chore(release): 0.39.3 [skip ci]

## [0.39.3](https://github.com/sasjs/server/compare/v0.39.2...v0.39.3) (2025-11-25) ### Bug Fixes * (deps) bump @sasjs/core to 4.59.7 ([ab96653](ab96653564)) * (deps) rerun npm i to sync ([225f381](225f381bdf))
Merge pull request #385 from sasjs/bumpCore_20251125
2025-12-10 11:24:35 +00:00 · 2025-11-25 12:39:15 +00:00 · 2025-11-25 12:36:18 +00:00 · 2025-11-25 12:27:14 +00:00 · 2025-11-25 12:24:27 +00:00 · 2025-11-25 12:18:50 +00:00
30 changed files with 11626 additions and 23559 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,7 +5,7 @@ on:

 jobs:
  lint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    strategy:
      matrix:
@@ -28,7 +28,7 @@ jobs:
        run: npm run lint-web

  build-api:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    strategy:
      matrix:
@@ -66,7 +66,7 @@ jobs:
          CI: true

  build-web:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    strategy:
      matrix:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,7 +7,7 @@ on:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    strategy:
      matrix:
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,5 +1,3 @@
 {
-  "cSpell.words": [
-    "autoexec"
-  ]
+  "cSpell.words": ["autoexec", "initialising"]
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,55 @@
+## [0.39.3](https://github.com/sasjs/server/compare/v0.39.2...v0.39.3) (2025-11-25)
+
+
+### Bug Fixes
+
+* (deps) bump @sasjs/core to 4.59.7 ([ab96653](https://github.com/sasjs/server/commit/ab966535642d08d4e8e984007b98c8fdffbe30f7))
+* (deps) rerun npm i to sync ([225f381](https://github.com/sasjs/server/commit/225f381bdf8ad5aa2af8d75648df1dd5175e12e0))
+
+## [0.39.2](https://github.com/sasjs/server/compare/v0.39.1...v0.39.2) (2025-09-25)
+
+
+### Bug Fixes
+
+* addressing test fail ([e51b204](https://github.com/sasjs/server/commit/e51b20421adc1598ea267c79b1fb4dbc085f97b9))
+* packages missmatch ([379ea60](https://github.com/sasjs/server/commit/379ea604bcb5686b5299fae6a32f759c45b275ea))
+* type libs ([6d123c3](https://github.com/sasjs/server/commit/6d123c3e23628c1d703eaa13142c77f0da970a55))
+* typescript errors ([631e956](https://github.com/sasjs/server/commit/631e95604b64b1a96f2abade659348618f3b00b2))
+* typescript errors ([198cd79](https://github.com/sasjs/server/commit/198cd79354254511c21ac1acfbf7b6bcfdab2af7))
+
+## [0.39.1](https://github.com/sasjs/server/compare/v0.39.0...v0.39.1) (2025-03-13)
+
+
+### Bug Fixes
+
+* extra bit of sleep for file recognition ([f4768bf](https://github.com/sasjs/server/commit/f4768bffd3dbb2fe243966572ba74002024d96e1)), closes [#381](https://github.com/sasjs/server/issues/381)
+
+# [0.39.0](https://github.com/sasjs/server/compare/v0.38.0...v0.39.0) (2024-10-31)
+
+
+### Bug Fixes
+
+* **api:** fixed condition in processProgram ([48a9a4d](https://github.com/sasjs/server/commit/48a9a4dd0e31f84209635382be4ec4bb2c3a9c0c))
+
+
+### Features
+
+* **api:** added session state endpoint ([6b6546c](https://github.com/sasjs/server/commit/6b6546c7ad0833347f8dc4cdba6ad19132f7aaef))
+
+# [0.38.0](https://github.com/sasjs/server/compare/v0.37.0...v0.38.0) (2024-10-30)
+
+
+### Features
+
+* **api:** enabled query params in stp/trigger endpoint ([5cda9cd](https://github.com/sasjs/server/commit/5cda9cd5d8623b7ea2ecd989d7808f47ec866672))
+
+# [0.37.0](https://github.com/sasjs/server/compare/v0.36.0...v0.37.0) (2024-10-29)
+
+
+### Features
+
+* **stp:** added trigger endpoint ([b0723f1](https://github.com/sasjs/server/commit/b0723f14448d60ffce4f2175cf8a73fc4d4dd0ee))
+
 # [0.36.0](https://github.com/sasjs/server/compare/v0.35.4...v0.36.0) (2024-10-29)


