Merge branch 'AR/main' into AR/sync/20260520

JohnnyUB · JohnnyUB · commit baa5edbd559e · 2026-05-20T17:05:25.000+02:00
# Conflicts:
#	middleware/has-role.js
#	middleware/passport.js
#	models/kb_setting.js
#	pubmodules/analytics/analytics.js
#	pubmodules/trigger/rulesTrigger.js
#	routes/auth.js
#	routes/project_user.js
diff --git a/middleware/has-role.js b/middleware/has-role.js
@@ -222,7 +222,6 @@ class RoleChecker {
             winston.debug("project_user: ", JSON.stringify(project_user));
             
           }
-
           if (project_user) {
             
             req.projectuser = project_user;
diff --git a/middleware/passport.js b/middleware/passport.js
diff --git a/models/kb_setting.js b/models/kb_setting.js
@@ -20,7 +20,6 @@ let expireAnsweredAfterSeconds = ttlSecondsFromEnv(
   DEFAULT_ANSWERED_TTL_SEC
 );
 
-
 const EngineSchema = new Schema({
   name: {
     type: String,
diff --git a/package-lock.json b/package-lock.json
diff --git a/pubmodules/trigger/rulesTrigger.js b/pubmodules/trigger/rulesTrigger.js
@@ -1164,7 +1164,6 @@ class RulesTrigger {
                       lead: createdLead, requester: puser
                     };
       
-
                     return requestService.create(new_request).then(function (savedRequest) {                   
 
                         if (attributes) {
diff --git a/routes/auth.js b/routes/auth.js
@@ -784,27 +784,36 @@ router.get("/google/callback", passport.authenticate("google", { session: false
 
 router.get("/oauth2", function (req, res, next) {
   winston.debug("(oauth2) redirect_url: " + req.query.redirect_url);
-  req.session.redirect_url = req.query.redirect_url;
+  // req.session.redirect_url = req.query.redirect_url;
 
   winston.debug("(oauth2) forced_redirect_url: " + req.query.forced_redirect_url);
-  req.session.forced_redirect_url = req.query.forced_redirect_url;
+  // req.session.forced_redirect_url = req.query.forced_redirect_url;
+
+  req.session.save(() => {
+    passport.authenticate('oauth2',{
+      state: JSON.stringify({
+        redirect_url: req.query.redirect_url,
+        forced_redirect_url: req.query.forced_redirect_url
+      })
+    })(req, res, next);
+  });
 
-  passport.authenticate(
-    'oauth2', { prompt: 'select_account' }
-  )(req, res, next);
+  // passport.authenticate(
+  //   'oauth2'
+  // )(req, res, next);
 });
 
 // router.get('/oauth2',
 //   passport.authenticate('oauth2'));
 
 router.get('/oauth2/callback', passport.authenticate('oauth2', { session: false }), function (req, res) {
-  winston.debug("'/oauth2/callback: ", req.query);
-  winston.debug("/oauth2/callback --> req.session.redirect_url", req.session.redirect_url);
-  winston.debug("/oauth2/callback --> req.session.forced_redirect_url", req.session.forced_redirect_url);
+  winston.debug("'(/oauth2/callback): ", req.query);
+  const state = JSON.parse(req.query.state);
+  winston.debug("(/oauth2/callback) redirect_url:"+ state.redirect_url);
+  winston.debug("(/oauth2/callback) forced_redirect_url:"+ state.forced_redirect_url);
 
   var user = req.user;
   winston.debug("(/oauth2/callback) user", user);
-  winston.debug("(/oauth2/callback) req.session.redirect_url: " + req.session.redirect_url);
   var userJson = user.toObject();
 
   delete userJson.password;
@@ -828,21 +837,20 @@ router.get('/oauth2/callback', passport.authenticate('oauth2', { session: false
   // res.json(returnObject);
 
   let dashboard_base_url = process.env.EMAIL_BASEURL || config.baseUrl;
-  winston.debug("(/oauth2/callback) Google Redirect dashboard_base_url: ", dashboard_base_url);
+  winston.debug("(/oauth2/callback) Google Redirect dashboard_base_url: "+ dashboard_base_url);
 
