Skip to content
MCC Who?
IT EN
← Back

AppMint

Modular app generator — DB CRUD, scripts, REST, SQL

In test
Node.js Express better-sqlite3 PostgreSQL MariaDB pg mysql2 bcrypt AES-256-GCM MCP SSE NSSM
AppMint

AppMint is a modular suite that lets you build — without writing code — four types of internal applications activatable to end users from a 5-tab App Configurator (Type & info / Backend / Form / Extra fields / Summary).

**DB CRUD** — point to a saved PostgreSQL or MariaDB connection, pick schema and table, configure columns (label, widget text/textarea/number/checkbox/date/datetime/select/fk), search, filters, sort, FK with dynamic label. The result is a full-CRUD app with auto-generated UI that works on real data (no duplication).

**Script runner** — executes `.py` `.sh` `.bat` `.cmd` `.ps1` `.exe` `.jar` `.sql` files with parameter form, live stdout/stderr streaming (SSE), complete DB audit, rotating log files. "1 user = 1 process" pattern with explicit Kill button and `max_runtime_seconds` watchdog. Admin process console for kill and replay.

**REST caller** — calls external HTTP endpoints with `none` / `bearer` / `basic` / `api-key-header` auth, dynamic parameters from user form, response shown in the UI.

**SQL caller** — executes parametric read-only SQL templates on a saved connection.

Each generated app appears in a dynamic sidebar grouped by `category`, managed with Django-style permissions (user_apps + group_apps with read/create/update/delete/run, OR union between user and groups). 2-column form layout with `col_span` and "attach to previous", JavaScript IF rules in the browser (visible/required/readonly/secret/label) for dynamic UX without server round-trips.

**Configurable buttons** — instead of the classic auto-rendered "Run", the app exposes custom buttons with multiple actions: `run_main`, `script_runner`, `rest_call`, `sql_query`, `open_link`, `open_app` (cross-app deep-link), `reset_form`, `custom_js`. Each button has a JSON config with `{{key}}` placeholders for form values.

**External REST API** `/api/v1/*` authenticated with `X-API-Key` header (per-user key, SHA-256 hash in DB) — exposes meta, list, run for each generated app. **MCP server** stdio with LSP framing, integrable into `DexAssistant/servers.json` to expose CRUD and run as MCP tools.

**Persistence**: SQLite (admin DB + sessions) for AppMint metadata (users, groups, apps, permissions, connections). PG passwords are encrypted at-rest with AES-256-GCM (key from env or auto-generated `<DATA_DIR>/.secret-key`). Centralized data folder via `ADMIN_DB_DIR` (recommended outside the project for backup/portability).

**Security**: bcrypt cost 12 on user passwords, force-change password at first login, signed sessions persisted on SQLite (HttpOnly + SameSite=Lax + Secure in production), regex validation `^[A-Za-z_][A-Za-z0-9_$]*$` on all SQL identifiers before interpolation, `$N` parameters everywhere, `ORDER BY` validated against the known column list, `requireLogin/requireAdmin/requireAppPermission` middleware.

**Native HTTPS** optional (cert/key from `.env` with `npm run cert:self-signed` script) or reverse proxy with Caddy/Nginx/IIS in front of the Node service. IT/EN multi-language, dark/light theme persisted in localStorage. Stack: Node.js >= 18, Express, better-sqlite3, pg + mysql2/promise, bcryptjs, AES-256-GCM. Deploy as Windows service with NSSM via the included `deploy-service.bat` / `undeploy-service.bat` scripts.

Features

  • 5-tab App Configurator (Type & info / Backend / Form / Extra fields / Summary)
  • DB CRUD on PostgreSQL and MariaDB with schema/table/column introspection
  • Script runner: .py / .sh / .bat / .cmd / .ps1 / .exe / .jar / .sql with live SSE
  • REST caller with none / bearer / basic / api-key-header auth
  • Read-only SQL caller with parametric template
  • Dynamic sidebar with apps grouped by category
  • Django-style permissions: user_apps + group_apps (R/C/U/D/run)
  • 2-column form layout with col_span + "attach to previous"
  • Browser-side JavaScript IF rules (visible/required/readonly/secret/label)
  • Configurable buttons: run_main / script / rest_call / sql_query / open_link / open_app / reset / custom_js
  • External REST API /api/v1/* with X-API-Key (SHA-256 hash)
  • Stdio MCP server with LSP framing, integrable in DexAssistant
  • Admin process console: live list, kill, replay history via SSE
  • Complete DB audit with stdout/stderr saved by date
  • IT/EN multi-language with topbar switch
  • Dark/light theme persisted in localStorage
  • Optional native HTTPS + reverse proxy support (Caddy/Nginx/IIS)
  • PG password encryption at-rest with AES-256-GCM
  • Centralized data folder via ADMIN_DB_DIR (backup/portability)
  • Automated deployment as a Windows service via NSSM

Configuration

  • PORT (default 3100)
  • SESSION_SECRET (required in production)
  • ADMIN_DB_DIR — folder for admin/session SQLite DBs and .secret-key
  • CONNECTION_ENC_KEY — AES key (auto-generated if absent)
  • NODE_ENV — production enables Secure cookies (serve behind HTTPS)
  • HTTPS_ENABLED + HTTPS_PORT + HTTPS_CERT_PATH + HTTPS_KEY_PATH
  • APP_LANG — default language (it / en)
  • Target DB connections: host, port, database, username, password (encrypted), ssl, notes
  • Per-user API keys — generated from the API key menu
  • Per-app permissions: user_apps + group_apps (read/create/update/delete/run)

Technical prerequisites

  • Node.js 18+ (LTS recommended)
  • For db_crud / sql_caller apps: a reachable PostgreSQL or MariaDB/MySQL
  • For script_runner apps: the interpreters you want to use (Python, PowerShell, Bash, Java, ...)
  • Visual C++ Build Tools (Windows) to rebuild better-sqlite3 if needed
  • OpenSSL in PATH for self-signed certificates (optional)
  • NSSM for Windows service deployment (auto-downloaded by the script)
  • Reverse proxy (Caddy/Nginx/IIS) recommended to expose HTTPS on port 443
  • DexAssistant — optional, to use AppMint as an integrated MCP server