+
,
+
+ /// Whether `sqlpage.fetch` should load trusted certificates from the operating system's certificate store
+ /// By default, it loads Mozilla's root certificates that are embedded in the `SQLPage` binary, or the ones pointed to by the
+ /// `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables.
+ #[serde(default = "default_system_root_ca_certificates")]
+ pub system_root_ca_certificates: bool,
}
impl AppConfig {
@@ -322,6 +328,10 @@ fn default_compress_responses() -> bool {
true
}
+fn default_system_root_ca_certificates() -> bool {
+ std::env::var("SSL_CERT_FILE").is_ok() || std::env::var("SSL_CERT_DIR").is_ok()
+}
+
#[derive(Debug, Deserialize, Serialize, PartialEq, Clone, Copy, Eq, Default)]
#[serde(rename_all = "lowercase")]
pub enum DevOrProd {
diff --git a/src/main.rs b/src/main.rs
index 2b8ed529..5f740e46 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,7 +1,5 @@
-use std::fmt::Write;
-
use sqlpage::{
- app_config::{self, AppConfig},
+ app_config,
webserver::{self, Database},
AppState,
};
@@ -21,41 +19,7 @@ async fn start() -> anyhow::Result<()> {
webserver::database::migrations::apply(&app_config, &db).await?;
let state = AppState::init_with_db(&app_config, db).await?;
log::debug!("Starting server...");
- let (r, _) = tokio::join!(
- webserver::http::run_server(&app_config, state),
- log_welcome_message(&app_config)
- );
- r
-}
-
-async fn log_welcome_message(config: &AppConfig) {
- let address_message = if let Some(unix_socket) = &config.unix_socket {
- format!("unix socket {unix_socket:?}")
- } else if let Some(domain) = &config.https_domain {
- format!("https://{}", domain)
- } else {
- let listen_on = config.listen_on();
- let mut msg = format!("{listen_on}");
- if listen_on.ip().is_unspecified() {
- // let the user know the service is publicly accessible
- write!(
- msg,
- ": accessible from the network, and locally on http://localhost:{}",
- listen_on.port()
- )
- .unwrap();
- }
- msg
- };
-
- log::info!(
- "SQLPage v{} started successfully.
- Now listening on {}
- You can write your website's code in .sql files in {}",
- env!("CARGO_PKG_VERSION"),
- address_message,
- config.web_root.display()
- );
+ webserver::http::run_server(&app_config, state).await
}
fn init_logging() {
diff --git a/src/render.rs b/src/render.rs
index 87f54f2d..f8890fb0 100644
--- a/src/render.rs
+++ b/src/render.rs
@@ -1,5 +1,5 @@
use crate::templates::SplitTemplate;
-use crate::webserver::http::LayoutContext;
+use crate::webserver::http::RequestContext;
use crate::webserver::ErrorWithStatus;
use crate::AppState;
use actix_web::cookie::time::format_description::well_known::Rfc3339;
@@ -15,9 +15,9 @@ use serde_json::{json, Value};
use std::borrow::Cow;
use std::sync::Arc;
-pub enum PageContext<'a, W: std::io::Write> {
+pub enum PageContext {
/// Indicates that we should stay in the header context
- Header(HeaderContext<'a, W>),
+ Header(HeaderContext),
/// Indicates that we should start rendering the body
Body {
@@ -30,27 +30,30 @@ pub enum PageContext<'a, W: std::io::Write> {
}
/// Handles the first SQL statements, before the headers have been sent to
-pub struct HeaderContext<'a, W: std::io::Write> {
+pub struct HeaderContext {
app_state: Arc,
- layout_context: &'a LayoutContext,
+ request_context: RequestContext,
pub writer: W,
response: HttpResponseBuilder,
has_status: bool,
}