   let homeurl = "/#/";
-
   const separator = homeurl.includes('?') ? '&' : '?';
   var url = dashboard_base_url+homeurl+ separator + "token=JWT "+token;
-
-  if (req.session.redirect_url) {
-    const separator = req.session.redirect_url.includes('?') ? '&' : '?';
-    url = req.session.redirect_url+ separator + "token=JWT "+token;
+  
+  if (state?.redirect_url) {
+    const separator = state.redirect_url.includes('?') ? '&' : '?';
+    url = state.redirect_url+ separator + "token=JWT "+token;
   }
 
-  if (req.session.forced_redirect_url) {
-    const separator = req.session.forced_redirect_url.includes('?') ? '&' : '?';
-    url = req.session.forced_redirect_url+ separator + "jwt=JWT "+token;  //attention we use jwt= (ionic) instead token=(dashboard) for ionic
+  if (state?.forced_redirect_url) {
+    const separator = state.forced_redirect_url.includes('?') ? '&' : '?';
+    url = state.forced_redirect_url+ separator + "jwt=JWT "+token;  //attention we use jwt= (ionic) instead token=(dashboard) for ionic 
   }
 
   winston.debug("(/oauth2/callback) Google Redirect: " + url);
diff --git a/routes/files.js b/routes/files.js
@@ -29,7 +29,33 @@ if (MAX_UPLOAD_FILE_SIZE) {
 } else {
   winston.info("Max upload file size is infinity");
 }
-const upload = multer({ storage: fileService.getStorage("files"),limits: uploadlimits});
+
+let files_allowed = process.env.UPLOAD_FILES_ALLOW_LIST || "text/plain,application/octet-stream,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,image/png,audio/mpeg,application/json,application/pdf";
+winston.info("Files upload allowed list " + files_allowed);
+
+const fileFilter = (req, file, cb) => {
+  winston.debug("fileFilter " + files_allowed);
+  const ext = file.originalname.toLowerCase().endsWith('.html') || file.originalname.toLowerCase().endsWith('.htm');
+
+  if (ext) {
+      winston.debug("file extension not allowed: " + file.originalname);
+      cb(new multer.MulterError('fileFilter not allowed'));
+      return;
+  }
+
+  if (files_allowed === "*" ||
+      (files_allowed && files_allowed.length > 0 && files_allowed.split(",").indexOf(file.mimetype) > -1)) {
+      winston.debug("file.mimetype allowed: " + file.mimetype);
+      cb(null, true);
+  } else {
+      winston.debug("file.mimetype not allowed. " + file.mimetype);
+      cb(new multer.MulterError('fileFilter not allowed'));
+  }
+};
+
+
+const upload = multer({ storage: fileService.getStorage("files"),  fileFilter: fileFilter, limits: uploadlimits}).single('file');
+
 
 /*
 curl -u andrea.leo@f21.it:123456 \
@@ -50,6 +76,8 @@ curl -u andrea.leo@f21.it:123456 \
 // });
 
 /*
+
+
 curl \
   -F "file=@/Users/andrealeo/dev/chat21/tiledesk-server-dev-org/README.md" \
   http://localhost:3000/files/public/
diff --git a/routes/images.js b/routes/images.js
@@ -25,15 +25,28 @@ const fileService = new FileGridFsService("images");
 
 
 
