@azteam/express 1.2.188 → 1.2.191
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/AdminController.js +4 -4
- package/src/Server.js +35 -20
package/package.json
CHANGED
package/src/AdminController.js
CHANGED
|
@@ -196,9 +196,9 @@ class AdminController extends Controller {
|
|
|
196
196
|
|
|
197
197
|
postImportSpreadsheet() {
|
|
198
198
|
return {
|
|
199
|
-
disabled: !this.roles.
|
|
199
|
+
disabled: !this.roles.IMPORT,
|
|
200
200
|
path: '/import_spreadsheet',
|
|
201
|
-
method: [adminRoleMiddleware([this.roles.
|
|
201
|
+
method: [adminRoleMiddleware([this.roles.IMPORT]), verifyGoogleAppMiddleware(), this.methodPostImportSpreadsheet],
|
|
202
202
|
};
|
|
203
203
|
}
|
|
204
204
|
|
|
@@ -208,9 +208,9 @@ class AdminController extends Controller {
|
|
|
208
208
|
|
|
209
209
|
postExportSpreadsheet() {
|
|
210
210
|
return {
|
|
211
|
-
disabled: !this.roles.
|
|
211
|
+
disabled: !this.roles.EXPORT,
|
|
212
212
|
path: '/export_spreadsheet',
|
|
213
|
-
method: [adminRoleMiddleware([this.roles.
|
|
213
|
+
method: [adminRoleMiddleware([this.roles.EXPORT]), verifyGoogleAppMiddleware(), this.methodPostExportSpreadsheet],
|
|
214
214
|
};
|
|
215
215
|
}
|
|
216
216
|
}
|
package/src/Server.js
CHANGED
|
@@ -10,7 +10,7 @@ import morgan from 'morgan';
|
|
|
10
10
|
import cors from 'cors';
|
|
11
11
|
import _ from 'lodash';
|
|
12
12
|
import 'express-async-errors';
|
|
13
|
-
import {errorCatch, ErrorException, NOT_FOUND, UNKNOWN
|
|
13
|
+
import {CORS, errorCatch, ErrorException, NOT_FOUND, UNKNOWN} from '@azteam/error';
|
|
14
14
|
|
|
15
15
|
const RES_TYPE = {
|
|
16
16
|
ARRAY: 'ARRAY',
|
|
@@ -18,27 +18,33 @@ const RES_TYPE = {
|
|
|
18
18
|
DOCS: 'DOCS',
|
|
19
19
|
};
|
|
20
20
|
|
|
21
|
-
function omitItem(item, guard,
|
|
22
|
-
|
|
23
|
-
|
|
21
|
+
function omitItem(item, guard, allow) {
|
|
22
|
+
let guardFields = guard;
|
|
23
|
+
let itemFields = item;
|
|
24
|
+
|
|
25
|
+
if (_.isArray(guardFields)) {
|
|
26
|
+
guardFields = _.difference(guardFields, allow);
|
|
24
27
|
}
|
|
25
28
|
|
|
26
|
-
if (
|
|
27
|
-
|
|
29
|
+
if (itemFields.toJSON) {
|
|
30
|
+
itemFields = item.toJSON();
|
|
28
31
|
}
|
|
29
|
-
if (_.isObject(
|
|
30
|
-
if (
|
|
31
|
-
return _.pick(
|
|
32
|
+
if (_.isObject(itemFields)) {
|
|
33
|
+
if (guardFields === '*') {
|
|
34
|
+
return _.pick(itemFields, allow);
|
|
32
35
|
}
|
|
33
|
-
return _.omit(
|
|
36
|
+
return _.omit(itemFields, guardFields);
|
|
34
37
|
}
|
|
35
|
-
return
|
|
38
|
+
return itemFields;
|
|
36
39
|
}
|
|
37
40
|
|
|
38
41
|
class Server {
|
|
39
42
|
constructor(currentDir = '', options = {}) {
|
|
40
43
|
this.redis = null;
|
|
41
|
-
this.options =
|
|
44
|
+
this.options = {
|
|
45
|
+
isAllowEmptyOrigin: true,
|
|
46
|
+
...options,
|
|
47
|
+
};
|
|
42
48
|
|
|
43
49
|
this.cookieOptions = {
|
|
44
50
|
domain: null,
