chore(release): 0.3.9 [skip ci]

## [0.3.9](https://github.com/sasjs/server/compare/v0.3.8...v0.3.9) (2022-06-14)

### Bug Fixes

* forcing utf 8 encoding. Closes [#76](https://github.com/sasjs/server/issues/76) ([8734489](8734489cf0))

CHANGELOG.md

@@ -1,3 +1,75 @@
+## [0.3.9](https://github.com/sasjs/server/compare/v0.3.8...v0.3.9) (2022-06-14)
+
+
+### Bug Fixes
+
+* forcing utf 8 encoding. Closes [#76](https://github.com/sasjs/server/issues/76) ([8734489](https://github.com/sasjs/server/commit/8734489cf014aedaca3f325e689493e4fe0b71ca))
+
+## [0.3.8](https://github.com/sasjs/server/compare/v0.3.7...v0.3.8) (2022-06-13)
+
+
+### Bug Fixes
+
+* execution controller better error handling ([8a617a7](https://github.com/sasjs/server/commit/8a617a73ae63233332f5788c90f173d6cd5e1283))
+* execution controller error details ([3fa2a7e](https://github.com/sasjs/server/commit/3fa2a7e2e32f90050f6b09e30ce3ef725eb0b15f))
+
+## [0.3.7](https://github.com/sasjs/server/compare/v0.3.6...v0.3.7) (2022-06-08)
+
+
+### Bug Fixes
+
+* **appstream:** redirect to relative + nested resource should be accessed ([5ab35b0](https://github.com/sasjs/server/commit/5ab35b02c4417132dddb5a800982f31d0d50ef66))
+
+## [0.3.6](https://github.com/sasjs/server/compare/v0.3.5...v0.3.6) (2022-06-02)
+
+
+### Bug Fixes
+
+* **appstream:** should serve only new files for same app stream name with new deployment ([e6d1989](https://github.com/sasjs/server/commit/e6d1989847761fbe562d7861ffa0ee542839b125))
+
+## [0.3.5](https://github.com/sasjs/server/compare/v0.3.4...v0.3.5) (2022-05-30)
+
+
+### Bug Fixes
+
+* bumping sasjs/core library ([61815f8](https://github.com/sasjs/server/commit/61815f8ae18be132e17c199cd8e3afbcc2fa0b60))
+
+## [0.3.4](https://github.com/sasjs/server/compare/v0.3.3...v0.3.4) (2022-05-30)
+
+
+### Bug Fixes
+
+* **web:** system username for DESKTOP mode ([a8ba378](https://github.com/sasjs/server/commit/a8ba378fd1ff374ba025a96fdfae5c6c36954465))
+
+## [0.3.3](https://github.com/sasjs/server/compare/v0.3.2...v0.3.3) (2022-05-30)
+
+
+### Bug Fixes
+
+* usage of autoexec API in DESKTOP mode ([12d424a](https://github.com/sasjs/server/commit/12d424acce8108a6f53aefbac01fddcdc5efb48f))
+
+## [0.3.2](https://github.com/sasjs/server/compare/v0.3.1...v0.3.2) (2022-05-27)
+
+
+### Bug Fixes
+
+* **web:** ability to use get/patch User API in desktop mode. ([2c259fe](https://github.com/sasjs/server/commit/2c259fe1de95d84e6929e311aaa6b895e66b42a3))
+
+## [0.3.1](https://github.com/sasjs/server/compare/v0.3.0...v0.3.1) (2022-05-26)
+
+
+### Bug Fixes
+
+* **api:** username should be lowercase ([5ad6ee5](https://github.com/sasjs/server/commit/5ad6ee5e0f5d7d6faa45b72215f1d9d55cfc37db))
+* **web:** reduced width for autoexec input ([7d11cc7](https://github.com/sasjs/server/commit/7d11cc79161e5a07f6c5392d742ef6b9d8658071))
+
+# [0.3.0](https://github.com/sasjs/server/compare/v0.2.0...v0.3.0) (2022-05-25)
+
+
+### Features
+
+* **web:** added profile + edit + autoexec changes ([c275db1](https://github.com/sasjs/server/commit/c275db184e874f0ee3a4f08f2592cfacf1e90742))
+
 # [0.2.0](https://github.com/sasjs/server/compare/v0.1.0...v0.2.0) (2022-05-25)
 
 