--- a/api/package-lock.json
+++ b/api/package-lock.json
--- a/api/package.json
+++ b/api/package.json
@@ -48,25 +48,25 @@
  },
  "author": "4GL Ltd",
  "dependencies": {
-    "@sasjs/core": "^4.40.1",
-    "@sasjs/utils": "3.2.0",
+    "@sasjs/core": "^4.59.7",
+    "@sasjs/utils": "^3.5.2",
    "bcryptjs": "^2.4.3",
-    "connect-mongo": "^4.6.0",
-    "cookie-parser": "^1.4.6",
+    "connect-mongo": "^5.1.0",
+    "cookie-parser": "^1.4.7",
    "cors": "^2.8.5",
-    "express": "^4.17.1",
-    "express-session": "^1.17.2",
+    "express": "^4.21.2",
+    "express-session": "^1.18.2",
    "helmet": "^5.0.2",
    "joi": "^17.4.2",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.2",
    "ldapjs": "2.3.3",
-    "mongoose": "^6.0.12",
-    "morgan": "^1.10.0",
+    "mongoose": "^6.13.8",
+    "morgan": "^1.10.1",
    "multer": "^1.4.5-lts.1",
    "rate-limiter-flexible": "2.4.1",
    "rotating-file-stream": "^3.0.4",
    "swagger-ui-express": "4.3.0",
-    "unzipper": "^0.10.11",
+    "unzipper": "^0.12.3",
    "url": "^0.10.3"
  },
  "devDependencies": {
@@ -76,32 +76,32 @@
    "@types/cors": "^2.8.12",
    "@types/express": "^4.17.12",
    "@types/express-session": "^1.17.4",
-    "@types/jest": "^26.0.24",
+    "@types/jest": "^29.5.0",
    "@types/jsonwebtoken": "^8.5.5",
    "@types/ldapjs": "^2.2.4",
    "@types/morgan": "^1.9.3",
    "@types/multer": "^1.4.7",
-    "@types/node": "^15.12.2",
+    "@types/node": "^20.0.0",
    "@types/supertest": "^2.0.11",
    "@types/swagger-ui-express": "^4.1.3",
    "@types/unzipper": "^0.10.5",
    "adm-zip": "^0.5.9",
-    "axios": "0.27.2",
+    "axios": "^1.12.2",
    "csrf": "^3.1.0",
    "dotenv": "^16.0.1",
    "http-headers-validation": "^0.0.1",
-    "jest": "^27.0.6",
+    "jest": "^29.7.0",
    "mongodb-memory-server": "8.11.4",
    "nodejs-file-downloader": "4.10.2",
-    "nodemon": "^2.0.7",
+    "nodemon": "^3.0.0",
    "pkg": "5.6.0",
-    "prettier": "^2.3.1",
+    "prettier": "^3.0.0",
    "rimraf": "^3.0.2",
    "supertest": "^6.1.3",
-    "ts-jest": "^27.0.3",
+    "ts-jest": "^29.1.0",
    "ts-node": "^10.0.0",
    "tsoa": "3.14.1",
-    "typescript": "^4.3.2"
+    "typescript": "^5.0.0"
  },
  "nodemonConfig": {
    "ignore": [
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -113,8 +113,8 @@ components:
            properties:
                sessionId:
                    type: string
-                    description: "The SessionId is the name of the temporary folder used to store the outputs.\nFor SAS, this would be the SASWORK folder. Can be used to poll job status.\nThis session ID should be used to poll job status."
-                    example: '{ sessionId: ''20241028074744-54132-1730101664824'' }'
+                    description: "`sessionId` is the ID of the session and the name of the temporary folder\nused to store code outputs.<br><br>\nFor SAS, this would be the location of the SASWORK folder.<br><br>\n`sessionId` can be used to poll session state using the\nGET /SASjsApi/session/{sessionId}/state endpoint."
+                    example: 20241028074744-54132-1730101664824
            required:
                - sessionId
            type: object
@@ -585,6 +585,14 @@ components:
                - needsToUpdatePassword
            type: object
            additionalProperties: false
+        SessionState:
+            enum:
+                - initialising
+                - pending
+                - running
+                - completed
+                - failed
+            type: string
        ExecutePostRequestPayload:
            properties:
                _program:
@@ -593,6 +601,16 @@ components:
                    example: /Public/somefolder/some.file
            type: object
            additionalProperties: false
+        TriggerProgramResponse:
+            properties:
+                sessionId:
+                    type: string
+                    description: "`sessionId` is the ID of the session and the name of the temporary folder\nused to store program outputs.<br><br>\nFor SAS, this would be the location of the SASWORK folder.<br><br>\n`sessionId` can be used to poll session state using the\nGET /SASjsApi/session/{sessionId}/state endpoint."
+                    example: 20241028074744-54132-1730101664824
+            required:
+                - sessionId
+            type: object
+            additionalProperties: false
        LoginPayload:
            properties:
                username:
@@ -1831,6 +1849,30 @@ paths:
                -
                    bearerAuth: []
            parameters: []
+    '/SASjsApi/session/{sessionId}/state':
+        get:
+            operationId: SessionState
+            responses:
+                '200':
+                    description: Ok
+                    content:
+                        application/json:
+                            schema:
+                                $ref: '#/components/schemas/SessionState'
+            description: "The polling endpoint is currently implemented for single-server deployments only.<br>\nLoad balanced / grid topologies will be supported in a future release.<br>\nIf your site requires this, please reach out to SASjs Support."
+            summary: 'Get session state (initialising, pending, running, completed, failed).'
+            tags:
+                - Session
+            security:
+                -
+                    bearerAuth: []
+            parameters:
+                -
+                    in: path
+                    name: sessionId
+                    required: true
+                    schema:
+                        type: string
    /SASjsApi/stp/execute:
        get:
            operationId: ExecuteGetRequest
@@ -1901,6 +1943,50 @@ paths:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/ExecutePostRequestPayload'
+    /SASjsApi/stp/trigger:
+        post:
+            operationId: TriggerProgram
+            responses:
+                '200':
+                    description: Ok
+                    content:
+                        application/json:
+                            schema:
+                                $ref: '#/components/schemas/TriggerProgramResponse'
+            description: 'Trigger Program on the Specified Runtime.'
+            summary: 'Triggers program and returns SessionId immediately - does not wait for program completion.'
+            tags:
+                - STP
+            security:
+                -
+                    bearerAuth: []
+            parameters:
+                -
+                    description: 'Location of code in SASjs Drive.'
+                    in: query
+                    name: _program
+                    required: true
+                    schema:
+                        type: string
+                    example: /Projects/myApp/some/program
+                -
+                    description: 'Optional query param for setting debug mode.'
+                    in: query
+                    name: _debug
+                    required: false
+                    schema:
+                        format: double
+                        type: number
+                    example: 131
+                -
+                    description: 'Optional query param for setting amount of minutes after the completion of the program when the session must be destroyed.'
+                    in: query
+                    name: expiresAfterMins
+                    required: false
+                    schema:
+                        format: double
+                        type: number
+                    example: 15
    /:
        get:
            operationId: Home
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -234,9 +234,10 @@ const verifyAuthCode = async (
    jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
      if (err) return resolve(undefined)

