItem('accessToken')
    const refreshToken = localStorage.getItem('refreshToken')
    if (accessToken && refreshToken) {
      setAxiosRequestHeader(accessToken)
      return { accessToken, refreshToken }
    }
    return undefined
  }
  const [tokens, setTokens] = useState(getTokens())
  useEffect(() => {
    if (tokens === undefined) {
      localStorage.removeItem('accessToken')
      localStorage.removeItem('refreshToken')
    }
  }, [tokens])
  setAxiosResponse(setTokens)
  const saveTokens = (accessToken: string, refreshToken: string) => {
    localStorage.setItem('accessToken', accessToken)
    localStorage.setItem('refreshToken', refreshToken)
    setAxiosRequestHeader(accessToken)
    setTokens({ accessToken, refreshToken })
  }
  return {
    setTokens: saveTokens,
    tokens
  }
 }
 const NODE_ENV = process.env.NODE_ENV
 const PORT_API = process.env.PORT_API
 const baseUrl =
  NODE_ENV === 'development' ? `http://localhost:${PORT_API ?? 5000}` : ''
 const isAbsoluteURLRegex = /^(?:\w+:)\/\//
 const setAxiosRequestHeader = (accessToken: string) => {
  axios.interceptors.request.use(function (config) {
    if (baseUrl && !isAbsoluteURLRegex.test(config.url as string)) {
      config.url = baseUrl + config.url
    }
    config.headers!['Authorization'] = `Bearer ${accessToken}`
    config.withCredentials = true
    return config
  })
 }
 const setAxiosResponse = (setTokens: Function) => {
  // Add a response interceptor
  axios.interceptors.response.use(
    function (response) {
      // Any status code that lie within the range of 2xx cause this function to trigger
      return response
    },
    async function (error) {
      if (error.response?.status === 401) {
        // refresh token
        // const { accessToken, refreshToken: newRefresh } = await refreshMyToken(
        //   refreshToken
        // )
        // if (accessToken && newRefresh) {
        //   setTokens(accessToken, newRefresh)
        //   error.config.headers['Authorization'] = 'Bearer ' + accessToken
        //   error.config.baseURL = undefined
        //   return axios.request(error.config)
        // }
        setTokens(undefined)
      }
      return Promise.reject(error)
    }
  )
 }
 // const refreshMyToken = async (refreshToken: string) => {
 //   return fetch('http://localhost:5000/SASjsApi/auth/refresh', {
 //     method: 'POST',
 //     headers: {
 //       Authorization: `Bearer ${refreshToken}`
 //     }
 //   }).then((data) => data.json())
 // }
--- a/web/src/components/username.tsx
+++ b/web/src/components/username.tsx
@@ -0,0 +1,30 @@
 import React from 'react'
 import { Typography, IconButton } from '@mui/material'
 import AccountCircle from '@mui/icons-material/AccountCircle'
 const Username = (props: any) => {
  return (
    <IconButton
      aria-label="account of current user"
      aria-controls="menu-appbar"
      aria-haspopup="true"
      onClick={props.onClickHandler}
      color="inherit"
    >
      {props.avatarContent ? (
        <img
          src={props.avatarContent}
          alt="user-avatar"
          style={{ width: '25px' }}
        />
      ) : (
        <AccountCircle></AccountCircle>
      )}
      <Typography variant="h6" sx={{ color: 'white', padding: '0 8px' }}>
        {props.username}
      </Typography>
    </IconButton>
  )
 }
 export default Username
--- a/web/src/containers/AuthCode/index.tsx
+++ b/web/src/containers/AuthCode/index.tsx
