chore(release): 0.21.2 [skip ci]

## [0.21.2](https://github.com/sasjs/server/compare/v0.21.1...v0.21.2) (2022-09-20)

### Bug Fixes

* default content-type for sas programs should be text/plain ([9977c9d](9977c9d161))
* **studio:** inject program path to code before sending for execution ([edc2e2a](edc2e2a302))

CHANGELOG.md

@@ -1,3 +1,25 @@
+## [0.21.2](https://github.com/sasjs/server/compare/v0.21.1...v0.21.2) (2022-09-20)
+
+
+### Bug Fixes
+
+* default content-type for sas programs should be text/plain ([9977c9d](https://github.com/sasjs/server/commit/9977c9d161947b11d45ab2513f99a5320a3f5a06))
+* **studio:** inject program path to code before sending for execution ([edc2e2a](https://github.com/sasjs/server/commit/edc2e2a302ccea4985f3d6b83ef8c23620ab82b6))
+
+## [0.21.1](https://github.com/sasjs/server/compare/v0.21.0...v0.21.1) (2022-09-19)
+
+
+### Bug Fixes
+
+* SASJS_WEBOUT_HEADERS path for windows ([0749d65](https://github.com/sasjs/server/commit/0749d65173e8cfe9a93464711b7be1e123c289ff))
+
+# [0.21.0](https://github.com/sasjs/server/compare/v0.20.0...v0.21.0) (2022-09-19)
+
+
+### Features
+
+* sas9 mocker improved - public access denied scenario ([06d3b17](https://github.com/sasjs/server/commit/06d3b1715432ea245ee755ae1dfd0579d3eb30e9))
+
 # [0.20.0](https://github.com/sasjs/server/compare/v0.19.0...v0.20.0) (2022-09-16)
 
 

api/mocks/generic/sas9/public-access-denied

@@ -0,0 +1 @@
+Public access has been denied.

api/package-lock.json

@@ -9,7 +9,7 @@
       "version": "0.0.2",
       "dependencies": {
         "@sasjs/core": "^4.31.3",
-        "@sasjs/utils": "2.42.1",
+        "@sasjs/utils": "2.48.1",
         "bcryptjs": "^2.4.3",
         "connect-mongo": "^4.6.0",
         "cookie-parser": "^1.4.6",
@@ -1396,9 +1396,9 @@
       "integrity": "sha512-TpVqWl5bqp3JTQjIg0r4WiQg7Ima5f17eAJILJbdYDdXsnLXlA/Csbb95G7eDPhzWpM3C0NrzKek3yvCMGzXIA=="
     },
     "node_modules/@sasjs/utils": {
-      "version": "2.42.1",
-      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.42.1.tgz",
-      "integrity": "sha512-DzHNYjeoj2eUkwV7Sa4eHCKRoTrYaQ6eyv6c1U5qOYXwVdZpMoYA3HFsHj55UcMOn2U3CXI5nrR7PZlUmVwVbQ==",
+      "version": "2.48.1",
+      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.48.1.tgz",
+      "integrity": "sha512-Eu9p66JKLeTj0KK3kfY7YLQYq+MDMS1Q1/FOFfRe9hV23mFsuzierVMrnEYGK0JaHOogdHLmwzg6iVLDT8Jssg==",
       "hasInstallScript": true,
       "dependencies": {
         "@types/fs-extra": "9.0.13",
@@ -10974,9 +10974,9 @@
       "integrity": "sha512-TpVqWl5bqp3JTQjIg0r4WiQg7Ima5f17eAJILJbdYDdXsnLXlA/Csbb95G7eDPhzWpM3C0NrzKek3yvCMGzXIA=="
     },
     "@sasjs/utils": {
-      "version": "2.42.1",
-      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.42.1.tgz",
-      "integrity": "sha512-DzHNYjeoj2eUkwV7Sa4eHCKRoTrYaQ6eyv6c1U5qOYXwVdZpMoYA3HFsHj55UcMOn2U3CXI5nrR7PZlUmVwVbQ==",
+      "version": "2.48.1",
+      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.48.1.tgz",
+      "integrity": "sha512-Eu9p66JKLeTj0KK3kfY7YLQYq+MDMS1Q1/FOFfRe9hV23mFsuzierVMrnEYGK0JaHOogdHLmwzg6iVLDT8Jssg==",
       "requires": {
         "@types/fs-extra": "9.0.13",
         "@types/prompts": "2.0.13",