-impl<'a, W: std::io::Write> HeaderContext<'a, W> {
- pub fn new(app_state: Arc, layout_context: &'a LayoutContext, writer: W) -> Self {
+impl<'a, W: std::io::Write> HeaderContext {
+ pub fn new(app_state: Arc, request_context: RequestContext, writer: W) -> Self {
let mut response = HttpResponseBuilder::new(StatusCode::OK);
response.content_type("text/html; charset=utf-8");
+ if app_state.config.content_security_policy.is_none() {
+ response.insert_header(&request_context.content_security_policy);
+ }
Self {
app_state,
- layout_context,
+ request_context,
writer,
response,
has_status: false,
}
}
- pub async fn handle_row(self, data: JsonValue) -> anyhow::Result> {
+ pub async fn handle_row(self, data: JsonValue) -> anyhow::Result> {
log::debug!("Handling header row: {data}");
match get_object_str(&data, "component") {
Some("status_code") => self.status_code(&data).map(PageContext::Header),
@@ -63,7 +66,7 @@ impl<'a, W: std::io::Write> HeaderContext<'a, W> {
}
}
- pub async fn handle_error(self, err: anyhow::Error) -> anyhow::Result> {
+ pub async fn handle_error(self, err: anyhow::Error) -> anyhow::Result> {
if self.app_state.config.environment.is_prod() {
return Err(err);
}
@@ -198,7 +201,7 @@ impl<'a, W: std::io::Write> HeaderContext<'a, W> {
Ok(self.response.body(json_response))
}
- async fn authentication(mut self, mut data: JsonValue) -> anyhow::Result> {
+ async fn authentication(mut self, mut data: JsonValue) -> anyhow::Result> {
let password_hash = take_object_str(&mut data, "password_hash");
let password = take_object_str(&mut data, "password");
if let (Some(password), Some(password_hash)) = (password, password_hash) {
@@ -228,8 +231,8 @@ impl<'a, W: std::io::Write> HeaderContext<'a, W> {
Ok(PageContext::Close(http_response))
}
- async fn start_body(self, data: JsonValue) -> anyhow::Result> {
- let renderer = RenderContext::new(self.app_state, self.layout_context, self.writer, data)
+ async fn start_body(self, data: JsonValue) -> anyhow::Result> {
+ let renderer = RenderContext::new(self.app_state, self.request_context, self.writer, data)
.await
.with_context(|| "Failed to create a render context from the header context.")?;
let http_response = self.response;
@@ -287,6 +290,7 @@ pub struct RenderContext {
current_component: Option,
shell_renderer: SplitTemplateRenderer,
current_statement: usize,
+ request_context: RequestContext,
}
const DEFAULT_COMPONENT: &str = "table";
@@ -296,7 +300,7 @@ const FRAGMENT_SHELL_COMPONENT: &str = "shell-empty";
impl RenderContext {
pub async fn new(
app_state: Arc,
- layout_context: &LayoutContext,
+ request_context: RequestContext,
mut writer: W,
initial_row: JsonValue,
) -> anyhow::Result> {
@@ -309,7 +313,7 @@ impl RenderContext {
.and_then(|c| get_object_str(c, "component"))
.is_some_and(Self::is_shell_component)
{
- let default_shell = if layout_context.is_embedded {
+ let default_shell = if request_context.is_embedded {
FRAGMENT_SHELL_COMPONENT
} else {
PAGE_SHELL_COMPONENT
@@ -329,6 +333,7 @@ impl RenderContext {
get_object_str(&shell_row, "component").expect("shell should exist"),
Arc::clone(&app_state),
0,
+ request_context.content_security_policy.nonce,
)
.await
.with_context(|| "The shell component should always exist")?;
@@ -341,6 +346,7 @@ impl RenderContext {
current_component: None,
shell_renderer,
current_statement: 1,
+ request_context,
};