+      const payload = data as InfoJWT
      const clientInfo: InfoJWT = {
-        clientId: data?.clientId,
-        userId: data?.userId
+        clientId: payload?.clientId,
+        userId: payload?.userId
      }
      if (clientInfo.clientId === clientId) {
        return resolve(clientInfo)
--- a/api/src/controllers/code.ts
+++ b/api/src/controllers/code.ts
@@ -42,10 +42,12 @@ interface TriggerCodePayload {

 interface TriggerCodeResponse {
  /**
-   * The SessionId is the name of the temporary folder used to store the outputs.
-   * For SAS, this would be the SASWORK folder. Can be used to poll job status.
-   * This session ID should be used to poll job status.
-   * @example "{ sessionId: '20241028074744-54132-1730101664824' }"
+   * `sessionId` is the ID of the session and the name of the temporary folder
+   * used to store code outputs.<br><br>
+   * For SAS, this would be the location of the SASWORK folder.<br><br>
+   * `sessionId` can be used to poll session state using the
+   * GET /SASjsApi/session/{sessionId}/state endpoint.
+   * @example "20241028074744-54132-1730101664824"
   */
  sessionId: string
 }
@@ -120,7 +122,7 @@ const executeCode = async (
 const triggerCode = async (
  req: express.Request,
  { code, runTime, expiresAfterMins }: TriggerCodePayload
-): Promise<{ sessionId: string }> => {
+): Promise<TriggerCodeResponse> => {
  const { user } = req
  const userAutoExec =
    process.env.MODE === ModeType.Server
--- a/api/src/controllers/internal/Execution.ts
+++ b/api/src/controllers/internal/Execution.ts
@@ -2,7 +2,7 @@ import path from 'path'
 import fs from 'fs'
 import { getSessionController, processProgram } from './'
 import { readFile, fileExists, createFile, readFileBinary } from '@sasjs/utils'
-import { PreProgramVars, Session, TreeNode } from '../../types'
+import { PreProgramVars, Session, TreeNode, SessionState } from '../../types'
 import {
  extractHeaders,
  getFilesFolder,
@@ -75,8 +75,7 @@ export class ExecutionController {

    const session =
      sessionByFileUpload ?? (await sessionController.getSession())
-    session.inUse = true
-    session.consumed = true
+    session.state = SessionState.running

    const logPath = path.join(session.path, 'log.log')
    const headersPath = path.join(session.path, 'stpsrv_header.txt')
@@ -121,7 +120,7 @@ export class ExecutionController {
      : ''

    // it should be deleted by scheduleSessionDestroy
-    session.inUse = false
+    session.state = SessionState.completed

    const resultParts = []

@@ -145,7 +144,9 @@ export class ExecutionController {
    return {
      httpHeaders,
      result:
-        isDebugOn(vars) || session.crashed ? resultParts.join(`\n`) : webout
+        isDebugOn(vars) || session.failureReason
+          ? resultParts.join(`\n`)
+          : webout
    }
  }

--- a/api/src/controllers/internal/FileUploadController.ts
+++ b/api/src/controllers/internal/FileUploadController.ts
@@ -2,11 +2,8 @@ import { Request, RequestHandler } from 'express'
 import multer from 'multer'
 import { uuidv4 } from '@sasjs/utils'
 import { getSessionController } from '.'
-import {
-  executeProgramRawValidation,
-  getRunTimeAndFilePath,
-  RunTimeType
-} from '../../utils'
+import { executeProgramRawValidation, getRunTimeAndFilePath } from '../../utils'
+import { SessionState } from '../../types'

 export class FileUploadController {
  private storage = multer.diskStorage({
@@ -56,9 +53,8 @@ export class FileUploadController {
    }

    const session = await sessionController.getSession()
-    // marking consumed true, so that it's not available
-    // as readySession for any other request
-    session.consumed = true
+    // change session state to 'running', so that it's not available for any other request
+    session.state = SessionState.running

    req.sasjsSession = session

--- a/api/src/controllers/internal/Session.ts
+++ b/api/src/controllers/internal/Session.ts
@@ -1,5 +1,5 @@
 import path from 'path'
-import { Session } from '../../types'
+import { Session, SessionState } from '../../types'
 import { promisify } from 'util'
 import { execFile } from 'child_process'
 import {
@@ -23,7 +23,9 @@ export class SessionController {
  protected sessions: Session[] = []

