chore(release): 0.15.2 [skip ci]

## [0.15.2](https://github.com/sasjs/server/compare/v0.15.1...v0.15.2) (2022-08-10) ### Bug Fixes * remove vulnerabitities ([f27ac51](f27ac51fc4))
Merge pull request #252 from sasjs/fix-vulnerabilities
2025-12-10 19:34:34 +00:00 · 2022-08-10 11:28:07 +00:00 · 2022-08-10 12:23:23 +01:00 · 2022-08-10 16:10:37 +05:00 · 2022-08-10 10:34:36 +00:00 · 2022-08-10 11:29:41 +01:00
130 changed files with 11802 additions and 4604 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -0,0 +1,84 @@
 {
  "projectName": "server",
  "projectOwner": "sasjs",
  "repoType": "github",
  "repoHost": "https://github.com",
  "files": [
    "README.md"
  ],
  "imageSize": 100,
  "commit": true,
  "commitConvention": "angular",
  "contributors": [
    {
      "login": "saadjutt01",
      "name": "Saad Jutt",
      "avatar_url": "https://avatars.githubusercontent.com/u/8914650?v=4",
      "profile": "https://github.com/saadjutt01",
      "contributions": [
        "code",
        "test"
      ]
    },
    {
      "login": "sabhas",
      "name": "Sabir Hassan",
      "avatar_url": "https://avatars.githubusercontent.com/u/82647447?v=4",
      "profile": "https://github.com/sabhas",
      "contributions": [
        "code",
        "test"
      ]
    },
    {
      "login": "YuryShkoda",
      "name": "Yury Shkoda",
      "avatar_url": "https://avatars.githubusercontent.com/u/25773492?v=4",
      "profile": "https://www.erudicat.com/",
      "contributions": [
        "code",
        "test"
      ]
    },
    {
      "login": "medjedovicm",
      "name": "Mihajlo Medjedovic",
      "avatar_url": "https://avatars.githubusercontent.com/u/18329105?v=4",
      "profile": "https://github.com/medjedovicm",
      "contributions": [
        "code",
        "test"
      ]
    },
    {
      "login": "allanbowe",
      "name": "Allan Bowe",
      "avatar_url": "https://avatars.githubusercontent.com/u/4420615?v=4",
      "profile": "https://4gl.io/",
      "contributions": [
        "code",
        "doc"
      ]
    },
    {
      "login": "VladislavParhomchik",
      "name": "Vladislav Parhomchik",
      "avatar_url": "https://avatars.githubusercontent.com/u/83717836?v=4",
      "profile": "https://github.com/VladislavParhomchik",
      "contributions": [
        "test"
      ]
    },
    {
      "login": "kknapen",
      "name": "Koen Knapen",
      "avatar_url": "https://avatars.githubusercontent.com/u/78609432?v=4",
      "profile": "https://github.com/kknapen",
      "contributions": [
        "userTesting"
      ]
    }
  ],
  "contributorsPerLine": 7,
  "skipCi": true
 }
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
 # These are supported funding model platforms
 github: [sasjs]
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -55,6 +55,9 @@ jobs:
          REFRESH_TOKEN_SECRET: ${{secrets.REFRESH_TOKEN_SECRET}}
          AUTH_CODE_SECRET: ${{secrets.AUTH_CODE_SECRET}}
          SESSION_SECRET: ${{secrets.SESSION_SECRET}}
          RUN_TIMES: 'sas,js'
          SAS_PATH: '/some/path/to/sas'
          NODE_PATH: '/some/path/to/node'
      - name: Build Package
        working-directory: ./api
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-v16.14.0
+v16.15.1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,406 @@
 ## [0.15.2](https://github.com/sasjs/server/compare/v0.15.1...v0.15.2) (2022-08-10)
 ### Bug Fixes
 * remove vulnerabitities ([f27ac51](https://github.com/sasjs/server/commit/f27ac51fc4beb21070d0ab551cfdaec1f6ba39e0))
 ## [0.15.1](https://github.com/sasjs/server/compare/v0.15.0...v0.15.1) (2022-08-10)
 ### Bug Fixes
 * **web:** fix UI responsiveness ([d99fdd1](https://github.com/sasjs/server/commit/d99fdd1ec7991b94a0d98338d7a7a6216f46ce45))
 # [0.15.0](https://github.com/sasjs/server/compare/v0.14.1...v0.15.0) (2022-08-05)
 ### Bug Fixes
 * after selecting file in sidebar collapse sidebar in mobile view ([e215958](https://github.com/sasjs/server/commit/e215958b8b05d7a8ce9d82395e0640b5b37fb40d))
 * improve mobile view for studio page ([c67d3ee](https://github.com/sasjs/server/commit/c67d3ee2f102155e2e9781e13d5d33c1ab227cb4))
 * improve responsiveness for mobile view ([6ef40b9](https://github.com/sasjs/server/commit/6ef40b954a87ebb0a2621119064f38d58ea85148))
 * improve user experience for adding permissions ([7a162ed](https://github.com/sasjs/server/commit/7a162eda8fc60383ff647d93e6611799e2e6af7a))
 * show logout button only when user is logged in ([9227cd4](https://github.com/sasjs/server/commit/9227cd449dc46fd960a488eb281804a9b9ffc284))
 ### Features
 * add multiple permission for same combination of type and principal at once ([754704b](https://github.com/sasjs/server/commit/754704bca89ecbdbcc3bd4ef04b94124c4f24167))
 ## [0.14.1](https://github.com/sasjs/server/compare/v0.14.0...v0.14.1) (2022-08-04)
 ### Bug Fixes
 * **apps:** App Stream logo fix ([87c03c5](https://github.com/sasjs/server/commit/87c03c5f8dbdfc151d4ff3722ecbcd3f7e409aea))
 * **cookie:** XSRF cookie is removed and passed token in head section ([77f8d30](https://github.com/sasjs/server/commit/77f8d30baf9b1077279c29f1c3e5ca02a5436bc0))
 * **env:** check added for not providing WHITELIST ([5966016](https://github.com/sasjs/server/commit/5966016853369146b27ac5781808cb51d65c887f))
 * **web:** show login on logged-out state ([f7fcc77](https://github.com/sasjs/server/commit/f7fcc7741aa2af93a4a2b1e651003704c9bbff0c))
 # [0.14.0](https://github.com/sasjs/server/compare/v0.13.3...v0.14.0) (2022-08-02)
 ### Bug Fixes
 * add restriction on  add/remove user to public group ([d3a516c](https://github.com/sasjs/server/commit/d3a516c36e45aa1cc76c30c744e6a0e5bd553165))
 * call jwt.verify in synchronous way ([254bc07](https://github.com/sasjs/server/commit/254bc07da744a9708109bfb792be70aa3f6284f4))
 ### Features
 * add public group to DB on seed ([c3e3bef](https://github.com/sasjs/server/commit/c3e3befc17102ee1754e1403193040b4f79fb2a7))
 * bypass authentication when route is enabled for public group ([68515f9](https://github.com/sasjs/server/commit/68515f95a65d422e29c0ed6028f3ea0ae8d9b1bf))
 ## [0.13.3](https://github.com/sasjs/server/compare/v0.13.2...v0.13.3) (2022-08-02)
 ### Bug Fixes
 * show non-admin user his own permissions only ([8a3054e](https://github.com/sasjs/server/commit/8a3054e19ade82e2792cfb0f2a8af9e502c5eb52))
 * update schema of Permission ([5d5a9d3](https://github.com/sasjs/server/commit/5d5a9d3788281d75c56f68f0dff231abc9c9c275))
 ## [0.13.2](https://github.com/sasjs/server/compare/v0.13.1...v0.13.2) (2022-08-01)
 ### Bug Fixes
 * adding ls=max to reduce log size and improve readability ([916947d](https://github.com/sasjs/server/commit/916947dffacd902ff23ac3e899d1bf5ab6238b75))
 ## [0.13.1](https://github.com/sasjs/server/compare/v0.13.0...v0.13.1) (2022-07-31)
 ### Bug Fixes
 * adding options to prevent unwanted windows on windows.  Closes [#244](https://github.com/sasjs/server/issues/244) ([77db14c](https://github.com/sasjs/server/commit/77db14c690e18145d733ac2b0d646ab0dbe4d521))
 # [0.13.0](https://github.com/sasjs/server/compare/v0.12.1...v0.13.0) (2022-07-28)
 ### Bug Fixes
 * autofocus input field and submit on enter ([7681722](https://github.com/sasjs/server/commit/7681722e5afdc2df0c9eed201b05add3beda92a7))
 * move api button to user menu ([8de032b](https://github.com/sasjs/server/commit/8de032b5431b47daabcf783c47ff078bf817247d))
 ### Features
 * add action and command to editor ([706e228](https://github.com/sasjs/server/commit/706e228a8e1924786fd9dc97de387974eda504b1))
 ## [0.12.1](https://github.com/sasjs/server/compare/v0.12.0...v0.12.1) (2022-07-26)
 ### Bug Fixes
 * **web:** disable launch icon button when file content is not saved ([c574b42](https://github.com/sasjs/server/commit/c574b4223591c4a6cd3ef5e146ce99cd8f7c9190))
 * **web:** saveAs functionality fixed in studio page ([3c987c6](https://github.com/sasjs/server/commit/3c987c61ddc258f991e2bf38c1f16a0c4248d6ae))
 * **web:** show original name as default name in rename file/folder modal ([9640f65](https://github.com/sasjs/server/commit/9640f6526496f3564664ccb1f834d0f659dcad4e))
 * **web:** webout tab item fixed in studio page ([7cdffe3](https://github.com/sasjs/server/commit/7cdffe30e36e5cad0284f48ea97925958e12704c))
 * **web:** when no file is selected save the editor content to local storage ([3b1fcb9](https://github.com/sasjs/server/commit/3b1fcb937d06d02ab99c9e8dbe307012d48a7a3a))
 # [0.12.0](https://github.com/sasjs/server/compare/v0.11.5...v0.12.0) (2022-07-26)
 ### Bug Fixes
 * fileTree api response to include an additional attribute isFolder ([0f19384](https://github.com/sasjs/server/commit/0f193849994f1ac8a071afa8f10af5b46f86663d))
 * remove drive component ([06d7c91](https://github.com/sasjs/server/commit/06d7c91fc34620a954df1fd1c682eff370f79ca6))
 ### Features
 * add api end point for delete folder ([08e0c61](https://github.com/sasjs/server/commit/08e0c61e0fd7041d6cded6f4d71fbb410e5615ce))
 * add sidebar(drive) to left of studio ([6c35412](https://github.com/sasjs/server/commit/6c35412d2f5180d4e49b12e616576d8b8dacb7d8))
 * created api endpoint for adding empty folder in drive ([941917e](https://github.com/sasjs/server/commit/941917e508ece5009135f9dddf99775dd4002f78))
 * implemented api for renaming file/folder ([fdcaba9](https://github.com/sasjs/server/commit/fdcaba9d56cddea5d56d7de5a172f1bb49be3db5))
 * implemented delete file/folder functionality ([177675b](https://github.com/sasjs/server/commit/177675bc897416f7994dd849dc7bb11ba072efe9))
 * implemented functionality for adding file/folder from sidebar context menu ([0ce94a5](https://github.com/sasjs/server/commit/0ce94a553e53bfcdbd6273b26b322095a080a341))
 * implemented the functionality for renaming file/folder from context menu ([7010a6a](https://github.com/sasjs/server/commit/7010a6a1201720d0eb4093267a344fb828b90a2f))
 * prevent user from leaving studio page when there are unsaved changes ([6c75502](https://github.com/sasjs/server/commit/6c7550286b5f505e9dfe8ca63c62fa1db1b60b2e))
 * **web:** add difference view editor in studio ([420a61a](https://github.com/sasjs/server/commit/420a61a5a6b11dcb5eb0a652ea9cecea5c3bee5f))
 ## [0.11.5](https://github.com/sasjs/server/compare/v0.11.4...v0.11.5) (2022-07-19)
 ### Bug Fixes
 * Revert "fix(security): missing cookie flags are added" ([ce5218a](https://github.com/sasjs/server/commit/ce5218a2278cc750f2b1032024685dc6cd72f796))
 ## [0.11.4](https://github.com/sasjs/server/compare/v0.11.3...v0.11.4) (2022-07-19)
 ### Bug Fixes
 * **security:** missing cookie flags are added ([526402f](https://github.com/sasjs/server/commit/526402fd73407ee4fa2d31092111a7e6a1741487))
 ## [0.11.3](https://github.com/sasjs/server/compare/v0.11.2...v0.11.3) (2022-07-19)
 ### Bug Fixes
 * filePath fix in code.js file for windows ([2995121](https://github.com/sasjs/server/commit/299512135d77c2ac9e34853cf35aee6f2e1d4da4))
 ## [0.11.2](https://github.com/sasjs/server/compare/v0.11.1...v0.11.2) (2022-07-18)
 ### Bug Fixes
 * apply icon option only for sas.exe ([d2ddd8a](https://github.com/sasjs/server/commit/d2ddd8aacadfdd143026881f2c6ae8c6b277610a))
 ## [0.11.1](https://github.com/sasjs/server/compare/v0.11.0...v0.11.1) (2022-07-18)
 ### Bug Fixes
 * bank operator ([aa02741](https://github.com/sasjs/server/commit/aa027414ed3ce51f1014ef36c4191e064b2e963d))
 * ensuring nosplash option only applies for sas.exe ([65e6de9](https://github.com/sasjs/server/commit/65e6de966383fe49a919b1f901d77c7f1e402c9b)), closes [#229](https://github.com/sasjs/server/issues/229)
 # [0.11.0](https://github.com/sasjs/server/compare/v0.10.0...v0.11.0) (2022-07-16)
 ### Bug Fixes
 * **logs:** logs location is configurable ([e024a92](https://github.com/sasjs/server/commit/e024a92f165990e08db8aa26ee326dbcb30e2e46))
 ### Features
 * **logs:** logs to file with rotating + code split into files ([92fda18](https://github.com/sasjs/server/commit/92fda183f3f0f3956b7c791669eb8dd52c389d1b))
 # [0.10.0](https://github.com/sasjs/server/compare/v0.9.0...v0.10.0) (2022-07-06)
 ### Bug Fixes
 * add authorize middleware for appStreams ([e54a09d](https://github.com/sasjs/server/commit/e54a09db19ec8690e54a40760531a4e06d250974))
 * add isAdmin attribute to return response of get session and login requests ([bdf63df](https://github.com/sasjs/server/commit/bdf63df1d915892486005ec904807749786b1c0c))
 * add permission authorization middleware to only specific routes ([f3dfc70](https://github.com/sasjs/server/commit/f3dfc7083fbfb4b447521341b1a86730fb90b4c0))
 * bumping core and running lint ([a2d1396](https://github.com/sasjs/server/commit/a2d13960578014312d2cb5e03145bfd1829d99ec))
 * controller fixed for deleting permission ([b5f595a](https://github.com/sasjs/server/commit/b5f595a25c50550d62482409353c7629c5a5c3e0))
 * do not show admin users in add permission modal ([a75edba](https://github.com/sasjs/server/commit/a75edbaa327ec2af49523c13996ac283061da7d8))
 * export GroupResponse interface ([38a7db8](https://github.com/sasjs/server/commit/38a7db8514de0acd94d74ba96bc1efb732add30c))
 * move permission filter modal to separate file and icons for different actions ([d000f75](https://github.com/sasjs/server/commit/d000f7508f6d7384afffafee4179151fca802ca8))
 * principalId type changed to  number from any ([4fcc191](https://github.com/sasjs/server/commit/4fcc191ce9edc7e4dcd8821fb8019f4eea5db4ea))
 * remove clientId from principal types ([0781ddd](https://github.com/sasjs/server/commit/0781ddd64e3b5e5ca39647bb4e4e1a9332a0f4f8))
 * remove duplicates principals from permission filter modal ([5b319f9](https://github.com/sasjs/server/commit/5b319f9ad1f941b306db6b9473a2128b2e42bf76))
 * show loading spinner in studio while executing code ([496247d](https://github.com/sasjs/server/commit/496247d0b9975097a008cf4d3a999d77648fd930))
 * show permission component only in server mode ([f863b81](https://github.com/sasjs/server/commit/f863b81a7d40a1296a061ec93946f204382af2c3))
 * update permission model ([39fc908](https://github.com/sasjs/server/commit/39fc908de1945f2aaea18d14e6bce703f6bf0c06))
 * update permission response ([e516b77](https://github.com/sasjs/server/commit/e516b7716da5ff7e23350a5f77cfa073b1171175))
 * **web:** only admin should be able to add, update or delete permission ([be8635c](https://github.com/sasjs/server/commit/be8635ccc5eb34c3f0a5951c8a0421292ef69c97))
 ### Features
 * add api endpoint for deleting permission ([0171344](https://github.com/sasjs/server/commit/01713440a4fa661b76368785c0ca731f096ac70a))
 * add api endpoint for updating permission setting ([540f54f](https://github.com/sasjs/server/commit/540f54fb77b364822da7889dbe75c02242f48a59))
 * add authorize middleware for validating permissions ([7d916ec](https://github.com/sasjs/server/commit/7d916ec3e9ef579dde1b73015715cd01098c2018))
 * add basic UI for settings and permissions ([5652325](https://github.com/sasjs/server/commit/56523254525a66e756196e90b39a2b8cdadc1518))
 * add documentation link under usename dropdown menu ([eeb63b3](https://github.com/sasjs/server/commit/eeb63b330c292afcdd5c8f006882b224c4235068))
 * add permission model ([6bea1f7](https://github.com/sasjs/server/commit/6bea1f76668ddb070ad95b3e02c31238af67c346))
 * add UI for updating permission ([e8c21a4](https://github.com/sasjs/server/commit/e8c21a43b215f5fced0463b70747cda1191a4e01))
 * add validation for registering permission ([e5200c1](https://github.com/sasjs/server/commit/e5200c1000903185dfad9ee49c99583e473c4388))
 * add, remove and update permissions from web component ([97ecfdc](https://github.com/sasjs/server/commit/97ecfdc95563c72dbdecaebcb504e5194250a763))
 * added get authorizedRoutes api endpoint ([b10e932](https://github.com/sasjs/server/commit/b10e9326058193dd65a57fab2d2f05b7b06096e7))
 * created modal for adding permission ([1413b18](https://github.com/sasjs/server/commit/1413b1850838ecc988ab289da4541bde36a9a346))
 * defined register permission and get all permissions api endpoints ([1103ffe](https://github.com/sasjs/server/commit/1103ffe07b88496967cb03683b08f058ca3bbb9f))
 * update swagger docs ([797c2bc](https://github.com/sasjs/server/commit/797c2bcc39005a05a995be15a150d584fecae259))
 # [0.9.0](https://github.com/sasjs/server/compare/v0.8.3...v0.9.0) (2022-07-03)
 ### Features
 * removed secrets from env variables ([9c3da56](https://github.com/sasjs/server/commit/9c3da56901672a818f54267f9defc9f4701ab7fb))
 ## [0.8.3](https://github.com/sasjs/server/compare/v0.8.2...v0.8.3) (2022-07-02)
 ### Bug Fixes
 * **deploy:** extract first json from zip file ([e290751](https://github.com/sasjs/server/commit/e290751c872d24009482871a8c398e834357dcde))
 ## [0.8.2](https://github.com/sasjs/server/compare/v0.8.1...v0.8.2) (2022-06-22)
 ### Bug Fixes
 * getRuntimeAndFilePath function to handle the scenarion when path is provided with an extension other than runtimes ([5cc85b5](https://github.com/sasjs/server/commit/5cc85b57f80b13296156811fe966d7b37d45f213))
 ## [0.8.1](https://github.com/sasjs/server/compare/v0.8.0...v0.8.1) (2022-06-21)
 ### Bug Fixes
 * make CA_ROOT optional in getCertificates method ([1b5859e](https://github.com/sasjs/server/commit/1b5859ee37ae73c419115b9debfd5141a79733de))
 * update /logout route to /SASLogon/logout ([65380be](https://github.com/sasjs/server/commit/65380be2f3945bae559f1749064845b514447a53))
 # [0.8.0](https://github.com/sasjs/server/compare/v0.7.3...v0.8.0) (2022-06-21)
 ### Features
 * **certs:** ENV variables updated and set CA Root for HTTPS server ([2119e9d](https://github.com/sasjs/server/commit/2119e9de9ab1e5ce1222658f554ac74f4f35cf4d))
 ## [0.7.3](https://github.com/sasjs/server/compare/v0.7.2...v0.7.3) (2022-06-20)
 ### Bug Fixes
 * path descriptions and defaults ([5d5d6ce](https://github.com/sasjs/server/commit/5d5d6ce3265a43af2e22bcd38cda54fafaf7b3ef))
 ## [0.7.2](https://github.com/sasjs/server/compare/v0.7.1...v0.7.2) (2022-06-20)
 ### Bug Fixes
 * removing UTF-8 options from commandline.  There appears to be no reliable way to enforce ([f6dc74f](https://github.com/sasjs/server/commit/f6dc74f16bddafa1de9c83c2f27671a241abdad4))
 ## [0.7.1](https://github.com/sasjs/server/compare/v0.7.0...v0.7.1) (2022-06-20)
 ### Bug Fixes
 * default runtime should be sas ([91d29cb](https://github.com/sasjs/server/commit/91d29cb1272c28afbceaf39d1e0a87e17fbfdcd6))
 * **Studio:** default selection of runtime fixed ([eb569c7](https://github.com/sasjs/server/commit/eb569c7b827c872ed2c4bc114559b97d87fd2aa0))
 * webout path fixed in code.js when running on windows ([99a1107](https://github.com/sasjs/server/commit/99a110736448f66f99a512396b268fc31a3feef0))
 # [0.7.0](https://github.com/sasjs/server/compare/v0.6.1...v0.7.0) (2022-06-19)
 ### Bug Fixes
 * add runtimes to global process object ([194eaec](https://github.com/sasjs/server/commit/194eaec7d4a561468f83bf6efce484909ee532eb))
 * code fixes for executing program from program path including file extension ([53854d0](https://github.com/sasjs/server/commit/53854d001279462104b24c0e59a8c94ab4938a94))
 * code/execute controller logic to handle different runtimes ([23b6692](https://github.com/sasjs/server/commit/23b6692f02e4afa33c9dc95d242eb8645c19d546))
 * convert single executeProgram method to two methods i.e. executeSASProgram and executeJSProgram ([c58666e](https://github.com/sasjs/server/commit/c58666eb81514de500519e7b96c1981778ec149b))
 * no need to stringify _webout in preProgramVarStatements, developer should have _webout as string in actual code ([9d5a5e0](https://github.com/sasjs/server/commit/9d5a5e051fd821295664ddb3a1fd64629894a44c))
 * pass _program to execute file without extension ([5df619b](https://github.com/sasjs/server/commit/5df619b3f63571e8e326261d8114869d33881d91))
 * refactor code for session selection in preUploadMiddleware function ([b444381](https://github.com/sasjs/server/commit/b4443819d42afecebc0f382c58afb9010d4775ef))
 * refactor code in executeFile method of session controller ([dffe6d7](https://github.com/sasjs/server/commit/dffe6d7121d569e5c7d13023c6ca68d8c901c88e))
 * refactor code in preUploadMiddleware function ([6d6bda5](https://github.com/sasjs/server/commit/6d6bda56267babde7b98cf69e32973d56d719f75))
 * refactor sas/js session controller classes to inherit from base session controller class ([2c704a5](https://github.com/sasjs/server/commit/2c704a544f4e31a8e8e833a9a62ba016bcfa6c7c))
 * **Studio:** style fix for runtime dropdown ([9023cf3](https://github.com/sasjs/server/commit/9023cf33b5fa4b13c2d5e9b80ae307df69c7fc02))
 ### Features
 * configure child process with writeStream to write logs to log file ([058b3b0](https://github.com/sasjs/server/commit/058b3b00816e582e143953c2f0b8330bde2181b8))
 * conver single session controller to two controller i.e. SASSessionController and JSSessionController ([07295aa](https://github.com/sasjs/server/commit/07295aa151175db8c93eeef806fc3b7fde40ac72))
 * create and inject code for uploaded files to code.js ([1685616](https://github.com/sasjs/server/commit/16856165fb292dc9ffa897189ba105bd9f362267))
 * validate sasjs_runtimes env var ([596ada7](https://github.com/sasjs/server/commit/596ada7ca88798d6d71f6845633a006fd22438ea))
 ## [0.6.1](https://github.com/sasjs/server/compare/v0.6.0...v0.6.1) (2022-06-17)
 ### Bug Fixes
 * home page wording.  Using fix to force previous change through.. ([8702a4e](https://github.com/sasjs/server/commit/8702a4e8fd1bbfaf4f426b75e8b85a87ede0e0b0))
 # [0.6.0](https://github.com/sasjs/server/compare/v0.5.0...v0.6.0) (2022-06-16)
 ### Features
 * get group by group name ([6b0b94a](https://github.com/sasjs/server/commit/6b0b94ad38215ae58e62279a4f73ac3ed2d9d0e8))
 # [0.5.0](https://github.com/sasjs/server/compare/v0.4.2...v0.5.0) (2022-06-16)
 ### Bug Fixes
 * npm audit fix to avoid warnings on npm i ([28a6a36](https://github.com/sasjs/server/commit/28a6a36bb708b93fb5c2b74d587e9b2e055582be))
 ### Features
 * **api:** deployment through zipped/compressed file ([b81d742](https://github.com/sasjs/server/commit/b81d742c6c70d4cf1cab365b0e3efc087441db00))
 ## [0.4.2](https://github.com/sasjs/server/compare/v0.4.1...v0.4.2) (2022-06-15)
 ### Bug Fixes
 * appStream redesign ([73792fb](https://github.com/sasjs/server/commit/73792fb574c90bd280c4324e0b41c6fee7d572b6))
 ## [0.4.1](https://github.com/sasjs/server/compare/v0.4.0...v0.4.1) (2022-06-15)
 ### Bug Fixes
 * add/remove group to User when adding/removing user from group and return group membership on getting user ([e08bbcc](https://github.com/sasjs/server/commit/e08bbcc5435cbabaee40a41a7fb667d4a1f078e6))
 # [0.4.0](https://github.com/sasjs/server/compare/v0.3.10...v0.4.0) (2022-06-14)
 ### Features
 * new APIs added for GET|PATCH|DELETE of user by username ([aef411a](https://github.com/sasjs/server/commit/aef411a0eac625c33274dfe3e88b6f75115c44d8))
 ## [0.3.10](https://github.com/sasjs/server/compare/v0.3.9...v0.3.10) (2022-06-14)
 ### Bug Fixes
 * correct syntax for encoding option ([32d372b](https://github.com/sasjs/server/commit/32d372b42fbf56b6c0779e8f704164eaae1c7548))
 ## [0.3.9](https://github.com/sasjs/server/compare/v0.3.8...v0.3.9) (2022-06-14)
 ### Bug Fixes
 * forcing utf 8 encoding. Closes [#76](https://github.com/sasjs/server/issues/76) ([8734489](https://github.com/sasjs/server/commit/8734489cf014aedaca3f325e689493e4fe0b71ca))
 ## [0.3.8](https://github.com/sasjs/server/compare/v0.3.7...v0.3.8) (2022-06-13)
 ### Bug Fixes
 * execution controller better error handling ([8a617a7](https://github.com/sasjs/server/commit/8a617a73ae63233332f5788c90f173d6cd5e1283))
 * execution controller error details ([3fa2a7e](https://github.com/sasjs/server/commit/3fa2a7e2e32f90050f6b09e30ce3ef725eb0b15f))
 ## [0.3.7](https://github.com/sasjs/server/compare/v0.3.6...v0.3.7) (2022-06-08)
 ### Bug Fixes
 * **appstream:** redirect to relative + nested resource should be accessed ([5ab35b0](https://github.com/sasjs/server/commit/5ab35b02c4417132dddb5a800982f31d0d50ef66))
 ## [0.3.6](https://github.com/sasjs/server/compare/v0.3.5...v0.3.6) (2022-06-02)
 ### Bug Fixes
 * **appstream:** should serve only new files for same app stream name with new deployment ([e6d1989](https://github.com/sasjs/server/commit/e6d1989847761fbe562d7861ffa0ee542839b125))
 ## [0.3.5](https://github.com/sasjs/server/compare/v0.3.4...v0.3.5) (2022-05-30)
 ### Bug Fixes
 * bumping sasjs/core library ([61815f8](https://github.com/sasjs/server/commit/61815f8ae18be132e17c199cd8e3afbcc2fa0b60))
 ## [0.3.4](https://github.com/sasjs/server/compare/v0.3.3...v0.3.4) (2022-05-30)
 ### Bug Fixes
 * **web:** system username for DESKTOP mode ([a8ba378](https://github.com/sasjs/server/commit/a8ba378fd1ff374ba025a96fdfae5c6c36954465))
 ## [0.3.3](https://github.com/sasjs/server/compare/v0.3.2...v0.3.3) (2022-05-30)
 ### Bug Fixes
 * usage of autoexec API in DESKTOP mode ([12d424a](https://github.com/sasjs/server/commit/12d424acce8108a6f53aefbac01fddcdc5efb48f))
 ## [0.3.2](https://github.com/sasjs/server/compare/v0.3.1...v0.3.2) (2022-05-27)
 ### Bug Fixes
 * **web:** ability to use get/patch User API in desktop mode. ([2c259fe](https://github.com/sasjs/server/commit/2c259fe1de95d84e6929e311aaa6b895e66b42a3))
 ## [0.3.1](https://github.com/sasjs/server/compare/v0.3.0...v0.3.1) (2022-05-26)
--- a/PULL_REQUEST_TEMPLATE.md
+++ b/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,19 @@
 ## Issue
 Link any related issue(s) in this section.
 ## Intent
 What this PR intends to achieve.
 ## Implementation
 What code changes have been made to achieve the intent.
 ## Checks
 - [ ] Code is formatted correctly (`npm run lint:fix`).
 - [ ] Any new functionality has been unit tested.
 - [ ] All unit tests are passing (`npm test`).
 - [ ] All CI checks are green.
 - [ ] Reviewer is assigned.