@@ -0,0 +1,78 @@
 import axios from 'axios'
 import { CopyToClipboard } from 'react-copy-to-clipboard'
 import React, { useEffect, useState } from 'react'
 import { toast } from 'react-toastify'
 import 'react-toastify/dist/ReactToastify.css'
 import { useLocation } from 'react-router-dom'
 import { CssBaseline, Box, Typography, Button } from '@mui/material'
 const getAuthCode = async (credentials: any) =>
  axios.post('/SASLogon/authorize', credentials).then((res) => res.data)
 const AuthCode = () => {
  const location = useLocation()
  const [displayCode, setDisplayCode] = useState('')
  const [errorMessage, setErrorMessage] = useState('')
  useEffect(() => {
    requestAuthCode()
  }, [])
  const requestAuthCode = async () => {
    setErrorMessage('')
    const params = new URLSearchParams(location.search)
    const responseType = params.get('response_type')
    if (responseType !== 'code')
      return setErrorMessage('response type is not support')
    const clientId = params.get('client_id')
    if (!clientId) return setErrorMessage('clientId is not provided')
    setErrorMessage('Fetching auth code... ')
    const { code } = await getAuthCode({
      clientId
    })
      .then((res) => {
        setErrorMessage('')
        return res
      })
      .catch((err: any) => {
        setErrorMessage(err.response.data)
        return { code: null }
      })
    return setDisplayCode(code)
  }
  return (
    <Box className="main">
      <CssBaseline />
      <br />
      <h2>Authorization Code</h2>
      {displayCode && (
        <Typography m={2} p={3} style={{ overflowWrap: 'anywhere' }}>
          {displayCode}
        </Typography>
      )}
      {errorMessage && <Typography>{errorMessage}</Typography>}
      <br />
      <CopyToClipboard
        text={displayCode}
        onCopy={() =>
          toast.info('Code copied to ClipBoard', {
            theme: 'dark',
            position: toast.POSITION.BOTTOM_RIGHT
          })
        }
      >
        <Button variant="contained">Copy to Clipboard</Button>
      </CopyToClipboard>
    </Box>
  )
 }
 export default AuthCode
--- a/web/src/containers/Drive/index.tsx
+++ b/web/src/containers/Drive/index.tsx
@@ -90,7 +90,11 @@ const Drive = () => {
  return (
    <Box sx={{ display: 'flex' }}>
      <CssBaseline />
-      <SideBar directoryData={directoryData} handleSelect={handleSelect} />
+      <SideBar
        selectedFilePath={selectedFilePath}
        directoryData={directoryData}
        handleSelect={handleSelect}
      />
      <Main
        selectedFilePath={selectedFilePath}
        removeFileFromTree={removeFileFromTree}
--- a/web/src/containers/Drive/main.tsx
+++ b/web/src/containers/Drive/main.tsx
@@ -2,7 +2,7 @@ import React, { useState, useEffect } from 'react'
 import { Link } from 'react-router-dom'
 import axios from 'axios'
-import Editor from '@monaco-editor/react'
+import Editor from 'react-monaco-editor'
 import Box from '@mui/material/Box'
 import Paper from '@mui/material/Paper'
@@ -125,6 +125,7 @@ const Main = (props: Props) => {
        {!isLoading && props?.selectedFilePath && editMode && (
          <Editor
            height="95%"
            language="sas"
            value={fileContent}
            onChange={(val) => {
              if (val) setFileContent(val)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