api/package.json

@@ -48,7 +48,7 @@
   "author": "4GL Ltd",
   "dependencies": {
     "@sasjs/core": "^4.31.3",
-    "@sasjs/utils": "2.42.1",
+    "@sasjs/utils": "2.48.1",
     "bcryptjs": "^2.4.3",
     "connect-mongo": "^4.6.0",
     "cookie-parser": "^1.4.6",

api/public/swagger.yaml

@@ -663,7 +663,7 @@ paths:
             description: 'Execute SAS code.'
             summary: 'Run SAS Code and returns log'
             tags:
-                - CODE
+                - Code
             security:
                 -
                     bearerAuth: []
@@ -1658,8 +1658,8 @@ paths:
                                 anyOf:
                                     - {type: string}
                                     - {type: string, format: byte}
-            description: "Trigger a SAS or JS program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
-            summary: 'Execute a Stored Program, returns raw _webout content.'
+            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
+            summary: 'Execute a Stored Program, returns _webout and (optionally) log.'
             tags:
                 - STP
             security:
@@ -1667,7 +1667,7 @@ paths:
                     bearerAuth: []
             parameters:
                 -
-                    description: 'Location of SAS or JS code'
+                    description: 'Location of code in SASjs Drive'
                     in: query
                     name: _program
                     required: true
@@ -1685,7 +1685,7 @@ paths:
                                 anyOf:
                                     - {type: string}
                                     - {type: string, format: byte}
-            description: "Trigger a SAS or JS program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms\n\nThe response will be a JSON object with the following root attributes:\nlog, webout, headers.\n\nThe webout attribute will be nested JSON ONLY if the response-header\ncontains a content-type of application/json AND it is valid JSON.\nOtherwise it will be a stringified version of the webout content."
+            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
             summary: 'Execute a Stored Program, return a JSON object'
             tags:
                 - STP
@@ -1694,7 +1694,7 @@ paths:
                     bearerAuth: []
             parameters:
                 -
-                    description: 'Location of SAS or JS code'
+                    description: 'Location of code in SASjs Drive'
                     in: query
                     name: _program
                     required: false
@@ -1798,7 +1798,7 @@ tags:
         name: Client
         description: 'Operations about clients'
     -
-        name: CODE
+        name: Code
         description: 'Execution of code (various runtimes are supported)'
     -
         name: Drive

api/src/app.ts

@@ -77,6 +77,10 @@ export default setProcessVariables().then(async () => {
   app.use(express.json({ limit: '100mb' }))
   app.use(express.static(path.join(__dirname, '../public')))
 
+  // Body parser is used for decoding the formdata on POST request.
+  // Currently only place we use it is SAS9 Mock - POST /SASLogon/login
+  app.use(express.urlencoded({ extended: true }))
+
   await setupFolders()
   await copySASjsCore()
 

api/src/controllers/code.ts

@@ -24,7 +24,7 @@ interface ExecuteCodePayload {
 
 @Security('bearerAuth')
 @Route('SASjsApi/code')
-@Tags('CODE')
+@Tags('Code')
 export class CodeController {
   /**
    * Execute SAS code.

api/src/controllers/internal/Session.ts

@@ -92,6 +92,9 @@ export class SASSessionController extends SessionController {
       path: sessionFolder
     }
 
+    const headersPath = path.join(session.path, 'stpsrv_header.txt')
+    await createFile(headersPath, 'Content-type: text/plain')
+
     // we do not want to leave sessions running forever
     // we clean them up after a predefined period, if unused
     this.scheduleSessionDestroy(session)
@@ -170,7 +173,7 @@ ${autoExecContent}`
     session.ready = true
   }
 