--- a/README.md
+++ b/README.md
@@ -1,5 +1,11 @@
 # SASjs Server
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
 [![All Contributors](https://img.shields.io/badge/all_contributors-7-orange.svg?style=flat-square)](#contributors-)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 SASjs Server provides a NodeJS wrapper for calling the SAS binary executable. It can be installed on an actual SAS server, or locally on your desktop. It provides:
 - Virtual filesystem for storing SAS programs and other content
@@ -61,10 +67,14 @@ MODE=
 # Path to SAS executable (sas.exe / sas.sh)
 SAS_PATH=/path/to/sas/executable.exe
 # Path to Node.js executable
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
 # Path to working directory
 # This location is for SAS WORK, staged files, DRIVE, configuration etc
 SASJS_ROOT=./sasjs_root
 # options: [http|https] default: http
 PROTOCOL=
@@ -89,15 +99,12 @@ SASV9_OPTIONS= -NOXCMD
 ## Additional Web Server Options
 #
-# ENV variables required for PROTOCOL: `https`
+# ENV variables for PROTOCOL: `https`
-PRIVATE_KEY=privkey.pem
+PRIVATE_KEY=privkey.pem (required)
-FULL_CHAIN=fullchain.pem
+CERT_CHAIN=certificate.pem (required)
 CA_ROOT=fullchain.pem (optional)
 # ENV variables required for MODE: `server`
 ACCESS_TOKEN_SECRET=<secret>
 REFRESH_TOKEN_SECRET=<secret>
 AUTH_CODE_SECRET=<secret>
 SESSION_SECRET=<secret>
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 # options: [disable|enable] default: `disable` for `server` & `enable` for `desktop`
@@ -129,6 +136,16 @@ HELMET_CSP_CONFIG_PATH=./csp.config.json
 # Docs: https://www.npmjs.com/package/morgan#predefined-formats
 LOG_FORMAT_MORGAN=
 # This location is for server logs with classical UNIX logrotate behavior
 LOG_LOCATION=./sasjs_root/logs
 # A comma separated string that defines the available runTimes.
 # Priority is given to the runtime that comes first in the string.
 # Possible options at the moment are sas and js
 # options: [sas,js|js,sas|sas|js] default:sas
 RUN_TIMES=
 ```
 ## Persisting the Session
@@ -185,3 +202,29 @@ The following credentials can be used for the initial connection to SASjs/server
 - CLIENTID: `clientID1`
 - USERNAME: `secretuser`
 - PASSWORD: `secretpassword`
 ## Contributors ✨
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
 <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->
 <table>
  <tr>
    <td align="center"><a href="https://github.com/saadjutt01"><img src="https://avatars.githubusercontent.com/u/8914650?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Saad Jutt</b></sub></a><br /><a href="https://github.com/sasjs/server/commits?author=saadjutt01" title="Code">💻</a> <a href="https://github.com/sasjs/server/commits?author=saadjutt01" title="Tests">⚠️</a></td>
    <td align="center"><a href="https://github.com/sabhas"><img src="https://avatars.githubusercontent.com/u/82647447?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Sabir Hassan</b></sub></a><br /><a href="https://github.com/sasjs/server/commits?author=sabhas" title="Code">💻</a> <a href="https://github.com/sasjs/server/commits?author=sabhas" title="Tests">⚠️</a></td>
    <td align="center"><a href="https://www.erudicat.com/"><img src="https://avatars.githubusercontent.com/u/25773492?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Yury Shkoda</b></sub></a><br /><a href="https://github.com/sasjs/server/commits?author=YuryShkoda" title="Code">💻</a> <a href="https://github.com/sasjs/server/commits?author=YuryShkoda" title="Tests">⚠️</a></td>
    <td align="center"><a href="https://github.com/medjedovicm"><img src="https://avatars.githubusercontent.com/u/18329105?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Mihajlo Medjedovic</b></sub></a><br /><a href="https://github.com/sasjs/server/commits?author=medjedovicm" title="Code">💻</a> <a href="https://github.com/sasjs/server/commits?author=medjedovicm" title="Tests">⚠️</a></td>
    <td align="center"><a href="https://4gl.io/"><img src="https://avatars.githubusercontent.com/u/4420615?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Allan Bowe</b></sub></a><br /><a href="https://github.com/sasjs/server/commits?author=allanbowe" title="Code">💻</a> <a href="https://github.com/sasjs/server/commits?author=allanbowe" title="Documentation">📖</a></td>
    <td align="center"><a href="https://github.com/VladislavParhomchik"><img src="https://avatars.githubusercontent.com/u/83717836?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Vladislav Parhomchik</b></sub></a><br /><a href="https://github.com/sasjs/server/commits?author=VladislavParhomchik" title="Tests">⚠️</a></td>
    <td align="center"><a href="https://github.com/kknapen"><img src="https://avatars.githubusercontent.com/u/78609432?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Koen Knapen</b></sub></a><br /><a href="#userTesting-kknapen" title="User Testing">📓</a></td>
  </tr>
 </table>
 <!-- markdownlint-restore -->
 <!-- prettier-ignore-end -->
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
--- a/api/.env.example
+++ b/api/.env.example
@@ -4,20 +4,21 @@ WHITELIST=<space separated urls, each starting with protocol `http` or `https`>
 PROTOCOL=[http|https] default considered as http
 PRIVATE_KEY=privkey.pem
-FULL_CHAIN=fullchain.pem
+CERT_CHAIN=certificate.pem
 CA_ROOT=fullchain.pem
 PORT=[5000] default value is 5000
 HELMET_CSP_CONFIG_PATH=./csp.config.json if omitted HELMET default will be used
 HELMET_COEP=[true|false] if omitted HELMET default will be used
 ACCESS_TOKEN_SECRET=<secret>
 REFRESH_TOKEN_SECRET=<secret>
 AUTH_CODE_SECRET=<secret>
 SESSION_SECRET=<secret>
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 RUN_TIMES=[sas|js|sas,js|js,sas] default considered as sas
 SAS_PATH=/opt/sas/sas9/SASHome/SASFoundation/9.4/sas
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
 SASJS_ROOT=./sasjs_root
-LOG_FORMAT_MORGAN=common
+LOG_FORMAT_MORGAN=common
 LOG_LOCATION=./sasjs_root/logs
--- a/api/.nvmrc
+++ b/api/.nvmrc
@@ -1 +1 @@
-v16.14.0
+v16.15.1
--- a/api/package-lock.json
+++ b/api/package-lock.json
--- a/api/package.json
+++ b/api/package.json
@@ -7,7 +7,7 @@
    "initial": "npm run swagger && npm run compileSysInit && npm run copySASjsCore",
    "prestart": "npm run initial",
    "prebuild": "npm run initial",
-    "start": "nodemon ./src/server.ts",
+    "start": "NODE_ENV=development nodemon ./src/server.ts",
    "start:prod": "node ./build/src/server.js",
    "build": "rimraf build && tsc",
    "postbuild": "npm run copy:files",
@@ -47,7 +47,7 @@
  },
  "author": "4GL Ltd",
  "dependencies": {
-    "@sasjs/core": "^4.23.1",
+    "@sasjs/core": "^4.31.3",
    "@sasjs/utils": "2.42.1",
    "bcryptjs": "^2.4.3",
    "connect-mongo": "^4.6.0",
@@ -62,10 +62,14 @@
    "mongoose": "^6.0.12",
    "mongoose-sequence": "^5.3.1",
    "morgan": "^1.10.0",
-    "multer": "^1.4.3",
+    "multer": "^1.4.5-lts.1",
-    "swagger-ui-express": "4.3.0"
+    "rotating-file-stream": "^3.0.4",
    "swagger-ui-express": "4.3.0",
    "unzipper": "^0.10.11",
    "url": "^0.10.3"
  },
  "devDependencies": {
    "@types/adm-zip": "^0.5.0",
    "@types/bcryptjs": "^2.4.2",
    "@types/cookie-parser": "^1.4.2",
    "@types/cors": "^2.8.12",
@@ -80,6 +84,8 @@
    "@types/node": "^15.12.2",
    "@types/supertest": "^2.0.11",
    "@types/swagger-ui-express": "^4.1.3",
    "@types/unzipper": "^0.10.5",
    "adm-zip": "^0.5.9",
    "dotenv": "^10.0.0",
    "http-headers-validation": "^0.0.1",
    "jest": "^27.0.6",
@@ -96,7 +102,7 @@
  },
  "nodemonConfig": {
    "ignore": [
-      "tmp/**/*"
+      "sasjs_root/**/*"
    ]
  }
 }
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
--- a/api/scripts/compileSysInit.ts
+++ b/api/scripts/compileSysInit.ts
@@ -6,12 +6,12 @@ import {
  readFile,
  SASJsFileType
 } from '@sasjs/utils'
-import { apiRoot, sysInitCompiledPath } from '../src/utils'
+import { apiRoot, sysInitCompiledPath } from '../src/utils/file'
 const macroCorePath = path.join(apiRoot, 'node_modules', '@sasjs', 'core')
 const compiledSystemInit = async (systemInit: string) =>
-  'options ps=max;\n' +
+  'options ls=max ps=max;\n' +
  (await loadDependenciesFile({
    fileContent: systemInit,
    type: SASJsFileType.job,
--- a/api/scripts/copySASjsCore.ts
+++ b/api/scripts/copySASjsCore.ts
@@ -8,7 +8,11 @@ import {
  listFilesInFolder
 } from '@sasjs/utils'
-import { apiRoot, sasJSCoreMacros, sasJSCoreMacrosInfo } from '../src/utils'
+import {
  apiRoot,
  sasJSCoreMacros,
  sasJSCoreMacrosInfo
 } from '../src/utils/file'
 const macroCorePath = path.join(apiRoot, 'node_modules', '@sasjs', 'core')
--- a/api/src/app-modules/configureCors.ts
+++ b/api/src/app-modules/configureCors.ts
@@ -0,0 +1,21 @@
 import { Express } from 'express'
 import cors from 'cors'
 import { CorsType } from '../utils'
 export const configureCors = (app: Express) => {
  const { CORS, WHITELIST } = process.env
  if (CORS === CorsType.ENABLED) {
    const whiteList: string[] = []
    WHITELIST?.split(' ')
      ?.filter((url) => !!url)
      .forEach((url) => {
        if (url.startsWith('http'))
          // removing trailing slash of URLs listing for CORS
          whiteList.push(url.replace(/\/$/, ''))
      })
    console.log('All CORS Requests are enabled for:', whiteList)
    app.use(cors({ credentials: true, origin: whiteList }))
  }
 }
--- a/api/src/app-modules/configureExpressSession.ts
+++ b/api/src/app-modules/configureExpressSession.ts
@@ -0,0 +1,32 @@
 import { Express } from 'express'
 import mongoose from 'mongoose'
 import session from 'express-session'
 import MongoStore from 'connect-mongo'
 import { ModeType } from '../utils'
 import { cookieOptions } from '../app'
 export const configureExpressSession = (app: Express) => {
  const { MODE } = process.env
  if (MODE === ModeType.Server) {
    let store: MongoStore | undefined
    if (process.env.NODE_ENV !== 'test') {
      store = MongoStore.create({
        client: mongoose.connection!.getClient() as any,
        collectionName: 'sessions'
      })
    }
    app.use(
      session({
        secret: process.secrets.SESSION_SECRET,
        saveUninitialized: false, // don't create session until something stored
        resave: false, //don't save session if unmodified
        store,
        cookie: cookieOptions
      })
    )
  }
 }
--- a/api/src/app-modules/configureLogger.ts
+++ b/api/src/app-modules/configureLogger.ts
@@ -0,0 +1,33 @@
 import path from 'path'
 import { Express } from 'express'
 import morgan from 'morgan'
 import { createStream } from 'rotating-file-stream'
 import { generateTimestamp } from '@sasjs/utils'
 import { getLogFolder } from '../utils'
 export const configureLogger = (app: Express) => {
  const { LOG_FORMAT_MORGAN } = process.env
  let options
  if (
    process.env.NODE_ENV !== 'development' &&
    process.env.NODE_ENV !== 'test'
  ) {
    const timestamp = generateTimestamp()
    const filename = `${timestamp}.log`
    const logsFolder = getLogFolder()
    // create a rotating write stream
    var accessLogStream = createStream(filename, {
      interval: '1d', // rotate daily
      path: logsFolder
    })
    console.log('Writing Logs to :', path.join(logsFolder, filename))
    options = { stream: accessLogStream }
  }
  // setup the logger
  app.use(morgan(LOG_FORMAT_MORGAN as string, options))
 }
--- a/api/src/app-modules/configureSecurity.ts
+++ b/api/src/app-modules/configureSecurity.ts
@@ -0,0 +1,26 @@
 import { Express } from 'express'
 import { getEnvCSPDirectives } from '../utils/parseHelmetConfig'
 import { HelmetCoepType, ProtocolType } from '../utils'
 import helmet from 'helmet'
 export const configureSecurity = (app: Express) => {
  const { PROTOCOL, HELMET_CSP_CONFIG_PATH, HELMET_COEP } = process.env
  const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
    HELMET_CSP_CONFIG_PATH
  )
  if (PROTOCOL === ProtocolType.HTTP)
    cspConfigJson['upgrade-insecure-requests'] = null
  app.use(
    helmet({
      contentSecurityPolicy: {
        directives: {
          ...helmet.contentSecurityPolicy.getDefaultDirectives(),
          ...cspConfigJson
        }
      },
      crossOriginEmbedderPolicy: HELMET_COEP === HelmetCoepType.TRUE
    })
  )
 }
--- a/api/src/app-modules/index.ts
+++ b/api/src/app-modules/index.ts
@@ -0,0 +1,4 @@
 export * from './configureCors'
 export * from './configureExpressSession'
 export * from './configureLogger'
 export * from './configureSecurity'
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -1,30 +1,26 @@
 import path from 'path'
 import express, { ErrorRequestHandler } from 'express'
-import csrf from 'csurf'
+import csrf, { CookieOptions } from 'csurf'
 import session from 'express-session'
 import MongoStore from 'connect-mongo'
 import morgan from 'morgan'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
 import cors from 'cors'
 import helmet from 'helmet'
 import {
  connectDB,
  copySASjsCore,
  CorsType,
  getWebBuildFolder,
  HelmetCoepType,
  instantiateLogger,
  loadAppStreamConfig,
  ModeType,
  ProtocolType,
  ReturnCode,
  setProcessVariables,
  setupFolders,
  verifyEnvVariables
 } from './utils'
-import { getEnvCSPDirectives } from './utils/parseHelmetConfig'
+import {
  configureCors,
  configureExpressSession,
  configureLogger,
  configureSecurity
 } from './app-modules'
 dotenv.config()
@@ -34,99 +30,20 @@ if (verifyEnvVariables()) process.exit(ReturnCode.InvalidEnv)
 const app = express()
-app.use(cookieParser())
+const { PROTOCOL } = process.env
-const {
+export const cookieOptions: CookieOptions = {
  MODE,
  CORS,
  WHITELIST,
  PROTOCOL,
  HELMET_CSP_CONFIG_PATH,
  HELMET_COEP,
  LOG_FORMAT_MORGAN
 } = process.env
 app.use(morgan(LOG_FORMAT_MORGAN as string))
 export const cookieOptions = {
  secure: PROTOCOL === ProtocolType.HTTPS,
  httpOnly: true,
  sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
  maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
  HELMET_CSP_CONFIG_PATH
 )
 if (PROTOCOL === ProtocolType.HTTP)
  cspConfigJson['upgrade-insecure-requests'] = null
 /***********************************
 *         CSRF Protection         *
 ***********************************/
 export const csrfProtection = csrf({ cookie: cookieOptions })
 /***********************************
 *   Handle security and origin    *
 ***********************************/
 app.use(
  helmet({
    contentSecurityPolicy: {
      directives: {
        ...helmet.contentSecurityPolicy.getDefaultDirectives(),
        ...cspConfigJson
      }
    },
    crossOriginEmbedderPolicy: HELMET_COEP === HelmetCoepType.TRUE
  })
 )
 /***********************************
 *         Enabling CORS           *
 ***********************************/
 if (CORS === CorsType.ENABLED) {
  const whiteList: string[] = []
  WHITELIST?.split(' ')
    ?.filter((url) => !!url)
    .forEach((url) => {
      if (url.startsWith('http'))
        // removing trailing slash of URLs listing for CORS
        whiteList.push(url.replace(/\/$/, ''))
    })
  console.log('All CORS Requests are enabled for:', whiteList)
  app.use(cors({ credentials: true, origin: whiteList }))
 }
 /***********************************
 *         DB Connection &          *
 *        Express Sessions          *
 *        With Mongo Store          *
 ***********************************/
 if (MODE === ModeType.Server) {
  let store: MongoStore | undefined
  // NOTE: when exporting app.js as agent for supertest
  // we should exclude connecting to the real database
  if (process.env.NODE_ENV !== 'test') {
    const clientPromise = connectDB().then((conn) => conn!.getClient() as any)
    store = MongoStore.create({ clientPromise, collectionName: 'sessions' })
  }
  app.use(
    session({
      secret: process.env.SESSION_SECRET as string,
      saveUninitialized: false, // don't create session until something stored
      resave: false, //don't save session if unmodified
      store,
      cookie: cookieOptions
    })
  )
 }
 app.use(express.json({ limit: '100mb' }))
 app.use(express.static(path.join(__dirname, '../public')))
 const onError: ErrorRequestHandler = (err, req, res, next) => {
  if (err.code === 'EBADCSRFTOKEN')
    return res.status(400).send('Invalid CSRF token!')
@@ -136,6 +53,30 @@ const onError: ErrorRequestHandler = (err, req, res, next) => {
 }
 export default setProcessVariables().then(async () => {
  app.use(cookieParser())
  configureLogger(app)
  /***********************************
   *   Handle security and origin    *
   ***********************************/
  configureSecurity(app)
  /***********************************
   *         Enabling CORS           *
   ***********************************/
  configureCors(app)
  /***********************************
   *         DB Connection &          *
   *        Express Sessions          *
   *        With Mongo Store          *
   ***********************************/
  configureExpressSession(app)
  app.use(express.json({ limit: '100mb' }))
  app.use(express.static(path.join(__dirname, '../public')))
  await setupFolders()
  await copySASjsCore()
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -129,8 +129,8 @@ const verifyAuthCode = async (
  clientId: string,
  code: string
 ): Promise<InfoJWT | undefined> => {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve) => {
-    jwt.verify(code, process.env.AUTH_CODE_SECRET as string, (err, data) => {
+    jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
      if (err) return resolve(undefined)
      const clientInfo: InfoJWT = {
--- a/api/src/controllers/code.ts
+++ b/api/src/controllers/code.ts
@@ -3,19 +3,24 @@ import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
 import { ExecuteReturnJson, ExecutionController } from './internal'
 import { ExecuteReturnJsonResponse } from '.'
 import {
  getDesktopUserAutoExecPath,
  getPreProgramVariables,
  getUserAutoExec,
  ModeType,
-  parseLogToArray
+  parseLogToArray,
  RunTimeType
 } from '../utils'
 import { readFile } from '@sasjs/utils'
-interface ExecuteSASCodePayload {
+interface ExecuteCodePayload {
  /**
-   * Code of SAS program
+   * Code of program
-   * @example "* SAS Code HERE;"
+   * @example "* Code HERE;"
   */
  code: string
  /**
   * runtime for program
   * @example "js"
   */
  runTime: RunTimeType
 }
@Security('bearerAuth')
@@ -27,33 +32,34 @@ export class CodeController {
   * @summary Run SAS Code and returns log
   */
  @Post('/execute')
-  public async executeSASCode(
+  public async executeCode(
    @Request() request: express.Request,
-    @Body() body: ExecuteSASCodePayload
+    @Body() body: ExecuteCodePayload
  ): Promise<ExecuteReturnJsonResponse> {
-    return executeSASCode(request, body)
+    return executeCode(request, body)
  }
 }
-const executeSASCode = async (
+const executeCode = async (
  req: express.Request,
-  { code }: ExecuteSASCodePayload
+  { code, runTime }: ExecuteCodePayload
 ) => {
  const { user } = req
  const userAutoExec =
    process.env.MODE === ModeType.Server
      ? user?.autoExec
-      : await readFile(getDesktopUserAutoExecPath())
+      : await getUserAutoExec()
  try {
    const { webout, log, httpHeaders } =
-      (await new ExecutionController().executeProgram(
+      (await new ExecutionController().executeProgram({
-        code,
+        program: code,
-        getPreProgramVariables(req),
+        preProgramVariables: getPreProgramVariables(req),
-        { ...req.query, _debug: 131 },
+        vars: { ...req.query, _debug: 131 },
-        { userAutoExec },
+        otherArgs: { userAutoExec },
-        true
+        returnJson: true,
-      )) as ExecuteReturnJson
+        runTime: runTime
      })) as ExecuteReturnJson
    return {
      status: 'success',
--- a/api/src/controllers/drive.ts
+++ b/api/src/controllers/drive.ts
@@ -22,6 +22,7 @@ import {
  moveFile,
  createFolder,
  deleteFile as deleteFileOnSystem,
  deleteFolder as deleteFolderOnSystem,
  folderExists,
  listFilesInFolder,
  listSubFoldersInFolder,
@@ -58,11 +59,32 @@ interface GetFileTreeResponse {
  tree: TreeNode
 }
-interface UpdateFileResponse {
+interface FileFolderResponse {
  status: string
  message?: string
 }
 interface AddFolderPayload {
  /**
   * Location of folder
   * @example "/Public/someFolder"
   */
  folderPath: string
 }
 interface RenamePayload {
  /**
   * Old path of file/folder
   * @example "/Public/someFolder"
   */
  oldPath: string
  /**
   * New path of file/folder
   * @example "/Public/newFolder"
   */
  newPath: string
 }
 const fileTreeExample = getTreeExample()
 const successDeployResponse: DeployResponse = {
@@ -96,7 +118,12 @@ export class DriveController {
  }
  /**
-   * @summary Creates/updates files within SASjs Drive using uploaded JSON file.
+   * Accepts JSON file and zipped compressed JSON file as well.
   * Compressed file should only contain one JSON file and should have same name
   * as of compressed file e.g. deploy.JSON should be compressed to deploy.JSON.zip
   * Any other file or JSON file in zipped will be ignored!
   *
   * @summary Creates/updates files within SASjs Drive using uploaded JSON/compressed JSON file.
   *
   */
  @Example<DeployResponse>(successDeployResponse)
@@ -138,7 +165,7 @@ export class DriveController {
  /**
   *
   * @summary Delete file from SASjs Drive
-   * @query _filePath Location of SAS program
+   * @query _filePath Location of file
   * @example _filePath "/Public/somefolder/some.file"
   */
  @Delete('/file')
@@ -146,20 +173,31 @@ export class DriveController {
    return deleteFile(_filePath)
  }
  /**
   *
   * @summary Delete folder from SASjs Drive
   * @query _folderPath Location of folder
   * @example _folderPath "/Public/somefolder/"
   */
  @Delete('/folder')
  public async deleteFolder(@Query() _folderPath: string) {
    return deleteFolder(_folderPath)
  }
  /**
   * It's optional to either provide `_filePath` in url as query parameter
   * Or provide `filePath` in body as form field.
   * But it's required to provide else API will respond with Bad Request.
   *
   * @summary Create a file in SASjs Drive
-   * @param _filePath Location of SAS program
+   * @param _filePath Location of file
   * @example _filePath "/Public/somefolder/some.file.sas"
   *
   */
-  @Example<UpdateFileResponse>({
+  @Example<FileFolderResponse>({
    status: 'success'
  })
-  @Response<UpdateFileResponse>(403, 'File already exists', {
+  @Response<FileFolderResponse>(403, 'File already exists', {
    status: 'failure',
    message: 'File request failed.'
  })
@@ -168,10 +206,28 @@ export class DriveController {
    @UploadedFile() file: Express.Multer.File,
    @Query() _filePath?: string,
    @FormField() filePath?: string
-  ): Promise<UpdateFileResponse> {
+  ): Promise<FileFolderResponse> {
    return saveFile((_filePath ?? filePath)!, file)
  }
  /**
   * @summary Create an empty folder in SASjs Drive
   *
   */
  @Example<FileFolderResponse>({
    status: 'success'
  })
  @Response<FileFolderResponse>(409, 'Folder already exists', {
    status: 'failure',
    message: 'Add folder request failed.'
  })
  @Post('/folder')
  public async addFolder(
    @Body() body: AddFolderPayload
  ): Promise<FileFolderResponse> {
    return addFolder(body.folderPath)
  }
  /**
   * It's optional to either provide `_filePath` in url as query parameter
   * Or provide `filePath` in body as form field.
@@ -182,10 +238,10 @@ export class DriveController {
   * @example _filePath "/Public/somefolder/some.file.sas"
   *
   */
-  @Example<UpdateFileResponse>({
+  @Example<FileFolderResponse>({
    status: 'success'
  })
-  @Response<UpdateFileResponse>(403, `File doesn't exist`, {
+  @Response<FileFolderResponse>(403, `File doesn't exist`, {
    status: 'failure',
    message: 'File request failed.'
  })
@@ -194,10 +250,28 @@ export class DriveController {
    @UploadedFile() file: Express.Multer.File,
    @Query() _filePath?: string,
    @FormField() filePath?: string
-  ): Promise<UpdateFileResponse> {
+  ): Promise<FileFolderResponse> {
    return updateFile((_filePath ?? filePath)!, file)
  }
  /**
   * @summary Renames a file/folder in SASjs Drive
   *
   */
  @Example<FileFolderResponse>({
    status: 'success'
  })
  @Response<FileFolderResponse>(409, 'Folder already exists', {
    status: 'failure',
    message: 'rename request failed.'
  })
  @Post('/rename')
  public async rename(
    @Body() body: RenamePayload
  ): Promise<FileFolderResponse> {
    return rename(body.oldPath, body.newPath)
  }
  /**
   * @summary Fetch file tree within SASjs Drive.
   *
@@ -244,20 +318,26 @@ const getFile = async (req: express.Request, filePath: string) => {
    .join(getFilesFolder(), filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot get file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't get file outside drive.`
    }
-  if (!(await fileExists(filePathFull))) {
+  if (!(await fileExists(filePathFull)))
-    throw new Error("File doesn't exist.")
+    throw {
-  }
+      code: 404,
      status: 'Not Found',
      message: `File doesn't exist.`
    }
  const extension = path.extname(filePathFull).toLowerCase()
  if (extension === '.sas') {
    req.res?.setHeader('Content-type', 'text/plain')
  }
-  req.res?.sendFile(path.resolve(filePathFull))
+  req.res?.sendFile(path.resolve(filePathFull), { dotfiles: 'allow' })
 }
 const getFolder = async (folderPath?: string) => {
@@ -268,17 +348,26 @@ const getFolder = async (folderPath?: string) => {
      .join(getFilesFolder(), folderPath)
      .replace(new RegExp('/', 'g'), path.sep)
-    if (!folderPathFull.includes(driveFilesPath)) {
+    if (!folderPathFull.includes(driveFilesPath))
-      throw new Error('Cannot get folder outside drive.')
+      throw {
-    }
+        code: 400,
        status: 'Bad Request',
        message: `Can't get folder outside drive.`
      }
-    if (!(await folderExists(folderPathFull))) {
+    if (!(await folderExists(folderPathFull)))
-      throw new Error("Folder doesn't exist.")
+      throw {
-    }
+        code: 404,
        status: 'Not Found',
        message: `Folder doesn't exist.`
      }
-    if (!(await isFolder(folderPathFull))) {
+    if (!(await isFolder(folderPathFull)))
-      throw new Error('Not a Folder.')
+      throw {
-    }
+        code: 400,
        status: 'Bad Request',
        message: 'Not a Folder.'
      }
    const files: string[] = await listFilesInFolder(folderPathFull)
    const folders: string[] = await listSubFoldersInFolder(folderPathFull)
@@ -297,19 +386,51 @@ const deleteFile = async (filePath: string) => {
    .join(getFilesFolder(), filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot delete file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't delete file outside drive.`
    }
-  if (!(await fileExists(filePathFull))) {
+  if (!(await fileExists(filePathFull)))
-    throw new Error('File does not exist.')
+    throw {
-  }
+      code: 404,
      status: 'Not Found',
      message: `File doesn't exist.`
    }
  await deleteFileOnSystem(filePathFull)
  return { status: 'success' }
 }
 const deleteFolder = async (folderPath: string) => {
  const driveFolderPath = getFilesFolder()
  const folderPathFull = path
    .join(getFilesFolder(), folderPath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!folderPathFull.includes(driveFolderPath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Can't delete folder outside drive.`
    }
  if (!(await folderExists(folderPathFull)))
    throw {
      code: 404,
      status: 'Not Found',
      message: `Folder doesn't exist.`
    }
  await deleteFolderOnSystem(folderPathFull)
  return { status: 'success' }
 }
 const saveFile = async (
  filePath: string,
  multerFile: Express.Multer.File
@@ -320,13 +441,19 @@ const saveFile = async (
    .join(driveFilesPath, filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot put file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't put file outside drive.`
    }
-  if (await fileExists(filePathFull)) {
+  if (await fileExists(filePathFull))
-    throw new Error('File already exists.')
+    throw {
-  }
+      code: 409,
      status: 'Conflict',
      message: 'File already exists.'
    }
  const folderPath = path.dirname(filePathFull)
  await createFolder(folderPath)
@@ -335,6 +462,88 @@ const saveFile = async (
  return { status: 'success' }
 }
 const addFolder = async (folderPath: string): Promise<FileFolderResponse> => {
  const drivePath = getFilesFolder()
  const folderPathFull = path
    .join(drivePath, folderPath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!folderPathFull.includes(drivePath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Can't put folder outside drive.`
    }
  if (await folderExists(folderPathFull))
    throw {
      code: 409,
      status: 'Conflict',
      message: 'Folder already exists.'
    }
  await createFolder(folderPathFull)
  return { status: 'success' }
 }
 const rename = async (
  oldPath: string,
  newPath: string
 ): Promise<FileFolderResponse> => {
  const drivePath = getFilesFolder()
  const oldPathFull = path
    .join(drivePath, oldPath)
    .replace(new RegExp('/', 'g'), path.sep)
  const newPathFull = path
    .join(drivePath, newPath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!oldPathFull.includes(drivePath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Old path can't be outside of drive.`
    }
  if (!newPathFull.includes(drivePath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `New path can't be outside of drive.`
    }
  if (await isFolder(oldPathFull)) {
    if (await folderExists(newPathFull))
      throw {
        code: 409,
        status: 'Conflict',
        message: 'Folder with new name already exists.'
      }
    else moveFile(oldPathFull, newPathFull)
    return { status: 'success' }
  } else if (await fileExists(oldPathFull)) {
    if (await fileExists(newPathFull))
      throw {
        code: 409,
        status: 'Conflict',
        message: 'File with new name already exists.'
      }
    else moveFile(oldPathFull, newPathFull)
    return { status: 'success' }
  }
  throw {
    code: 404,
    status: 'Not Found',
    message: 'No file/folder found for provided path.'
  }
 }
 const updateFile = async (
  filePath: string,
  multerFile: Express.Multer.File
@@ -345,13 +554,19 @@ const updateFile = async (
    .join(driveFilesPath, filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot modify file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't modify file outside drive.`
    }
-  if (!(await fileExists(filePathFull))) {
+  if (!(await fileExists(filePathFull)))
-    throw new Error(`File doesn't exist.`)
+    throw {
-  }
+      code: 404,
      status: 'Not Found',
      message: `File doesn't exist.`
    }
  await moveFile(multerFile.path, filePathFull)
--- a/api/src/controllers/group.ts
+++ b/api/src/controllers/group.ts
@@ -10,17 +10,17 @@ import {
  Body
 } from 'tsoa'
-import Group, { GroupPayload } from '../model/Group'
+import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import { UserResponse } from './user'
-interface GroupResponse {
+export interface GroupResponse {
  groupId: number
  name: string
  description: string
 }
-interface GroupDetailsResponse {
+export interface GroupDetailsResponse {
  groupId: number
  name: string
  description: string
@@ -28,6 +28,11 @@ interface GroupDetailsResponse {
  users: UserResponse[]
 }
 interface GetGroupBy {
  groupId?: number
  name?: string
 }
@Security('bearerAuth')
@Route('SASjsApi/group')
@Tags('Group')
@@ -66,6 +71,18 @@ export class GroupController {
    return createGroup(body)
  }
  /**
   * @summary Get list of members of a group (userName). All users can request this.
   * @param name The group's name
   * @example dcgroup
   */
  @Get('by/groupname/{name}')
  public async getGroupByGroupName(
    @Path() name: string
  ): Promise<GroupDetailsResponse> {
    return getGroup({ name })
  }
  /**
   * @summary Get list of members of a group (userName). All users can request this.
   * @param groupId The group's identifier
@@ -75,7 +92,7 @@ export class GroupController {
  public async getGroup(
    @Path() groupId: number
  ): Promise<GroupDetailsResponse> {
-    return getGroup(groupId)
+    return getGroup({ groupId })
  }
  /**
@@ -129,9 +146,13 @@ export class GroupController {
   */
  @Delete('{groupId}')
  public async deleteGroup(@Path() groupId: number) {
-    const { deletedCount } = await Group.deleteOne({ groupId })
+    const group = await Group.findOne({ groupId })
-    if (deletedCount) return
+    if (group) return await group.remove()
-    throw new Error('No Group deleted!')
+    throw {
      code: 404,
      status: 'Not Found',
      message: 'Group not found.'
    }
  }
 }
@@ -145,6 +166,15 @@ const createGroup = async ({
  description,
  isActive
 }: GroupPayload): Promise<GroupDetailsResponse> => {
  // Checking if user is already in the database
  const groupnameExist = await Group.findOne({ name })
  if (groupnameExist)
    throw {
      code: 409,
      status: 'Conflict',
      message: 'Group name already exists.'
    }
  const group = new Group({
    name,
    description,
@@ -162,15 +192,20 @@ const createGroup = async ({
  }
 }
-const getGroup = async (groupId: number): Promise<GroupDetailsResponse> => {
+const getGroup = async (findBy: GetGroupBy): Promise<GroupDetailsResponse> => {
  const group = (await Group.findOne(
-    { groupId },
+    findBy,
    'groupId name description isActive users -_id'
  ).populate(
    'users',
-    'id username displayName -_id'
+    'id username displayName isAdmin -_id'
  )) as unknown as GroupDetailsResponse
-  if (!group) throw new Error('Group not found.')
+  if (!group)
    throw {
      code: 404,
      status: 'Not Found',
      message: 'Group not found.'
    }
  return {
    groupId: group.groupId,
@@ -199,16 +234,39 @@ const updateUsersListInGroup = async (
  action: 'addUser' | 'removeUser'
 ): Promise<GroupDetailsResponse> => {
  const group = await Group.findOne({ groupId })
-  if (!group) throw new Error('Group not found.')
+  if (!group)
    throw {
      code: 404,
      status: 'Not Found',
      message: 'Group not found.'
    }
  if (group.name === PUBLIC_GROUP_NAME)
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
    }
  const user = await User.findOne({ id: userId })
-  if (!user) throw new Error('User not found.')
+  if (!user)
    throw {
      code: 404,
      status: 'Not Found',
      message: 'User not found.'
    }
-  const updatedGroup = (action === 'addUser'
+  const updatedGroup =
-    ? await group.addUser(user._id)
+    action === 'addUser'
-    : await group.removeUser(user._id)) as unknown as GroupDetailsResponse
+      ? await group.addUser(user)
      : await group.removeUser(user)
-  if (!updatedGroup) throw new Error('Unable to update group')
+  if (!updatedGroup)
    throw {
      code: 400,
      status: 'Bad Request',
      message: 'Unable to update group.'
    }
  return {
    groupId: updatedGroup.groupId,
--- a/api/src/controllers/index.ts
+++ b/api/src/controllers/index.ts
@@ -4,6 +4,7 @@ export * from './code'
 export * from './drive'
 export * from './group'
 export * from './info'
 export * from './permission'
 export * from './session'
 export * from './stp'
 export * from './user'
--- a/api/src/controllers/info.ts
+++ b/api/src/controllers/info.ts
@@ -1,10 +1,15 @@
 import { Route, Tags, Example, Get } from 'tsoa'
 import { getAuthorizedRoutes } from '../utils'
 export interface AuthorizedRoutesResponse {
  paths: string[]
 }
 export interface InfoResponse {
  mode: string
  cors: string
  whiteList: string[]
  protocol: string
  runTimes: string[]
 }
@Route('SASjsApi/info')
@@ -18,7 +23,8 @@ export class InfoController {
    mode: 'desktop',
    cors: 'enable',
    whiteList: ['http://example.com', 'http://example2.com'],
-    protocol: 'http'
+    protocol: 'http',
    runTimes: ['sas', 'js']
  })
  @Get('/')
  public info(): InfoResponse {
@@ -29,7 +35,23 @@ export class InfoController {
        (process.env.MODE === 'server' ? 'disable' : 'enable'),
      whiteList:
        process.env.WHITELIST?.split(' ')?.filter((url) => !!url) ?? [],
-      protocol: process.env.PROTOCOL ?? 'http'
+      protocol: process.env.PROTOCOL ?? 'http',
      runTimes: process.runTimes
    }
    return response
  }
  /**
   * @summary Get the list of available routes to which permissions can be applied.  Used to populate the dialog in the URI Permissions feature.
