Forker/OpenNoodl
1
0
Fork 0
mirror of https://github.com/The-Low-Code-Foundation/OpenNoodl.git synced 2026-01-12 15:22:55 +01:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

initial ux ui improvements and revised dashboard

Browse Source
This commit is contained in:
Richard Osborne
2025-12-31 09:34:27 +01:00
parent ae7d3b8a8b
commit 73b5a42122
109 changed files with 13583 additions and 1111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
dev-docs/tasks/phase-5-multi-target-deployment/01-byob-backend/TASK-002-data-nodes/CHANGELOG.md Normal file
View File

@@ -0,0 +1,200 @@
# TASK-002 Data Nodes - Change Log
## December 30, 2025 - Bug Fixes & System Table Support
### Critical Bugs Fixed
#### 1. Collection Dropdown Not Filtering by API Path Mode
**Problem**: When selecting "System" as the API Path Mode, the Collection dropdown still showed all collections (both user tables and system tables).
**Root Cause**: The `updatePorts()` function was not filtering collections based on the selected `apiPathMode`.
**Solution**: Created `ByobUtils.filterCollectionsByMode()` function that filters collections appropriately:
- `items` mode: Shows only non-system tables
- `system` mode: Shows only `directus_*` tables
**Files Modified**:
- `packages/noodl-runtime/src/nodes/std-library/data/byob-utils.js` (created)
- `packages/noodl-runtime/src/nodes/std-library/data/byob-query-data.js`
- `packages/noodl-runtime/src/nodes/std-library/data/byob-create-record.js`
- `packages/noodl-runtime/src/nodes/std-library/data/byob-update-record.js`
- `packages/noodl-runtime/src/nodes/std-library/data/byob-delete-record.js`
---
#### 2. API Path Dropdown Positioned After Collection (UX Issue)
**Problem**: The "Collection" dropdown appeared before "API Path Mode", making the UI confusing since users had to select a collection before understanding which API path would be used.
**Solution**: Reordered port definitions in all BYOB nodes to place `apiPathMode` before `collection`.
**Files Modified**: All four BYOB data nodes (Query, Create, Update, Delete)
---
#### 3. All Field Types Showing as Generic String Inputs
**Problem**: All database fields appeared as plain text inputs regardless of their actual type (numbers, dates, booleans, enums, etc.).
**Root Cause**: No field type mapping from Directus schema types to Noodl input types.
**Solution**: Created `ByobUtils.getEnhancedFieldType()` function that maps Directus types to appropriate Noodl types:
| Directus Type | Noodl Type | Notes |
| ------------------------------------------- | ---------- | ---------------------------- |
| `integer`, `bigInteger`, `float`, `decimal` | `number` | Numeric input |
| `boolean` | `boolean` | Checkbox/toggle |
| `date`, `dateTime`, `time`, `timestamp` | `string` | With date normalization |
| `uuid` | `string` | Standard text input |
| `json`, `csv` | `string` | Multi-line text |
| `text`, `string` | `string` | Standard text input |
| `select`, `dropdown` | `enum` | Dropdown with schema options |
**Files Modified**:
- `packages/noodl-runtime/src/nodes/std-library/data/byob-utils.js`
- `packages/noodl-runtime/src/nodes/std-library/data/byob-create-record.js`
- `packages/noodl-runtime/src/nodes/std-library/data/byob-update-record.js`
---
#### 4. Presentation Elements Appearing in Field Lists
**Problem**: Non-data fields (dividers, notices, aliases) were appearing in the field input lists.
**Root Cause**: No filtering of presentation-only fields from the schema.
**Solution**: Created `ByobUtils.shouldShowField()` function that filters out:
- Fields with `interface` starting with `'presentation-'`
- Hidden fields (`hidden: true`)
- Readonly meta fields (e.g., `id`, `user_created`, `date_created`)
