feat: enhance call action handling to support additional payloads across components

Author: NoOne7135

adminforth/documentation/docs/tutorial/07-Plugins/02-TwoFactorsAuth.md

@@ -221,18 +221,16 @@ To do it you first need to create custom component which will call `window.admin
 </template>
 
 <script setup lang="ts">
-  import { callAdminForthApi } from '@/utils';
-  const emit = defineEmits<{ (e: 'callAction'): void }>();
-  const props = defineProps<{ disabled?: boolean; meta?: { verifyPath?: string; [k: string]: any } }>();
+  const emit = defineEmits<{ (e: 'callAction', payload?: any): void }>();
+  const props = defineProps<{ disabled?: boolean; meta?: Record<string, any> }>();
 
   async function onClick() {
-    if (props.disabled) {
-      return;
-    }
+    if (props.disabled) return;
+  
     const code = await window.adminforthTwoFaModal.getCode();  // this will ask user to enter code
     emit('callAction', { code }); // then we pass this code to action (from fronted to backend)
   }
-</script>
+  </script>
 ```
 
 Now we need to read code entered on fronted on backend and verify that is is valid and not expired, on backend action handler:
@@ -244,16 +242,50 @@ options: {
       name: 'Auto submit',
       icon: 'flowbite:play-solid',
       allowed: () => true,
-      action: async ({ recordId, adminUser, payload, adminforth }) => { 
-          const { code } = payload;
-          const totpIsValid = adminforth.getPluginByClassName<>('T2FAPlug').verify(code);
-          if (!totpIsValid) {
-             return { ok: false, error: 'TOTP code is invalid' }
-          }
-          // we will also register fact of ussage of this critical action using audit log Plugin
-          getPluginBYClassName<auditlog>.logCustomAction()...
-          .... your critical action logic ....
-          return { ok: true, successMessage: 'Auto submitted' }
+      action: async ({ recordId, adminUser, adminforth, extra }) => {
+        //diff-add
+        const code = extra?.code
+        //diff-add
+        if (!code) {
+          //diff-add
+          return { ok: false, error: 'No TOTP code provided' };
+        //diff-add
+        }
+        //diff-add
+        const t2fa = adminforth.getPluginByClassName<TwoFactorsAuthPlugin>('TwoFactorsAuthPlugin');
+        //diff-add
+        const result = await t2fa.verify(code, { adminUser });
+
+        //diff-add
+        if (!result?.ok) {
+          //diff-add
+          return { ok: false, error: result?.error ?? 'TOTP code is invalid' };
+          //diff-add
+        }
+        //diff-add
+        await adminforth
+        //diff-add
+          .getPluginByClassName<AuditLogPlugin>('AuditLogPlugin')
+          //diff-add
+          .logCustomAction({
+            //diff-add
+            resourceId: 'aparts',
+            //diff-add
+            recordId: null,
+            //diff-add
+            actionId: 'visitedDashboard',
+            //diff-add
+            oldData: null,
+            //diff-add
+            data: { dashboard: 'main' },
+            //diff-add
+            user: adminUser,
+            //diff-add
+          });
+
+          //your critical action logic 
+      
+        return { ok: true, successMessage: 'Auto submitted' };
       },
       showIn: { showButton: true, showThreeDotsMenu: true, list: true },
       //diff-add
@@ -268,64 +300,149 @@ options: {
 Imagine you have some button which does some API call
 
 ```ts
-<Button @click="callApi">Call critical api</Button>
+<template>
+  <Button @click="callAdminAPI">Call critical API</Button>
+</template>
+  
 
+<script setup lang="ts">
+import { callApi } from '@/utils';
+import adminforth from '@/adminforth';
 
-<script>
+async function callAdminAPI() {
+  const code = await window.adminforthTwoFaModal.getCode();
 
-async function callAPI() {
-   const res = await callAdminForthAPI('/myCriticalAction', { param: 1 })
+  const res = await callApi({
+    path: '/myCriticalAction',
+    method: 'POST',
+    body: { param: 1 },
+  });
 }
-</scrip>
+</script>
 ```
 
 On backend you have simple express api
 
-```
+```ts
+app.post(`${ADMIN_BASE_URL}/myCriticalAction`,
+  admin.express.authorize(
+    async (req: any, res: any) => {
+
+      // ... your critical logic ...
 
-app.post(
-  adminforth.authorize(
-    () => {
-    req.body.param
-       ... some custom action
+      return res.json({ ok: true, successMessage: 'Action executed' });
     }
-))
+  )
+);
 ```
 