api/package-lock.json

@@ -8,7 +8,7 @@
       "name": "api",
       "version": "0.0.2",
       "dependencies": {
-        "@sasjs/core": "^4.23.1",
+        "@sasjs/core": "^4.27.3",
         "@sasjs/utils": "2.42.1",
         "bcryptjs": "^2.4.3",
         "connect-mongo": "^4.6.0",
@@ -24,7 +24,8 @@
         "mongoose-sequence": "^5.3.1",
         "morgan": "^1.10.0",
         "multer": "^1.4.3",
-        "swagger-ui-express": "4.3.0"
+        "swagger-ui-express": "4.3.0",
+        "url": "^0.10.3"
       },
       "bin": {
         "api": "build/src/server.js"
@@ -1385,9 +1386,9 @@
       }
     },
     "node_modules/@sasjs/core": {
-      "version": "4.23.1",
+      "version": "4.27.3",
-      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.23.1.tgz",
+      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.27.3.tgz",
-      "integrity": "sha512-9d6yEPJRRvPLMUkpyaiQ62SXNMMyt2l815jxWgFjnVOxKeUQv9TPyZqZ0FpmWdVe6EY8dv8GLlyaBpOLDnY6Vg=="
+      "integrity": "sha512-8AaPPRGMwhmjw244CDSnTqHXdp/77ZBjIJMgwqw4wTrCf8Vzs2Y5hVihbvAniIGQctZHLMR6X5a3X4ccn9gRjg=="
     },
     "node_modules/@sasjs/utils": {
       "version": "2.42.1",
@@ -2883,7 +2884,7 @@
     "node_modules/busboy": {
       "version": "0.2.14",
       "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.2.14.tgz",
-      "integrity": "sha1-bCpiLvz0fFe7vh4qnDetNseSVFM=",
+      "integrity": "sha512-InWFDomvlkEj+xWLBfU3AvnbVYqeTWmQopiW0tWWEy5yehYm2YkGEc59sUmw/4ty5Zj/b0WHGs1LgecuBSBGrg==",
       "dependencies": {
         "dicer": "0.2.5",
         "readable-stream": "1.1.x"
@@ -3677,7 +3678,7 @@
     "node_modules/dicer": {
       "version": "0.2.5",
       "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz",
-      "integrity": "sha1-WZbAhrszIYyBLAkL3cCc0S+stw8=",
+      "integrity": "sha512-FDvbtnq7dzlPz0wyYlOExifDEZcu8h+rErEXgfxqmLfRfC/kJidEFh4+effJRO3P0xmfqyPbSMG0LveNRfTKVg==",
       "dependencies": {
         "readable-stream": "1.1.x",
         "streamsearch": "0.1.2"
@@ -7590,9 +7591,10 @@
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
     "node_modules/multer": {
-      "version": "1.4.3",
+      "version": "1.4.4",
-      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.3.tgz",
+      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.4.tgz",
-      "integrity": "sha512-np0YLKncuZoTzufbkM6wEKp68EhWJXcU6fq6QqrSwkckd2LlMgd1UqhUJLj6NS/5sZ8dE8LYDWslsltJznnXlg==",
+      "integrity": "sha512-2wY2+xD4udX612aMqMcB8Ws2Voq6NIUPEtD1be6m411T4uDH/VtL9i//xvcyFlTVfRdaBsk7hV5tgrGQqhuBiw==",
+      "deprecated": "Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.",
       "dependencies": {
         "append-field": "^1.0.0",
         "busboy": "^0.2.11",
@@ -8552,6 +8554,15 @@
         "node": ">=0.6"
       }
     },
+    "node_modules/querystring": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
+      "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=",
+      "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.",
+      "engines": {
+        "node": ">=0.4.x"
+      }
+    },
     "node_modules/queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -9942,6 +9953,15 @@
         "url": "https://github.com/yeoman/update-notifier?sponsor=1"
       }
     },
+    "node_modules/url": {
+      "version": "0.10.3",
+      "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz",
+      "integrity": "sha1-Ah5NnHcF8hu/N9A861h2dAJ3TGQ=",
+      "dependencies": {
+        "punycode": "1.3.2",
+        "querystring": "0.2.0"
+      }
+    },
     "node_modules/url-parse-lax": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz",
@@ -9954,6 +9974,11 @@
         "node": ">=4"
       }
     },
+    "node_modules/url/node_modules/punycode": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz",
+      "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0="
+    },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
@@ -11364,9 +11389,9 @@
       }
     },
     "@sasjs/core": {
-      "version": "4.23.1",
+      "version": "4.27.3",
-      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.23.1.tgz",
+      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.27.3.tgz",
-      "integrity": "sha512-9d6yEPJRRvPLMUkpyaiQ62SXNMMyt2l815jxWgFjnVOxKeUQv9TPyZqZ0FpmWdVe6EY8dv8GLlyaBpOLDnY6Vg=="
+      "integrity": "sha512-8AaPPRGMwhmjw244CDSnTqHXdp/77ZBjIJMgwqw4wTrCf8Vzs2Y5hVihbvAniIGQctZHLMR6X5a3X4ccn9gRjg=="
     },
     "@sasjs/utils": {
       "version": "2.42.1",
@@ -12629,7 +12654,7 @@
     "busboy": {
       "version": "0.2.14",
       "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.2.14.tgz",
-      "integrity": "sha1-bCpiLvz0fFe7vh4qnDetNseSVFM=",
+      "integrity": "sha512-InWFDomvlkEj+xWLBfU3AvnbVYqeTWmQopiW0tWWEy5yehYm2YkGEc59sUmw/4ty5Zj/b0WHGs1LgecuBSBGrg==",
       "requires": {
         "dicer": "0.2.5",
         "readable-stream": "1.1.x"
@@ -13267,7 +13292,7 @@
     "dicer": {
       "version": "0.2.5",
       "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz",
-      "integrity": "sha1-WZbAhrszIYyBLAkL3cCc0S+stw8=",
+      "integrity": "sha512-FDvbtnq7dzlPz0wyYlOExifDEZcu8h+rErEXgfxqmLfRfC/kJidEFh4+effJRO3P0xmfqyPbSMG0LveNRfTKVg==",
       "requires": {
         "readable-stream": "1.1.x",
         "streamsearch": "0.1.2"
@@ -16220,9 +16245,9 @@
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
     "multer": {
-      "version": "1.4.3",
+      "version": "1.4.4",
-      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.3.tgz",
+      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.4.tgz",
-      "integrity": "sha512-np0YLKncuZoTzufbkM6wEKp68EhWJXcU6fq6QqrSwkckd2LlMgd1UqhUJLj6NS/5sZ8dE8LYDWslsltJznnXlg==",
+      "integrity": "sha512-2wY2+xD4udX612aMqMcB8Ws2Voq6NIUPEtD1be6m411T4uDH/VtL9i//xvcyFlTVfRdaBsk7hV5tgrGQqhuBiw==",
       "requires": {
         "append-field": "^1.0.0",
         "busboy": "^0.2.11",
@@ -16933,6 +16958,11 @@
       "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
       "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
     },
+    "querystring": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
+      "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA="
+    },
     "queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -17963,6 +17993,22 @@
         "xdg-basedir": "^4.0.0"
       }
     },
+    "url": {
+      "version": "0.10.3",
+      "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz",
+      "integrity": "sha1-Ah5NnHcF8hu/N9A861h2dAJ3TGQ=",
+      "requires": {
+        "punycode": "1.3.2",
+        "querystring": "0.2.0"
+      },
+      "dependencies": {
+        "punycode": {
+          "version": "1.3.2",
+          "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz",
+          "integrity": "sha1-llOgNvt8HuQjQvIyXM7v6jkmxI0="
+        }
+      }
+    },
     "url-parse-lax": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz",