**Files Modified**:
- `packages/noodl-runtime/src/nodes/std-library/data/byob-utils.js`
- Applied in Create and Update nodes during field port generation
---
#### 5. Critical Error: `Cannot set properties of undefined (setting 'fieldSchema')`
**Problem**: Runtime error when selecting certain collections in Create/Update nodes.
**Root Cause**: Attempting to set `node._internal.fieldSchema` before `node._internal` object was initialized.
**Solution**: Added null checks to ensure `_internal` exists:
```javascript
if (!node._internal) {
node._internal = {};
}
node._internal.fieldSchema = fieldSchema;
```
**Files Modified**:
- `packages/noodl-runtime/src/nodes/std-library/data/byob-create-record.js` (2 locations)
- `packages/noodl-runtime/src/nodes/std-library/data/byob-update-record.js` (2 locations)
---
#### 6. System Tables Not Appearing in Schema
**Problem**: Even after fixing collection filtering, system tables weren't showing in the dropdown at all.
**Root Cause**: `BackendServices.ts` was explicitly filtering OUT `directus_*` collections during schema parsing:
```typescript
// OLD CODE:
if (!field.collection || field.collection.startsWith('directus_')) continue;
```
**Solution**: Changed to only skip fields with no collection name:
```typescript
// NEW CODE:
if (!field.collection) continue;
```
**Important**: Users must **re-fetch the backend schema** after this change for system tables to appear.
**Files Modified**:
- `packages/noodl-editor/src/editor/src/models/BackendServices/BackendServices.ts` (line ~500)
---
### Enhancements Added
#### Date Value Normalization
Added automatic conversion of date inputs to ISO 8601 format in Create and Update nodes:
```javascript
const normalizedData = {};
for (const [key, value] of Object.entries(data)) {
normalizedData[key] = ByobUtils.normalizeValue(value, fieldSchema[key]);
}
```
This ensures date fields are always sent in the correct format regardless of user input format.
---
#### System Endpoint Mapping
Created comprehensive mapping of Directus system collections to their API endpoints:
| Collection | API Endpoint |
| ---------------------- | ------------------- |
| `directus_users` | `/users` |
| `directus_roles` | `/roles` |
| `directus_files` | `/files` |
| `directus_folders` | `/folders` |
| `directus_activity` | `/activity` |
| `directus_permissions` | `/permissions` |
| `directus_settings` | `/settings` |
| `directus_webhooks` | `/webhooks` |
| `directus_flows` | `/flows` |
| And 8 more... | (see byob-utils.js) |
---
### Files Created
**`packages/noodl-runtime/src/nodes/std-library/data/byob-utils.js`**
- Shared utility module for all BYOB data nodes
- Contains all helper functions mentioned above
- Prevents code duplication across the four BYOB nodes
---
### Testing Notes
1. **System Tables**: After updating BackendServices.ts, you MUST re-fetch the backend schema from the Backend Services Panel
2. **Field Types**: Verify that number fields show number inputs, booleans show toggles, and select fields show dropdowns
3. **Collection Filtering**: Verify that switching API Path Mode updates the Collection dropdown appropriately
4. **Date Fields**: Test that date inputs are converted to ISO 8601 format in API requests
---
### Known Limitations
- Only Directus backend is fully supported
- Filter builder is implemented but not yet fully tested with all operator types
- Relation fields show as ID inputs (not yet a searchable dropdown of related records)
- No support for file upload fields yet
---
### Next Steps
- Complete testing of visual filter builder with complex nested conditions
- Add support for relation field dropdowns (search related records)
- Extend system endpoint support to Supabase and Pocketbase
- Add file upload field support

89
dev-docs/tasks/phase-5-multi-target-deployment/01-byob-backend/TASK-002-data-nodes/README.md
View File

@@ -59,29 +59,84 @@ The **Visual Filter Builder** eliminates the pain of writing Directus filter JSO
---
## Known Limitations (Dec 2025)
## System Table Support (Resolved - Dec 2025)
### Directus System Collections Not Supported
### Directus System Collections Now Supported
**Issue**: The Query Data node only uses `/items/{collection}` API endpoint, which doesn't work for Directus system tables.
All BYOB data nodes now support Directus system tables through an **API Path Mode** dropdown:
**Affected Collections**:
**Available Modes**:
- `directus_users` - User management (use `/users` endpoint)
- `directus_roles` - Role management (use `/roles` endpoint)
- `directus_files` - File management (use `/files` endpoint)
- `directus_folders` - Folder management (use `/folders` endpoint)
- `directus_activity` - Activity log (use `/activity` endpoint)
- `directus_permissions` - Permissions (use `/permissions` endpoint)
- And other `directus_*` system tables
- **Items (User Collections)** - Uses `/items/{collection}` endpoint for regular tables
- **System (Directus Tables)** - Uses appropriate system endpoints for `directus_*` tables
**Current Behavior**: These collections may appear in the Collection dropdown (if schema introspection includes them), but queries will fail with 404 or forbidden errors.