+let images_allowed = process.env.UPLOAD_IMAGES_ALLOW_LIST || "image/jpeg,image/png,image/gif,image/vnd.microsoft.icon,image/webp";
+winston.info("Images upload allowed list " + images_allowed);
+
 const fileFilter = (req, file, cb) => {
-  if (file.mimetype == 'image/jpeg' || file.mimetype == 'image/png' 
-      || file.mimetype == 'image/gif'|| file.mimetype == 'image/vnd.microsoft.icon'
-      || file.mimetype == 'image/webp') {
-      cb(null, true);
-  } else {
-      cb(null, false);
-  }
-}
+    winston.debug("fileFilter " + images_allowed);
+    const ext = file.originalname.toLowerCase().endsWith('.html') || file.originalname.toLowerCase().endsWith('.htm');
+
+    if (ext) {
+        winston.debug("file extension not allowed: " + file.originalname);
+        cb(new multer.MulterError('fileFilter not allowed'));
+        return;
+    }
+
+    if (images_allowed === "*" ||
+        (images_allowed && images_allowed.length > 0 && images_allowed.split(",").indexOf(file.mimetype) > -1)) {
+        winston.debug("file.mimetype allowed: " + file.mimetype);
+        cb(null, true);
+    } else {
+        winston.debug("file.mimetype not allowed. " + file.mimetype);
+        cb(new multer.MulterError('fileFilter not allowed'));
+    }
+};
 
 
 let MAX_UPLOAD_FILE_SIZE = process.env.MAX_UPLOAD_FILE_SIZE;
@@ -54,7 +67,7 @@ if (MAX_UPLOAD_FILE_SIZE) {
 // }
 
 
-const upload = multer({ storage: fileService.getStorage("images"), fileFilter: fileFilter, limits: uploadlimits });
+const upload = multer({ storage: fileService.getStorage("images"), fileFilter: fileFilter, limits: uploadlimits }).single('file');
 
 /*
 curl -u andrea.leo@f21.it:123456 \
@@ -392,6 +405,10 @@ the image binary file
 
 Example:
 
+
+curl -v -X POST -H 'Content-Type: multipart/form-data' -F "file=@/Users/andrealeo/dev/chat21/tiledesk-server-dev-org/test.jpg" http://localhost:3000/images/public/
+
+
 ```text
 curl -v -X POST -H 'Content-Type: multipart/form-data' -F "file=@/Users/andrealeo/dev/chat21/tiledesk-server-dev-org/test.jpg" https://api.tiledesk.com/v2/images/public
 ```
diff --git a/routes/kb.js b/routes/kb.js
@@ -29,6 +29,11 @@ const KB_WEBHOOK_TOKEN = process.env.KB_WEBHOOK_TOKEN || 'kbcustomtoken';
 const PINECONE_RERANKING = process.env.PINECONE_RERANKING === true || process.env.PINECONE_RERANKING === "true";
 const apiUrl = process.env.API_URL || configGlobal.apiUrl;
 
+let rerankingOff = false;
+if (process.env.RERANKING_OFF && (process.env.RERANKING_OFF === "true" || process.env.RERANKING_OFF === true)) {
+  rerankingOff = true;
+}
+
 
 let MAX_UPLOAD_FILE_SIZE = process.env.MAX_UPLOAD_FILE_SIZE;
 let uploadlimits = undefined;
diff --git a/routes/message.js b/routes/message.js
@@ -183,6 +183,7 @@ async (req, res)  => {
               proactive: true
             };
 
+
             return requestService.create(new_request).then(function (savedRequest) {
 
 
@@ -256,7 +257,8 @@ async (req, res)  => {
     } else {
 
       winston.debug("request  exists", request.toObject());
-      if (request.channel?.name === 'form') {
+
+      if (request.channel?.name === 'form' || request.channel?.name === 'email') {
         if (!sender && request.participantsAgents?.[0] !== req.user.id) {
           return res.status(403).send({ success: false, message: "Error creating message", err: "You don't belong the conversation" });
         }
diff --git a/routes/project_user.js b/routes/project_user.js
@@ -112,7 +112,7 @@ router.post('/invite', [passport.authenticate(['basic', 'jwt'], { session: false
 