api/package.json

@@ -47,7 +47,7 @@
   },
   "author": "4GL Ltd",
   "dependencies": {
-    "@sasjs/core": "^4.23.1",
+    "@sasjs/core": "^4.27.3",
     "@sasjs/utils": "2.42.1",
     "bcryptjs": "^2.4.3",
     "connect-mongo": "^4.6.0",
@@ -63,7 +63,8 @@
     "mongoose-sequence": "^5.3.1",
     "morgan": "^1.10.0",
     "multer": "^1.4.3",
-    "swagger-ui-express": "4.3.0"
+    "swagger-ui-express": "4.3.0",
+    "url": "^0.10.3"
   },
   "devDependencies": {
     "@types/bcryptjs": "^2.4.2",
@@ -96,7 +97,7 @@
   },
   "nodemonConfig": {
     "ignore": [
-      "tmp/**/*"
+      "sasjs_root/**/*"
     ]
   }
 }

api/public/swagger.yaml

@@ -357,7 +357,7 @@ components:
                 autoExec:
                     type: string
                     description: 'User-specific auto-exec code'
-                    example: '<SAS code>'
+                    example: ""
             required:
                 - displayName
                 - username
@@ -543,7 +543,7 @@ paths:
                         application/json:
                             schema:
                                 properties:
-                                    user: {properties: {displayName: {type: string}, username: {type: string}}, required: [displayName, username], type: object}
+                                    user: {properties: {displayName: {type: string}, username: {type: string}, id: {type: number, format: double}}, required: [displayName, username, id], type: object}
                                     loggedIn: {type: boolean}
                                 required:
                                     - user

api/src/controllers/code.ts

@@ -3,12 +3,11 @@ import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
 import { ExecuteReturnJson, ExecutionController } from './internal'
 import { ExecuteReturnJsonResponse } from '.'
 import {
-  getDesktopUserAutoExecPath,
   getPreProgramVariables,
+  getUserAutoExec,
   ModeType,
   parseLogToArray
 } from '../utils'
-import { readFile } from '@sasjs/utils'
 
 interface ExecuteSASCodePayload {
   /**
@@ -43,7 +42,7 @@ const executeSASCode = async (
   const userAutoExec =
     process.env.MODE === ModeType.Server
       ? user?.autoExec
-      : await readFile(getDesktopUserAutoExecPath())
+      : await getUserAutoExec()
 
   try {
     const { webout, log, httpHeaders } =

api/src/controllers/internal/Execution.ts

@@ -43,7 +43,7 @@ export class ExecutionController {
     session?: Session
   ) {
     if (!(await fileExists(programPath)))
-      throw 'ExecutionController: SAS file does not exist.'
+      throw `The Stored Program at (${vars._program}) does not exist, or you do not have permission to view it.`
 
     const program = await readFile(programPath)
 
@@ -119,9 +119,9 @@ filename _webout "${weboutPath}" mod;
 /* dynamic user-provided vars */
 ${preProgramVarStatments}
 
-/* user auto exec starts */
+/* user autoexec starts */
-${otherArgs?.userAutoExec}
+${otherArgs?.userAutoExec ?? ''}
-/* user auto exec ends */
+/* user autoexec ends */
 