  protected getReadySessions = (): Session[] =>
-    this.sessions.filter((sess: Session) => sess.ready && !sess.consumed)
+    this.sessions.filter(
+      (session: Session) => session.state === SessionState.pending
+    )

  protected async createSession(): Promise<Session> {
    const sessionId = generateUniqueFileName(generateTimestamp())
@@ -39,19 +41,18 @@ export class SessionController {

    const session: Session = {
      id: sessionId,
-      ready: true,
-      inUse: true,
-      consumed: false,
-      completed: false,
+      state: SessionState.pending,
      creationTimeStamp,
      deathTimeStamp,
      path: sessionFolder
    }

    const headersPath = path.join(session.path, 'stpsrv_header.txt')
+
    await createFile(headersPath, 'content-type: text/html; charset=utf-8')

    this.sessions.push(session)
+
    return session
  }

@@ -66,6 +67,10 @@ export class SessionController {

    return session
  }
+
+  public getSessionById(id: string) {
+    return this.sessions.find((session) => session.id === id)
+  }
 }

 export class SASSessionController extends SessionController {
@@ -83,10 +88,7 @@ export class SASSessionController extends SessionController {

    const session: Session = {
      id: sessionId,
-      ready: false,
-      inUse: false,
-      consumed: false,
-      completed: false,
+      state: SessionState.initialising,
      creationTimeStamp,
      deathTimeStamp,
      path: sessionFolder
@@ -144,13 +146,20 @@ ${autoExecContent}`
      process.sasLoc!.endsWith('sas.exe') ? session.path : ''
    ])
      .then(() => {
-        session.completed = true
+        session.state = SessionState.completed
+
        process.logger.info('session completed', session)
      })
      .catch((err) => {
-        session.completed = true
-        session.crashed = err.toString()
-        process.logger.error('session crashed', session.id, session.crashed)
+        session.state = SessionState.failed
+
+        session.failureReason = err.toString()
+
+        process.logger.error(
+          'session crashed',
+          session.id,
+          session.failureReason
+        )
      })

    // we have a triggered session - add to array
@@ -167,15 +176,19 @@ ${autoExecContent}`
    const codeFilePath = path.join(session.path, 'code.sas')

    // TODO: don't wait forever
-    while ((await fileExists(codeFilePath)) && !session.crashed) {}
+    while (
+      (await fileExists(codeFilePath)) &&
+      session.state !== SessionState.failed
+    ) {}

-    if (session.crashed)
+    if (session.state === SessionState.failed) {
      process.logger.error(
        'session crashed! while waiting to be ready',
-        session.crashed
+        session.failureReason
      )
-
-    session.ready = true
+    } else {
+      session.state = SessionState.pending
+    }
  }

  private async deleteSession(session: Session) {
@@ -191,7 +204,7 @@ ${autoExecContent}`
  private scheduleSessionDestroy(session: Session) {
    setTimeout(
      async () => {
-        if (session.inUse) {
+        if (session.state === SessionState.running) {
          // adding 10 more minutes
          const newDeathTimeStamp =
            parseInt(session.deathTimeStamp) + 10 * 60 * 1000
@@ -202,7 +215,7 @@ ${autoExecContent}`
          const { expiresAfterMins } = session

          // delay session destroy if expiresAfterMins present
-          if (expiresAfterMins && !expiresAfterMins.used) {
+          if (expiresAfterMins && session.state !== SessionState.completed) {
            // calculate session death time using expiresAfterMins
            const newDeathTimeStamp =
              parseInt(session.deathTimeStamp) +
@@ -247,9 +260,16 @@ data _null_;
  rc=filename(fname,getoption('SYSIN') );
  if rc = 0 and fexist(fname) then rc=fdelete(fname);
  rc=filename(fname);
-  /* now wait for the real SYSIN */
-  slept=0;
-  do until ( fileexist(getoption('SYSIN')) or slept>(60*15) );
+  /* now wait for the real SYSIN (location of code.sas) */
+  slept=0;fname='';
+  do until (slept>(60*15));
+    rc=filename(fname,getoption('SYSIN'));
+    if rc = 0 and fexist(fname) then do;
+      putlog fname=;
+      rc=filename(fname);
+      rc=sleep(0.01,1); /* wait just a little more */
+      stop;
+    end;
    slept=slept+sleep(0.01,1);
  end;
  stop;
--- a/api/src/controllers/internal/processProgram.ts
+++ b/api/src/controllers/internal/processProgram.ts
@@ -3,7 +3,7 @@ import { WriteStream, createWriteStream } from 'fs'
 import { execFile } from 'child_process'
 import { once } from 'stream'
 import { createFile, moveFile } from '@sasjs/utils'
-import { PreProgramVars, Session } from '../../types'
+import { PreProgramVars, Session, SessionState } from '../../types'
 import { RunTimeType } from '../../utils'
 import {
  ExecutionVars,
@@ -49,7 +49,7 @@ export const processProgram = async (
    await moveFile(codePath + '.bkp', codePath)

    // we now need to poll the session status
-    while (!session.completed) {
+    while (session.state !== SessionState.completed) {
      await delay(50)
    }
  } else {
@@ -114,13 +114,20 @@ export const processProgram = async (

    await execFilePromise(executablePath, [codePath], writeStream)
      .then(() => {
-        session.completed = true
+        session.state = SessionState.completed
+
        process.logger.info('session completed', session)
      })
      .catch((err) => {
-        session.completed = true
-        session.crashed = err.toString()
-        process.logger.error('session crashed', session.id, session.crashed)
+        session.state = SessionState.failed
+
+        session.failureReason = err.toString()
+
+        process.logger.error(
+          'session crashed',
+          session.id,
+          session.failureReason
+        )
      })