semantic-release-bot	6d12b900ad	chore(release): 0.5.0 [skip ci] # [0.5.0](https://github.com/sasjs/server/compare/v0.4.2...v0.5.0) (2022-06-16) ### Bug Fixes * npm audit fix to avoid warnings on npm i ([`28a6a36`](`28a6a36bb7`)) ### Features * api: deployment through zipped/compressed file ([`b81d742`](`b81d742c6c`))	2022-06-16 13:31:09 +00:00
Saad Jutt	ae5aa02733	Merge pull request #196 from sasjs/issue173 feat(api): deployment through zipped/compressed file	2022-06-16 06:26:32 -07:00
Allan Bowe	28a6a36bb7	fix: npm audit fix to avoid warnings on npm i	2022-06-16 13:07:59 +00:00
Saad Jutt	4e7579dc10	chore(specs): specs added for deploy upload file and zipped file	2022-06-16 17:58:56 +05:00
Saad Jutt	b81d742c6c	feat(api): deployment through zipped/compressed file	2022-06-16 00:56:51 +05:00
semantic-release-bot	a61adbcac2	chore(release): 0.4.2 [skip ci] ## [0.4.2](https://github.com/sasjs/server/compare/v0.4.1...v0.4.2) (2022-06-15) ### Bug Fixes * appStream redesign ([`73792fb`](`73792fb574`))	2022-06-15 15:04:11 +00:00
Allan Bowe	12000f4fc7	Merge pull request #195 from sasjs/appStream-design fix: appStream redesign	2022-06-15 16:59:58 +02:00
Mihajlo	73792fb574	fix: appStream redesign	2022-06-15 15:51:42 +02:00
semantic-release-bot	c08cfcbc38	chore(release): 0.4.1 [skip ci] ## [0.4.1](https://github.com/sasjs/server/compare/v0.4.0...v0.4.1) (2022-06-15) ### Bug Fixes * add/remove group to User when adding/removing user from group and return group membership on getting user ([`e08bbcc`](`e08bbcc543`))	2022-06-15 10:38:22 +00:00
Saad Jutt	8d38d5ac64	Merge pull request #193 from sasjs/issue-192 fix: add/remove group to User when adding/removing user from group	2022-06-15 03:32:32 -07:00
Sabir Hassan	e08bbcc543	fix: add/remove group to User when adding/removing user from group and return group membership on getting user	2022-06-15 15:18:42 +05:00
semantic-release-bot	eef3cb270d	chore(release): 0.4.0 [skip ci] # [0.4.0](https://github.com/sasjs/server/compare/v0.3.10...v0.4.0) (2022-06-14) ### Features * new APIs added for GET\|PATCH\|DELETE of user by username ([`aef411a`](`aef411a0ea`))	2022-06-14 17:28:50 +00:00
Saad Jutt	9cfbca23f8	Merge pull request #194 from sasjs/issue188 feat: new APIs added for GET\|PATCH\|DELETE of user by username	2022-06-14 10:24:42 -07:00
Saad Jutt	aef411a0ea	feat: new APIs added for GET\|PATCH\|DELETE of user by username	2022-06-14 22:08:56 +05:00
semantic-release-bot	806ea4cb5c	chore(release): 0.3.10 [skip ci] ## [0.3.10](https://github.com/sasjs/server/compare/v0.3.9...v0.3.10) (2022-06-14) ### Bug Fixes * correct syntax for encoding option ([`32d372b`](`32d372b42f`))	2022-06-14 09:53:53 +00:00
Allan Bowe	7205072358	Merge pull request #191 from sasjs/encodingfix fix: correct syntax for encoding option	2022-06-14 11:49:38 +02:00
Allan Bowe	32d372b42f	fix: correct syntax for encoding option	2022-06-14 09:49:05 +00:00
semantic-release-bot	e059bee7dc	chore(release): 0.3.9 [skip ci] ## [0.3.9](https://github.com/sasjs/server/compare/v0.3.8...v0.3.9) (2022-06-14) ### Bug Fixes * forcing utf 8 encoding. Closes [#76](https://github.com/sasjs/server/issues/76) ([`8734489`](`8734489cf0`))	2022-06-14 09:20:37 +00:00
Allan Bowe	6f56aafab1	Merge pull request #190 from sasjs/allanbowe/enforce-utf-76 fix: forcing utf 8 encoding. Closes #76	2022-06-14 11:14:35 +02:00
Allan Bowe	8734489cf0	fix: forcing utf 8 encoding. Closes #76	2022-06-14 09:12:41 +00:00