for row in rows_iter {
@@ -461,6 +467,7 @@ impl RenderContext {
component: &str,
app_state: Arc,
component_index: usize,
+ nonce: u64,
) -> anyhow::Result {
let split_template = app_state
.all_templates
@@ -470,6 +477,7 @@ impl RenderContext {
split_template,
app_state,
component_index,
+ nonce,
))
}
@@ -486,6 +494,7 @@ impl RenderContext {
component,
Arc::clone(&self.app_state),
current_component_index + 1,
+ self.request_context.content_security_policy.nonce,
)
.await?;
Ok(self.current_component.replace(new_component))
@@ -543,6 +552,7 @@ pub struct SplitTemplateRenderer {
app_state: Arc,
row_index: usize,
component_index: usize,
+ nonce: JsonValue,
}
impl SplitTemplateRenderer {
@@ -550,6 +560,7 @@ impl SplitTemplateRenderer {
split_template: Arc,
app_state: Arc,
component_index: usize,
+ nonce: u64,
) -> Self {
Self {
split_template,
@@ -558,6 +569,7 @@ impl SplitTemplateRenderer {
row_index: 0,
ctx: Context::null(),
component_index,
+ nonce: nonce.into(),
}
}
fn name(&self) -> &str {
@@ -581,13 +593,15 @@ impl SplitTemplateRenderer {
.unwrap_or_default(),
);
let mut render_context = handlebars::RenderContext::new(None);
- render_context
+ let blk = render_context
.block_mut()
- .expect("context created without block")
- .set_local_var(
- "component_index",
- JsonValue::Number(self.component_index.into()),
- );
+ .expect("context created without block");
+ blk.set_local_var(
+ "component_index",
+ JsonValue::Number(self.component_index.into()),
+ );
+ blk.set_local_var("csp_nonce", self.nonce.clone());
+
*self.ctx.data_mut() = data;
let mut output = HandlebarWriterOutput(writer);
self.split_template.before_list.render(
@@ -618,6 +632,7 @@ impl SplitTemplateRenderer {
let mut blk = BlockContext::new();
blk.set_base_value(data);
blk.set_local_var("row_index", JsonValue::Number(self.row_index.into()));
+ blk.set_local_var("csp_nonce", self.nonce.clone());
render_context.push_block(blk);
let mut output = HandlebarWriterOutput(writer);
self.split_template.list_content.render(
@@ -646,6 +661,7 @@ impl SplitTemplateRenderer {
if let Some(mut local_vars) = self.local_vars.take() {
let mut render_context = handlebars::RenderContext::new(None);
local_vars.put("row_index", self.row_index.into());
+ local_vars.put("csp_nonce", self.nonce.clone());
log::trace!("Rendering the after_list template with the following local variables: {local_vars:?}");
*render_context
.block_mut()
@@ -681,7 +697,7 @@ mod tests {
let mut output = Vec::new();
let config = app_config::tests::test_config();
let app_state = Arc::new(AppState::init(&config).await.unwrap());
- let mut rdr = SplitTemplateRenderer::new(Arc::new(split), app_state, 0);
+ let mut rdr = SplitTemplateRenderer::new(Arc::new(split), app_state, 0, 0);
rdr.render_start(&mut output, json!({"name": "SQL"}))?;
rdr.render_item(&mut output, json!({"x": 1}))?;
rdr.render_item(&mut output, json!({"x": 2}))?;
@@ -702,7 +718,7 @@ mod tests {
let mut output = Vec::new();
let config = app_config::tests::test_config();
let app_state = Arc::new(AppState::init(&config).await.unwrap());
- let mut rdr = SplitTemplateRenderer::new(Arc::new(split), app_state, 0);
+ let mut rdr = SplitTemplateRenderer::new(Arc::new(split), app_state, 0, 0);
rdr.render_start(&mut output, json!(null))?;
rdr.render_item(&mut output, json!({"x": 1}))?;
rdr.render_item(&mut output, json!({"x": 2}))?;