-  public async deleteSession(session: Session) {
+  private async deleteSession(session: Session) {
     // remove the temporary files, to avoid buildup
     await deleteFolder(session.path)
 

api/src/controllers/internal/createJSProgram.ts

@@ -1,4 +1,4 @@
-import { isWindows } from '@sasjs/utils'
+import { escapeWinSlashes } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadJSCode } from '../../utils'
 import { ExecutionVars } from './'
@@ -21,13 +21,9 @@ export const createJSProgram = async (
 
   const preProgramVarStatments = `
 let _webout = '';
-const weboutPath = '${
-    isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath
-  }'; 
-const _SASJS_TOKENFILE = '${
-    isWindows() ? tokenFile.replace(/\\/g, '\\\\') : tokenFile
-  }';
-const _SASJS_WEBOUT_HEADERS = '${headersPath}';
+const weboutPath = '${escapeWinSlashes(weboutPath)}'; 
+const _SASJS_TOKENFILE = '${escapeWinSlashes(tokenFile)}';
+const _SASJS_WEBOUT_HEADERS = '${escapeWinSlashes(headersPath)}';
 const _SASJS_USERNAME = '${preProgramVariables?.username}';
 const _SASJS_USERID = '${preProgramVariables?.userId}';
 const _SASJS_DISPLAYNAME = '${preProgramVariables?.displayName}';

api/src/controllers/internal/createPythonProgram.ts

@@ -1,4 +1,4 @@
-import { isWindows } from '@sasjs/utils'
+import { escapeWinSlashes } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadPythonCode } from '../../utils'
 import { ExecutionVars } from './'
@@ -19,14 +19,10 @@ export const createPythonProgram = async (
   )
 
   const preProgramVarStatments = `
-_SASJS_SESSION_PATH = '${
-    isWindows() ? session.path.replace(/\\/g, '\\\\') : session.path
-  }';
-_WEBOUT = '${isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath}'; 
-_SASJS_WEBOUT_HEADERS = '${headersPath}';
-_SASJS_TOKENFILE = '${
-    isWindows() ? tokenFile.replace(/\\/g, '\\\\') : tokenFile
-  }';
+_SASJS_SESSION_PATH = '${escapeWinSlashes(session.path)}';
+_WEBOUT = '${escapeWinSlashes(weboutPath)}'; 
+_SASJS_WEBOUT_HEADERS = '${escapeWinSlashes(headersPath)}';
+_SASJS_TOKENFILE = '${escapeWinSlashes(tokenFile)}';
 _SASJS_USERNAME = '${preProgramVariables?.username}';
 _SASJS_USERID = '${preProgramVariables?.userId}';
 _SASJS_DISPLAYNAME = '${preProgramVariables?.displayName}';

api/src/controllers/internal/createRProgram.ts

@@ -1,4 +1,4 @@
-import { isWindows } from '@sasjs/utils'
+import { escapeWinSlashes } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadRCode } from '../../utils'
 import { ExecutionVars } from '.'
@@ -19,14 +19,10 @@ export const createRProgram = async (
   )
 
   const preProgramVarStatments = `
-._SASJS_SESSION_PATH <- '${
-    isWindows() ? session.path.replace(/\\/g, '\\\\') : session.path
-  }';
-._WEBOUT <- '${isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath}'; 
-._SASJS_WEBOUT_HEADERS <- '${headersPath}';
-._SASJS_TOKENFILE <- '${
-    isWindows() ? tokenFile.replace(/\\/g, '\\\\') : tokenFile
-  }';
+._SASJS_SESSION_PATH <- '${escapeWinSlashes(session.path)}';
+._WEBOUT <- '${escapeWinSlashes(weboutPath)}'; 
+._SASJS_WEBOUT_HEADERS <- '${escapeWinSlashes(headersPath)}';
+._SASJS_TOKENFILE <- '${escapeWinSlashes(tokenFile)}';
 ._SASJS_USERNAME <- '${preProgramVariables?.username}';
 ._SASJS_USERID <- '${preProgramVariables?.userId}';
 ._SASJS_DISPLAYNAME <- '${preProgramVariables?.displayName}';

api/src/controllers/internal/createSASProgram.ts

@@ -8,6 +8,7 @@ export const createSASProgram = async (
   vars: ExecutionVars,
   session: Session,
   weboutPath: string,
+  headersPath: string,
   tokenFile: string,
   otherArgs?: any
 ) => {
@@ -23,7 +24,7 @@ export const createSASProgram = async (
 %let _sasjs_displayname=${preProgramVariables?.displayName};
 %let _sasjs_apiserverurl=${preProgramVariables?.serverUrl};
 %let _sasjs_apipath=/SASjsApi/stp/execute;
-%let _sasjs_webout_headers=%sysfunc(pathname(work))/../stpsrv_header.txt;
+%let _sasjs_webout_headers=${headersPath};
 %let _metaperson=&_sasjs_displayname;
 %let _metauser=&_sasjs_username;
 

api/src/controllers/internal/processProgram.ts

@@ -32,6 +32,7 @@ export const processProgram = async (
       vars,
       session,
       weboutPath,
+      headersPath,
       tokenFile,
       otherArgs
     )

api/src/controllers/mock-sas9.ts

@@ -15,7 +15,7 @@ export interface MockFileRead {
 }
 
 export class MockSas9Controller {
-  private loggedIn: boolean = false
+  private loggedIn: string | undefined
 