    // copy the code file to log and end write stream
--- a/api/src/controllers/session.ts
+++ b/api/src/controllers/session.ts
@@ -1,6 +1,8 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Example, Get } from 'tsoa'
 import { UserResponse } from './user'
+import { getSessionController } from './internal'
+import { SessionState } from '../types'

 interface SessionResponse extends UserResponse {
  needsToUpdatePassword: boolean
@@ -26,6 +28,18 @@ export class SessionController {
  ): Promise<SessionResponse> {
    return session(request)
  }
+
+  /**
+   * The polling endpoint is currently implemented for single-server deployments only.<br>
+   * Load balanced / grid topologies will be supported in a future release.<br>
+   * If your site requires this, please reach out to SASjs Support.
+   * @summary Get session state (initialising, pending, running, completed, failed).
+   * @example completed
+   */
+  @Get('/:sessionId/state')
+  public async sessionState(sessionId: string): Promise<SessionState> {
+    return sessionState(sessionId)
+  }
 }

 const session = (req: express.Request) => ({
@@ -35,3 +49,23 @@ const session = (req: express.Request) => ({
  isAdmin: req.user!.isAdmin,
  needsToUpdatePassword: req.user!.needsToUpdatePassword
 })
+
+const sessionState = (sessionId: string): SessionState => {
+  for (let runTime of process.runTimes) {
+    // get session controller for each available runTime
+    const sessionController = getSessionController(runTime)
+
+    // get session by sessionId
+    const session = sessionController.getSessionById(sessionId)
+
+    // return session state if session was found
+    if (session) {
+      return session.state
+    }
+  }
+
+  throw {
+    code: 404,
+    message: `Session with ID '${sessionId}' was not found.`
+  }
+}
--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -1,13 +1,16 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Post, Body, Get, Query } from 'tsoa'
-import { ExecutionController, ExecutionVars } from './internal'
+import {
+  ExecutionController,
+  ExecutionVars,
+  getSessionController
+} from './internal'
 import {
  getPreProgramVariables,
  makeFilesNamesMap,
  getRunTimeAndFilePath
 } from '../utils'
 import { MulterFile } from '../types/Upload'
-import { debug } from 'console'

 interface ExecutePostRequestPayload {
  /**
@@ -17,6 +20,36 @@ interface ExecutePostRequestPayload {
  _program?: string
 }

+interface TriggerProgramPayload {
+  /**
+   * Location of SAS program.
+   * @example "/Public/somefolder/some.file"
+   */
+  _program: string
+  /**
+   * Amount of minutes after the completion of the program when the session must be
+   * destroyed.
+   * @example 15
+   */
+  expiresAfterMins?: number
+  /**
+   * Query param for setting debug mode.
+   */
+  _debug?: number
+}
+
+interface TriggerProgramResponse {
+  /**
+   * `sessionId` is the ID of the session and the name of the temporary folder
+   * used to store program outputs.<br><br>
+   * For SAS, this would be the location of the SASWORK folder.<br><br>
+   * `sessionId` can be used to poll session state using the
+   * GET /SASjsApi/session/{sessionId}/state endpoint.
+   * @example "20241028074744-54132-1730101664824"
+   */
+  sessionId: string
+}
+
@Security('bearerAuth')
@Route('SASjsApi/stp')
@Tags('STP')
@@ -79,6 +112,26 @@ export class STPController {

    return execute(request, program!, vars, otherArgs)
  }
+
+  /**
+   * Trigger Program on the Specified Runtime.
+   * @summary Triggers program and returns SessionId immediately - does not wait for program completion.
+   * @param _program Location of code in SASjs Drive.
+   * @param expiresAfterMins Optional query param for setting amount of minutes after the completion of the program when the session must be destroyed.
+   * @param _debug Optional query param for setting debug mode.
+   * @example _program "/Projects/myApp/some/program"
+   * @example _debug 131
+   * @example expiresAfterMins 15
+   */
+  @Post('/trigger')
+  public async triggerProgram(
+    @Request() request: express.Request,
+    @Query() _program: string,
+    @Query() _debug?: number,
+    @Query() expiresAfterMins?: number
+  ): Promise<TriggerProgramResponse> {
+    return triggerProgram(request, { _program, _debug, expiresAfterMins })
+  }
 }

 const execute = async (
@@ -117,3 +170,52 @@ const execute = async (
    }
  }
 }
+
+const triggerProgram = async (
+  req: express.Request,
+  { _program, _debug, expiresAfterMins }: TriggerProgramPayload
+): Promise<TriggerProgramResponse> => {
+  try {
+    // put _program query param into vars object
+    const vars: { [key: string]: string | number } = { _program }
+
+    // if present add _debug query param to vars object
+    if (_debug) {
+      vars._debug = _debug
+    }
+
+    // get code path and runTime
+    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
+
+    // get session controller based on runTime
+    const sessionController = getSessionController(runTime)
+
+    // get session
+    const session = await sessionController.getSession()
+
+    // add expiresAfterMins to session if provided
+    if (expiresAfterMins) {
+      // expiresAfterMins.used is set initially to false
+      session.expiresAfterMins = { mins: expiresAfterMins, used: false }
+    }
+
+    // call executeFile method of ExecutionController without awaiting
+    new ExecutionController().executeFile({
+      programPath: codePath,
+      runTime,
+      preProgramVariables: getPreProgramVariables(req),
+      vars,
+      session
+    })
+
+    // return session id
+    return { sessionId: session.id }
+  } catch (err: any) {
+    throw {
+      code: 400,
+      status: 'failure',
+      message: 'Job execution failed.',
+      error: typeof err === 'object' ? err.toString() : err
+    }
+  }
+}
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -106,7 +106,10 @@ const login = async (
  const rateLimiter = RateLimiter.getInstance()