 /* actual job code */
 ${program}`

api/src/controllers/internal/Session.ts

@@ -93,6 +93,7 @@ ${autoExecContent}`
       session.path,
       '-AUTOEXEC',
       autoExecPath,
+      '-ENCODING UTF-8',
       process.platform === 'win32' ? '-nosplash' : ''
     ])
       .then(() => {

api/src/controllers/user.ts

@@ -14,8 +14,10 @@ import {
   Hidden,
   Request
 } from 'tsoa'
+import { desktopUser } from '../middlewares'
 
 import User, { UserPayload } from '../model/User'
+import { getUserAutoExec, updateUserAutoExec, ModeType } from '../utils'
 
 export interface UserResponse {
   id: number
@@ -86,6 +88,10 @@ export class UserController {
     @Request() req: express.Request,
     @Path() userId: number
   ): Promise<UserDetailsResponse> {
+    const { MODE } = process.env
+
+    if (MODE === ModeType.Desktop) return getDesktopAutoExec()
+
     const { user } = req
     const getAutoExec = user!.isAdmin || user!.userId == userId
     return getUser(userId, getAutoExec)
@@ -108,6 +114,11 @@ export class UserController {
     @Path() userId: number,
     @Body() body: UserPayload
   ): Promise<UserDetailsResponse> {
+    const { MODE } = process.env
+
+    if (MODE === ModeType.Desktop)
+      return updateDesktopAutoExec(body.autoExec ?? '')
+
     return updateUser(userId, body)
   }
 
@@ -177,7 +188,15 @@ const getUser = async (
     username: user.username,
     isActive: user.isActive,
     isAdmin: user.isAdmin,
-    autoExec: getAutoExec ? user.autoExec : undefined
+    autoExec: getAutoExec ? user.autoExec ?? '' : undefined
+  }
+}
+
+const getDesktopAutoExec = async () => {
+  return {
+    ...desktopUser,
+    id: desktopUser.userId,
+    autoExec: await getUserAutoExec()
   }
 }
 
@@ -216,6 +235,15 @@ const updateUser = async (
   }
 }
 
+const updateDesktopAutoExec = async (autoExec: string) => {
+  await updateUserAutoExec(autoExec)
+  return {
+    ...desktopUser,
+    id: desktopUser.userId,
+    autoExec
+  }
+}
+
 const deleteUser = async (
   id: number,
   isAdmin: boolean,

api/src/controllers/web.ts

@@ -97,6 +97,7 @@ const login = async (
   return {
     loggedIn: true,
     user: {
+      id: user.id,
       username: user.username,
       displayName: user.displayName
     }

api/src/middlewares/authenticateToken.ts

@@ -1,15 +1,22 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
 import { csrfProtection } from '../app'
-import { fetchLatestAutoExec, verifyTokenInDB } from '../utils'
+import { fetchLatestAutoExec, ModeType, verifyTokenInDB } from '../utils'
+import { desktopUser } from './desktop'
 
 export const authenticateAccessToken: RequestHandler = async (
   req,
   res,
   next
 ) => {
+  const { MODE } = process.env
+  if (MODE === ModeType.Desktop) {
+    req.user = desktopUser
+    return next()
+  }
+
   // if request is coming from web and has valid session
-  // we can validate the request and check for CSRF Token
+  // it can be validated.
   if (req.session?.loggedIn) {
     if (req.session.user) {
       const user = await fetchLatestAutoExec(req.session.user)

api/src/middlewares/desktop.ts

@@ -1,20 +1,37 @@
-import { RequestHandler } from 'express'
+import { RequestHandler, Request } from 'express'
+import { userInfo } from 'os'
+import { RequestUser } from '../types'
+import { ModeType } from '../utils'
+
+const regexUser = /^\/SASjsApi\/user\/[0-9]*$/ // /SASjsApi/user/1
+
+const allowedInDesktopMode: { [key: string]: RegExp[] } = {
+  GET: [regexUser],
+  PATCH: [regexUser]
+}
+
+const reqAllowedInDesktopMode = (request: Request): boolean => {
+  const { method, originalUrl: url } = request
+
+  return !!allowedInDesktopMode[method]?.find((urlRegex) => urlRegex.test(url))
+}
 
 export const desktopRestrict: RequestHandler = (req, res, next) => {
   const { MODE } = process.env
-  if (MODE?.trim() !== 'server')
+
-    return res.status(403).send('Not Allowed while in Desktop Mode.')
+  if (MODE === ModeType.Desktop) {
+    if (!reqAllowedInDesktopMode(req))
+      return res.status(403).send('Not Allowed while in Desktop Mode.')
+  }
 
   next()
 }
-export const desktopUsername: RequestHandler = (req, res, next) => {
-  const { MODE } = process.env
-  if (MODE?.trim() !== 'server')
-    return res.status(200).send({
-      userId: 12345,
-      username: 'DESKTOPusername',
-      displayName: 'DESKTOP User'
-    })
 
-  next()
+export const desktopUser: RequestUser = {
+  userId: 12345,
+  clientId: 'desktop_app',
+  username: userInfo().username,
+  displayName: userInfo().username,
+  isAdmin: true,
+  isActive: true
 }

api/src/model/User.ts

@@ -29,7 +29,7 @@ export interface UserPayload {
   isActive?: boolean
   /**
    * User-specific auto-exec code
-   * @example "<SAS code>"
+   * @example ""
    */
   autoExec?: string
 }

api/src/routes/api/index.ts

@@ -5,7 +5,6 @@ import swaggerUi from 'swagger-ui-express'
 import {
   authenticateAccessToken,
   desktopRestrict,
-  desktopUsername,
   verifyAdmin
 } from '../../middlewares'
 
