Merge branch 'main' of github.com:devforth/adminforth

Author: ivictbor

adminforth/dataConnectors/clickhouse.ts

@@ -530,7 +530,6 @@ class ClickhouseConnector extends AdminForthBaseConnector implements IAdminForth
       }).join(', ');
       const tableName = resource.table;
 
-      console.log('getDataWithOriginalTypes called with filters', JSON.stringify(filters), 'and sort', JSON.stringify(sort));
       const { where, params } = this.whereClause(resource, filters);
 
       const orderBy = sort.length ? `ORDER BY ${sort.map((s) => `${s.field} ${this.SortDirectionsMap[s.direction]}`).join(', ')}` : '';

adminforth/documentation/docs/tutorial/03-Customization/12-security.md

@@ -242,3 +242,46 @@ export const admin = new AdminForth({
 ```
 
 Now, if a user’s field `status` is changed to "banned", they won’t be able to perform any actions and moreover  will be automatically logged out upon accessing the page.
+
+## RateLimiter for API
+
+### Import
+```ts 
+import { RateLimiter } from "adminforth";
+```
+
+### Usage
+```ts 
+import { RateLimiter } from "adminforth";
+
+const UserRateLimiter = new RateLimiter("20/1d");
+
+app.post(
+  `${ADMIN_BASE_URL}/api/some-api/`,
+  admin.express.authorize(async (req: any, res: any) => {
+
+    const allowed = await UserRateLimiter.consume(req.user.id);
+
+    if (!allowed) {
+      res.status(429).json({
+        error: "Rate limit exceeded"
+      });
+      return;
+    }
+
+    // your API logic here
+  })
+);
+```
+
+### Limit format
+"20/1d"
+This means that a user is allowed to make up to 20 requests within one day, and once this limit is reached, any further requests will be blocked until the 24-hour period resets.
+
+### Supported time units
+- s → seconds (10s)
+- m → minutes (5m)
+- h → hours (1h)
+- d → days (1d)
+
+> ☝ Сonsume(key) is used to check whether a specific key such as a userId, IP address, or any other identifier has exceeded its allowed request limit. If the limit has not been reached, it returns true, meaning the request is allowed to proceed.

adminforth/documentation/docs/tutorial/05-Adapters/09-chat-surface-adapters.md

@@ -17,45 +17,61 @@ Create a Telegram bot with BotFather and add the token to `.env`:
 
 ```env title=".env"
 TELEGRAM_BOT_TOKEN=your_bot_token
+TELEGRAM_BOT_USERNAME=your_bot_username_without_at
 TELEGRAM_WEBHOOK_SECRET=your_random_secret
 ```
 
-The webhook secret confirms that the request came through Telegram. Your app should still map the Telegram user id to a real AdminForth admin user before running the agent.
+The webhook secret confirms that the request came through Telegram.
 
-## Admin user field `telegramId`
+## Admin user field `externalUserId`
 
-To map Telegram users to AdminForth admin users, the adapter looks up an admin user record by Telegram user id.
-By default it expects the admin user resource to have a field named `telegramId`.
+External chat accounts are linked by the Agent plugin, not by the Telegram adapter directly. The plugin stores linked external user ids in a JSON field on the AdminForth auth user resource.
 
-Add this field to your `adminuser` resource:
+By default this field is named `externalUserId`. Add it to your `adminuser` resource:
 
 ```ts
 {
-  name: 'telegramId',
-  type: AdminForthDataTypes.STRING,
-  showIn: ['show', 'edit', 'create'],
+  name: 'externalUserId',
+  type: AdminForthDataTypes.JSON,
 },
 ```
 
-Also add the matching column to your database schema and run a migration. For example, with Prisma:
+Also add the matching column to your database schema and run a migration. For example, with Prisma and PostgreSQL:
 