             updatedPuser.populate({path:'id_user', select:{'firstname':1, 'lastname':1}},function (err, updatedPuserPopulated){
               var pu = updatedPuserPopulated.toJSON();
-              pu.isBusy = ProjectUserUtil.isBusy(savedProject_userPopulated, req.project.settings && req.project.settings.max_agent_assigned_chat);
+              pu.isBusy = ProjectUserUtil.isBusy(pu, req.project.settings && req.project.settings.max_agent_assigned_chat);
               var eventData = {req:req, updatedPuserPopulated: pu};
               winston.debug("eventData",eventData);
               authEvent.emit('project_user.invite', eventData);
@@ -566,7 +566,7 @@ router.get('/', [passport.authenticate(['basic', 'jwt'], { session: false }), va
     winston.debug("role", role);
     query =  {id_project: req.projectid, role: { $in : role } };
   } else {
-     query =  {id_project: req.projectid, roleType: RoleConstants.TYPE_AGENTS };
+    query =  {id_project: req.projectid, roleType: RoleConstants.TYPE_AGENTS };
   }
 
   if (!req.query.trashed || req.query.trashed === 'false' || req.query.trashed === false) {
diff --git a/routes/request.js b/routes/request.js
@@ -435,13 +435,14 @@ router.put('/:requestid/participants', async (req, res) => {
 
   //setParticipantsByRequestId(request_id, id_project, participants)
   return requestService.setParticipantsByRequestId(req.params.requestid, req.projectid, participants).then(function (updatedRequest) {
-
     winston.debug("participant set", updatedRequest);
-
     return res.json(updatedRequest);
-  }).catch(function(err) {
-    winston.error("Error setting participants", err);
-    return res.status(500).send({ success: false, error: "Error setting participants" });
+
+  }).catch((err) => {
+    winston.error("Error setParticipantsByRequestId: ", err);
+    let error_code = err?.code || 500;
+    let error = err?.error || err || "General error";
+    return res.status(error_code).send({ success: false, error: error })
   });
 
 });
@@ -579,7 +580,6 @@ router.put('/:requestid/assign', function (req, res) {
         return res.json(updatedRequest);
       }).catch(function (error) {
         // TODO: error log removed due to attempt to reduces logs when no department is found
-        console.log('Error changing the department.', error)
         winston.verbose('Error changing the department.', error)
         return res.status(500).send({ success: false, msg: 'Error changing the department.' });
       })
@@ -597,7 +597,6 @@ router.put('/:requestid/departments', function (req, res) {
     return res.json(updatedRequest);
   }).catch(function (error) {
     // TODO: error log removed due to attempt to reduces logs when no department is found
-    console.log('Error changing the department.', error)
     winston.verbose('Error changing the department.', error)
     return res.status(500).send({ success: false, msg: 'Error changing the department.' });
   })
@@ -633,7 +632,6 @@ router.put('/:requestid/agent', async (req, res) => {
     return res.json(updatedRequest);
   }).catch(function (error) {
     // TODO: error log removed due to attempt to reduces logs when no department is found
-    console.log('Error changing the department.', error)
     winston.verbose('Error changing the department.', error)
     return res.status(500).send({ success: false, msg: 'Error changing the department.' });
   })
diff --git a/routes/tag.js b/routes/tag.js
@@ -85,7 +85,7 @@ router.get('/:tagid', function (req, res) {
 });
 
 router.get('/', function (req, res) {
-  var limit = 40; // Number of Tags per page
+  var limit = 200; // Number of Tags per page
   var page = 0;
 
   if (req.query.page) {
diff --git a/routes/webhook.js b/routes/webhook.js
@@ -104,7 +104,7 @@ router.post('/kb/reindex', async (req, res) => {
     let errorCode = err?.errorCode ?? 500;
     return res.status(errorCode).send({ success: false, error: err.error });
   }
-
+  
   if (kb.type === 'sitemap') {
 
     const urls = await aiManager.fetchSitemap(kb.source).catch((err) => {
diff --git a/services/aiManager.js b/services/aiManager.js
diff --git a/services/leadService.js b/services/leadService.js
diff --git a/services/requestService.js b/services/requestService.js

Original file line number	Diff line number	Diff line change
`@@ -222,7 +222,6 @@ class RoleChecker {`
`222`	`222`	`winston.debug("project_user: ", JSON.stringify(project_user));`
`223`	`223`
`224`	`224`	`}`
`225`		`-`
`226`	`225`	`if (project_user) {`
`227`	`226`
`228`	`227`	`req.projectuser = project_user;`