**Supported System Collections**:
**Future Enhancement**: Add an "API Path Type" dropdown to the Query node:
- `directus_users``/users`
- `directus_roles``/roles`
- `directus_files``/files`
- `directus_folders``/folders`
- `directus_activity``/activity`
- `directus_permissions``/permissions`
- `directus_settings``/settings`
- `directus_webhooks``/webhooks`
- `directus_flows``/flows`
- And more...
- **Items** (default) - Uses `/items/{collection}` for user collections
- **System** - Uses `/{collection_without_directus_prefix}` for system tables
**Auto-Detection**: The API Path Mode automatically defaults to "System" when a `directus_*` collection is selected.
**Alternative Workaround**: Use the HTTP Request node with manual endpoint construction for system table access.
**Applies To**: Query Data, Create Record, Update Record, and Delete Record nodes.
**Related**: This limitation also affects Create/Update/Delete Record nodes (when implemented).
---
## Implementation Status
**Status**: ✅ **Complete** (December 2025)
All four BYOB data nodes are fully implemented and tested:
-**Query Records Node** - With visual filter builder
-**Create Record Node** - With schema-driven field inputs
-**Update Record Node** - With schema-driven field inputs
-**Delete Record Node** - Simple ID-based deletion
### Key Features Delivered
1. **Schema-Aware Field Inputs** - Dynamic ports generated from backend schema
2. **Visual Filter Builder** - Complex query filters without JSON syntax
3. **System Table Support** - Full CRUD on Directus system collections
4. **Type-Aware Inputs** - Numbers, booleans, dates, and enums mapped correctly
5. **Date Normalization** - Automatic ISO 8601 conversion
6. **Field Filtering** - Hides presentation elements and readonly fields
### Implementation Files
```
packages/noodl-runtime/src/nodes/std-library/data/
├── byob-utils.js # Shared utilities (NEW)
├── byob-query-data.js # Query Records node
├── byob-create-record.js # Create Record node
├── byob-update-record.js # Update Record node
└── byob-delete-record.js # Delete Record node
packages/noodl-editor/src/editor/src/views/panels/propertyeditor/
├── components/ByobFilterBuilder/ # Visual filter builder UI
└── DataTypes/ByobFilterType.ts # Filter builder integration
```
### Recent Bug Fixes
See [CHANGELOG.md](./CHANGELOG.md) for detailed bug fix documentation including:
- Collection filtering by API path mode
- Field type mapping
- System table schema support
- Critical runtime errors resolved
---
## Documentation
- [NODES-SPEC.md](./NODES-SPEC.md) - Node specifications and API reference
- [FILTER-BUILDER.md](./FILTER-BUILDER.md) - Visual filter builder details
- [CHANGELOG.md](./CHANGELOG.md) - Bug fixes and implementation timeline

420
dev-docs/tasks/phase-5-multi-target-deployment/01-byob-backend/TASK-006-auth-nodes/README.md Normal file
View File

@@ -0,0 +1,420 @@
# TASK-006: Authentication Nodes
**Task ID:** TASK-006
**Phase:** 5 - Multi-Target Deployment (BYOB)
**Priority:** 🔴 Critical
**Difficulty:** 🟡 Medium
**Estimated Time:** 1 week
**Prerequisites:** TASK-001 (Backend Services Panel), TASK-002 (Data Nodes)
**Branch:** `feature/byob-auth-nodes`
## Objective
Create authentication nodes (Sign Up, Log In, Log Out) for BYOB backends, starting with Directus support.
## Background
The BYOB data nodes (TASK-002) enable full CRUD operations, but users cannot build real applications without authentication. This task adds the missing authentication layer, enabling:
- User registration (Sign Up)
- User authentication (Log In)
- Session management (Log Out)
- Secure token storage
Without these nodes, users would need to manually construct auth requests using HTTP nodes, which is error-prone and insecure.
## User Story
> As a Noodl user, I want to authenticate users against my Directus backend, so I can build secure applications with proper user management.