@@ -22,7 +21,7 @@ import sessionRouter from './session'
 const router = express.Router()
 
 router.use('/info', infoRouter)
-router.use('/session', desktopUsername, authenticateAccessToken, sessionRouter)
+router.use('/session', authenticateAccessToken, sessionRouter)
 router.use('/auth', desktopRestrict, authRouter)
 router.use(
   '/client',

api/src/routes/api/spec/user.spec.ts

@@ -9,14 +9,14 @@ import { generateAccessToken, saveTokensInDB } from '../../../utils'
 const clientId = 'someclientID'
 const adminUser = {
   displayName: 'Test Admin',
-  username: 'testAdminUsername',
+  username: 'testadminusername',
   password: '12345678',
   isAdmin: true,
   isActive: true
 }
 const user = {
   displayName: 'Test User',
-  username: 'testUsername',
+  username: 'testusername',
   password: '87654321',
   isAdmin: false,
   isActive: true,
@@ -68,6 +68,20 @@ describe('user', () => {
       expect(res.body.autoExec).toEqual(user.autoExec)
     })
 
+    it('should respond with new user having username as lowercase', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/user')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({ ...user, username: user.username.toUpperCase() })
+        .expect(200)
+
+      expect(res.body.username).toEqual(user.username)
+      expect(res.body.displayName).toEqual(user.displayName)
+      expect(res.body.isAdmin).toEqual(user.isAdmin)
+      expect(res.body.isActive).toEqual(user.isActive)
+      expect(res.body.autoExec).toEqual(user.autoExec)
+    })
+
     it('should respond with Unauthorized if access token is not present', async () => {
       const res = await request(app)
         .post('/SASjsApi/user')
@@ -244,7 +258,7 @@ describe('user', () => {
       const dbUser1 = await controller.createUser(user)
       const dbUser2 = await controller.createUser({
         ...user,
-        username: 'randomUser'
+        username: 'randomuser'
       })
 
       const res = await request(app)

api/src/routes/api/spec/web.spec.ts

@@ -10,7 +10,7 @@ const clientSecret = 'someclientSecret'
 const user = {
   id: 1234,
   displayName: 'Test User',
-  username: 'testUsername',
+  username: 'testusername',
   password: '87654321',
   isAdmin: false,
   isActive: true
@@ -77,6 +77,7 @@ describe('web', () => {
 
       expect(res.body.loggedIn).toBeTruthy()
       expect(res.body.user).toEqual({
+        id: expect.any(Number),
         username: user.username,
         displayName: user.displayName
       })
@@ -155,7 +156,6 @@ const getCSRF = async (app: Express) => {
   const { header } = await request(app).get('/')
   const cookies = header['set-cookie'].join()
 
-  console.log('cookies', cookies)
   const csrfToken = extractCSRF(cookies)
   return { csrfToken, cookies }
 }

api/src/routes/api/stp.ts

@@ -47,10 +47,11 @@ stpRouter.post(
         query?._program
       )
 
-      if (response instanceof Buffer) {
+      // TODO: investigate if this code is required
-        res.writeHead(200, (req as any).sasHeaders)
+      // if (response instanceof Buffer) {
-        return res.end(response)
+      //   res.writeHead(200, (req as any).sasHeaders)
-      }
+      //   return res.end(response)
+      // }
 
       res.send(response)
     } catch (err: any) {

api/src/routes/appStream/index.ts

@@ -1,10 +1,12 @@
 import path from 'path'
-import express from 'express'
+import express, { Request } from 'express'
 import { folderExists } from '@sasjs/utils'
 
 import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
 import { appStreamHtml } from './appStreamHtml'
 
+const appStreams: { [key: string]: string } = {}
+
 const router = express.Router()
 
 router.get('/', async (req, res) => {
@@ -44,7 +46,7 @@ export const publishAppStream = async (
       streamServiceName = `AppStreamName${appCount + 1}`
     }
 
-    router.use(`/${streamServiceName}`, express.static(pathToDeployment))
+    appStreams[streamServiceName] = pathToDeployment
 
     addEntryToAppStreamConfig(
       streamServiceName,
@@ -64,4 +66,26 @@ export const publishAppStream = async (
   return {}
 }
 
+router.get(`/*`, function (req: Request, res, next) {
+  const reqPath = req.path.replace(/^\//, '')
+
+  // Redirecting to url with trailing slash for appStream base URL only
+  if (reqPath.split('/').length === 1 && !reqPath.endsWith('/'))
+    // navigating to same url with slash at start
+    return res.redirect(301, `${reqPath}/`)
+
+  const appStream = reqPath.split('/')[0]
+  const appStreamFilesPath = appStreams[appStream]
+  if (appStreamFilesPath) {
+    // resourcePath is without appStream base path
+    const resourcePath = reqPath.split('/').slice(1).join('/') || 'index.html'
+
+    req.url = resourcePath
+
+    return express.static(appStreamFilesPath)(req, res, next)
+  }
+
+  return res.send("There's no App Stream available here.")
+})
+
 export default router

api/src/routes/web/web.ts

@@ -1,6 +1,6 @@
 import express from 'express'
 import { WebController } from '../../controllers/web'
-import { authenticateAccessToken } from '../../middlewares'
+import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
 
 const webRouter = express.Router()
@@ -19,7 +19,7 @@ webRouter.get('/', async (req, res) => {
   }
 })
 