  if (!validPass) {
-    const retrySecs = await rateLimiter.consume(req.ip, user?.username)
+    const retrySecs = await rateLimiter.consume(
+      req.ip || 'unknown',
+      user?.username
+    )
    if (retrySecs > 0) throw errors.tooManyRequests(retrySecs)
  }

@@ -114,7 +117,7 @@ const login = async (
  if (!validPass) throw errors.invalidPassword

  // Reset on successful authorization
-  rateLimiter.resetOnSuccess(req.ip, user.username)
+  rateLimiter.resetOnSuccess(req.ip || 'unknown', user.username)

  req.session.loggedIn = true
  req.session.user = {
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -37,10 +37,10 @@ export const authenticateAccessToken: RequestHandler = async (
        if (user.isActive) {
          req.user = user
          return csrfProtection(req, res, nextFunction)
-        } else return res.sendStatus(401)
+        } else return res.status(401).send('Unauthorized')
      }
    }
-    return res.sendStatus(401)
+    return res.status(401).send('Unauthorized')
  }

  await authenticateToken(
@@ -118,6 +118,6 @@ const authenticateToken = async (
      return next()
    }

-    res.sendStatus(401)
+    res.status(401).send('Unauthorized')
  }
 }
--- a/api/src/middlewares/bruteForceProtection.ts
+++ b/api/src/middlewares/bruteForceProtection.ts
@@ -3,7 +3,7 @@ import { convertSecondsToHms } from '@sasjs/utils'
 import { RateLimiter } from '../utils'

 export const bruteForceProtection: RequestHandler = async (req, res, next) => {
-  const ip = req.ip
+  const ip = req.ip || 'unknown'
  const username = req.body.username

  const rateLimiter = RateLimiter.getInstance()
--- a/api/src/model/Group.ts
+++ b/api/src/model/Group.ts
@@ -76,7 +76,7 @@ groupSchema.post('save', function (group: IGroup, next: Function) {
 })

 // pre remove hook to remove all references of group from users
-groupSchema.pre('remove', async function () {
+groupSchema.pre('remove', async function (this: IGroupDocument) {
  const userIds = this.users
  await Promise.all(
    userIds.map(async (userId) => {
--- a/api/src/routes/api/session.ts
+++ b/api/src/routes/api/session.ts
@@ -1,16 +1,37 @@
 import express from 'express'
 import { SessionController } from '../../controllers'
+import { sessionIdValidation } from '../../utils'

 const sessionRouter = express.Router()

+const controller = new SessionController()
+
 sessionRouter.get('/', async (req, res) => {
-  const controller = new SessionController()
  try {
    const response = await controller.session(req)
+
    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })

+sessionRouter.get('/:sessionId/state', async (req, res) => {
+  const { error, value: params } = sessionIdValidation(req.params)
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.sessionState(params.sessionId)
+
+    res.status(200)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err)
+  }
+})
+
 export default sessionRouter
--- a/api/src/routes/api/spec/stp.spec.ts
+++ b/api/src/routes/api/spec/stp.spec.ts
@@ -25,7 +25,7 @@ import {
  SASSessionController
 } from '../../../controllers/internal'
 import * as ProcessProgramModule from '../../../controllers/internal/processProgram'
-import { Session } from '../../../types'
+import { Session, SessionState } from '../../../types'

 const clientId = 'someclientID'

@@ -493,10 +493,7 @@ const mockedGetSession = async () => {

  const session: Session = {
    id: sessionId,
-    ready: true,
-    inUse: true,
-    consumed: false,
-    completed: false,
+    state: SessionState.pending,
    creationTimeStamp,
    deathTimeStamp,
    path: sessionFolder
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -277,7 +277,10 @@ const performLogin = async (
    .set('x-xsrf-token', csrfToken)
    .send(credentials)

-  return { authCookies: header['set-cookie'].join() }
+  return {
+    authCookies:
+      (header['set-cookie'] as unknown as string[] | undefined)?.join() || ''
+  }
 }

 const extractCSRF = (text: string) =>
--- a/api/src/routes/api/stp.ts
+++ b/api/src/routes/api/stp.ts
@@ -1,5 +1,8 @@
 import express from 'express'
-import { executeProgramRawValidation } from '../../utils'
+import {
+  executeProgramRawValidation,
+  triggerProgramValidation
+} from '../../utils'
 import { STPController } from '../../controllers/'
 import { FileUploadController } from '../../controllers/internal'

@@ -69,4 +72,28 @@ stpRouter.post(
  }
 )