   *
   */
  @Example<AuthorizedRoutesResponse>({
    paths: ['/AppStream', '/SASjsApi/stp/execute']
  })
  @Get('/authorizedRoutes')
  public authorizedRoutes(): AuthorizedRoutesResponse {
    const response = {
      paths: getAuthorizedRoutes()
    }
    return response
  }
--- a/api/src/controllers/internal/Execution.ts
+++ b/api/src/controllers/internal/Execution.ts
@@ -1,21 +1,14 @@
 import path from 'path'
 import fs from 'fs'
-import { getSessionController } from './'
+import { getSessionController, processProgram } from './'
-import {
+import { readFile, fileExists, createFile, readFileBinary } from '@sasjs/utils'
  readFile,
  fileExists,
  createFile,
  moveFile,
  readFileBinary
 } from '@sasjs/utils'
 import { PreProgramVars, Session, TreeNode } from '../../types'
 import {
  extractHeaders,
  generateFileUploadSasCode,
  getFilesFolder,
  getMacrosFolder,
  HTTPHeaders,
-  isDebugOn
+  isDebugOn,
  RunTimeType
 } from '../../utils'
 export interface ExecutionVars {
@@ -33,39 +26,53 @@ export interface ExecuteReturnJson {
  log?: string
 }
-export class ExecutionController {
+interface ExecuteFileParams {
-  async executeFile(
+  programPath: string
-    programPath: string,
+  preProgramVariables: PreProgramVars
-    preProgramVariables: PreProgramVars,
+  vars: ExecutionVars
-    vars: ExecutionVars,
+  otherArgs?: any
-    otherArgs?: any,
+  returnJson?: boolean
-    returnJson?: boolean,
+  session?: Session
-    session?: Session
+  runTime: RunTimeType
-  ) {
+}
    if (!(await fileExists(programPath)))
      throw 'ExecutionController: SAS file does not exist.'
 interface ExecuteProgramParams extends Omit<ExecuteFileParams, 'programPath'> {
  program: string
 }
 export class ExecutionController {
  async executeFile({
    programPath,
    preProgramVariables,
    vars,
    otherArgs,
    returnJson,
    session,
    runTime
  }: ExecuteFileParams) {
    const program = await readFile(programPath)
-    return this.executeProgram(
+    return this.executeProgram({
      program,
      preProgramVariables,
      vars,
      otherArgs,
      returnJson,
-      session
+      session,
-    )
+      runTime
    })
  }
-  async executeProgram(
+  async executeProgram({
-    program: string,
+    program,
-    preProgramVariables: PreProgramVars,
+    preProgramVariables,
-    vars: ExecutionVars,
+    vars,
-    otherArgs?: any,
+    otherArgs,
-    returnJson?: boolean,
+    returnJson,
-    sessionByFileUpload?: Session
+    session: sessionByFileUpload,
-  ): Promise<ExecuteReturnRaw | ExecuteReturnJson> {
+    runTime
-    const sessionController = getSessionController()
+  }: ExecuteProgramParams): Promise<ExecuteReturnRaw | ExecuteReturnJson> {
    const sessionController = getSessionController(runTime)
    const session =
      sessionByFileUpload ?? (await sessionController.getSession())
@@ -83,78 +90,18 @@ export class ExecutionController {
      preProgramVariables?.httpHeaders.join('\n') ?? ''
    )
-    const varStatments = Object.keys(vars).reduce(
+    await processProgram(
-      (computed: string, key: string) =>
+      program,
-        `${computed}%let ${key}=${vars[key]};\n`,
+      preProgramVariables,
-      ''
+      vars,
      session,
      weboutPath,
      tokenFile,
      runTime,
      logPath,
      otherArgs
    )
    const preProgramVarStatments = `
 %let _sasjs_tokenfile=${tokenFile};
 %let _sasjs_username=${preProgramVariables?.username};
 %let _sasjs_userid=${preProgramVariables?.userId};
 %let _sasjs_displayname=${preProgramVariables?.displayName};
 %let _sasjs_apiserverurl=${preProgramVariables?.serverUrl};
 %let _sasjs_apipath=/SASjsApi/stp/execute;
 %let _metaperson=&_sasjs_displayname;
 %let _metauser=&_sasjs_username;
 %let sasjsprocessmode=Stored Program;
 %let sasjs_stpsrv_header_loc=%sysfunc(pathname(work))/../stpsrv_header.txt;
 %global SYSPROCESSMODE SYSTCPIPHOSTNAME SYSHOSTINFOLONG;
 %macro _sasjs_server_init();
  %if "&SYSPROCESSMODE"="" %then %let SYSPROCESSMODE=&sasjsprocessmode;
  %if "&SYSTCPIPHOSTNAME"="" %then %let SYSTCPIPHOSTNAME=&_sasjs_apiserverurl;
 %mend;
 %_sasjs_server_init()
 `
    program = `
 options insert=(SASAUTOS="${getMacrosFolder()}");
 /* runtime vars */
 ${varStatments}
 filename _webout "${weboutPath}" mod;
 /* dynamic user-provided vars */
 ${preProgramVarStatments}
 /* user autoexec starts */
 ${otherArgs?.userAutoExec ?? ''}
 /* user autoexec ends */
 /* actual job code */
 ${program}`
    // if no files are uploaded filesNamesMap will be undefined
    if (otherArgs?.filesNamesMap) {
      const uploadSasCode = await generateFileUploadSasCode(
        otherArgs.filesNamesMap,
        session.path
      )
      //If sas code for the file is generated it will be appended to the top of sasCode
      if (uploadSasCode.length > 0) {
        program = `${uploadSasCode}` + program
      }
    }
    const codePath = path.join(session.path, 'code.sas')
    // Creating this file in a RUNNING session will break out
    // the autoexec loop and actually execute the program
    // but - given it will take several milliseconds to create
    // (which can mean SAS trying to run a partial program, or
    // failing due to file lock) we first create the file THEN
    // we rename it.
    await createFile(codePath + '.bkp', program)
    await moveFile(codePath + '.bkp', codePath)
    // we now need to poll the session status
    while (!session.completed) {
      await delay(50)
    }
    const log = (await fileExists(logPath)) ? await readFile(logPath) : ''
    const headersContent = (await fileExists(headersPath))
      ? await readFile(headersPath)
@@ -196,6 +143,7 @@ ${program}`
      name: 'files',
      relativePath: '',
      absolutePath: getFilesFolder(),
      isFolder: true,
      children: []
    }
@@ -205,15 +153,22 @@ ${program}`
      const currentNode = stack.pop()
      if (currentNode) {
        currentNode.isFolder = fs
          .statSync(currentNode.absolutePath)
          .isDirectory()
        const children = fs.readdirSync(currentNode.absolutePath)
        for (let child of children) {
-          const absoluteChildPath = `${currentNode.absolutePath}/${child}`
+          const absoluteChildPath = path.join(currentNode.absolutePath, child)
          // relative path will only be used in frontend component
          // so, no need to convert '/' to platform specific separator
          const relativeChildPath = `${currentNode.relativePath}/${child}`
          const childNode: TreeNode = {
            name: child,
            relativePath: relativeChildPath,
            absolutePath: absoluteChildPath,
            isFolder: false,
            children: []
          }
          currentNode.children.push(childNode)
@@ -228,5 +183,3 @@ ${program}`
    return root
  }
 }
 const delay = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms))
--- a/api/src/controllers/internal/FileUploadController.ts
+++ b/api/src/controllers/internal/FileUploadController.ts
@@ -2,12 +2,17 @@ import { Request, RequestHandler } from 'express'
 import multer from 'multer'
 import { uuidv4 } from '@sasjs/utils'
 import { getSessionController } from '.'
 import {
  executeProgramRawValidation,
  getRunTimeAndFilePath,
  RunTimeType
 } from '../../utils'
 export class FileUploadController {
  private storage = multer.diskStorage({
    destination: function (req: Request, file: any, cb: any) {
      //Sending the intercepted files to the sessions subfolder
-      cb(null, req.sasSession?.path)
+      cb(null, req.sasjsSession?.path)
    },
    filename: function (req: Request, file: any, cb: any) {
      //req_file prefix + unique hash added to sas request files
@@ -20,15 +25,42 @@ export class FileUploadController {
  //It will intercept request and generate unique uuid to be used as a subfolder name
  //that will store the files uploaded
  public preUploadMiddleware: RequestHandler = async (req, res, next) => {
-    let session
+    const { error: errQ, value: query } = executeProgramRawValidation(req.query)
    const { error: errB, value: body } = executeProgramRawValidation(req.body)
-    const sessionController = getSessionController()
+    if (errQ && errB) return res.status(400).send(errB.details[0].message)
-    session = await sessionController.getSession()
+
    const programPath = (query?._program ?? body?._program) as string
    let runTime
    try {
      ;({ runTime } = await getRunTimeAndFilePath(programPath))
    } catch (err: any) {
      return res.status(400).send({
        status: 'failure',
        message: 'Job execution failed',
        error: typeof err === 'object' ? err.toString() : err
      })
    }
    let sessionController
    try {
      sessionController = getSessionController(runTime)
    } catch (err: any) {
      return res.status(400).send({
        status: 'failure',
        message: err.message,
        error: typeof err === 'object' ? err.toString() : err
      })
    }
    const session = await sessionController.getSession()
    // marking consumed true, so that it's not available
    // as readySession for any other request
    session.consumed = true
-    req.sasSession = session
+    req.sasjsSession = session
    next()
  }
--- a/api/src/controllers/internal/Session.ts
+++ b/api/src/controllers/internal/Session.ts
@@ -5,24 +5,28 @@ import { execFile } from 'child_process'
 import {
  getSessionsFolder,
  generateUniqueFileName,
-  sysInitCompiledPath
+  sysInitCompiledPath,
  RunTimeType
 } from '../../utils'
 import {
  deleteFolder,
  createFile,
  fileExists,
  generateTimestamp,
-  readFile
+  readFile,
  isWindows
 } from '@sasjs/utils'
 const execFilePromise = promisify(execFile)
-export class SessionController {
+abstract class SessionController {
-  private sessions: Session[] = []
+  protected sessions: Session[] = []
-  private getReadySessions = (): Session[] =>
+  protected getReadySessions = (): Session[] =>
    this.sessions.filter((sess: Session) => sess.ready && !sess.consumed)
  protected abstract createSession(): Promise<Session>
  public async getSession() {
    const readySessions = this.getReadySessions()
@@ -34,8 +38,10 @@ export class SessionController {
    return session
  }
 }
-  private async createSession(): Promise<Session> {
+export class SASSessionController extends SessionController {
  protected async createSession(): Promise<Session> {
    const sessionId = generateUniqueFileName(generateTimestamp())
    const sessionFolder = path.join(getSessionsFolder(), sessionId)
@@ -82,7 +88,9 @@ ${autoExecContent}`
    // however we also need a promise so that we can update the
    // session array to say that it has (eventually) finished.
-    execFilePromise(process.sasLoc, [
+    // Additional windows specific options to avoid the desktop popups.
    execFilePromise(process.sasLoc!, [
      '-SYSIN',
      codePath,
      '-LOG',
@@ -93,7 +101,12 @@ ${autoExecContent}`
      session.path,
      '-AUTOEXEC',
      autoExecPath,
-      process.platform === 'win32' ? '-nosplash' : ''
+      process.sasLoc!.endsWith('sas.exe') ? '-nosplash' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-icon' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-nodms' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-noterminal' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-nostatuswin' : '',
      isWindows() ? '-nologo' : ''
    ])
      .then(() => {
        session.completed = true
@@ -152,12 +165,66 @@ ${autoExecContent}`
  }
 }
-export const getSessionController = (): SessionController => {
+export class JSSessionController extends SessionController {
-  if (process.sessionController) return process.sessionController
+  protected async createSession(): Promise<Session> {
    const sessionId = generateUniqueFileName(generateTimestamp())
    const sessionFolder = path.join(getSessionsFolder(), sessionId)
-  process.sessionController = new SessionController()
+    const creationTimeStamp = sessionId.split('-').pop() as string
    // death time of session is 15 mins from creation
    const deathTimeStamp = (
      parseInt(creationTimeStamp) +
      15 * 60 * 1000 -
      1000
    ).toString()
-  return process.sessionController
+    const session: Session = {
      id: sessionId,
      ready: true,
      inUse: true,
      consumed: false,
      completed: false,
      creationTimeStamp,
      deathTimeStamp,
      path: sessionFolder
    }
    const headersPath = path.join(session.path, 'stpsrv_header.txt')
    await createFile(headersPath, 'Content-type: application/json')
    this.sessions.push(session)
    return session
  }
 }
 export const getSessionController = (
  runTime: RunTimeType
 ): SASSessionController | JSSessionController => {
  if (runTime === RunTimeType.SAS) {
    return getSASSessionController()
  }
  if (runTime === RunTimeType.JS) {
    return getJSSessionController()
  }
  throw new Error('No Runtime is configured')
 }
 const getSASSessionController = (): SASSessionController => {
  if (process.sasSessionController) return process.sasSessionController
  process.sasSessionController = new SASSessionController()
  return process.sasSessionController
 }
 const getJSSessionController = (): JSSessionController => {
  if (process.jsSessionController) return process.jsSessionController
  process.jsSessionController = new JSSessionController()
  return process.jsSessionController
 }
 const autoExecContent = `
--- a/api/src/controllers/internal/createJSProgram.ts
+++ b/api/src/controllers/internal/createJSProgram.ts
@@ -0,0 +1,69 @@
 import { isWindows } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadJSCode } from '../../utils'
 import { ExecutionVars } from './'
 export const createJSProgram = async (
  program: string,
  preProgramVariables: PreProgramVars,
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  tokenFile: string,
  otherArgs?: any
 ) => {
  const varStatments = Object.keys(vars).reduce(
    (computed: string, key: string) =>
      `${computed}const ${key} = '${vars[key]}';\n`,
    ''
  )
  const preProgramVarStatments = `
 let _webout = '';
 const weboutPath = '${
    isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath
  }'; 
 const _sasjs_tokenfile = '${
    isWindows() ? tokenFile.replace(/\\/g, '\\\\') : tokenFile
  }';
 const _sasjs_username = '${preProgramVariables?.username}';
 const _sasjs_userid = '${preProgramVariables?.userId}';
 const _sasjs_displayname = '${preProgramVariables?.displayName}';
 const _metaperson = _sasjs_displayname;
 const _metauser = _sasjs_username;
 const sasjsprocessmode = 'Stored Program';
 `
  const requiredModules = `const fs = require('fs')`
  program = `
 /* runtime vars */
 ${varStatments}
 /* dynamic user-provided vars */
 ${preProgramVarStatments}
 /* actual job code */
 ${program}
 /* write webout file only if webout exists*/
 if (_webout) {
  fs.writeFile(weboutPath, _webout, function (err) {
    if (err) throw err;
  })
 }
 `
  // if no files are uploaded filesNamesMap will be undefined
  if (otherArgs?.filesNamesMap) {
    const uploadJSCode = await generateFileUploadJSCode(
      otherArgs.filesNamesMap,
      session.path
    )
    //If js code for the file is generated it will be appended to the top of jsCode
    if (uploadJSCode.length > 0) {
      program = `${uploadJSCode}\n` + program
    }
  }
  return requiredModules + program
 }
--- a/api/src/controllers/internal/createSASProgram.ts
+++ b/api/src/controllers/internal/createSASProgram.ts
@@ -0,0 +1,69 @@
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadSasCode, getMacrosFolder } from '../../utils'
 import { ExecutionVars } from './'
 export const createSASProgram = async (
  program: string,
  preProgramVariables: PreProgramVars,
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  tokenFile: string,
  otherArgs?: any
 ) => {
  const varStatments = Object.keys(vars).reduce(
    (computed: string, key: string) => `${computed}%let ${key}=${vars[key]};\n`,
    ''
  )
  const preProgramVarStatments = `
 %let _sasjs_tokenfile=${tokenFile};
 %let _sasjs_username=${preProgramVariables?.username};
 %let _sasjs_userid=${preProgramVariables?.userId};
 %let _sasjs_displayname=${preProgramVariables?.displayName};
 %let _sasjs_apiserverurl=${preProgramVariables?.serverUrl};
 %let _sasjs_apipath=/SASjsApi/stp/execute;
 %let _metaperson=&_sasjs_displayname;
 %let _metauser=&_sasjs_username;
 %let sasjsprocessmode=Stored Program;
 %let sasjs_stpsrv_header_loc=%sysfunc(pathname(work))/../stpsrv_header.txt;
 %global SYSPROCESSMODE SYSTCPIPHOSTNAME SYSHOSTINFOLONG;
 %macro _sasjs_server_init();
 %if "&SYSPROCESSMODE"="" %then %let SYSPROCESSMODE=&sasjsprocessmode;
 %if "&SYSTCPIPHOSTNAME"="" %then %let SYSTCPIPHOSTNAME=&_sasjs_apiserverurl;
 %mend;
 %_sasjs_server_init()
 `
  program = `
 options insert=(SASAUTOS="${getMacrosFolder()}");
 /* runtime vars */
 ${varStatments}
 filename _webout "${weboutPath}" mod;
 /* dynamic user-provided vars */
 ${preProgramVarStatments}
 /* user autoexec starts */
 ${otherArgs?.userAutoExec ?? ''}
 /* user autoexec ends */
 /* actual job code */
 ${program}`
  // if no files are uploaded filesNamesMap will be undefined
  if (otherArgs?.filesNamesMap) {
    const uploadSasCode = await generateFileUploadSasCode(
      otherArgs.filesNamesMap,
      session.path
    )
    //If sas code for the file is generated it will be appended to the top of sasCode
    if (uploadSasCode.length > 0) {
      program = `${uploadSasCode}` + program
    }
  }
  return program
 }
--- a/api/src/controllers/internal/index.ts
+++ b/api/src/controllers/internal/index.ts
@@ -2,3 +2,6 @@ export * from './deploy'
 export * from './Session'
 export * from './Execution'
 export * from './FileUploadController'
 export * from './createSASProgram'
 export * from './createJSProgram'
 export * from './processProgram'
--- a/api/src/controllers/internal/processProgram.ts
+++ b/api/src/controllers/internal/processProgram.ts
@@ -0,0 +1,86 @@
 import path from 'path'
 import fs from 'fs'
 import { execFileSync } from 'child_process'
 import { once } from 'stream'
 import { createFile, moveFile } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { RunTimeType } from '../../utils'
 import { ExecutionVars, createSASProgram, createJSProgram } from './'
 export const processProgram = async (
  program: string,
  preProgramVariables: PreProgramVars,
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  tokenFile: string,
  runTime: RunTimeType,
  logPath: string,
  otherArgs?: any
 ) => {
  if (runTime === RunTimeType.JS) {
    program = await createJSProgram(
      program,
      preProgramVariables,
      vars,
      session,
      weboutPath,
      tokenFile,
      otherArgs
    )
    const codePath = path.join(session.path, 'code.js')
    try {
      await createFile(codePath, program)
      // create a stream that will write to console outputs to log file
      const writeStream = fs.createWriteStream(logPath)
      // waiting for the open event so that we can have underlying file descriptor
      await once(writeStream, 'open')
      execFileSync(process.nodeLoc!, [codePath], {
        stdio: ['ignore', writeStream, writeStream]
      })
      // copy the code.js program to log and end write stream
      writeStream.end(program)
      session.completed = true
      console.log('session completed', session)
    } catch (err: any) {
      session.completed = true
      session.crashed = err.toString()
      console.log('session crashed', session.id, session.crashed)
    }
  } else {
    program = await createSASProgram(
      program,
      preProgramVariables,
      vars,
      session,
      weboutPath,
      tokenFile,
      otherArgs
    )
    const codePath = path.join(session.path, 'code.sas')
    // Creating this file in a RUNNING session will break out
    // the autoexec loop and actually execute the program
    // but - given it will take several milliseconds to create
    // (which can mean SAS trying to run a partial program, or
    // failing due to file lock) we first create the file THEN
    // we rename it.
    await createFile(codePath + '.bkp', program)
    await moveFile(codePath + '.bkp', codePath)
    // we now need to poll the session status
    while (!session.completed) {
      await delay(50)
    }
  }
 }
 const delay = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms))
--- a/api/src/controllers/permission.ts
+++ b/api/src/controllers/permission.ts
@@ -0,0 +1,368 @@
 import express from 'express'
 import {
  Security,
  Route,
  Tags,
  Path,
  Example,
  Get,
  Post,
  Patch,
  Delete,
  Body,
  Request
 } from 'tsoa'
 import Permission from '../model/Permission'
 import User from '../model/User'
 import Group from '../model/Group'
 import { UserResponse } from './user'
 import { GroupDetailsResponse } from './group'
 export enum PermissionType {
  route = 'Route'
 }
 export enum PrincipalType {
  user = 'user',
  group = 'group'
 }
 export enum PermissionSettingForRoute {
  grant = 'Grant',
  deny = 'Deny'
 }
 interface RegisterPermissionPayload {
  /**
   * Name of affected resource
   * @example "/SASjsApi/code/execute"
   */
  path: string
  /**
   * Type of affected resource
   * @example "Route"
   */
  type: PermissionType
  /**
   * The indication of whether (and to what extent) access is provided
   * @example "Grant"
   */
  setting: PermissionSettingForRoute
  /**
   * Indicates the type of principal
   * @example "user"
   */
  principalType: PrincipalType
  /**
   * The id of user or group to which a rule is assigned.
   * @example 123
   */
  principalId: number
 }
 interface UpdatePermissionPayload {
  /**
   * The indication of whether (and to what extent) access is provided
   * @example "Grant"
   */
  setting: PermissionSettingForRoute
 }
 export interface PermissionDetailsResponse {
  permissionId: number
  path: string
  type: string
  setting: string
  user?: UserResponse
  group?: GroupDetailsResponse
 }
@Security('bearerAuth')
@Route('SASjsApi/permission')
@Tags('Permission')
 export class PermissionController {
  /**
   * Get the list of permission rules applicable the authenticated user.
   * If the user is an admin, all rules are returned.
   *
   * @summary Get the list of permission rules. If the user is admin, all rules are returned.
   *
   */
  @Example<PermissionDetailsResponse[]>([
    {
      permissionId: 123,
      path: '/SASjsApi/code/execute',
      type: 'Route',
      setting: 'Grant',
      user: {
        id: 1,
        username: 'johnSnow01',
        displayName: 'John Snow',
        isAdmin: false
      }
    },
    {
      permissionId: 124,
      path: '/SASjsApi/code/execute',
      type: 'Route',
      setting: 'Grant',
      group: {
        groupId: 1,
        name: 'DCGroup',
        description: 'This group represents Data Controller Users',
        isActive: true,
        users: []
      }
    }
  ])
  @Get('/')
  public async getAllPermissions(
    @Request() request: express.Request
  ): Promise<PermissionDetailsResponse[]> {
    return getAllPermissions(request)
  }
  /**
   * @summary Create a new permission. Admin only.
   *
   */
  @Example<PermissionDetailsResponse>({
    permissionId: 123,
    path: '/SASjsApi/code/execute',
    type: 'Route',
    setting: 'Grant',
    user: {
      id: 1,
      username: 'johnSnow01',
      displayName: 'John Snow',
      isAdmin: false
    }
  })
  @Post('/')
  public async createPermission(
    @Body() body: RegisterPermissionPayload
  ): Promise<PermissionDetailsResponse> {
    return createPermission(body)
  }
  /**
   * @summary Update permission setting. Admin only
   * @param permissionId The permission's identifier
   * @example permissionId 1234
   */
  @Example<PermissionDetailsResponse>({
    permissionId: 123,
    path: '/SASjsApi/code/execute',
    type: 'Route',
    setting: 'Grant',
    user: {
      id: 1,
      username: 'johnSnow01',
      displayName: 'John Snow',
      isAdmin: false
    }
  })
  @Patch('{permissionId}')
  public async updatePermission(
    @Path() permissionId: number,
    @Body() body: UpdatePermissionPayload
  ): Promise<PermissionDetailsResponse> {
    return updatePermission(permissionId, body)
  }
  /**
   * @summary Delete a permission. Admin only.
   * @param permissionId The user's identifier
   * @example permissionId 1234
   */
  @Delete('{permissionId}')
  public async deletePermission(@Path() permissionId: number) {
    return deletePermission(permissionId)
  }
 }
 const getAllPermissions = async (
  req: express.Request
 ): Promise<PermissionDetailsResponse[]> => {
  const { user } = req
  if (user?.isAdmin) return await Permission.get({})
  else {
    const permissions: PermissionDetailsResponse[] = []
    const dbUser = await User.findOne({ id: user?.userId })
    if (!dbUser)
      throw {
        code: 404,
        status: 'Not Found',
        message: 'User not found.'
      }
    permissions.push(...(await Permission.get({ user: dbUser._id })))
    for (const group of dbUser.groups) {
      permissions.push(...(await Permission.get({ group })))
    }
    return permissions
  }
 }
 const createPermission = async ({
  path,
  type,
  setting,
  principalType,
  principalId
 }: RegisterPermissionPayload): Promise<PermissionDetailsResponse> => {
  const permission = new Permission({
    path,
    type,
    setting
  })
  let user: UserResponse | undefined
  let group: GroupDetailsResponse | undefined
  switch (principalType) {
    case PrincipalType.user: {
      const userInDB = await User.findOne({ id: principalId })
      if (!userInDB)
        throw {
          code: 404,
          status: 'Not Found',
          message: 'User not found.'
        }
      if (userInDB.isAdmin)
        throw {
          code: 400,
          status: 'Bad Request',
          message: 'Can not add permission for admin user.'
        }
      const alreadyExists = await Permission.findOne({
        path,
        type,
        user: userInDB._id
      })
      if (alreadyExists)
        throw {
          code: 409,
          status: 'Conflict',
          message:
            'Permission already exists with provided Path, Type and User.'
        }
      permission.user = userInDB._id
      user = {
        id: userInDB.id,
        username: userInDB.username,
        displayName: userInDB.displayName,
        isAdmin: userInDB.isAdmin
      }
      break
    }
    case PrincipalType.group: {
      const groupInDB = await Group.findOne({ groupId: principalId })
      if (!groupInDB)
        throw {
          code: 404,
          status: 'Not Found',
          message: 'Group not found.'
        }
      const alreadyExists = await Permission.findOne({
        path,
        type,
        group: groupInDB._id
      })
      if (alreadyExists)
        throw {
          code: 409,
          status: 'Conflict',
          message:
            'Permission already exists with provided Path, Type and Group.'
        }
      permission.group = groupInDB._id
      group = {
        groupId: groupInDB.groupId,
        name: groupInDB.name,
        description: groupInDB.description,
        isActive: groupInDB.isActive,
        users: groupInDB.populate({
          path: 'users',
          select: 'id username displayName isAdmin -_id',
          options: { limit: 15 }
        }) as unknown as UserResponse[]
      }
      break
    }
    default:
      throw {
        code: 400,
        status: 'Bad Request',
        message: 'Invalid principal type. Valid types are user or group.'
      }
  }
  const savedPermission = await permission.save()
  return {
    permissionId: savedPermission.permissionId,
    path: savedPermission.path,
    type: savedPermission.type,
    setting: savedPermission.setting,
    user,
    group
  }
 }
 const updatePermission = async (
  id: number,
  data: UpdatePermissionPayload
 ): Promise<PermissionDetailsResponse> => {
  const { setting } = data
  const updatedPermission = (await Permission.findOneAndUpdate(
    { permissionId: id },
    { setting },
    { new: true }
  )
    .select({
      _id: 0,
      permissionId: 1,
      path: 1,
      type: 1,
      setting: 1
    })
    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
    .populate({
      path: 'group',
      select: 'groupId name description -_id'
    })) as unknown as PermissionDetailsResponse
  if (!updatedPermission)
    throw {
      code: 404,
      status: 'Not Found',
      message: 'Permission not found.'
    }
  return updatedPermission
 }
 const deletePermission = async (id: number) => {
  const permission = await Permission.findOne({ permissionId: id })
  if (!permission)
    throw {
      code: 404,
      status: 'Not Found',
      message: 'Permission not found.'
    }
  await Permission.deleteOne({ permissionId: id })
 }
--- a/api/src/controllers/session.ts
+++ b/api/src/controllers/session.ts
@@ -13,7 +13,8 @@ export class SessionController {
  @Example<UserResponse>({
    id: 123,
    username: 'johnusername',
-    displayName: 'John'
+    displayName: 'John',
    isAdmin: false
  })
  @Get('/')
  public async session(
@@ -26,5 +27,6 @@ export class SessionController {
 const session = (req: express.Request) => ({
  id: req.user!.userId,
  username: req.user!.username,
-  displayName: req.user!.displayName
+  displayName: req.user!.displayName,
  isAdmin: req.user!.isAdmin
 })
--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -1,5 +1,4 @@
 import express from 'express'
 import path from 'path'
 import {
  Request,
  Security,
@@ -19,12 +18,12 @@ import {
 } from './internal'
 import {
  getPreProgramVariables,
  getFilesFolder,
  HTTPHeaders,
  isDebugOn,
  LogLine,
  makeFilesNamesMap,
-  parseLogToArray
+  parseLogToArray,
  getRunTimeAndFilePath
 } from '../utils'
 import { MulterFile } from '../types/Upload'
@@ -52,26 +51,15 @@ export interface ExecuteReturnJsonResponse {
@Tags('STP')
 export class STPController {
  /**
-   * Trigger a SAS program using it's location in the _program URL parameter.
+   * Trigger a SAS or JS program using the _program URL parameter.
   * Enable debugging using the _debug URL parameter.  Setting _debug=131 will
   * cause the log to be streamed in the output.
   *
-   * Additional URL parameters are turned into SAS macro variables.
+   * Accepts URL parameters and file uploads.  For more details, see docs:
   *
-   * Any files provided in the request body are placed into the SAS session with
+   * https://server.sasjs.io/storedprograms
   * corresponding _WEBIN_XXX variables created.
   *
-   * The response headers can be adjusted using the mfs_httpheader() macro.  Any
+   * @summary Execute a Stored Program, returns raw _webout content.
-   * file type can be returned, including binary files such as zip or xls.
+   * @param _program Location of SAS or JS code
-   *
+   * @example _program "/Projects/myApp/some/program"
   * If _debug is >= 131, response headers will contain Content-Type: 'text/plain'
   *
   * This behaviour differs for POST requests, in which case the response is
   * always JSON.
   *
   * @summary Execute Stored Program, return raw _webout content.
   * @param _program Location of SAS program
   * @example _program "/Public/somefolder/some.file"
   */
  @Get('/execute')
  public async executeReturnRaw(
@@ -82,29 +70,22 @@ export class STPController {
  }
  /**
-   * Trigger a SAS program using it's location in the _program URL parameter.
+   * Trigger a SAS or JS program using the _program URL parameter.
   * Enable debugging using the _debug URL parameter.  In any case, the log is
   * always returned in the log object.
   *
-   * Additional URL parameters are turned into SAS macro variables.
+   * Accepts URL parameters and file uploads.  For more details, see docs:
   *
-   * Any files provided in the request body are placed into the SAS session with
+   * https://server.sasjs.io/storedprograms
   * corresponding _WEBIN_XXX variables created.
   *
-   * The response will be a JSON object with the following root attributes: log,
+   * The response will be a JSON object with the following root attributes:
-   * webout, headers.
+   * log, webout, headers.
   *
-   * The webout will be a nested JSON object ONLY if the response-header
+   * The webout attribute will be nested JSON ONLY if the response-header
   * contains a content-type of application/json AND it is valid JSON.
   * Otherwise it will be a stringified version of the webout content.
   *
-   * Response headers from the mfs_httpheader macro are simply listed in the
+   * @summary Execute a Stored Program, return a JSON object
-   * headers object, for POST requests they have no effect on the actual
+   * @param _program Location of SAS or JS code
-   * response header.
+   * @example _program "/Projects/myApp/some/program"
   *
   * @summary Execute Stored Program, return JSON
   * @param _program Location of SAS program
   * @example _program "/Public/somefolder/some.file"
   */
  @Example<ExecuteReturnJsonResponse>({
    status: 'success',
@@ -131,18 +112,17 @@ const executeReturnRaw = async (
  _program: string
 ): Promise<string | Buffer> => {
  const query = req.query as ExecutionVars
  const sasCodePath =
    path
      .join(getFilesFolder(), _program)
      .replace(new RegExp('/', 'g'), path.sep) + '.sas'
  try {
    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
    const { result, httpHeaders } =
-      (await new ExecutionController().executeFile(
+      (await new ExecutionController().executeFile({
-        sasCodePath,
+        programPath: codePath,
-        getPreProgramVariables(req),
+        preProgramVariables: getPreProgramVariables(req),
-        query
+        vars: query,
-      )) as ExecuteReturnRaw
+        runTime
      })) as ExecuteReturnRaw
    // Should over-ride response header for debug
    // on GET request to see entire log rendering on browser.
