frangoteam · orjinameh · Mar 2, 2026 · Mar 2, 2026
diff --git a/server/api/projects/index.js b/server/api/projects/index.js
@@ -8,6 +8,9 @@ const fs = require('fs');
 const path = require('path');
 const os = require('os');
 const { normalizeRelativePath, resolveWithin } = require('../path-helper');
+const multer = require('multer');
+const { parseTpyFile } = require('../runtime/devices/adsclient/tpy-parser');
+const upload = multer({ storage: multer.memoryStorage() });
 
 var runtime;
 var secureFnc;
@@ -21,7 +24,7 @@ module.exports = {
     },
     app: function () {
         var prjApp = express();
-        prjApp.use(function(req,res,next) {
+        prjApp.use(function (req, res, next) {
             if (!runtime.project) {
                 res.status(404).end();
             } else {
@@ -30,10 +33,45 @@ module.exports = {
         });
 
         /**
+ * POST /api/ads/import-tpy
+ * Parse a Beckhoff TwinCAT .tpy file and return extracted tags
+ */
+        prjApp.post('/api/ads/import-tpy', secureFnc, upload.single('tpyFile'), async (req, res) => {
+            const permission = checkGroupsFnc(req);
+            if (!authJwt.haveAdminPermission(permission)) {
+                return res.status(401).json({ error: 'unauthorized_error', message: 'Unauthorized!' });
+            }
+
+            if (!req.file) {
+                return res.status(400).json({ error: 'missing_file', message: 'No .tpy file uploaded' });
+            }
+
+            if (!req.file.originalname.endsWith('.tpy')) {
+                return res.status(400).json({ error: 'invalid_file', message: 'File must be a .tpy file' });
+            }
+
+            try {
+                const xmlContent = req.file.buffer.toString('utf8');
+                const tags = await parseTpyFile(xmlContent);
+
+                runtime.logger.info(`Imported ${tags.length} tags from .tpy file: ${req.file.originalname}`);
+
+                res.json({
+                    success: true,
+                    filename: req.file.originalname,
+                    count: tags.length,
+                    tags: tags
+                });
+            } catch (err) {
+                runtime.logger.error(`Failed to parse .tpy file: ${err.message}`);
+                res.status(400).json({ error: 'parse_error', message: err.message });
+            }
+        });
+        /**
          * GET Project data
          * Take from project storage and reply
          */
-        prjApp.get("/api/project", secureFnc, function(req, res) {
+        prjApp.get("/api/project", secureFnc, function (req, res) {
             const permission = checkGroupsFnc(req);
             runtime.project.getProject(req.userId, permission).then(result => {
                 // res.header("Access-Control-Allow-Origin", "*");
@@ -44,14 +82,14 @@ module.exports = {
                     res.status(404).end();
                     runtime.logger.error("api get project: Not Found!");
                 }
-            }).catch(function(err) {
+            }).catch(function (err) {
                 if (err && err.code) {
                     if (err.code !== 'ERR_HTTP_HEADERS_SENT') {
-                        res.status(400).json({error:err.code, message: err.message});
+                        res.status(400).json({ error: err.code, message: err.message });
                         runtime.logger.error("api get project: " + err.message);
                     }
                 } else {
-                    res.status(400).json({error:"unexpected_error", message: err});
+                    res.status(400).json({ error: "unexpected_error", message: err });
                     runtime.logger.error("api get project: " + err);
                 }
             });
@@ -61,24 +99,24 @@ module.exports = {
          * POST Project data
          * Set to project storage
          */
-        prjApp.post("/api/project", secureFnc, function(req, res, next) {
+        prjApp.post("/api/project", secureFnc, function (req, res, next) {
             const permission = checkGroupsFnc(req);
             if (res.statusCode === 403) {
                 runtime.logger.error("api post project: Tocken Expired");
             } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api post project: Unauthorized");
             } else {
-                runtime.project.setProject(req.body).then(function(data) {
-                    runtime.restart(true).then(function(result) {
+                runtime.project.setProject(req.body).then(function (data) {
+                    runtime.restart(true).then(function (result) {
                         res.end();
                     });
-                }).catch(function(err) {
+                }).catch(function (err) {
                     if (err && err.code) {
-                        res.status(400).json({error:err.code, message: err.message});
+                        res.status(400).json({ error: err.code, message: err.message });
                         runtime.logger.error("api post project: " + err.message);
                     } else {
-                        res.status(400).json({error:"unexpected_error", message: err});
+                        res.status(400).json({ error: "unexpected_error", message: err });
                         runtime.logger.error("api post project: " + err);
                     }
                 });
@@ -89,24 +127,24 @@ module.exports = {
          * POST Single Project data
          * Set the value (general/view/device/...) to project storage
          */
-        prjApp.post("/api/projectData", secureFnc, function(req, res, next) {
+        prjApp.post("/api/projectData", secureFnc, function (req, res, next) {
             const permission = checkGroupsFnc(req);
             if (res.statusCode === 403) {
                 runtime.logger.error("api post projectData: Tocken Expired");
             } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api post projectData: Unauthorized");
             } else {
                 runtime.project.setProjectData(req.body.cmd, req.body.data).then(setres => {
                     runtime.update(req.body.cmd, req.body.data).then(result => {
                         res.end();
                     });
-                }).catch(function(err) {
+                }).catch(function (err) {
                     if (err && err.code) {
-                        res.status(400).json({error:err.code, message: err.message});
+                        res.status(400).json({ error: err.code, message: err.message });
                         runtime.logger.error("api post projectData: " + err.message);
                     } else {
-                        res.status(400).json({error:"unexpected_error", message: err});
+                        res.status(400).json({ error: "unexpected_error", message: err });
                         runtime.logger.error("api post projectData: " + err);
                     }
                 });
@@ -133,12 +171,12 @@ module.exports = {
          * GET Device property like security
          * Take from project storage and reply
          */
-        prjApp.get("/api/device", secureFnc, function(req, res) {
+        prjApp.get("/api/device", secureFnc, function (req, res) {
             const permission = checkGroupsFnc(req);
             if (res.statusCode === 403) {
                 runtime.logger.error("api get device: Tocken Expired");
             } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api get device: Unauthorized");
             } else {
                 runtime.project.getDeviceProperty(req.query).then(result => {
@@ -149,12 +187,12 @@ module.exports = {
                     } else {
                         res.end();
                     }
-                }).catch(function(err) {
+                }).catch(function (err) {
                     if (err && err.code) {
-                        res.status(400).json({error:err.code, message: err.message});
+                        res.status(400).json({ error: err.code, message: err.message });
                         runtime.logger.error("api get device: " + err.message);
                     } else {
-                        res.status(400).json({error:"unexpected_error", message: err});
+                        res.status(400).json({ error: "unexpected_error", message: err });
                         runtime.logger.error("api get device: " + err);
                     }
                 });
@@ -165,22 +203,22 @@ module.exports = {
          * POST Device property
          * Set to project storage
          */
-        prjApp.post("/api/device", secureFnc, function(req, res, next) {
+        prjApp.post("/api/device", secureFnc, function (req, res, next) {
             const permission = checkGroupsFnc(req);
             if (res.statusCode === 403) {
                 runtime.logger.error("api post device: Tocken Expired");
             } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api post device: Unauthorized");
             } else {
-                runtime.project.setDeviceProperty(req.body.params).then(function(data) {
+                runtime.project.setDeviceProperty(req.body.params).then(function (data) {
                     res.end();
-                }).catch(function(err) {
+                }).catch(function (err) {
                     if (err && err.code) {
-                        res.status(400).json({error:err.code, message: err.message});
+                        res.status(400).json({ error: err.code, message: err.message });
                         runtime.logger.error("api post device: " + err.message);
                     } else {
-                        res.status(400).json({error:"unexpected_error", message: err});
+                        res.status(400).json({ error: "unexpected_error", message: err });
                         runtime.logger.error("api post device: " + err);
                     }
                 });
@@ -197,7 +235,7 @@ module.exports = {
                 runtime.logger.error("api get device: Tocken Expired");
                 return;
             } else if (!authJwt.haveAdminPermission(permission)) {
-                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
                 runtime.logger.error("api get device: Unauthorized");
                 return;
             }
@@ -213,17 +251,17 @@ module.exports = {
                 const safeFullPath = normalizeRelativePath(file.fullPath || rawFileName);
                 const relativePath = safeFullPath || safeFileName;
                 if (!relativePath) {
-                    res.status(400).json({error:"invalid_path", message: "Invalid upload path."});
+                    res.status(400).json({ error: "invalid_path", message: "Invalid upload path." });
                     return;
                 }
 