+stpRouter.post('/trigger', async (req, res) => {
+  const { error, value: query } = triggerProgramValidation(req.query)
+
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.triggerProgram(
+      req,
+      query._program,
+      query._debug,
+      query.expiresAfterMins
+    )
+
+    res.status(200)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err)
+  }
+})
+
 export default stpRouter
--- a/api/src/types/Session.ts
+++ b/api/src/types/Session.ts
@@ -1,12 +1,16 @@
+export enum SessionState {
+  initialising = 'initialising', // session is initialising and not ready to be used yet
+  pending = 'pending', // session is ready to be used
+  running = 'running', // session is in use
+  completed = 'completed', // session is completed and can be destroyed
+  failed = 'failed' // session failed
+}
 export interface Session {
  id: string
-  ready: boolean
+  state: SessionState
  creationTimeStamp: string
  deathTimeStamp: string
  path: string
-  inUse: boolean
-  consumed: boolean
-  completed: boolean
-  crashed?: string
  expiresAfterMins?: { mins: number; used: boolean }
+  failureReason?: string
 }
--- a/api/src/utils/getTokensFromDB.ts
+++ b/api/src/utils/getTokensFromDB.ts
@@ -1,5 +1,6 @@
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
+import { InfoJWT } from '../types/InfoJWT'

 const isValidToken = async (
  token: string,
@@ -11,7 +12,8 @@ const isValidToken = async (
    jwt.verify(token, key, (err, decoded) => {
      if (err) return reject(false)

-      if (decoded?.userId === userId && decoded?.clientId === clientId) {
+      const payload = decoded as InfoJWT
+      if (payload?.userId === userId && payload?.clientId === clientId) {
        return resolve(true)
      }

--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -192,3 +192,17 @@ export const executeProgramRawValidation = (data: any): Joi.ValidationResult =>
  })
    .pattern(/^/, Joi.alternatives(Joi.string(), Joi.number()))
    .validate(data)
+
+export const triggerProgramValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    _program: Joi.string().required(),
+    _debug: Joi.number(),
+    expiresAfterMins: Joi.number().greater(0)
+  })
+    .pattern(/^/, Joi.alternatives(Joi.string(), Joi.number()))
+    .validate(data)
+
+export const sessionIdValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    sessionId: Joi.string().required()
+  }).validate(data)
--- a/package-lock.json
+++ b/package-lock.json
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -19,9 +19,8 @@
    "@types/jest": "^26.0.24",
    "@types/node": "^12.20.28",
    "@types/react": "^17.0.27",
-    "axios": "^0.24.0",
+    "axios": "^1.12.2",
    "monaco-editor": "^0.33.0",
-    "monaco-editor-webpack-plugin": "^7.0.1",
    "react": "^17.0.2",
    "react-copy-to-clipboard": "^5.1.0",
    "react-dom": "^17.0.2",
@@ -54,6 +53,7 @@
    "eslint-webpack-plugin": "^3.1.1",
    "file-loader": "^6.2.0",
    "html-webpack-plugin": "5.5.0",
+    "monaco-editor-webpack-plugin": "^7.0.1",
    "path": "0.12.7",
    "prettier": "^2.4.1",
    "sass": "^1.44.0",
--- a/web/src/index.css
+++ b/web/src/index.css
@@ -1,15 +1,15 @@
 body {
  margin: 0;
-  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen',
-    'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue',
-    sans-serif;
+  font-family:
+    -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen', 'Ubuntu',
+    'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif;
  -webkit-font-smoothing: antialiased;
  -moz-osx-font-smoothing: grayscale;
 }

 code {
-  font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
-    monospace;
+  font-family:
+    source-code-pro, Menlo, Monaco, Consolas, 'Courier New', monospace;
 }