@@ -171,25 +151,23 @@ const executeReturnJson = async (
  req: express.Request,
  _program: string
 ): Promise<ExecuteReturnJsonResponse> => {
  const sasCodePath =
    path
      .join(getFilesFolder(), _program)
      .replace(new RegExp('/', 'g'), path.sep) + '.sas'
  const filesNamesMap = req.files?.length
    ? makeFilesNamesMap(req.files as MulterFile[])
    : null
  try {
    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
    const { webout, log, httpHeaders } =
-      (await new ExecutionController().executeFile(
+      (await new ExecutionController().executeFile({
-        sasCodePath,
+        programPath: codePath,
-        getPreProgramVariables(req),
+        preProgramVariables: getPreProgramVariables(req),
-        { ...req.query, ...req.body },
+        vars: { ...req.query, ...req.body },
-        { filesNamesMap: filesNamesMap },
+        otherArgs: { filesNamesMap: filesNamesMap },
-        true,
+        returnJson: true,
-        req.sasSession
+        session: req.sasjsSession,
-      )) as ExecuteReturnJson
+        runTime
      })) as ExecuteReturnJson
    let weboutRes: string | IRecordOfAny = webout
    if (httpHeaders['content-type']?.toLowerCase() === 'application/json') {
--- a/api/src/controllers/user.ts
+++ b/api/src/controllers/user.ts
@@ -14,22 +14,27 @@ import {
  Hidden,
  Request
 } from 'tsoa'
 import { desktopUser } from '../middlewares'
 import User, { UserPayload } from '../model/User'
 import { getUserAutoExec, updateUserAutoExec, ModeType } from '../utils'
 import { GroupResponse } from './group'
 export interface UserResponse {
  id: number
  username: string
  displayName: string
  isAdmin: boolean
 }
-interface UserDetailsResponse {
+export interface UserDetailsResponse {
  id: number
  displayName: string
  username: string
  isActive: boolean
  isAdmin: boolean
  autoExec?: string
  groups?: GroupResponse[]
 }
@Security('bearerAuth')
@@ -44,12 +49,14 @@ export class UserController {
    {
      id: 123,
      username: 'johnusername',
-      displayName: 'John'
+      displayName: 'John',
      isAdmin: false
    },
    {
      id: 456,
      username: 'starkusername',
-      displayName: 'Stark'
+      displayName: 'Stark',
      isAdmin: true
    }
  ])
  @Get('/')
@@ -75,6 +82,26 @@ export class UserController {
    return createUser(body)
  }
  /**
   * Only Admin or user itself will get user autoExec code.
   * @summary Get user properties - such as group memberships, userName, displayName.
   * @param username The User's username
   * @example username "johnSnow01"
   */
  @Get('by/username/{username}')
  public async getUserByUsername(
    @Request() req: express.Request,
    @Path() username: string
  ): Promise<UserDetailsResponse> {
    const { MODE } = process.env
    if (MODE === ModeType.Desktop) return getDesktopAutoExec()
    const { user } = req
    const getAutoExec = user!.isAdmin || user!.username == username
    return getUser({ username }, getAutoExec)
  }
  /**
   * Only Admin or user itself will get user autoExec code.
   * @summary Get user properties - such as group memberships, userName, displayName.
@@ -86,9 +113,38 @@ export class UserController {
    @Request() req: express.Request,
    @Path() userId: number
  ): Promise<UserDetailsResponse> {
    const { MODE } = process.env
    if (MODE === ModeType.Desktop) return getDesktopAutoExec()
    const { user } = req
    const getAutoExec = user!.isAdmin || user!.userId == userId
-    return getUser(userId, getAutoExec)
+    return getUser({ id: userId }, getAutoExec)
  }
  /**
   * @summary Update user properties - such as displayName. Can be performed either by admins, or the user in question.
   * @param username The User's username
   * @example username "johnSnow01"
   */
  @Example<UserDetailsResponse>({
    id: 1234,
    displayName: 'John Snow',
    username: 'johnSnow01',
    isAdmin: false,
    isActive: true
  })
  @Patch('by/username/{username}')
  public async updateUserByUsername(
    @Path() username: string,
    @Body() body: UserPayload
  ): Promise<UserDetailsResponse> {
    const { MODE } = process.env
    if (MODE === ModeType.Desktop)
      return updateDesktopAutoExec(body.autoExec ?? '')
    return updateUser({ username }, body)
  }
  /**
@@ -108,7 +164,26 @@ export class UserController {
    @Path() userId: number,
    @Body() body: UserPayload
  ): Promise<UserDetailsResponse> {
-    return updateUser(userId, body)
+    const { MODE } = process.env
    if (MODE === ModeType.Desktop)
      return updateDesktopAutoExec(body.autoExec ?? '')
    return updateUser({ id: userId }, body)
  }
  /**
   * @summary Delete a user. Can be performed either by admins, or the user in question.
   * @param username The User's username
   * @example username "johnSnow01"
   */
  @Delete('by/username/{username}')
  public async deleteUserByUsername(
    @Path() username: string,
    @Body() body: { password?: string },
    @Query() @Hidden() isAdmin: boolean = false
  ) {
    return deleteUser({ username }, isAdmin, body)
  }
  /**
@@ -122,13 +197,13 @@ export class UserController {
    @Body() body: { password?: string },
    @Query() @Hidden() isAdmin: boolean = false
  ) {
-    return deleteUser(userId, isAdmin, body)
+    return deleteUser({ id: userId }, isAdmin, body)
  }
 }
 const getAllUsers = async (): Promise<UserResponse[]> =>
  await User.find({})
-    .select({ _id: 0, id: 1, username: 1, displayName: 1 })
+    .select({ _id: 0, id: 1, username: 1, displayName: 1, isAdmin: 1 })
    .exec()
 const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
@@ -163,11 +238,22 @@ const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {
  }
 }
 interface GetUserBy {
  id?: number
  username?: string
 }
 const getUser = async (
-  id: number,
+  findBy: GetUserBy,
  getAutoExec: boolean
 ): Promise<UserDetailsResponse> => {
-  const user = await User.findOne({ id })
+  const user = (await User.findOne(
    findBy,
    `id displayName username isActive isAdmin autoExec -_id`
  ).populate(
    'groups',
    'groupId name description -_id'
  )) as unknown as UserDetailsResponse
  if (!user) throw new Error('User is not found.')
@@ -177,12 +263,21 @@ const getUser = async (
    username: user.username,
    isActive: user.isActive,
    isAdmin: user.isAdmin,
-    autoExec: getAutoExec ? user.autoExec ?? '' : undefined
+    autoExec: getAutoExec ? user.autoExec ?? '' : undefined,
    groups: user.groups
  }
 }
 const getDesktopAutoExec = async () => {
  return {
    ...desktopUser,
    id: desktopUser.userId,
    autoExec: await getUserAutoExec()
  }
 }
 const updateUser = async (
-  id: number,
+  findBy: GetUserBy,
  data: Partial<UserPayload>
 ): Promise<UserDetailsResponse> => {
  const { displayName, username, password, isAdmin, isActive, autoExec } = data
@@ -192,8 +287,13 @@ const updateUser = async (
  if (username) {
    // Checking if user is already in the database
    const usernameExist = await User.findOne({ username })
-    if (usernameExist && usernameExist.id != id)
+    if (usernameExist) {
-      throw new Error('Username already exists.')
+      if (
        (findBy.id && usernameExist.id != findBy.id) ||
        (findBy.username && usernameExist.username != findBy.username)
      )
        throw new Error('Username already exists.')
    }
    params.username = username
  }
@@ -202,9 +302,10 @@ const updateUser = async (
    params.password = User.hashPassword(password)
  }
-  const updatedUser = await User.findOneAndUpdate({ id }, params, { new: true })
+  const updatedUser = await User.findOneAndUpdate(findBy, params, { new: true })
-  if (!updatedUser) throw new Error(`Unable to find user with id: ${id}`)
+  if (!updatedUser)
    throw new Error(`Unable to find user with ${findBy.id || findBy.username}`)
  return {
    id: updatedUser.id,
@@ -216,12 +317,21 @@ const updateUser = async (
  }
 }
 const updateDesktopAutoExec = async (autoExec: string) => {
  await updateUserAutoExec(autoExec)
  return {
    ...desktopUser,
    id: desktopUser.userId,
    autoExec
  }
 }
 const deleteUser = async (
-  id: number,
+  findBy: GetUserBy,
  isAdmin: boolean,
  { password }: { password?: string }
 ) => {
-  const user = await User.findOne({ id })
+  const user = await User.findOne(findBy)
  if (!user) throw new Error('User is not found.')
  if (!isAdmin) {
@@ -229,5 +339,5 @@ const deleteUser = async (
    if (!validPass) throw new Error('Invalid password.')
  }
-  await User.deleteOne({ id })
+  await User.deleteOne(findBy)
 }
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -49,10 +49,10 @@ export class WebController {
  }
  /**
-   * @summary Accept a valid username/password
+   * @summary Destroy the session stored in cookies
   *
   */
-  @Get('/logout')
+  @Get('/SASLogon/logout')
  public async logout(@Request() req: express.Request) {
    return new Promise((resolve) => {
      req.session.destroy(() => {
@@ -99,7 +99,8 @@ const login = async (
    user: {
      id: user.id,
      username: user.username,
-      displayName: user.displayName
+      displayName: user.displayName,
      isAdmin: user.isAdmin
    }
  }
 }
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -1,15 +1,34 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
 import { csrfProtection } from '../app'
-import { fetchLatestAutoExec, verifyTokenInDB } from '../utils'
+import {
  fetchLatestAutoExec,
  ModeType,
  verifyTokenInDB,
  isAuthorizingRoute,
  isPublicRoute,
  publicUser
 } from '../utils'
 import { desktopUser } from './desktop'
 import { authorize } from './authorize'
 export const authenticateAccessToken: RequestHandler = async (
  req,
  res,
  next
 ) => {
  const { MODE } = process.env
  if (MODE === ModeType.Desktop) {
    req.user = desktopUser
    return next()
  }
  const nextFunction = isAuthorizingRoute(req)
    ? () => authorize(req, res, next)
    : next
  // if request is coming from web and has valid session
-  // we can validate the request and check for CSRF Token
+  // it can be validated.
  if (req.session?.loggedIn) {
    if (req.session.user) {
      const user = await fetchLatestAutoExec(req.session.user)
@@ -17,33 +36,37 @@ export const authenticateAccessToken: RequestHandler = async (
      if (user) {
        if (user.isActive) {
          req.user = user
-          return csrfProtection(req, res, next)
+          return csrfProtection(req, res, nextFunction)
        } else return res.sendStatus(401)
      }
    }
    return res.sendStatus(401)
  }
-  authenticateToken(
+  await authenticateToken(
    req,
    res,
-    next,
+    nextFunction,
-    process.env.ACCESS_TOKEN_SECRET as string,
+    process.secrets.ACCESS_TOKEN_SECRET,
    'accessToken'
  )
 }
-export const authenticateRefreshToken: RequestHandler = (req, res, next) => {
+export const authenticateRefreshToken: RequestHandler = async (
-  authenticateToken(
+  req,
  res,
  next
 ) => {
  await authenticateToken(
    req,
    res,
    next,
-    process.env.REFRESH_TOKEN_SECRET as string,
+    process.secrets.REFRESH_TOKEN_SECRET,
    'refreshToken'
  )
 }
-const authenticateToken = (
+const authenticateToken = async (
  req: Request,
  res: Response,
  next: NextFunction,
@@ -51,7 +74,7 @@ const authenticateToken = (
  tokenType: 'accessToken' | 'refreshToken'
 ) => {
  const { MODE } = process.env
-  if (MODE?.trim() !== 'server') {
+  if (MODE === ModeType.Desktop) {
    req.user = {
      userId: 1234,
      clientId: 'desktopModeClientId',
@@ -66,12 +89,12 @@ const authenticateToken = (
  const authHeader = req.headers['authorization']
  const token = authHeader?.split(' ')[1]
  if (!token) return res.sendStatus(401)
-  jwt.verify(token, key, async (err: any, data: any) => {
+  try {
-    if (err) return res.sendStatus(401)
+    if (!token) throw 'Unauthorized'
    const data: any = jwt.verify(token, key)
    // verify this valid token's entry in DB
    const user = await verifyTokenInDB(
      data?.userId,
      data?.clientId,
@@ -84,8 +107,16 @@ const authenticateToken = (
        req.user = user
        if (tokenType === 'accessToken') req.accessToken = token
        return next()
-      } else return res.sendStatus(401)
+      } else throw 'Unauthorized'
    }
-    return res.sendStatus(401)
+
-  })
+    throw 'Unauthorized'
  } catch (error) {
    if (await isPublicRoute(req)) {
      req.user = publicUser
      return next()
    }
    res.sendStatus(401)
  }
 }
--- a/api/src/middlewares/authorize.ts
+++ b/api/src/middlewares/authorize.ts
@@ -0,0 +1,51 @@
 import { RequestHandler } from 'express'
 import User from '../model/User'
 import Permission from '../model/Permission'
 import {
  PermissionSettingForRoute,
  PermissionType
 } from '../controllers/permission'
 import { getPath, isPublicRoute } from '../utils'
 export const authorize: RequestHandler = async (req, res, next) => {
  const { user } = req
  if (!user) {
    return res.sendStatus(401)
  }
  // no need to check for permissions when user is admin
  if (user.isAdmin) return next()
  // no need to check for permissions when route is Public
  if (await isPublicRoute(req)) return next()
  const dbUser = await User.findOne({ id: user.userId })
  if (!dbUser) return res.sendStatus(401)
  const path = getPath(req)
  // find permission w.r.t user
  const permission = await Permission.findOne({
    path,
    type: PermissionType.route,
    user: dbUser._id
  })
  if (permission) {
    if (permission.setting === PermissionSettingForRoute.grant) return next()
    else return res.sendStatus(401)
  }
  // find permission w.r.t user's groups
  for (const group of dbUser.groups) {
    const groupPermission = await Permission.findOne({
      path,
      type: PermissionType.route,
      group
    })
    if (groupPermission?.setting === PermissionSettingForRoute.grant)
      return next()
  }
  return res.sendStatus(401)
 }
--- a/api/src/middlewares/desktop.ts
+++ b/api/src/middlewares/desktop.ts
@@ -1,20 +1,37 @@
-import { RequestHandler } from 'express'
+import { RequestHandler, Request } from 'express'
 import { userInfo } from 'os'
 import { RequestUser } from '../types'
 import { ModeType } from '../utils'
 const regexUser = /^\/SASjsApi\/user\/[0-9]*$/ // /SASjsApi/user/1
 const allowedInDesktopMode: { [key: string]: RegExp[] } = {
  GET: [regexUser],
  PATCH: [regexUser]
 }
 const reqAllowedInDesktopMode = (request: Request): boolean => {
  const { method, originalUrl: url } = request
  return !!allowedInDesktopMode[method]?.find((urlRegex) => urlRegex.test(url))
 }
 export const desktopRestrict: RequestHandler = (req, res, next) => {
  const { MODE } = process.env
-  if (MODE?.trim() !== 'server')
+
-    return res.status(403).send('Not Allowed while in Desktop Mode.')
+  if (MODE === ModeType.Desktop) {
    if (!reqAllowedInDesktopMode(req))
      return res.status(403).send('Not Allowed while in Desktop Mode.')
  }
  next()
 }
 export const desktopUsername: RequestHandler = (req, res, next) => {
  const { MODE } = process.env
  if (MODE?.trim() !== 'server')
    return res.status(200).send({
      userId: 12345,
      username: 'DESKTOPusername',
      displayName: 'DESKTOP User'
    })
-  next()
+export const desktopUser: RequestUser = {
  userId: 12345,
  clientId: 'desktop_app',
  username: userInfo().username,
  displayName: userInfo().username,
  isAdmin: true,
  isActive: true
 }
--- a/api/src/middlewares/index.ts
+++ b/api/src/middlewares/index.ts
@@ -2,3 +2,4 @@ export * from './authenticateToken'
 export * from './desktop'
 export * from './verifyAdmin'
 export * from './verifyAdminIfNeeded'
 export * from './authorize'
--- a/api/src/middlewares/verifyAdmin.ts
+++ b/api/src/middlewares/verifyAdmin.ts
@@ -1,8 +1,9 @@
 import { RequestHandler } from 'express'
 import { ModeType } from '../utils'
 export const verifyAdmin: RequestHandler = (req, res, next) => {
  const { MODE } = process.env
-  if (MODE?.trim() !== 'server') return next()
+  if (MODE === ModeType.Desktop) return next()
  const { user } = req
  if (!user?.isAdmin) return res.status(401).send('Admin account required')
--- a/api/src/middlewares/verifyAdminIfNeeded.ts
+++ b/api/src/middlewares/verifyAdminIfNeeded.ts
@@ -1,11 +1,22 @@
 import { RequestHandler } from 'express'
 // This middleware checks if a non-admin user trying to
 // access information of other user
 export const verifyAdminIfNeeded: RequestHandler = (req, res, next) => {
  const { user } = req
  const userId = parseInt(req.params.userId)
-  if (!user?.isAdmin && user?.userId !== userId) {
+  if (!user?.isAdmin) {
-    return res.status(401).send('Admin account required')
+    let adminAccountRequired: boolean = true
    if (req.params.userId) {
      adminAccountRequired = user?.userId !== parseInt(req.params.userId)
    } else if (req.params.username) {
      adminAccountRequired = user?.username !== req.params.username
    }
    if (adminAccountRequired)
      return res.status(401).send('Admin account required')
  }
  next()
 }
--- a/api/src/model/Configuration.ts
+++ b/api/src/model/Configuration.ts
@@ -0,0 +1,45 @@
 import mongoose, { Schema } from 'mongoose'
 export interface ConfigurationType {
  /**
   * SecretOrPrivateKey to sign Access Token
   * @example "someRandomCryptoString"
   */
  ACCESS_TOKEN_SECRET: string
  /**
   * SecretOrPrivateKey to sign Refresh Token
   * @example "someRandomCryptoString"
   */
  REFRESH_TOKEN_SECRET: string
  /**
   * SecretOrPrivateKey to sign Auth Code
   * @example "someRandomCryptoString"
   */
  AUTH_CODE_SECRET: string
  /**
   * Secret used to sign the session cookie
   * @example "someRandomCryptoString"
   */
  SESSION_SECRET: string
 }
 const ConfigurationSchema = new Schema<ConfigurationType>({
  ACCESS_TOKEN_SECRET: {
    type: String,
    required: true
  },
  REFRESH_TOKEN_SECRET: {
    type: String,
    required: true
  },
  AUTH_CODE_SECRET: {
    type: String,
    required: true
  },
  SESSION_SECRET: {
    type: String,
    required: true
  }
 })
 export default mongoose.model('Configuration', ConfigurationSchema)
--- a/api/src/model/Group.ts
+++ b/api/src/model/Group.ts
@@ -1,6 +1,10 @@
 import mongoose, { Schema, model, Document, Model } from 'mongoose'
 import { GroupDetailsResponse } from '../controllers'
 import User, { IUser } from './User'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 export const PUBLIC_GROUP_NAME = 'Public'
 export interface GroupPayload {
  /**
   * Name of the group
@@ -26,15 +30,17 @@ interface IGroupDocument extends GroupPayload, Document {
 }
 interface IGroup extends IGroupDocument {
-  addUser(userObjectId: Schema.Types.ObjectId): Promise<IGroup>
+  addUser(user: IUser): Promise<GroupDetailsResponse>
-  removeUser(userObjectId: Schema.Types.ObjectId): Promise<IGroup>
+  removeUser(user: IUser): Promise<GroupDetailsResponse>
  hasUser(user: IUser): boolean
 }
 interface IGroupModel extends Model<IGroup> {}
 const groupSchema = new Schema<IGroupDocument>({
  name: {
    type: String,
-    required: true
+    required: true,
    unique: true
  },
  description: {
    type: String,
@@ -46,6 +52,7 @@ const groupSchema = new Schema<IGroupDocument>({
  },
  users: [{ type: Schema.Types.ObjectId, ref: 'User' }]
 })
 groupSchema.plugin(AutoIncrement, { inc_field: 'groupId' })
 // Hooks
@@ -55,29 +62,43 @@ groupSchema.post('save', function (group: IGroup, next: Function) {
  })
 })
 // pre remove hook to remove all references of group from users
 groupSchema.pre('remove', async function () {
  const userIds = this.users
  await Promise.all(
    userIds.map(async (userId) => {
      const user = await User.findById(userId)
      user?.removeGroup(this._id)
    })
  )
 })
 // Instance Methods
-groupSchema.method(
+groupSchema.method('addUser', async function (user: IUser) {
-  'addUser',
+  const userObjectId = user._id
-  async function (userObjectId: Schema.Types.ObjectId) {
+  const userIdIndex = this.users.indexOf(userObjectId)
-    const userIdIndex = this.users.indexOf(userObjectId)
+  if (userIdIndex === -1) {
-    if (userIdIndex === -1) {
+    this.users.push(userObjectId)
-      this.users.push(userObjectId)
+    user.addGroup(this._id)
    }
    this.markModified('users')
    return this.save()
  }
-)
+  this.markModified('users')
-groupSchema.method(
+  return this.save()
-  'removeUser',
+})
-  async function (userObjectId: Schema.Types.ObjectId) {
+groupSchema.method('removeUser', async function (user: IUser) {
-    const userIdIndex = this.users.indexOf(userObjectId)
+  const userObjectId = user._id
-    if (userIdIndex > -1) {
+  const userIdIndex = this.users.indexOf(userObjectId)
-      this.users.splice(userIdIndex, 1)
+  if (userIdIndex > -1) {
-    }
+    this.users.splice(userIdIndex, 1)
-    this.markModified('users')
+    user.removeGroup(this._id)
    return this.save()
  }
-)
+  this.markModified('users')
  return this.save()
 })
 groupSchema.method('hasUser', function (user: IUser) {
  const userObjectId = user._id
  const userIdIndex = this.users.indexOf(userObjectId)
  return userIdIndex > -1
 })
 export const Group: IGroupModel = model<IGroup, IGroupModel>(
  'Group',
--- a/api/src/model/Permission.ts
+++ b/api/src/model/Permission.ts
@@ -0,0 +1,73 @@
 import mongoose, { Schema, model, Document, Model } from 'mongoose'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 import { PermissionDetailsResponse } from '../controllers'
 interface GetPermissionBy {
  user?: Schema.Types.ObjectId
  group?: Schema.Types.ObjectId
 }
 interface IPermissionDocument extends Document {
  path: string
  type: string
  setting: string
  permissionId: number
  user: Schema.Types.ObjectId
  group: Schema.Types.ObjectId
 }
 interface IPermission extends IPermissionDocument {}
 interface IPermissionModel extends Model<IPermission> {
  get(getBy: GetPermissionBy): Promise<PermissionDetailsResponse[]>
 }
 const permissionSchema = new Schema<IPermissionDocument>({
  path: {
    type: String,
    required: true
  },
  type: {
    type: String,
    required: true
  },
  setting: {
    type: String,
    required: true
  },
  user: { type: Schema.Types.ObjectId, ref: 'User' },
  group: { type: Schema.Types.ObjectId, ref: 'Group' }
 })
 permissionSchema.plugin(AutoIncrement, { inc_field: 'permissionId' })
 // Static Methods
 permissionSchema.static('get', async function (getBy: GetPermissionBy): Promise<
  PermissionDetailsResponse[]
 > {
  return (await this.find(getBy)
    .select({
      _id: 0,
      permissionId: 1,
      path: 1,
      type: 1,
      setting: 1
    })
    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
    .populate({
      path: 'group',
      select: 'groupId name description -_id',
      populate: {
        path: 'users',
        select: 'id username displayName isAdmin -_id',
        options: { limit: 15 }
      }
    })) as unknown as PermissionDetailsResponse[]
 })
 export const Permission: IPermissionModel = model<
  IPermission,
  IPermissionModel
 >('Permission', permissionSchema)
 export default Permission
--- a/api/src/model/User.ts
+++ b/api/src/model/User.ts
@@ -35,6 +35,7 @@ export interface UserPayload {
 }
 interface IUserDocument extends UserPayload, Document {
  _id: Schema.Types.ObjectId
  id: number
  isAdmin: boolean
  isActive: boolean
@@ -43,8 +44,10 @@ interface IUserDocument extends UserPayload, Document {
  tokens: [{ [key: string]: string }]
 }
-interface IUser extends IUserDocument {
+export interface IUser extends IUserDocument {
  comparePassword(password: string): boolean
  addGroup(groupObjectId: Schema.Types.ObjectId): Promise<IUser>
  removeGroup(groupObjectId: Schema.Types.ObjectId): Promise<IUser>
 }
 interface IUserModel extends Model<IUser> {
  hashPassword(password: string): string
@@ -106,6 +109,28 @@ userSchema.method('comparePassword', function (password: string): boolean {
  if (bcrypt.compareSync(password, this.password)) return true
  return false
 })
 userSchema.method(
  'addGroup',
  async function (groupObjectId: Schema.Types.ObjectId) {
    const groupIdIndex = this.groups.indexOf(groupObjectId)
    if (groupIdIndex === -1) {
      this.groups.push(groupObjectId)
    }
    this.markModified('groups')
    return this.save()
  }
 )
 userSchema.method(
  'removeGroup',
  async function (groupObjectId: Schema.Types.ObjectId) {
    const groupIdIndex = this.groups.indexOf(groupObjectId)
    if (groupIdIndex > -1) {
      this.groups.splice(groupIdIndex, 1)
    }
    this.markModified('groups')
    return this.save()
  }
 )
 export const User: IUserModel = model<IUser, IUserModel>('User', userSchema)
--- a/api/src/routes/api/code.ts
+++ b/api/src/routes/api/code.ts
@@ -1,5 +1,5 @@
 import express from 'express'
-import { runSASValidation } from '../../utils'
+import { runCodeValidation } from '../../utils'
 import { CodeController } from '../../controllers/'
 const runRouter = express.Router()
@@ -7,11 +7,11 @@ const runRouter = express.Router()
 const controller = new CodeController()
 runRouter.post('/execute', async (req, res) => {
-  const { error, value: body } = runSASValidation(req.body)
+  const { error, value: body } = runCodeValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
-    const response = await controller.executeSASCode(req, body)
+    const response = await controller.executeCode(req, body)
    if (response instanceof Buffer) {
      res.writeHead(200, (req as any).sasHeaders)
--- a/api/src/routes/api/drive.ts
+++ b/api/src/routes/api/drive.ts
@@ -7,9 +7,14 @@ import { multerSingle } from '../../middlewares/multer'
 import { DriveController } from '../../controllers/'
 import {
  deployValidation,
  extractJSONFromZip,
  extractName,
  fileBodyValidation,
  fileParamValidation,
-  folderParamValidation
+  folderBodyValidation,
  folderParamValidation,
  isZipFile,
  renameBodyValidation
 } from '../../utils'
 const controller = new DriveController()
@@ -49,7 +54,24 @@ driveRouter.post(
  async (req, res) => {
    if (!req.file) return res.status(400).send('"file" is not present.')
-    const fileContent = await readFile(req.file.path)
+    let fileContent: string = ''
    const { value: zipFile } = isZipFile(req.file)
    if (zipFile) {
      fileContent = await extractJSONFromZip(zipFile)
      const fileInZip = extractName(zipFile.originalname)
      if (!fileContent) {
        deleteFile(req.file.path)
        return res
          .status(400)
          .send(
            `No content present in ${fileInZip} of compressed file ${zipFile.originalname}`
          )
      }
    } else {
      fileContent = await readFile(req.file.path)
    }
    let jsonContent
    try {
@@ -99,7 +121,11 @@ driveRouter.get('/file', async (req, res) => {
  try {
    await controller.getFile(req, query._filePath)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -112,7 +138,11 @@ driveRouter.get('/folder', async (req, res) => {
    const response = await controller.getFolder(query._folderPath)
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -125,7 +155,28 @@ driveRouter.delete('/file', async (req, res) => {
    const response = await controller.deleteFile(query._filePath)
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 driveRouter.delete('/folder', async (req, res) => {
  const { error: errQ, value: query } = folderParamValidation(req.query, true)
  if (errQ) return res.status(400).send(errQ.details[0].message)
  try {
    const response = await controller.deleteFolder(query._folderPath)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -152,11 +203,33 @@ driveRouter.post(
      res.send(response)
    } catch (err: any) {
      await deleteFile(req.file.path)
-      res.status(403).send(err.toString())
+
      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
 driveRouter.post('/folder', async (req, res) => {
  const { error, value: body } = folderBodyValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
    const response = await controller.addFolder(body)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 driveRouter.patch(
  '/file',
  (...arg) => multerSingle('file', arg),
@@ -180,11 +253,33 @@ driveRouter.patch(
      res.send(response)
    } catch (err: any) {
      await deleteFile(req.file.path)
-      res.status(403).send(err.toString())
+
      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
 driveRouter.post('/rename', async (req, res) => {
  const { error, value: body } = renameBodyValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
    const response = await controller.rename(body)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 driveRouter.get('/fileTree', async (req, res) => {
  try {
    const response = await controller.getFileTree()
--- a/api/src/routes/api/group.ts
+++ b/api/src/routes/api/group.ts
@@ -1,7 +1,7 @@
 import express from 'express'
 import { GroupController } from '../../controllers/'
 import { authenticateAccessToken, verifyAdmin } from '../../middlewares'
-import { registerGroupValidation } from '../../utils'
+import { getGroupValidation, registerGroupValidation } from '../../utils'
 const groupRouter = express.Router()
@@ -18,7 +18,11 @@ groupRouter.post(
      const response = await controller.createGroup(body)
      res.send(response)
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -29,7 +33,11 @@ groupRouter.get('/', authenticateAccessToken, async (req, res) => {
    const response = await controller.getAllGroups()
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -41,10 +49,37 @@ groupRouter.get('/:groupId', authenticateAccessToken, async (req, res) => {
    const response = await controller.getGroup(parseInt(groupId))
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 groupRouter.get(
  '/by/groupname/:name',
  authenticateAccessToken,
  async (req, res) => {
    const { error, value: params } = getGroupValidation(req.params)
    if (error) return res.status(400).send(error.details[0].message)
    const { name } = params
    const controller = new GroupController()
    try {
      const response = await controller.getGroupByGroupName(name)
      res.send(response)
    } catch (err: any) {
      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
 groupRouter.post(
  '/:groupId/:userId',
  authenticateAccessToken,
@@ -60,7 +95,11 @@ groupRouter.post(
      )
      res.send(response)
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -80,7 +119,11 @@ groupRouter.delete(
      )
      res.send(response)
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
@@ -97,7 +140,11 @@ groupRouter.delete(
      await controller.deleteGroup(parseInt(groupId))
      res.status(200).send('Group Deleted!')
    } catch (err: any) {
-      res.status(403).send(err.toString())
+      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
--- a/api/src/routes/api/index.ts
+++ b/api/src/routes/api/index.ts
@@ -5,7 +5,6 @@ import swaggerUi from 'swagger-ui-express'
 import {
  authenticateAccessToken,
  desktopRestrict,
  desktopUsername,
  verifyAdmin
 } from '../../middlewares'
@@ -18,11 +17,12 @@ import groupRouter from './group'
 import clientRouter from './client'
 import authRouter from './auth'
 import sessionRouter from './session'
 import permissionRouter from './permission'
 const router = express.Router()
 router.use('/info', infoRouter)
-router.use('/session', desktopUsername, authenticateAccessToken, sessionRouter)
+router.use('/session', authenticateAccessToken, sessionRouter)
 router.use('/auth', desktopRestrict, authRouter)
 router.use(
  '/client',
@@ -36,6 +36,12 @@ router.use('/group', desktopRestrict, groupRouter)
 router.use('/stp', authenticateAccessToken, stpRouter)
 router.use('/code', authenticateAccessToken, codeRouter)
 router.use('/user', desktopRestrict, userRouter)
 router.use(
  '/permission',
  desktopRestrict,
  authenticateAccessToken,
  permissionRouter
 )
 router.use(
  '/',
--- a/api/src/routes/api/info.ts
+++ b/api/src/routes/api/info.ts
@@ -13,4 +13,14 @@ infoRouter.get('/', async (req, res) => {
  }
 })
 infoRouter.get('/authorizedRoutes', async (req, res) => {
  const controller = new InfoController()
  try {
    const response = controller.authorizedRoutes()
    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 export default infoRouter
--- a/api/src/routes/api/permission.ts
+++ b/api/src/routes/api/permission.ts
@@ -0,0 +1,69 @@
 import express from 'express'
 import { PermissionController } from '../../controllers/'
 import { verifyAdmin } from '../../middlewares'
 import {
  registerPermissionValidation,
  updatePermissionValidation
 } from '../../utils'
 const permissionRouter = express.Router()
 const controller = new PermissionController()
 permissionRouter.get('/', async (req, res) => {
  try {
    const response = await controller.getAllPermissions(req)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 permissionRouter.post('/', verifyAdmin, async (req, res) => {
  const { error, value: body } = registerPermissionValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
    const response = await controller.createPermission(body)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 permissionRouter.patch('/:permissionId', verifyAdmin, async (req: any, res) => {
  const { permissionId } = req.params
  const { error, value: body } = updatePermissionValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
    const response = await controller.updatePermission(permissionId, body)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 permissionRouter.delete(
  '/:permissionId',
  verifyAdmin,
  async (req: any, res) => {
    const { permissionId } = req.params
    try {
      await controller.deletePermission(permissionId)
      res.status(200).send('Permission Deleted!')