diff --git a/src/webserver/content_security_policy.rs b/src/webserver/content_security_policy.rs
new file mode 100644
index 00000000..ecfb5edb
--- /dev/null
+++ b/src/webserver/content_security_policy.rs
@@ -0,0 +1,40 @@
+use std::fmt::Display;
+
+use awc::http::header::InvalidHeaderValue;
+use rand::random;
+
+#[derive(Debug, Clone, Copy)]
+pub struct ContentSecurityPolicy {
+ pub nonce: u64,
+}
+
+impl Default for ContentSecurityPolicy {
+ fn default() -> Self {
+ Self { nonce: random() }
+ }
+}
+
+impl Display for ContentSecurityPolicy {
+ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+ write!(f, "script-src 'self' 'nonce-{}'", self.nonce)
+ }
+}
+
+impl actix_web::http::header::TryIntoHeaderPair for &ContentSecurityPolicy {
+ type Error = InvalidHeaderValue;
+
+ fn try_into_pair(
+ self,
+ ) -> Result<
+ (
+ actix_web::http::header::HeaderName,
+ actix_web::http::header::HeaderValue,
+ ),
+ Self::Error,
+ > {
+ Ok((
+ actix_web::http::header::CONTENT_SECURITY_POLICY,
+ actix_web::http::header::HeaderValue::from_str(&self.to_string())?,
+ ))
+ }
+}
diff --git a/src/webserver/database/sql.rs b/src/webserver/database/sql.rs
index 65536ed7..d7dbcc3d 100644
--- a/src/webserver/database/sql.rs
+++ b/src/webserver/database/sql.rs
@@ -999,6 +999,30 @@ mod test {
);
}
+ #[test]
+ fn test_extract_set_variable() {
+ let sql = "set x = 42";
+ for &(dialect, db_kind) in ALL_DIALECTS {
+ let mut parser = Parser::new(dialect).try_with_sql(sql).unwrap();
+ let stmt = parse_single_statement(&mut parser, db_kind, sql);
+ if let Some(ParsedStatement::SetVariable {
+ variable,
+ value: StmtWithParams { query, params, .. },
+ }) = stmt
+ {
+ assert_eq!(
+ variable,
+ StmtParam::PostOrGet("x".to_string()),
+ "{dialect:?}"
+ );
+ assert_eq!(query, "SELECT 42");
+ assert!(params.is_empty());
+ } else {
+ panic!("Failed for dialect {dialect:?}: {stmt:#?}",);
+ }
+ }
+ }
+
#[test]
fn test_static_extract_doesnt_match() {
assert_eq!(
diff --git a/src/webserver/database/sqlpage_functions/functions.rs b/src/webserver/database/sqlpage_functions/functions.rs
index 6ece4b9f..8c738976 100644
--- a/src/webserver/database/sqlpage_functions/functions.rs
+++ b/src/webserver/database/sqlpage_functions/functions.rs
@@ -10,7 +10,7 @@ use crate::webserver::{
use anyhow::{anyhow, Context};
use futures_util::StreamExt;
use mime_guess::mime;
-use std::{borrow::Cow, ffi::OsStr, str::FromStr};
+use std::{borrow::Cow, ffi::OsStr, str::FromStr, sync::OnceLock};
super::function_definition_macro::sqlpage_functions! {
basic_auth_password((&RequestInfo));
@@ -22,7 +22,7 @@ super::function_definition_macro::sqlpage_functions! {
environment_variable(name: Cow);
exec((&RequestInfo), program_name: Cow, args: Vec>);
- fetch(http_request: SqlPageFunctionParam>);
+ fetch((&RequestInfo), http_request: SqlPageFunctionParam>);
hash_password(password: Option);
header((&RequestInfo), name: Cow);
@@ -129,12 +129,12 @@ async fn exec<'a>(
}
async fn fetch(
+ request: &RequestInfo,
http_request: super::http_fetch_request::HttpFetchRequest<'_>,
) -> anyhow::Result {
use awc::http::Method;
- let client = awc::Client::builder()
- .add_default_header((awc::http::header::USER_AGENT, env!("CARGO_PKG_NAME")))
- .finish();
+ let client = make_http_client(&request.app_state.config)?;
+
let method = if let Some(method) = http_request.method {
Method::from_str(&method)?