 ```prisma title="schema.prisma"
 model adminuser {
   // existing fields
-  telegramId String?
+  externalUserId Json?
 }
 ```
 
+For Prisma SQLite, store the same field as text:
+
+```prisma title="schema.prisma"
+model adminuser {
+  // existing fields
+  externalUserId String?
+}
+```
+
+AdminForth should still define this resource column as `AdminForthDataTypes.JSON`; the SQLite connector serializes it into the text column and parses it back.
+
 Then create and apply the migration using your app's migration scripts:
 
 ```bash
-pnpm makemigration --name add-adminuser-telegram-id
+pnpm makemigration --name add-adminuser-external-user-id
 pnpm migrate:local
 ```
 
-After the migration, set `telegramId` on the admin user record to the numeric Telegram user id that should be allowed to use the bot.
+When a Telegram account is linked, the field stores data like this:
 
-If your field is named differently, configure `adminUserTelegramIdField` option (see below).
+```json
+{
+  "telegram": "123456789"
+}
+```
+
+If your field is named differently, configure `chatExternalIdsField` on the Agent plugin.
 
 Register the adapter in the Agent plugin:
 
@@ -80,31 +96,41 @@ new AdminForthAgent({
       //diff-add
       botToken: process.env.TELEGRAM_BOT_TOKEN as string,
       //diff-add
-      webhookSecret: process.env.TELEGRAM_WEBHOOK_SECRET,
+      botUsername: process.env.TELEGRAM_BOT_USERNAME,
       //diff-add
-      adminUserTelegramIdField: 'telegramId',
+      webhookSecret: process.env.TELEGRAM_WEBHOOK_SECRET,
       //diff-add
     }),
     //diff-add
   ],
+  // optional, defaults to 'externalUserId'
+  //diff-add
+  chatExternalIdsField: 'externalUserId',
 });
 ```
 
+When `botUsername` is configured, the Agent plugin adds **Chat Surfaces** to the user menu settings pages. A logged-in AdminForth user can open that page and click **Connect**. The Telegram adapter returns a URL like:
+
+```txt
+https://t.me/<botUsername>?start=<link-token>
+```
+
+After the user starts the bot with that token, AdminForth stores the Telegram user id in `externalUserId.telegram`. The same page also supports reconnecting and disconnecting the Telegram account.
+
+You can also prefill the JSON field manually if you do not want to use the connect page.
+
 ## Adapter options
 
 All options for `new TelegramChatSurfaceAdapter(options)`:
 
 - `botToken` (string, required) — Telegram bot token from BotFather.
+- `botUsername` (string, optional) — bot username used to build the account-link URL for the **Chat Surfaces** settings page.
 - `webhookSecret` (string, optional) — secret token configured in Telegram `setWebhook`.
 - `streamingMode` (`draft` | `typing` | `off`, optional) — streaming behavior for Telegram responses.
   - Default: `draft`.
   - Note: Telegram drafts work only in private chats. In non-private chats the adapter automatically falls back from `draft` to `typing`.
 - `draftUpdateIntervalMs` (number, optional) — throttle for draft preview updates.
   - Default: `650`.
-- `adminUserTelegramIdField` (string, optional) — admin user field that stores Telegram user id.
-  - Default: `telegramId`.
-- `adminUserResourceId` (string, optional) — AdminForth resource id that stores admin users.
-  - Default: `adminuser`.
 
 The plugin exposes this webhook endpoint:
 

adminforth/documentation/docs/tutorial/08-Plugins/01-agent.md

@@ -289,30 +289,27 @@ The plugin adds a chat surface to the admin UI, keeps session history per admin
 By default, the Agent plugin exposes a chat surface inside the AdminForth admin UI.
 If you want to talk to the same agent from external chat products (Telegram, etc.), connect a **chat surface adapter**.
 