semantic-release-bot	7e6635f40f	chore(release): 0.3.8 [skip ci] ## [0.3.8](https://github.com/sasjs/server/compare/v0.3.7...v0.3.8) (2022-06-13) ### Bug Fixes * execution controller better error handling ([`8a617a7`](`8a617a73ae`)) * execution controller error details ([`3fa2a7e`](`3fa2a7e2e3`))	2022-06-13 12:32:32 +00:00
Allan Bowe	c0022a22f4	Merge pull request #189 from sasjs/issue-187 Execution controller more details in error message	2022-06-13 14:27:12 +02:00
Mihajlo Medjedovic	3fa2a7e2e3	fix: execution controller error details	2022-06-13 12:25:06 +00:00
Mihajlo	8a617a73ae	fix: execution controller better error handling	2022-06-13 14:01:12 +02:00
semantic-release-bot	e7babb9f55	chore(release): 0.3.7 [skip ci] ## [0.3.7](https://github.com/sasjs/server/compare/v0.3.6...v0.3.7) (2022-06-08) ### Bug Fixes * appstream: redirect to relative + nested resource should be accessed ([`5ab35b0`](`5ab35b02c4`))	2022-06-08 20:21:22 +00:00
Saad Jutt	5ab35b02c4	fix(appstream): redirect to relative + nested resource should be accessed	2022-06-09 01:16:25 +05:00
semantic-release-bot	ad82ee7106	chore(release): 0.3.6 [skip ci] ## [0.3.6](https://github.com/sasjs/server/compare/v0.3.5...v0.3.6) (2022-06-02) ### Bug Fixes * appstream: should serve only new files for same app stream name with new deployment ([`e6d1989`](`e6d1989847`))	2022-06-02 08:30:39 +00:00
Allan Bowe	d2e9456d81	Merge pull request #185 from sasjs/issue183 fix(appstream): should serve only new files for same app stream name …	2022-06-02 11:25:27 +03:00
Saad Jutt	e6d1989847	fix(appstream): should serve only new files for same app stream name with new deployment	2022-06-02 04:17:12 +05:00
semantic-release-bot	7a932383b4	chore(release): 0.3.5 [skip ci] ## [0.3.5](https://github.com/sasjs/server/compare/v0.3.4...v0.3.5) (2022-05-30) ### Bug Fixes * bumping sasjs/core library ([`61815f8`](`61815f8ae1`))	2022-05-30 18:07:50 +00:00
Allan Bowe	576e18347e	Merge pull request #182 from sasjs/bumpcore fix: bumping sasjs/core library	2022-05-30 21:02:59 +03:00
Allan Bowe	61815f8ae1	fix: bumping sasjs/core library	2022-05-30 18:02:30 +00:00
semantic-release-bot	afff27fd21	chore(release): 0.3.4 [skip ci] ## [0.3.4](https://github.com/sasjs/server/compare/v0.3.3...v0.3.4) (2022-05-30) ### Bug Fixes * web: system username for DESKTOP mode ([`a8ba378`](`a8ba378fd1`))	2022-05-30 16:12:22 +00:00
Saad Jutt	a8ba378fd1	fix(web): system username for DESKTOP mode	2022-05-30 21:08:17 +05:00
semantic-release-bot	73c81a45dc	chore(release): 0.3.3 [skip ci] ## [0.3.3](https://github.com/sasjs/server/compare/v0.3.2...v0.3.3) (2022-05-30) ### Bug Fixes * usage of autoexec API in DESKTOP mode ([`12d424a`](`12d424acce`))	2022-05-30 12:18:45 +00:00
Saad Jutt	12d424acce	fix: usage of autoexec API in DESKTOP mode	2022-05-30 17:12:17 +05:00
Saad Jutt	414fb19de3	chore: code changes	2022-05-30 00:32:05 +05:00
semantic-release-bot	cfddf1fb0c	chore(release): 0.3.2 [skip ci] ## [0.3.2](https://github.com/sasjs/server/compare/v0.3.1...v0.3.2) (2022-05-27) ### Bug Fixes * web: ability to use get/patch User API in desktop mode. ([`2c259fe`](`2c259fe1de`))	2022-05-27 19:43:00 +00:00
Muhammad Saad	1f483b1afc	Merge pull request #180 from sasjs/desktop-autoexec fix(web): ability to use get/patch User API in desktop mode.	2022-05-27 12:39:17 -07:00
Saad Jutt	0470239ef1	chore: quick fix	2022-05-27 17:35:58 +05:00
Saad Jutt	2c259fe1de	fix(web): ability to use get/patch User API in desktop mode.	2022-05-27 17:01:14 +05:00