-webRouter.post('/SASLogon/login', async (req, res) => {
+webRouter.post('/SASLogon/login', desktopRestrict, async (req, res) => {
   const { error, value: body } = loginWebValidation(req.body)
   if (error) return res.status(400).send(error.details[0].message)
 
@@ -33,6 +33,7 @@ webRouter.post('/SASLogon/login', async (req, res) => {
 
 webRouter.post(
   '/SASLogon/authorize',
+  desktopRestrict,
   authenticateAccessToken,
   async (req, res) => {
     const { error, value: body } = authorizeValidation(req.body)
@@ -47,7 +48,7 @@ webRouter.post(
   }
 )
 
-webRouter.get('/logout', async (req, res) => {
+webRouter.get('/logout', desktopRestrict, async (req, res) => {
   try {
     await controller.logout(req)
     res.status(200).send('OK!')

api/src/utils/desktopAutoExec.ts

@@ -0,0 +1,8 @@
+import { createFile, readFile } from '@sasjs/utils'
+import { getDesktopUserAutoExecPath } from './file'
+
+export const getUserAutoExec = async (): Promise<string> =>
+  readFile(getDesktopUserAutoExecPath())
+
+export const updateUserAutoExec = async (autoExecContent: string) =>
+  createFile(getDesktopUserAutoExecPath(), autoExecContent)

api/src/utils/getServerUrl.ts

@@ -0,0 +1,15 @@
+import express from 'express'
+import url from 'url'
+
+export const getFullUrl = (req: express.Request) =>
+  url.format({
+    protocol: req.protocol,
+    host: req.get('host'),
+    pathname: req.originalUrl
+  })
+
+export const getServerUrl = (req: express.Request) =>
+  url.format({
+    protocol: req.protocol,
+    host: req.get('x-forwarded-host') || req.get('host')
+  })

api/src/utils/index.ts

@@ -1,6 +1,7 @@
 export * from './appStreamConfig'
 export * from './connectDB'
 export * from './copySASjsCore'
+export * from './desktopAutoExec'
 export * from './extractHeaders'
 export * from './file'
 export * from './generateAccessToken'
@@ -9,6 +10,7 @@ export * from './generateRefreshToken'
 export * from './getCertificates'
 export * from './getDesktopFields'
 export * from './getPreProgramVariables'
+export * from './getServerUrl'
 export * from './instantiateLogger'
 export * from './isDebugOn'
 export * from './parseLogToArray'

api/src/utils/validation.ts

@@ -1,6 +1,6 @@
 import Joi from 'joi'
 
-const usernameSchema = Joi.string().alphanum().min(3).max(16)
+const usernameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
 const passwordSchema = Joi.string().min(6).max(1024)
 
 export const blockFileRegex = /\.(exe|sh|htaccess)$/i
@@ -36,7 +36,7 @@ export const registerUserValidation = (data: any): Joi.ValidationResult =>
     password: passwordSchema.required(),
     isAdmin: Joi.boolean(),
     isActive: Joi.boolean(),
-    autoExec: Joi.string()
+    autoExec: Joi.string().allow('')
   }).validate(data)
 
 export const deleteUserValidation = (
@@ -59,7 +59,7 @@ export const updateUserValidation = (
     displayName: Joi.string().min(6),
     username: usernameSchema,
     password: passwordSchema,
-    autoExec: Joi.string()
+    autoExec: Joi.string().allow('')
   }
   if (isAdmin) {
     validationChecks.isAdmin = Joi.boolean()

web/src/App.tsx

@@ -8,9 +8,11 @@ import Header from './components/header'
 import Home from './components/home'
 import Drive from './containers/Drive'
 import Studio from './containers/Studio'
+import Settings from './containers/Settings'
 
 import { AppContext } from './context/appContext'
 import AuthCode from './containers/AuthCode'
+import { ToastContainer } from 'react-toastify'
 
 function App() {
   const appContext = useContext(AppContext)
@@ -44,10 +46,14 @@ function App() {
           <Route exact path="/SASjsStudio">
             <Studio />
           </Route>
+          <Route exact path="/SASjsSettings">
+            <Settings />
+          </Route>
           <Route exact path="/SASjsLogon">
             <AuthCode />
           </Route>
         </Switch>
+        <ToastContainer />
       </HashRouter>
     </ThemeProvider>
   )

web/src/components/header.tsx

@@ -1,4 +1,4 @@
-import React, { useState, useContext } from 'react'
+import React, { useState, useEffect, useContext } from 'react'
 import { Link, useHistory, useLocation } from 'react-router-dom'
 
 import {
@@ -11,6 +11,7 @@ import {
   MenuItem
 } from '@mui/material'
 import OpenInNewIcon from '@mui/icons-material/OpenInNew'
+import SettingsIcon from '@mui/icons-material/Settings'
 
 import Username from './username'
 import { AppContext } from '../context/appContext'
@@ -20,17 +21,23 @@ const PORT_API = process.env.PORT_API
 const baseUrl =
   NODE_ENV === 'development' ? `http://localhost:${PORT_API ?? 5000}` : ''
 