|
|
@@ -121,6 +127,7 @@ class Server {
|
|
|
121
127
|
if (!_.isEmpty(this.controllers)) {
|
|
122
128
|
const WHITE_LIST = this.whiteList;
|
|
123
129
|
const COOKIE_OPTIONS = this.cookieOptions;
|
|
130
|
+
const {isAllowEmptyOrigin} = this.options;
|
|
124
131
|
|
|
125
132
|
const app = express();
|
|
126
133
|
app.use(
|
|
@@ -141,7 +148,13 @@ class Server {
|
|
|
141
148
|
cors({
|
|
142
149
|
credentials: true,
|
|
143
150
|
origin(origin, callback) {
|
|
144
|
-
if (!origin
|
|
151
|
+
if (!origin) {
|
|
152
|
+
if (isAllowEmptyOrigin) {
|
|
153
|
+
callback(null, true);
|
|
154
|
+
} else {
|
|
155
|
+
callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
|
|
156
|
+
}
|
|
157
|
+
} else if (!WHITE_LIST.length || WHITE_LIST.some((re) => origin.endsWith(re))) {
|
|
145
158
|
callback(null, true);
|
|
146
159
|
} else {
|
|
147
160
|
callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
|
|
@@ -171,7 +184,7 @@ class Server {
|
|
|
171
184
|
throw new ErrorException(code, errors);
|
|
172
185
|
};
|
|
173
186
|
|
|
174
|
-
app.response.success = function (data = {}, guard = [],
|
|
187
|
+
app.response.success = function (data = {}, guard = [], allow = []) {
|
|
175
188
|
let guardData = data;
|
|
176
189
|
if (data) {
|
|
177
190
|
let resType = null;
|
|
@@ -184,22 +197,24 @@ class Server {
|
|
|
184
197
|
}
|
|
185
198
|
}
|
|
186
199
|
|
|
200
|
+
let responseGuard = guard;
|
|
201
|
+
const responseAllows = allow;
|
|
187
202
|
if (_.isArray(guard)) {
|
|
188
|
-
|
|
203
|
+
responseGuard = [...guard, '__v', '_id', 'deleted_at', 'updated_at', 'created_id', 'modified_id'];
|
|
189
204
|
if (resType === RES_TYPE.ARRAY || resType === RES_TYPE.DOCS) {
|
|
190
|
-
|
|
205
|
+
responseGuard = [...guard, 'metadata_disable', 'metadata_keywords', 'metadata_description', 'metadata_image_url'];
|
|
191
206
|
}
|
|
192
207
|
}
|
|
193
208
|
if (resType === RES_TYPE.DOCS) {
|
|
194
209
|
guardData.docs = _.map(data.docs, (item) => {
|
|
195
|
-
return omitItem(item,
|
|
210
|
+
return omitItem(item, responseGuard, responseAllows);
|
|
196
211
|
});
|
|
197
212
|
} else if (resType === RES_TYPE.ARRAY) {
|
|
198
213
|
guardData = _.map(data, (item) => {
|
|
199
|
-
return omitItem(item,
|
|
214
|
+
return omitItem(item, responseGuard, responseAllows);
|
|
200
215
|
});
|
|
201
216
|
} else if (resType === RES_TYPE.OBJECT) {
|
|
202
|
-
guardData = omitItem(data,
|
|
217
|
+
guardData = omitItem(data, responseGuard, responseAllows);
|
|
203
218
|
}
|
|
204
219
|
}
|
|
205
220
|
|
|
@@ -300,7 +315,7 @@ class Server {
|
|
|
300
315
|
}
|
|
301
316
|
|
|
302
317
|
if (this.callbackError) {
|
|
303
|
-
this.callbackError(error);
|
|
318
|
+
this.callbackError(error, req.originalUrl);
|
|
304
319
|
}
|
|
305
320
|
|
|
306
321
|
return res.status(error.status).json({success: false, errors: error.errors});
|