   @Get('/SASStoredProcess')
   public async sasStoredProcess(): Promise<Sas9Response> {
@@ -46,6 +46,13 @@ export class MockSas9Controller {
       }
     }
 
+    if (this.isPublicAccount()) {
+      return {
+        content: '',
+        redirect: '/SASLogon/Login'
+      }
+    }
+
     let program = req.query._program?.toString() || ''
     program = program.replace('/', '')
 
@@ -68,6 +75,23 @@ export class MockSas9Controller {
 
   @Get('/SASLogon/login')
   public async loginGet(): Promise<Sas9Response> {
+    if (this.loggedIn) {
+      if (this.isPublicAccount()) {
+        return {
+          content: '',
+          redirect: '/SASStoredProcess/Logoff?publicDenied=true'
+        }
+      } else {
+        return await getMockResponseFromFile([
+          process.cwd(),
+          'mocks',
+          'generic',
+          'sas9',
+          'logged-in'
+        ])
+      }
+    }
+
     return await getMockResponseFromFile([
       process.cwd(),
       'mocks',
@@ -78,8 +102,8 @@ export class MockSas9Controller {
   }
 
   @Post('/SASLogon/login')
-  public async loginPost(): Promise<Sas9Response> {
-    this.loggedIn = true
+  public async loginPost(req: express.Request): Promise<Sas9Response> {
+    this.loggedIn = req.body.username
 
     return await getMockResponseFromFile([
       process.cwd(),
@@ -91,8 +115,18 @@ export class MockSas9Controller {
   }
 
   @Get('/SASLogon/logout')
-  public async logout(): Promise<Sas9Response> {
-    this.loggedIn = false
+  public async logout(req: express.Request): Promise<Sas9Response> {
+    this.loggedIn = undefined
+
+    if (req.query.publicDenied === 'true') {
+      return await getMockResponseFromFile([
+        process.cwd(),
+        'mocks',
+        'generic',
+        'sas9',
+        'public-access-denied'
+      ])
+    }
 
     return await getMockResponseFromFile([
       process.cwd(),
@@ -102,6 +136,20 @@ export class MockSas9Controller {
       'logged-out'
     ])
   }
+
+  @Get('/SASStoredProcess/Logoff') //publicDenied=true
+  public async logoff(req: express.Request): Promise<Sas9Response> {
+    const params = req.query.publicDenied
+      ? `?publicDenied=${req.query.publicDenied}`
+      : ''
+
+    return {
+      content: '',
+      redirect: '/SASLogon/logout' + params
+    }
+  }
+
+  private isPublicAccount = () => this.loggedIn?.toLowerCase() === 'public'
 }
 
 /**

api/src/controllers/stp.ts

@@ -23,14 +23,14 @@ interface ExecutePostRequestPayload {
 @Tags('STP')
 export class STPController {
   /**
-   * Trigger a SAS or JS program using the _program URL parameter.
+   * Trigger a Stored Program using the _program URL parameter.
    *
    * Accepts URL parameters and file uploads.  For more details, see docs:
    *
    * https://server.sasjs.io/storedprograms
    *
-   * @summary Execute a Stored Program, returns raw _webout content.
-   * @param _program Location of SAS or JS code
+   * @summary Execute a Stored Program, returns _webout and (optionally) log.
+   * @param _program Location of code in SASjs Drive
    * @example _program "/Projects/myApp/some/program"
    */
   @Get('/execute')
@@ -43,21 +43,15 @@ export class STPController {
   }
 
