add setTagValue api and fix vulnerabilities

frangoteam · May 27, 2023 · b44dd3f · b44dd3f
1 parent b69c455
commit b44dd3f
Show file tree

Hide file tree

Showing 13 changed files with 79 additions and 18 deletions.
diff --git a/client/dist/assets/i18n/en.json b/client/dist/assets/i18n/en.json
@@ -696,6 +696,7 @@
     "device.list-remove": "Remove Tag",
     "device.list-remove-all": "Remove all Tags",
     "device.list-options": "Tag options",
+    "device.list-clipboard": "Copy Tag object to clipboard",
 
     "devices.export": "Export devices",
     "devices.export-json": "JSON",

diff --git a/client/dist/index.html b/client/dist/index.html
@@ -45,6 +45,6 @@
             </div>
         </div>
     </app-root>
-<script src="runtime.8ef63094e52a66ba.js" type="module"></script><script src="polyfills.2696a6f9dc75535e.js" type="module"></script><script src="scripts.1c3385254ff4c93c.js" defer></script><script src="main.69177826a9831e38.js" type="module"></script>
+<script src="runtime.8ef63094e52a66ba.js" type="module"></script><script src="polyfills.2696a6f9dc75535e.js" type="module"></script><script src="scripts.1c3385254ff4c93c.js" defer></script><script src="main.c043df2a97d92641.js" type="module"></script>
 
 </body></html>
diff --git a/client/dist/main.69177826a9831e38.js b/client/dist/main.69177826a9831e38.js
diff --git a/client/dist/main.c043df2a97d92641.js b/client/dist/main.c043df2a97d92641.js
diff --git a/client/package.json b/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fuxa",
-  "version": "1.1.14-1208",
+  "version": "1.1.14-1211",
   "keywords": [],
   "author": "frangoteam <4frango@gmail.com>",
   "description": "Web-based Process Visualization (SCADA/HMI/Dashboard) software",

diff --git a/client/src/app/_helpers/utils.ts b/client/src/app/_helpers/utils.ts
@@ -320,6 +320,22 @@ export class Utils {
             }
         });
         return result;
+    };
+
+    static copyToClipboard(text) {
+        // Create a temporary textarea element
+        const textarea = document.createElement('textarea');
+        textarea.value = text;
+        // Make the textarea hidden
+        textarea.style.position = 'fixed';
+        textarea.style.opacity = '0';
+        // Append the textarea to the document
+        document.body.appendChild(textarea);
+        // Select and copy the text from the textarea
+        textarea.select();
+        document.execCommand('copy');
+        // Remove the textarea from the document
+        document.body.removeChild(textarea);
     }
 }
 

diff --git a/client/src/app/device/device-list/device-list.component.css b/client/src/app/device/device-list/device-list.component.css
@@ -86,7 +86,7 @@
 }
 
 .mat-column-info {
-    flex: 0 0 30px;
+    flex: 0 0 40px;
 }
 
 .mat-column-warning {
@@ -134,4 +134,8 @@
     margin-bottom: 6px;
     padding: 3px 1px 3px 2px;
     border-radius: 2px;
+}
+
+.context-menu {
+    font-size: 13px;
 }
diff --git a/client/src/app/device/device-list/device-list.component.html b/client/src/app/device/device-list/device-list.component.html
@@ -104,21 +104,27 @@
             </mat-cell>
         </ng-container>
 
-        <!-- Info Column -->
-        <ng-container matColumnDef="info">
-            <mat-header-cell *matHeaderCellDef mat-sort-header> </mat-header-cell>
-            <mat-cell *matCellDef="let element" [jsonTooltip]="element">
-                <mat-icon>data_object</mat-icon>
-            </mat-cell>
-        </ng-container>
-
         <!-- Button edit options row -->
         <ng-container matColumnDef="options">
             <mat-header-cell *matHeaderCellDef></mat-header-cell>
             <mat-cell *matCellDef="let element">
-                <button *ngIf="!readonly && deviceSelected.type !== deviceType.internal" mat-icon-button (click)="$event.stopPropagation();onEditOptions(element)" class="options" matTooltip="{{'device.list-options' | translate}}">
+                <button mat-icon-button 
+                        [matMenuTriggerFor]="options">
                     <mat-icon>more_vert</mat-icon>
                 </button>
+                <mat-menu #options="matMenu" xPosition="before">
+                    <button *ngIf="!readonly && deviceSelected.type !== deviceType.internal" 
+                            mat-menu-item
+                            class="context-menu"
+                            (click)="onEditOptions(element)">
+                        {{'device.list-options' | translate}}
+                    </button>
+                    <button mat-menu-item 
+                            class="context-menu"
+                            (click)="onCopyTagToClipboard(element)">
+                        {{'device.list-clipboard' | translate}}
+                    </button>
+                </mat-menu>
             </mat-cell>
         </ng-container>
 