} else {
@@ -174,6 +174,36 @@ async fn fetch(
Ok(response_str)
}
+static NATIVE_CERTS: OnceLock> = OnceLock::new();
+
+fn make_http_client(config: &crate::app_config::AppConfig) -> anyhow::Result {
+ let connector = if config.system_root_ca_certificates {
+ let roots = NATIVE_CERTS
+ .get_or_init(|| {
+ let certs = rustls_native_certs::load_native_certs()?;
+ let mut roots = rustls::RootCertStore::empty();
+ for cert in certs {
+ roots.add(cert.clone()).unwrap();
+ }
+ Ok(roots)
+ })
+ .as_ref()?;
+
+ let tls_conf = rustls::ClientConfig::builder()
+ .with_root_certificates(roots.clone())
+ .with_no_client_auth();
+
+ awc::Connector::new().rustls_0_22(std::sync::Arc::new(tls_conf))
+ } else {
+ awc::Connector::new()
+ };
+ let client = awc::Client::builder()
+ .connector(connector)
+ .add_default_header((awc::http::header::USER_AGENT, env!("CARGO_PKG_NAME")))
+ .finish();
+ Ok(client)
+}
+
pub(crate) async fn hash_password(password: Option) -> anyhow::Result> {
let Some(password) = password else {
return Ok(None);
diff --git a/src/webserver/http.rs b/src/webserver/http.rs
index 247025cf..22e37275 100644
--- a/src/webserver/http.rs
+++ b/src/webserver/http.rs
@@ -1,4 +1,5 @@
use crate::render::{HeaderContext, PageContext, RenderContext};
+use crate::webserver::content_security_policy::ContentSecurityPolicy;
use crate::webserver::database::{execute_queries::stream_query_results_with_conn, DbItem};
use crate::webserver::http_request_info::extract_request_info;
use crate::webserver::ErrorWithStatus;
@@ -40,8 +41,9 @@ pub struct ResponseWriter {
}
#[derive(Clone)]
-pub struct LayoutContext {
+pub struct RequestContext {
pub is_embedded: bool,
+ pub content_security_policy: ContentSecurityPolicy,
}
impl ResponseWriter {
@@ -172,12 +174,12 @@ async fn stream_response(
async fn build_response_header_and_stream>(
app_state: Arc,
database_entries: S,
- layout_context: &LayoutContext,
+ request_context: RequestContext,
) -> anyhow::Result> {
let chan_size = app_state.config.max_pending_rows;
let (sender, receiver) = mpsc::channel(chan_size);
let writer = ResponseWriter::new(sender);
- let mut head_context = HeaderContext::new(app_state, layout_context, writer);
+ let mut head_context = HeaderContext::new(app_state, request_context, writer);
let mut stream = Box::pin(database_entries);
while let Some(item) = stream.next().await {
let page_context = match item {
@@ -250,8 +252,9 @@ async fn render_sql(
let (resp_send, resp_recv) = tokio::sync::oneshot::channel::();
actix_web::rt::spawn(async move {
- let layout_context = &LayoutContext {
+ let request_context = RequestContext {
is_embedded: req_param.get_variables.contains_key("_sqlpage_embed"),
+ content_security_policy: ContentSecurityPolicy::default(),
};
let mut conn = None;
let database_entries_stream =
@@ -259,7 +262,7 @@ async fn render_sql(
let response_with_writer = build_response_header_and_stream(
Arc::clone(&app_state),
database_entries_stream,
- layout_context,
+ request_context,
)
.await;
match response_with_writer {
@@ -531,21 +534,7 @@ pub fn create_app(
// when receiving a request outside of the prefix, redirect to the prefix
.default_service(fn_service(default_prefix_redirect))
.wrap(Logger::default())
- .wrap(
- middleware::DefaultHeaders::new()
- .add((
- "Server",
- format!("{} v{}", env!("CARGO_PKG_NAME"), env!("CARGO_PKG_VERSION")),
- ))
- .add((
- "Content-Security-Policy",
- app_state
- .config
- .content_security_policy
- .as_deref()
- .unwrap_or("script-src 'self' https://cdn.jsdelivr.net"),
- )),
- )
+ .wrap(default_headers(&app_state))
.wrap(middleware::Condition::new(
app_state.config.compress_responses,
middleware::Compress::default(),
@@ -557,6 +546,15 @@ pub fn create_app(
.app_data(app_state)
}
+fn default_headers(app_state: &web::Data) -> middleware::DefaultHeaders {
+ let server_header = format!("{} v{}", env!("CARGO_PKG_NAME"), env!("CARGO_PKG_VERSION"));
+ let mut headers = middleware::DefaultHeaders::new().add(("Server", server_header));
+ if let Some(csp) = &app_state.config.content_security_policy {
+ headers = headers.add(("Content-Security-Policy", csp.as_str()));
+ }
+ headers
+}
+
pub async fn run_server(config: &AppConfig, state: AppState) -> anyhow::Result<()> {
let listen_on = config.listen_on();
let state = web::Data::new(state);
@@ -599,11 +597,43 @@ pub async fn run_server(config: &AppConfig, state: AppState) -> anyhow::Result<(
.map_err(|e| bind_error(e, listen_on))?;
}
}
+
+ log_welcome_message(config);
server
.run()
.await
- .with_context(|| "Unable to start the application")?;
- Ok(())
+ .with_context(|| "Unable to start the application")
+}
+
+fn log_welcome_message(config: &AppConfig) {
+ let address_message = if let Some(unix_socket) = &config.unix_socket {
+ format!("unix socket {unix_socket:?}")
+ } else if let Some(domain) = &config.https_domain {
+ format!("https://{domain}")
+ } else {
+ use std::fmt::Write;
+ let listen_on = config.listen_on();
+ let mut msg = format!("{listen_on}");
+ if listen_on.ip().is_unspecified() {
+ // let the user know the service is publicly accessible
+ write!(
+ msg,
+ ": accessible from the network, and locally on http://localhost:{}",
+ listen_on.port()
+ )
+ .unwrap();
+ }
+ msg
+ };
+
+ log::info!(
+ "SQLPage v{} started successfully.