semantic-release-bot	b066734398	chore(release): 0.3.1 [skip ci] ## [0.3.1](https://github.com/sasjs/server/compare/v0.3.0...v0.3.1) (2022-05-26) ### Bug Fixes * api: username should be lowercase ([`5ad6ee5`](`5ad6ee5e0f`)) * web: reduced width for autoexec input ([`7d11cc7`](`7d11cc7916`))	2022-05-26 15:30:45 +00:00
Allan Bowe	3b698fce5f	Merge pull request #179 from sasjs/web-profile-fixes Web profile fixes	2022-05-26 18:26:30 +03:00
Saad Jutt	5ad6ee5e0f	fix(api): username should be lowercase	2022-05-26 20:20:02 +05:00
Saad Jutt	7d11cc7916	fix(web): reduced width for autoexec input	2022-05-26 19:48:59 +05:00
semantic-release-bot	ff1def6436	chore(release): 0.3.0 [skip ci] # [0.3.0](https://github.com/sasjs/server/compare/v0.2.0...v0.3.0) (2022-05-25) ### Features * web: added profile + edit + autoexec changes ([`c275db1`](`c275db184e`))	2022-05-25 23:29:22 +00:00
Saad Jutt	c275db184e	feat(web): added profile + edit + autoexec changes	2022-05-26 04:25:15 +05:00
semantic-release-bot	e4239fbcc3	chore(release): 0.2.0 [skip ci] # [0.2.0](https://github.com/sasjs/server/compare/v0.1.0...v0.2.0) (2022-05-25) ### Bug Fixes * autoexec: usage in case of desktop from file ([`79dc2db`](`79dc2dba23`)) ### Features * api: added autoexec + major type setting changes ([`2a7223a`](`2a7223ad7d`))	2022-05-25 05:52:30 +00:00
Muhammad Saad	c6fd8fdd70	Merge pull request #178 from sasjs/issue117 feat(api): added autoexec + major type setting changes	2022-05-24 22:48:29 -07:00
Saad Jutt	79dc2dba23	fix(autoexec): usage in case of desktop from file	2022-05-25 10:44:57 +05:00
Saad Jutt	2a7223ad7d	feat(api): added autoexec + major type setting changes	2022-05-24 21:12:32 +05:00
semantic-release-bot	1fed5ea6ac	chore(release): 0.1.0 [skip ci] # [0.1.0](https://github.com/sasjs/server/compare/v0.0.77...v0.1.0) (2022-05-23) ### Bug Fixes * issue174 + issue175 + issue146 ([`80b33c7`](`80b33c7a18`)) * web: click to copy + notification ([`f37f8e9`](`f37f8e95d1`)) ### Features * env: added new env variable LOG_FORMAT_MORGAN ([`53bf68a`](`53bf68a6af`))	2022-05-23 21:22:02 +00:00
Muhammad Saad	97f689f292	Merge pull request #177 from sasjs/issue174 fix: issue174 + issue175 + issue146	2022-05-23 14:17:25 -07:00
Saad Jutt	53bf68a6af	feat(env): added new env variable LOG_FORMAT_MORGAN	2022-05-23 21:14:37 +05:00
Saad Jutt	f37f8e95d1	fix(web): click to copy + notification	2022-05-23 20:29:29 +05:00
Saad Jutt	80b33c7a18	fix: issue174 + issue175 + issue146	2022-05-23 19:24:56 +05:00
Muhammad Saad	b1803fe385	Merge pull request #170 from sasjs/dummy-release-command chore: added dummy release command	2022-05-16 09:42:23 -07:00
Saad Jutt	7dd08c3b5b	chore: added dummy release command	2022-05-16 21:36:00 +05:00
semantic-release-bot	b780b59b66	chore(release): 0.0.77 [skip ci] ## [0.0.77](https://github.com/sasjs/server/compare/v0.0.76...v0.0.77) (2022-05-16) ### Bug Fixes * release: Github workflow without npm token ([`c017d13`](`c017d13061`))	2022-05-16 16:26:07 +00:00
Muhammad Saad	7b457eaec5	Merge pull request #169 from saadjutt01/main Release on main update	2022-05-16 09:21:54 -07:00
Saad Jutt	c017d13061	fix(release): Github workflow without npm token	2022-05-16 21:17:53 +05:00
Saad Jutt	c2b5e353a5	chore(release): 0.0.76	2022-05-16 15:30:15 +05:00
Saad Jutt	f89389bbc6	fix: get csrf token from cookie if not present in header	2022-05-16 15:30:08 +05:00
Saad Jutt	fadcc9bd29	chore(release): 0.0.75	2022-05-12 20:48:35 +05:00
Saad Jutt	182def2f3e	chore(api): updated package-lock file	2022-05-12 20:48:21 +05:00