diff --git a/client/src/app/device/device-list/device-list.component.ts b/client/src/app/device/device-list/device-list.component.ts
@@ -29,7 +29,7 @@ import { Utils } from '../../_helpers/utils';
 
 export class DeviceListComponent implements OnInit, AfterViewInit {
 
-    readonly defAllColumns = ['select', 'name', 'address', 'device', 'type', 'value', 'timestamp', 'warning', 'logger', 'info', 'options', 'remove'];
+    readonly defAllColumns = ['select', 'name', 'address', 'device', 'type', 'value', 'timestamp', 'warning', 'logger', 'options', 'remove'];
     readonly defInternalColumns = ['select', 'name', 'device', 'type', 'value', 'timestamp', 'options', 'remove'];
     readonly defAllRowWidth = 1400;
     readonly defClientRowWidth = 1400;
@@ -407,6 +407,10 @@ export class DeviceListComponent implements OnInit, AfterViewInit {
         }
     }
 
+    onCopyTagToClipboard(tag: Tag) {
+        Utils.copyToClipboard(JSON.stringify(tag));
+    }
+
     private addTopicSubscription(oldTopic: Tag, topics: Tag[]) {
         if (topics) {
             let existNames = Object.values(this.deviceSelected.tags).filter((t: Tag) => { if (!oldTopic || t.id !== oldTopic.id) {return t.name;} }).map((t: Tag) => t.name);

diff --git a/client/src/assets/i18n/en.json b/client/src/assets/i18n/en.json
@@ -696,6 +696,7 @@
     "device.list-remove": "Remove Tag",
     "device.list-remove-all": "Remove all Tags",
     "device.list-options": "Tag options",
+    "device.list-clipboard": "Copy Tag object to clipboard",
 
     "devices.export": "Export devices",
     "devices.export-json": "JSON",

diff --git a/server/api/command/index.js b/server/api/command/index.js
@@ -66,9 +66,10 @@ module.exports = {
             } else {
                 if (req.query.cmd === CommanTypeEnum.reportDownload) {
                     try {
-                        var reportPath = path.join(runtime.settings.reportsDir, req.query.name);
+                        const fileName = req.query.name.replace(new RegExp('../', 'g'), '');
+                        var reportPath = path.join(runtime.settings.reportsDir, fileName);
                         if (!fs.existsSync(reportPath)) {
-                            reportPath = path.join(process.cwd(), runtime.settings.reportsDir, req.query.name);
+                            reportPath = path.join(process.cwd(), runtime.settings.reportsDir, fileName);
                         }
                         if (fs.existsSync(reportPath)) {
                             res.sendFile(reportPath, (err) => {
@@ -90,6 +91,33 @@ module.exports = {
             }
         });
 
+        /**
+         * POST set tag value report
+         */
+         commandApp.post("/api/setTagValue", secureFnc, function (req, res, next) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api post setTagValue: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1 ) {
+                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                runtime.logger.error("api post command: Unauthorized");
+            } else {
+                try {
+                    if (req.body.id && req.body.value) {
+                        if (runtime.devices.setTagValue(req.body.id, req.body.value)) {
+                            res.end();
+                        } else {
+                            res.status(400).json({ error: "not_found", message: 'tag id not found!'});
+                            runtime.logger.error("api post setTagValue: " + 'id not found!');
+                        }
+                    }
+                } catch (error) {
+                    res.status(400).json({ error: "error", message: error});
+                    runtime.logger.error("api post setTagValue: " + error);
+                }
+            }
+        });
+
         return commandApp;
     }
 }

diff --git a/server/api/diagnose/index.js b/server/api/diagnose/index.js
@@ -67,7 +67,8 @@ module.exports = {
                 runtime.logger.error("api get logs: Unauthorized!");
             } else {
                 try {
-                    var logFileName = req.query.file || 'fuxa.log';
+                    const fileName = req.query.file.replace(new RegExp('../', 'g'), '');
+                    var logFileName = fileName || 'fuxa.log';
                     var logPath = runtime.logger.logDir();
                     if (!fs.existsSync(logPath)) {
                         logPath = path.join(process.cwd(), runtime.logger.logDir());

diff --git a/server/package.json b/server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fuxa-server",
-  "version": "1.1.14-1208",
+  "version": "1.1.14-1211",
   "description": "Web-based Process Visualization (SCADA/HMI/Dashboard) software",
   "main": "main.js",
   "scripts": {