+ Now listening on {}
+ You can write your website's code in .sql files in {}",
+ env!("CARGO_PKG_VERSION"),
+ address_message,
+ config.web_root.display()
+ );
}
fn bind_error(e: std::io::Error, listen_on: std::net::SocketAddr) -> anyhow::Error {
diff --git a/src/webserver/mod.rs b/src/webserver/mod.rs
index 343ecf6f..82fccaab 100644
--- a/src/webserver/mod.rs
+++ b/src/webserver/mod.rs
@@ -1,3 +1,4 @@
+mod content_security_policy;
pub mod database;
pub mod error_with_status;
pub mod http;
diff --git a/tests/end-to-end/.gitignore b/tests/end-to-end/.gitignore
new file mode 100644
index 00000000..68c5d18f
--- /dev/null
+++ b/tests/end-to-end/.gitignore
@@ -0,0 +1,5 @@
+node_modules/
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
diff --git a/tests/end-to-end/official-site.spec.ts b/tests/end-to-end/official-site.spec.ts
new file mode 100644
index 00000000..9800235a
--- /dev/null
+++ b/tests/end-to-end/official-site.spec.ts
@@ -0,0 +1,60 @@
+import { test, expect } from '@playwright/test';
+
+const BASE = 'http://localhost:8080/';
+
+test('Open documentation', async ({ page }) => {
+ await page.goto(BASE);
+
+ // Expect a title "to contain" a substring.
+ await expect(page).toHaveTitle("SQLPage");
+
+ // open the submenu
+ await page.getByText('Documentation', { exact: true }).first().click();
+ await page.getByText('All Components').click();
+ const components = ['form', 'map', 'chart', 'button'];
+ for (const component of components) {
+ await expect(page.getByRole('link', { name: component }).first()).toBeVisible();
+ }
+});
+
+test('chart', async ({ page }) => {
+ await page.goto(BASE + '/documentation.sql?component=chart#component');
+ await expect(page.getByText('Loading...')).not.toBeVisible();
+ await expect(page.locator('.apexcharts-canvas').first()).toBeVisible();
+});
+
+test('map', async ({ page }) => {
+ await page.goto(BASE + '/documentation.sql?component=map#component');
+ await expect(page.getByText('Loading...')).not.toBeVisible();
+ await expect(page.locator('.leaflet-marker-icon').first()).toBeVisible();
+});
+
+test('form example', async ({ page }) => {
+ await page.goto(BASE + '/examples/multistep-form');
+ // Single selection matching the value or label
+ await page.getByLabel('From').selectOption('Paris');
+ await page.getByText('Next').click();
+ await page.getByLabel(/\bTo\b/).selectOption('Mexico');
+ await page.getByText('Next').click();
+ await page.getByLabel('Number of Adults').fill('1');
+ await page.getByText('Next').click();
+ await page.getByLabel('Passenger 1 (adult)').fill('John Doe');
+ await page.getByText('Book the flight').click();
+ await expect(page.getByText('John Doe').first()).toBeVisible();
+});
+
+test('File upload', async ({ page }) => {
+ await page.goto(BASE);
+ await page.getByText('Examples', { exact: true }).click();
+ await page.getByText('File uploads').click();
+ const my_svg = '';
+ // @ts-ignore
+ const buffer = Buffer.from(my_svg);
+ await page.getByLabel('Picture').setInputFiles({
+ name: 'small.svg',
+ mimeType: 'image/svg+xml',
+ buffer,
+ });
+ await page.getByRole('button', { name: 'Upload picture' }).click();
+ await expect(page.locator('img[src^=data]').first().getAttribute('src')).resolves.toBe('data:image/svg+xml;base64,' + buffer.toString('base64'));
+});
\ No newline at end of file