-The adapter is registered in the plugin config via `chatSurfaceAdapters` and the plugin exposes an HTTP webhook endpoint for it.
-
-Example (Telegram):
+Register adapters through `chatSurfaceAdapters`:
 
 ```ts
 import AdminForthAgent from '@adminforth/agent';
-import TelegramChatSurfaceAdapter from '@adminforth/chat-surface-adapter-telegram';
+import SomeChatSurfaceAdapter from '@adminforth/some-chat-surface-adapter';
 
 new AdminForthAgent({
   // ...modes, sessionResource, turnResource, etc.
   chatSurfaceAdapters: [
-    new TelegramChatSurfaceAdapter({
-      botToken: process.env.TELEGRAM_BOT_TOKEN as string,
-      webhookSecret: process.env.TELEGRAM_WEBHOOK_SECRET,
-      // optional
-      adminUserTelegramIdField: 'telegramId',
+    new SomeChatSurfaceAdapter({
+      // adapter-specific options
     }),
   ],
 });
 ```
 
-Next steps (Telegram bot setup, webhook URL, required `telegramId` field on the admin user resource, and all adapter options) are documented here:
+When an adapter supports account linking, the Agent plugin adds a user menu settings page named **Chat Surfaces** where logged-in users can connect, reconnect, and disconnect external accounts.
+
+For Telegram setup, including required user fields, webhook URL, environment variables, and adapter options, see:
 
-- Telegram Chat Surface Adapter: `/docs/tutorial/Adapters/chat-surface-adapter-telegram`
+- [Telegram Chat Surface Adapter](https://adminforth.dev/docs/tutorial/Adapters/chat-surface-adapter-telegram/)
 
 ## Debugging agent turns
 

adminforth/modules/restApi.ts

@@ -718,6 +718,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
 
         if (!userRecord) {
+          response.setStatus(401);
           return { error: INVALID_MESSAGE };
         }
 
@@ -748,6 +749,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             });
           } 
         } else {
+          response.setStatus(401);
           return { error: INVALID_MESSAGE };
         }
 