                 if (file.type !== 'svg') {
                     basedata = file.data.replace(/^data:.*,/, '');
-                    encoding = {encoding: 'base64'};
+                    encoding = { encoding: 'base64' };
                 }
                 const resolvedUpload = resolveWithin(runtime.settings.uploadFileDir, relativePath);
                 if (!resolvedUpload) {
-                    res.status(400).json({error:"invalid_path", message: "Invalid upload path."});
+                    res.status(400).json({ error: "invalid_path", message: "Invalid upload path." });
                     return;
                 }
                 let filePath = resolvedUpload.resolvedTarget;
@@ -233,18 +271,18 @@ module.exports = {
                         : runtime.settings.appDir;
                     const normalizedDestination = normalizeRelativePath(destination);
                     if (!normalizedDestination) {
-                        res.status(400).json({error:"invalid_destination", message: "Invalid destination path."});
+                        res.status(400).json({ error: "invalid_destination", message: "Invalid destination path." });
                         return;
                     }
                     const resolvedDestination = resolveWithin(baseDir, `_${normalizedDestination}`);
                     if (!resolvedDestination) {
-                        res.status(400).json({error:"invalid_destination", message: "Invalid destination path."});
+                        res.status(400).json({ error: "invalid_destination", message: "Invalid destination path." });
                         return;
                     }
                     const destinationDir = resolvedDestination.resolvedTarget;
                     const resolvedFile = resolveWithin(destinationDir, relativePath);
                     if (!resolvedFile) {
-                        res.status(400).json({error:"invalid_path", message: "Invalid upload path."});
+                        res.status(400).json({ error: "invalid_path", message: "Invalid upload path." });
                         return;
                     }
                     filePath = resolvedFile.resolvedTarget;
@@ -254,14 +292,14 @@ module.exports = {
                     }
                 }
                 fs.writeFileSync(filePath, basedata, encoding);
-                let result = {'location': '/' + runtime.settings.httpUploadFileStatic + '/' + relativePath };
+                let result = { 'location': '/' + runtime.settings.httpUploadFileStatic + '/' + relativePath };
                 res.json(result);
             } catch (err) {
                 if (err && err.code) {
-                    res.status(400).json({error: err.code, message: err.message});
+                    res.status(400).json({ error: err.code, message: err.message });
                     runtime.logger.error("api upload: " + err.message);
                 } else {
-                    res.status(400).json({error:"unexpected_error", message: err});
+                    res.status(400).json({ error: "unexpected_error", message: err });
                     runtime.logger.error("api upload: " + err);
                 }
             }

diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -51,6 +51,7 @@
     "swagger-ui-express": "^5.0.1",
     "winston": "3.7.2",
     "ws": "8.18.0",
+    "xml2js": "^0.6.2",
     "yamljs": "^0.3.0"
   },
   "overrides": {