   /**
-   * Trigger a SAS or JS program using the _program URL parameter.
+   * Trigger a Stored Program using the _program URL parameter.
    *
    * Accepts URL parameters and file uploads.  For more details, see docs:
    *
    * https://server.sasjs.io/storedprograms
    *
-   * The response will be a JSON object with the following root attributes:
-   * log, webout, headers.
-   *
-   * The webout attribute will be nested JSON ONLY if the response-header
-   * contains a content-type of application/json AND it is valid JSON.
-   * Otherwise it will be a stringified version of the webout content.
    *
    * @summary Execute a Stored Program, return a JSON object
-   * @param _program Location of SAS or JS code
+   * @param _program Location of code in SASjs Drive
    * @example _program "/Projects/myApp/some/program"
    */
   @Post('/execute')

api/src/routes/web/sas9-web.ts

@@ -58,6 +58,11 @@ sas9WebRouter.post('/SASStoredProcess/do/', async (req, res) => {
 sas9WebRouter.get('/SASLogon/login', async (req, res) => {
   const response = await controller.loginGet()
 
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }
+
   try {
     res.send(response.content)
   } catch (err: any) {
@@ -66,7 +71,12 @@ sas9WebRouter.get('/SASLogon/login', async (req, res) => {
 })
 
 sas9WebRouter.post('/SASLogon/login', async (req, res) => {
-  const response = await controller.loginPost()
+  const response = await controller.loginPost(req)
+
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }
 
   try {
     res.send(response.content)
@@ -76,7 +86,27 @@ sas9WebRouter.post('/SASLogon/login', async (req, res) => {
 })
 
 sas9WebRouter.get('/SASLogon/logout', async (req, res) => {
-  const response = await controller.logout()
+  const response = await controller.logout(req)
+
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }
+
+  try {
+    res.send(response.content)
+  } catch (err: any) {
+    res.status(403).send(err.toString())
+  }
+})
+
+sas9WebRouter.get('/SASStoredProcess/Logoff', async (req, res) => {
+  const response = await controller.logoff(req)
+
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }
 
   try {
     res.send(response.content)

api/tsoa.json

@@ -20,7 +20,7 @@
         "description": "Operations about clients"
       },
       {
-        "name": "CODE",
+        "name": "Code",
         "description": "Execution of code (various runtimes are supported)"
       },
       {

web/src/containers/Studio/internal/helper.ts

@@ -1,3 +1,5 @@
+import { RunTimeType } from '../../../context/appContext'
+
 export const getLanguageFromExtension = (extension: string) => {
   if (extension === 'js') return 'javascript'
 
@@ -12,3 +14,26 @@ export const getSelection = (editor: any) => {
   const selection = editor?.getModel().getValueInRange(editor?.getSelection())
   return selection ?? ''
 }
+
+export const programPathInjection = (
+  code: string,
+  path: string,
+  runtime: RunTimeType
+) => {
+  if (path) {
+    if (runtime === RunTimeType.JS) {
+      return `const _PROGRAM = '${path}';\n${code}`
+    }
+    if (runtime === RunTimeType.PY) {
+      return `_PROGRAM = '${path}';\n${code}`
+    }
+    if (runtime === RunTimeType.R) {
+      return `._PROGRAM = '${path}';\n${code}`
+    }
+    if (runtime === RunTimeType.SAS) {
+      return `%let _program = '${path}';\n${code}`
+    }
+  }
+
+  return code
+}

web/src/containers/Studio/internal/hooks/useEditor.ts

@@ -10,7 +10,7 @@ import {
 } from 'react'
 import { DiffEditorDidMount, EditorDidMount, monaco } from 'react-monaco-editor'
 import { SelectChangeEvent } from '@mui/material'
-import { getSelection } from '../helper'
+import { getSelection, programPathInjection } from '../helper'
 import { AppContext, RunTimeType } from '../../../../context/appContext'
 import { AlertSeverityType } from '../../../../components/snackbar'
 import {
@@ -151,7 +151,14 @@ const useEditor = ({
   const runCode = (code: string) => {
     setIsLoading(true)
     axios
-      .post(`/SASjsApi/code/execute`, { code, runTime: selectedRunTime })
+      .post(`/SASjsApi/code/execute`, {
+        code: programPathInjection(
+          code,
+          selectedFilePath,
+          selectedRunTime as RunTimeType
+        ),
+        runTime: selectedRunTime
+      })
       .then((res: any) => {
         setWebout(res.data.split(SASJS_LOGS_SEPARATOR)[0] ?? '')
         setLog(res.data.split(SASJS_LOGS_SEPARATOR)[1] ?? '')