adminforth/spa/src/App.vue

@@ -54,32 +54,34 @@
               </svg>
             </button>
           </div>
-          <div class="z-50 hidden my-4 text-base list-none bg-lightUserMenuBackground divide-y divide-lightUserMenuBorder text-lightUserMenuText rounded shadow dark:shadow-black dark:bg-darkUserMenuBackground dark:divide-darkUserMenuBorder text-darkUserMenuText dark:shadow-black" id="dropdown-user">
-            <div class="px-4 py-3" role="none">
-              <p class="text-sm text-gray-900 dark:text-darkNavbarText" role="none" v-if="coreStore.userFullname">
-                {{ coreStore.userFullname }}
-              </p>
-              <p class="text-sm font-medium text-gray-900 truncate dark:text-darkSidebarText" role="none">
-                {{ coreStore.username }}
-              </p>
+          <Teleport to="body">
+            <div class="z-50 hidden my-4 text-base list-none bg-lightUserMenuBackground divide-y divide-lightUserMenuBorder text-lightUserMenuText rounded shadow dark:shadow-black dark:bg-darkUserMenuBackground dark:divide-darkUserMenuBorder text-darkUserMenuText dark:shadow-black" id="dropdown-user">
+              <div class="px-4 py-3" role="none">
+                <p class="text-sm text-gray-900 dark:text-darkNavbarText" role="none" v-if="coreStore.userFullname">
+                  {{ coreStore.userFullname }}
+                </p>
+                <p class="text-sm font-medium text-gray-900 truncate dark:text-darkSidebarText" role="none">
+                  {{ coreStore.username }}
+                </p>
+              </div>
+
+              <ul class="py-1" role="none">
+                <li v-for="c in userMenuComponents" class="bg-lightUserMenuItemBackground hover:bg-lightUserMenuItemBackgroundHover text-lightUserMenuItemText hover:text-lightUserMenuItemText dark:bg-darkUserMenuItemBackground dark:hover:bg-darkUserMenuItemBackgroundHover dark:text-darkUserMenuItemText dark:hover:darkUserMenuItemTextHover" >
+                  <component 
+                    :is="getCustomComponent(c)"
+                    :meta="c.meta"
+                    :adminUser="coreStore.adminUser"
+                  />
+                </li>
+                <li v-if="coreStore?.config?.settingPages && coreStore.config.settingPages.length > 0">
+                  <UserMenuSettingsButton />
+                </li>
+                <li>
+                  <button @click="logout" class="cursor-pointer flex items-center gap-1 block px-4 py-2 text-sm bg-lightUserMenuItemBackground hover:bg-lightUserMenuItemBackgroundHover text-lightUserMenuItemText hover:text-lightUserMenuItemText dark:bg-darkUserMenuItemBackground dark:hover:bg-darkUserMenuItemBackgroundHover dark:text-darkUserMenuItemText dark:hover:darkUserMenuItemTextHover w-full" role="menuitem">{{ $t('Sign out') }}</button>
+                </li>
+              </ul>
             </div>
-
-            <ul class="py-1" role="none">
-              <li v-for="c in userMenuComponents" class="bg-lightUserMenuItemBackground hover:bg-lightUserMenuItemBackgroundHover text-lightUserMenuItemText hover:text-lightUserMenuItemText dark:bg-darkUserMenuItemBackground dark:hover:bg-darkUserMenuItemBackgroundHover dark:text-darkUserMenuItemText dark:hover:darkUserMenuItemTextHover" >
-                <component 
-                  :is="getCustomComponent(c)"
-                  :meta="c.meta"
-                  :adminUser="coreStore.adminUser"
-                />
-              </li>
-              <li v-if="coreStore?.config?.settingPages && coreStore.config.settingPages.length > 0">
-                <UserMenuSettingsButton />
-              </li>
-              <li>
-                <button @click="logout" class="cursor-pointer flex items-center gap-1 block px-4 py-2 text-sm bg-lightUserMenuItemBackground hover:bg-lightUserMenuItemBackgroundHover text-lightUserMenuItemText hover:text-lightUserMenuItemText dark:bg-darkUserMenuItemBackground dark:hover:bg-darkUserMenuItemBackgroundHover dark:text-darkUserMenuItemText dark:hover:darkUserMenuItemTextHover w-full" role="menuitem">{{ $t('Sign out') }}</button>
-              </li>
-            </ul>
-          </div>
+          </Teleport>
         </div>
       </div>
     </nav>
@@ -183,7 +185,7 @@
 </style>
 
 <script setup lang="ts">
-import { computed, onMounted, ref, watch, onBeforeMount } from 'vue';
+import { computed, nextTick, onMounted, ref, watch, onBeforeMount } from 'vue';
 import { RouterView } from 'vue-router';
 import { Dropdown } from 'flowbite'
 import './index.scss'
@@ -310,11 +312,14 @@ watch(route, () => {
 });
 
 
-watch(dropdownUserButton, (dropdownUserButton) => {
+watch(dropdownUserButton, async (dropdownUserButton) => {
   if (dropdownUserButton) {
+    await nextTick();
+    const dropdownUser = document.querySelector('#dropdown-user') as HTMLElement;
+    const dropdownUserTrigger = document.querySelector('[data-dropdown-toggle="dropdown-user"]') as HTMLElement;
     const dd = new Dropdown(
-      document.querySelector('#dropdown-user') as HTMLElement,
-      document.querySelector('[data-dropdown-toggle="dropdown-user"]') as HTMLElement,
+      dropdownUser,
+      dropdownUserTrigger,
     );
     closeUserMenuDropdown = () => {
       dd.hide();