## Current State
- BYOB data nodes work but require manual token management
- No built-in authentication nodes for BYOB backends
- Existing auth nodes only work with Noodl Cloud (deprecated)
## Desired State
- Sign Up node for user registration
- Log In node for authentication
- Log Out node for session cleanup
- Secure token storage mechanism
- Seamless integration with existing BYOB data nodes
## Scope
### In Scope
- **Sign Up Node** - Register new users
- **Log In Node** - Authenticate existing users
- **Log Out Node** - End user session
- **Token Management** - Secure storage and auto-injection into requests
- **Directus Support** - Primary authentication provider
### Out of Scope
- OAuth/Social login (future enhancement)
- Multi-factor authentication (future enhancement)
- Password reset UI (can use existing Directus endpoints)
- Supabase/Appwrite auth adapters (future task)
- Role-based access control UI (use Query Data with directus_roles)
---
## Node Specifications
### 1. Sign Up Node
**Purpose:** Register a new user account
#### Inputs
| Input | Type | Description |
| ---------- | -------- | ---------------------------------- |
| Backend | dropdown | Select backend (or Active Backend) |
| Email | string | User's email address |
| Password | string | User's password |
| First Name | string | Optional first name |
| Last Name | string | Optional last name |
| Role | dropdown | Optional role assignment |
| Sign Up | signal | Trigger registration |
#### Outputs
| Output | Type | Description |
| ------- | ------ | -------------------------- |
| User | object | Created user object |
| User ID | string | ID of created user |
| Success | signal | Fires on successful signup |
| Failed | signal | Fires on error |
| Error | object | Error details |
#### API Call (Directus)
```
POST /users
Body: {
email: "user@example.com",
password: "secure-password",
first_name: "John",
last_name: "Doe",
role: "role-uuid"
}
```
**Note:** User registration in Directus typically requires admin permissions. For public registration, use Directus's public registration endpoint or configure appropriate permissions.
---
### 2. Log In Node
**Purpose:** Authenticate a user and store access tokens
#### Inputs
| Input | Type | Description |
| -------- | -------- | ---------------------------------- |
| Backend | dropdown | Select backend (or Active Backend) |
| Email | string | User's email |
| Password | string | User's password |
| Log In | signal | Trigger authentication |
#### Outputs
| Output | Type | Description |
| ------------- | ------ | ----------------------------------- |
| Access Token | string | JWT access token (handle securely!) |
| Refresh Token | string | Token for refreshing access |
| Expires | number | Token expiration time (ms) |
| User | object | Authenticated user object |
| Success | signal | Fires on successful login |
| Failed | signal | Fires on error |
| Error | object | Error details |
#### API Call (Directus)
```
POST /auth/login
Body: {
email: "user@example.com",
password: "password"
}
Response: {
data: {
access_token: "eyJhbGc...",
refresh_token: "eyJhbGc...",
expires: 900000
}
}
```
#### Token Storage Strategy
**Critical Security Consideration:** Where to store tokens?
**Options:**
1. **Runtime Memory** (Default - Most Secure)
- ✅ Cleared on app refresh
- ✅ Not accessible to XSS attacks
- ❌ Lost on page reload
2. **Session Storage** (Balanced)
- ✅ Cleared on tab close
- ✅ Reasonably secure
- ❌ Lost on tab close
3. **Local Storage** (Least Secure)
- ✅ Persists across sessions
- ❌ Vulnerable to XSS
- ❌ Not recommended for production
4. **Electron Secure Storage** (Best for Desktop)
- ✅ OS-level encryption
- ✅ Persistent and secure
- ✅ Ideal for Noodl desktop apps
- ❌ Not available in web viewer
**Recommended Approach:**
- Desktop apps → Electron `safeStorage` API
- Web apps → Session Storage with "Remember Me" option for Local Storage
- Always clear sensitive data from node outputs after use
---
### 3. Log Out Node
**Purpose:** End user session and clear stored tokens
#### Inputs
| Input | Type | Description |
| ------------- | -------- | ---------------------------------- |
| Backend | dropdown | Select backend (or Active Backend) |
| Refresh Token | string | Token to invalidate (optional) |
| Log Out | signal | Trigger logout |
#### Outputs
| Output | Type | Description |
| ------- | ------ | ---------------- |
| Success | signal | Fires on success |
| Failed | signal | Fires on error |
| Error | object | Error details |
#### API Call (Directus)
```
POST /auth/logout
Body: {
refresh_token: "eyJhbGc..."
}
```
#### Cleanup Actions
1. Clear stored access token
2. Clear stored refresh token
3. Clear user session data
4. Optionally redirect to login page
---
## Token Auto-Injection
### Problem
After logging in, every data node (Query, Create, Update, Delete) needs the access token. Manual token management is tedious.