Muhammad Saad	06a5f39fea	Merge pull request #166 from sasjs/deprecate-get-auth-code-api Deprecate get auth code api	2022-05-12 08:47:40 -07:00
Saad Jutt	143b367a0e	test: fixed specs	2022-05-12 20:42:50 +05:00
Saad Jutt	b5fd800300	chore: added env SESSION_SECRET to CI	2022-05-12 19:17:09 +05:00
Saad Jutt	a0b52d9982	test(web): moved authorize specs from api to web	2022-05-12 17:59:12 +05:00
Allan Bowe	c4212665c8	chore(release): 0.0.74	2022-05-12 07:53:50 +00:00
Allan Bowe	97d9bc191c	Merge pull request #167 from sasjs/cspconfig fix: csp updates	2022-05-12 10:53:21 +03:00
Allan Bowe	dd2a403985	chore: lint fix	2022-05-11 21:57:19 +00:00
Allan Bowe	7cfa2398e1	fix: csp updates	2022-05-11 21:37:49 +00:00
Saad Jutt	5888f04e08	fix(web): seperate container for auth code	2022-05-11 21:01:59 +05:00
Saad Jutt	b40de8fa6a	fix: moved getAuthCode from api to web routes	2022-05-11 21:01:00 +05:00
Allan Bowe	45a2a01532	chore(release): 0.0.73	2022-05-10 11:23:59 +00:00
Allan Bowe	c61fec47c4	Merge pull request #165 from sasjs/issue-164 fix: helmet config on http mode	2022-05-10 14:01:40 +03:00
Mihajlo Medjedovic	24d7f00c02	chore: type fix	2022-05-10 10:13:57 +00:00
Mihajlo Medjedovic	b0fdaaaa79	fix: helmet config on http mode	2022-05-10 10:04:01 +00:00
Allan Bowe	2467616296	chore(release): 0.0.72	2022-05-09 12:33:32 +00:00
Allan Bowe	ceefbe48e9	chore(release): 0.0.71	2022-05-07 22:35:25 +00:00
Allan Bowe	426e90471e	Merge pull request #163 from sasjs/issue159 fix: reqHeadrs.txt will contain headers to access APIs	2022-05-08 01:34:41 +03:00
Allan Bowe	c0b57b9e76	fix: bumping core	2022-05-07 22:31:44 +00:00
Saad Jutt	4a8e32dd20	fix: added more cookies to req	2022-05-08 03:18:04 +05:00
Saad Jutt	636301e664	fix: reqHeadrs.txt will contain headers to access APIs	2022-05-08 02:49:16 +05:00
Allan Bowe	25dc5dd215	chore(release): 0.0.70	2022-05-06 14:45:31 +00:00
Allan Bowe	503994dbd2	Merge pull request #161 from sasjs/csp-disable Added additional options for HELMET	2022-05-06 17:44:18 +03:00
Saad Jutt	0dceb5c3c3	chore: web package-lock built with LTS	2022-05-06 19:41:02 +05:00
Mihajlo Medjedovic	1af04fa3b3	Merge branch 'csp-disable' of github.com:sasjs/server into csp-disable	2022-05-06 13:40:48 +00:00
Mihajlo Medjedovic	efa81fec77	chore: package-lock	2022-05-06 13:40:40 +00:00
Allan Bowe	10caf1918a	chore: updating README	2022-05-06 12:13:45 +00:00
Mihajlo Medjedovic	4ed20a3b75	chore: readme update	2022-05-06 11:49:32 +00:00
Mihajlo Medjedovic	98b2c5fa25	chore: readme update	2022-05-06 11:46:40 +00:00
Mihajlo Medjedovic	3ad327b85f	chore: helmet config cleanup	2022-05-06 11:40:12 +00:00
Mihajlo Medjedovic	dd3acce393	feat: CSP_DISABLE env option	2022-05-05 18:25:33 +00:00
Allan Bowe	8065727b9b	chore(release): 0.0.69	2022-05-02 15:24:56 +00:00
Allan Bowe	e1223ec3f8	Merge pull request #158 from sasjs/update-csp-policy fix(upload): appStream uses CSRF + Session authentication	2022-05-02 18:22:35 +03:00
Saad Jutt	1f89279264	fix(upload): appStream uses CSRF + Session authentication	2022-05-02 18:01:28 +05:00
Saad Jutt	a07f47a1ba	chore(release): 0.0.68	2022-05-02 05:57:10 +05:00
Saad Jutt	2548c82dfe	fix: using monaco editor locally	2022-05-02 05:57:03 +05:00
Saad Jutt	238aa1006f	chore(release): 0.0.67	2022-05-02 03:41:07 +05:00
Saad Jutt	35cba97611	chore: commented helmet middleware	2022-05-02 03:40:14 +05:00
Saad Jutt	5f29dec16f	chore(release): 0.0.66	2022-05-01 23:31:59 +05:00