    } catch (err: any) {
      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
 export default permissionRouter
--- a/api/src/routes/api/spec/drive.spec.ts
+++ b/api/src/routes/api/spec/drive.spec.ts
@@ -3,6 +3,7 @@ import { Express } from 'express'
 import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import AdmZip from 'adm-zip'
 import {
  folderExists,
@@ -28,7 +29,13 @@ jest
  .mockImplementation(() => path.join(tmpFolder, 'uploads'))
 import appPromise from '../../../app'
-import { UserController } from '../../../controllers/'
+import {
  UserController,
  PermissionController,
  PermissionType,
  PermissionSettingForRoute,
  PrincipalType
 } from '../../../controllers/'
 import { getTreeExample } from '../../../controllers/internal'
 import { generateAccessToken, saveTokensInDB } from '../../../utils/'
 const { getFilesFolder } = fileUtilModules
@@ -42,11 +49,18 @@ const user = {
  isActive: true
 }
 const permission = {
  type: PermissionType.route,
  principalType: PrincipalType.user,
  setting: PermissionSettingForRoute.grant
 }
 describe('drive', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  const controller = new UserController()
  const permissionController = new PermissionController()
  let accessToken: string
@@ -57,11 +71,32 @@ describe('drive', () => {
    con = await mongoose.connect(mongoServer.getUri())
    const dbUser = await controller.createUser(user)
-    accessToken = generateAccessToken({
+    accessToken = await generateAndSaveToken(dbUser.id)
-      clientId,
+    await permissionController.createPermission({
-      userId: dbUser.id
+      ...permission,
      path: '/SASjsApi/drive/deploy',
      principalId: dbUser.id
    })
    await permissionController.createPermission({
      ...permission,
      path: '/SASjsApi/drive/deploy/upload',
      principalId: dbUser.id
    })
    await permissionController.createPermission({
      ...permission,
      path: '/SASjsApi/drive/file',
      principalId: dbUser.id
    })
    await permissionController.createPermission({
      ...permission,
      path: '/SASjsApi/drive/folder',
      principalId: dbUser.id
    })
    await permissionController.createPermission({
      ...permission,
      path: '/SASjsApi/drive/rename',
      principalId: dbUser.id
    })
    await saveTokensInDB(dbUser.id, clientId, accessToken, 'refreshToken')
  })
  afterAll(async () => {
@@ -72,11 +107,52 @@ describe('drive', () => {
  })
  describe('deploy', () => {
-    const shouldFailAssertion = async (payload: any) => {
+    const makeRequest = async (payload: any, type: string = 'payload') => {
-      const res = await request(app)
+      const requestUrl =
-        .post('/SASjsApi/drive/deploy')
+        type === 'payload'
-        .auth(accessToken, { type: 'bearer' })
+          ? '/SASjsApi/drive/deploy'
-        .send({ appLoc: '/Public', fileTree: payload })
+          : '/SASjsApi/drive/deploy/upload'
      if (type === 'payload') {
        return await request(app)
          .post(requestUrl)
          .auth(accessToken, { type: 'bearer' })
          .send({ appLoc: '/Public', fileTree: payload })
      }
      if (type === 'file') {
        const deployContents = JSON.stringify({
          appLoc: '/Public',
          fileTree: payload
        })
        return await request(app)
          .post(requestUrl)
          .auth(accessToken, { type: 'bearer' })
          .attach('file', Buffer.from(deployContents), 'deploy.json')
      } else {
        const deployContents = JSON.stringify({
          appLoc: '/Public',
          fileTree: payload
        })
        const zip = new AdmZip()
        // add file directly
        zip.addFile(
          'deploy.json',
          Buffer.from(deployContents, 'utf8'),
          'entry comment goes here'
        )
        return await request(app)
          .post(requestUrl)
          .auth(accessToken, { type: 'bearer' })
          .attach('file', zip.toBuffer(), 'deploy.json.zip')
      }
    }
    const shouldFailAssertion = async (
      payload: any,
      type: string = 'payload'
    ) => {
      const res = await makeRequest(payload, type)
      expect(res.statusCode).toEqual(400)
@@ -176,6 +252,240 @@ describe('drive', () => {
      await deleteFolder(path.join(getFilesFolder(), 'public'))
    })
    describe('upload', () => {
      it('should respond with payload example if valid JSON file was not provided', async () => {
        await shouldFailAssertion(null, 'file')
        await shouldFailAssertion(undefined, 'file')
        await shouldFailAssertion('data', 'file')
        await shouldFailAssertion({}, 'file')
        await shouldFailAssertion(
          {
            userId: 1,
            title: 'test is cool'
          },
          'file'
        )
        await shouldFailAssertion(
          {
            membersWRONG: []
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: {}
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                nameWRONG: 'jobs',
                type: 'folder',
                members: []
              }
            ]
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'WRONG',
                members: []
              }
            ]
          },
          'file'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'folder',
                members: [
                  {
                    name: 'extract',
                    type: 'folder',
                    members: [
                      {
                        name: 'makedata1',
                        type: 'service',
                        codeWRONG: '%put Hello World!;'
                      }
                    ]
                  }
                ]
              }
            ]
          },
          'file'
        )
      })
      it('should successfully deploy if valid JSON file was provided', async () => {
        const deployContents = JSON.stringify({
          appLoc: '/public',
          fileTree: getTreeExample()
        })
        const res = await request(app)
          .post('/SASjsApi/drive/deploy/upload')
          .auth(accessToken, { type: 'bearer' })
          .attach('file', Buffer.from(deployContents), 'deploy.json')
        expect(res.statusCode).toEqual(200)
        expect(res.text).toEqual(
          '{"status":"success","message":"Files deployed successfully to @sasjs/server."}'
        )
        await expect(folderExists(getFilesFolder())).resolves.toEqual(true)
        const testJobFolder = path.join(
          getFilesFolder(),
          'public',
          'jobs',
          'extract'
        )
        await expect(folderExists(testJobFolder)).resolves.toEqual(true)
        const exampleService = getExampleService()
        const testJobFile =
          path.join(testJobFolder, exampleService.name) + '.sas'
        await expect(fileExists(testJobFile)).resolves.toEqual(true)
        await expect(readFile(testJobFile)).resolves.toEqual(
          exampleService.code
        )
        await deleteFolder(path.join(getFilesFolder(), 'public'))
      })
    })
    describe('upload - zipped', () => {
      it('should respond with payload example if valid Zipped file was not provided', async () => {
        await shouldFailAssertion(null, 'zip')
        await shouldFailAssertion(undefined, 'zip')
        await shouldFailAssertion('data', 'zip')
        await shouldFailAssertion({}, 'zip')
        await shouldFailAssertion(
          {
            userId: 1,
            title: 'test is cool'
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            membersWRONG: []
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: {}
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                nameWRONG: 'jobs',
                type: 'folder',
                members: []
              }
            ]
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'WRONG',
                members: []
              }
            ]
          },
          'zip'
        )
        await shouldFailAssertion(
          {
            members: [
              {
                name: 'jobs',
                type: 'folder',
                members: [
                  {
                    name: 'extract',
                    type: 'folder',
                    members: [
                      {
                        name: 'makedata1',
                        type: 'service',
                        codeWRONG: '%put Hello World!;'
                      }
                    ]
                  }
                ]
              }
            ]
          },
          'zip'
        )
      })
      it('should successfully deploy if valid Zipped file was provided', async () => {
        const deployContents = JSON.stringify({
          appLoc: '/public',
          fileTree: getTreeExample()
        })
        const zip = new AdmZip()
        // add file directly
        zip.addFile(
          'deploy.json',
          Buffer.from(deployContents, 'utf8'),
          'entry comment goes here'
        )
        const res = await request(app)
          .post('/SASjsApi/drive/deploy/upload')
          .auth(accessToken, { type: 'bearer' })
          .attach('file', zip.toBuffer(), 'deploy.json.zip')
        expect(res.statusCode).toEqual(200)
        expect(res.text).toEqual(
          '{"status":"success","message":"Files deployed successfully to @sasjs/server."}'
        )
        await expect(folderExists(getFilesFolder())).resolves.toEqual(true)
        const testJobFolder = path.join(
          getFilesFolder(),
          'public',
          'jobs',
          'extract'
        )
        await expect(folderExists(testJobFolder)).resolves.toEqual(true)
        const exampleService = getExampleService()
        const testJobFile =
          path.join(testJobFolder, exampleService.name) + '.sas'
        await expect(fileExists(testJobFile)).resolves.toEqual(true)
        await expect(readFile(testJobFile)).resolves.toEqual(
          exampleService.code
        )
        await deleteFolder(path.join(getFilesFolder(), 'public'))
      })
    })
  })
  describe('folder', () => {
@@ -241,29 +551,29 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if folder is not present', async () => {
+      it('should respond with Not Found if folder is not present', async () => {
        const res = await request(app)
          .get(getFolderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: `/my/path/code-${generateTimestamp()}` })
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual(`Error: Folder doesn't exist.`)
+        expect(res.text).toEqual(`Folder doesn't exist.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if folderPath outside Drive', async () => {
+      it('should respond with Bad Request if folderPath outside Drive', async () => {
        const res = await request(app)
          .get(getFolderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: '/../path/code.sas' })
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot get folder outside drive.')
+        expect(res.text).toEqual(`Can't get folder outside drive.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if folderPath is of a file', async () => {
+      it('should respond with Bad Request if folderPath is of a file', async () => {
        const fileToCopyPath = path.join(__dirname, 'files', 'sample.sas')
        const filePath = '/my/path/code.sas'
@@ -274,12 +584,96 @@ describe('drive', () => {
          .get(getFolderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: filePath })
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Not a Folder.')
+        expect(res.text).toEqual('Not a Folder.')
        expect(res.body).toEqual({})
      })
    })
    describe('post', () => {
      const folderApi = '/SASjsApi/drive/folder'
      const pathToDrive = fileUtilModules.getFilesFolder()
      afterEach(async () => {
        await deleteFolder(path.join(pathToDrive, 'post'))
      })
      it('should create a folder on drive', async () => {
        const res = await request(app)
          .post(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .send({ folderPath: '/post/folder' })
        expect(res.statusCode).toEqual(200)
        expect(res.body).toEqual({
          status: 'success'
        })
      })
      it('should respond with Conflict if the folder already exists', async () => {
        await createFolder(path.join(pathToDrive, '/post/folder'))
        const res = await request(app)
          .post(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .send({ folderPath: '/post/folder' })
          .expect(409)
        expect(res.text).toEqual(`Folder already exists.`)
        expect(res.statusCode).toEqual(409)
      })
      it('should respond with Bad Request if the folderPath is outside drive', async () => {
        const res = await request(app)
          .post(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .send({ folderPath: '../sample' })
          .expect(400)
        expect(res.text).toEqual(`Can't put folder outside drive.`)
      })
    })
    describe('delete', () => {
      const folderApi = '/SASjsApi/drive/folder'
      const pathToDrive = fileUtilModules.getFilesFolder()
      it('should delete a folder on drive', async () => {
        await createFolder(path.join(pathToDrive, 'delete'))
        const res = await request(app)
          .delete(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: 'delete' })
        expect(res.statusCode).toEqual(200)
        expect(res.body).toEqual({
          status: 'success'
        })
      })
      it('should respond with Not Found if the folder does not  exists', async () => {
        const res = await request(app)
          .delete(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: 'notExists' })
          .expect(404)
        expect(res.text).toEqual(`Folder doesn't exist.`)
      })
      it('should respond with Bad Request if the folderPath is outside drive', async () => {
        const res = await request(app)
          .delete(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: '../outsideDrive' })
          .expect(400)
        expect(res.text).toEqual(`Can't delete folder outside drive.`)
      })
    })
  })
  describe('file', () => {
@@ -325,7 +719,7 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if file is already present', async () => {
+      it('should respond with Conflict if file is already present', async () => {
        const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
        const pathToUpload = `/my/path/code-${generateTimestamp()}.sas`
@@ -340,13 +734,13 @@ describe('drive', () => {
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', pathToUpload)
          .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(409)
-        expect(res.text).toEqual('Error: File already exists.')
+        expect(res.text).toEqual('File already exists.')
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
        const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
        const pathToUpload = '/../path/code.sas'
@@ -355,9 +749,9 @@ describe('drive', () => {
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', pathToUpload)
          .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot put file outside drive.')
+        expect(res.text).toEqual(`Can't put file outside drive.`)
        expect(res.body).toEqual({})
      })
@@ -492,19 +886,19 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if file is not present', async () => {
+      it('should respond with Not Found if file is not present', async () => {
        const res = await request(app)
          .patch('/SASjsApi/drive/file')
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', `/my/path/code-3.sas`)
          .attach('file', path.join(__dirname, 'files', 'sample.sas'))
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual(`Error: File doesn't exist.`)
+        expect(res.text).toEqual(`File doesn't exist.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
        const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
        const pathToUpload = '/../path/code.sas'
@@ -513,9 +907,9 @@ describe('drive', () => {
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', pathToUpload)
          .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot modify file outside drive.')
+        expect(res.text).toEqual(`Can't modify file outside drive.`)
        expect(res.body).toEqual({})
      })
@@ -620,25 +1014,25 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if file is not present', async () => {
+      it('should respond with Not Found if file is not present', async () => {
        const res = await request(app)
          .get('/SASjsApi/drive/file')
          .auth(accessToken, { type: 'bearer' })
          .query({ _filePath: `/my/path/code-4.sas` })
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual(`Error: File doesn't exist.`)
+        expect(res.text).toEqual(`File doesn't exist.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
        const res = await request(app)
          .get('/SASjsApi/drive/file')
          .auth(accessToken, { type: 'bearer' })
          .query({ _filePath: '/../path/code.sas' })
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot get file outside drive.')
+        expect(res.text).toEqual(`Can't get file outside drive.`)
        expect(res.body).toEqual({})
      })
@@ -664,8 +1058,150 @@ describe('drive', () => {
      })
    })
  })
  describe('rename', () => {
    const renameApi = '/SASjsApi/drive/rename'
    const pathToDrive = fileUtilModules.getFilesFolder()
    afterEach(async () => {
      await deleteFolder(path.join(pathToDrive, 'rename'))
    })
    it('should rename a folder', async () => {
      await createFolder(path.join(pathToDrive, 'rename', 'folder'))
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/folder', newPath: '/rename/renamed' })
      expect(res.statusCode).toEqual(200)
      expect(res.body).toEqual({
        status: 'success'
      })
    })
    it('should rename a file', async () => {
      await createFile(
        path.join(pathToDrive, 'rename', 'file.txt'),
        'some file content'
      )
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({
          oldPath: '/rename/file.txt',
          newPath: '/rename/renamed.txt'
        })
      expect(res.statusCode).toEqual(200)
      expect(res.body).toEqual({
        status: 'success'
      })
    })
    it('should respond with Bad Request if the oldPath is missing', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ newPath: 'newPath' })
        .expect(400)
      expect(res.text).toEqual(`\"oldPath\" is required`)
    })
    it('should respond with Bad Request if the newPath is missing', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: 'oldPath' })
        .expect(400)
      expect(res.text).toEqual(`\"newPath\" is required`)
    })
    it('should respond with Bad Request if the oldPath is outside drive', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '../outside', newPath: 'renamed' })
        .expect(400)
      expect(res.text).toEqual(`Old path can't be outside of drive.`)
    })
    it('should respond with Bad Request if the newPath is outside drive', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: 'older', newPath: '../outside' })
        .expect(400)
      expect(res.text).toEqual(`New path can't be outside of drive.`)
    })
    it('should respond with Not Found if the folder does not exist', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/not exists', newPath: '/rename/renamed' })
        .expect(404)
      expect(res.text).toEqual('No file/folder found for provided path.')
    })
    it('should respond with Conflict if the folder already exists', async () => {
      await createFolder(path.join(pathToDrive, 'rename', 'folder'))
      await createFolder(path.join(pathToDrive, 'rename', 'exists'))
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/folder', newPath: '/rename/exists' })
        .expect(409)
      expect(res.text).toEqual('Folder with new name already exists.')
    })
    it('should respond with Not Found if the file does not exist', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/file.txt', newPath: '/rename/renamed.txt' })
        .expect(404)
      expect(res.text).toEqual('No file/folder found for provided path.')
    })
    it('should respond with Conflict if the file already exists', async () => {
      await createFile(
        path.join(pathToDrive, 'rename', 'file.txt'),
        'some file content'
      )
      await createFile(
        path.join(pathToDrive, 'rename', 'exists.txt'),
        'some existing content'
      )
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/file.txt', newPath: '/rename/exists.txt' })
        .expect(409)
      expect(res.text).toEqual('File with new name already exists.')
    })
  })
 })
 const getExampleService = (): ServiceMember =>
  ((getTreeExample().members[0] as FolderMember).members[0] as FolderMember)
    .members[0] as ServiceMember
 const generateAndSaveToken = async (userId: number) => {
  const adminAccessToken = generateAccessToken({
    clientId,
    userId
  })
  await saveTokensInDB(userId, clientId, adminAccessToken, 'refreshToken')
  return adminAccessToken
 }
--- a/api/src/routes/api/spec/group.spec.ts
+++ b/api/src/routes/api/spec/group.spec.ts
@@ -5,6 +5,7 @@ import request from 'supertest'
 import appPromise from '../../../app'
 import { UserController, GroupController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 import { PUBLIC_GROUP_NAME } from '../../../model/Group'
 const clientId = 'someclientID'
 const adminUser = {
@@ -23,10 +24,16 @@ const user = {
 }
 const group = {
-  name: 'DCGroup1',
+  name: 'dcgroup1',
  description: 'DC group for testing purposes.'
 }
 const PUBLIC_GROUP = {
  name: PUBLIC_GROUP_NAME,
  description:
    'A special group that can be used to bypass authentication for particular routes.'
 }
 const userController = new UserController()
 const groupController = new GroupController()
@@ -70,6 +77,32 @@ describe('group', () => {
      expect(res.body.users).toEqual([])
    })
    it('should respond with Conflict when group already exists with same name', async () => {
      await groupController.createGroup(group)
      const res = await request(app)
        .post('/SASjsApi/group')
        .auth(adminAccessToken, { type: 'bearer' })
        .send(group)
        .expect(409)
      expect(res.text).toEqual('Group name already exists.')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request when group name does not match the group name schema', async () => {
      const res = await request(app)
        .post('/SASjsApi/group')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({ ...group, name: 'Wrong Group Name' })
        .expect(400)
      expect(res.text).toEqual(
        '"name" must only contain alpha-numeric characters'
      )
      expect(res.body).toEqual({})
    })
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app).post('/SASjsApi/group').send().expect(401)
@@ -125,14 +158,51 @@ describe('group', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if groupId is incorrect', async () => {
+    it(`should delete group's reference from users' groups array`, async () => {
      const dbGroup = await groupController.createGroup(group)
      const dbUser1 = await userController.createUser({
        ...user,
        username: 'deletegroup1'
      })
      const dbUser2 = await userController.createUser({
        ...user,
        username: 'deletegroup2'
      })
      await groupController.addUserToGroup(dbGroup.groupId, dbUser1.id)
      await groupController.addUserToGroup(dbGroup.groupId, dbUser2.id)
      await request(app)
        .delete(`/SASjsApi/group/${dbGroup.groupId}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      const res1 = await request(app)
        .get(`/SASjsApi/user/${dbUser1.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res1.body.groups).toEqual([])
      const res2 = await request(app)
        .get(`/SASjsApi/user/${dbUser2.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res2.body.groups).toEqual([])
    })
    it('should respond with Not Found if groupId is incorrect', async () => {
      const res = await request(app)
        .delete(`/SASjsApi/group/1234`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: No Group deleted!')
+      expect(res.text).toEqual('Group not found.')
      expect(res.body).toEqual({})
    })
@@ -216,16 +286,76 @@ describe('group', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if groupId is incorrect', async () => {
+    it('should respond with Not Found if groupId is incorrect', async () => {
      const res = await request(app)
        .get('/SASjsApi/group/1234')
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: Group not found.')
+      expect(res.text).toEqual('Group not found.')
      expect(res.body).toEqual({})
    })
    describe('by group name', () => {
      it('should respond with group', async () => {
        const { name } = await groupController.createGroup(group)
        const res = await request(app)
          .get(`/SASjsApi/group/by/groupname/${name}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.groupId).toBeTruthy()
        expect(res.body.name).toEqual(group.name)
        expect(res.body.description).toEqual(group.description)
        expect(res.body.isActive).toEqual(true)
        expect(res.body.users).toEqual([])
      })
      it('should respond with group when access token is not of an admin account', async () => {
        const accessToken = await generateSaveTokenAndCreateUser({
          ...user,
          username: 'getbyname' + user.username
        })
        const { name } = await groupController.createGroup(group)
        const res = await request(app)
          .get(`/SASjsApi/group/by/groupname/${name}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.groupId).toBeTruthy()
        expect(res.body.name).toEqual(group.name)
        expect(res.body.description).toEqual(group.description)
        expect(res.body.isActive).toEqual(true)
        expect(res.body.users).toEqual([])
      })
      it('should respond with Unauthorized if access token is not present', async () => {
        const res = await request(app)
          .get('/SASjsApi/group/by/groupname/dcgroup')
          .send()
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Not Found if groupname is incorrect', async () => {
        const res = await request(app)
          .get('/SASjsApi/group/by/groupname/randomCharacters')
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(404)
        expect(res.text).toEqual('Group not found.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('getAll', () => {
@@ -245,8 +375,8 @@ describe('group', () => {
      expect(res.body).toEqual([
        {
          groupId: expect.anything(),
-          name: 'DCGroup1',
+          name: group.name,
-          description: 'DC group for testing purposes.'
+          description: group.description
        }
      ])
    })
@@ -267,8 +397,8 @@ describe('group', () => {
      expect(res.body).toEqual([
        {
          groupId: expect.anything(),
-          name: 'DCGroup1',
+          name: group.name,
-          description: 'DC group for testing purposes.'
+          description: group.description
        }
      ])
    })
@@ -309,6 +439,34 @@ describe('group', () => {
      ])
    })
    it(`should add group to user's groups array`, async () => {
      const dbGroup = await groupController.createGroup(group)
      const dbUser = await userController.createUser({
        ...user,
        username: 'addUserToGroup'
      })
      await request(app)
        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      const res = await request(app)
        .get(`/SASjsApi/user/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body.groups).toEqual([
        {
          groupId: expect.anything(),
          name: group.name,
          description: group.description
        }
      ])
    })
    it('should respond with group without duplicating user', async () => {
      const dbGroup = await groupController.createGroup(group)
      const dbUser = await userController.createUser({
@@ -362,28 +520,46 @@ describe('group', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if groupId is incorrect', async () => {
+    it('should respond with Not Found if groupId is incorrect', async () => {
      const res = await request(app)
        .post('/SASjsApi/group/123/123')
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: Group not found.')
+      expect(res.text).toEqual('Group not found.')
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if userId is incorrect', async () => {
+    it('should respond with Not Found if userId is incorrect', async () => {
      const dbGroup = await groupController.createGroup(group)
      const res = await request(app)
        .post(`/SASjsApi/group/${dbGroup.groupId}/123`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: User not found.')
+      expect(res.text).toEqual('User not found.')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request when adding user to Public group', async () => {
      const dbGroup = await groupController.createGroup(PUBLIC_GROUP)
      const dbUser = await userController.createUser({
        ...user,
        username: 'publicUser'
      })
      const res = await request(app)
        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(400)
      expect(res.text).toEqual(
        `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
      )
    })
  })
  describe('RemoveUser', () => {
@@ -412,6 +588,29 @@ describe('group', () => {
      expect(res.body.users).toEqual([])
    })
    it(`should remove group from user's groups array`, async () => {
      const dbGroup = await groupController.createGroup(group)
      const dbUser = await userController.createUser({
        ...user,
        username: 'removeGroupFromUser'
      })
      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
      await request(app)
        .delete(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      const res = await request(app)
        .get(`/SASjsApi/user/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body.groups).toEqual([])
    })
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app)
        .delete('/SASjsApi/group/123/123')
@@ -438,26 +637,26 @@ describe('group', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if groupId is incorrect', async () => {
+    it('should respond with Not Found if groupId is incorrect', async () => {
      const res = await request(app)
        .delete('/SASjsApi/group/123/123')
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: Group not found.')
+      expect(res.text).toEqual('Group not found.')
      expect(res.body).toEqual({})
    })
-    it('should respond with Forbidden if userId is incorrect', async () => {
+    it('should respond with Not Found if userId is incorrect', async () => {
      const dbGroup = await groupController.createGroup(group)
      const res = await request(app)
        .delete(`/SASjsApi/group/${dbGroup.groupId}/123`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
-        .expect(403)
+        .expect(404)
-      expect(res.text).toEqual('Error: User not found.')
+      expect(res.text).toEqual('User not found.')
      expect(res.body).toEqual({})
    })
  })
--- a/api/src/routes/api/spec/permission.spec.ts
+++ b/api/src/routes/api/spec/permission.spec.ts
@@ -0,0 +1,596 @@
 import { Express } from 'express'
 import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
 import {
  DriveController,
  UserController,
  GroupController,
  PermissionController,
  PrincipalType,
  PermissionType,
  PermissionSettingForRoute
 } from '../../../controllers/'
 import {
  UserDetailsResponse,
  PermissionDetailsResponse
 } from '../../../controllers'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 const deployPayload = {
  appLoc: 'string',
  streamWebFolder: 'string',
  fileTree: {
    members: [
      {
        name: 'string',
        type: 'folder',
        members: [
          'string',
          {
            name: 'string',
            type: 'service',
            code: 'string'
          }
        ]
      }
    ]
  }
 }
 const clientId = 'someclientID'
 const adminUser = {
  displayName: 'Test Admin',
  username: 'testAdminUsername',
  password: '12345678',
  isAdmin: true,
  isActive: true
 }
 const user = {
  displayName: 'Test User',
  username: 'testUsername',
  password: '87654321',
  isAdmin: false,
  isActive: true
 }
 const permission = {
  path: '/SASjsApi/code/execute',
  type: PermissionType.route,
  setting: PermissionSettingForRoute.grant,
  principalType: PrincipalType.user
 }
 const group = {
  name: 'DCGroup1',
  description: 'DC group for testing purposes.'
 }
 const userController = new UserController()
 const groupController = new GroupController()
 const permissionController = new PermissionController()
 describe('permission', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  let adminAccessToken: string
  let dbUser: UserDetailsResponse
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
    adminAccessToken = await generateSaveTokenAndCreateUser()
    dbUser = await userController.createUser(user)
  })
  afterAll(async () => {
    await con.connection.dropDatabase()
    await con.connection.close()
    await mongoServer.stop()
  })
  describe('create', () => {
    afterEach(async () => {
      await deleteAllPermissions()
    })
    it('should respond with new permission when principalType is user', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({ ...permission, principalId: dbUser.id })
        .expect(200)
      expect(res.body.permissionId).toBeTruthy()
      expect(res.body.path).toEqual(permission.path)
      expect(res.body.type).toEqual(permission.type)
      expect(res.body.setting).toEqual(permission.setting)
      expect(res.body.user).toBeTruthy()
    })
    it('should respond with new permission when principalType is group', async () => {
      const dbGroup = await groupController.createGroup(group)
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalType: 'group',
          principalId: dbGroup.groupId
        })
        .expect(200)
      expect(res.body.permissionId).toBeTruthy()
      expect(res.body.path).toEqual(permission.path)
      expect(res.body.type).toEqual(permission.type)
      expect(res.body.setting).toEqual(permission.setting)
      expect(res.body.group).toBeTruthy()
    })
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .send(permission)
        .expect(401)
      expect(res.text).toEqual('Unauthorized')
      expect(res.body).toEqual({})
    })
    it('should respond with Unauthorized if access token is not of an admin account', async () => {
      const accessToken = await generateAndSaveToken(dbUser.id)
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(accessToken, { type: 'bearer' })
        .send(permission)
        .expect(401)
      expect(res.text).toEqual('Admin account required')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if path is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          path: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"path" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if path is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          path: '/some/random/api/endpoint'
        })
        .expect(400)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if type is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          type: 'invalid'
        })
        .expect(400)
      expect(res.text).toEqual('"type" must be [Route]')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if type is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          type: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"type" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if setting is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          setting: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"setting" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if setting is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          setting: 'invalid'
        })
        .expect(400)
      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principalType is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalType: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"principalType" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principal type is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalType: 'invalid'
        })
        .expect(400)
      expect(res.text).toEqual('"principalType" must be one of [user, group]')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principalId is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalId: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"principalId" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principalId is not a number', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalId: 'someCharacters'
        })
        .expect(400)
      expect(res.text).toEqual('"principalId" must be a number')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if adding permission for admin user', async () => {
      const adminUser = await userController.createUser({
        ...user,
        username: 'adminUser',
        isAdmin: true
      })
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalId: adminUser.id
        })
        .expect(400)
      expect(res.text).toEqual('Can not add permission for admin user.')
      expect(res.body).toEqual({})
    })
    it('should respond with Not Found (404) if user is not found', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalId: 123
        })
        .expect(404)
      expect(res.text).toEqual('User not found.')
      expect(res.body).toEqual({})
    })
    it('should respond with Not Found (404) if group is not found', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalType: 'group',
          principalId: 123
        })
        .expect(404)
      expect(res.text).toEqual('Group not found.')
      expect(res.body).toEqual({})
    })
    it('should respond with Conflict (409) if permission already exists', async () => {
      await permissionController.createPermission({
        ...permission,
        principalId: dbUser.id
      })
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({ ...permission, principalId: dbUser.id })
        .expect(409)
      expect(res.text).toEqual(
        'Permission already exists with provided Path, Type and User.'
      )
      expect(res.body).toEqual({})
    })
  })
  describe('update', () => {
    let dbPermission: PermissionDetailsResponse | undefined
    beforeAll(async () => {
      dbPermission = await permissionController.createPermission({
        ...permission,
        principalId: dbUser.id
      })
    })
    afterEach(async () => {
      await deleteAllPermissions()
    })
    it('should respond with updated permission', async () => {
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send({ setting: PermissionSettingForRoute.deny })
        .expect(200)
      expect(res.body.setting).toEqual('Deny')
    })
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .send()
        .expect(401)
      expect(res.text).toEqual('Unauthorized')
      expect(res.body).toEqual({})
    })
    it('should respond with Unauthorized if access token is not of an admin account', async () => {
      const accessToken = await generateSaveTokenAndCreateUser({
        ...user,
        username: 'update' + user.username
      })
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(401)
      expect(res.text).toEqual('Admin account required')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if setting is missing', async () => {
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(400)
      expect(res.text).toEqual(`"setting" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if setting is  invalid', async () => {
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          setting: 'invalid'
        })
        .expect(400)
      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
      expect(res.body).toEqual({})
    })
    it('should respond with not found (404) if permission with provided id does not exist', async () => {
      const res = await request(app)
        .patch('/SASjsApi/permission/123')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          setting: PermissionSettingForRoute.deny
        })
        .expect(404)
      expect(res.text).toEqual('Permission not found.')
      expect(res.body).toEqual({})
    })
  })
  describe('delete', () => {
    it('should delete permission', async () => {
      const dbPermission = await permissionController.createPermission({
        ...permission,
        principalId: dbUser.id
      })
      const res = await request(app)
        .delete(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.text).toEqual('Permission Deleted!')
    })
    it('should respond with not found (404) if permission with provided id does not exists', async () => {
      const res = await request(app)
        .delete('/SASjsApi/permission/123')
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(404)
      expect(res.text).toEqual('Permission not found.')
    })
  })
  describe('get', () => {
    beforeAll(async () => {
      await permissionController.createPermission({
        ...permission,
        path: '/test-1',
        principalId: dbUser.id
      })
      await permissionController.createPermission({
        ...permission,
        path: '/test-2',
        principalId: dbUser.id
      })
    })
    it('should give a list of all permissions when user is admin', async () => {
      const res = await request(app)
        .get('/SASjsApi/permission/')
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body).toHaveLength(2)
    })
    it(`should give a list of user's own  permissions when user is not admin`, async () => {
      const nonAdminUser = await userController.createUser({
        ...user,
        username: 'get' + user.username
      })
      const accessToken = await generateAndSaveToken(nonAdminUser.id)
      await permissionController.createPermission({
        path: '/test-1',
        type: PermissionType.route,
        principalType: PrincipalType.user,
        principalId: nonAdminUser.id,
        setting: PermissionSettingForRoute.grant
      })
      const permissionCount = 1
      const res = await request(app)
        .get('/SASjsApi/permission/')
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body).toHaveLength(permissionCount)
    })
  })
  describe('verify', () => {
    beforeAll(async () => {
      await permissionController.createPermission({
        ...permission,
        path: '/SASjsApi/drive/deploy',
        principalId: dbUser.id
      })
    })
    beforeEach(() => {
      jest
        .spyOn(DriveController.prototype, 'deploy')
        .mockImplementation((deployPayload) =>
          Promise.resolve({
            status: 'success',
            message: 'Files deployed successfully to @sasjs/server.'