### Solution
Enhance `byob-utils.js` to check for stored auth token:
```javascript
function resolveBackend(backendId) {
const backendConfig = /* ... resolve from metadata ... */;
// Check for stored auth token
const storedToken = getStoredAuthToken(backendId);
if (storedToken) {
backendConfig.token = storedToken;
}
return backendConfig;
}
function getStoredAuthToken(backendId) {
// Check runtime memory first
if (window.__noodlAuthTokens && window.__noodlAuthTokens[backendId]) {
return window.__noodlAuthTokens[backendId];
}
// Fall back to session storage
const stored = sessionStorage.getItem(`noodl_auth_${backendId}`);
if (stored) {
try {
const { token, expires } = JSON.parse(stored);
if (Date.now() < expires) {
return token;
}
} catch (e) {
// Invalid stored data
}
}
return null;
}
```
This way, once a user logs in, all subsequent data node requests automatically include the auth token.
---
## Implementation Plan
### Phase 1: Core Authentication (Week 1)
1. **Create Auth Utility Module** (`byob-auth-utils.js`)
- Token storage functions
- Token validation
- Auto-injection logic
2. **Implement Log In Node** (`byob-login.js`)
- Most critical - enables testing
- Store tokens securely
- Output user object
3. **Implement Log Out Node** (`byob-logout.js`)
- Clear stored tokens
- Invalidate refresh token
4. **Enhance BYOB Utils**
- Integrate token auto-injection
- Update `resolveBackend()` to check stored tokens
5. **Testing**
- Manual testing with real Directus instance
- Verify token storage and auto-injection
- Test logout cleanup
### Phase 2: User Registration (Week 1)
6. **Implement Sign Up Node** (`byob-signup.js`)
- User creation
- Optional auto-login after signup
### Phase 3: Documentation & Polish (Week 1)
7. **Documentation**
- Update BYOB guide with auth examples
- Security best practices
- Token management guide
8. **Example Project**
- Login/signup form
- Protected routes
- User dashboard
---
## Security Considerations
### ⚠️ Critical Security Rules
1. **Never Log Tokens**
- Don't `console.log()` access tokens
- Don't expose tokens in inspect data
- Clear from outputs after use
2. **Use HTTPS Only**
- Never send tokens over HTTP
- Validate SSL certificates
3. **Token Expiration**
- Respect token expiry times
- Implement token refresh logic (future enhancement)
4. **Input Validation**
- Validate email format
- Enforce password strength (backend responsibility)
- Sanitize all user inputs
5. **Error Messages**
- Don't leak sensitive info in error messages
- Generic errors for auth failures ("Invalid credentials")
---
## Testing Checklist
### Manual Testing
- [ ] Sign up new user
- [ ] Log in with valid credentials
- [ ] Log in with invalid credentials
- [ ] Token auto-injection works in Query Data node
- [ ] Log out clears tokens
- [ ] Token persists across page reload (if configured)
- [ ] Expired tokens are handled gracefully
### Edge Cases
- [ ] Duplicate email during signup
- [ ] Weak password validation
- [ ] Network errors during auth
- [ ] Concurrent login attempts
- [ ] Token storage quota exceeded
---
## Future Enhancements
### Phase 2 Features
- **Token Refresh Node** - Automatically refresh expired tokens
- **Current User Node** - Get currently logged-in user details
- **Password Reset Nodes** - Request and confirm password resets
- **Email Verification** - Send and verify email confirmation
### Phase 3 Features
- **OAuth/Social Login** - Google, GitHub, etc.
- **Multi-Factor Authentication** - TOTP support
- **Session Management** - View/revoke active sessions
- **Backend-Agnostic** - Supabase, Appwrite, custom APIs
---
## Success Criteria
- [ ] Users can sign up for new accounts
- [ ] Users can log in and receive tokens
- [ ] Tokens are stored securely
- [ ] Data nodes automatically use stored tokens
- [ ] Users can log out and clear session
- [ ] No security vulnerabilities
- [ ] Documentation complete
- [ ] Example project demonstrates usage
---
## Related Tasks
- **TASK-001:** Backend Services Panel (provides backend configuration)
- **TASK-002:** Data Nodes (consumes auth tokens)
- **TASK-007:** Token Refresh & Session Management (future)
- **TASK-008:** OAuth/Social Login Support (future)