adminforth/spa/src/components/Sidebar.vue

@@ -67,7 +67,6 @@
             <button @click="clickOnMenuItem(i)" type="button" class="af-sidebar-expand-button flex items-center w-full px-3.5 py-2 text-base text-lightSidebarText rounded-default transition duration-75  group hover:bg-lightSidebarItemHover hover:text-lightSidebarTextHover dark:text-darkSidebarText dark:hover:bg-darkSidebarHover dark:hover:text-darkSidebarTextHover"
                 :class="opened.includes(i) ? 'af-sidebar-dropdown-expanded' : 'af-sidebar-dropdown-collapsed'"
                 :aria-controls="`dropdown-example${i}`"
-                :data-collapse-toggle="`dropdown-example${i}`"
             >
               <component v-if="item.icon" :is="getIcon(item.icon)" class="w-5 h-5 text-lightSidebarIcons group-hover:text-lightSidebarIconsHover transition duration-75 dark:group-hover:text-darkSidebarIconsHover dark:text-darkSidebarIcons" ></component>
               <span class="overflow-hidden flex-1 ms-3 text-left rtl:text-right whitespace-nowrap">{{ item.label }}
@@ -114,7 +113,6 @@
                 <button @click="clickOnMenuItem(i)" type="button" class="af-sidebar-expand-button relative flex items-center h-10 w-full px-3.5 py-2 text-base text-lightSidebarText rounded-default group hover:bg-lightSidebarItemHover hover:text-lightSidebarTextHover dark:text-darkSidebarText dark:hover:bg-darkSidebarHover dark:hover:text-darkSidebarTextHover"
                     :class="opened.includes(i) ? 'af-sidebar-dropdown-expanded' : 'af-sidebar-dropdown-collapsed'"
                     :aria-controls="`dropdown-example${i}`"
-                    :data-collapse-toggle="`dropdown-example${i}`"
                 >
                     <component v-if="item.icon" :is="getIcon(item.icon)" class="min-w-5 min-h-5 text-lightSidebarIcons group-hover:text-lightSidebarIconsHover transition duration-75    dark:group-hover:text-darkSidebarIconsHover dark:text-darkSidebarIcons" ></component>
 

adminforth/spa/src/utils/listUtils.ts

@@ -61,7 +61,7 @@ export async function startBulkAction(actionId: string, resource: AdminForthReso
   if (action?.confirm) {
     const confirmed = await confirm({
       title: action.confirm,
-      message: `${t('Deleting')} ${checkboxes.value.length} ${checkboxes.value.length === 1 ? t('item') : t('items')}. ${t('This process is irreversible.')}`,
+      message: t('Deleting {count} item. This process is irreversible. | Deleting {count} items. This process is irreversible.', { count: checkboxes.value.length }),
     });
     if (!confirmed) {
       return;

adminforth/spa/src/utils/utils.ts

@@ -141,7 +141,7 @@ export async function callApi({path, method, body, headers, silentError = false,
   const fullPath = `${import.meta.env.VITE_ADMINFORTH_PUBLIC_PATH || ''}${path}`;
   try {
     const r = await fetch(fullPath, options);
-    if (r.status == 401 ) {
+    if (r.status == 401 && !path.includes('/login')) {
       useUserStore().unauthorize();
       useCoreStore().resetAdminUser();
       await redirectToLogin();
@@ -700,6 +700,9 @@ export function generateMessageHtmlForRecordChange(changedFields: Record<string,
   const items = Object.keys(changedFields || {}).map(key => {
     const column = coreStore.resource?.columns?.find((c: any) => c.name === key);
     const label = column?.label || key;
+    if (column?.masked) {
+      return `<li class="truncate"><strong>${escapeHtml(label)}</strong>: <em>${escapeHtml(t('changed'))}</em></li>`;
+    }
     const oldV = escapeHtml(changedFields[key].oldValue);
     const newV = escapeHtml(changedFields[key].newValue);
     return `<li class="truncate"><strong>${escapeHtml(label)}</strong>: <span class="af-old-value text-muted">${oldV}</span> &#8594; <span class="af-new-value">${newV}</span></li>`;

adminforth/types/Back.ts

@@ -36,7 +36,7 @@ export interface IConfigValidator {
 
 export interface IAdminForthHttpResponse {
     setHeader: (key: string, value: string) => void,
-    setStatus: (code: number, message: string) => void,
+    setStatus: (code: number, message?: string) => void,
     blobStream: () => Writable,
 };