diff --git a/tests/end-to-end/package-lock.json b/tests/end-to-end/package-lock.json
new file mode 100644
index 00000000..a50b1096
--- /dev/null
+++ b/tests/end-to-end/package-lock.json
@@ -0,0 +1,91 @@
+{
+ "name": "end-to-end",
+ "version": "1.0.0",
+ "lockfileVersion": 3,
+ "requires": true,
+ "packages": {
+ "": {
+ "name": "end-to-end",
+ "version": "1.0.0",
+ "license": "ISC",
+ "devDependencies": {
+ "@playwright/test": "^1.45.3",
+ "@types/node": "^22.1.0"
+ }
+ },
+ "node_modules/@playwright/test": {
+ "version": "1.45.3",
+ "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.45.3.tgz",
+ "integrity": "sha512-UKF4XsBfy+u3MFWEH44hva1Q8Da28G6RFtR2+5saw+jgAFQV5yYnB1fu68Mz7fO+5GJF3wgwAIs0UelU8TxFrA==",
+ "dev": true,
+ "dependencies": {
+ "playwright": "1.45.3"
+ },
+ "bin": {
+ "playwright": "cli.js"
+ },
+ "engines": {
+ "node": ">=18"
+ }
+ },
+ "node_modules/@types/node": {
+ "version": "22.1.0",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-22.1.0.tgz",
+ "integrity": "sha512-AOmuRF0R2/5j1knA3c6G3HOk523Ga+l+ZXltX8SF1+5oqcXijjfTd8fY3XRZqSihEu9XhtQnKYLmkFaoxgsJHw==",
+ "dev": true,
+ "dependencies": {
+ "undici-types": "~6.13.0"
+ }
+ },
+ "node_modules/fsevents": {
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+ "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+ "dev": true,
+ "hasInstallScript": true,
+ "optional": true,
+ "os": [
+ "darwin"
+ ],
+ "engines": {
+ "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+ }
+ },
+ "node_modules/playwright": {
+ "version": "1.45.3",
+ "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.45.3.tgz",
+ "integrity": "sha512-QhVaS+lpluxCaioejDZ95l4Y4jSFCsBvl2UZkpeXlzxmqS+aABr5c82YmfMHrL6x27nvrvykJAFpkzT2eWdJww==",
+ "dev": true,
+ "dependencies": {
+ "playwright-core": "1.45.3"
+ },
+ "bin": {
+ "playwright": "cli.js"
+ },
+ "engines": {
+ "node": ">=18"
+ },
+ "optionalDependencies": {
+ "fsevents": "2.3.2"
+ }
+ },
+ "node_modules/playwright-core": {
+ "version": "1.45.3",
+ "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.45.3.tgz",
+ "integrity": "sha512-+ym0jNbcjikaOwwSZycFbwkWgfruWvYlJfThKYAlImbxUgdWFO2oW70ojPm4OpE4t6TAo2FY/smM+hpVTtkhDA==",
+ "dev": true,
+ "bin": {
+ "playwright-core": "cli.js"
+ },
+ "engines": {
+ "node": ">=18"
+ }
+ },
+ "node_modules/undici-types": {
+ "version": "6.13.0",
+ "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.13.0.tgz",
+ "integrity": "sha512-xtFJHudx8S2DSoujjMd1WeWvn7KKWFRESZTMeL1RptAYERu29D6jphMjjY+vn96jvN3kVPDNxU/E13VTaXj6jg==",
+ "dev": true
+ }
+ }
+}
diff --git a/tests/end-to-end/package.json b/tests/end-to-end/package.json
new file mode 100644
index 00000000..2bba09a1
--- /dev/null
+++ b/tests/end-to-end/package.json
@@ -0,0 +1,14 @@
+{
+ "name": "end-to-end",
+ "version": "1.0.0",
+ "description": "",
+ "main": "index.js",
+ "scripts": {},
+ "keywords": [],
+ "author": "",
+ "license": "ISC",
+ "devDependencies": {
+ "@playwright/test": "^1.45.3",
+ "@types/node": "^22.1.0"
+ }
+}
diff --git a/tests/end-to-end/playwright.config.ts b/tests/end-to-end/playwright.config.ts
new file mode 100644
index 00000000..38423e13
--- /dev/null
+++ b/tests/end-to-end/playwright.config.ts
@@ -0,0 +1,78 @@
+import { defineConfig, devices } from '@playwright/test';
+
+/**
+ * Read environment variables from file.