          })
        )
    })
    afterEach(() => {
      jest.resetAllMocks()
    })
    it('should create files in SASJS drive', async () => {
      const accessToken = await generateAndSaveToken(dbUser.id)
      await request(app)
        .get('/SASjsApi/drive/deploy')
        .auth(accessToken, { type: 'bearer' })
        .send(deployPayload)
        .expect(200)
    })
    it('should respond unauthorized', async () => {
      const accessToken = await generateAndSaveToken(dbUser.id)
      await request(app)
        .get('/SASjsApi/drive/deploy/upload')
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(401)
    })
  })
 })
 const generateSaveTokenAndCreateUser = async (
  someUser?: any
 ): Promise<string> => {
  const dbUser = await userController.createUser(someUser ?? adminUser)
  return generateAndSaveToken(dbUser.id)
 }
 const generateAndSaveToken = async (userId: number) => {
  const adminAccessToken = generateAccessToken({
    clientId,
    userId
  })
  await saveTokensInDB(userId, clientId, adminAccessToken, 'refreshToken')
  return adminAccessToken
 }
 const deleteAllPermissions = async () => {
  const { collections } = mongoose.connection
  const collection = collections['permissions']
  await collection.deleteMany({})
 }
--- a/api/src/routes/api/spec/stp.spec.ts
+++ b/api/src/routes/api/spec/stp.spec.ts
@@ -0,0 +1,399 @@
 import path from 'path'
 import { Express } from 'express'
 import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
 import {
  UserController,
  PermissionController,
  PermissionType,
  PermissionSettingForRoute,
  PrincipalType
 } from '../../../controllers/'
 import {
  generateAccessToken,
  saveTokensInDB,
  getFilesFolder,
  RunTimeType,
  generateUniqueFileName,
  getSessionsFolder
 } from '../../../utils'
 import { createFile, generateTimestamp, deleteFolder } from '@sasjs/utils'
 import {
  SASSessionController,
  JSSessionController
 } from '../../../controllers/internal'
 import * as ProcessProgramModule from '../../../controllers/internal/processProgram'
 import { Session } from '../../../types'
 const clientId = 'someclientID'
 const user = {
  displayName: 'Test User',
  username: 'testUsername',
  password: '87654321',
  isAdmin: false,
  isActive: true
 }
 const sampleSasProgram = '%put hello world!;'
 const sampleJsProgram = `console.log('hello world!/')`
 const filesFolder = getFilesFolder()
 describe('stp', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  let accessToken: string
  const userController = new UserController()
  const permissionController = new PermissionController()
  beforeAll(async () => {
    app = await appPromise
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
    const dbUser = await userController.createUser(user)
    accessToken = await generateAndSaveToken(dbUser.id)
    await permissionController.createPermission({
      path: '/SASjsApi/stp/execute',
      type: PermissionType.route,
      principalType: PrincipalType.user,
      principalId: dbUser.id,
      setting: PermissionSettingForRoute.grant
    })
  })
  afterAll(async () => {
    await con.connection.dropDatabase()
    await con.connection.close()
    await mongoServer.stop()
  })
  describe('execute', () => {
    const testFilesFolder = `test-stp-${generateTimestamp()}`
    describe('get', () => {
      describe('with runtime js', () => {
        const testFilesFolder = `test-stp-${generateTimestamp()}`
        beforeAll(() => {
          process.runTimes = [RunTimeType.JS]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute js program when both js and sas program are present', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(sasProgramPath, sampleSasProgram)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.JS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when js program is not present but sas program exists', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          await createFile(sasProgramPath, sampleSasProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(400)
        })
      })
      describe('with runtime sas', () => {
        beforeAll(() => {
          process.runTimes = [RunTimeType.SAS]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute sas program when both sas and js programs are present', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(sasProgramPath, sampleSasProgram)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.SAS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when sas program do not exit but js exists', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(400)
        })
      })
      describe('with runtime js and sas', () => {
        beforeAll(() => {
          process.runTimes = [RunTimeType.JS, RunTimeType.SAS]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute js program when both js and sas program are present', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(sasProgramPath, sampleSasProgram)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.JS,
            expect.anything(),
            undefined
          )
        })
        it('should execute sas program when js program is not present but sas program exists', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          await createFile(sasProgramPath, sampleSasProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.SAS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when both sas and js programs do not exist', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(400)
        })
      })
      describe('with runtime sas and js', () => {
        beforeAll(() => {
          process.runTimes = [RunTimeType.SAS, RunTimeType.JS]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute sas program when both sas and js programs  exist', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(sasProgramPath, sampleSasProgram)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.SAS,
            expect.anything(),
            undefined
          )
        })
        it('should execute js program when sas program is not present but js program exists', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.JS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when both sas and js programs do not exist', async () => {
          const programPath = path.join(testFilesFolder, 'program')
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(400)
        })
      })
    })
  })
 })
 const generateSaveTokenAndCreateUser = async (
  someUser: any
 ): Promise<string> => {
  const userController = new UserController()
  const dbUser = await userController.createUser(someUser)
  return generateAndSaveToken(dbUser.id)
 }
 const generateAndSaveToken = async (userId: number) => {
  const accessToken = generateAccessToken({
    clientId,
    userId
  })
  await saveTokensInDB(userId, clientId, accessToken, 'refreshToken')
  return accessToken
 }
 const setupMocks = async () => {
  jest
    .spyOn(SASSessionController.prototype, 'getSession')
    .mockImplementation(mockedGetSession)
  jest
    .spyOn(JSSessionController.prototype, 'getSession')
    .mockImplementation(mockedGetSession)
  jest
    .spyOn(ProcessProgramModule, 'processProgram')
    .mockImplementation(() => Promise.resolve())
 }
 const mockedGetSession = async () => {
  const sessionId = generateUniqueFileName(generateTimestamp())
  const sessionFolder = path.join(getSessionsFolder(), sessionId)
  const creationTimeStamp = sessionId.split('-').pop() as string
  // death time of session is 15 mins from creation
  const deathTimeStamp = (
    parseInt(creationTimeStamp) +
    15 * 60 * 1000 -
    1000
  ).toString()
  const session: Session = {
    id: sessionId,
    ready: true,
    inUse: true,
    consumed: false,
    completed: false,
    creationTimeStamp,
    deathTimeStamp,
    path: sessionFolder
  }
  return session
 }
--- a/api/src/routes/api/spec/user.spec.ts
+++ b/api/src/routes/api/spec/user.spec.ts
@@ -3,7 +3,7 @@ import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
-import { UserController } from '../../../controllers/'
+import { UserController, GroupController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 const clientId = 'someclientID'
@@ -270,6 +270,102 @@ describe('user', () => {
      expect(res.text).toEqual('Error: Username already exists.')
      expect(res.body).toEqual({})
    })
    describe('by username', () => {
      it('should respond with updated user when admin user requests', async () => {
        const dbUser = await controller.createUser(user)
        const newDisplayName = 'My new display Name'
        const res = await request(app)
          .patch(`/SASjsApi/user/by/username/${user.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send({ ...user, displayName: newDisplayName })
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(newDisplayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
      })
      it('should respond with updated user when user himself requests', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const newDisplayName = 'My new display Name'
        const res = await request(app)
          .patch(`/SASjsApi/user/by/username/${user.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({
            displayName: newDisplayName,
            username: user.username,
            password: user.password
          })
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(newDisplayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
      })
      it('should respond with Bad Request, only admin can update isAdmin/isActive', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const newDisplayName = 'My new display Name'
        await request(app)
          .patch(`/SASjsApi/user/by/username/${user.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ ...user, displayName: newDisplayName })
          .expect(400)
      })
      it('should respond with Unauthorized if access token is not present', async () => {
        const res = await request(app)
          .patch('/SASjsApi/user/by/username/1234')
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Unauthorized when access token is not of an admin account or himself', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
          username: 'randomUser'
        })
        const accessToken = await generateAndSaveToken(dbUser2.id)
        const res = await request(app)
          .patch(`/SASjsApi/user/${dbUser1.id}`)
          .auth(accessToken, { type: 'bearer' })
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Admin account required')
        expect(res.body).toEqual({})
      })
      it('should respond with Forbidden if username is already present', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
          username: 'randomuser'
        })
        const res = await request(app)
          .patch(`/SASjsApi/user/by/username/${dbUser1.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send({ username: dbUser2.username })
          .expect(403)
        expect(res.text).toEqual('Error: Username already exists.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('delete', () => {
@@ -363,6 +459,89 @@ describe('user', () => {
      expect(res.text).toEqual('Error: Invalid password.')
      expect(res.body).toEqual({})
    })
    describe('by username', () => {
      it('should respond with OK when admin user requests', async () => {
        const dbUser = await controller.createUser(user)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body).toEqual({})
      })
      it('should respond with OK when user himself requests', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ password: user.password })
          .expect(200)
        expect(res.body).toEqual({})
      })
      it('should respond with Bad Request when user himself requests and password is missing', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(400)
        expect(res.text).toEqual(`"password" is required`)
        expect(res.body).toEqual({})
      })
      it('should respond with Unauthorized when access token is not present', async () => {
        const res = await request(app)
          .delete('/SASjsApi/user/by/username/RandomUsername')
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Unauthorized when access token is not of an admin account or himself', async () => {
        const dbUser1 = await controller.createUser(user)
        const dbUser2 = await controller.createUser({
          ...user,
          username: 'randomUser'
        })
        const accessToken = await generateAndSaveToken(dbUser2.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser1.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send(user)
          .expect(401)
        expect(res.text).toEqual('Admin account required')
        expect(res.body).toEqual({})
      })
      it('should respond with Forbidden when user himself requests and password is incorrect', async () => {
        const dbUser = await controller.createUser(user)
        const accessToken = await generateAndSaveToken(dbUser.id)
        const res = await request(app)
          .delete(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send({ password: 'incorrectpassword' })
          .expect(403)
        expect(res.text).toEqual('Error: Invalid password.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('get', () => {
@@ -392,6 +571,7 @@ describe('user', () => {
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
      expect(res.body.groups).toEqual([])
    })
    it('should respond with user autoExec when admin user requests', async () => {
@@ -409,6 +589,7 @@ describe('user', () => {
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
      expect(res.body.groups).toEqual([])
    })
    it('should respond with user when access token is not of an admin account', async () => {
@@ -431,6 +612,34 @@ describe('user', () => {
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toBeUndefined()
      expect(res.body.groups).toEqual([])
    })
    it('should respond with user along with associated groups', async () => {
      const dbUser = await controller.createUser(user)
      const userId = dbUser.id
      const accessToken = await generateAndSaveToken(userId)
      const group = {
        name: 'DCGroup1',
        description: 'DC group for testing purposes.'
      }
      const groupController = new GroupController()
      const dbGroup = await groupController.createGroup(group)
      await groupController.addUserToGroup(dbGroup.groupId, dbUser.id)
      const res = await request(app)
        .get(`/SASjsApi/user/${userId}`)
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(200)
      expect(res.body.username).toEqual(user.username)
      expect(res.body.displayName).toEqual(user.displayName)
      expect(res.body.isAdmin).toEqual(user.isAdmin)
      expect(res.body.isActive).toEqual(user.isActive)
      expect(res.body.autoExec).toEqual(user.autoExec)
      expect(res.body.groups.length).toBeGreaterThan(0)
    })
    it('should respond with Unauthorized if access token is not present', async () => {
@@ -455,6 +664,86 @@ describe('user', () => {
      expect(res.text).toEqual('Error: User is not found.')
      expect(res.body).toEqual({})
    })
    describe('by username', () => {
      it('should respond with user autoExec when same user requests', async () => {
        const dbUser = await controller.createUser(user)
        const userId = dbUser.id
        const accessToken = await generateAndSaveToken(userId)
        const res = await request(app)
          .get(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(user.displayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
        expect(res.body.autoExec).toEqual(user.autoExec)
      })
      it('should respond with user autoExec when admin user requests', async () => {
        const dbUser = await controller.createUser(user)
        const res = await request(app)
          .get(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(user.displayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
        expect(res.body.autoExec).toEqual(user.autoExec)
      })
      it('should respond with user when access token is not of an admin account', async () => {
        const accessToken = await generateSaveTokenAndCreateUser({
          ...user,
          username: 'randomUser'
        })
        const dbUser = await controller.createUser(user)
        const res = await request(app)
          .get(`/SASjsApi/user/by/username/${dbUser.username}`)
          .auth(accessToken, { type: 'bearer' })
          .send()
          .expect(200)
        expect(res.body.username).toEqual(user.username)
        expect(res.body.displayName).toEqual(user.displayName)
        expect(res.body.isAdmin).toEqual(user.isAdmin)
        expect(res.body.isActive).toEqual(user.isActive)
        expect(res.body.autoExec).toBeUndefined()
      })
      it('should respond with Unauthorized if access token is not present', async () => {
        const res = await request(app)
          .get('/SASjsApi/user/by/username/randomUsername')
          .send()
          .expect(401)
        expect(res.text).toEqual('Unauthorized')
        expect(res.body).toEqual({})
      })
      it('should respond with Forbidden if username is incorrect', async () => {
        await controller.createUser(user)
        const res = await request(app)
          .get('/SASjsApi/user/by/username/randomUsername')
          .auth(adminAccessToken, { type: 'bearer' })
          .send()
          .expect(403)
        expect(res.text).toEqual('Error: User is not found.')
        expect(res.body).toEqual({})
      })
    })
  })
  describe('getAll', () => {
@@ -481,12 +770,14 @@ describe('user', () => {
        {
          id: expect.anything(),
          username: adminUser.username,
-          displayName: adminUser.displayName
+          displayName: adminUser.displayName,
          isAdmin: adminUser.isAdmin
        },
        {
          id: expect.anything(),
          username: user.username,
-          displayName: user.displayName
+          displayName: user.displayName,
          isAdmin: user.isAdmin
        }
      ])
    })
@@ -507,12 +798,14 @@ describe('user', () => {
        {
          id: expect.anything(),
          username: adminUser.username,
-          displayName: adminUser.displayName
+          displayName: adminUser.displayName,
          isAdmin: adminUser.isAdmin
        },
        {
          id: expect.anything(),
          username: 'randomUser',
-          displayName: user.displayName
+          displayName: user.displayName,
          isAdmin: user.isAdmin
        }
      ])
    })
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -39,12 +39,11 @@ describe('web', () => {
  describe('home', () => {
    it('should respond with CSRF Token', async () => {
-      await request(app)
+      const res = await request(app).get('/').expect(200)
-        .get('/')
+
-        .expect(
+      expect(res.text).toMatch(
-          'set-cookie',
+        /<script>document.cookie = '(XSRF-TOKEN=.*; Max-Age=86400; SameSite=Strict; Path=\/;)'<\/script>/
-          /_csrf=.*; Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=.*; Path=\//
+      )
        )
    })
  })
@@ -79,7 +78,8 @@ describe('web', () => {
      expect(res.body.user).toEqual({
        id: expect.any(Number),
        username: user.username,
-        displayName: user.displayName
+        displayName: user.displayName,
        isAdmin: user.isAdmin
      })
    })
  })
@@ -153,10 +153,10 @@ describe('web', () => {
 const getCSRF = async (app: Express) => {
  // make request to get CSRF
-  const { header } = await request(app).get('/')
+  const { header, text } = await request(app).get('/')
  const cookies = header['set-cookie'].join()
-  const csrfToken = extractCSRF(cookies)
+  const csrfToken = extractCSRF(text)
  return { csrfToken, cookies }
 }
@@ -176,7 +176,7 @@ const performLogin = async (
  return { cookies: newCookies }
 }
-const extractCSRF = (cookies: string) =>
+const extractCSRF = (text: string) =>
-  /_csrf=(.*); Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=(.*); Path=\//.exec(
+  /<script>document.cookie = 'XSRF-TOKEN=(.*); Max-Age=86400; SameSite=Strict; Path=\/;'<\/script>/.exec(
-    cookies
+    text
-  )![2]
+  )![1]
--- a/api/src/routes/api/stp.ts
+++ b/api/src/routes/api/stp.ts
@@ -35,22 +35,24 @@ stpRouter.post(
  fileUploadController.preUploadMiddleware,
  fileUploadController.getMulterUploadObject().any(),
  async (req, res: any) => {
-    const { error: errQ, value: query } = executeProgramRawValidation(req.query)
+    // below validations are moved to preUploadMiddleware
-    const { error: errB, value: body } = executeProgramRawValidation(req.body)
+    // const { error: errQ, value: query } = executeProgramRawValidation(req.query)
    // const { error: errB, value: body } = executeProgramRawValidation(req.body)
-    if (errQ && errB) return res.status(400).send(errB.details[0].message)
+    // if (errQ && errB) return res.status(400).send(errB.details[0].message)
    try {
      const response = await controller.executeReturnJson(
        req,
-        body,
+        req.body,
-        query?._program
+        req.query?._program as string
      )
-      if (response instanceof Buffer) {
+      // TODO: investigate if this code is required
-        res.writeHead(200, (req as any).sasHeaders)
+      // if (response instanceof Buffer) {
-        return res.end(response)
+      //   res.writeHead(200, (req as any).sasHeaders)
-      }
+      //   return res.end(response)
      // }
      res.send(response)
    } catch (err: any) {
--- a/api/src/routes/api/user.ts
+++ b/api/src/routes/api/user.ts
@@ -7,6 +7,7 @@ import {
 } from '../../middlewares'
 import {
  deleteUserValidation,
  getUserValidation,
  registerUserValidation,
  updateUserValidation
 } from '../../utils'
@@ -36,6 +37,25 @@ userRouter.get('/', authenticateAccessToken, async (req, res) => {
  }
 })
 userRouter.get(
  '/by/username/:username',
  authenticateAccessToken,
  async (req, res) => {
    const { error, value: params } = getUserValidation(req.params)
    if (error) return res.status(400).send(error.details[0].message)
    const { username } = params
    const controller = new UserController()
    try {
      const response = await controller.getUserByUsername(req, username)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 userRouter.get('/:userId', authenticateAccessToken, async (req, res) => {
  const { userId } = req.params
@@ -48,6 +68,34 @@ userRouter.get('/:userId', authenticateAccessToken, async (req, res) => {
  }
 })
 userRouter.patch(
  '/by/username/:username',
  authenticateAccessToken,
  verifyAdminIfNeeded,
  async (req, res) => {
    const { user } = req
    const { error: errorUsername, value: params } = getUserValidation(
      req.params
    )
    if (errorUsername)
      return res.status(400).send(errorUsername.details[0].message)
    const { username } = params
    // only an admin can update `isActive` and `isAdmin` fields
    const { error, value: body } = updateUserValidation(req.body, user!.isAdmin)
    if (error) return res.status(400).send(error.details[0].message)
    const controller = new UserController()
    try {
      const response = await controller.updateUserByUsername(username, body)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 userRouter.patch(
  '/:userId',
  authenticateAccessToken,
@@ -70,6 +118,34 @@ userRouter.patch(
  }
 )
 userRouter.delete(
  '/by/username/:username',
  authenticateAccessToken,
  verifyAdminIfNeeded,
  async (req, res) => {
    const { user } = req
    const { error: errorUsername, value: params } = getUserValidation(
      req.params
    )
    if (errorUsername)
      return res.status(400).send(errorUsername.details[0].message)
    const { username } = params
    // only an admin can delete user without providing password
    const { error, value: data } = deleteUserValidation(req.body, user!.isAdmin)
    if (error) return res.status(400).send(error.details[0].message)
    const controller = new UserController()
    try {
      await controller.deleteUserByUsername(username, data, user!.isAdmin)
      res.status(200).send('Account Deleted!')
    } catch (err: any) {
      res.status(403).send(err.toString())
    }
  }
 )
 userRouter.delete(
  '/:userId',
  authenticateAccessToken,
--- a/api/src/routes/appStream/appStreamHtml.ts
+++ b/api/src/routes/appStream/appStreamHtml.ts
@@ -23,13 +23,21 @@ export const appStreamHtml = (appStreamConfig: AppStreamConfig) => `
    ${style}
  </head>
  <body>
-    <h1>App Stream</h1>
+    <header>
      <a href="/"><img src="/logo.png" alt="logo" class="logo"></a>
      <h1>App Stream</h1>
    </header>
    <div class="app-container">
-      ${Object.entries(appStreamConfig)
+        ${Object.entries(appStreamConfig)
-        .map(([streamServiceName, entry]) =>
+          .map(([streamServiceName, entry]) =>
-          singleAppStreamHtml(streamServiceName, entry.appLoc, entry.streamLogo)
+            singleAppStreamHtml(
-        )
+              streamServiceName,
-        .join('')}
+              entry.appLoc,
              entry.streamLogo
            )
          )
          .join('')}
        <a class="app" title="Upload build.json">
          <input id="fileId" type="file" hidden />
          <button id="uploadButton" style="margin-bottom: 5px; cursor: pointer">
--- a/api/src/routes/appStream/index.ts
+++ b/api/src/routes/appStream/index.ts
@@ -1,13 +1,16 @@
 import path from 'path'
-import express from 'express'
+import express, { Request } from 'express'
 import { authenticateAccessToken } from '../../middlewares'
 import { folderExists } from '@sasjs/utils'
 import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
 import { appStreamHtml } from './appStreamHtml'
 const appStreams: { [key: string]: string } = {}
 const router = express.Router()
-router.get('/', async (req, res) => {
+router.get('/', authenticateAccessToken, async (req, res) => {
  const content = appStreamHtml(process.appStreamConfig)
  res.cookie('XSRF-TOKEN', req.csrfToken())
@@ -44,7 +47,7 @@ export const publishAppStream = async (
      streamServiceName = `AppStreamName${appCount + 1}`
    }
-    router.use(`/${streamServiceName}`, express.static(pathToDeployment))
+    appStreams[streamServiceName] = pathToDeployment
    addEntryToAppStreamConfig(
      streamServiceName,
@@ -64,4 +67,26 @@ export const publishAppStream = async (
  return {}
 }
 router.get(`/*`, authenticateAccessToken, function (req: Request, res, next) {
  const reqPath = req.path.replace(/^\//, '')
  // Redirecting to url with trailing slash for appStream base URL only
  if (reqPath.split('/').length === 1 && !reqPath.endsWith('/'))
    // navigating to same url with slash at start
    return res.redirect(301, `${reqPath}/`)
  const appStream = reqPath.split('/')[0]
  const appStreamFilesPath = appStreams[appStream]
  if (appStreamFilesPath) {
    // resourcePath is without appStream base path
    const resourcePath = reqPath.split('/').slice(1).join('/') || 'index.html'
    req.url = resourcePath
    return express.static(appStreamFilesPath)(req, res, next)
  }
  return res.send("There's no App Stream available here.")
 })
 export default router
--- a/api/src/routes/appStream/style.ts
+++ b/api/src/routes/appStream/style.ts
@@ -5,18 +5,72 @@ export const style = `<style>
 .app-container {
  display: flex;
  flex-wrap: wrap;
-  align-items: baseline;
+  align-items: center;
  justify-content: center;
  padding-top: 50px;
 }
 .app-container .app {
  width: 150px;
  height: 180px;
  margin: 10px;
  overflow: hidden;
  text-align: center;
  text-decoration: none;
  color: black;
  background: #efefef;
  padding: 10px;
  border-radius: 7px;
  border: 1px solid #d7d7d7;
 }
 .app-container .app img{
  width: 100%;
  height: calc(100% - 30px);
  margin-bottom: 10px;
  border-radius: 10px;
 }
 #uploadButton {
  border: 0
 }
 #uploadButton:focus {
  outline: 0
 }
 #uploadMessage {
  position: relative;
  bottom: -5px;
 }
 header {
  transition: box-shadow 300ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;
  box-shadow: rgb(0 0 0 / 20%) 0px 2px 4px -1px, rgb(0 0 0 / 14%) 0px 4px 5px 0px, rgb(0 0 0 / 12%) 0px 1px 10px 0px;
  display: flex;
  width: 100%;
  box-sizing: border-box;
  flex-shrink: 0;
  position: fixed;
  top: 0px;
  left: auto;
  right: 0px;
  background-color: rgb(0, 0, 0);
  color: rgb(255, 255, 255);
  z-index: 1201;
 }
 header h1 {
  margin: 13px;
  font-size: 20px;
 }
 header a {
  align-self: center;
 }
 header .logo {
  width: 35px;
  margin-left: 10px;
  align-self: center;
 }
 </style>`
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -1,6 +1,6 @@
 import express from 'express'
 import { WebController } from '../../controllers/web'
-import { authenticateAccessToken } from '../../middlewares'
+import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
 const webRouter = express.Router()
@@ -11,15 +11,19 @@ webRouter.get('/', async (req, res) => {
  try {
    response = await controller.home()
  } catch (_) {
-    response = 'Web Build is not present'
+    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
-    res.cookie('XSRF-TOKEN', req.csrfToken())
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${req.csrfToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
    )
-    return res.send(response)
+    return res.send(injectedContent)
  }
 })
-webRouter.post('/SASLogon/login', async (req, res) => {
+webRouter.post('/SASLogon/login', desktopRestrict, async (req, res) => {
  const { error, value: body } = loginWebValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
@@ -33,6 +37,7 @@ webRouter.post('/SASLogon/login', async (req, res) => {
 webRouter.post(
  '/SASLogon/authorize',
  desktopRestrict,
  authenticateAccessToken,
  async (req, res) => {
    const { error, value: body } = authorizeValidation(req.body)
@@ -47,7 +52,7 @@ webRouter.post(
  }
 )
-webRouter.get('/logout', async (req, res) => {
+webRouter.get('/SASLogon/logout', desktopRestrict, async (req, res) => {
  try {
    await controller.logout(req)
    res.status(200).send('OK!')
--- a/api/src/server.ts
+++ b/api/src/server.ts
@@ -16,9 +16,9 @@ appPromise.then(async (app) => {
      )
    })
  } else {
-    const { key, cert } = await getCertificates()
+    const { key, cert, ca } = await getCertificates()
-    const httpsServer = createServer({ key, cert }, app)
+    const httpsServer = createServer({ key, cert, ca }, app)
    httpsServer.listen(sasJsPort, () => {
      console.log(
        `⚡️[server]: Server is running at https://localhost:${sasJsPort}`
--- a/api/src/types/TreeNode.ts
+++ b/api/src/types/TreeNode.ts
@@ -2,5 +2,6 @@ export interface TreeNode {
  name: string
  relativePath: string
  absolutePath: string
  isFolder: boolean
  children: Array<TreeNode>
 }
--- a/api/src/types/system/express.d.ts
+++ b/api/src/types/system/express.d.ts
@@ -2,6 +2,6 @@ declare namespace Express {
  export interface Request {
    accessToken?: string
    user?: import('../').RequestUser
-    sasSession?: import('../').Session
+    sasjsSession?: import('../').Session
  }
 }
--- a/api/src/types/system/process.d.ts
+++ b/api/src/types/system/process.d.ts
@@ -1,9 +1,14 @@
 declare namespace NodeJS {
  export interface Process {
-    sasLoc: string
+    sasLoc?: string
    nodeLoc?: string
    driveLoc: string
-    sessionController?: import('../../controllers/internal').SessionController
+    logsLoc: string
    sasSessionController?: import('../../controllers/internal').SASSessionController
    jsSessionController?: import('../../controllers/internal').JSSessionController
    appStreamConfig: import('../').AppStreamConfig
    logger: import('@sasjs/utils/logger').Logger
    runTimes: import('../../utils').RunTimeType[]
    secrets: import('../../model/Configuration').ConfigurationType
  }
 }
--- a/api/src/utils/appStreamConfig.ts
+++ b/api/src/utils/appStreamConfig.ts
@@ -5,6 +5,8 @@ import { AppStreamConfig } from '../types'
 import { getAppStreamConfigPath } from './file'
 export const loadAppStreamConfig = async () => {
  process.appStreamConfig = {}
  if (process.env.NODE_ENV === 'test') return
  const appStreamConfigPath = getAppStreamConfigPath()
@@ -21,7 +23,6 @@ export const loadAppStreamConfig = async () => {
  } catch (_) {
    appStreamConfig = {}
  }
  process.appStreamConfig = {}
  for (const [streamServiceName, entry] of Object.entries(appStreamConfig)) {
    const { appLoc, streamWebFolder, streamLogo } = entry
--- a/api/src/utils/connectDB.ts
+++ b/api/src/utils/connectDB.ts
@@ -9,7 +9,5 @@ export const connectDB = async () => {
  }
  console.log('Connected to DB!')
-  await seedDB()
+  return seedDB()
  return mongoose.connection
 }
--- a/api/src/utils/desktopAutoExec.ts
+++ b/api/src/utils/desktopAutoExec.ts
@@ -0,0 +1,8 @@
 import { createFile, readFile } from '@sasjs/utils'
 import { getDesktopUserAutoExecPath } from './file'
 export const getUserAutoExec = async (): Promise<string> =>
  readFile(getDesktopUserAutoExecPath())
 export const updateUserAutoExec = async (autoExecContent: string) =>
  createFile(getDesktopUserAutoExecPath(), autoExecContent)
--- a/api/src/utils/extractName.ts
+++ b/api/src/utils/extractName.ts
@@ -0,0 +1,6 @@
 import path from 'path'
 export const extractName = (filePath: string) => {
  const extension = path.extname(filePath)
  return path.basename(filePath, extension)
 }
--- a/api/src/utils/file.ts
+++ b/api/src/utils/file.ts
@@ -1,5 +1,6 @@
 import path from 'path'
 import { homedir } from 'os'
 import fs from 'fs-extra'
 export const apiRoot = path.join(__dirname, '..', '..')
 export const codebaseRoot = path.join(apiRoot, '..')
@@ -21,6 +22,8 @@ export const getDesktopUserAutoExecPath = () =>
 export const getSasjsRootFolder = () => process.driveLoc
 export const getLogFolder = () => process.logsLoc
 export const getAppStreamConfigPath = () =>
  path.join(getSasjsRootFolder(), 'appStreamConfig.json')
@@ -31,8 +34,6 @@ export const getUploadsFolder = () => path.join(getSasjsRootFolder(), 'uploads')
 export const getFilesFolder = () => path.join(getSasjsRootFolder(), 'files')
 export const getLogFolder = () => path.join(getSasjsRootFolder(), 'logs')
 export const getWeboutFolder = () => path.join(getSasjsRootFolder(), 'webouts')
 export const getSessionsFolder = () =>
@@ -47,3 +48,6 @@ export const generateUniqueFileName = (fileName: string, extension = '') =>
    new Date().getTime(),
    extension
  ].join('')
 export const createReadStream = async (filePath: string) =>
  fs.createReadStream(filePath)
--- a/api/src/utils/generateAccessToken.ts
+++ b/api/src/utils/generateAccessToken.ts
@@ -2,6 +2,6 @@ import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 export const generateAccessToken = (data: InfoJWT) =>
-  jwt.sign(data, process.env.ACCESS_TOKEN_SECRET as string, {
+  jwt.sign(data, process.secrets.ACCESS_TOKEN_SECRET, {
    expiresIn: '1day'
  })
--- a/api/src/utils/generateAuthCode.ts
+++ b/api/src/utils/generateAuthCode.ts
@@ -2,6 +2,6 @@ import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 export const generateAuthCode = (data: InfoJWT) =>
-  jwt.sign(data, process.env.AUTH_CODE_SECRET as string, {
+  jwt.sign(data, process.secrets.AUTH_CODE_SECRET, {
    expiresIn: '30s'
  })
--- a/api/src/utils/generateRefreshToken.ts
+++ b/api/src/utils/generateRefreshToken.ts
@@ -2,6 +2,6 @@ import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 export const generateRefreshToken = (data: InfoJWT) =>
-  jwt.sign(data, process.env.REFRESH_TOKEN_SECRET as string, {
+  jwt.sign(data, process.secrets.REFRESH_TOKEN_SECRET, {
    expiresIn: '30 days'
  })
--- a/api/src/utils/getAuthorizedRoutes.ts
+++ b/api/src/utils/getAuthorizedRoutes.ts
@@ -0,0 +1,35 @@
 import { Request } from 'express'
 const StaticAuthorizedRoutes = [
  '/AppStream',
  '/SASjsApi/code/execute',
  '/SASjsApi/stp/execute',
  '/SASjsApi/drive/deploy',
  '/SASjsApi/drive/deploy/upload',
  '/SASjsApi/drive/file',
  '/SASjsApi/drive/folder',
  '/SASjsApi/drive/fileTree',
  '/SASjsApi/drive/rename'
 ]
 export const getAuthorizedRoutes = () => {
  const streamingApps = Object.keys(process.appStreamConfig)
  const streamingAppsRoutes = streamingApps.map((app) => `/AppStream/${app}`)
  return [...StaticAuthorizedRoutes, ...streamingAppsRoutes]
 }
 export const getPath = (req: Request) => {
  const { baseUrl, path: reqPath } = req
  if (baseUrl === '/AppStream') {
    const appStream = reqPath.split('/')[1]
    // removing trailing slash of URLs
    return (baseUrl + '/' + appStream).replace(/\/$/, '')
  }
  return (baseUrl + reqPath).replace(/\/$/, '')
 }
 export const isAuthorizingRoute = (req: Request): boolean =>
  getAuthorizedRoutes().includes(getPath(req))
--- a/api/src/utils/getCertificates.ts
+++ b/api/src/utils/getCertificates.ts
@@ -2,22 +2,32 @@ import path from 'path'
 import { fileExists, getString, readFile } from '@sasjs/utils'
 export const getCertificates = async () => {
-  const { PRIVATE_KEY, FULL_CHAIN } = process.env
+  const { PRIVATE_KEY, CERT_CHAIN, CA_ROOT } = process.env
  let ca
  const keyPath = PRIVATE_KEY ?? (await getFileInput('Private Key (PEM)'))
-  const certPath = FULL_CHAIN ?? (await getFileInput('Full Chain (PEM)'))
+  const certPath = CERT_CHAIN ?? (await getFileInput('Certificate Chain (PEM)'))
  const caPath = CA_ROOT
  console.log('keyPath: ', keyPath)
  console.log('certPath: ', certPath)
  if (caPath) console.log('caPath: ', caPath)
  const key = await readFile(keyPath)
  const cert = await readFile(certPath)
  if (caPath) ca = await readFile(caPath)
-  return { key, cert }
+  return { key, cert, ca }
 }
-const getFileInput = async (filename: string): Promise<string> => {
+const getFileInput = async (
  filename: string,
  required: boolean = true
 ): Promise<string> => {
  const validator = async (filePath: string) => {
    if (!required) return true
    if (!filePath) return `Path to ${filename} is required.`
    if (!(await fileExists(path.join(process.cwd(), filePath)))) {
--- a/api/src/utils/getDesktopFields.ts
+++ b/api/src/utils/getDesktopFields.ts
@@ -1,16 +1,22 @@
 import path from 'path'
 import { getString } from '@sasjs/utils/input'
-import { createFolder, fileExists, folderExists } from '@sasjs/utils'
+import { createFolder, fileExists, folderExists, isWindows } from '@sasjs/utils'
-
+import { RunTimeType } from './verifyEnvVariables'
 const isWindows = () => process.platform === 'win32'
 export const getDesktopFields = async () => {
-  const { SAS_PATH } = process.env
+  const { SAS_PATH, NODE_PATH } = process.env
-  const sasLoc = SAS_PATH ?? (await getSASLocation())
+  let sasLoc, nodeLoc
  // const driveLoc = DRIVE_PATH ?? (await getDriveLocation())
-  return { sasLoc }
+  if (process.runTimes.includes(RunTimeType.SAS)) {
    sasLoc = SAS_PATH ?? (await getSASLocation())
  }
  if (process.runTimes.includes(RunTimeType.JS)) {
    nodeLoc = NODE_PATH ?? (await getNodeLocation())
  }
  return { sasLoc, nodeLoc }
 }
 const getDriveLocation = async (): Promise<string> => {
@@ -54,7 +60,31 @@ const getSASLocation = async (): Promise<string> => {
    : '/opt/sas/sas9/SASHome/SASFoundation/9.4/sasexe/sas'
  const targetName = await getString(
-    'Please enter path to SAS executable (absolute path): ',
+    'Please enter full path to a SAS executable with UTF-8 encoding: ',
    validator,
    defaultLocation
  )
  return targetName
 }
 const getNodeLocation = async (): Promise<string> => {
  const validator = async (filePath: string) => {
    if (!filePath) return 'Path to NodeJS executable is required.'
    if (!(await fileExists(filePath))) {
      return 'No file found at provided path.'