 You might want to protect this call with a TOTP code. To do it, we need to make this change
 
 ```ts
-<Button @click="callApi">Call critical api</Button>
-
-
-<script>
+<template>
+  <Button @click="callAdminAPI">Call critical API</Button>
+</template>
+  
 
-function callAPI() {
-   // diff-remove
-   const res = callAdminForthAPI('/myCriticalAction', { param: 1 })
-//diff-add
-   const code = await window.adminforthTwoFaModal.getCode(async (code) => {
-//diff-add
-        const res = await callAdminForthAPI('/myCriticalAction', { param: 1, code })
-//diff-add
-        return !res.totpError
-   });  // this will ask user to enter code
+<script setup lang="ts">
+import { callApi } from '@/utils';
+import adminforth from '@/adminforth';
+
+async function callAdminAPI() {
+  const code = await window.adminforthTwoFaModal.getCode();
+
+  // diff-remove
+  const res = await callApi({
+  // diff-remove
+    path: '/myCriticalAction',
+  // diff-remove
+    method: 'POST',
+  // diff-remove
+    body: { param: 1 },
+  // diff-remove
+  });
+
+  // diff-add
+  const res = await callApi({
+  // diff-add
+    path: '/myCriticalAction',
+  // diff-add
+    method: 'POST',
+  // diff-add
+    body: { param: 1, code: String(code) },
+  // diff-add
+  });
+
+  // diff-add
+  if (!res?.ok) {
+  // diff-add
+    adminforth.alert({ message: res.error, variant: 'danger' });
+  // diff-add
+  }
 }
-</scrip>
+</script>
+
 ```
 
 And oin API call we need to verify it:
 