Saad Jutt	e2a97fcb7c	fix: added swagger ui init file manually	2022-05-01 23:31:48 +05:00
Allan Bowe	6adeeefcf5	chore(release): 0.0.65	2022-05-01 11:36:26 +00:00
Allan Bowe	c9d66b8576	Merge pull request #156 from sasjs/fix-swagger-api-with-csrf fix: consume swagger api with CSRF	2022-05-01 14:35:23 +03:00
Saad Jutt	5aaac24080	fix: consume swagger api with CSRF	2022-05-01 06:07:17 +05:00
Saad Jutt	6d34206bbc	chore(release): 0.0.64	2022-05-01 02:28:57 +05:00
Saad Jutt	7b39cc06d3	fix: removed fileExists for serving web	2022-05-01 02:28:50 +05:00
Saad Jutt	6e7f28a6f8	chore(release): 0.0.63	2022-05-01 02:10:24 +05:00
Saad Jutt	5689169ce4	chore: syntax fix for workflow	2022-05-01 02:10:17 +05:00
Saad Jutt	6139e7bff6	chore(release): 0.0.62	2022-05-01 02:08:03 +05:00
Saad Jutt	2c77317bb9	chore: release using node LTS	2022-05-01 02:07:55 +05:00
Saad Jutt	57b63db9cb	chore(release): 0.0.61	2022-05-01 01:59:12 +05:00
Saad Jutt	60a2a4fe32	chore: bumped pkg version	2022-05-01 01:59:04 +05:00
Allan Bowe	09611cb416	chore(release): 0.0.60	2022-04-30 18:53:44 +00:00
Allan Bowe	2a9bb6e6b1	Merge pull request #155 from sasjs/api-access-via-session-authentication fix: added CSRF check for granting access via session authentication	2022-04-30 21:44:35 +03:00
Saad Jutt	b4b60c69cf	fix: setting CSRF Token for only rendering SPA	2022-04-30 06:32:24 +05:00
Saad Jutt	b060ad1b8e	fix: added CSRF check for granting access via session authentication	2022-04-30 05:04:27 +05:00
munja	d47ed6d0e8	chore(release): 0.0.59	2022-04-29 13:28:34 +01:00
Muhammad Saad	a6993ef5ae	Merge pull request #153 from sasjs/csrf-tokens-for-web feat: enabled csrf tokens for web component	2022-04-28 17:26:05 -07:00
Saad Jutt	2571fc2ca8	chore: README.md updated	2022-04-29 05:09:11 +05:00
Saad Jutt	992f39b63a	chore: lint fix	2022-04-29 04:11:29 +05:00
Saad Jutt	1ea3f6d8b3	chore: corrected order for web route	2022-04-29 03:11:08 +05:00
Saad Jutt	e462aebdc0	feat: enabled csrf tokens for web component	2022-04-29 02:59:48 +05:00
Muhammad Saad	13403517a4	Merge pull request #150 from sasjs/session-based-authentication feat: enabled session based authentication for web	2022-04-28 07:11:45 -07:00
Saad Jutt	c3c2048e75	chore: temp	2022-04-28 07:15:36 +05:00
Saad Jutt	1d8acc36eb	chore: temp	2022-04-28 07:15:09 +05:00
Saad Jutt	4c7ad56326	test: fixed specs	2022-04-28 07:07:56 +05:00
Saad Jutt	e57443f1ed	fix(web): show display name instead of username	2022-04-28 07:00:49 +05:00
Saad Jutt	5da93f318a	feat: enabled session based authentication for web	2022-04-28 06:44:25 +05:00
Muhammad Saad	a30fb1a241	Merge pull request #141 from sasjs/issue-135 fix: fetch client from DB for each request	2022-04-27 12:09:41 -07:00
Allan Bowe	4ae8f35e9a	chore(release): 0.0.58	2022-04-24 20:25:08 +00:00
Saad Jutt	ebb46f51b6	chore: fix specs	2022-04-24 05:29:42 +05:00
Saad Jutt	fe24f51ca2	test: fix specs	2022-04-24 05:17:25 +05:00
Saad Jutt	fd15f3fb41	test: fix specs	2022-04-24 05:11:56 +05:00
Saad Jutt	7d31ee7696	chore: Merge branch 'main' into issue-135	2022-04-24 05:08:31 +05:00
Allan Bowe	667e26b080	Merge pull request #142 from sasjs/contribute npm scripts updated	2022-04-24 02:48:07 +03:00
munja	d09876c05f	fix: missing dependency	2022-04-24 00:46:14 +01:00
Saad Jutt	fb8e18be75	chore: fix vulnerabilites	2022-04-24 04:38:28 +05:00
Saad Jutt	7ac7a4e083	chore: added start:prod npm script	2022-04-24 04:36:42 +05:00
Allan Bowe	8e23786dd4	Update CONTRIBUTING.md	2022-04-24 00:31:41 +01:00