+const validTabs = ['/', '/SASjsDrive', '/SASjsStudio']
+
 const Header = (props: any) => {
   const history = useHistory()
   const { pathname } = useLocation()
   const appContext = useContext(AppContext)
   const [tabValue, setTabValue] = useState(
-    pathname === '/SASjsLogon' ? '/' : pathname
+    validTabs.includes(pathname) ? pathname : '/'
   )
   const [anchorEl, setAnchorEl] = useState<
     (EventTarget & HTMLButtonElement) | null
   >(null)
 
+  useEffect(() => {
+    setTabValue(validTabs.includes(pathname) ? pathname : '/')
+  }, [pathname])
+
   const handleMenu = (
     event: React.MouseEvent<HTMLButtonElement, MouseEvent>
   ) => {
@@ -46,7 +53,10 @@ const Header = (props: any) => {
   }
 
   const handleLogout = () => {
-    if (appContext.logout) appContext.logout()
+    if (appContext.logout) {
+      handleClose()
+      appContext.logout()
+    }
   }
   return (
     <AppBar
@@ -134,6 +144,18 @@ const Header = (props: any) => {
             open={!!anchorEl}
             onClose={handleClose}
           >
+            <MenuItem sx={{ justifyContent: 'center' }}>
+              <Button
+                component={Link}
+                to="/SASjsSettings"
+                onClick={handleClose}
+                variant="contained"
+                color="primary"
+                startIcon={<SettingsIcon />}
+              >
+                Settings
+              </Button>
+            </MenuItem>
             <MenuItem onClick={handleLogout} sx={{ justifyContent: 'center' }}>
               <Button variant="contained" color="primary">
                 Logout

web/src/components/login.tsx

@@ -27,9 +27,10 @@ const Login = () => {
     })
 
     if (loggedIn) {
-      appContext.setLoggedIn?.(loggedIn)
+      appContext.setUserId?.(user.id)
       appContext.setUsername?.(user.username)
       appContext.setDisplayName?.(user.displayName)
+      appContext.setLoggedIn?.(loggedIn)
     }
   }
 

web/src/containers/AuthCode/index.tsx

@@ -1,7 +1,7 @@
 import axios from 'axios'
 import { CopyToClipboard } from 'react-copy-to-clipboard'
 import React, { useEffect, useState } from 'react'
-import { ToastContainer, toast } from 'react-toastify'
+import { toast } from 'react-toastify'
 import 'react-toastify/dist/ReactToastify.css'
 import { useLocation } from 'react-router-dom'
 
@@ -71,8 +71,6 @@ const AuthCode = () => {
       >
         <Button variant="contained">Copy to Clipboard</Button>
       </CopyToClipboard>
-
-      <ToastContainer />
     </Box>
   )
 }

web/src/containers/Settings/index.tsx

@@ -0,0 +1,55 @@
+import * as React from 'react'
+
+import { Box, Paper, Tab, styled } from '@mui/material'
+import TabContext from '@mui/lab/TabContext'
+import TabList from '@mui/lab/TabList'
+import TabPanel from '@mui/lab/TabPanel'
+
+import Profile from './profile'
+
+const StyledTab = styled(Tab)({
+  background: 'black',
+  margin: '0 5px 5px 0'
+})
+
+const StyledTabpanel = styled(TabPanel)({
+  flexGrow: 1
+})
+
+const Settings = () => {
+  const [value, setValue] = React.useState('profile')
+
+  const handleChange = (event: React.SyntheticEvent, newValue: string) => {
+    setValue(newValue)
+  }
+
+  return (
+    <Box
+      sx={{
+        display: 'flex',
+        marginTop: '65px'
+      }}
+    >
+      <TabContext value={value}>
+        <Box component={Paper} sx={{ margin: '0 5px', height: '92vh' }}>
+          <TabList
+            TabIndicatorProps={{
+              style: {
+                display: 'none'
+              }
+            }}
+            orientation="vertical"
+            onChange={handleChange}
+          >
+            <StyledTab label="Profile" value="profile" />
+          </TabList>
+        </Box>
+        <StyledTabpanel value="profile">
+          <Profile />
+        </StyledTabpanel>
+      </TabContext>
+    </Box>
+  )
+}
+
+export default Settings