 
-```
-
-app.post(
-  adminforth.authorize(
-    () => {
-//diff-add
- getPBCNM
-.. log some critical action
-       ... some custom action
+```ts
+app.post(`${ADMIN_BASE_URL}/myCriticalAction`,
+  admin.express.authorize(
+    async (req: any, res: any) => {
+
+      // diff-remove
+      // ... your critical logic ...
+
+      // diff-remove
+      return res.json({ ok: true, successMessage: 'Action executed' });
+
+      // diff-add
+      const { adminUser } = req;
+      // diff-add
+      const { param, code } = req.body ?? {};
+      // diff-add
+      const token = String(code ?? '').replace(/\D/g, '');
+      // diff-add
+      if (token.length !== 6) {
+      // diff-add
+        return res.status(401).json({ ok: false, error: 'TOTP must be 6 digits' });
+      // diff-add
+      }
+      // diff-add
+      const t2fa = admin.getPluginByClassName<TwoFactorsAuthPlugin>('TwoFactorsAuthPlugin');
+      // diff-add
+      const verifyRes = await t2fa.verify(token, { adminUser });
+      // diff-add
+      if (!('ok' in verifyRes)) {
+      // diff-add
+        return res.status(400).json({ ok: false, error: verifyRes.error || 'Wrong or expired OTP code' });
+      // diff-add
+      }
+      // diff-add
+      await admin.getPluginByClassName<AuditLogPlugin>('AuditLogPlugin').logCustomAction({
+      // diff-add
+        resourceId: 'aparts',
+      // diff-add
+        recordId: null,
+      // diff-add
+        actionId: 'myCriticalAction',
+      // diff-add
+        oldData: null,
+      // diff-add
+        data: { param },
+      // diff-add
+        user: adminUser,
+      // diff-add
+      });
+
+      // diff-add
+      // ... your critical logic ...
+
+      // diff-add
+      return res.json({ ok: true, successMessage: 'Action executed' });
     }
-))
+  )
+);
 ```

adminforth/modules/codeInjector.ts

@@ -452,6 +452,19 @@ class CodeInjector implements ICodeInjector {
           });
         }
       });
+      resource.options.actions.forEach((action) => {
+        const cc = action.customComponent;
+        if (!cc) return;
+      
+        const file = cc.file;
+        if (!file) {
+          throw new Error('customComponent.file is missing for action: ' + JSON.stringify({ id: action.id, name: action.name }));
+        }
+        if (!customResourceComponents.includes(file)) {
+          console.log('Found injection', file);
+          customResourceComponents.push(file);
+        }
+      });
 
       (Object.values(resource.options?.pageInjections || {})).forEach((injection) => {
         Object.values(injection).forEach((filePathes: {file: string}[]) => {

adminforth/modules/restApi.ts

@@ -1423,7 +1423,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
       method: 'POST',
       path: '/start_custom_action',
       handler: async ({ body, adminUser, tr }) => {
-        const { resourceId, actionId, recordId } = body;
+        const { resourceId, actionId, recordId, extra } = body;
         const resource = this.adminforth.config.resources.find((res) => res.resourceId == resourceId);
         if (!resource) {
           return { error: await tr(`Resource {resourceId} not found`, 'errors', { resourceId }) };
@@ -1454,7 +1454,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             redirectUrl: action.url
           }
         }
-        const response = await action.action({ recordId, adminUser, resource, tr, adminforth: this.adminforth });
+        const response = await action.action({ recordId, adminUser, resource, tr, adminforth: this.adminforth, extra });
 
         return {
           actionId,

adminforth/spa/src/components/ResourceListTable.vue

@@ -180,21 +180,18 @@
                   v-for="action in resource.options.actions.filter(a => a.showIn?.list)"
                   :key="action.id"
                 >
-                  <CallActionWrapper
-                    :disabled="rowActionLoadingStates?.[action.id]"
-                    @callAction="startCustomAction(action.id, row)"
-                  >
                     <component
-                      :is="action.customComponent ? getCustomComponent(action.customComponent) : 'span'"
+                      :is="action.customComponent ? getCustomComponent(action.customComponent) : CallActionWrapper"
                       :meta="action.customComponent?.meta"
                       :row="row"
                       :resource="resource"
                       :adminUser="adminUser"
+                      @callAction="(payload? : Object) => startCustomAction(action.id, payload ?? row)"
                     >
                       <button
                         type="button"
                         :disabled="rowActionLoadingStates?.[action.id]"
-                        @click.stop.prevent="startCustomAction(action.id, row)"
+                        @click.stop.prevent
                       >
                         <component
                           v-if="action.icon"
@@ -203,14 +200,14 @@
                         />
                       </button>
                     </component>
-                  </CallActionWrapper>
 
                   <template #tooltip>
                     {{ action.name }}
                   </template>
                 </Tooltip>
               </template>
             </div>
+            
           </td>
         </tr>
       </tbody>

adminforth/spa/src/components/ResourceListTableVirtual.vue

@@ -200,11 +200,12 @@
                       :row="row"
                       :resource="resource"
                       :adminUser="adminUser"
+                      @callAction="(payload? : Object) => startCustomAction(action.id, payload ?? row)"
                     >
                       <button
                         type="button"
                         :disabled="rowActionLoadingStates?.[action.id]"
-                        @click.stop.prevent="startCustomAction(action.id, row)"
+                        @click.stop.prevent
                       >
                         <component
                           v-if="action.icon"

adminforth/spa/src/components/ThreeDotsMenu.vue

@@ -27,7 +27,7 @@
             <component
               :is="(action.customComponent && getCustomComponent(action.customComponent)) || CallActionWrapper"
               :meta="action.customComponent?.meta"
-              @callAction="handleActionClick(action)"
+              @callAction="(payload? : Object) => handleActionClick(action, payload)"
             >
               <a href="#" @click.prevent class="block px-4 py-2 hover:text-lightThreeDotsMenuBodyTextHover hover:bg-lightThreeDotsMenuBodyBackgroundHover dark:hover:bg-darkThreeDotsMenuBodyBackgroundHover dark:hover:text-darkThreeDotsMenuBodyTextHover">
                 <div class="flex items-center gap-2">
@@ -87,7 +87,7 @@ const props = defineProps({
 
 const emit = defineEmits(['startBulkAction']);
 
-async function handleActionClick(action) {
+async function handleActionClick(action: any, payload: any) {
   adminforth.list.closeThreeDotsDropdown();
   
   const actionId = action.id;
@@ -97,7 +97,8 @@ async function handleActionClick(action) {
     body: {
       resourceId: route.params.resourceId,
       actionId: actionId,
-      recordId: route.params.primaryKey
+      recordId: route.params.primaryKey,
+      extra: payload || {},
     }
   });