Allan Bowe	4bd01bcf29	Update CONTRIBUTING.md	2022-04-24 00:30:29 +01:00
Saad Jutt	4ad8c81e49	fix: fetch client from DB for each request	2022-04-24 04:16:13 +05:00
Allan Bowe	51f6aa34a1	Merge pull request #140 from sasjs/corebump fix: bumping core library to get latest user management macros	2022-04-24 02:02:16 +03:00
Allan Bowe	486207128d	fix: bumping core library to get latest user management macros	2022-04-23 22:54:34 +00:00
Allan Bowe	1e4b0b9171	Update README.md	2022-04-21 12:38:31 +01:00
Allan Bowe	1ff820605a	chore(release): 0.0.57	2022-04-21 09:27:23 +00:00
Muhammad Saad	9c1a781b3a	Merge pull request #136 from sasjs/issue-78 feat: add user name and logout functionality	2022-04-20 16:57:32 -07:00
Sabir Hassan	36628551ae	chore(web): use AppContext instead of useTokens Hook	2022-04-21 04:37:40 +05:00
Sabir Hassan	23cf8fa06f	chore(web): add user name at top right	2022-04-21 04:36:20 +05:00
Sabir Hassan	84ee743eae	feat: create AppContext	2022-04-21 04:34:27 +05:00
Allan Bowe	19e5bd7d2d	chore: updating README with docs on linux jobs as approach for running server as background job	2022-04-20 13:16:06 +00:00
Allan Bowe	e251747302	chore(release): 0.0.56	2022-04-20 08:44:48 +00:00
Allan Bowe	7e7558d4cf	Merge pull request #133 from sasjs/allanbowe/lengths-of-username-password-61 fix: shortening min length of username. Closes #61	2022-04-20 11:44:15 +03:00
Allan Bowe	f02996facf	fix: shortening min length of username. Closes #61	2022-04-20 08:43:38 +00:00
Saad Jutt	803c51f400	chore(release): 0.0.55	2022-04-20 07:15:33 +05:00
Muhammad Saad	c35b2b3f59	Merge pull request #132 from sasjs/fix-drive-path Fix drive path	2022-04-19 18:56:13 -07:00
Saad Jutt	fe0866ace7	chore: Merge branch 'main' into fix-drive-path	2022-04-20 06:53:31 +05:00
Muhammad Saad	1513c3623d	Merge pull request #131 from sasjs/fix-specs test: fixed unhandled timeout	2022-04-19 18:52:52 -07:00
Saad Jutt	7fe43ae0b7	test: fixed unhandled timeout	2022-04-20 06:50:11 +05:00
Saad Jutt	c4cea4a12b	fix: drive path in server mode	2022-04-20 05:54:56 +05:00
Saad Jutt	9fc7a132ba	test: fixed unhandled timout	2022-04-20 00:06:21 +05:00
Allan Bowe	d55a619d64	chore(release): 0.0.54	2022-04-19 18:40:30 +00:00
Allan Bowe	737d2a24c2	Merge pull request #130 from sasjs/db-seed fix: added db seed at server startup	2022-04-19 21:39:38 +03:00
Saad Jutt	2e63831b90	fix: added db seed at server startup	2022-04-19 23:25:05 +05:00
Saad Jutt	c7ffde1a3b	chore(release): 0.0.53	2022-04-19 21:27:07 +05:00
Saad Jutt	db70b1ce55	fix: provide clientId to web component	2022-04-19 21:26:55 +05:00
Muhammad Saad	8a3fe8b217	Merge pull request #129 from sasjs/improve-UX-in-drive fix: improve user experience in sasjs drive	2022-04-18 13:10:57 -07:00
Sabir Hassan	9dca552e82	fix(drive):when page is refreshed or reloaded show expand file tree according to filePath in url	2022-04-19 00:40:37 +05:00
Allan Bowe	505f2089c7	chore(release): 0.0.52	2022-04-17 21:26:59 +00:00
Muhammad Saad	3344c400a8	Merge pull request #127 from sasjs/add-server-info-api-endpoint feat: add api endpoint for getting server info	2022-04-17 12:48:12 -07:00
Sabir Hassan	fa6248e3ef	chore: swagger.yml updated	2022-04-17 23:53:20 +05:00
Sabir Hassan	9fb5f1f8e7	feat: add api for getting server info	2022-04-17 23:48:08 +05:00
`@@ -1,2 +1 @@`
	`PORT_API=[place sasjs server port] default value is 5000`	`PORT_API=[place sasjs server port] default value is 5000`
	`CLIENT_ID=<place clientId here>`