 .container {
Author	SHA1	Message	Date
semantic-release-bot	8b5abcd661	chore(release): 0.39.3 [skip ci] ## [0.39.3](https://github.com/sasjs/server/compare/v0.39.2...v0.39.3) (2025-11-25) ### Bug Fixes * (deps) bump @sasjs/core to 4.59.7 ([`ab96653`](`ab96653564`)) * (deps) rerun npm i to sync ([`225f381`](`225f381bdf`))	2025-11-25 12:39:15 +00:00
Allan Bowe	48e8cb7b2d	Merge pull request #385 from sasjs/bumpCore_20251125 fix: (deps) rerun npm i to sync	2025-11-25 12:36:18 +00:00
Trevor Moody	225f381bdf	fix: (deps) rerun npm i to sync	2025-11-25 12:27:14 +00:00
Allan Bowe	3f49186e3b	Merge pull request #384 from sasjs/bumpCore_20251125 fix: (deps) bump @sasjs/core to 4.59.7	2025-11-25 12:24:27 +00:00
Trevor Moody	ab96653564	fix: (deps) bump @sasjs/core to 4.59.7	2025-11-25 12:18:50 +00:00
semantic-release-bot	471c28eaa2	chore(release): 0.39.2 [skip ci] ## [0.39.2](https://github.com/sasjs/server/compare/v0.39.1...v0.39.2) (2025-09-25) ### Bug Fixes * addressing test fail ([`e51b204`](`e51b20421a`)) * packages missmatch ([`379ea60`](`379ea604bc`)) * type libs ([`6d123c3`](`6d123c3e23`)) * typescript errors ([`631e956`](`631e95604b`)) * typescript errors ([`198cd79`](`198cd79354`))	2025-09-25 16:57:01 +00:00
Allan Bowe	584ffe9e0e	Merge pull request #383 from sasjs/npm_update_20250919 Npm update 20250919	2025-09-25 17:53:46 +01:00
M	e51b20421a	fix: addressing test fail	2025-09-25 13:49:32 +02:00
M	631e95604b	fix: typescript errors	2025-09-25 13:40:10 +02:00
M	198cd79354	fix: typescript errors	2025-09-25 13:34:55 +02:00
M	379ea604bc	fix: packages missmatch	2025-09-25 13:12:23 +02:00
M	9ffa403bcb	chore: package-lock	2025-09-25 13:06:06 +02:00
M	6d123c3e23	fix: type libs	2025-09-25 13:03:47 +02:00
M	dda1aadc67	chore(git): Merge branch 'main' into npm_update_20250919	2025-09-25 12:48:10 +02:00
M	d47cf15cdb	ci: ubuntu 22	2025-09-25 12:46:19 +02:00
Trevor Moody	d0c7968d66	build: updated package dependencies for /web	2025-09-19 18:24:58 +01:00
Trevor Moody	a5c99971cc	build: server/api dependency update	2025-09-19 14:06:50 +01:00
semantic-release-bot	c422e7f02e	chore(release): 0.39.1 [skip ci] ## [0.39.1](https://github.com/sasjs/server/compare/v0.39.0...v0.39.1) (2025-03-13) ### Bug Fixes * extra bit of sleep for file recognition ([`f4768bf`](`f4768bffd3`)), closes [#381](https://github.com/sasjs/server/issues/381)	2025-03-13 10:59:10 +00:00
Allan Bowe	02a993611c	Merge pull request #382 from sasjs/381-add-slight-delay-to-enable-file-detection fix: extra bit of sleep for file recognition	2025-03-13 10:56:13 +00:00
Sabir Hassan	aca2fff4ac	chore(workflow): run the build workflow on ubuntu 20.04	2025-03-13 15:50:23 +05:00
Sabir Hassan	af1a386b13	chore(workflow): install openssl 1.1 in actions	2025-03-13 15:43:20 +05:00
Allan Bowe	f5018ce1df	chore: prettier fix	2025-03-12 17:33:02 +00:00
Allan Bowe	3529232f1f	chore: whitespace removal	2025-03-12 17:29:02 +00:00
Allan Bowe	f4768bffd3	fix: extra bit of sleep for file recognition closes #381	2025-03-12 17:27:57 +00:00
semantic-release-bot	c261745f1d	chore(release): 0.39.0 [skip ci] # [0.39.0](https://github.com/sasjs/server/compare/v0.38.0...v0.39.0) (2024-10-31) ### Bug Fixes * api: fixed condition in processProgram ([`48a9a4d`](`48a9a4dd0e`)) ### Features * api: added session state endpoint ([`6b6546c`](`6b6546c7ad`))	2024-10-31 12:54:02 +00:00
Yury Shkoda	d6e527ecf2	Merge pull request #379 from sasjs/issue-378 Issue 378	2024-10-31 15:51:13 +03:00
Yury	bc2cff1d0d	chore(api): updated trigger endpoints description	2024-10-31 15:30:32 +03:00
Yury	66aa9b5891	chore(api): updated trigger endpoints description	2024-10-31 15:20:35 +03:00
Yury	ca17e7c192	chore(api): updated endpoint description	2024-10-31 14:08:56 +03:00
Yury	73df102422	chore(api): updated endpoint description	2024-10-31 12:27:56 +03:00
Yury	48a9a4dd0e	fix(api): fixed condition in processProgram	2024-10-31 11:17:20 +03:00
Yury	4f6f735f5b	chore(lint): fixed code style issue	2024-10-31 10:08:34 +03:00
Yury	6b6546c7ad	feat(api): added session state endpoint	2024-10-30 17:42:50 +03:00
Yury	f94ddc0352	refactor(session): implemented session state	2024-10-30 15:33:06 +03:00
Yury	03670cf0d6	chore(swagger): fixed code/stp trigger examples	2024-10-30 15:25:03 +03:00
semantic-release-bot	ea2ec97c1c	chore(release): 0.38.0 [skip ci] # [0.38.0](https://github.com/sasjs/server/compare/v0.37.0...v0.38.0) (2024-10-30) ### Features * api: enabled query params in stp/trigger endpoint ([`5cda9cd`](`5cda9cd5d8`))	2024-10-30 09:25:17 +00:00
Yury Shkoda	832f1156e8	Merge pull request #377 from sasjs/issue-373-stp-fix feat(api): enabled query params in stp/trigger endpoint	2024-10-30 12:22:10 +03:00
Yury	5cda9cd5d8	feat(api): enabled query params in stp/trigger endpoint	2024-10-30 09:39:47 +03:00
semantic-release-bot	5d576aff91	chore(release): 0.37.0 [skip ci] # [0.37.0](https://github.com/sasjs/server/compare/v0.36.0...v0.37.0) (2024-10-29) ### Features * stp: added trigger endpoint ([`b0723f1`](`b0723f1444`))	2024-10-29 14:11:35 +00:00
Yury Shkoda	a044176054	Merge pull request #375 from sasjs/issue-373-stp Issue 373 stp	2024-10-29 17:08:38 +03:00
Yury	deee34f5fd	chore(stp): removed query logic from trigger endpoint	2024-10-29 16:55:40 +03:00
Yury	b0723f1444	feat(stp): added trigger endpoint	2024-10-29 16:27:53 +03:00
Yury	e9519cb3c6	chore(code): used correct type	2024-10-29 16:20:27 +03:00