    }
    return true
  }
  const defaultLocation = isWindows()
    ? 'C:\\Program Files\\nodejs\\node.exe'
    : '/usr/local/nodejs/bin/node.sh'
  const targetName = await getString(
    'Please enter full path to a NodeJS executable: ',
    validator,
    defaultLocation
  )
--- a/api/src/utils/getRunTimeAndFilePath.ts
+++ b/api/src/utils/getRunTimeAndFilePath.ts
@@ -0,0 +1,33 @@
 import path from 'path'
 import { fileExists } from '@sasjs/utils'
 import { getFilesFolder } from './file'
 import { RunTimeType } from '.'
 export const getRunTimeAndFilePath = async (programPath: string) => {
  const ext = path.extname(programPath)
  // If programPath (_program) is provided with a ".sas" or ".js" extension
  // we should use that extension to determine the appropriate runTime
  if (ext && Object.values(RunTimeType).includes(ext.slice(1) as RunTimeType)) {
    const runTime = ext.slice(1)
    const codePath = path
      .join(getFilesFolder(), programPath)
      .replace(new RegExp('/', 'g'), path.sep)
    if (await fileExists(codePath)) {
      return { codePath, runTime: runTime as RunTimeType }
    }
  } else {
    for (const runTime of process.runTimes) {
      const codePath =
        path
          .join(getFilesFolder(), programPath)
          .replace(new RegExp('/', 'g'), path.sep) +
        '.' +
        runTime
      if (await fileExists(codePath)) return { codePath, runTime }
    }
  }
  throw `The Program at (${programPath}) does not exist.`
 }
--- a/api/src/utils/getServerUrl.ts
+++ b/api/src/utils/getServerUrl.ts
@@ -0,0 +1,15 @@
 import express from 'express'
 import url from 'url'
 export const getFullUrl = (req: express.Request) =>
  url.format({
    protocol: req.protocol,
    host: req.get('host'),
    pathname: req.originalUrl
  })
 export const getServerUrl = (req: express.Request) =>
  url.format({
    protocol: req.protocol,
    host: req.get('x-forwarded-host') || req.get('host')
  })
--- a/api/src/utils/index.ts
+++ b/api/src/utils/index.ts
@@ -1,16 +1,23 @@
 export * from './appStreamConfig'
 export * from './connectDB'
 export * from './copySASjsCore'
 export * from './desktopAutoExec'
 export * from './extractHeaders'
 export * from './extractName'
 export * from './file'
 export * from './generateAccessToken'
 export * from './generateAuthCode'
 export * from './generateRefreshToken'
 export * from './getAuthorizedRoutes'
 export * from './getCertificates'
 export * from './getDesktopFields'
 export * from './getPreProgramVariables'
 export * from './getRunTimeAndFilePath'
 export * from './getServerUrl'
 export * from './instantiateLogger'
 export * from './isDebugOn'
 export * from './isPublicRoute'
 export * from './zipped'
 export * from './parseLogToArray'
 export * from './removeTokensInDB'
 export * from './saveTokensInDB'
--- a/api/src/utils/isPublicRoute.ts
+++ b/api/src/utils/isPublicRoute.ts
@@ -0,0 +1,31 @@
 import { Request } from 'express'
 import { getPath } from './getAuthorizedRoutes'
 import Group, { PUBLIC_GROUP_NAME } from '../model/Group'
 import Permission from '../model/Permission'
 import { PermissionSettingForRoute } from '../controllers'
 import { RequestUser } from '../types'
 export const isPublicRoute = async (req: Request): Promise<boolean> => {
  const group = await Group.findOne({ name: PUBLIC_GROUP_NAME })
  if (group) {
    const path = getPath(req)
    const groupPermission = await Permission.findOne({
      path,
      group: group?._id
    })
    if (groupPermission?.setting === PermissionSettingForRoute.grant)
      return true
  }
  return false
 }
 export const publicUser: RequestUser = {
  userId: 0,
  clientId: 'public_app',
  username: 'publicUser',
  displayName: 'Public User',
  isAdmin: false,
  isActive: true
 }
--- a/api/src/utils/seedDB.ts
+++ b/api/src/utils/seedDB.ts
@@ -1,5 +1,88 @@
 import Client from '../model/Client'
 import Group, { PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import Configuration, { ConfigurationType } from '../model/Configuration'
 import { randomBytes } from 'crypto'
 export const SECRETS: ConfigurationType = {
  ACCESS_TOKEN_SECRET: randomBytes(64).toString('hex'),
  REFRESH_TOKEN_SECRET: randomBytes(64).toString('hex'),
  AUTH_CODE_SECRET: randomBytes(64).toString('hex'),
  SESSION_SECRET: randomBytes(64).toString('hex')
 }
 export const seedDB = async (): Promise<ConfigurationType> => {
  // Checking if client is already in the database
  const clientExist = await Client.findOne({ clientId: CLIENT.clientId })
  if (!clientExist) {
    const client = new Client(CLIENT)
    await client.save()
    console.log(`DB Seed - client created: ${CLIENT.clientId}`)
  }
  // Checking if 'AllUsers' Group is already in the database
  let groupExist = await Group.findOne({ name: GROUP.name })
  if (!groupExist) {
    const group = new Group(GROUP)
    groupExist = await group.save()
    console.log(`DB Seed - Group created: ${GROUP.name}`)
  }
  // Checking if 'Public' Group is already in the database
  const publicGroupExist = await Group.findOne({ name: PUBLIC_GROUP.name })
  if (!publicGroupExist) {
    const group = new Group(PUBLIC_GROUP)
    await group.save()
    console.log(`DB Seed - Group created: ${PUBLIC_GROUP.name}`)
  }
  // Checking if user is already in the database
  let usernameExist = await User.findOne({ username: ADMIN_USER.username })
  if (!usernameExist) {
    const user = new User(ADMIN_USER)
    usernameExist = await user.save()
    console.log(`DB Seed - admin account created: ${ADMIN_USER.username}`)
  }
  if (!groupExist.hasUser(usernameExist)) {
    groupExist.addUser(usernameExist)
    console.log(
      `DB Seed - admin account '${ADMIN_USER.username}' added to Group '${GROUP.name}'`
    )
  }
  // checking if configuration is present in the database
  let configExist = await Configuration.findOne()
  if (!configExist) {
    const configuration = new Configuration(SECRETS)
    configExist = await configuration.save()
    console.log('DB Seed - configuration added')
  }
  return {
    ACCESS_TOKEN_SECRET: configExist.ACCESS_TOKEN_SECRET,
    REFRESH_TOKEN_SECRET: configExist.REFRESH_TOKEN_SECRET,
    AUTH_CODE_SECRET: configExist.AUTH_CODE_SECRET,
    SESSION_SECRET: configExist.SESSION_SECRET
  }
 }
 const GROUP = {
  name: 'AllUsers',
  description: 'Group contains all users'
 }
 const PUBLIC_GROUP = {
  name: PUBLIC_GROUP_NAME,
  description:
    'A special group that can be used to bypass authentication for particular routes.'
 }
 const CLIENT = {
  clientId: 'clientID1',
@@ -13,23 +96,3 @@ const ADMIN_USER = {
  isAdmin: true,
  isActive: true
 }
 export const seedDB = async () => {
  // Checking if client is already in the database
  const clientExist = await Client.findOne({ clientId: CLIENT.clientId })
  if (!clientExist) {
    const client = new Client(CLIENT)
    await client.save()
    console.log(`DB Seed - client created: ${CLIENT.clientId}`)
  }
  // Checking if user is already in the database
  const usernameExist = await User.findOne({ username: ADMIN_USER.username })
  if (!usernameExist) {
    const user = new User(ADMIN_USER)
    await user.save()
    console.log(`DB Seed - admin account created: ${ADMIN_USER.username}`)
  }
 }
--- a/api/src/utils/setProcessVariables.ts
+++ b/api/src/utils/setProcessVariables.ts
@@ -1,22 +1,38 @@
 import path from 'path'
 import { createFolder, getAbsolutePath, getRealPath } from '@sasjs/utils'
-import { getDesktopFields, ModeType } from '.'
+import { connectDB, getDesktopFields, ModeType, RunTimeType, SECRETS } from '.'
 export const setProcessVariables = async () => {
  const { MODE, RUN_TIMES } = process.env
  if (MODE === ModeType.Server) {
    // NOTE: when exporting app.js as agent for supertest
    // it should prevent connecting to the real database
    if (process.env.NODE_ENV !== 'test') {
      const secrets = await connectDB()
      process.secrets = secrets
    } else {
      process.secrets = SECRETS
    }
  }
  if (process.env.NODE_ENV === 'test') {
    process.driveLoc = path.join(process.cwd(), 'sasjs_root')
    return
  }
-  const { MODE } = process.env
+  process.runTimes = (RUN_TIMES?.split(',') as RunTimeType[]) ?? []
  if (MODE === ModeType.Server) {
-    process.sasLoc = process.env.SAS_PATH as string
+    process.sasLoc = process.env.SAS_PATH
    process.nodeLoc = process.env.NODE_PATH
  } else {
-    const { sasLoc } = await getDesktopFields()
+    const { sasLoc, nodeLoc } = await getDesktopFields()
    process.sasLoc = sasLoc
    process.nodeLoc = nodeLoc
  }
  const { SASJS_ROOT } = process.env
@@ -24,6 +40,16 @@ export const setProcessVariables = async () => {
  await createFolder(absPath)
  process.driveLoc = getRealPath(absPath)
  const { LOG_LOCATION } = process.env
  const absLogsPath = getAbsolutePath(
    LOG_LOCATION ?? `sasjs_root${path.sep}logs`,
    process.cwd()
  )
  await createFolder(absLogsPath)
  process.logsLoc = getRealPath(absLogsPath)
  console.log('sasLoc: ', process.sasLoc)
  console.log('sasDrive: ', process.driveLoc)
  console.log('sasLogs: ', process.logsLoc)
  console.log('runTimes: ', process.runTimes)
 }
--- a/api/src/utils/specs/extractHeaders.spec.ts
+++ b/api/src/utils/specs/extractHeaders.spec.ts
@@ -1,4 +1,4 @@
-import { extractHeaders } from '..'
+import { extractHeaders } from '../extractHeaders'
 describe('extractHeaders', () => {
  it('should return valid http headers', () => {
--- a/api/src/utils/specs/parseLogToArray.spec.ts
+++ b/api/src/utils/specs/parseLogToArray.spec.ts
@@ -1,4 +1,4 @@
-import { parseLogToArray } from '..'
+import { parseLogToArray } from '../parseLogToArray'
 describe('parseLogToArray', () => {
  it('should parse log to array type', () => {
--- a/api/src/utils/upload.ts
+++ b/api/src/utils/upload.ts
@@ -1,5 +1,6 @@
 import path from 'path'
 import { MulterFile } from '../types/Upload'
-import { listFilesInFolder } from '@sasjs/utils'
+import { listFilesInFolder, readFileBinary, isWindows } from '@sasjs/utils'
 interface FilenameMapSingle {
  fieldName: string
@@ -98,3 +99,36 @@ export const generateFileUploadSasCode = async (
  return uploadSasCode
 }
 /**
 * Generates the js code that references uploaded files in the concurrent request
 * @param filesNamesMap object that maps hashed file names and original file names
 * @param sessionFolder name of the folder that is created for the purpose of files in concurrent request
 * @returns generated js code
 */
 export const generateFileUploadJSCode = async (
  filesNamesMap: FilenamesMap,
  sessionFolder: string
 ) => {
  let uploadCode = ''
  let fileCount = 0
  const sessionFolderList: string[] = await listFilesInFolder(sessionFolder)
  sessionFolderList.forEach(async (fileName) => {
    if (fileName.includes('req_file')) {
      fileCount++
      const filePath = path.join(sessionFolder, fileName)
      uploadCode += `\nconst _WEBIN_FILEREF${fileCount} = fs.readFileSync('${
        isWindows() ? filePath.replace(/\\/g, '\\\\') : filePath
      }')`
      uploadCode += `\nconst _WEBIN_FILENAME${fileCount} = '${filesNamesMap[fileName].originalName}'`
      uploadCode += `\nconst _WEBIN_NAME${fileCount} = '${filesNamesMap[fileName].fieldName}'`
    }
  })
  if (fileCount) {
    uploadCode = `\nconst _WEBIN_FILE_COUNT = ${fileCount}` + uploadCode
  }
  return uploadCode
 }
--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -1,10 +1,22 @@
 import Joi from 'joi'
 import {
  PermissionType,
  PermissionSettingForRoute,
  PrincipalType
 } from '../controllers/permission'
 import { getAuthorizedRoutes } from './getAuthorizedRoutes'
 const usernameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
 const passwordSchema = Joi.string().min(6).max(1024)
 const groupnameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
 export const blockFileRegex = /\.(exe|sh|htaccess)$/i
 export const getUserValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    username: usernameSchema.required()
  }).validate(data)
 export const loginWebValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    username: usernameSchema.required(),
@@ -24,11 +36,16 @@ export const tokenValidation = (data: any): Joi.ValidationResult =>
 export const registerGroupValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
-    name: Joi.string().min(6).required(),
+    name: groupnameSchema.required(),
    description: Joi.string(),
    isActive: Joi.boolean()
  }).validate(data)
 export const getGroupValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    name: groupnameSchema.required()
  }).validate(data)
 export const registerUserValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    displayName: Joi.string().min(6).required(),
@@ -74,6 +91,30 @@ export const registerClientValidation = (data: any): Joi.ValidationResult =>
    clientSecret: Joi.string().required()
  }).validate(data)
 export const registerPermissionValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    path: Joi.string()
      .required()
      .valid(...getAuthorizedRoutes()),
    type: Joi.string()
      .required()
      .valid(...Object.values(PermissionType)),
    setting: Joi.string()
      .required()
      .valid(...Object.values(PermissionSettingForRoute)),
    principalType: Joi.string()
      .required()
      .valid(...Object.values(PrincipalType)),
    principalId: Joi.number().required()
  }).validate(data)
 export const updatePermissionValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    setting: Joi.string()
      .required()
      .valid(...Object.values(PermissionSettingForRoute))
  }).validate(data)
 export const deployValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    appLoc: Joi.string().pattern(/^\//).required().min(2),
@@ -104,14 +145,29 @@ export const fileParamValidation = (data: any): Joi.ValidationResult =>
    _filePath: filePathSchema
  }).validate(data)
-export const folderParamValidation = (data: any): Joi.ValidationResult =>
+export const folderParamValidation = (
  data: any,
  folderPathRequired?: boolean
 ): Joi.ValidationResult =>
  Joi.object({
-    _folderPath: Joi.string()
+    _folderPath: folderPathRequired ? Joi.string().required() : Joi.string()
  }).validate(data)
-export const runSASValidation = (data: any): Joi.ValidationResult =>
+export const folderBodyValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
-    code: Joi.string().required()
+    folderPath: Joi.string().required()
  }).validate(data)
 export const renameBodyValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    oldPath: Joi.string().required(),
    newPath: Joi.string().required()
  }).validate(data)
 export const runCodeValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    code: Joi.string().required(),
    runTime: Joi.string().valid(...process.runTimes)
  }).validate(data)
 export const executeProgramRawValidation = (data: any): Joi.ValidationResult =>
--- a/api/src/utils/verifyEnvVariables.ts
+++ b/api/src/utils/verifyEnvVariables.ts
@@ -26,6 +26,11 @@ export enum LOG_FORMAT_MORGANType {
  tiny = 'tiny'
 }
 export enum RunTimeType {
  SAS = 'sas',
  JS = 'js'
 }
 export enum ReturnCode {
  Success,
  InvalidEnv
@@ -46,6 +51,10 @@ export const verifyEnvVariables = (): ReturnCode => {
  errors.push(...verifyLOG_FORMAT_MORGAN())
  errors.push(...verifyRUN_TIMES())
  errors.push(...verifyExecutablePaths())
  if (errors.length) {
    process.logger?.error(
      `Invalid environment variable(s) provided: \n${errors.join('\n')}`
@@ -69,33 +78,7 @@ const verifyMODE = (): string[] => {
  }
  if (process.env.MODE === ModeType.Server) {
-    const {
+    const { DB_CONNECT } = process.env
      ACCESS_TOKEN_SECRET,
      REFRESH_TOKEN_SECRET,
      AUTH_CODE_SECRET,
      SESSION_SECRET,
      DB_CONNECT
    } = process.env
    if (!ACCESS_TOKEN_SECRET)
      errors.push(
        `- ACCESS_TOKEN_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (!REFRESH_TOKEN_SECRET)
      errors.push(
        `- REFRESH_TOKEN_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (!AUTH_CODE_SECRET)
      errors.push(
        `- AUTH_CODE_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (!SESSION_SECRET)
      errors.push(
        `- SESSION_SECRET is required for PROTOCOL '${ModeType.Server}'`
      )
    if (process.env.NODE_ENV !== 'test')
      if (!DB_CONNECT)
@@ -120,16 +103,16 @@ const verifyPROTOCOL = (): string[] => {
  }
  if (process.env.PROTOCOL === ProtocolType.HTTPS) {
-    const { PRIVATE_KEY, FULL_CHAIN } = process.env
+    const { PRIVATE_KEY, CERT_CHAIN } = process.env
    if (!PRIVATE_KEY)
      errors.push(
        `- PRIVATE_KEY is required for PROTOCOL '${ProtocolType.HTTPS}'`
      )
-    if (!FULL_CHAIN)
+    if (!CERT_CHAIN)
      errors.push(
-        `- FULL_CHAIN is required for PROTOCOL '${ProtocolType.HTTPS}'`
+        `- CERT_CHAIN is required for PROTOCOL '${ProtocolType.HTTPS}'`
      )
  }
@@ -142,8 +125,27 @@ const verifyCORS = (): string[] => {
  if (CORS) {
    const corsTypes = Object.values(CorsType)
    if (!corsTypes.includes(CORS as CorsType))
      errors.push(`- CORS '${CORS}'\n - valid options ${corsTypes}`)
    if (CORS === CorsType.ENABLED) {
      const { WHITELIST } = process.env
      const urls = WHITELIST?.trim()
        .split(' ')
        .filter((url) => !!url)
      if (urls?.length) {
        urls.forEach((url) => {
          if (!url.startsWith('http://') && !url.startsWith('https://'))
            errors.push(
              `- CORS '${CORS}'\n - provided WHITELIST ${url} is not valid`
            )
        })
      } else {
        errors.push(`- CORS '${CORS}'\n - provide at least one WHITELIST URL`)
      }
    }
  } else {
    const { MODE } = process.env
    process.env.CORS =
@@ -202,10 +204,52 @@ const verifyLOG_FORMAT_MORGAN = (): string[] => {
  return errors
 }
 const verifyRUN_TIMES = (): string[] => {
  const errors: string[] = []
  const { RUN_TIMES } = process.env
  if (RUN_TIMES) {
    const runTimes = RUN_TIMES.split(',')
    const runTimeTypes = Object.values(RunTimeType)
    runTimes.forEach((runTime) => {
      if (!runTimeTypes.includes(runTime as RunTimeType)) {
        errors.push(
          `- Invalid '${runTime}' runtime\n - valid options ${runTimeTypes}`
        )
      }
    })
  } else {
    process.env.RUN_TIMES = DEFAULTS.RUN_TIMES
  }
  return errors
 }
 const verifyExecutablePaths = () => {
  const errors: string[] = []
  const { RUN_TIMES, SAS_PATH, NODE_PATH, MODE } = process.env
  if (MODE === ModeType.Server) {
    const runTimes = RUN_TIMES?.split(',')
    if (runTimes?.includes(RunTimeType.SAS) && !SAS_PATH) {
      errors.push(`- SAS_PATH is required for ${RunTimeType.SAS} run time`)
    }
    if (runTimes?.includes(RunTimeType.JS) && !NODE_PATH) {
      errors.push(`- NODE_PATH is required for ${RunTimeType.JS} run time`)
    }
  }
  return errors
 }
 const DEFAULTS = {
  MODE: ModeType.Desktop,
  PROTOCOL: ProtocolType.HTTP,
  PORT: '5000',
  HELMET_COEP: HelmetCoepType.TRUE,
-  LOG_FORMAT_MORGAN: LOG_FORMAT_MORGANType.Common
+  LOG_FORMAT_MORGAN: LOG_FORMAT_MORGANType.Common,
  RUN_TIMES: RunTimeType.SAS
 }
--- a/api/src/utils/zipped.ts
+++ b/api/src/utils/zipped.ts
@@ -0,0 +1,41 @@
 import path from 'path'
 import unZipper from 'unzipper'
 import { extractName } from './extractName'
 import { createReadStream } from './file'
 export const isZipFile = (
  file: Express.Multer.File
 ): { error?: string; value?: Express.Multer.File } => {
  const fileExtension = path.extname(file.originalname)
  if (fileExtension.toUpperCase() !== '.ZIP')
    return { error: `"file" has invalid extension ${fileExtension}` }
  const allowedMimetypes = ['application/zip', 'application/x-zip-compressed']
  if (!allowedMimetypes.includes(file.mimetype))
    return { error: `"file" has invalid type ${file.mimetype}` }
  return { value: file }
 }
 export const extractJSONFromZip = async (zipFile: Express.Multer.File) => {
  let fileContent: string = ''
  const fileInZip = extractName(zipFile.originalname)
  const zip = (await createReadStream(zipFile.path)).pipe(
    unZipper.Parse({ forceStream: true })
  )
  for await (const entry of zip) {
    const fileName = entry.path as string
    // grab the first json found in .zip
    if (fileName.toUpperCase().endsWith('.JSON')) {
      fileContent = await entry.buffer()
      break
    } else {
      entry.autodrain()
    }
  }
  return fileContent
 }
--- a/api/tsoa.json
+++ b/api/tsoa.json
@@ -12,40 +12,44 @@
    },
    "tags": [
      {
-        "name": "Info",
+        "name": "Auth",
-        "description": "Get Server Info"
+        "description": "Operations about auth"
      },
      {
        "name": "Session",
        "description": "Get Session information"
      },
      {
        "name": "User",
        "description": "Operations about users"
      },
      {
        "name": "Client",
        "description": "Operations about clients"
      },
      {
-        "name": "Auth",
+        "name": "CODE",
-        "description": "Operations about auth"
+        "description": "Execution of code (various runtimes are supported)"
      },
      {
        "name": "Drive",
-        "description": "Operations about drive"
+        "description": "Operations on SASjs Drive"
      },
      {
        "name": "Group",
-        "description": "Operations about group"
+        "description": "Operations on groups and group memberships"
      },
      {
        "name": "Info",
        "description": "Get Server Information"
      },
      {
        "name": "Permission",
        "description": "Operations about permissions"
      },
      {
        "name": "Session",
        "description": "Get Session information"
      },
      {
        "name": "STP",
-        "description": "Operations about STP"
+        "description": "Execution of Stored Programs"
      },
      {
-        "name": "CODE",
+        "name": "User",
-        "description": "Operations on SAS code"
+        "description": "Operations with users"
      },
      {
        "name": "Web",
--- a/package-lock.json
+++ b/package-lock.json
@@ -2770,9 +2770,9 @@
      }
    },
    "node_modules/npm": {
-      "version": "8.10.0",
+      "version": "8.12.2",
-      "resolved": "https://registry.npmjs.org/npm/-/npm-8.10.0.tgz",
+      "resolved": "https://registry.npmjs.org/npm/-/npm-8.12.2.tgz",
-      "integrity": "sha512-6oo65q9Quv9mRPGZJufmSH+C/UFdgelwzRXiglT/2mDB50zdy/lZK5dFY0TJ9fJ/8gHqnxcX1NM206KLjTBMlQ==",
+      "integrity": "sha512-TArexqro9wpl/6wz6t6YdYhOoiy/UArqiSsSsqI7fieEhQEswDQSJcgt/LuCDjl6mfCDi0So7S2UZ979qLYRPg==",
      "bundleDependencies": [
        "@isaacs/string-locale-compare",
        "@npmcli/arborist",
@@ -2858,7 +2858,7 @@
        "@npmcli/run-script": "^3.0.1",
        "abbrev": "~1.1.1",
        "archy": "~1.0.0",
-        "cacache": "^16.0.7",
+        "cacache": "^16.1.1",
        "chalk": "^4.1.2",
        "chownr": "^2.0.0",
        "cli-columns": "^4.0.0",
@@ -2883,7 +2883,7 @@
        "libnpmsearch": "^5.0.2",
        "libnpmteam": "^4.0.2",
        "libnpmversion": "^3.0.1",
-        "make-fetch-happen": "^10.1.3",
+        "make-fetch-happen": "^10.1.7",
        "minipass": "^3.1.6",
        "minipass-pipeline": "^1.2.4",
        "mkdirp": "^1.0.4",
@@ -2900,7 +2900,7 @@
        "npm-user-validate": "^1.0.1",
        "npmlog": "^6.0.2",
        "opener": "^1.5.2",
-        "pacote": "^13.3.0",
+        "pacote": "^13.6.0",
        "parse-conflict-json": "^2.0.2",
        "proc-log": "^2.0.1",
        "qrcode-terminal": "^0.12.0",
@@ -2910,7 +2910,7 @@
        "readdir-scoped-modules": "^1.1.0",
        "rimraf": "^3.0.2",
        "semver": "^7.3.7",
-        "ssri": "^9.0.0",
+        "ssri": "^9.0.1",
        "tar": "^6.1.11",
        "text-table": "~0.2.0",
        "tiny-relative-date": "^1.3.0",
@@ -2965,7 +2965,7 @@
      "peer": true
    },
    "node_modules/npm/node_modules/@npmcli/arborist": {
-      "version": "5.2.0",
+      "version": "5.2.1",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -3389,7 +3389,7 @@
      }
    },
    "node_modules/npm/node_modules/cacache": {
-      "version": "16.0.7",
+      "version": "16.1.1",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -3759,7 +3759,7 @@
      }
    },
    "node_modules/npm/node_modules/glob": {
-      "version": "8.0.1",
+      "version": "8.0.3",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -3769,8 +3769,7 @@
        "inflight": "^1.0.4",
        "inherits": "2",
        "minimatch": "^5.0.1",
-        "once": "^1.3.0",
+        "once": "^1.3.0"
        "path-is-absolute": "^1.0.0"
      },
      "engines": {
        "node": ">=12"
@@ -4121,7 +4120,7 @@
      }
    },
    "node_modules/npm/node_modules/libnpmexec": {
-      "version": "4.0.5",
+      "version": "4.0.6",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -4186,7 +4185,7 @@
      }
    },
    "node_modules/npm/node_modules/libnpmpack": {
-      "version": "4.0.3",
+      "version": "4.1.0",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -4194,7 +4193,7 @@
      "dependencies": {
        "@npmcli/run-script": "^3.0.0",
        "npm-package-arg": "^9.0.1",
-        "pacote": "^13.0.5"
+        "pacote": "^13.5.0"
      },
      "engines": {
        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
@@ -4272,14 +4271,14 @@
      }
    },
    "node_modules/npm/node_modules/make-fetch-happen": {
-      "version": "10.1.3",
+      "version": "10.1.7",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
      "peer": true,
      "dependencies": {
        "agentkeepalive": "^4.2.1",
-        "cacache": "^16.0.2",
+        "cacache": "^16.1.0",
        "http-cache-semantics": "^4.1.0",
        "http-proxy-agent": "^5.0.0",
        "https-proxy-agent": "^5.0.0",
@@ -4292,7 +4291,7 @@
        "minipass-pipeline": "^1.2.4",
        "negotiator": "^0.6.3",
        "promise-retry": "^2.0.1",
-        "socks-proxy-agent": "^6.1.1",
+        "socks-proxy-agent": "^7.0.0",
        "ssri": "^9.0.0"
      },
      "engines": {
@@ -4300,7 +4299,7 @@
      }
    },
    "node_modules/npm/node_modules/minimatch": {
-      "version": "5.0.1",
+      "version": "5.1.0",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -4509,7 +4508,7 @@
      }
    },
    "node_modules/npm/node_modules/node-gyp/node_modules/glob": {
-      "version": "7.2.0",
+      "version": "7.2.3",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -4518,7 +4517,7 @@
        "fs.realpath": "^1.0.0",
        "inflight": "^1.0.4",
        "inherits": "2",
-        "minimatch": "^3.0.4",
+        "minimatch": "^3.1.1",
        "once": "^1.3.0",
        "path-is-absolute": "^1.0.0"
      },
@@ -4633,7 +4632,7 @@
      }
    },
    "node_modules/npm/node_modules/npm-packlist": {
-      "version": "5.0.3",
+      "version": "5.1.0",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -4760,7 +4759,7 @@
      }
    },
    "node_modules/npm/node_modules/pacote": {
-      "version": "13.3.0",
+      "version": "13.6.0",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -4777,7 +4776,7 @@
        "minipass": "^3.1.6",
        "mkdirp": "^1.0.4",
        "npm-package-arg": "^9.0.0",
-        "npm-packlist": "^5.0.0",
+        "npm-packlist": "^5.1.0",
        "npm-pick-manifest": "^7.0.0",
        "npm-registry-fetch": "^13.0.1",
        "proc-log": "^2.0.0",
@@ -5009,7 +5008,7 @@
      }
    },
    "node_modules/npm/node_modules/rimraf/node_modules/glob": {
-      "version": "7.2.0",
+      "version": "7.2.3",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -5018,7 +5017,7 @@
        "fs.realpath": "^1.0.0",
        "inflight": "^1.0.4",
        "inherits": "2",
-        "minimatch": "^3.0.4",
+        "minimatch": "^3.1.1",
        "once": "^1.3.0",
        "path-is-absolute": "^1.0.0"
      },
@@ -5141,7 +5140,7 @@
      }
    },
    "node_modules/npm/node_modules/socks-proxy-agent": {
-      "version": "6.2.0",
+      "version": "7.0.0",
      "dev": true,
      "inBundle": true,
      "license": "MIT",
@@ -5192,7 +5191,7 @@
      "peer": true
    },
    "node_modules/npm/node_modules/ssri": {
-      "version": "9.0.0",
+      "version": "9.0.1",
      "dev": true,
      "inBundle": true,
      "license": "ISC",
@@ -5911,9 +5910,9 @@
      "peer": true
    },
    "node_modules/semantic-release": {
-      "version": "19.0.2",
+      "version": "19.0.3",
-      "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-19.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-19.0.3.tgz",
-      "integrity": "sha512-7tPonjZxukKECmClhsfyMKDt0GR38feIC2HxgyYaBi+9tDySBLjK/zYDLhh+m6yjnHIJa9eBTKYE7k63ZQcYbw==",
+      "integrity": "sha512-HaFbydST1cDKZHuFZxB8DTrBLJVK/AnDExpK0s3EqLIAAUAHUgnd+VSJCUtTYQKkAkauL8G9CucODrVCc7BuAA==",
      "dev": true,
      "peer": true,
      "dependencies": {
@@ -9019,9 +9018,9 @@
      "peer": true
    },
    "npm": {
-      "version": "8.10.0",
+      "version": "8.12.2",
-      "resolved": "https://registry.npmjs.org/npm/-/npm-8.10.0.tgz",
+      "resolved": "https://registry.npmjs.org/npm/-/npm-8.12.2.tgz",
-      "integrity": "sha512-6oo65q9Quv9mRPGZJufmSH+C/UFdgelwzRXiglT/2mDB50zdy/lZK5dFY0TJ9fJ/8gHqnxcX1NM206KLjTBMlQ==",
+      "integrity": "sha512-TArexqro9wpl/6wz6t6YdYhOoiy/UArqiSsSsqI7fieEhQEswDQSJcgt/LuCDjl6mfCDi0So7S2UZ979qLYRPg==",
      "dev": true,
      "peer": true,
      "requires": {
@@ -9035,7 +9034,7 @@
        "@npmcli/run-script": "^3.0.1",
        "abbrev": "~1.1.1",
        "archy": "~1.0.0",
-        "cacache": "^16.0.7",
+        "cacache": "^16.1.1",
        "chalk": "^4.1.2",
        "chownr": "^2.0.0",
        "cli-columns": "^4.0.0",
@@ -9060,7 +9059,7 @@
        "libnpmsearch": "^5.0.2",
        "libnpmteam": "^4.0.2",
        "libnpmversion": "^3.0.1",
-        "make-fetch-happen": "^10.1.3",
+        "make-fetch-happen": "^10.1.7",
        "minipass": "^3.1.6",
        "minipass-pipeline": "^1.2.4",
        "mkdirp": "^1.0.4",
@@ -9077,7 +9076,7 @@
        "npm-user-validate": "^1.0.1",
        "npmlog": "^6.0.2",
        "opener": "^1.5.2",
-        "pacote": "^13.3.0",
+        "pacote": "^13.6.0",
        "parse-conflict-json": "^2.0.2",
        "proc-log": "^2.0.1",
        "qrcode-terminal": "^0.12.0",
@@ -9087,7 +9086,7 @@
        "readdir-scoped-modules": "^1.1.0",
        "rimraf": "^3.0.2",
        "semver": "^7.3.7",
-        "ssri": "^9.0.0",
+        "ssri": "^9.0.1",
        "tar": "^6.1.11",
        "text-table": "~0.2.0",
        "tiny-relative-date": "^1.3.0",
@@ -9117,7 +9116,7 @@
          "peer": true
        },
        "@npmcli/arborist": {
-          "version": "5.2.0",
+          "version": "5.2.1",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -9432,7 +9431,7 @@
          }
        },
        "cacache": {
-          "version": "16.0.7",
+          "version": "16.1.1",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -9704,7 +9703,7 @@
          }
        },
        "glob": {
-          "version": "8.0.1",
+          "version": "8.0.3",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -9713,8 +9712,7 @@
            "inflight": "^1.0.4",
            "inherits": "2",
            "minimatch": "^5.0.1",
-            "once": "^1.3.0",
+            "once": "^1.3.0"
            "path-is-absolute": "^1.0.0"
          }
        },
        "graceful-fs": {
@@ -9970,7 +9968,7 @@
          }
        },
        "libnpmexec": {
-          "version": "4.0.5",
+          "version": "4.0.6",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -10019,14 +10017,14 @@
          }
        },
        "libnpmpack": {
-          "version": "4.0.3",
+          "version": "4.1.0",
          "bundled": true,
          "dev": true,
          "peer": true,
          "requires": {
            "@npmcli/run-script": "^3.0.0",
            "npm-package-arg": "^9.0.1",
-            "pacote": "^13.0.5"
+            "pacote": "^13.5.0"
          }
        },
        "libnpmpublish": {
@@ -10081,13 +10079,13 @@
          "peer": true
        },
        "make-fetch-happen": {
-          "version": "10.1.3",
+          "version": "10.1.7",
          "bundled": true,
          "dev": true,
          "peer": true,
          "requires": {
            "agentkeepalive": "^4.2.1",
-            "cacache": "^16.0.2",
+            "cacache": "^16.1.0",
            "http-cache-semantics": "^4.1.0",
            "http-proxy-agent": "^5.0.0",
            "https-proxy-agent": "^5.0.0",
@@ -10100,12 +10098,12 @@
            "minipass-pipeline": "^1.2.4",
            "negotiator": "^0.6.3",
            "promise-retry": "^2.0.1",
-            "socks-proxy-agent": "^6.1.1",
+            "socks-proxy-agent": "^7.0.0",
            "ssri": "^9.0.0"
          }
        },
        "minimatch": {
-          "version": "5.0.1",
+          "version": "5.1.0",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -10254,7 +10252,7 @@
              }
            },
            "glob": {
-              "version": "7.2.0",
+              "version": "7.2.3",
              "bundled": true,
              "dev": true,
              "peer": true,
@@ -10262,7 +10260,7 @@
                "fs.realpath": "^1.0.0",
                "inflight": "^1.0.4",
                "inherits": "2",
-                "minimatch": "^3.0.4",
+                "minimatch": "^3.1.1",
                "once": "^1.3.0",
                "path-is-absolute": "^1.0.0"
              }
@@ -10344,7 +10342,7 @@
          }
        },
        "npm-packlist": {
-          "version": "5.0.3",