web/src/containers/Settings/profile.tsx

@@ -0,0 +1,150 @@
+import React, { useState, useEffect, useContext } from 'react'
+import axios from 'axios'
+import {
+  Grid,
+  CircularProgress,
+  Card,
+  CardHeader,
+  Divider,
+  CardContent,
+  TextField,
+  CardActions,
+  Button,
+  FormGroup,
+  FormControlLabel,
+  Checkbox
+} from '@mui/material'
+import { toast } from 'react-toastify'
+
+import { AppContext, ModeType } from '../../context/appContext'
+
+const Profile = () => {
+  const [isLoading, setIsLoading] = useState(false)
+  const appContext = useContext(AppContext)
+  const [user, setUser] = useState({} as any)
+
+  useEffect(() => {
+    setIsLoading(true)
+    axios
+      .get(`/SASjsApi/user/${appContext.userId}`)
+      .then((res: any) => {
+        setUser(res.data)
+      })
+      .catch((err) => {
+        console.log(err)
+      })
+      .finally(() => {
+        setIsLoading(false)
+      })
+  }, [])
+
+  const handleChange = (event: any) => {
+    const { name, value } = event.target
+
+    setUser({ ...user, [name]: value })
+  }
+  const handleSubmit = () => {
+    setIsLoading(true)
+    axios
+      .patch(`/SASjsApi/user/${appContext.userId}`, {
+        username: user.username,
+        displayName: user.displayName,
+        autoExec: user.autoExec
+      })
+      .then((res: any) => {
+        toast.success('User information updated', {
+          theme: 'dark',
+          position: toast.POSITION.BOTTOM_RIGHT
+        })
+      })
+      .catch((err) => {
+        toast.error('Failed: ' + err.response?.data || err.text, {
+          theme: 'dark',
+          position: toast.POSITION.BOTTOM_RIGHT
+        })
+      })
+      .finally(() => {
+        setIsLoading(false)
+      })
+  }
+
+  return isLoading ? (
+    <CircularProgress
+      style={{ position: 'absolute', left: '50%', top: '50%' }}
+    />
+  ) : (
+    <Card>
+      <CardHeader title="Profile Information" />
+      <Divider />
+      <CardContent>
+        <Grid container spacing={4}>
+          <Grid item md={6} xs={12}>
+            <TextField
+              fullWidth
+              error={user.displayName?.length === 0}
+              helperText="Please specify display name"
+              label="Display Name"
+              name="displayName"
+              onChange={handleChange}
+              required
+              value={user.displayName}
+              variant="outlined"
+              disabled={appContext.mode === ModeType.Desktop}
+            />
+          </Grid>
+
+          <Grid item md={6} xs={12}>
+            <TextField
+              fullWidth
+              error={user.username?.length === 0}
+              helperText="Please specify username"
+              label="Username"
+              name="username"
+              onChange={handleChange}
+              required
+              value={user.username}
+              variant="outlined"
+              disabled={appContext.mode === ModeType.Desktop}
+            />
+          </Grid>
+
+          <Grid item lg={6} md={8} sm={12} xs={12}>
+            <TextField
+              fullWidth
+              label="autoExec"
+              name="autoExec"
+              onChange={handleChange}
+              multiline
+              rows="10"
+              value={user.autoExec}
+              variant="outlined"
+            />
+          </Grid>
+
+          <Grid item xs={6}>
+            <FormGroup row>
+              <FormControlLabel
+                disabled
+                control={<Checkbox checked={user.isActive} />}
+                label="isActive"
+              />
+              <FormControlLabel
+                disabled
+                control={<Checkbox checked={user.isAdmin} />}
+                label="isAdmin"
+              />
+            </FormGroup>
+          </Grid>
+        </Grid>
+      </CardContent>
+      <Divider />
+      <CardActions>
+        <Button type="submit" variant="contained" onClick={handleSubmit}>
+          Save Changes
+        </Button>
+      </CardActions>
+    </Card>
+  )
+}
+
+export default Profile

web/src/context/appContext.tsx

@@ -9,14 +9,22 @@ import React, {
 } from 'react'
 import axios from 'axios'
 
+export enum ModeType {
+  Server = 'server',
+  Desktop = 'desktop'
+}
+
 interface AppContextProps {
   checkingSession: boolean
   loggedIn: boolean
   setLoggedIn: Dispatch<SetStateAction<boolean>> | null
+  userId: number
+  setUserId: Dispatch<SetStateAction<number>> | null
   username: string
   setUsername: Dispatch<SetStateAction<string>> | null
   displayName: string
   setDisplayName: Dispatch<SetStateAction<string>> | null
+  mode: ModeType
   logout: (() => void) | null
 }
 
@@ -24,10 +32,13 @@ export const AppContext = createContext<AppContextProps>({
   checkingSession: false,
   loggedIn: false,
   setLoggedIn: null,
+  userId: 0,
+  setUserId: null,
   username: '',
   setUsername: null,
   displayName: '',
   setDisplayName: null,
+  mode: ModeType.Server,
   logout: null
 })
 
@@ -35,8 +46,10 @@ const AppContextProvider = (props: { children: ReactNode }) => {
   const { children } = props
   const [checkingSession, setCheckingSession] = useState(false)
   const [loggedIn, setLoggedIn] = useState(false)
+  const [userId, setUserId] = useState(0)
   const [username, setUsername] = useState('')
   const [displayName, setDisplayName] = useState('')
+  const [mode, setMode] = useState(ModeType.Server)
 
   useEffect(() => {
     setCheckingSession(true)
@@ -46,14 +59,23 @@ const AppContextProvider = (props: { children: ReactNode }) => {
       .then((res) => res.data)
       .then((data: any) => {
         setCheckingSession(false)
-        setLoggedIn(true)
+        setUserId(data.id)
         setUsername(data.username)
         setDisplayName(data.displayName)
+        setLoggedIn(true)
       })
       .catch(() => {
         setLoggedIn(false)
         axios.get('/') // get CSRF TOKEN
       })
+
+    axios
+      .get('/SASjsApi/info')
+      .then((res) => res.data)
+      .then((data: any) => {
+        setMode(data.mode)
+      })
+      .catch(() => {})
   }, [])
 
   const logout = useCallback(() => {
@@ -70,10 +92,13 @@ const AppContextProvider = (props: { children: ReactNode }) => {
         checkingSession,
         loggedIn,
         setLoggedIn,
+        userId,
+        setUserId,
         username,
         setUsername,
         displayName,
         setDisplayName,
+        mode,
         logout
       }}
     >