+ * https://github.com/motdotla/dotenv
+ */
+// import dotenv from 'dotenv';
+// dotenv.config({ path: path.resolve(__dirname, '.env') });
+
+/**
+ * See https://playwright.dev/docs/test-configuration.
+ */
+export default defineConfig({
+ testDir: './.',
+ /* Run tests in files in parallel */
+ fullyParallel: true,
+ /* Fail the build on CI if you accidentally left test.only in the source code. */
+ forbidOnly: !!process.env.CI,
+ /* Retry on CI only */
+ retries: process.env.CI ? 2 : 0,
+ /* Opt out of parallel tests on CI. */
+ workers: process.env.CI ? 1 : undefined,
+ /* Reporter to use. See https://playwright.dev/docs/test-reporters */
+ reporter: 'html',
+ /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
+ use: {
+ /* Base URL to use in actions like `await page.goto('/')`. */
+ // baseURL: 'http://127.0.0.1:3000',
+
+ /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
+ trace: 'on-first-retry',
+ },
+
+ /* Configure projects for major browsers */
+ projects: [
+ {
+ name: 'chromium',
+ use: { ...devices['Desktop Chrome'] },
+ },
+
+ // {
+ // name: 'firefox',
+ // use: { ...devices['Desktop Firefox'] },
+ // },
+
+ // {
+ // name: 'webkit',
+ // use: { ...devices['Desktop Safari'] },
+ // },
+
+ /* Test against mobile viewports. */
+ // {
+ // name: 'Mobile Chrome',
+ // use: { ...devices['Pixel 5'] },
+ // },
+ // {
+ // name: 'Mobile Safari',
+ // use: { ...devices['iPhone 12'] },
+ // },
+
+ /* Test against branded browsers. */
+ // {
+ // name: 'Microsoft Edge',
+ // use: { ...devices['Desktop Edge'], channel: 'msedge' },
+ // },
+ // {
+ // name: 'Google Chrome',
+ // use: { ...devices['Desktop Chrome'], channel: 'chrome' },
+ // },
+ ],
+
+ /* Run your local dev server before starting the tests */
+ // webServer: {
+ // command: 'npm run start',
+ // url: 'http://127.0.0.1:3000',
+ // reuseExistingServer: !process.env.CI,
+ // },
+});
{{#if color}}
-
+
{{/if}}
{{#if image_url}}
{{/if}}
{{#if icon}}
- {{~icon_img icon~}}
+ {{~icon_img icon~}}
{{/if}}
{{#if description}}
{{description}}
diff --git a/sqlpage/templates/debug.handlebars b/sqlpage/templates/debug.handlebars
index ddda74f2..9b7d1cb7 100644
--- a/sqlpage/templates/debug.handlebars
+++ b/sqlpage/templates/debug.handlebars
@@ -1,5 +1,5 @@
diff --git a/sqlpage/tomselect.js b/sqlpage/tomselect.js
index c9c364c8..4b106065 100644
--- a/sqlpage/tomselect.js
+++ b/sqlpage/tomselect.js
@@ -14,4 +14,4 @@ function sqlpage_select_dropdown() {
}
}
-add_init_function(sqlpage_select_dropdown);
\ No newline at end of file
+add_init_fn(sqlpage_select_dropdown);
\ No newline at end of file
diff --git a/src/app_config.rs b/src/app_config.rs
index 95e87d5e..daf20e43 100644
--- a/src/app_config.rs
+++ b/src/app_config.rs
@@ -100,6 +100,12 @@ pub struct AppConfig {
/// Content-Security-Policy header to send to the client. If not set, a default policy allowing scripts from the same origin is used and from jsdelivr.net
pub content_security_policy: OptionDebug output
-{{stringify this}}
-{{#each_row}}
- {{stringify this}}
+{{stringify this}}
+{{#each_row}}{{stringify this}}
{{/each_row}}
+