+          "version": "5.1.0",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -10435,7 +10433,7 @@
          }
        },
        "pacote": {
-          "version": "13.3.0",
+          "version": "13.6.0",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -10451,7 +10449,7 @@
            "minipass": "^3.1.6",
            "mkdirp": "^1.0.4",
            "npm-package-arg": "^9.0.0",
-            "npm-packlist": "^5.0.0",
+            "npm-packlist": "^5.1.0",
            "npm-pick-manifest": "^7.0.0",
            "npm-registry-fetch": "^13.0.1",
            "proc-log": "^2.0.0",
@@ -10615,7 +10613,7 @@
              }
            },
            "glob": {
-              "version": "7.2.0",
+              "version": "7.2.3",
              "bundled": true,
              "dev": true,
              "peer": true,
@@ -10623,7 +10621,7 @@
                "fs.realpath": "^1.0.0",
                "inflight": "^1.0.4",
                "inherits": "2",
-                "minimatch": "^3.0.4",
+                "minimatch": "^3.1.1",
                "once": "^1.3.0",
                "path-is-absolute": "^1.0.0"
              }
@@ -10701,7 +10699,7 @@
          }
        },
        "socks-proxy-agent": {
-          "version": "6.2.0",
+          "version": "7.0.0",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -10744,7 +10742,7 @@
          "peer": true
        },
        "ssri": {
-          "version": "9.0.0",
+          "version": "9.0.1",
          "bundled": true,
          "dev": true,
          "peer": true,
@@ -11270,9 +11268,9 @@
      "peer": true
    },
    "semantic-release": {
-      "version": "19.0.2",
+      "version": "19.0.3",
-      "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-19.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-19.0.3.tgz",
-      "integrity": "sha512-7tPonjZxukKECmClhsfyMKDt0GR38feIC2HxgyYaBi+9tDySBLjK/zYDLhh+m6yjnHIJa9eBTKYE7k63ZQcYbw==",
+      "integrity": "sha512-HaFbydST1cDKZHuFZxB8DTrBLJVK/AnDExpK0s3EqLIAAUAHUgnd+VSJCUtTYQKkAkauL8G9CucODrVCc7BuAA==",
      "dev": true,
      "peer": true,
      "requires": {
--- a/web/.nvmrc
+++ b/web/.nvmrc
@@ -1 +1 @@
-v16.14.0
+v16.15.1
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -10,7 +10,7 @@
      "dependencies": {
        "@emotion/react": "^11.4.1",
        "@emotion/styled": "^11.3.0",
-        "@mui/icons-material": "^5.0.3",
+        "@mui/icons-material": "^5.8.4",
        "@mui/lab": "^5.0.0-alpha.50",
        "@mui/material": "^5.0.3",
        "@mui/styles": "^5.0.1",
@@ -27,7 +27,7 @@
        "react-copy-to-clipboard": "^5.1.0",
        "react-dom": "^17.0.2",
        "react-monaco-editor": "^0.48.0",
-        "react-router-dom": "^5.3.0",
+        "react-router-dom": "^6.3.0",
        "react-toastify": "^9.0.1"
      },
      "devDependencies": {
@@ -1836,9 +1836,9 @@
      }
    },
    "node_modules/@babel/runtime": {
-      "version": "7.16.3",
+      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.3.tgz",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.18.6.tgz",
-      "integrity": "sha512-WBwekcqacdY2e9AF/Q7WLFUWmdJGJTkbjqTjoMDgXkVZ3ZRUvOPsLb5KdwISoQVsbP+DQzVZW4Zhci0DvpbNTQ==",
+      "integrity": "sha512-t9wi7/AW6XtKahAe20Yw0/mMljKq0B1r2fPdvaAdV/KPDZewFXdaaa6K7lxmZBZ8FBNpCiAT6iHPmd6QO9bKfQ==",
      "dependencies": {
        "regenerator-runtime": "^0.13.4"
      },
@@ -2284,6 +2284,58 @@
        "node": ">=8"
      }
    },
    "node_modules/@jridgewell/gen-mapping": {
      "version": "0.3.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
      "dependencies": {
        "@jridgewell/set-array": "^1.0.1",
        "@jridgewell/sourcemap-codec": "^1.4.10",
        "@jridgewell/trace-mapping": "^0.3.9"
      },
      "engines": {
        "node": ">=6.0.0"
      }
    },
    "node_modules/@jridgewell/resolve-uri": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
      "engines": {
        "node": ">=6.0.0"
      }
    },
    "node_modules/@jridgewell/set-array": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==",
      "engines": {
        "node": ">=6.0.0"
      }
    },
    "node_modules/@jridgewell/source-map": {
      "version": "0.3.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
      "integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
      "dependencies": {
        "@jridgewell/gen-mapping": "^0.3.0",
        "@jridgewell/trace-mapping": "^0.3.9"
      }
    },
    "node_modules/@jridgewell/sourcemap-codec": {
      "version": "1.4.14",
      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
    },
    "node_modules/@jridgewell/trace-mapping": {
      "version": "0.3.14",
      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz",
      "integrity": "sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==",
      "dependencies": {
        "@jridgewell/resolve-uri": "^3.0.3",
        "@jridgewell/sourcemap-codec": "^1.4.10"
      }
    },
    "node_modules/@mui/core": {
      "version": "5.0.0-alpha.54",
      "resolved": "https://registry.npmjs.org/@mui/core/-/core-5.0.0-alpha.54.tgz",
@@ -2312,19 +2364,23 @@
      }
    },
    "node_modules/@mui/icons-material": {
-      "version": "5.1.0",
+      "version": "5.8.4",
-      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.8.4.tgz",
-      "integrity": "sha512-GD2cNZ2XTqoxX6DMUg+tos1fDUVg6kXWxwo9UuBiRIhK8N+B7CG7vjRDf28LLmewcqIjxqy+T2SEVqDLy1FOYQ==",
+      "integrity": "sha512-9Z/vyj2szvEhGWDvb+gG875bOGm8b8rlHBKOD1+nA3PcgC3fV6W1AU6pfOorPeBfH2X4mb9Boe97vHvaSndQvA==",
      "dependencies": {
-        "@babel/runtime": "^7.16.0"
+        "@babel/runtime": "^7.17.2"
      },
      "engines": {
        "node": ">=12.0.0"
      },
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/mui"
      },
      "peerDependencies": {
        "@mui/material": "^5.0.0",
-        "@types/react": "^16.8.6 || ^17.0.0",
+        "@types/react": "^17.0.0 || ^18.0.0",
-        "react": "^17.0.2"
+        "react": "^17.0.0 || ^18.0.0"
      },
      "peerDependenciesMeta": {
        "@types/react": {
@@ -3933,11 +3989,9 @@
      }
    },
    "node_modules/acorn": {
-      "version": "7.4.1",
+      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==",
      "dev": true,
      "peer": true,
      "bin": {
        "acorn": "bin/acorn"
      },
@@ -6518,18 +6572,6 @@
        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
      }
    },
    "node_modules/espree/node_modules/acorn": {
      "version": "8.7.0",
      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
      "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
      "dev": true,
      "bin": {
        "acorn": "bin/acorn"
      },
      "engines": {
        "node": ">=0.4.0"
      }
    },
    "node_modules/espree/node_modules/eslint-visitor-keys": {
      "version": "3.3.0",
      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
@@ -7128,16 +7170,11 @@
      }
    },
    "node_modules/history": {
-      "version": "4.10.1",
+      "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz",
+      "resolved": "https://registry.npmjs.org/history/-/history-5.3.0.tgz",
-      "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==",
+      "integrity": "sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==",
      "dependencies": {
-        "@babel/runtime": "^7.1.2",
+        "@babel/runtime": "^7.7.6"
        "loose-envify": "^1.2.0",
        "resolve-pathname": "^3.0.0",
        "tiny-invariant": "^1.0.2",
        "tiny-warning": "^1.0.0",
        "value-equal": "^1.0.1"
      }
    },
    "node_modules/hoist-non-react-statics": {
@@ -7198,20 +7235,6 @@
        "node": ">=12"
      }
    },
    "node_modules/html-minifier-terser/node_modules/acorn": {
      "version": "8.7.0",
      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
      "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
      "dev": true,
      "optional": true,
      "peer": true,
      "bin": {
        "acorn": "bin/acorn"
      },
      "engines": {
        "node": ">=0.4.0"
      }
    },
    "node_modules/html-minifier-terser/node_modules/commander": {
      "version": "8.3.0",
      "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
@@ -7221,46 +7244,6 @@
        "node": ">= 12"
      }
    },
    "node_modules/html-minifier-terser/node_modules/source-map": {
      "version": "0.7.3",
      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
      "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
      "dev": true,
      "engines": {
        "node": ">= 8"
      }
    },
    "node_modules/html-minifier-terser/node_modules/terser": {
      "version": "5.10.0",
      "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
      "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
      "dev": true,
      "dependencies": {
        "commander": "^2.20.0",
        "source-map": "~0.7.2",
        "source-map-support": "~0.5.20"
      },
      "bin": {
        "terser": "bin/terser"
      },
      "engines": {
        "node": ">=10"
      },
      "peerDependencies": {
        "acorn": "^8.5.0"
      },
      "peerDependenciesMeta": {
        "acorn": {
          "optional": true
        }
      }
    },
    "node_modules/html-minifier-terser/node_modules/terser/node_modules/commander": {
      "version": "2.20.3",
      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
      "dev": true
    },
    "node_modules/html-webpack-plugin": {
      "version": "5.5.0",
      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.0.tgz",
@@ -7829,11 +7812,6 @@
        "node": ">=8"
      }
    },
    "node_modules/isarray": {
      "version": "0.0.1",
      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
    },
    "node_modules/isexe": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -8392,19 +8370,6 @@
        "node": ">=4"
      }
    },
    "node_modules/mini-create-react-context": {
      "version": "0.4.1",
      "resolved": "https://registry.npmjs.org/mini-create-react-context/-/mini-create-react-context-0.4.1.tgz",
      "integrity": "sha512-YWCYEmd5CQeHGSAKrYvXgmzzkrvssZcuuQDDeqkT+PziKGMgE+0MCCtcKbROzocGBG1meBLl2FotlRwf4gAzbQ==",
      "dependencies": {
        "@babel/runtime": "^7.12.1",
        "tiny-warning": "^1.0.3"
      },
      "peerDependencies": {
        "prop-types": "^15.0.0",
        "react": "^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
      }
    },
    "node_modules/minimalistic-assert": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
@@ -8967,14 +8932,6 @@
      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
    },
    "node_modules/path-to-regexp": {
      "version": "1.8.0",
      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
      "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
      "dependencies": {
        "isarray": "0.0.1"
      }
    },
    "node_modules/path-type": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -9362,47 +9319,29 @@
        "react": "^17.x"
      }
    },
    "node_modules/react-router": {
      "version": "5.2.1",
      "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.2.1.tgz",
      "integrity": "sha512-lIboRiOtDLFdg1VTemMwud9vRVuOCZmUIT/7lUoZiSpPODiiH1UQlfXy+vPLC/7IWdFYnhRwAyNqA/+I7wnvKQ==",
      "dependencies": {
        "@babel/runtime": "^7.12.13",
        "history": "^4.9.0",
        "hoist-non-react-statics": "^3.1.0",
        "loose-envify": "^1.3.1",
        "mini-create-react-context": "^0.4.0",
        "path-to-regexp": "^1.7.0",
        "prop-types": "^15.6.2",
        "react-is": "^16.6.0",
        "tiny-invariant": "^1.0.2",
        "tiny-warning": "^1.0.0"
      },
      "peerDependencies": {
        "react": ">=15"
      }
    },
    "node_modules/react-router-dom": {
-      "version": "5.3.0",
+      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.3.0.tgz",
-      "integrity": "sha512-ObVBLjUZsphUUMVycibxgMdh5jJ1e3o+KpAZBVeHcNQZ4W+uUGGWsokurzlF4YOldQYRQL4y6yFRWM4m3svmuQ==",
+      "integrity": "sha512-uaJj7LKytRxZNQV8+RbzJWnJ8K2nPsOOEuX7aQstlMZKQT0164C+X2w6bnkqU3sjtLvpd5ojrezAyfZ1+0sStw==",
      "dependencies": {
-        "@babel/runtime": "^7.12.13",
+        "history": "^5.2.0",
-        "history": "^4.9.0",
+        "react-router": "6.3.0"
        "loose-envify": "^1.3.1",
        "prop-types": "^15.6.2",
        "react-router": "5.2.1",
        "tiny-invariant": "^1.0.2",
        "tiny-warning": "^1.0.0"
      },
      "peerDependencies": {
-        "react": ">=15"
+        "react": ">=16.8",
        "react-dom": ">=16.8"
      }
    },
-    "node_modules/react-router/node_modules/react-is": {
+    "node_modules/react-router-dom/node_modules/react-router": {
-      "version": "16.13.1",
+      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.3.0.tgz",
-      "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+      "integrity": "sha512-7Wh1DzVQ+tlFjkeo+ujvjSqSJmkt1+8JO+T5xklPlgrh70y7ogx75ODRW0ThWhY7S+6yEDks8TYrtQe/aoboBQ==",
      "dependencies": {
        "history": "^5.2.0"
      },
      "peerDependencies": {
        "react": ">=16.8"
      }
    },
    "node_modules/react-toastify": {
      "version": "9.0.1",
@@ -9679,11 +9618,6 @@
        "node": ">=4"
      }
    },
    "node_modules/resolve-pathname": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz",
      "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng=="
    },
    "node_modules/retry": {
      "version": "0.13.1",
      "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
@@ -10337,6 +10271,28 @@
        "node": ">=6"
      }
    },
    "node_modules/terser": {
      "version": "5.14.2",
      "resolved": "https://registry.npmjs.org/terser/-/terser-5.14.2.tgz",
      "integrity": "sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==",
      "dependencies": {
        "@jridgewell/source-map": "^0.3.2",
        "acorn": "^8.5.0",
        "commander": "^2.20.0",
        "source-map-support": "~0.5.20"
      },
      "bin": {
        "terser": "bin/terser"
      },
      "engines": {
        "node": ">=10"
      }
    },
    "node_modules/terser/node_modules/commander": {
      "version": "2.20.3",
      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
    },
    "node_modules/text-table": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
@@ -10349,11 +10305,6 @@
      "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==",
      "dev": true
    },
    "node_modules/tiny-invariant": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.2.0.tgz",
      "integrity": "sha512-1Uhn/aqw5C6RI4KejVeTg6mIS7IqxnLJ8Mv2tV5rTc0qWobay7pDUz6Wi392Cnc8ak1H0F2cjoRzb2/AW4+Fvg=="
    },
    "node_modules/tiny-warning": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz",
@@ -10733,11 +10684,6 @@
        "node": ">= 0.10"
      }
    },
    "node_modules/value-equal": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz",
      "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw=="
    },
    "node_modules/vary": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
@@ -11184,17 +11130,6 @@
        "node": ">=10.0.0"
      }
    },
    "node_modules/webpack/node_modules/acorn": {
      "version": "8.7.0",
      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
      "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
      "bin": {
        "acorn": "bin/acorn"
      },
      "engines": {
        "node": ">=0.4.0"
      }
    },
    "node_modules/webpack/node_modules/acorn-import-assertions": {
      "version": "1.8.0",
      "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
@@ -11203,11 +11138,6 @@
        "acorn": "^8"
      }
    },
    "node_modules/webpack/node_modules/commander": {
      "version": "2.20.3",
      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
    },
    "node_modules/webpack/node_modules/has-flag": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -11276,30 +11206,6 @@
        "url": "https://github.com/chalk/supports-color?sponsor=1"
      }
    },
    "node_modules/webpack/node_modules/terser": {
      "version": "5.10.0",
      "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
      "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
      "dependencies": {
        "commander": "^2.20.0",
        "source-map": "~0.7.2",
        "source-map-support": "~0.5.20"
      },
      "bin": {
        "terser": "bin/terser"
      },
      "engines": {
        "node": ">=10"
      },
      "peerDependencies": {
        "acorn": "^8.5.0"
      },
      "peerDependenciesMeta": {
        "acorn": {
          "optional": true
        }
      }
    },
    "node_modules/webpack/node_modules/terser-webpack-plugin": {
      "version": "5.3.1",
      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz",
@@ -11333,14 +11239,6 @@
        }
      }
    },
    "node_modules/webpack/node_modules/terser/node_modules/source-map": {
      "version": "0.7.3",
      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
      "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
      "engines": {
        "node": ">= 8"
      }
    },
    "node_modules/webpack/node_modules/webpack-sources": {
      "version": "3.2.3",
      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz",
@@ -12642,9 +12540,9 @@
      }
    },
    "@babel/runtime": {
-      "version": "7.16.3",
+      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.3.tgz",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.18.6.tgz",
-      "integrity": "sha512-WBwekcqacdY2e9AF/Q7WLFUWmdJGJTkbjqTjoMDgXkVZ3ZRUvOPsLb5KdwISoQVsbP+DQzVZW4Zhci0DvpbNTQ==",
+      "integrity": "sha512-t9wi7/AW6XtKahAe20Yw0/mMljKq0B1r2fPdvaAdV/KPDZewFXdaaa6K7lxmZBZ8FBNpCiAT6iHPmd6QO9bKfQ==",
      "requires": {
        "regenerator-runtime": "^0.13.4"
      }
@@ -12974,6 +12872,49 @@
        }
      }
    },
    "@jridgewell/gen-mapping": {
      "version": "0.3.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
      "requires": {
        "@jridgewell/set-array": "^1.0.1",
        "@jridgewell/sourcemap-codec": "^1.4.10",
        "@jridgewell/trace-mapping": "^0.3.9"
      }
    },
    "@jridgewell/resolve-uri": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w=="
    },
    "@jridgewell/set-array": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw=="
    },
    "@jridgewell/source-map": {
      "version": "0.3.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
      "integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
      "requires": {
        "@jridgewell/gen-mapping": "^0.3.0",
        "@jridgewell/trace-mapping": "^0.3.9"
      }
    },
    "@jridgewell/sourcemap-codec": {
      "version": "1.4.14",
      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
    },
    "@jridgewell/trace-mapping": {
      "version": "0.3.14",
      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz",
      "integrity": "sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==",
      "requires": {
        "@jridgewell/resolve-uri": "^3.0.3",
        "@jridgewell/sourcemap-codec": "^1.4.10"
      }
    },
    "@mui/core": {
      "version": "5.0.0-alpha.54",
      "resolved": "https://registry.npmjs.org/@mui/core/-/core-5.0.0-alpha.54.tgz",
@@ -12989,11 +12930,11 @@
      }
    },
    "@mui/icons-material": {
-      "version": "5.1.0",
+      "version": "5.8.4",
-      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.8.4.tgz",
-      "integrity": "sha512-GD2cNZ2XTqoxX6DMUg+tos1fDUVg6kXWxwo9UuBiRIhK8N+B7CG7vjRDf28LLmewcqIjxqy+T2SEVqDLy1FOYQ==",
+      "integrity": "sha512-9Z/vyj2szvEhGWDvb+gG875bOGm8b8rlHBKOD1+nA3PcgC3fV6W1AU6pfOorPeBfH2X4mb9Boe97vHvaSndQvA==",
      "requires": {
-        "@babel/runtime": "^7.16.0"
+        "@babel/runtime": "^7.17.2"
      }
    },
    "@mui/lab": {
@@ -14170,11 +14111,9 @@
      }
    },
    "acorn": {
-      "version": "7.4.1",
+      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w=="
      "dev": true,
      "peer": true
    },
    "acorn-jsx": {
      "version": "5.3.2",
@@ -16121,12 +16060,6 @@
        "eslint-visitor-keys": "^3.3.0"
      },
      "dependencies": {
        "acorn": {
          "version": "8.7.0",
          "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
          "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
          "dev": true
        },
        "eslint-visitor-keys": {
          "version": "3.3.0",
          "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
@@ -16587,16 +16520,11 @@
      "dev": true
    },
    "history": {
-      "version": "4.10.1",
+      "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz",
+      "resolved": "https://registry.npmjs.org/history/-/history-5.3.0.tgz",
-      "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==",
+      "integrity": "sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==",
      "requires": {
-        "@babel/runtime": "^7.1.2",
+        "@babel/runtime": "^7.7.6"
        "loose-envify": "^1.2.0",
        "resolve-pathname": "^3.0.0",
        "tiny-invariant": "^1.0.2",
        "tiny-warning": "^1.0.0",
        "value-equal": "^1.0.1"
      }
    },
    "hoist-non-react-statics": {
@@ -16650,44 +16578,11 @@
        "terser": "^5.10.0"
      },
      "dependencies": {
        "acorn": {
          "version": "8.7.0",
          "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
          "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
          "dev": true,
          "optional": true,
          "peer": true
        },
        "commander": {
          "version": "8.3.0",
          "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
          "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
          "dev": true
        },
        "source-map": {
          "version": "0.7.3",
          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
          "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
          "dev": true
        },
        "terser": {
          "version": "5.10.0",
          "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
          "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
          "dev": true,
          "requires": {
            "commander": "^2.20.0",
            "source-map": "~0.7.2",
            "source-map-support": "~0.5.20"
          },
          "dependencies": {
            "commander": {
              "version": "2.20.3",
              "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
              "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
              "dev": true
            }
          }
        }
      }
    },
@@ -17084,11 +16979,6 @@
        "is-docker": "^2.0.0"
      }
    },
    "isarray": {
      "version": "0.0.1",
      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
    },
    "isexe": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -17530,15 +17420,6 @@
      "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz",
      "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg=="
    },
    "mini-create-react-context": {
      "version": "0.4.1",
      "resolved": "https://registry.npmjs.org/mini-create-react-context/-/mini-create-react-context-0.4.1.tgz",
      "integrity": "sha512-YWCYEmd5CQeHGSAKrYvXgmzzkrvssZcuuQDDeqkT+PziKGMgE+0MCCtcKbROzocGBG1meBLl2FotlRwf4gAzbQ==",
      "requires": {
        "@babel/runtime": "^7.12.1",
        "tiny-warning": "^1.0.3"
      }
    },
    "minimalistic-assert": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
@@ -17961,14 +17842,6 @@
      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
    },
    "path-to-regexp": {
      "version": "1.8.0",
      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
      "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
      "requires": {
        "isarray": "0.0.1"
      }
    },
    "path-type": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -18260,44 +18133,25 @@
        "prop-types": "^15.8.1"
      }
    },
-    "react-router": {
+    "react-router-dom": {
-      "version": "5.2.1",
+      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.2.1.tgz",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.3.0.tgz",
-      "integrity": "sha512-lIboRiOtDLFdg1VTemMwud9vRVuOCZmUIT/7lUoZiSpPODiiH1UQlfXy+vPLC/7IWdFYnhRwAyNqA/+I7wnvKQ==",
+      "integrity": "sha512-uaJj7LKytRxZNQV8+RbzJWnJ8K2nPsOOEuX7aQstlMZKQT0164C+X2w6bnkqU3sjtLvpd5ojrezAyfZ1+0sStw==",
      "requires": {
-        "@babel/runtime": "^7.12.13",
+        "history": "^5.2.0",
-        "history": "^4.9.0",
+        "react-router": "6.3.0"
        "hoist-non-react-statics": "^3.1.0",
        "loose-envify": "^1.3.1",
        "mini-create-react-context": "^0.4.0",
        "path-to-regexp": "^1.7.0",
        "prop-types": "^15.6.2",
        "react-is": "^16.6.0",
        "tiny-invariant": "^1.0.2",
        "tiny-warning": "^1.0.0"
      },
      "dependencies": {
-        "react-is": {
+        "react-router": {
-          "version": "16.13.1",
+          "version": "6.3.0",
-          "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
+          "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.3.0.tgz",
-          "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+          "integrity": "sha512-7Wh1DzVQ+tlFjkeo+ujvjSqSJmkt1+8JO+T5xklPlgrh70y7ogx75ODRW0ThWhY7S+6yEDks8TYrtQe/aoboBQ==",
          "requires": {
            "history": "^5.2.0"
          }
        }
      }
    },
    "react-router-dom": {
      "version": "5.3.0",
      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.0.tgz",
      "integrity": "sha512-ObVBLjUZsphUUMVycibxgMdh5jJ1e3o+KpAZBVeHcNQZ4W+uUGGWsokurzlF4YOldQYRQL4y6yFRWM4m3svmuQ==",
      "requires": {
        "@babel/runtime": "^7.12.13",
        "history": "^4.9.0",
        "loose-envify": "^1.3.1",
        "prop-types": "^15.6.2",
        "react-router": "5.2.1",
        "tiny-invariant": "^1.0.2",
        "tiny-warning": "^1.0.0"
      }
    },
    "react-toastify": {
      "version": "9.0.1",
      "resolved": "https://registry.npmjs.org/react-toastify/-/react-toastify-9.0.1.tgz",
@@ -18520,11 +18374,6 @@
      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g=="
    },
    "resolve-pathname": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz",
      "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng=="
    },
    "retry": {
      "version": "0.13.1",
      "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
@@ -19014,6 +18863,24 @@
      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
      "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="
    },
    "terser": {
      "version": "5.14.2",
      "resolved": "https://registry.npmjs.org/terser/-/terser-5.14.2.tgz",
      "integrity": "sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==",
      "requires": {
        "@jridgewell/source-map": "^0.3.2",
        "acorn": "^8.5.0",
        "commander": "^2.20.0",
        "source-map-support": "~0.5.20"
      },
      "dependencies": {
        "commander": {
          "version": "2.20.3",
          "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
          "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
        }
      }
    },
    "text-table": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
@@ -19026,11 +18893,6 @@
      "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==",
      "dev": true
    },
    "tiny-invariant": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.2.0.tgz",
      "integrity": "sha512-1Uhn/aqw5C6RI4KejVeTg6mIS7IqxnLJ8Mv2tV5rTc0qWobay7pDUz6Wi392Cnc8ak1H0F2cjoRzb2/AW4+Fvg=="
    },
    "tiny-warning": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz",
@@ -19320,11 +19182,6 @@
        "homedir-polyfill": "^1.0.1"
      }
    },
    "value-equal": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz",
      "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw=="
    },
    "vary": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
@@ -19380,22 +19237,12 @@
        "webpack-sources": "^3.2.2"
      },
      "dependencies": {
        "acorn": {
          "version": "8.7.0",
          "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
          "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ=="
        },
        "acorn-import-assertions": {
          "version": "1.8.0",
          "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
          "integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==",
          "requires": {}
        },
        "commander": {
          "version": "2.20.3",
          "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
          "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
        },
        "has-flag": {
          "version": "4.0.0",
          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -19442,23 +19289,6 @@
            "has-flag": "^4.0.0"
          }
        },
        "terser": {
          "version": "5.10.0",
          "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
          "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
          "requires": {
            "commander": "^2.20.0",
            "source-map": "~0.7.2",
            "source-map-support": "~0.5.20"
          },
          "dependencies": {
            "source-map": {
              "version": "0.7.3",
              "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
              "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ=="
            }
          }
        },
        "terser-webpack-plugin": {
          "version": "5.3.1",
          "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz",
--- a/web/package.json
+++ b/web/package.json
@@ -3,13 +3,13 @@
  "version": "0.1.0",
  "private": true,
  "scripts": {
-    "start": "npx webpack-dev-server --config webpack.dev.ts --hot",
+    "start": "webpack-dev-server --config webpack.dev.ts --hot",
-    "build": "npx webpack --config webpack.prod.ts"
+    "build": "webpack --config webpack.prod.ts"
  },
  "dependencies": {
    "@emotion/react": "^11.4.1",
    "@emotion/styled": "^11.3.0",
-    "@mui/icons-material": "^5.0.3",
+    "@mui/icons-material": "^5.8.4",
    "@mui/lab": "^5.0.0-alpha.50",
    "@mui/material": "^5.0.3",
    "@mui/styles": "^5.0.1",
@@ -26,7 +26,7 @@
    "react-copy-to-clipboard": "^5.1.0",
    "react-dom": "^17.0.2",
    "react-monaco-editor": "^0.48.0",
-    "react-router-dom": "^5.3.0",
+    "react-router-dom": "^6.3.0",
    "react-toastify": "^9.0.1"
  },
  "devDependencies": {
--- a/web/src/App.tsx
+++ b/web/src/App.tsx
@@ -1,12 +1,11 @@
 import React, { useContext } from 'react'
-import { Route, HashRouter, Switch } from 'react-router-dom'
+import { Route, HashRouter, Routes } from 'react-router-dom'
 import { ThemeProvider } from '@mui/material/styles'
 import { theme } from './theme'
 import Login from './components/login'
 import Header from './components/header'
 import Home from './components/home'
 import Drive from './containers/Drive'
 import Studio from './containers/Studio'
 import Settings from './containers/Settings'
@@ -22,11 +21,9 @@ function App() {
      <ThemeProvider theme={theme}>
        <HashRouter>
          <Header />
-          <Switch>
+          <Routes>
-            <Route path="/">
+            <Route path="*" element={<Login />} />
-              <Login />
+          </Routes>
            </Route>
          </Switch>
        </HashRouter>
      </ThemeProvider>
    )
@@ -36,23 +33,12 @@ function App() {
    <ThemeProvider theme={theme}>
      <HashRouter>
        <Header />
-        <Switch>
+        <Routes>
-          <Route exact path="/">
+          <Route path="/" element={<Home />} />
-            <Home />
+          <Route path="/SASjsStudio" element={<Studio />} />
-          </Route>
+          <Route path="/SASjsSettings" element={<Settings />} />
-          <Route exact path="/SASjsDrive">
+          <Route path="/SASjsLogon" element={<AuthCode />} />
-            <Drive />
+        </Routes>
          </Route>
          <Route exact path="/SASjsStudio">
            <Studio />
          </Route>
          <Route exact path="/SASjsSettings">
            <Settings />
          </Route>
          <Route exact path="/SASjsLogon">
            <AuthCode />
          </Route>
        </Switch>
        <ToastContainer />
      </HashRouter>
    </ThemeProvider>
--- a/web/src/components/deleteConfirmationModal.tsx
+++ b/web/src/components/deleteConfirmationModal.tsx
@@ -0,0 +1,49 @@
 import React from 'react'
 import {
  Button,
  Dialog,
  DialogContent,
  DialogActions,
  Typography
 } from '@mui/material'
 import { styled } from '@mui/material/styles'
 const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  '& .MuiDialogContent-root': {
    padding: theme.spacing(2)
  },
  '& .MuiDialogActions-root': {
    padding: theme.spacing(1)
  }
 }))
 type DeleteConfirmationModalProps = {
  open: boolean
  setOpen: React.Dispatch<React.SetStateAction<boolean>>
  message: string
  _delete: () => void
 }
 const DeleteConfirmationModal = ({
  open,
  setOpen,
  message,
  _delete
 }: DeleteConfirmationModalProps) => {
  return (
    <BootstrapDialog onClose={() => setOpen(false)} open={open}>
      <DialogContent dividers>
        <Typography gutterBottom>{message}</Typography>
      </DialogContent>
      <DialogActions>
        <Button onClick={() => setOpen(false)}>Cancel</Button>
        <Button color="error" onClick={() => _delete()}>
          Delete
        </Button>
      </DialogActions>
    </BootstrapDialog>
  )
 }
 export default DeleteConfirmationModal
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,3 @@`
							`# These are supported funding model platforms`

							`github: [sasjs]`